diff --git a/ChangeLog.txt b/ChangeLog.txt index cdaca5e5..2c6cc352 100755 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,6 +1,24 @@ ChangeLog for jsrsasign +* Changes between 4.2.1 to 4.2.2 (2014-Apr-19) + - asn1x509 1.0.7 to 1.0.8 + - add setSignatureHex method for Certificate class + - modify newCertPEM method to support to specify signature + by value. + - add AuthorityKeyIdentifier X.509v3 extension class + - keyutil 1.0.4 to 1.0.5 + - PKCS#10 CSR support. Following methods are added: + - PKCS5PKEY.getKeyFromCSRPEM + - PKCS5PKEY.getKeyFromCSRHex + - PKCS5PKEY.parseCSRHex + - Tool: + - tool_forfact.html: + CSR to fake certificate converter for factorable.net + key weakness check. + - Test codes: + - add test/qunit-do-keyutil-csr.html + * Changes between 4.2.0 to 4.2.1 (2013-Oct-11) - keyutil 1.0.3 to 1.0.4 - new getPEM method for exporting keys diff --git a/api/files.html b/api/files.html index dc5caad0..d067da99 100755 --- a/api/files.html +++ b/api/files.html @@ -246,6 +246,8 @@

Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • @@ -367,7 +369,7 @@

    asn1x509-1.0.js

    Version:
    -
    1.0.7 (2013-Oct-11)
    +
    1.0.8 (2014-Apr-16)
    @@ -474,7 +476,7 @@

    keyutil-1.0.js

    Version:
    -
    keyutil 1.0.4 (2013-Oct-11)
    +
    keyutil 1.0.5 (2014-Apr-18)
    @@ -493,7 +495,7 @@

    pkcs5pkey-1.0.js

    Version:
    -
    pkcs5pkey 1.0.5 (2013-Aug-20)
    +
    pkcs5pkey 1.0.6 (2014-Apr-16)
    diff --git a/api/index.html b/api/index.html index 51d1a01c..6fe14071 100755 --- a/api/index.html +++ b/api/index.html @@ -246,6 +246,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • @@ -498,6 +500,12 @@

    KJUR.asn1.x509.A
    +
    +

    KJUR.asn1.x509.AuthorityKeyIdentifier

    + AuthorityKeyIdentifier ASN.1 structure class +
    +
    +

    KJUR.asn1.x509.BasicConstraints

    BasicConstraints ASN.1 structure class diff --git a/api/symbols/ASN1HEX.html b/api/symbols/ASN1HEX.html index 0db51edb..7cb4ca71 100755 --- a/api/symbols/ASN1HEX.html +++ b/api/symbols/ASN1HEX.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/Base64x.html b/api/symbols/Base64x.html index 186278da..d8763433 100755 --- a/api/symbols/Base64x.html +++ b/api/symbols/Base64x.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KEYUTIL.html b/api/symbols/KEYUTIL.html index 8bae51ff..b175a66e 100755 --- a/api/symbols/KEYUTIL.html +++ b/api/symbols/KEYUTIL.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • @@ -478,6 +480,24 @@

    + + <static>   + +
    KEYUTIL.getKeyFromCSRHex(csrHex) +
    +
    get RSAKey/DSA/ECDSA public key object from hexadecimal string of PKCS#10 CSR
    + + + + + <static>   + +
    KEYUTIL.getKeyFromCSRPEM(csrPEM) +
    +
    get RSAKey/DSA/ECDSA public key object from PEM formatted PKCS#10 CSR string
    + + + <static>   @@ -630,6 +650,19 @@

    + + <static>   + +
    KEYUTIL.parseCSRHex(csrHex) +
    +
    parse hexadecimal string of PKCS#10 CSR (certificate signing request) +Resulted associative array has following properties: +
      +
    • p8pubkeyhex - hexadecimal string of subject public key in PKCS#8
      • +
    + + + <static>   @@ -1330,6 +1363,104 @@

    +
    + + +
    <static> + + {Object} + KEYUTIL.getKeyFromCSRHex(csrHex) + +
    +
    + get RSAKey/DSA/ECDSA public key object from hexadecimal string of PKCS#10 CSR + + +
    + + + + +
    +
    Parameters:
    + +
    + {String} csrHex + +
    +
    hexadecimal string of PKCS#10 CSR
    + +
    + + + +
    +
    Since:
    +
    keyutil 1.0.5
    +
    + + + + +
    +
    Returns:
    + +
    {Object} RSAKey/DSA/ECDSA public key object
    + +
    + + + + +
    + + +
    <static> + + {Object} + KEYUTIL.getKeyFromCSRPEM(csrPEM) + +
    +
    + get RSAKey/DSA/ECDSA public key object from PEM formatted PKCS#10 CSR string + + +
    + + + + +
    +
    Parameters:
    + +
    + {String} csrPEM + +
    +
    PEM formatted PKCS#10 CSR string
    + +
    + + + +
    +
    Since:
    +
    keyutil 1.0.5
    +
    + + + + +
    +
    Returns:
    + +
    {Object} RSAKey/DSA/ECDSA public key object
    + +
    + + + +
    @@ -2245,6 +2376,59 @@

    +
    + + +
    <static> + + {Array} + KEYUTIL.parseCSRHex(csrHex) + +
    +
    + parse hexadecimal string of PKCS#10 CSR (certificate signing request) +Resulted associative array has following properties: +
      +
    • p8pubkeyhex - hexadecimal string of subject public key in PKCS#8
      • +
    + + +
    + + + + +
    +
    Parameters:
    + +
    + {String} csrHex + +
    +
    hexadecimal string of PKCS#10 CSR
    + +
    + + + +
    +
    Since:
    +
    keyutil 1.0.5
    +
    + + + + +
    +
    Returns:
    + +
    {Array} associative array of parsed CSR
    + +
    + + + +
    diff --git a/api/symbols/KJUR.asn1.ASN1Object.html b/api/symbols/KJUR.asn1.ASN1Object.html index bec17929..5a108dc4 100755 --- a/api/symbols/KJUR.asn1.ASN1Object.html +++ b/api/symbols/KJUR.asn1.ASN1Object.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.ASN1Util.html b/api/symbols/KJUR.asn1.ASN1Util.html index 990763fe..cb4c0a71 100755 --- a/api/symbols/KJUR.asn1.ASN1Util.html +++ b/api/symbols/KJUR.asn1.ASN1Util.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.DERAbstractString.html b/api/symbols/KJUR.asn1.DERAbstractString.html index 1c29ba07..230d4cbf 100755 --- a/api/symbols/KJUR.asn1.DERAbstractString.html +++ b/api/symbols/KJUR.asn1.DERAbstractString.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.DERAbstractStructured.html b/api/symbols/KJUR.asn1.DERAbstractStructured.html index 564ae8fd..e29932f0 100755 --- a/api/symbols/KJUR.asn1.DERAbstractStructured.html +++ b/api/symbols/KJUR.asn1.DERAbstractStructured.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.DERAbstractTime.html b/api/symbols/KJUR.asn1.DERAbstractTime.html index 23791477..2a8608a0 100755 --- a/api/symbols/KJUR.asn1.DERAbstractTime.html +++ b/api/symbols/KJUR.asn1.DERAbstractTime.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.DERBitString.html b/api/symbols/KJUR.asn1.DERBitString.html index c6283f29..1968b218 100755 --- a/api/symbols/KJUR.asn1.DERBitString.html +++ b/api/symbols/KJUR.asn1.DERBitString.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.DERBoolean.html b/api/symbols/KJUR.asn1.DERBoolean.html index 29dffc53..75086423 100755 --- a/api/symbols/KJUR.asn1.DERBoolean.html +++ b/api/symbols/KJUR.asn1.DERBoolean.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.DERGeneralizedTime.html b/api/symbols/KJUR.asn1.DERGeneralizedTime.html index aec36d90..26e6e175 100755 --- a/api/symbols/KJUR.asn1.DERGeneralizedTime.html +++ b/api/symbols/KJUR.asn1.DERGeneralizedTime.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.DERIA5String.html b/api/symbols/KJUR.asn1.DERIA5String.html index e967d00f..4f4111de 100755 --- a/api/symbols/KJUR.asn1.DERIA5String.html +++ b/api/symbols/KJUR.asn1.DERIA5String.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.DERInteger.html b/api/symbols/KJUR.asn1.DERInteger.html index 85803f28..0d1dee0a 100755 --- a/api/symbols/KJUR.asn1.DERInteger.html +++ b/api/symbols/KJUR.asn1.DERInteger.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.DERNull.html b/api/symbols/KJUR.asn1.DERNull.html index 8538479c..6cc30e81 100755 --- a/api/symbols/KJUR.asn1.DERNull.html +++ b/api/symbols/KJUR.asn1.DERNull.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.DERNumericString.html b/api/symbols/KJUR.asn1.DERNumericString.html index 0e6f5bec..1e4f314b 100755 --- a/api/symbols/KJUR.asn1.DERNumericString.html +++ b/api/symbols/KJUR.asn1.DERNumericString.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.DERObjectIdentifier.html b/api/symbols/KJUR.asn1.DERObjectIdentifier.html index 93ba8f83..731cef25 100755 --- a/api/symbols/KJUR.asn1.DERObjectIdentifier.html +++ b/api/symbols/KJUR.asn1.DERObjectIdentifier.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.DEROctetString.html b/api/symbols/KJUR.asn1.DEROctetString.html index def40441..79c51d98 100755 --- a/api/symbols/KJUR.asn1.DEROctetString.html +++ b/api/symbols/KJUR.asn1.DEROctetString.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.DERPrintableString.html b/api/symbols/KJUR.asn1.DERPrintableString.html index 0b8e55c2..c6f8c03d 100755 --- a/api/symbols/KJUR.asn1.DERPrintableString.html +++ b/api/symbols/KJUR.asn1.DERPrintableString.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.DERSequence.html b/api/symbols/KJUR.asn1.DERSequence.html index d601b444..75093f23 100755 --- a/api/symbols/KJUR.asn1.DERSequence.html +++ b/api/symbols/KJUR.asn1.DERSequence.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.DERSet.html b/api/symbols/KJUR.asn1.DERSet.html index 69f1cdf7..eff3fafd 100755 --- a/api/symbols/KJUR.asn1.DERSet.html +++ b/api/symbols/KJUR.asn1.DERSet.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.DERTaggedObject.html b/api/symbols/KJUR.asn1.DERTaggedObject.html index 2815a4a9..033adbca 100755 --- a/api/symbols/KJUR.asn1.DERTaggedObject.html +++ b/api/symbols/KJUR.asn1.DERTaggedObject.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.DERTeletexString.html b/api/symbols/KJUR.asn1.DERTeletexString.html index cc126317..cc51696e 100755 --- a/api/symbols/KJUR.asn1.DERTeletexString.html +++ b/api/symbols/KJUR.asn1.DERTeletexString.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.DERUTCTime.html b/api/symbols/KJUR.asn1.DERUTCTime.html index a7be5cc9..6f6a51ff 100755 --- a/api/symbols/KJUR.asn1.DERUTCTime.html +++ b/api/symbols/KJUR.asn1.DERUTCTime.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.DERUTF8String.html b/api/symbols/KJUR.asn1.DERUTF8String.html index 55e417c5..40c35904 100755 --- a/api/symbols/KJUR.asn1.DERUTF8String.html +++ b/api/symbols/KJUR.asn1.DERUTF8String.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.html b/api/symbols/KJUR.asn1.html index 245c8bf6..af7b9900 100755 --- a/api/symbols/KJUR.asn1.html +++ b/api/symbols/KJUR.asn1.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.AlgorithmIdentifier.html b/api/symbols/KJUR.asn1.x509.AlgorithmIdentifier.html index c82ab65b..297731cc 100755 --- a/api/symbols/KJUR.asn1.x509.AlgorithmIdentifier.html +++ b/api/symbols/KJUR.asn1.x509.AlgorithmIdentifier.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.AttributeTypeAndValue.html b/api/symbols/KJUR.asn1.x509.AttributeTypeAndValue.html index 68374adb..58e27ed2 100755 --- a/api/symbols/KJUR.asn1.x509.AttributeTypeAndValue.html +++ b/api/symbols/KJUR.asn1.x509.AttributeTypeAndValue.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.AuthorityKeyIdentifier.html b/api/symbols/KJUR.asn1.x509.AuthorityKeyIdentifier.html new file mode 100755 index 00000000..616b6ddc --- /dev/null +++ b/api/symbols/KJUR.asn1.x509.AuthorityKeyIdentifier.html @@ -0,0 +1,669 @@ + + + + + + + jsrsasign 4.0.0 JavaScript API Reference - KJUR.asn1.x509.AuthorityKeyIdentifier + + + + + + + + + + + + +
    + +
    Class Index +| File Index
    +
    +

    Classes

    + +
    + +
    + +
    + +

    + + Class KJUR.asn1.x509.AuthorityKeyIdentifier +

    + + +

    + +
    Extends + KJUR.asn1.x509.Extension.
    + + + AuthorityKeyIdentifier ASN.1 structure class + + +
    Defined in: asn1x509-1.0.js. + +

    + + + + + + + + + + + + + + + + + +
    Class Summary
    Constructor AttributesConstructor Name and Description
      +
    + KJUR.asn1.x509.AuthorityKeyIdentifier(params) +
    +
    AuthorityKeyIdentifier ASN.1 structure class +
    +d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
+AuthorityKeyIdentifier ::= SEQUENCE {
+   keyIdentifier             [0] KeyIdentifier           OPTIONAL,
+   authorityCertIssuer       [1] GeneralNames            OPTIONAL,
+   authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }
+KeyIdentifier ::= OCTET STRING
+
    +
    + + + + + + + + +
    +
    Fields borrowed from class KJUR.asn1.ASN1Object:
    hL, hT, hTLV, hV, isModified
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Method Summary
    Method AttributesMethod Name and Description
    <static>   +
    KJUR.asn1.x509.AuthorityKeyIdentifier.setCertIssuerByParam(param) +
    +
    set authorityCertIssuer value by X500Name parameter +NOTE: Automatic authorityCertIssuer name setting by an issuer +certificate will be supported in future version.
    +
    <static>   +
    KJUR.asn1.x509.AuthorityKeyIdentifier.setCertSerialNumberByParam(param) +
    +
    set authorityCertSerialNumber value by DERInteger parameter +NOTE: Automatic authorityCertSerialNumber setting by an issuer +certificate will be supported in future version.
    +
    <static>   +
    KJUR.asn1.x509.AuthorityKeyIdentifier.setKIDByParam(param) +
    +
    set keyIdentifier value by DERInteger parameter +NOTE: Automatic keyIdentifier value calculation by an issuer +public key will be supported in future version.
    +
    + + + +
    + +
    + + + + + + + +
    +
    + Class Detail +
    + +
    + KJUR.asn1.x509.AuthorityKeyIdentifier(params) +
    + +
    + AuthorityKeyIdentifier ASN.1 structure class +
    +d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
+AuthorityKeyIdentifier ::= SEQUENCE {
+   keyIdentifier             [0] KeyIdentifier           OPTIONAL,
+   authorityCertIssuer       [1] GeneralNames            OPTIONAL,
+   authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }
+KeyIdentifier ::= OCTET STRING
+
    + +
    + + + + 
    var param = {'kid': {'hex': '89ab'},
+             'issuer': {'str': '/C=US/CN=a'},
+             'sn': {'hex': '1234'},
+             'critical': true});
+var e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier(param);
    + + + + + +
    +
    Parameters:
    + +
    + {Array} params + +
    +
    associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
    + +
    + + + +
    +
    Since:
    +
    asn1x509 1.0.8
    +
    + + + + + + +
    + + + + + + + +
    + Method Detail +
    + + +
    <static> + + + KJUR.asn1.x509.AuthorityKeyIdentifier.setCertIssuerByParam(param) + +
    +
    + set authorityCertIssuer value by X500Name parameter +NOTE: Automatic authorityCertIssuer name setting by an issuer +certificate will be supported in future version. + + +
    + + + + +
    +
    Parameters:
    + +
    + {Array} param + +
    +
    array of KJUR.asn1.x509.X500Name parameter
    + +
    + + + +
    +
    Since:
    +
    asn1x509 1.0.8
    +
    + + + + + + + +
    + + +
    <static> + + + KJUR.asn1.x509.AuthorityKeyIdentifier.setCertSerialNumberByParam(param) + +
    +
    + set authorityCertSerialNumber value by DERInteger parameter +NOTE: Automatic authorityCertSerialNumber setting by an issuer +certificate will be supported in future version. + + +
    + + + + +
    +
    Parameters:
    + +
    + {Array} param + +
    +
    array of KJUR.asn1.DERInteger parameter
    + +
    + + + +
    +
    Since:
    +
    asn1x509 1.0.8
    +
    + + + + + + + +
    + + +
    <static> + + + KJUR.asn1.x509.AuthorityKeyIdentifier.setKIDByParam(param) + +
    +
    + set keyIdentifier value by DERInteger parameter +NOTE: Automatic keyIdentifier value calculation by an issuer +public key will be supported in future version. + + +
    + + + + +
    +
    Parameters:
    + +
    + {Array} param + +
    +
    array of KJUR.asn1.DERInteger parameter
    + +
    + + + +
    +
    Since:
    +
    asn1x509 1.0.8
    +
    + + + + + + + + + + + + + + +
    +
    + + + +
    + © 2012 Kenji Urushima, All rights reserved
    + + Documentation generated by JsDoc Toolkit 2.4.0 +
    + + diff --git a/api/symbols/KJUR.asn1.x509.BasicConstraints.html b/api/symbols/KJUR.asn1.x509.BasicConstraints.html index d1f2688d..0f3752c6 100755 --- a/api/symbols/KJUR.asn1.x509.BasicConstraints.html +++ b/api/symbols/KJUR.asn1.x509.BasicConstraints.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.CRL.html b/api/symbols/KJUR.asn1.x509.CRL.html index 8f582d63..5fa192d3 100755 --- a/api/symbols/KJUR.asn1.x509.CRL.html +++ b/api/symbols/KJUR.asn1.x509.CRL.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.CRLDistributionPoints.html b/api/symbols/KJUR.asn1.x509.CRLDistributionPoints.html index 27597215..97c68caf 100755 --- a/api/symbols/KJUR.asn1.x509.CRLDistributionPoints.html +++ b/api/symbols/KJUR.asn1.x509.CRLDistributionPoints.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.CRLEntry.html b/api/symbols/KJUR.asn1.x509.CRLEntry.html index 93441952..82a03b28 100755 --- a/api/symbols/KJUR.asn1.x509.CRLEntry.html +++ b/api/symbols/KJUR.asn1.x509.CRLEntry.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.Certificate.html b/api/symbols/KJUR.asn1.x509.Certificate.html index 1c0e6c3a..c8c82204 100755 --- a/api/symbols/KJUR.asn1.x509.Certificate.html +++ b/api/symbols/KJUR.asn1.x509.Certificate.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • @@ -422,6 +424,16 @@

    EXAMPLES

    + + <static>   + +
    KJUR.asn1.x509.Certificate.setSignatureHex() +
    +
    set signature value internally by hex string +
    + + + <static>   @@ -610,6 +622,43 @@

    EXAMPLES

    +
    + + +
    <static> + + + KJUR.asn1.x509.Certificate.setSignatureHex() + +
    +
    + set signature value internally by hex string + + + +
    + + + + 
    var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs});
+cert.setSignatureHex('01020304');
    + + + + + + +
    +
    Since:
    +
    asn1x509 1.0.8
    +
    + + + + + + +
    diff --git a/api/symbols/KJUR.asn1.x509.DistributionPoint.html b/api/symbols/KJUR.asn1.x509.DistributionPoint.html index cdcf6d67..a0a55364 100755 --- a/api/symbols/KJUR.asn1.x509.DistributionPoint.html +++ b/api/symbols/KJUR.asn1.x509.DistributionPoint.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.DistributionPointName.html b/api/symbols/KJUR.asn1.x509.DistributionPointName.html index d6e50886..d69b8558 100755 --- a/api/symbols/KJUR.asn1.x509.DistributionPointName.html +++ b/api/symbols/KJUR.asn1.x509.DistributionPointName.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.ExtKeyUsage.html b/api/symbols/KJUR.asn1.x509.ExtKeyUsage.html index db3aaa40..8f64dbc4 100755 --- a/api/symbols/KJUR.asn1.x509.ExtKeyUsage.html +++ b/api/symbols/KJUR.asn1.x509.ExtKeyUsage.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.Extension.html b/api/symbols/KJUR.asn1.x509.Extension.html index 1f39b386..4ad367fe 100755 --- a/api/symbols/KJUR.asn1.x509.Extension.html +++ b/api/symbols/KJUR.asn1.x509.Extension.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.GeneralName.html b/api/symbols/KJUR.asn1.x509.GeneralName.html index e19ed6c9..3541c10b 100755 --- a/api/symbols/KJUR.asn1.x509.GeneralName.html +++ b/api/symbols/KJUR.asn1.x509.GeneralName.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.GeneralNames.html b/api/symbols/KJUR.asn1.x509.GeneralNames.html index 5d938dc7..5ef09566 100755 --- a/api/symbols/KJUR.asn1.x509.GeneralNames.html +++ b/api/symbols/KJUR.asn1.x509.GeneralNames.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.KeyUsage.html b/api/symbols/KJUR.asn1.x509.KeyUsage.html index 8a7c58a1..b6bb1a31 100755 --- a/api/symbols/KJUR.asn1.x509.KeyUsage.html +++ b/api/symbols/KJUR.asn1.x509.KeyUsage.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.OID.html b/api/symbols/KJUR.asn1.x509.OID.html index 1884758a..31610c09 100755 --- a/api/symbols/KJUR.asn1.x509.OID.html +++ b/api/symbols/KJUR.asn1.x509.OID.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.RDN.html b/api/symbols/KJUR.asn1.x509.RDN.html index 78ad4a30..e4af74b5 100755 --- a/api/symbols/KJUR.asn1.x509.RDN.html +++ b/api/symbols/KJUR.asn1.x509.RDN.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.SubjectPublicKeyInfo.html b/api/symbols/KJUR.asn1.x509.SubjectPublicKeyInfo.html index 122d7556..882531d5 100755 --- a/api/symbols/KJUR.asn1.x509.SubjectPublicKeyInfo.html +++ b/api/symbols/KJUR.asn1.x509.SubjectPublicKeyInfo.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.TBSCertList.html b/api/symbols/KJUR.asn1.x509.TBSCertList.html index cb19d035..a24b4ea6 100755 --- a/api/symbols/KJUR.asn1.x509.TBSCertList.html +++ b/api/symbols/KJUR.asn1.x509.TBSCertList.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.TBSCertificate.html b/api/symbols/KJUR.asn1.x509.TBSCertificate.html index 56fe9378..acedc76a 100755 --- a/api/symbols/KJUR.asn1.x509.TBSCertificate.html +++ b/api/symbols/KJUR.asn1.x509.TBSCertificate.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • @@ -639,7 +641,8 @@

    EXAMPLE

    tbsc.appendExtensionByName('BasicConstraints', {'cA':true, 'critical': true});
 tbsc.appendExtensionByName('KeyUsage', {'bin':'11'});
 tbsc.appendExtensionByName('CRLDistributionPoints', {uri: 'http://aaa.com/a.crl'});
-tbsc.appendExtensionByName('ExtKeyUsage', {array: [{name: 'clientAuth'}]});
    +tbsc.appendExtensionByName('ExtKeyUsage', {array: [{name: 'clientAuth'}]}); +tbsc.appendExtensionByName('AuthorityKeyIdentifier', {kid: '1234ab..'}); diff --git a/api/symbols/KJUR.asn1.x509.Time.html b/api/symbols/KJUR.asn1.x509.Time.html index 6401ca71..a2a2cb6f 100755 --- a/api/symbols/KJUR.asn1.x509.Time.html +++ b/api/symbols/KJUR.asn1.x509.Time.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.X500Name.html b/api/symbols/KJUR.asn1.x509.X500Name.html index 43257998..e7dfff2b 100755 --- a/api/symbols/KJUR.asn1.x509.X500Name.html +++ b/api/symbols/KJUR.asn1.x509.X500Name.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.asn1.x509.X509Util.html b/api/symbols/KJUR.asn1.x509.X509Util.html index d0f33408..039e15ca 100755 --- a/api/symbols/KJUR.asn1.x509.X509Util.html +++ b/api/symbols/KJUR.asn1.x509.X509Util.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • @@ -501,6 +503,10 @@

    issue a certificate in PEM format This method can issue a certificate by a simple JSON object. +Signature value will be provided by signing with +private key using 'cakey' parameter or +hexa decimal signature value by 'sighex' parameter. + NOTE: When using DSA or ECDSA CA signing key, use 'paramempty' in 'sigalg' to ommit parameter field of AlgorithmIdentifer. In case of RSA, parameter @@ -524,6 +530,17 @@

    {keyUsage: {bin: '11'}}, ], cakey: [prvkey, pass]} +); +// -- or -- +var certPEM = KJUR.asn1.x509.X509Util.newCertPEM( +{ serial: {int: 1}, + sigalg: {name: 'SHA1withRSA', paramempty: true}, + issuer: {str: '/C=US/O=T1'}, + notbefore: {'str': '130504235959Z'}, + notafter: {'str': '140504235959Z'}, + subject: {str: '/C=US/O=T1'}, + sbjpubkey: pubKeyObj, + sighex: '0102030405..'} ); diff --git a/api/symbols/KJUR.asn1.x509.html b/api/symbols/KJUR.asn1.x509.html index e9de983e..f1851658 100755 --- a/api/symbols/KJUR.asn1.x509.html +++ b/api/symbols/KJUR.asn1.x509.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • @@ -511,6 +513,7 @@

    SUPPORTED EXTENSIONS

  • KJUR.asn1.x509.KeyUsage
  • KJUR.asn1.x509.CRLDistributionPoints
  • KJUR.asn1.x509.ExtKeyUsage
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2. diff --git a/api/symbols/KJUR.crypto.DSA.html b/api/symbols/KJUR.crypto.DSA.html index d6fdcf3c..5f66b492 100755 --- a/api/symbols/KJUR.crypto.DSA.html +++ b/api/symbols/KJUR.crypto.DSA.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.crypto.ECDSA.html b/api/symbols/KJUR.crypto.ECDSA.html index 1dfbec87..8b608b4c 100755 --- a/api/symbols/KJUR.crypto.ECDSA.html +++ b/api/symbols/KJUR.crypto.ECDSA.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.crypto.ECParameterDB.html b/api/symbols/KJUR.crypto.ECParameterDB.html index 24a4f5c3..b1864119 100755 --- a/api/symbols/KJUR.crypto.ECParameterDB.html +++ b/api/symbols/KJUR.crypto.ECParameterDB.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.crypto.Mac.html b/api/symbols/KJUR.crypto.Mac.html index 8205d631..0643d16f 100755 --- a/api/symbols/KJUR.crypto.Mac.html +++ b/api/symbols/KJUR.crypto.Mac.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.crypto.MessageDigest.html b/api/symbols/KJUR.crypto.MessageDigest.html index c67beb12..18a55563 100755 --- a/api/symbols/KJUR.crypto.MessageDigest.html +++ b/api/symbols/KJUR.crypto.MessageDigest.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.crypto.OID.html b/api/symbols/KJUR.crypto.OID.html index aed70930..cb386595 100755 --- a/api/symbols/KJUR.crypto.OID.html +++ b/api/symbols/KJUR.crypto.OID.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.crypto.Signature.html b/api/symbols/KJUR.crypto.Signature.html index 25cae800..5e3f9163 100755 --- a/api/symbols/KJUR.crypto.Signature.html +++ b/api/symbols/KJUR.crypto.Signature.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.crypto.Util.html b/api/symbols/KJUR.crypto.Util.html index 3d0aee78..e2f34b85 100755 --- a/api/symbols/KJUR.crypto.Util.html +++ b/api/symbols/KJUR.crypto.Util.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.crypto.html b/api/symbols/KJUR.crypto.html index 224b55ce..191ce305 100755 --- a/api/symbols/KJUR.crypto.html +++ b/api/symbols/KJUR.crypto.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/KJUR.html b/api/symbols/KJUR.html index 3501b1a2..f4100547 100755 --- a/api/symbols/KJUR.html +++ b/api/symbols/KJUR.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/PKCS5PKEY.html b/api/symbols/PKCS5PKEY.html index 856ddbd8..94c2176c 100755 --- a/api/symbols/PKCS5PKEY.html +++ b/api/symbols/PKCS5PKEY.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/RSAKey.html b/api/symbols/RSAKey.html index 25e250bc..7dc699c3 100755 --- a/api/symbols/RSAKey.html +++ b/api/symbols/RSAKey.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/X509.html b/api/symbols/X509.html index 59b6d480..8962ab8a 100755 --- a/api/symbols/X509.html +++ b/api/symbols/X509.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/global__.html b/api/symbols/global__.html index f05257dc..1abdfd20 100755 --- a/api/symbols/global__.html +++ b/api/symbols/global__.html @@ -251,6 +251,8 @@

    Classes

  • KJUR.asn1.x509.AttributeTypeAndValue
    • +
  • KJUR.asn1.x509.AuthorityKeyIdentifier
    • +
  • KJUR.asn1.x509.BasicConstraints
  • KJUR.asn1.x509.Certificate
    • diff --git a/api/symbols/src/asn1x509-1.0.js.html b/api/symbols/src/asn1x509-1.0.js.html index fc30acc3..82c717d6 100755 --- a/api/symbols/src/asn1x509-1.0.js.html +++ b/api/symbols/src/asn1x509-1.0.js.html @@ -5,12 +5,12 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
      1 /*! asn1x509-1.0.7.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
      1 /*! asn1x509-1.0.8.js (c) 2013-2014 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate
   5  *
-  6  * Copyright (c) 2013 Kenji Urushima (kenji.urushima@gmail.com)
+  6  * Copyright (c) 2013-2014 Kenji Urushima (kenji.urushima@gmail.com)
   7  *
   8  * This software is licensed under the terms of the MIT License.
   9  * http://kjur.github.com/jsrsasign/license
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1x509-1.0.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version 1.0.7 (2013-Oct-11)
+ 19  * @version 1.0.8 (2014-Apr-16)
  20  * @since jsrsasign 2.1
  21  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -34,7 +34,7 @@
  27  * @name KJUR
  28  * @namespace kjur's class library name space
  29  */
- 30 if (typeof KJUR == "undefined" || !KJUR) KJUR = {};
+ 30     if (typeof KJUR == "undefined" || !KJUR) KJUR = {};
  31 
  32 /**
  33  * kjur's ASN.1 class library name space
@@ -78,1735 +78,1897 @@
  71  * <li>{@link KJUR.asn1.x509.KeyUsage}</li>
  72  * <li>{@link KJUR.asn1.x509.CRLDistributionPoints}</li>
  73  * <li>{@link KJUR.asn1.x509.ExtKeyUsage}</li>
- 74  * </ul>
- 75  * NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.
- 76  * @name KJUR.asn1.x509
- 77  * @namespace
- 78  */
- 79 if (typeof KJUR.asn1.x509 == "undefined" || !KJUR.asn1.x509) KJUR.asn1.x509 = {};
- 80 
- 81 // === BEGIN Certificate ===================================================
- 82 
- 83 /**
- 84  * X.509 Certificate class to sign and generate hex encoded certificate
- 85  * @name KJUR.asn1.x509.Certificate
- 86  * @class X.509 Certificate class to sign and generate hex encoded certificate
- 87  * @param {Array} params associative array of parameters (ex. {'tbscertobj': obj, 'prvkeyobj': key})
- 88  * @extends KJUR.asn1.ASN1Object
- 89  * @description
- 90  * <br/>
- 91  * As for argument 'params' for constructor, you can specify one of
- 92  * following properties:
- 93  * <ul>
- 94  * <li>tbscertobj - specify {@link KJUR.asn1.x509.TBSCertificate} object</li>
- 95  * <li>prvkeyobj - specify {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} object for CA private key to sign the certificate</li>
- 96  * <li>(DEPRECATED)rsaprvkey - specify {@link RSAKey} object CA private key</li>
- 97  * <li>(DEPRECATED)rsaprvpem - specify PEM string of RSA CA private key</li>
- 98  * </ul>
- 99  * NOTE1: 'params' can be omitted.<br/>
-100  * NOTE2: DSA/ECDSA is also supported for CA signging key from asn1x509 1.0.6.
-101  * @example
-102  * var caKey = KEYUTIL.getKey(caKeyPEM); // CA's private key
-103  * var cert = new KJUR.asn1x509.Certificate({'tbscertobj': tbs, 'prvkeyobj': caKey});
-104  * cert.sign(); // issue certificate by CA's private key
-105  * var certPEM = cert.getPEMString();
-106  *
-107  * // Certificate  ::=  SEQUENCE  {
-108  * //     tbsCertificate       TBSCertificate,
-109  * //     signatureAlgorithm   AlgorithmIdentifier,
-110  * //     signature            BIT STRING  }	    
-111  */
-112 KJUR.asn1.x509.Certificate = function(params) {
-113     KJUR.asn1.x509.Certificate.superclass.constructor.call(this);
-114     var asn1TBSCert = null;
-115     var asn1SignatureAlg = null;
-116     var asn1Sig = null;
-117     var hexSig = null;
-118     var prvKey = null;
-119     var rsaPrvKey = null; // DEPRECATED
-120 
-121     
-122     /**
-123      * set PKCS#5 encrypted RSA PEM private key as CA key
-124      * @name setRsaPrvKeyByPEMandPass
-125      * @memberOf KJUR.asn1.x509.Certificate
-126      * @function
-127      * @param {String} rsaPEM string of PKCS#5 encrypted RSA PEM private key
-128      * @param {String} passPEM passcode string to decrypt private key
-129      * @since 1.0.1
-130      * @description
-131      * <br/>
-132      * <h4>EXAMPLES</h4>
-133      * @example
-134      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs});
-135      * cert.setRsaPrvKeyByPEMandPass("-----BEGIN RSA PRIVATE..(snip)", "password");
-136      */
-137     this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) {
-138 	var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM);
-139 	var caKey = new RSAKey();
-140 	caKey.readPrivateKeyFromASN1HexString(caKeyHex);  
-141 	this.prvKey = caKey;
-142     };
-143 
-144     /**
-145      * sign TBSCertificate and set signature value internally
-146      * @name sign
-147      * @memberOf KJUR.asn1.x509.Certificate
-148      * @function
-149      * @description
-150      * @example
-151      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs, 'rsaprvkey': prvKey});
-152      * cert.sign();
-153      */
-154     this.sign = function() {
-155 	this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg;
-156 
-157 	sig = new KJUR.crypto.Signature({'alg': 'SHA1withRSA'});
-158 	sig.init(this.prvKey);
-159 	sig.updateHex(this.asn1TBSCert.getEncodedHex());
-160 	this.hexSig = sig.sign();
-161 
-162 	this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
-163 	
-164 	var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCert,
-165 						       this.asn1SignatureAlg,
-166 						       this.asn1Sig]});
-167 	this.hTLV = seq.getEncodedHex();
-168 	this.isModified = false;
-169     };
-170 
-171     this.getEncodedHex = function() {
-172 	if (this.isModified == false && this.hTLV != null) return this.hTLV;
-173 	throw "not signed yet";
-174     };
-175 
-176     /**
-177      * get PEM formatted certificate string after signed
-178      * @name getPEMString
-179      * @memberOf KJUR.asn1.x509.Certificate
-180      * @function
-181      * @return PEM formatted string of certificate
-182      * @description
-183      * @example
-184      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs, 'rsaprvkey': prvKey});
-185      * cert.sign();
-186      * var sPEM =  cert.getPEMString();
-187      */
-188     this.getPEMString = function() {
-189 	var hCert = this.getEncodedHex();
-190 	var wCert = CryptoJS.enc.Hex.parse(hCert);
-191 	var b64Cert = CryptoJS.enc.Base64.stringify(wCert);
-192 	var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n");
-193 	return "-----BEGIN CERTIFICATE-----\r\n" + pemBody + "\r\n-----END CERTIFICATE-----\r\n";
-194     };
-195 
-196     if (typeof params != "undefined") {
-197 	if (typeof params['tbscertobj'] != "undefined") {
-198 	    this.asn1TBSCert = params['tbscertobj'];
-199 	}
-200 	if (typeof params['prvkeyobj'] != "undefined") {
-201 	    this.prvKey = params['prvkeyobj'];
-202 	} else if (typeof params['rsaprvkey'] != "undefined") {
-203 	    this.prvKey = params['rsaprvkey'];
-204         } else if ((typeof params['rsaprvpem'] != "undefined") &&
-205 	    (typeof params['rsaprvpas'] != "undefined")) {
-206 	    this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']);
-207 	}
-208     }
-209 };
-210 YAHOO.lang.extend(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object);
-211 
-212 /**
-213  * ASN.1 TBSCertificate structure class
-214  * @name KJUR.asn1.x509.TBSCertificate
-215  * @class ASN.1 TBSCertificate structure class
-216  * @param {Array} params associative array of parameters (ex. {})
-217  * @extends KJUR.asn1.ASN1Object
-218  * @description
-219  * <br/>
-220  * <h4>EXAMPLE</h4>
-221  * @example
-222  *  var o = new KJUR.asn1.x509.TBSCertificate();
-223  *  o.setSerialNumberByParam({'int': 4});
-224  *  o.setSignatureAlgByParam({'name': 'SHA1withRSA'});
-225  *  o.setIssuerByParam({'str': '/C=US/O=a'});
-226  *  o.setNotBeforeByParam({'str': '130504235959Z'});
-227  *  o.setNotAfterByParam({'str': '140504235959Z'});
-228  *  o.setSubjectByParam({'str': '/C=US/CN=b'});
-229  *  o.setSubjectPublicKeyByParam({'rsakey': rsaKey});
-230  *  o.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA':true}));
-231  *  o.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
-232  */
-233 KJUR.asn1.x509.TBSCertificate = function(params) {
-234     KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this);
+ 74  * <li>{@link KJUR.asn1.x509.AuthorityKeyIdentifier}</li>
+ 75  * </ul>
+ 76  * NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.
+ 77  * @name KJUR.asn1.x509
+ 78  * @namespace
+ 79  */
+ 80 if (typeof KJUR.asn1.x509 == "undefined" || !KJUR.asn1.x509) KJUR.asn1.x509 = {};
+ 81 
+ 82 // === BEGIN Certificate ===================================================
+ 83 
+ 84 /**
+ 85  * X.509 Certificate class to sign and generate hex encoded certificate
+ 86  * @name KJUR.asn1.x509.Certificate
+ 87  * @class X.509 Certificate class to sign and generate hex encoded certificate
+ 88  * @param {Array} params associative array of parameters (ex. {'tbscertobj': obj, 'prvkeyobj': key})
+ 89  * @extends KJUR.asn1.ASN1Object
+ 90  * @description
+ 91  * <br/>
+ 92  * As for argument 'params' for constructor, you can specify one of
+ 93  * following properties:
+ 94  * <ul>
+ 95  * <li>tbscertobj - specify {@link KJUR.asn1.x509.TBSCertificate} object</li>
+ 96  * <li>prvkeyobj - specify {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} object for CA private key to sign the certificate</li>
+ 97  * <li>(DEPRECATED)rsaprvkey - specify {@link RSAKey} object CA private key</li>
+ 98  * <li>(DEPRECATED)rsaprvpem - specify PEM string of RSA CA private key</li>
+ 99  * </ul>
+100  * NOTE1: 'params' can be omitted.<br/>
+101  * NOTE2: DSA/ECDSA is also supported for CA signging key from asn1x509 1.0.6.
+102  * @example
+103  * var caKey = KEYUTIL.getKey(caKeyPEM); // CA's private key
+104  * var cert = new KJUR.asn1x509.Certificate({'tbscertobj': tbs, 'prvkeyobj': caKey});
+105  * cert.sign(); // issue certificate by CA's private key
+106  * var certPEM = cert.getPEMString();
+107  *
+108  * // Certificate  ::=  SEQUENCE  {
+109  * //     tbsCertificate       TBSCertificate,
+110  * //     signatureAlgorithm   AlgorithmIdentifier,
+111  * //     signature            BIT STRING  }        
+112  */
+113 KJUR.asn1.x509.Certificate = function(params) {
+114     KJUR.asn1.x509.Certificate.superclass.constructor.call(this);
+115     var asn1TBSCert = null;
+116     var asn1SignatureAlg = null;
+117     var asn1Sig = null;
+118     var hexSig = null;
+119     var prvKey = null;
+120     var rsaPrvKey = null; // DEPRECATED
+121 
+122     
+123     /**
+124      * set PKCS#5 encrypted RSA PEM private key as CA key
+125      * @name setRsaPrvKeyByPEMandPass
+126      * @memberOf KJUR.asn1.x509.Certificate
+127      * @function
+128      * @param {String} rsaPEM string of PKCS#5 encrypted RSA PEM private key
+129      * @param {String} passPEM passcode string to decrypt private key
+130      * @since 1.0.1
+131      * @description
+132      * <br/>
+133      * <h4>EXAMPLES</h4>
+134      * @example
+135      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs});
+136      * cert.setRsaPrvKeyByPEMandPass("-----BEGIN RSA PRIVATE..(snip)", "password");
+137      */
+138     this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) {
+139         var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM);
+140         var caKey = new RSAKey();
+141         caKey.readPrivateKeyFromASN1HexString(caKeyHex);  
+142         this.prvKey = caKey;
+143     };
+144 
+145     /**
+146      * sign TBSCertificate and set signature value internally
+147      * @name sign
+148      * @memberOf KJUR.asn1.x509.Certificate
+149      * @function
+150      * @description
+151      * @example
+152      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs, 'rsaprvkey': prvKey});
+153      * cert.sign();
+154      */
+155     this.sign = function() {
+156         this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg;
+157 
+158         sig = new KJUR.crypto.Signature({'alg': 'SHA1withRSA'});
+159         sig.init(this.prvKey);
+160         sig.updateHex(this.asn1TBSCert.getEncodedHex());
+161         this.hexSig = sig.sign();
+162 
+163         this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
+164         
+165         var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCert,
+166                                                        this.asn1SignatureAlg,
+167                                                        this.asn1Sig]});
+168         this.hTLV = seq.getEncodedHex();
+169         this.isModified = false;
+170     };
+171 
+172     /**
+173      * set signature value internally by hex string
+174      * @name setSignatureHex
+175      * @memberOf KJUR.asn1.x509.Certificate
+176      * @function
+177 	 * @since asn1x509 1.0.8
+178      * @description
+179      * @example
+180      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs});
+181      * cert.setSignatureHex('01020304');
+182      */
+183 	this.setSignatureHex = function(sigHex) {
+184         this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg;
+185 		this.hexSig = sigHex;
+186         this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
+187 
+188         var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCert,
+189                                                        this.asn1SignatureAlg,
+190                                                        this.asn1Sig]});
+191         this.hTLV = seq.getEncodedHex();
+192         this.isModified = false;
+193 	};
+194 
+195     this.getEncodedHex = function() {
+196         if (this.isModified == false && this.hTLV != null) return this.hTLV;
+197         throw "not signed yet";
+198     };
+199 
+200     /**
+201      * get PEM formatted certificate string after signed
+202      * @name getPEMString
+203      * @memberOf KJUR.asn1.x509.Certificate
+204      * @function
+205      * @return PEM formatted string of certificate
+206      * @description
+207      * @example
+208      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs, 'rsaprvkey': prvKey});
+209      * cert.sign();
+210      * var sPEM =  cert.getPEMString();
+211      */
+212     this.getPEMString = function() {
+213         var hCert = this.getEncodedHex();
+214         var wCert = CryptoJS.enc.Hex.parse(hCert);
+215         var b64Cert = CryptoJS.enc.Base64.stringify(wCert);
+216         var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n");
+217         return "-----BEGIN CERTIFICATE-----\r\n" + pemBody + "\r\n-----END CERTIFICATE-----\r\n";
+218     };
+219 
+220     if (typeof params != "undefined") {
+221         if (typeof params['tbscertobj'] != "undefined") {
+222             this.asn1TBSCert = params['tbscertobj'];
+223         }
+224         if (typeof params['prvkeyobj'] != "undefined") {
+225             this.prvKey = params['prvkeyobj'];
+226         } else if (typeof params['rsaprvkey'] != "undefined") {
+227             this.prvKey = params['rsaprvkey'];
+228         } else if ((typeof params['rsaprvpem'] != "undefined") &&
+229                    (typeof params['rsaprvpas'] != "undefined")) {
+230             this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']);
+231         }
+232     }
+233 };
+234 YAHOO.lang.extend(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object);
 235 
-236     this._initialize = function() {
-237 	this.asn1Array = new Array();
-238 
-239 	this.asn1Version = 
-240 	    new KJUR.asn1.DERTaggedObject({'obj': new KJUR.asn1.DERInteger({'int': 2})});
-241 	this.asn1SerialNumber = null;
-242 	this.asn1SignatureAlg = null;
-243 	this.asn1Issuer = null;
-244 	this.asn1NotBefore = null;
-245 	this.asn1NotAfter = null;
-246 	this.asn1Subject = null;
-247 	this.asn1SubjPKey = null;
-248 	this.extensionsArray = new Array();
-249     };
-250 
-251     /**
-252      * set serial number field by parameter
-253      * @name setSerialNumberByParam
-254      * @memberOf KJUR.asn1.x509.TBSCertificate
-255      * @function
-256      * @param {Array} intParam DERInteger param
-257      * @description
-258      * @example
-259      * tbsc.setSerialNumberByParam({'int': 3});
-260      */
-261     this.setSerialNumberByParam = function(intParam) {
-262 	this.asn1SerialNumber = new KJUR.asn1.DERInteger(intParam);
-263     };
-264 
-265     /**
-266      * set signature algorithm field by parameter
-267      * @name setSignatureAlgByParam
-268      * @memberOf KJUR.asn1.x509.TBSCertificate
-269      * @function
-270      * @param {Array} algIdParam AlgorithmIdentifier parameter
-271      * @description
-272      * @example
-273      * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
-274      */
-275     this.setSignatureAlgByParam = function(algIdParam) {
-276 	this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam);
-277     };
-278 
-279     /**
-280      * set issuer name field by parameter
-281      * @name setIssuerByParam
-282      * @memberOf KJUR.asn1.x509.TBSCertificate
-283      * @function
-284      * @param {Array} x500NameParam X500Name parameter
-285      * @description
-286      * @example
-287      * tbsc.setIssuerParam({'str': '/C=US/CN=b'});
-288      * @see KJUR.asn1.x509.X500Name
-289      */
-290     this.setIssuerByParam = function(x500NameParam) {
-291 	this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam);
-292     };
-293 
-294     /**
-295      * set notBefore field by parameter
-296      * @name setNotBeforeByParam
-297      * @memberOf KJUR.asn1.x509.TBSCertificate
-298      * @function
-299      * @param {Array} timeParam Time parameter
-300      * @description
-301      * @example
-302      * tbsc.setNotBeforeByParam({'str': '130508235959Z'});
-303      * @see KJUR.asn1.x509.Time
-304      */
-305     this.setNotBeforeByParam = function(timeParam) {
-306 	this.asn1NotBefore = new KJUR.asn1.x509.Time(timeParam);
-307     };
-308     
-309     /**
-310      * set notAfter field by parameter
-311      * @name setNotAfterByParam
-312      * @memberOf KJUR.asn1.x509.TBSCertificate
-313      * @function
-314      * @param {Array} timeParam Time parameter
-315      * @description
-316      * @example
-317      * tbsc.setNotAfterByParam({'str': '130508235959Z'});
-318      * @see KJUR.asn1.x509.Time
-319      */
-320     this.setNotAfterByParam = function(timeParam) {
-321 	this.asn1NotAfter = new KJUR.asn1.x509.Time(timeParam);
-322     };
-323 
-324     /**
-325      * set subject name field by parameter
-326      * @name setSubjectByParam
-327      * @memberOf KJUR.asn1.x509.TBSCertificate
-328      * @function
-329      * @param {Array} x500NameParam X500Name parameter
-330      * @description
-331      * @example
-332      * tbsc.setSubjectParam({'str': '/C=US/CN=b'});
-333      * @see KJUR.asn1.x509.X500Name
-334      */
-335     this.setSubjectByParam = function(x500NameParam) {
-336 	this.asn1Subject = new KJUR.asn1.x509.X500Name(x500NameParam);
-337     };
-338 
-339     /**
-340      * (DEPRECATED) set subject public key info field by RSA key parameter
-341      * @name setSubjectPublicKeyByParam
-342      * @memberOf KJUR.asn1.x509.TBSCertificate
-343      * @function
-344      * @param {Array} subjPKeyParam SubjectPublicKeyInfo parameter of RSA
-345      * @deprecated
-346      * @description
-347      * @example
-348      * tbsc.setSubjectPublicKeyByParam({'rsakey': pubKey});
-349      * @see KJUR.asn1.x509.SubjectPublicKeyInfo
-350      */
-351     this.setSubjectPublicKeyByParam = function(subjPKeyParam) {
-352 	this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(subjPKeyParam);
-353     };
-354 
-355     /**
-356      * set subject public key info by RSA/ECDSA/DSA key parameter
-357      * @name setSubjectPublicKeyByGetKey
-358      * @memberOf KJUR.asn1.x509.TBSCertificate
-359      * @function
-360      * @param {Object} keyParam public key parameter which passed to {@link KEYUTIL.getKey} argument
-361      * @description
-362      * @example
-363      * tbsc.setSubjectPublicKeyByGetKeyParam(certPEMString); // or 
-364      * tbsc.setSubjectPublicKeyByGetKeyParam(pkcs8PublicKeyPEMString); // or 
-365      * tbsc.setSubjectPublicKeyByGetKeyParam(kjurCryptoECDSAKeyObject); // et.al.
-366      * @see KJUR.asn1.x509.SubjectPublicKeyInfo
-367      * @see KEYUTIL.getKey
-368      * @since asn1x509 1.0.6
-369      */
-370     this.setSubjectPublicKeyByGetKey = function(keyParam) {
-371 	var keyObj = KEYUTIL.getKey(keyParam);
-372 	this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObj);
-373     };
-374 
-375     /**
-376      * append X.509v3 extension to this object
-377      * @name appendExtension
-378      * @memberOf KJUR.asn1.x509.TBSCertificate
-379      * @function
-380      * @param {Extension} extObj X.509v3 Extension object
-381      * @description
-382      * @example
-383      * tbsc.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA':true, 'critical': true}));
-384      * tbsc.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
-385      * @see KJUR.asn1.x509.Extension
-386      */
-387     this.appendExtension = function(extObj) {
-388 	this.extensionsArray.push(extObj);
-389     };
-390 
-391     /**
-392      * append X.509v3 extension to this object by name and parameters
-393      * @name appendExtensionByName
-394      * @memberOf KJUR.asn1.x509.TBSCertificate
-395      * @function
-396      * @param {name} name name of X.509v3 Extension object
-397      * @param {Array} extParams parameters as argument of Extension constructor.
-398      * @description
-399      * @example
-400      * tbsc.appendExtensionByName('BasicConstraints', {'cA':true, 'critical': true});
-401      * tbsc.appendExtensionByName('KeyUsage', {'bin':'11'});
-402      * tbsc.appendExtensionByName('CRLDistributionPoints', {uri: 'http://aaa.com/a.crl'});
-403      * tbsc.appendExtensionByName('ExtKeyUsage', {array: [{name: 'clientAuth'}]});
-404      * @see KJUR.asn1.x509.Extension
-405      */
-406     this.appendExtensionByName = function(name, extParams) {
-407 	if (name.toLowerCase() == "basicconstraints") {
-408 	    var extObj = new KJUR.asn1.x509.BasicConstraints(extParams);
-409 	    this.appendExtension(extObj);
-410 	} else if (name.toLowerCase() == "keyusage") {
-411 	    var extObj = new KJUR.asn1.x509.KeyUsage(extParams);
-412 	    this.appendExtension(extObj);
-413 	} else if (name.toLowerCase() == "crldistributionpoints") {
-414 	    var extObj = new KJUR.asn1.x509.CRLDistributionPoints(extParams);
-415 	    this.appendExtension(extObj);
-416 	} else if (name.toLowerCase() == "extkeyusage") {
-417 	    var extObj = new KJUR.asn1.x509.ExtKeyUsage(extParams);
-418 	    this.appendExtension(extObj);
-419 	} else {
-420 	    throw "unsupported extension name: " + name;
-421 	}
-422     };
-423 
-424     this.getEncodedHex = function() {
-425 	if (this.asn1NotBefore == null || this.asn1NotAfter == null)
-426 	    throw "notBefore and/or notAfter not set";
-427 	var asn1Validity = 
-428 	    new KJUR.asn1.DERSequence({'array':[this.asn1NotBefore, this.asn1NotAfter]});
-429 
-430 	this.asn1Array = new Array();
-431 
-432 	this.asn1Array.push(this.asn1Version);
-433 	this.asn1Array.push(this.asn1SerialNumber);
-434 	this.asn1Array.push(this.asn1SignatureAlg);
-435 	this.asn1Array.push(this.asn1Issuer);
-436 	this.asn1Array.push(asn1Validity);
-437 	this.asn1Array.push(this.asn1Subject);
-438 	this.asn1Array.push(this.asn1SubjPKey);
-439 
-440 	if (this.extensionsArray.length > 0) {
-441 	    var extSeq = new KJUR.asn1.DERSequence({"array": this.extensionsArray});
-442 	    var extTagObj = new KJUR.asn1.DERTaggedObject({'explicit': true,
-443 							   'tag': 'a3',
-444 							   'obj': extSeq});
-445 	    this.asn1Array.push(extTagObj);
-446 	}
-447 
-448 	var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
-449 	this.hTLV = o.getEncodedHex();
-450 	this.isModified = false;
-451 	return this.hTLV;
-452     };
-453 
-454     this._initialize();
-455 };
-456 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate, KJUR.asn1.ASN1Object);
+236 /**
+237  * ASN.1 TBSCertificate structure class
+238  * @name KJUR.asn1.x509.TBSCertificate
+239  * @class ASN.1 TBSCertificate structure class
+240  * @param {Array} params associative array of parameters (ex. {})
+241  * @extends KJUR.asn1.ASN1Object
+242  * @description
+243  * <br/>
+244  * <h4>EXAMPLE</h4>
+245  * @example
+246  *  var o = new KJUR.asn1.x509.TBSCertificate();
+247  *  o.setSerialNumberByParam({'int': 4});
+248  *  o.setSignatureAlgByParam({'name': 'SHA1withRSA'});
+249  *  o.setIssuerByParam({'str': '/C=US/O=a'});
+250  *  o.setNotBeforeByParam({'str': '130504235959Z'});
+251  *  o.setNotAfterByParam({'str': '140504235959Z'});
+252  *  o.setSubjectByParam({'str': '/C=US/CN=b'});
+253  *  o.setSubjectPublicKeyByParam({'rsakey': rsaKey});
+254  *  o.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA':true}));
+255  *  o.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
+256  */
+257 KJUR.asn1.x509.TBSCertificate = function(params) {
+258     KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this);
+259 
+260     this._initialize = function() {
+261         this.asn1Array = new Array();
+262 
+263         this.asn1Version = 
+264             new KJUR.asn1.DERTaggedObject({'obj': new KJUR.asn1.DERInteger({'int': 2})});
+265         this.asn1SerialNumber = null;
+266         this.asn1SignatureAlg = null;
+267         this.asn1Issuer = null;
+268         this.asn1NotBefore = null;
+269         this.asn1NotAfter = null;
+270         this.asn1Subject = null;
+271         this.asn1SubjPKey = null;
+272         this.extensionsArray = new Array();
+273     };
+274 
+275     /**
+276      * set serial number field by parameter
+277      * @name setSerialNumberByParam
+278      * @memberOf KJUR.asn1.x509.TBSCertificate
+279      * @function
+280      * @param {Array} intParam DERInteger param
+281      * @description
+282      * @example
+283      * tbsc.setSerialNumberByParam({'int': 3});
+284      */
+285     this.setSerialNumberByParam = function(intParam) {
+286         this.asn1SerialNumber = new KJUR.asn1.DERInteger(intParam);
+287     };
+288 
+289     /**
+290      * set signature algorithm field by parameter
+291      * @name setSignatureAlgByParam
+292      * @memberOf KJUR.asn1.x509.TBSCertificate
+293      * @function
+294      * @param {Array} algIdParam AlgorithmIdentifier parameter
+295      * @description
+296      * @example
+297      * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
+298      */
+299     this.setSignatureAlgByParam = function(algIdParam) {
+300         this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam);
+301     };
+302 
+303     /**
+304      * set issuer name field by parameter
+305      * @name setIssuerByParam
+306      * @memberOf KJUR.asn1.x509.TBSCertificate
+307      * @function
+308      * @param {Array} x500NameParam X500Name parameter
+309      * @description
+310      * @example
+311      * tbsc.setIssuerParam({'str': '/C=US/CN=b'});
+312      * @see KJUR.asn1.x509.X500Name
+313      */
+314     this.setIssuerByParam = function(x500NameParam) {
+315         this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam);
+316     };
+317 
+318     /**
+319      * set notBefore field by parameter
+320      * @name setNotBeforeByParam
+321      * @memberOf KJUR.asn1.x509.TBSCertificate
+322      * @function
+323      * @param {Array} timeParam Time parameter
+324      * @description
+325      * @example
+326      * tbsc.setNotBeforeByParam({'str': '130508235959Z'});
+327      * @see KJUR.asn1.x509.Time
+328      */
+329     this.setNotBeforeByParam = function(timeParam) {
+330         this.asn1NotBefore = new KJUR.asn1.x509.Time(timeParam);
+331     };
+332     
+333     /**
+334      * set notAfter field by parameter
+335      * @name setNotAfterByParam
+336      * @memberOf KJUR.asn1.x509.TBSCertificate
+337      * @function
+338      * @param {Array} timeParam Time parameter
+339      * @description
+340      * @example
+341      * tbsc.setNotAfterByParam({'str': '130508235959Z'});
+342      * @see KJUR.asn1.x509.Time
+343      */
+344     this.setNotAfterByParam = function(timeParam) {
+345         this.asn1NotAfter = new KJUR.asn1.x509.Time(timeParam);
+346     };
+347 
+348     /**
+349      * set subject name field by parameter
+350      * @name setSubjectByParam
+351      * @memberOf KJUR.asn1.x509.TBSCertificate
+352      * @function
+353      * @param {Array} x500NameParam X500Name parameter
+354      * @description
+355      * @example
+356      * tbsc.setSubjectParam({'str': '/C=US/CN=b'});
+357      * @see KJUR.asn1.x509.X500Name
+358      */
+359     this.setSubjectByParam = function(x500NameParam) {
+360         this.asn1Subject = new KJUR.asn1.x509.X500Name(x500NameParam);
+361     };
+362 
+363     /**
+364      * (DEPRECATED) set subject public key info field by RSA key parameter
+365      * @name setSubjectPublicKeyByParam
+366      * @memberOf KJUR.asn1.x509.TBSCertificate
+367      * @function
+368      * @param {Array} subjPKeyParam SubjectPublicKeyInfo parameter of RSA
+369      * @deprecated
+370      * @description
+371      * @example
+372      * tbsc.setSubjectPublicKeyByParam({'rsakey': pubKey});
+373      * @see KJUR.asn1.x509.SubjectPublicKeyInfo
+374      */
+375     this.setSubjectPublicKeyByParam = function(subjPKeyParam) {
+376         this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(subjPKeyParam);
+377     };
+378 
+379     /**
+380      * set subject public key info by RSA/ECDSA/DSA key parameter
+381      * @name setSubjectPublicKeyByGetKey
+382      * @memberOf KJUR.asn1.x509.TBSCertificate
+383      * @function
+384      * @param {Object} keyParam public key parameter which passed to {@link KEYUTIL.getKey} argument
+385      * @description
+386      * @example
+387      * tbsc.setSubjectPublicKeyByGetKeyParam(certPEMString); // or 
+388      * tbsc.setSubjectPublicKeyByGetKeyParam(pkcs8PublicKeyPEMString); // or 
+389      * tbsc.setSubjectPublicKeyByGetKeyParam(kjurCryptoECDSAKeyObject); // et.al.
+390      * @see KJUR.asn1.x509.SubjectPublicKeyInfo
+391      * @see KEYUTIL.getKey
+392      * @since asn1x509 1.0.6
+393      */
+394     this.setSubjectPublicKeyByGetKey = function(keyParam) {
+395         var keyObj = KEYUTIL.getKey(keyParam);
+396         this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObj);
+397     };
+398 
+399     /**
+400      * append X.509v3 extension to this object
+401      * @name appendExtension
+402      * @memberOf KJUR.asn1.x509.TBSCertificate
+403      * @function
+404      * @param {Extension} extObj X.509v3 Extension object
+405      * @description
+406      * @example
+407      * tbsc.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA':true, 'critical': true}));
+408      * tbsc.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
+409      * @see KJUR.asn1.x509.Extension
+410      */
+411     this.appendExtension = function(extObj) {
+412         this.extensionsArray.push(extObj);
+413     };
+414 
+415     /**
+416      * append X.509v3 extension to this object by name and parameters
+417      * @name appendExtensionByName
+418      * @memberOf KJUR.asn1.x509.TBSCertificate
+419      * @function
+420      * @param {name} name name of X.509v3 Extension object
+421      * @param {Array} extParams parameters as argument of Extension constructor.
+422      * @description
+423      * @example
+424      * tbsc.appendExtensionByName('BasicConstraints', {'cA':true, 'critical': true});
+425      * tbsc.appendExtensionByName('KeyUsage', {'bin':'11'});
+426      * tbsc.appendExtensionByName('CRLDistributionPoints', {uri: 'http://aaa.com/a.crl'});
+427      * tbsc.appendExtensionByName('ExtKeyUsage', {array: [{name: 'clientAuth'}]});
+428      * tbsc.appendExtensionByName('AuthorityKeyIdentifier', {kid: '1234ab..'});
+429      * @see KJUR.asn1.x509.Extension
+430      */
+431     this.appendExtensionByName = function(name, extParams) {
+432         if (name.toLowerCase() == "basicconstraints") {
+433             var extObj = new KJUR.asn1.x509.BasicConstraints(extParams);
+434             this.appendExtension(extObj);
+435         } else if (name.toLowerCase() == "keyusage") {
+436             var extObj = new KJUR.asn1.x509.KeyUsage(extParams);
+437             this.appendExtension(extObj);
+438         } else if (name.toLowerCase() == "crldistributionpoints") {
+439             var extObj = new KJUR.asn1.x509.CRLDistributionPoints(extParams);
+440             this.appendExtension(extObj);
+441         } else if (name.toLowerCase() == "extkeyusage") {
+442             var extObj = new KJUR.asn1.x509.ExtKeyUsage(extParams);
+443             this.appendExtension(extObj);
+444         } else if (name.toLowerCase() == "authoritykeyidentifier") {
+445             var extObj = new KJUR.asn1.x509.AuthorityKeyIdentifier(extParams);
+446             this.appendExtension(extObj);
+447         } else {
+448             throw "unsupported extension name: " + name;
+449         }
+450     };
+451 
+452     this.getEncodedHex = function() {
+453         if (this.asn1NotBefore == null || this.asn1NotAfter == null)
+454             throw "notBefore and/or notAfter not set";
+455         var asn1Validity = 
+456             new KJUR.asn1.DERSequence({'array':[this.asn1NotBefore, this.asn1NotAfter]});
 457 
-458 // === END   TBSCertificate ===================================================
+458         this.asn1Array = new Array();
 459 
-460 // === BEGIN X.509v3 Extensions Related =======================================
-461 
-462 /**
-463  * base Extension ASN.1 structure class
-464  * @name KJUR.asn1.x509.Extension
-465  * @class base Extension ASN.1 structure class
-466  * @param {Array} params associative array of parameters (ex. {'critical': true})
-467  * @extends KJUR.asn1.ASN1Object
-468  * @description
-469  * @example
-470  * // Extension  ::=  SEQUENCE  {
-471  * //     extnID      OBJECT IDENTIFIER,
-472  * //     critical    BOOLEAN DEFAULT FALSE,
-473  * //     extnValue   OCTET STRING  }
-474  */
-475 KJUR.asn1.x509.Extension = function(params) {
-476     KJUR.asn1.x509.Extension.superclass.constructor.call(this);
-477     var asn1ExtnValue = null;
-478 
-479     this.getEncodedHex = function() {
-480 	var asn1Oid = new KJUR.asn1.DERObjectIdentifier({'oid': this.oid});
-481 	var asn1EncapExtnValue = 
-482 	    new KJUR.asn1.DEROctetString({'hex': this.getExtnValueHex()});
-483 
-484 	var asn1Array = new Array();
-485 	asn1Array.push(asn1Oid);
-486 	if (this.critical) asn1Array.push(new KJUR.asn1.DERBoolean());
-487 	asn1Array.push(asn1EncapExtnValue);
-488 
-489 	var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array});
-490 	return asn1Seq.getEncodedHex();
-491     };
-492 
-493     this.critical = false;
-494     if (typeof params != "undefined") {
-495 	if (typeof params['critical'] != "undefined") {
-496 	    this.critical = params['critical'];
-497 	}
-498     }
-499 };
-500 YAHOO.lang.extend(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object);
-501 
-502 /**
-503  * KeyUsage ASN.1 structure class
-504  * @name KJUR.asn1.x509.KeyUsage
-505  * @class KeyUsage ASN.1 structure class
-506  * @param {Array} params associative array of parameters (ex. {'bin': '11', 'critical': true})
-507  * @extends KJUR.asn1.x509.Extension
-508  * @description
-509  * @example
-510  */
-511 KJUR.asn1.x509.KeyUsage = function(params) {
-512     KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this, params);
-513 
-514     this.getExtnValueHex = function() {
-515 	return this.asn1ExtnValue.getEncodedHex();
-516     };
-517 
-518     this.oid = "2.5.29.15";
-519     if (typeof params != "undefined") {
-520 	if (typeof params['bin'] != "undefined") {
-521 	    this.asn1ExtnValue = new KJUR.asn1.DERBitString(params);
-522 	}
-523     }
-524 };
-525 YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage, KJUR.asn1.x509.Extension);
-526 
-527 /**
-528  * BasicConstraints ASN.1 structure class
-529  * @name KJUR.asn1.x509.BasicConstraints
-530  * @class BasicConstraints ASN.1 structure class
-531  * @param {Array} params associative array of parameters (ex. {'cA': true, 'critical': true})
-532  * @extends KJUR.asn1.x509.Extension
-533  * @description
-534  * @example
-535  */
-536 KJUR.asn1.x509.BasicConstraints = function(params) {
-537     KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this, params);
-538     var cA = false;
-539     var pathLen = -1;
-540 
-541     this.getExtnValueHex = function() {
-542 	var asn1Array = new Array();
-543 	if (this.cA) asn1Array.push(new KJUR.asn1.DERBoolean());
-544 	if (this.pathLen > -1) 
-545 	    asn1Array.push(new KJUR.asn1.DERInteger({'int': this.pathLen}));
-546 	var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array});
-547 	this.asn1ExtnValue = asn1Seq;
-548 	return this.asn1ExtnValue.getEncodedHex();
-549     };
-550 
-551     this.oid = "2.5.29.19";
-552     this.cA = false;
-553     this.pathLen = -1;
-554     if (typeof params != "undefined") {
-555 	if (typeof params['cA'] != "undefined") {
-556 	    this.cA = params['cA'];
-557 	}
-558 	if (typeof params['pathLen'] != "undefined") {
-559 	    this.pathLen = params['pathLen'];
-560 	}
-561     }
-562 };
-563 YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension);
-564 
-565 /**
-566  * CRLDistributionPoints ASN.1 structure class
-567  * @name KJUR.asn1.x509.CRLDistributionPoints
-568  * @class CRLDistributionPoints ASN.1 structure class
-569  * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
-570  * @extends KJUR.asn1.x509.Extension
-571  * @description
-572  * @example
-573  */
-574 KJUR.asn1.x509.CRLDistributionPoints = function(params) {
-575     KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params);
-576 
-577     this.getExtnValueHex = function() {
-578 	return this.asn1ExtnValue.getEncodedHex();
-579     };
-580 
-581     this.setByDPArray = function(dpArray) {
-582 	this.asn1ExtnValue = new KJUR.asn1.DERSequence({'array': dpArray});
-583     };
-584 
-585     this.setByOneURI = function(uri) {
-586 	var gn1 = new KJUR.asn1.x509.GeneralNames([{'uri': uri}]);
-587 	var dpn1 = new KJUR.asn1.x509.DistributionPointName(gn1);
-588 	var dp1 = new KJUR.asn1.x509.DistributionPoint({'dpobj': dpn1});
-589 	this.setByDPArray([dp1]);
-590     };
-591 
-592     this.oid = "2.5.29.31";
-593     if (typeof params != "undefined") {
-594 	if (typeof params['array'] != "undefined") {
-595 	    this.setByDPArray(params['array']);
-596 	} else if (typeof params['uri'] != "undefined") {
-597 	    this.setByOneURI(params['uri']);
-598 	}
-599     }
-600 };
-601 YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension);
-602 
-603 /**
-604  * KeyUsage ASN.1 structure class
-605  * @name KJUR.asn1.x509.ExtKeyUsage
-606  * @class ExtKeyUsage ASN.1 structure class
-607  * @param {Array} params associative array of parameters
-608  * @extends KJUR.asn1.x509.Extension
-609  * @description
-610  * @example
-611  * var e1 = 
-612  *     new KJUR.asn1.x509.ExtKeyUsage({'critical': true,
-613  *                                     'array':
-614  *                                     [{'oid': '2.5.29.37.0',  // anyExtendedKeyUsage
-615  *                                       'name': 'clientAuth'}]});
-616  *
-617  * // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
-618  * // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
-619  * // KeyPurposeId ::= OBJECT IDENTIFIER
-620  */
-621 KJUR.asn1.x509.ExtKeyUsage = function(params) {
-622     KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params);
-623 
-624     this.setPurposeArray = function(purposeArray) {
-625 	this.asn1ExtnValue = new KJUR.asn1.DERSequence();
-626 	for (var i = 0; i < purposeArray.length; i++) {
-627 	    var o = new KJUR.asn1.DERObjectIdentifier(purposeArray[i]);
-628 	    this.asn1ExtnValue.appendASN1Object(o);
-629 	}
-630     };
-631 
-632     this.getExtnValueHex = function() {
-633 	return this.asn1ExtnValue.getEncodedHex();
-634     };
-635 
-636     this.oid = "2.5.29.37";
-637     if (typeof params != "undefined") {
-638 	if (typeof params['array'] != "undefined") {
-639             this.setPurposeArray(params['array']);
-640 	}
-641     }
-642 };
-643 YAHOO.lang.extend(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension);
-644 
-645 
-646 // === END   X.509v3 Extensions Related =======================================
-647 
-648 // === BEGIN CRL Related ===================================================
-649 /**
-650  * X.509 CRL class to sign and generate hex encoded CRL
-651  * @name KJUR.asn1.x509.CRL
-652  * @class X.509 CRL class to sign and generate hex encoded certificate
-653  * @param {Array} params associative array of parameters (ex. {'tbsobj': obj, 'rsaprvkey': key})
-654  * @extends KJUR.asn1.ASN1Object
-655  * @since 1.0.3
-656  * @description
-657  * <br/>
-658  * As for argument 'params' for constructor, you can specify one of
-659  * following properties:
-660  * <ul>
-661  * <li>tbsobj - specify {@link KJUR.asn1.x509.TBSCertList} object to be signed</li>
-662  * <li>rsaprvkey - specify {@link RSAKey} object CA private key</li>
-663  * </ul>
-664  * NOTE: 'params' can be omitted.
-665  * <h4>EXAMPLE</h4>
-666  * @example
-667  * var prvKey = new RSAKey(); // CA's private key
-668  * prvKey.readPrivateKeyFromASN1HexString("3080...");
-669  * var crl = new KJUR.asn1x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
-670  * crl.sign(); // issue CRL by CA's private key
-671  * var hCRL = crl.getEncodedHex();
-672  *
-673  * // CertificateList  ::=  SEQUENCE  {
-674  * //     tbsCertList          TBSCertList,
-675  * //     signatureAlgorithm   AlgorithmIdentifier,
-676  * //     signatureValue       BIT STRING  }
-677  */
-678 KJUR.asn1.x509.CRL = function(params) {
-679     KJUR.asn1.x509.CRL.superclass.constructor.call(this);
-680 
-681     var asn1TBSCertList = null;
-682     var asn1SignatureAlg = null;
-683     var asn1Sig = null;
-684     var hexSig = null;
-685     var rsaPrvKey = null;
-686     
-687     /**
-688      * set PKCS#5 encrypted RSA PEM private key as CA key
-689      * @name setRsaPrvKeyByPEMandPass
-690      * @memberOf KJUR.asn1.x509.CRL
-691      * @function
-692      * @param {String} rsaPEM string of PKCS#5 encrypted RSA PEM private key
-693      * @param {String} passPEM passcode string to decrypt private key
-694      * @description
-695      * <br/>
-696      * <h4>EXAMPLES</h4>
-697      * @example
-698      */
-699     this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) {
-700 	var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM);
-701 	var caKey = new RSAKey();
-702 	caKey.readPrivateKeyFromASN1HexString(caKeyHex);  
-703 	this.rsaPrvKey = caKey;
-704     };
-705 
-706     /**
-707      * sign TBSCertList and set signature value internally
-708      * @name sign
-709      * @memberOf KJUR.asn1.x509.CRL
-710      * @function
-711      * @description
-712      * @example
-713      * var cert = new KJUR.asn1.x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
-714      * cert.sign();
-715      */
-716     this.sign = function() {
-717 	this.asn1SignatureAlg = this.asn1TBSCertList.asn1SignatureAlg;
-718 
-719 	sig = new KJUR.crypto.Signature({'alg': 'SHA1withRSA', 'prov': 'cryptojs/jsrsa'});
-720 	sig.initSign(this.rsaPrvKey);
-721 	sig.updateHex(this.asn1TBSCertList.getEncodedHex());
-722 	this.hexSig = sig.sign();
-723 
-724 	this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
-725 	
-726 	var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCertList,
-727 						       this.asn1SignatureAlg,
-728 						       this.asn1Sig]});
-729 	this.hTLV = seq.getEncodedHex();
-730 	this.isModified = false;
-731     };
-732 
-733     this.getEncodedHex = function() {
-734 	if (this.isModified == false && this.hTLV != null) return this.hTLV;
-735 	throw "not signed yet";
-736     };
-737 
-738     /**
-739      * get PEM formatted CRL string after signed
-740      * @name getPEMString
-741      * @memberOf KJUR.asn1.x509.CRL
-742      * @function
-743      * @return PEM formatted string of certificate
+460         this.asn1Array.push(this.asn1Version);
+461         this.asn1Array.push(this.asn1SerialNumber);
+462         this.asn1Array.push(this.asn1SignatureAlg);
+463         this.asn1Array.push(this.asn1Issuer);
+464         this.asn1Array.push(asn1Validity);
+465         this.asn1Array.push(this.asn1Subject);
+466         this.asn1Array.push(this.asn1SubjPKey);
+467 
+468         if (this.extensionsArray.length > 0) {
+469             var extSeq = new KJUR.asn1.DERSequence({"array": this.extensionsArray});
+470             var extTagObj = new KJUR.asn1.DERTaggedObject({'explicit': true,
+471                                                            'tag': 'a3',
+472                                                            'obj': extSeq});
+473             this.asn1Array.push(extTagObj);
+474         }
+475 
+476         var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
+477         this.hTLV = o.getEncodedHex();
+478         this.isModified = false;
+479         return this.hTLV;
+480     };
+481 
+482     this._initialize();
+483 };
+484 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate, KJUR.asn1.ASN1Object);
+485 
+486 // === END   TBSCertificate ===================================================
+487 
+488 // === BEGIN X.509v3 Extensions Related =======================================
+489 
+490 /**
+491  * base Extension ASN.1 structure class
+492  * @name KJUR.asn1.x509.Extension
+493  * @class base Extension ASN.1 structure class
+494  * @param {Array} params associative array of parameters (ex. {'critical': true})
+495  * @extends KJUR.asn1.ASN1Object
+496  * @description
+497  * @example
+498  * // Extension  ::=  SEQUENCE  {
+499  * //     extnID      OBJECT IDENTIFIER,
+500  * //     critical    BOOLEAN DEFAULT FALSE,
+501  * //     extnValue   OCTET STRING  }
+502  */
+503 KJUR.asn1.x509.Extension = function(params) {
+504     KJUR.asn1.x509.Extension.superclass.constructor.call(this);
+505     var asn1ExtnValue = null;
+506 
+507     this.getEncodedHex = function() {
+508         var asn1Oid = new KJUR.asn1.DERObjectIdentifier({'oid': this.oid});
+509         var asn1EncapExtnValue = 
+510             new KJUR.asn1.DEROctetString({'hex': this.getExtnValueHex()});
+511 
+512         var asn1Array = new Array();
+513         asn1Array.push(asn1Oid);
+514         if (this.critical) asn1Array.push(new KJUR.asn1.DERBoolean());
+515         asn1Array.push(asn1EncapExtnValue);
+516 
+517         var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array});
+518         return asn1Seq.getEncodedHex();
+519     };
+520 
+521     this.critical = false;
+522     if (typeof params != "undefined") {
+523         if (typeof params['critical'] != "undefined") {
+524             this.critical = params['critical'];
+525         }
+526     }
+527 };
+528 YAHOO.lang.extend(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object);
+529 
+530 /**
+531  * KeyUsage ASN.1 structure class
+532  * @name KJUR.asn1.x509.KeyUsage
+533  * @class KeyUsage ASN.1 structure class
+534  * @param {Array} params associative array of parameters (ex. {'bin': '11', 'critical': true})
+535  * @extends KJUR.asn1.x509.Extension
+536  * @description
+537  * @example
+538  */
+539 KJUR.asn1.x509.KeyUsage = function(params) {
+540     KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this, params);
+541 
+542     this.getExtnValueHex = function() {
+543         return this.asn1ExtnValue.getEncodedHex();
+544     };
+545 
+546     this.oid = "2.5.29.15";
+547     if (typeof params != "undefined") {
+548         if (typeof params['bin'] != "undefined") {
+549             this.asn1ExtnValue = new KJUR.asn1.DERBitString(params);
+550         }
+551     }
+552 };
+553 YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage, KJUR.asn1.x509.Extension);
+554 
+555 /**
+556  * BasicConstraints ASN.1 structure class
+557  * @name KJUR.asn1.x509.BasicConstraints
+558  * @class BasicConstraints ASN.1 structure class
+559  * @param {Array} params associative array of parameters (ex. {'cA': true, 'critical': true})
+560  * @extends KJUR.asn1.x509.Extension
+561  * @description
+562  * @example
+563  */
+564 KJUR.asn1.x509.BasicConstraints = function(params) {
+565     KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this, params);
+566     var cA = false;
+567     var pathLen = -1;
+568 
+569     this.getExtnValueHex = function() {
+570         var asn1Array = new Array();
+571         if (this.cA) asn1Array.push(new KJUR.asn1.DERBoolean());
+572         if (this.pathLen > -1) 
+573             asn1Array.push(new KJUR.asn1.DERInteger({'int': this.pathLen}));
+574         var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array});
+575         this.asn1ExtnValue = asn1Seq;
+576         return this.asn1ExtnValue.getEncodedHex();
+577     };
+578 
+579     this.oid = "2.5.29.19";
+580     this.cA = false;
+581     this.pathLen = -1;
+582     if (typeof params != "undefined") {
+583         if (typeof params['cA'] != "undefined") {
+584             this.cA = params['cA'];
+585         }
+586         if (typeof params['pathLen'] != "undefined") {
+587             this.pathLen = params['pathLen'];
+588         }
+589     }
+590 };
+591 YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension);
+592 
+593 /**
+594  * CRLDistributionPoints ASN.1 structure class
+595  * @name KJUR.asn1.x509.CRLDistributionPoints
+596  * @class CRLDistributionPoints ASN.1 structure class
+597  * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
+598  * @extends KJUR.asn1.x509.Extension
+599  * @description
+600  * @example
+601  */
+602 KJUR.asn1.x509.CRLDistributionPoints = function(params) {
+603     KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params);
+604 
+605     this.getExtnValueHex = function() {
+606         return this.asn1ExtnValue.getEncodedHex();
+607     };
+608 
+609     this.setByDPArray = function(dpArray) {
+610         this.asn1ExtnValue = new KJUR.asn1.DERSequence({'array': dpArray});
+611     };
+612 
+613     this.setByOneURI = function(uri) {
+614         var gn1 = new KJUR.asn1.x509.GeneralNames([{'uri': uri}]);
+615         var dpn1 = new KJUR.asn1.x509.DistributionPointName(gn1);
+616         var dp1 = new KJUR.asn1.x509.DistributionPoint({'dpobj': dpn1});
+617         this.setByDPArray([dp1]);
+618     };
+619 
+620     this.oid = "2.5.29.31";
+621     if (typeof params != "undefined") {
+622         if (typeof params['array'] != "undefined") {
+623             this.setByDPArray(params['array']);
+624         } else if (typeof params['uri'] != "undefined") {
+625             this.setByOneURI(params['uri']);
+626         }
+627     }
+628 };
+629 YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension);
+630 
+631 /**
+632  * KeyUsage ASN.1 structure class
+633  * @name KJUR.asn1.x509.ExtKeyUsage
+634  * @class ExtKeyUsage ASN.1 structure class
+635  * @param {Array} params associative array of parameters
+636  * @extends KJUR.asn1.x509.Extension
+637  * @description
+638  * @example
+639  * var e1 = 
+640  *     new KJUR.asn1.x509.ExtKeyUsage({'critical': true,
+641  *                                     'array':
+642  *                                     [{'oid': '2.5.29.37.0',  // anyExtendedKeyUsage
+643  *                                       'name': 'clientAuth'}]});
+644  *
+645  * // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
+646  * // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+647  * // KeyPurposeId ::= OBJECT IDENTIFIER
+648  */
+649 KJUR.asn1.x509.ExtKeyUsage = function(params) {
+650     KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params);
+651 
+652     this.setPurposeArray = function(purposeArray) {
+653         this.asn1ExtnValue = new KJUR.asn1.DERSequence();
+654         for (var i = 0; i < purposeArray.length; i++) {
+655             var o = new KJUR.asn1.DERObjectIdentifier(purposeArray[i]);
+656             this.asn1ExtnValue.appendASN1Object(o);
+657         }
+658     };
+659 
+660     this.getExtnValueHex = function() {
+661         return this.asn1ExtnValue.getEncodedHex();
+662     };
+663 
+664     this.oid = "2.5.29.37";
+665     if (typeof params != "undefined") {
+666         if (typeof params['array'] != "undefined") {
+667             this.setPurposeArray(params['array']);
+668         }
+669     }
+670 };
+671 YAHOO.lang.extend(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension);
+672 
+673 /**
+674  * AuthorityKeyIdentifier ASN.1 structure class
+675  * @name KJUR.asn1.x509.AuthorityKeyIdentifier
+676  * @class AuthorityKeyIdentifier ASN.1 structure class
+677  * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
+678  * @extends KJUR.asn1.x509.Extension
+679  * @since asn1x509 1.0.8
+680  * @description
+681  * <pre>
+682  * d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
+683  * AuthorityKeyIdentifier ::= SEQUENCE {
+684  *    keyIdentifier             [0] KeyIdentifier           OPTIONAL,
+685  *    authorityCertIssuer       [1] GeneralNames            OPTIONAL,
+686  *    authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }
+687  * KeyIdentifier ::= OCTET STRING
+688  * </pre>
+689  * @example
+690  * var param = {'kid': {'hex': '89ab'},
+691  *              'issuer': {'str': '/C=US/CN=a'},
+692  *              'sn': {'hex': '1234'},
+693  *              'critical': true});
+694  * var e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier(param);
+695  */
+696 KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) {
+697     KJUR.asn1.x509.AuthorityKeyIdentifier.superclass.constructor.call(this, params);
+698     this.asn1KID = null;
+699     this.asn1CertIssuer = null;
+700     this.asn1CertSN = null;
+701 
+702     this.getExtnValueHex = function() {
+703         var a = new Array();
+704         if (this.asn1KID)
+705             a.push(new KJUR.asn1.DERTaggedObject({'explicit': false,
+706                                                   'tag': '80',
+707                                                   'obj': this.asn1KID}));
+708         if (this.asn1CertIssuer)
+709             a.push(new KJUR.asn1.DERTaggedObject({'explicit': false,
+710                                                   'tag': 'a1',
+711                                                   'obj': this.asn1CertIssuer}));
+712         if (this.asn1CertSN)
+713             a.push(new KJUR.asn1.DERTaggedObject({'explicit': false,
+714                                                   'tag': '82',
+715                                                   'obj': this.asn1CertSN}));
+716 
+717         var asn1Seq = new KJUR.asn1.DERSequence({'array': a});
+718         this.asn1ExtnValue = asn1Seq;
+719         return this.asn1ExtnValue.getEncodedHex();
+720     };
+721 
+722     /**
+723      * set keyIdentifier value by DERInteger parameter
+724      * @name setKIDByParam
+725      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier
+726      * @function
+727      * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter
+728      * @since asn1x509 1.0.8
+729      * @description
+730      * NOTE: Automatic keyIdentifier value calculation by an issuer 
+731      * public key will be supported in future version.
+732      */
+733     this.setKIDByParam = function(param) {
+734         this.asn1KID = new KJUR.asn1.DEROctetString(param);
+735     };
+736 
+737     /**
+738      * set authorityCertIssuer value by X500Name parameter
+739      * @name setCertIssuerByParam
+740      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier
+741      * @function
+742      * @param {Array} param array of {@link KJUR.asn1.x509.X500Name} parameter
+743      * @since asn1x509 1.0.8
 744      * @description
-745      * @example
-746      * var cert = new KJUR.asn1.x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
-747      * cert.sign();
-748      * var sPEM =  cert.getPEMString();
-749      */
-750     this.getPEMString = function() {
-751 	var hCert = this.getEncodedHex();
-752 	var wCert = CryptoJS.enc.Hex.parse(hCert);
-753 	var b64Cert = CryptoJS.enc.Base64.stringify(wCert);
-754 	var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n");
-755 	return "-----BEGIN X509 CRL-----\r\n" + pemBody + "\r\n-----END X509 CRL-----\r\n";
-756     };
-757 
-758     if (typeof params != "undefined") {
-759 	if (typeof params['tbsobj'] != "undefined") {
-760 	    this.asn1TBSCertList = params['tbsobj'];
-761 	}
-762 	if (typeof params['rsaprvkey'] != "undefined") {
-763 	    this.rsaPrvKey = params['rsaprvkey'];
-764 	}
-765 	if ((typeof params['rsaprvpem'] != "undefined") &&
-766 	    (typeof params['rsaprvpas'] != "undefined")) {
-767 	    this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']);
-768 	}
-769     }
-770 };
-771 YAHOO.lang.extend(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object);
-772 
-773 /**
-774  * ASN.1 TBSCertList structure class for CRL
-775  * @name KJUR.asn1.x509.TBSCertList
-776  * @class ASN.1 TBSCertList structure class for CRL
-777  * @param {Array} params associative array of parameters (ex. {})
-778  * @extends KJUR.asn1.ASN1Object
-779  * @since 1.0.3
-780  * @description
-781  * <br/>
-782  * <h4>EXAMPLE</h4>
-783  * @example
-784  *  var o = new KJUR.asn1.x509.TBSCertList();
-785  *  o.setSignatureAlgByParam({'name': 'SHA1withRSA'});
-786  *  o.setIssuerByParam({'str': '/C=US/O=a'});
-787  *  o.setNotThisUpdateByParam({'str': '130504235959Z'});
-788  *  o.setNotNextUpdateByParam({'str': '140504235959Z'});
-789  *  o.addRevokedCert({'int': 4}, {'str':'130514235959Z'}));
-790  *  o.addRevokedCert({'hex': '0f34dd'}, {'str':'130514235959Z'}));
-791  * 
-792  * // TBSCertList  ::=  SEQUENCE  {
-793  * //        version                 Version OPTIONAL,
-794  * //                                     -- if present, MUST be v2
-795  * //        signature               AlgorithmIdentifier,
-796  * //        issuer                  Name,
-797  * //        thisUpdate              Time,
-798  * //        nextUpdate              Time OPTIONAL,
-799  * //        revokedCertificates     SEQUENCE OF SEQUENCE  {
-800  * //             userCertificate         CertificateSerialNumber,
-801  * //             revocationDate          Time,
-802  * //             crlEntryExtensions      Extensions OPTIONAL
-803  * //                                      -- if present, version MUST be v2
-804  * //                                  }  OPTIONAL,
-805  * //        crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
-806  */
-807 KJUR.asn1.x509.TBSCertList = function(params) {
-808     KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this);
-809     var aRevokedCert = null;
-810 
-811     /**
-812      * set signature algorithm field by parameter
-813      * @name setSignatureAlgByParam
-814      * @memberOf KJUR.asn1.x509.TBSCertList
-815      * @function
-816      * @param {Array} algIdParam AlgorithmIdentifier parameter
-817      * @description
-818      * @example
-819      * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
-820      */
-821     this.setSignatureAlgByParam = function(algIdParam) {
-822 	this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam);
-823     };
-824 
-825     /**
-826      * set issuer name field by parameter
-827      * @name setIssuerByParam
-828      * @memberOf KJUR.asn1.x509.TBSCertList
-829      * @function
-830      * @param {Array} x500NameParam X500Name parameter
-831      * @description
-832      * @example
-833      * tbsc.setIssuerParam({'str': '/C=US/CN=b'});
-834      * @see KJUR.asn1.x509.X500Name
-835      */
-836     this.setIssuerByParam = function(x500NameParam) {
-837 	this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam);
-838     };
-839 
-840     /**
-841      * set thisUpdate field by parameter
-842      * @name setThisUpdateByParam
-843      * @memberOf KJUR.asn1.x509.TBSCertList
-844      * @function
-845      * @param {Array} timeParam Time parameter
-846      * @description
-847      * @example
-848      * tbsc.setThisUpdateByParam({'str': '130508235959Z'});
-849      * @see KJUR.asn1.x509.Time
-850      */
-851     this.setThisUpdateByParam = function(timeParam) {
-852 	this.asn1ThisUpdate = new KJUR.asn1.x509.Time(timeParam);
-853     };
+745      * NOTE: Automatic authorityCertIssuer name setting by an issuer 
+746      * certificate will be supported in future version.
+747      */
+748     this.setCertIssuerByParam = function(param) {
+749         this.asn1CertIssuer = new KJUR.asn1.x509.X500Name(param);
+750     };
+751 
+752     /**
+753      * set authorityCertSerialNumber value by DERInteger parameter
+754      * @name setCertSerialNumberByParam
+755      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier
+756      * @function
+757      * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter
+758      * @since asn1x509 1.0.8
+759      * @description
+760      * NOTE: Automatic authorityCertSerialNumber setting by an issuer 
+761      * certificate will be supported in future version.
+762      */
+763     this.setCertSNByParam = function(param) {
+764         this.asn1CertSN = new KJUR.asn1.DERInteger(param);
+765     };
+766 
+767     this.oid = "2.5.29.35";
+768     if (typeof params != "undefined") {
+769         if (typeof params['kid'] != "undefined") {
+770             this.setKIDByParam(params['kid']);
+771         }
+772         if (typeof params['issuer'] != "undefined") {
+773             this.setCertIssuerByParam(params['issuer']);
+774         }
+775         if (typeof params['sn'] != "undefined") {
+776             this.setCertSNByParam(params['sn']);
+777         }
+778     }
+779 };
+780 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityKeyIdentifier, KJUR.asn1.x509.Extension);
+781 
+782 // === END   X.509v3 Extensions Related =======================================
+783 
+784 // === BEGIN CRL Related ===================================================
+785 /**
+786  * X.509 CRL class to sign and generate hex encoded CRL
+787  * @name KJUR.asn1.x509.CRL
+788  * @class X.509 CRL class to sign and generate hex encoded certificate
+789  * @param {Array} params associative array of parameters (ex. {'tbsobj': obj, 'rsaprvkey': key})
+790  * @extends KJUR.asn1.ASN1Object
+791  * @since 1.0.3
+792  * @description
+793  * <br/>
+794  * As for argument 'params' for constructor, you can specify one of
+795  * following properties:
+796  * <ul>
+797  * <li>tbsobj - specify {@link KJUR.asn1.x509.TBSCertList} object to be signed</li>
+798  * <li>rsaprvkey - specify {@link RSAKey} object CA private key</li>
+799  * </ul>
+800  * NOTE: 'params' can be omitted.
+801  * <h4>EXAMPLE</h4>
+802  * @example
+803  * var prvKey = new RSAKey(); // CA's private key
+804  * prvKey.readPrivateKeyFromASN1HexString("3080...");
+805  * var crl = new KJUR.asn1x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
+806  * crl.sign(); // issue CRL by CA's private key
+807  * var hCRL = crl.getEncodedHex();
+808  *
+809  * // CertificateList  ::=  SEQUENCE  {
+810  * //     tbsCertList          TBSCertList,
+811  * //     signatureAlgorithm   AlgorithmIdentifier,
+812  * //     signatureValue       BIT STRING  }
+813  */
+814 KJUR.asn1.x509.CRL = function(params) {
+815     KJUR.asn1.x509.CRL.superclass.constructor.call(this);
+816 
+817     var asn1TBSCertList = null;
+818     var asn1SignatureAlg = null;
+819     var asn1Sig = null;
+820     var hexSig = null;
+821     var rsaPrvKey = null;
+822     
+823     /**
+824      * set PKCS#5 encrypted RSA PEM private key as CA key
+825      * @name setRsaPrvKeyByPEMandPass
+826      * @memberOf KJUR.asn1.x509.CRL
+827      * @function
+828      * @param {String} rsaPEM string of PKCS#5 encrypted RSA PEM private key
+829      * @param {String} passPEM passcode string to decrypt private key
+830      * @description
+831      * <br/>
+832      * <h4>EXAMPLES</h4>
+833      * @example
+834      */
+835     this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) {
+836         var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM);
+837         var caKey = new RSAKey();
+838         caKey.readPrivateKeyFromASN1HexString(caKeyHex);  
+839         this.rsaPrvKey = caKey;
+840     };
+841 
+842     /**
+843      * sign TBSCertList and set signature value internally
+844      * @name sign
+845      * @memberOf KJUR.asn1.x509.CRL
+846      * @function
+847      * @description
+848      * @example
+849      * var cert = new KJUR.asn1.x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
+850      * cert.sign();
+851      */
+852     this.sign = function() {
+853         this.asn1SignatureAlg = this.asn1TBSCertList.asn1SignatureAlg;
 854 
-855     /**
-856      * set nextUpdate field by parameter
-857      * @name setNextUpdateByParam
-858      * @memberOf KJUR.asn1.x509.TBSCertList
-859      * @function
-860      * @param {Array} timeParam Time parameter
-861      * @description
-862      * @example
-863      * tbsc.setNextUpdateByParam({'str': '130508235959Z'});
-864      * @see KJUR.asn1.x509.Time
-865      */
-866     this.setNextUpdateByParam = function(timeParam) {
-867 	this.asn1NextUpdate = new KJUR.asn1.x509.Time(timeParam);
-868     };
-869 
-870     /**
-871      * add revoked certficate by parameter
-872      * @name addRevokedCert
-873      * @memberOf KJUR.asn1.x509.TBSCertList
-874      * @function
-875      * @param {Array} snParam DERInteger parameter for certificate serial number
-876      * @param {Array} timeParam Time parameter for revocation date
-877      * @description
-878      * @example
-879      * tbsc.addRevokedCert({'int': 3}, {'str': '130508235959Z'});
-880      * @see KJUR.asn1.x509.Time
-881      */
-882     this.addRevokedCert = function(snParam, timeParam) {
-883 	var param = {};
-884 	if (snParam != undefined && snParam != null) param['sn'] = snParam;
-885 	if (timeParam != undefined && timeParam != null) param['time'] = timeParam;
-886 	var o = new KJUR.asn1.x509.CRLEntry(param);
-887 	this.aRevokedCert.push(o);
-888     };
-889 
-890     this.getEncodedHex = function() {
-891 	this.asn1Array = new Array();
-892 
-893 	if (this.asn1Version != null) this.asn1Array.push(this.asn1Version);
-894 	this.asn1Array.push(this.asn1SignatureAlg);
-895 	this.asn1Array.push(this.asn1Issuer);
-896 	this.asn1Array.push(this.asn1ThisUpdate);
-897 	if (this.asn1NextUpdate != null) this.asn1Array.push(this.asn1NextUpdate);
-898 
-899 	if (this.aRevokedCert.length > 0) {
-900 	    var seq = new KJUR.asn1.DERSequence({'array': this.aRevokedCert});
-901 	    this.asn1Array.push(seq);
-902 	}
-903 
-904 	var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
-905 	this.hTLV = o.getEncodedHex();
-906 	this.isModified = false;
-907 	return this.hTLV;
-908     };
-909 
-910     this._initialize = function() {
-911 	this.asn1Version = null;
-912 	this.asn1SignatureAlg = null;
-913 	this.asn1Issuer = null;
-914 	this.asn1ThisUpdate = null;
-915 	this.asn1NextUpdate = null;
-916 	this.aRevokedCert = new Array();
-917     };
-918 
-919     this._initialize();
-920 };
-921 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object);
-922 
-923 /**
-924  * ASN.1 CRLEntry structure class for CRL
-925  * @name KJUR.asn1.x509.CRLEntry
-926  * @class ASN.1 CRLEntry structure class for CRL
-927  * @param {Array} params associative array of parameters (ex. {})
-928  * @extends KJUR.asn1.ASN1Object
-929  * @since 1.0.3
-930  * @description
-931  * @example
-932  * var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}});
-933  * 
-934  * // revokedCertificates     SEQUENCE OF SEQUENCE  {
-935  * //     userCertificate         CertificateSerialNumber,
-936  * //     revocationDate          Time,
-937  * //     crlEntryExtensions      Extensions OPTIONAL
-938  * //                             -- if present, version MUST be v2 }
-939  */
-940 KJUR.asn1.x509.CRLEntry = function(params) {
-941     KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);
-942     var sn = null;
-943     var time = null;
-944 
-945     /**
-946      * set DERInteger parameter for serial number of revoked certificate 
-947      * @name setCertSerial
-948      * @memberOf KJUR.asn1.x509.CRLEntry
-949      * @function
-950      * @param {Array} intParam DERInteger parameter for certificate serial number
-951      * @description
-952      * @example
-953      * entry.setCertSerial({'int': 3});
-954      */
-955     this.setCertSerial = function(intParam) {
-956 	this.sn = new KJUR.asn1.DERInteger(intParam);
-957     };
-958 
-959     /**
-960      * set Time parameter for revocation date
-961      * @name setRevocationDate
-962      * @memberOf KJUR.asn1.x509.CRLEntry
-963      * @function
-964      * @param {Array} timeParam Time parameter for revocation date
-965      * @description
-966      * @example
-967      * entry.setRevocationDate({'str': '130508235959Z'});
-968      */
-969     this.setRevocationDate = function(timeParam) {
-970 	this.time = new KJUR.asn1.x509.Time(timeParam);
-971     };
-972 
-973     this.getEncodedHex = function() {
-974 	var o = new KJUR.asn1.DERSequence({"array": [this.sn, this.time]});
-975 	this.TLV = o.getEncodedHex();
-976 	return this.TLV;
-977     };
-978     
-979     if (typeof params != "undefined") {
-980 	if (typeof params['time'] != "undefined") {
-981 	    this.setRevocationDate(params['time']);
-982 	}
-983 	if (typeof params['sn'] != "undefined") {
-984 	    this.setCertSerial(params['sn']);
-985 	}
-986     }
-987 };
-988 YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object);
-989 
-990 // === END   CRL Related ===================================================
-991 
-992 // === BEGIN X500Name Related =================================================
-993 /**
-994  * X500Name ASN.1 structure class
-995  * @name KJUR.asn1.x509.X500Name
-996  * @class X500Name ASN.1 structure class
-997  * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'})
-998  * @extends KJUR.asn1.ASN1Object
-999  * @description
-1000  * @example
-1001  */
-1002 KJUR.asn1.x509.X500Name = function(params) {
-1003     KJUR.asn1.x509.X500Name.superclass.constructor.call(this);
-1004     this.asn1Array = new Array();
+855         sig = new KJUR.crypto.Signature({'alg': 'SHA1withRSA', 'prov': 'cryptojs/jsrsa'});
+856         sig.initSign(this.rsaPrvKey);
+857         sig.updateHex(this.asn1TBSCertList.getEncodedHex());
+858         this.hexSig = sig.sign();
+859 
+860         this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
+861         
+862         var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCertList,
+863                                                        this.asn1SignatureAlg,
+864                                                        this.asn1Sig]});
+865         this.hTLV = seq.getEncodedHex();
+866         this.isModified = false;
+867     };
+868 
+869     this.getEncodedHex = function() {
+870         if (this.isModified == false && this.hTLV != null) return this.hTLV;
+871         throw "not signed yet";
+872     };
+873 
+874     /**
+875      * get PEM formatted CRL string after signed
+876      * @name getPEMString
+877      * @memberOf KJUR.asn1.x509.CRL
+878      * @function
+879      * @return PEM formatted string of certificate
+880      * @description
+881      * @example
+882      * var cert = new KJUR.asn1.x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
+883      * cert.sign();
+884      * var sPEM =  cert.getPEMString();
+885      */
+886     this.getPEMString = function() {
+887         var hCert = this.getEncodedHex();
+888         var wCert = CryptoJS.enc.Hex.parse(hCert);
+889         var b64Cert = CryptoJS.enc.Base64.stringify(wCert);
+890         var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n");
+891         return "-----BEGIN X509 CRL-----\r\n" + pemBody + "\r\n-----END X509 CRL-----\r\n";
+892     };
+893 
+894     if (typeof params != "undefined") {
+895         if (typeof params['tbsobj'] != "undefined") {
+896             this.asn1TBSCertList = params['tbsobj'];
+897         }
+898         if (typeof params['rsaprvkey'] != "undefined") {
+899             this.rsaPrvKey = params['rsaprvkey'];
+900         }
+901         if ((typeof params['rsaprvpem'] != "undefined") &&
+902             (typeof params['rsaprvpas'] != "undefined")) {
+903             this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']);
+904         }
+905     }
+906 };
+907 YAHOO.lang.extend(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object);
+908 
+909 /**
+910  * ASN.1 TBSCertList structure class for CRL
+911  * @name KJUR.asn1.x509.TBSCertList
+912  * @class ASN.1 TBSCertList structure class for CRL
+913  * @param {Array} params associative array of parameters (ex. {})
+914  * @extends KJUR.asn1.ASN1Object
+915  * @since 1.0.3
+916  * @description
+917  * <br/>
+918  * <h4>EXAMPLE</h4>
+919  * @example
+920  *  var o = new KJUR.asn1.x509.TBSCertList();
+921  *  o.setSignatureAlgByParam({'name': 'SHA1withRSA'});
+922  *  o.setIssuerByParam({'str': '/C=US/O=a'});
+923  *  o.setNotThisUpdateByParam({'str': '130504235959Z'});
+924  *  o.setNotNextUpdateByParam({'str': '140504235959Z'});
+925  *  o.addRevokedCert({'int': 4}, {'str':'130514235959Z'}));
+926  *  o.addRevokedCert({'hex': '0f34dd'}, {'str':'130514235959Z'}));
+927  * 
+928  * // TBSCertList  ::=  SEQUENCE  {
+929  * //        version                 Version OPTIONAL,
+930  * //                                     -- if present, MUST be v2
+931  * //        signature               AlgorithmIdentifier,
+932  * //        issuer                  Name,
+933  * //        thisUpdate              Time,
+934  * //        nextUpdate              Time OPTIONAL,
+935  * //        revokedCertificates     SEQUENCE OF SEQUENCE  {
+936  * //             userCertificate         CertificateSerialNumber,
+937  * //             revocationDate          Time,
+938  * //             crlEntryExtensions      Extensions OPTIONAL
+939  * //                                      -- if present, version MUST be v2
+940  * //                                  }  OPTIONAL,
+941  * //        crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
+942  */
+943 KJUR.asn1.x509.TBSCertList = function(params) {
+944     KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this);
+945     var aRevokedCert = null;
+946 
+947     /**
+948      * set signature algorithm field by parameter
+949      * @name setSignatureAlgByParam
+950      * @memberOf KJUR.asn1.x509.TBSCertList
+951      * @function
+952      * @param {Array} algIdParam AlgorithmIdentifier parameter
+953      * @description
+954      * @example
+955      * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
+956      */
+957     this.setSignatureAlgByParam = function(algIdParam) {
+958         this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam);
+959     };
+960 
+961     /**
+962      * set issuer name field by parameter
+963      * @name setIssuerByParam
+964      * @memberOf KJUR.asn1.x509.TBSCertList
+965      * @function
+966      * @param {Array} x500NameParam X500Name parameter
+967      * @description
+968      * @example
+969      * tbsc.setIssuerParam({'str': '/C=US/CN=b'});
+970      * @see KJUR.asn1.x509.X500Name
+971      */
+972     this.setIssuerByParam = function(x500NameParam) {
+973         this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam);
+974     };
+975 
+976     /**
+977      * set thisUpdate field by parameter
+978      * @name setThisUpdateByParam
+979      * @memberOf KJUR.asn1.x509.TBSCertList
+980      * @function
+981      * @param {Array} timeParam Time parameter
+982      * @description
+983      * @example
+984      * tbsc.setThisUpdateByParam({'str': '130508235959Z'});
+985      * @see KJUR.asn1.x509.Time
+986      */
+987     this.setThisUpdateByParam = function(timeParam) {
+988         this.asn1ThisUpdate = new KJUR.asn1.x509.Time(timeParam);
+989     };
+990 
+991     /**
+992      * set nextUpdate field by parameter
+993      * @name setNextUpdateByParam
+994      * @memberOf KJUR.asn1.x509.TBSCertList
+995      * @function
+996      * @param {Array} timeParam Time parameter
+997      * @description
+998      * @example
+999      * tbsc.setNextUpdateByParam({'str': '130508235959Z'});
+1000      * @see KJUR.asn1.x509.Time
+1001      */
+1002     this.setNextUpdateByParam = function(timeParam) {
+1003         this.asn1NextUpdate = new KJUR.asn1.x509.Time(timeParam);
+1004     };
 1005 
-1006     this.setByString = function(dnStr) {
-1007 	var a = dnStr.split('/');
-1008 	a.shift();
-1009 	for (var i = 0; i < a.length; i++) {
-1010 	    this.asn1Array.push(new KJUR.asn1.x509.RDN({'str':a[i]}));
-1011 	}
-1012     };
-1013 
-1014     this.getEncodedHex = function() {
-1015 	var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
-1016 	this.TLV = o.getEncodedHex();
-1017 	return this.TLV;
-1018     };
-1019 
-1020     if (typeof params != "undefined") {
-1021 	if (typeof params['str'] != "undefined") {
-1022 	    this.setByString(params['str']);
-1023 	}
-1024     }
+1006     /**
+1007      * add revoked certficate by parameter
+1008      * @name addRevokedCert
+1009      * @memberOf KJUR.asn1.x509.TBSCertList
+1010      * @function
+1011      * @param {Array} snParam DERInteger parameter for certificate serial number
+1012      * @param {Array} timeParam Time parameter for revocation date
+1013      * @description
+1014      * @example
+1015      * tbsc.addRevokedCert({'int': 3}, {'str': '130508235959Z'});
+1016      * @see KJUR.asn1.x509.Time
+1017      */
+1018     this.addRevokedCert = function(snParam, timeParam) {
+1019         var param = {};
+1020         if (snParam != undefined && snParam != null) param['sn'] = snParam;
+1021         if (timeParam != undefined && timeParam != null) param['time'] = timeParam;
+1022         var o = new KJUR.asn1.x509.CRLEntry(param);
+1023         this.aRevokedCert.push(o);
+1024     };
 1025 
-1026 };
-1027 YAHOO.lang.extend(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object);
+1026     this.getEncodedHex = function() {
+1027         this.asn1Array = new Array();
 1028 
-1029 /**
-1030  * RDN (Relative Distinguish Name) ASN.1 structure class
-1031  * @name KJUR.asn1.x509.RDN
-1032  * @class RDN (Relative Distinguish Name) ASN.1 structure class
-1033  * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
-1034  * @extends KJUR.asn1.ASN1Object
-1035  * @description
-1036  * @example
-1037  */
-1038 KJUR.asn1.x509.RDN = function(params) {
-1039     KJUR.asn1.x509.RDN.superclass.constructor.call(this);
-1040     this.asn1Array = new Array();
-1041 
-1042     this.addByString = function(rdnStr) {
-1043 	this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str':rdnStr}));
+1029         if (this.asn1Version != null) this.asn1Array.push(this.asn1Version);
+1030         this.asn1Array.push(this.asn1SignatureAlg);
+1031         this.asn1Array.push(this.asn1Issuer);
+1032         this.asn1Array.push(this.asn1ThisUpdate);
+1033         if (this.asn1NextUpdate != null) this.asn1Array.push(this.asn1NextUpdate);
+1034 
+1035         if (this.aRevokedCert.length > 0) {
+1036             var seq = new KJUR.asn1.DERSequence({'array': this.aRevokedCert});
+1037             this.asn1Array.push(seq);
+1038         }
+1039 
+1040         var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
+1041         this.hTLV = o.getEncodedHex();
+1042         this.isModified = false;
+1043         return this.hTLV;
 1044     };
 1045 
-1046     this.getEncodedHex = function() {
-1047 	var o = new KJUR.asn1.DERSet({"array": this.asn1Array});
-1048 	this.TLV = o.getEncodedHex();
-1049 	return this.TLV;
-1050     };
-1051 
-1052     if (typeof params != "undefined") {
-1053 	if (typeof params['str'] != "undefined") {
-1054 	    this.addByString(params['str']);
-1055 	}
-1056     }
-1057 };
-1058 YAHOO.lang.extend(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object);
-1059 
-1060 /**
-1061  * AttributeTypeAndValue ASN.1 structure class
-1062  * @name KJUR.asn1.x509.AttributeTypeAndValue
-1063  * @class AttributeTypeAndValue ASN.1 structure class
-1064  * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
-1065  * @extends KJUR.asn1.ASN1Object
+1046     this._initialize = function() {
+1047         this.asn1Version = null;
+1048         this.asn1SignatureAlg = null;
+1049         this.asn1Issuer = null;
+1050         this.asn1ThisUpdate = null;
+1051         this.asn1NextUpdate = null;
+1052         this.aRevokedCert = new Array();
+1053     };
+1054 
+1055     this._initialize();
+1056 };
+1057 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object);
+1058 
+1059 /**
+1060  * ASN.1 CRLEntry structure class for CRL
+1061  * @name KJUR.asn1.x509.CRLEntry
+1062  * @class ASN.1 CRLEntry structure class for CRL
+1063  * @param {Array} params associative array of parameters (ex. {})
+1064  * @extends KJUR.asn1.ASN1Object
+1065  * @since 1.0.3
 1066  * @description
 1067  * @example
-1068  */
-1069 KJUR.asn1.x509.AttributeTypeAndValue = function(params) {
-1070     KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);
-1071     var typeObj = null;
-1072     var valueObj = null;
-1073     var defaultDSType = "utf8";
-1074 
-1075     this.setByString = function(attrTypeAndValueStr) {
-1076 	if (attrTypeAndValueStr.match(/^([^=]+)=(.+)$/)) {
-1077 	    this.setByAttrTypeAndValueStr(RegExp.$1, RegExp.$2);
-1078 	} else {
-1079 	    throw "malformed attrTypeAndValueStr: " + attrTypeAndValueStr;
-1080 	}
-1081     };
-1082 
-1083     this.setByAttrTypeAndValueStr = function(shortAttrType, valueStr) {
-1084 	this.typeObj = KJUR.asn1.x509.OID.atype2obj(shortAttrType);
-1085 	var dsType = defaultDSType;
-1086 	if (shortAttrType == "C") dsType = "prn";
-1087 	this.valueObj = this.getValueObj(dsType, valueStr);
-1088     };
-1089 
-1090     this.getValueObj = function(dsType, valueStr) {
-1091 	if (dsType == "utf8")	return new KJUR.asn1.DERUTF8String({"str": valueStr});
-1092 	if (dsType == "prn")	return new KJUR.asn1.DERPrintableString({"str": valueStr});
-1093 	if (dsType == "tel")	return new KJUR.asn1.DERTeletexString({"str": valueStr});
-1094 	if (dsType == "ia5")	return new KJUR.asn1.DERIA5String({"str": valueStr});
-1095 	throw "unsupported directory string type: type=" + dsType + " value=" + valueStr;
-1096     };
-1097 
-1098     this.getEncodedHex = function() {
-1099 	var o = new KJUR.asn1.DERSequence({"array": [this.typeObj, this.valueObj]});
-1100 	this.TLV = o.getEncodedHex();
-1101 	return this.TLV;
-1102     };
-1103 
-1104     if (typeof params != "undefined") {
-1105 	if (typeof params['str'] != "undefined") {
-1106 	    this.setByString(params['str']);
-1107 	}
-1108     }
-1109 };
-1110 YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object);
-1111 
-1112 // === END   X500Name Related =================================================
-1113 
-1114 // === BEGIN Other ASN1 structure class  ======================================
-1115 
-1116 /**
-1117  * SubjectPublicKeyInfo ASN.1 structure class
-1118  * @name KJUR.asn1.x509.SubjectPublicKeyInfo
-1119  * @class SubjectPublicKeyInfo ASN.1 structure class
-1120  * @param {Object} params parameter for subject public key
-1121  * @extends KJUR.asn1.ASN1Object
-1122  * @description
-1123  * <br/>
-1124  * As for argument 'params' for constructor, you can specify one of
-1125  * following properties:
-1126  * <ul>
-1127  * <li>{@link RSAKey} object</li>
-1128  * <li>{@link KJUR.crypto.ECDSA} object</li>
-1129  * <li>{@link KJUR.crypto.DSA} object</li>
-1130  * <li>(DEPRECATED)rsakey - specify {@link RSAKey} object of subject public key</li>
-1131  * <li>(DEPRECATED)rsapem - specify a string of PEM public key of RSA key</li>
-1132  * </ul>
-1133  * NOTE1: 'params' can be omitted.<br/>
-1134  * NOTE2: DSA/ECDSA key object is also supported since asn1x509 1.0.6.<br/>
-1135  * <h4>EXAMPLE</h4>
+1068  * var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}});
+1069  * 
+1070  * // revokedCertificates     SEQUENCE OF SEQUENCE  {
+1071  * //     userCertificate         CertificateSerialNumber,
+1072  * //     revocationDate          Time,
+1073  * //     crlEntryExtensions      Extensions OPTIONAL
+1074  * //                             -- if present, version MUST be v2 }
+1075  */
+1076 KJUR.asn1.x509.CRLEntry = function(params) {
+1077     KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);
+1078     var sn = null;
+1079     var time = null;
+1080 
+1081     /**
+1082      * set DERInteger parameter for serial number of revoked certificate 
+1083      * @name setCertSerial
+1084      * @memberOf KJUR.asn1.x509.CRLEntry
+1085      * @function
+1086      * @param {Array} intParam DERInteger parameter for certificate serial number
+1087      * @description
+1088      * @example
+1089      * entry.setCertSerial({'int': 3});
+1090      */
+1091     this.setCertSerial = function(intParam) {
+1092         this.sn = new KJUR.asn1.DERInteger(intParam);
+1093     };
+1094 
+1095     /**
+1096      * set Time parameter for revocation date
+1097      * @name setRevocationDate
+1098      * @memberOf KJUR.asn1.x509.CRLEntry
+1099      * @function
+1100      * @param {Array} timeParam Time parameter for revocation date
+1101      * @description
+1102      * @example
+1103      * entry.setRevocationDate({'str': '130508235959Z'});
+1104      */
+1105     this.setRevocationDate = function(timeParam) {
+1106         this.time = new KJUR.asn1.x509.Time(timeParam);
+1107     };
+1108 
+1109     this.getEncodedHex = function() {
+1110         var o = new KJUR.asn1.DERSequence({"array": [this.sn, this.time]});
+1111         this.TLV = o.getEncodedHex();
+1112         return this.TLV;
+1113     };
+1114     
+1115     if (typeof params != "undefined") {
+1116         if (typeof params['time'] != "undefined") {
+1117             this.setRevocationDate(params['time']);
+1118         }
+1119         if (typeof params['sn'] != "undefined") {
+1120             this.setCertSerial(params['sn']);
+1121         }
+1122     }
+1123 };
+1124 YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object);
+1125 
+1126 // === END   CRL Related ===================================================
+1127 
+1128 // === BEGIN X500Name Related =================================================
+1129 /**
+1130  * X500Name ASN.1 structure class
+1131  * @name KJUR.asn1.x509.X500Name
+1132  * @class X500Name ASN.1 structure class
+1133  * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'})
+1134  * @extends KJUR.asn1.ASN1Object
+1135  * @description
 1136  * @example
-1137  * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(RSAKey_object);
-1138  * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoECDSA_object);
-1139  * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoDSA_object);
-1140  */
-1141 KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) {
-1142     KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);
-1143     var asn1AlgId = null;
-1144     var asn1SubjPKey = null;
-1145     var rsaKey = null;
-1146 
-1147     /**
-1148      * (DEPRECATED) set RSAKey object as subject public key
-1149      * @name setRSAKey
-1150      * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo
-1151      * @function
-1152      * @param {RSAKey} rsaKey {@link RSAKey} object for RSA public key
-1153      * @description
-1154      * @deprecated
-1155      * @example
-1156      * spki.setRSAKey(rsaKey);
-1157      */
-1158     this.setRSAKey = function(rsaKey) {
-1159 	if (! RSAKey.prototype.isPrototypeOf(rsaKey))
-1160 	    throw "argument is not RSAKey instance";
-1161         this.rsaKey = rsaKey;
-1162 	var asn1RsaN = new KJUR.asn1.DERInteger({'bigint': rsaKey.n});
-1163 	var asn1RsaE = new KJUR.asn1.DERInteger({'int': rsaKey.e});
-1164 	var asn1RsaPub = new KJUR.asn1.DERSequence({'array': [asn1RsaN, asn1RsaE]});
-1165 	var rsaKeyHex = asn1RsaPub.getEncodedHex();
-1166 	this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'});
-1167 	this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex});
-1168     };
-1169 
-1170     /**
-1171      * (DEPRECATED) set a PEM formatted RSA public key string as RSA public key
-1172      * @name setRSAPEM
-1173      * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo
-1174      * @function
-1175      * @param {String} rsaPubPEM PEM formatted RSA public key string
-1176      * @deprecated
-1177      * @description
-1178      * @example
-1179      * spki.setRSAPEM(rsaPubPEM);
-1180      */
-1181     this.setRSAPEM = function(rsaPubPEM) {
-1182 	if (rsaPubPEM.match(/-----BEGIN PUBLIC KEY-----/)) {
-1183 	    var s = rsaPubPEM;
-1184 	    s = s.replace(/^-----[^-]+-----/, '');
-1185 	    s = s.replace(/-----[^-]+-----\s*$/, '');
-1186 	    var rsaB64 = s.replace(/\s+/g, '');
-1187 	    var rsaWA = CryptoJS.enc.Base64.parse(rsaB64);
-1188 	    var rsaP8Hex = CryptoJS.enc.Hex.stringify(rsaWA);
-1189 	    var a = _rsapem_getHexValueArrayOfChildrenFromHex(rsaP8Hex);
-1190 	    var hBitStrVal = a[1];
-1191 	    var rsaHex = hBitStrVal.substr(2);
-1192 	    var a3 = _rsapem_getHexValueArrayOfChildrenFromHex(rsaHex);
-1193 	    var rsaKey = new RSAKey();
-1194 	    rsaKey.setPublic(a3[0], a3[1]);
-1195 	    this.setRSAKey(rsaKey);
-1196 	} else {
-1197 	    throw "key not supported";
-1198 	}
-1199     };
-1200 
-1201     /*
-1202      * @since asn1x509 1.0.7
-1203      */
-1204     this.getASN1Object = function() {
-1205 	if (this.asn1AlgId == null || this.asn1SubjPKey == null)
-1206 	    throw "algId and/or subjPubKey not set";
-1207 	var o = new KJUR.asn1.DERSequence({'array':
-1208 					   [this.asn1AlgId, this.asn1SubjPKey]});
-1209 	return o;
-1210     };
-1211 
-1212     this.getEncodedHex = function() {
-1213 	var o = this.getASN1Object();
-1214 	this.hTLV = o.getEncodedHex();
-1215 	return this.hTLV;
-1216     };
-1217 
-1218     this._setRSAKey = function(key) {
-1219 	var asn1RsaPub = KJUR.asn1.ASN1Util.newObject({
-1220 		'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}]
-1221 	    });
-1222 	var rsaKeyHex = asn1RsaPub.getEncodedHex();
-1223 	this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'});
-1224 	this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex});
-1225     };
-1226 
-1227     this._setEC = function(key) {
-1228 	var asn1Params = new KJUR.asn1.DERObjectIdentifier({'name': key.curveName});
-1229 	this.asn1AlgId = 
-1230 	    new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'ecPublicKey',
-1231 						    'asn1params': asn1Params});
-1232 	this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + key.pubKeyHex});
-1233     };
-1234 
-1235     this._setDSA = function(key) {
-1236 	var asn1Params = new KJUR.asn1.ASN1Util.newObject({
-1237 		'seq': [{'int': {'bigint': key.p}},
-1238 	                {'int': {'bigint': key.q}},
-1239 	                {'int': {'bigint': key.g}}]
-1240 	    });
-1241 	this.asn1AlgId = 
-1242 	    new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'dsa',
-1243 						    'asn1params': asn1Params});
-1244 	var pubInt = new KJUR.asn1.DERInteger({'bigint': key.y});
-1245 	this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + pubInt.getEncodedHex()});
-1246     };
+1137  */
+1138 KJUR.asn1.x509.X500Name = function(params) {
+1139     KJUR.asn1.x509.X500Name.superclass.constructor.call(this);
+1140     this.asn1Array = new Array();
+1141 
+1142     this.setByString = function(dnStr) {
+1143         var a = dnStr.split('/');
+1144         a.shift();
+1145         for (var i = 0; i < a.length; i++) {
+1146             this.asn1Array.push(new KJUR.asn1.x509.RDN({'str':a[i]}));
+1147         }
+1148     };
+1149 
+1150     this.getEncodedHex = function() {
+1151         var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
+1152         this.TLV = o.getEncodedHex();
+1153         return this.TLV;
+1154     };
+1155 
+1156     if (typeof params != "undefined") {
+1157         if (typeof params['str'] != "undefined") {
+1158             this.setByString(params['str']);
+1159         }
+1160     }
+1161 
+1162 };
+1163 YAHOO.lang.extend(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object);
+1164 
+1165 /**
+1166  * RDN (Relative Distinguish Name) ASN.1 structure class
+1167  * @name KJUR.asn1.x509.RDN
+1168  * @class RDN (Relative Distinguish Name) ASN.1 structure class
+1169  * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
+1170  * @extends KJUR.asn1.ASN1Object
+1171  * @description
+1172  * @example
+1173  */
+1174 KJUR.asn1.x509.RDN = function(params) {
+1175     KJUR.asn1.x509.RDN.superclass.constructor.call(this);
+1176     this.asn1Array = new Array();
+1177 
+1178     this.addByString = function(rdnStr) {
+1179         this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str':rdnStr}));
+1180     };
+1181 
+1182     this.getEncodedHex = function() {
+1183         var o = new KJUR.asn1.DERSet({"array": this.asn1Array});
+1184         this.TLV = o.getEncodedHex();
+1185         return this.TLV;
+1186     };
+1187 
+1188     if (typeof params != "undefined") {
+1189         if (typeof params['str'] != "undefined") {
+1190             this.addByString(params['str']);
+1191         }
+1192     }
+1193 };
+1194 YAHOO.lang.extend(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object);
+1195 
+1196 /**
+1197  * AttributeTypeAndValue ASN.1 structure class
+1198  * @name KJUR.asn1.x509.AttributeTypeAndValue
+1199  * @class AttributeTypeAndValue ASN.1 structure class
+1200  * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
+1201  * @extends KJUR.asn1.ASN1Object
+1202  * @description
+1203  * @example
+1204  */
+1205 KJUR.asn1.x509.AttributeTypeAndValue = function(params) {
+1206     KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);
+1207     var typeObj = null;
+1208     var valueObj = null;
+1209     var defaultDSType = "utf8";
+1210 
+1211     this.setByString = function(attrTypeAndValueStr) {
+1212         if (attrTypeAndValueStr.match(/^([^=]+)=(.+)$/)) {
+1213             this.setByAttrTypeAndValueStr(RegExp.$1, RegExp.$2);
+1214         } else {
+1215             throw "malformed attrTypeAndValueStr: " + attrTypeAndValueStr;
+1216         }
+1217     };
+1218 
+1219     this.setByAttrTypeAndValueStr = function(shortAttrType, valueStr) {
+1220         this.typeObj = KJUR.asn1.x509.OID.atype2obj(shortAttrType);
+1221         var dsType = defaultDSType;
+1222         if (shortAttrType == "C") dsType = "prn";
+1223         this.valueObj = this.getValueObj(dsType, valueStr);
+1224     };
+1225 
+1226     this.getValueObj = function(dsType, valueStr) {
+1227         if (dsType == "utf8")   return new KJUR.asn1.DERUTF8String({"str": valueStr});
+1228         if (dsType == "prn")    return new KJUR.asn1.DERPrintableString({"str": valueStr});
+1229         if (dsType == "tel")    return new KJUR.asn1.DERTeletexString({"str": valueStr});
+1230         if (dsType == "ia5")    return new KJUR.asn1.DERIA5String({"str": valueStr});
+1231         throw "unsupported directory string type: type=" + dsType + " value=" + valueStr;
+1232     };
+1233 
+1234     this.getEncodedHex = function() {
+1235         var o = new KJUR.asn1.DERSequence({"array": [this.typeObj, this.valueObj]});
+1236         this.TLV = o.getEncodedHex();
+1237         return this.TLV;
+1238     };
+1239 
+1240     if (typeof params != "undefined") {
+1241         if (typeof params['str'] != "undefined") {
+1242             this.setByString(params['str']);
+1243         }
+1244     }
+1245 };
+1246 YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object);
 1247 
-1248     if (typeof params != "undefined") {
-1249 	if (typeof RSAKey != 'undefined' && params instanceof RSAKey) {
-1250 	    this._setRSAKey(params);
-1251 	} else if (typeof KJUR.crypto.ECDSA != 'undefined' &&
-1252 		   params instanceof KJUR.crypto.ECDSA) {
-1253 	    this._setEC(params);
-1254 	} else if (typeof KJUR.crypto.DSA != 'undefined' &&
-1255 		   params instanceof KJUR.crypto.DSA) {
-1256 	    this._setDSA(params);
-1257 	} else if (typeof params['rsakey'] != "undefined") {
-1258 	    this.setRSAKey(params['rsakey']);
-1259 	} else if (typeof params['rsapem'] != "undefined") {
-1260 	    this.setRSAPEM(params['rsapem']);
-1261 	}
-1262     }
-1263 };
-1264 YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object);
-1265 
-1266 /**
-1267  * Time ASN.1 structure class
-1268  * @name KJUR.asn1.x509.Time
-1269  * @class Time ASN.1 structure class
-1270  * @param {Array} params associative array of parameters (ex. {'str': '130508235959Z'})
-1271  * @extends KJUR.asn1.ASN1Object
-1272  * @description
-1273  * <br/>
-1274  * <h4>EXAMPLES</h4>
-1275  * @example
-1276  * var t1 = new KJUR.asn1.x509.Time{'str': '130508235959Z'} // UTCTime by default
-1277  * var t2 = new KJUR.asn1.x509.Time{'type': 'gen',  'str': '20130508235959Z'} // GeneralizedTime
-1278  */
-1279 KJUR.asn1.x509.Time = function(params) {
-1280     KJUR.asn1.x509.Time.superclass.constructor.call(this);
-1281     var type = null;
-1282     var timeParams = null;
-1283 
-1284     this.setTimeParams = function(timeParams) {
-1285 	this.timeParams = timeParams;
-1286     }
-1287 
-1288     this.getEncodedHex = function() {
-1289 	if (this.timeParams == null) {
-1290 	    throw "timeParams shall be specified. ({'str':'130403235959Z'}}";
-1291 	}
-1292 	var o = null;
-1293 	if (this.type == "utc") {
-1294 	    o = new KJUR.asn1.DERUTCTime(this.timeParams);
-1295 	} else {
-1296 	    o = new KJUR.asn1.DERGeneralizedTime(this.timeParams);
-1297 	}
-1298 	this.TLV = o.getEncodedHex();
-1299 	return this.TLV;
-1300     };
-1301  
-1302     this.type = "utc";
-1303     if (typeof params != "undefined") {
-1304 	if (typeof params['type'] != "undefined") {
-1305 	    this.type = params['type'];
-1306 	}
-1307 	this.timeParams = params;
-1308     }
-1309 };
-1310 YAHOO.lang.extend(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object);
-1311 
-1312 /**
-1313  * AlgorithmIdentifier ASN.1 structure class
-1314  * @name KJUR.asn1.x509.AlgorithmIdentifier
-1315  * @class AlgorithmIdentifier ASN.1 structure class
-1316  * @param {Array} params associative array of parameters (ex. {'name': 'SHA1withRSA'})
-1317  * @extends KJUR.asn1.ASN1Object
-1318  * @description
-1319  * @example
-1320  */
-1321 KJUR.asn1.x509.AlgorithmIdentifier = function(params) {
-1322     KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);
-1323     var nameAlg = null;
-1324     var asn1Alg = null;
-1325     var asn1Params = null;
-1326     var paramEmpty = false;
-1327 
-1328     this.getEncodedHex = function() {
-1329 	if (this.nameAlg == null && this.asn1Alg == null) {
-1330 	    throw "algorithm not specified";
-1331 	}
-1332 	if (this.nameAlg != null && this.asn1Alg == null) {
-1333 	    this.asn1Alg = KJUR.asn1.x509.OID.name2obj(this.nameAlg);
-1334 	}
-1335 	var a = [this.asn1Alg];
-1336 	if (! this.paramEmpty) a.push(this.asn1Params);
-1337 	var o = new KJUR.asn1.DERSequence({'array': a});
-1338 	this.hTLV = o.getEncodedHex();
-1339 	return this.hTLV;
-1340     };
-1341 
-1342     if (typeof params != "undefined") {
-1343 	if (typeof params['name'] != "undefined") {
-1344 	    this.nameAlg = params['name'];
-1345 	}
-1346 	if (typeof params['asn1params'] != "undefined") {
-1347 	    this.asn1Params = params['asn1params'];
-1348 	}
-1349 	if (typeof params['paramempty'] != "undefined") {
-1350 	    this.paramEmpty = params['paramempty'];
-1351 	}
-1352     }
-1353     if (this.asn1Params == null) {
-1354 	this.asn1Params = new KJUR.asn1.DERNull();
-1355     }
-1356 };
-1357 YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object);
-1358 
-1359 /**
-1360  * GeneralName ASN.1 structure class
-1361  * @name KJUR.asn1.x509.GeneralName
-1362  * @class GeneralName ASN.1 structure class
-1363  * @description
-1364  * <br/>
-1365  * As for argument 'params' for constructor, you can specify one of
-1366  * following properties:
-1367  * <ul>
-1368  * <li>rfc822 - rfc822Name[1] (ex. user1@foo.com)</li>
-1369  * <li>dns - dNSName[2] (ex. foo.com)</li>
-1370  * <li>uri - uniformResourceIdentifier[6] (ex. http://foo.com/)</li>
-1371  * </ul>
-1372  * NOTE: Currently this only supports 'uniformResourceIdentifier'.
-1373  * <h4>EXAMPLE AND ASN.1 SYNTAX</h4>
-1374  * @example
-1375  * var gn = new KJUR.asn1.x509.GeneralName({'uri': 'http://aaa.com/'});
-1376  *
-1377  * GeneralName ::= CHOICE {
-1378  *         otherName                       [0]     OtherName,
-1379  *         rfc822Name                      [1]     IA5String,
-1380  *         dNSName                         [2]     IA5String,
-1381  *         x400Address                     [3]     ORAddress,
-1382  *         directoryName                   [4]     Name,
-1383  *         ediPartyName                    [5]     EDIPartyName,
-1384  *         uniformResourceIdentifier       [6]     IA5String,
-1385  *         iPAddress                       [7]     OCTET STRING,
-1386  *         registeredID                    [8]     OBJECT IDENTIFIER } 
-1387  */
-1388 KJUR.asn1.x509.GeneralName = function(params) {
-1389     KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);
-1390     var asn1Obj = null;
-1391     var type = null;
-1392     var pTag = {'rfc822': '81', 'dns': '82', 'uri': '86'};
-1393 
-1394     this.setByParam = function(params) {
-1395 	var str = null;
-1396 	var v = null;
-1397 
-1398 	if (typeof params['rfc822'] != "undefined") {
-1399 	    this.type = 'rfc822';
-1400 	    v = new KJUR.asn1.DERIA5String({'str': params[this.type]});
-1401 	}
-1402 	if (typeof params['dns'] != "undefined") {
-1403 	    this.type = 'dns';
-1404 	    v = new KJUR.asn1.DERIA5String({'str': params[this.type]});
-1405 	}
-1406 	if (typeof params['uri'] != "undefined") {
-1407 	    this.type = 'uri';
-1408 	    v = new KJUR.asn1.DERIA5String({'str': params[this.type]});
-1409 	}
-1410 
-1411 	if (this.type == null)
-1412 	    throw "unsupported type in params=" + params;
-1413         this.asn1Obj = new KJUR.asn1.DERTaggedObject({'explicit': false,
-1414 						      'tag': pTag[this.type],
-1415 						      'obj': v});
-1416     };
-1417 
-1418     this.getEncodedHex = function() {
-1419 	return this.asn1Obj.getEncodedHex();
-1420     }
-1421 
-1422     if (typeof params != "undefined") {
-1423 	this.setByParam(params);
-1424     }
-1425 
-1426 };
-1427 YAHOO.lang.extend(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object);
-1428 
-1429 /**
-1430  * GeneralNames ASN.1 structure class
-1431  * @name KJUR.asn1.x509.GeneralNames
-1432  * @class GeneralNames ASN.1 structure class
-1433  * @description
-1434  * <br/>
-1435  * <h4>EXAMPLE AND ASN.1 SYNTAX</h4>
-1436  * @example
-1437  * var gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]); 
-1438  *
-1439  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-1440  */
-1441 KJUR.asn1.x509.GeneralNames = function(paramsArray) {
-1442     KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);
-1443     var asn1Array = null;
-1444 
-1445     /**
-1446      * set a array of {@link KJUR.asn1.x509.GeneralName} parameters
-1447      * @name setByParamArray
-1448      * @memberOf KJUR.asn1.x509.GeneralNames
-1449      * @function
-1450      * @param {Array} paramsArray Array of {@link KJUR.asn1.x509.GeneralNames}
-1451      * @description
-1452      * <br/>
-1453      * <h4>EXAMPLES</h4>
-1454      * @example
-1455      * var gns = new KJUR.asn1.x509.GeneralNames();
-1456      * gns.setByParamArray([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]);
-1457      */
-1458     this.setByParamArray = function(paramsArray) {
-1459 	for (var i = 0; i < paramsArray.length; i++) {
-1460 	    var o = new KJUR.asn1.x509.GeneralName(paramsArray[i]);
-1461 	    this.asn1Array.push(o);
-1462 	}
-1463     };
-1464 
-1465     this.getEncodedHex = function() {
-1466 	var o = new KJUR.asn1.DERSequence({'array': this.asn1Array});
-1467 	return o.getEncodedHex();
-1468     };
-1469 
-1470     this.asn1Array = new Array();
-1471     if (typeof paramsArray != "undefined") {
-1472 	this.setByParamArray(paramsArray);
-1473     }
-1474 };
-1475 YAHOO.lang.extend(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object);
-1476 
-1477 /**
-1478  * DistributionPointName ASN.1 structure class
-1479  * @name KJUR.asn1.x509.DistributionPointName
-1480  * @class DistributionPointName ASN.1 structure class
-1481  * @description
-1482  * @example
-1483  */
-1484 KJUR.asn1.x509.DistributionPointName = function(gnOrRdn) {
-1485     KJUR.asn1.x509.DistributionPointName.superclass.constructor.call(this);
-1486     var asn1Obj = null;
-1487     var type = null;
-1488     var tag = null;
-1489     var asn1V = null;
-1490 
-1491     this.getEncodedHex = function() {
-1492 	if (this.type != "full")
-1493 	    throw "currently type shall be 'full': " + this.type;
-1494 	this.asn1Obj = new KJUR.asn1.DERTaggedObject({'explicit': false,
-1495 						      'tag': this.tag,
-1496 						      'obj': this.asn1V});
-1497 	this.hTLV = this.asn1Obj.getEncodedHex();
-1498 	return this.hTLV;
-1499     };
-1500 
-1501     if (typeof gnOrRdn != "undefined") {
-1502 	if (KJUR.asn1.x509.GeneralNames.prototype.isPrototypeOf(gnOrRdn)) {
-1503 	    this.type = "full";
-1504 	    this.tag = "a0";
-1505 	    this.asn1V = gnOrRdn;
-1506 	} else {
-1507 	    throw "This class supports GeneralNames only as argument";
-1508 	}
-1509     }
-1510 };
-1511 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPointName, KJUR.asn1.ASN1Object);
-1512 
-1513 /**
-1514  * DistributionPoint ASN.1 structure class
-1515  * @name KJUR.asn1.x509.DistributionPoint
-1516  * @class DistributionPoint ASN.1 structure class
-1517  * @description
-1518  * @example
-1519  */
-1520 KJUR.asn1.x509.DistributionPoint = function(params) {
-1521     KJUR.asn1.x509.DistributionPoint.superclass.constructor.call(this);
-1522     var asn1DP = null;
-1523 
-1524     this.getEncodedHex = function() {
-1525 	var seq = new KJUR.asn1.DERSequence();
-1526 	if (this.asn1DP != null) {
-1527 	    var o1 = new KJUR.asn1.DERTaggedObject({'explicit': true,
-1528 						    'tag': 'a0',
-1529 						    'obj': this.asn1DP});
-1530 	    seq.appendASN1Object(o1);
-1531 	}
-1532 	this.hTLV = seq.getEncodedHex();
-1533 	return this.hTLV;
-1534     };
-1535 
-1536     if (typeof params != "undefined") {
-1537 	if (typeof params['dpobj'] != "undefined") {
-1538 	    this.asn1DP = params['dpobj'];
-1539 	}
-1540     }
-1541 };
-1542 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPoint, KJUR.asn1.ASN1Object);
-1543 
-1544 /**
-1545  * static object for OID
-1546  * @name KJUR.asn1.x509.OID
-1547  * @class static object for OID
-1548  * @property {Assoc Array} atype2oidList for short attribyte type name and oid (i.e. 'C' and '2.5.4.6')
-1549  * @property {Assoc Array} name2oidList for oid name and oid (i.e. 'keyUsage' and '2.5.29.15')
-1550  * @property {Assoc Array} objCache for caching name and DERObjectIdentifier object 
-1551  * @description
-1552  * <dl>
-1553  * <dt><b>atype2oidList</b>
-1554  * <dd>currently supports 'C', 'O', 'OU', 'ST', 'L' and 'CN' only.
-1555  * <dt><b>name2oidList</b>
-1556  * <dd>currently supports 'SHA1withRSA', 'rsaEncryption' and some extension OIDs
-1557  * </dl>
-1558  * @example
-1559  */
-1560 KJUR.asn1.x509.OID = new function(params) {
-1561     this.atype2oidList = {
-1562 	'C':	'2.5.4.6',
-1563 	'O':	'2.5.4.10',
-1564 	'OU':	'2.5.4.11',
-1565 	'ST':	'2.5.4.8',
-1566 	'L':	'2.5.4.7',
-1567 	'CN':	'2.5.4.3',
-1568     };
-1569     this.name2oidList = {
-1570 	'sha384':			'2.16.840.1.101.3.4.2.2',
-1571 	'sha224':			'2.16.840.1.101.3.4.2.4',
-1572 
-1573 	'MD2withRSA':			'1.2.840.113549.1.1.2',
-1574 	'MD4withRSA':			'1.2.840.113549.1.1.3',
-1575 	'MD5withRSA':			'1.2.840.113549.1.1.4',
-1576 	'SHA1withRSA':			'1.2.840.113549.1.1.5',
-1577 	'SHA224withRSA':		'1.2.840.113549.1.1.14',
-1578 	'SHA256withRSA':		'1.2.840.113549.1.1.11',
-1579 	'SHA384withRSA':		'1.2.840.113549.1.1.12',
-1580 	'SHA512withRSA':		'1.2.840.113549.1.1.13',
-1581 
-1582 	'SHA1withECDSA':		'1.2.840.10045.4.1',
-1583 	'SHA224withECDSA':		'1.2.840.10045.4.3.1',
-1584 	'SHA256withECDSA':		'1.2.840.10045.4.3.2',
-1585 	'SHA384withECDSA':		'1.2.840.10045.4.3.3',
-1586 	'SHA512withECDSA':		'1.2.840.10045.4.3.4',
-1587 
-1588 	'dsa':				'1.2.840.10040.4.1',
-1589 	'SHA1withDSA':			'1.2.840.10040.4.3',
-1590 	'SHA224withDSA':		'2.16.840.1.101.3.4.3.1',
-1591 	'SHA256withDSA':		'2.16.840.1.101.3.4.3.2',
-1592 
-1593         'rsaEncryption':		'1.2.840.113549.1.1.1',
-1594 	'subjectKeyIdentifier':		'2.5.29.14',
-1595 
-1596 	'countryName':			'2.5.4.6',
-1597 	'organization':			'2.5.4.10',
-1598 	'organizationalUnit':		'2.5.4.11',
-1599 	'stateOrProvinceName':		'2.5.4.8',
-1600 	'locality':			'2.5.4.7',
-1601 	'commonName':			'2.5.4.3',
-1602 
-1603 	'keyUsage':			'2.5.29.15',
-1604 	'basicConstraints':		'2.5.29.19',
-1605 	'cRLDistributionPoints':	'2.5.29.31',
-1606 	'certificatePolicies':		'2.5.29.32',
-1607 	'authorityKeyIdentifier':	'2.5.29.35',
-1608 	'extKeyUsage':			'2.5.29.37',
-1609 
-1610 	'anyExtendedKeyUsage':		'2.5.29.37.0',
-1611 	'serverAuth':			'1.3.6.1.5.5.7.3.1',
-1612 	'clientAuth':			'1.3.6.1.5.5.7.3.2',
-1613 	'codeSigning':			'1.3.6.1.5.5.7.3.3',
-1614 	'emailProtection':		'1.3.6.1.5.5.7.3.4',
-1615 	'timeStamping':			'1.3.6.1.5.5.7.3.8',
-1616 	'ocspSigning':			'1.3.6.1.5.5.7.3.9',
-1617 
-1618 	'ecPublicKey':			'1.2.840.10045.2.1',
-1619 	'secp256r1':			'1.2.840.10045.3.1.7',
-1620 	'secp256k1':			'1.3.132.0.10',
-1621 	'secp384r1':			'1.3.132.0.34',
-1622 
-1623 	'pkcs5PBES2':			'1.2.840.113549.1.5.13',
-1624 	'pkcs5PBKDF2':			'1.2.840.113549.1.5.12',
-1625 
-1626 	'des-EDE3-CBC':			'1.2.840.113549.3.7',
-1627     };
-1628 
-1629     this.objCache = {};
-1630 
-1631     /**
-1632      * get DERObjectIdentifier by registered OID name
-1633      * @name name2obj
-1634      * @memberOf KJUR.asn1.x509.OID
-1635      * @function
-1636      * @param {String} name OID
-1637      * @description
-1638      * @example
-1639      * var asn1ObjOID = OID.name2obj('SHA1withRSA');
-1640      */
-1641     this.name2obj = function(name) {
-1642 	if (typeof this.objCache[name] != "undefined")
-1643 	    return this.objCache[name];
-1644 	if (typeof this.name2oidList[name] == "undefined")
-1645 	    throw "Name of ObjectIdentifier not defined: " + name;
-1646 	var oid = this.name2oidList[name];
-1647 	var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
-1648 	this.objCache[name] = obj;
-1649 	return obj;
-1650     };
-1651 
-1652     /**
-1653      * get DERObjectIdentifier by registered attribyte type name such like 'C' or 'CN'
-1654      * @name atype2obj
-1655      * @memberOf KJUR.asn1.x509.OID
-1656      * @function
-1657      * @param {String} atype short attribute type name such like 'C' or 'CN'
-1658      * @description
-1659      * @example
-1660      * var asn1ObjOID = OID.atype2obj('CN');
-1661      */
-1662     this.atype2obj = function(atype) {
-1663 	if (typeof this.objCache[atype] != "undefined")
-1664 	    return this.objCache[atype];
-1665 	if (typeof this.atype2oidList[atype] == "undefined")
-1666 	    throw "AttributeType name undefined: " + atype;
-1667 	var oid = this.atype2oidList[atype];
-1668 	var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
-1669 	this.objCache[atype] = obj;
-1670 	return obj;
-1671     };
-1672 };
-1673 
-1674 /**
-1675  * X.509 certificate and CRL utilities class
-1676  * @name KJUR.asn1.x509.X509Util
-1677  * @class X.509 certificate and CRL utilities class
-1678  */
-1679 KJUR.asn1.x509.X509Util = new function() {
-1680     /**
-1681      * get PKCS#8 PEM public key string from RSAKey object
-1682      * @name getPKCS8PubKeyPEMfromRSAKey
-1683      * @memberOf KJUR.asn1.x509.X509Util
-1684      * @function
-1685      * @param {RSAKey} rsaKey RSA public key of {@link RSAKey} object
-1686      * @description
-1687      * @example
-1688      * var pem = KJUR.asn1.x509.X509Util.getPKCS8PubKeyPEMfromRSAKey(pubKey);
-1689      */
-1690    this.getPKCS8PubKeyPEMfromRSAKey = function(rsaKey) {
-1691        var pem = null;
-1692        var hN = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(rsaKey.n);
-1693        var hE = KJUR.asn1.ASN1Util.integerToByteHex(rsaKey.e);
-1694        var iN = new KJUR.asn1.DERInteger({hex: hN});
-1695        var iE = new KJUR.asn1.DERInteger({hex: hE});
-1696        var asn1PubKey = new KJUR.asn1.DERSequence({array: [iN, iE]});
-1697        var hPubKey = asn1PubKey.getEncodedHex();
-1698        var o1 = new KJUR.asn1.x509.AlgorithmIdentifier({name: 'rsaEncryption'});
-1699        var o2 = new KJUR.asn1.DERBitString({hex: '00' + hPubKey});
-1700        var seq = new KJUR.asn1.DERSequence({array: [o1, o2]});
-1701        var hP8 = seq.getEncodedHex();
-1702        var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(hP8, "PUBLIC KEY");
-1703        return pem;
-1704    };
-1705 };
-1706 /**
-1707  * issue a certificate in PEM format
-1708  * @name newCertPEM
-1709  * @memberOf KJUR.asn1.x509.X509Util
-1710  * @function
-1711  * @param {Array} param parameter to issue a certificate
-1712  * @since asn1x509 1.0.6
-1713  * @description
-1714  * This method can issue a certificate by a simple
-1715  * JSON object.
-1716  * NOTE: When using DSA or ECDSA CA signing key,
-1717  * use 'paramempty' in 'sigalg' to ommit parameter field
-1718  * of AlgorithmIdentifer. In case of RSA, parameter
-1719  * NULL will be specified by default.
-1720  * @example
-1721  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM(
-1722  * { serial: {int: 4},
-1723  *   sigalg: {name: 'SHA1withECDSA', paramempty: true},
-1724  *   issuer: {str: '/C=US/O=a'},
-1725  *   notbefore: {'str': '130504235959Z'},
-1726  *   notafter: {'str': '140504235959Z'},
-1727  *   subject: {str: '/C=US/O=b'},
-1728  *   sbjpubkey: pubKeyPEM,
-1729  *   ext: [
-1730  *     {basicConstraints: {cA: true, critical: true}},
-1731  *     {keyUsage: {bin: '11'}},
-1732  *   ],
-1733  *   cakey: [prvkey, pass]}
-1734  * );
-1735  */
-1736 KJUR.asn1.x509.X509Util.newCertPEM = function(param) {
-1737     var ns1 = KJUR.asn1.x509;
-1738     var o = new ns1.TBSCertificate();
-1739 
-1740     if (param.serial !== undefined)
-1741 	o.setSerialNumberByParam(param.serial);
-1742     else
-1743 	throw "serial number undefined.";
-1744 
-1745     if (typeof param.sigalg.name == 'string')
-1746 	o.setSignatureAlgByParam(param.sigalg);
-1747     else 
-1748 	throw "unproper signature algorithm name";
-1749 
-1750     if (param.issuer !== undefined)
-1751 	o.setIssuerByParam(param.issuer);
-1752     else
-1753 	throw "issuer name undefined.";
-1754     
-1755     if (param.notbefore !== undefined)
-1756 	o.setNotBeforeByParam(param.notbefore);
-1757     else
-1758 	throw "notbefore undefined.";
-1759 
-1760     if (param.notafter !== undefined)
-1761 	o.setNotAfterByParam(param.notafter);
-1762     else
-1763 	throw "notafter undefined.";
+1248 // === END   X500Name Related =================================================
+1249 
+1250 // === BEGIN Other ASN1 structure class  ======================================
+1251 
+1252 /**
+1253  * SubjectPublicKeyInfo ASN.1 structure class
+1254  * @name KJUR.asn1.x509.SubjectPublicKeyInfo
+1255  * @class SubjectPublicKeyInfo ASN.1 structure class
+1256  * @param {Object} params parameter for subject public key
+1257  * @extends KJUR.asn1.ASN1Object
+1258  * @description
+1259  * <br/>
+1260  * As for argument 'params' for constructor, you can specify one of
+1261  * following properties:
+1262  * <ul>
+1263  * <li>{@link RSAKey} object</li>
+1264  * <li>{@link KJUR.crypto.ECDSA} object</li>
+1265  * <li>{@link KJUR.crypto.DSA} object</li>
+1266  * <li>(DEPRECATED)rsakey - specify {@link RSAKey} object of subject public key</li>
+1267  * <li>(DEPRECATED)rsapem - specify a string of PEM public key of RSA key</li>
+1268  * </ul>
+1269  * NOTE1: 'params' can be omitted.<br/>
+1270  * NOTE2: DSA/ECDSA key object is also supported since asn1x509 1.0.6.<br/>
+1271  * <h4>EXAMPLE</h4>
+1272  * @example
+1273  * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(RSAKey_object);
+1274  * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoECDSA_object);
+1275  * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoDSA_object);
+1276  */
+1277 KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) {
+1278     KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);
+1279     var asn1AlgId = null;
+1280     var asn1SubjPKey = null;
+1281     var rsaKey = null;
+1282 
+1283     /**
+1284      * (DEPRECATED) set RSAKey object as subject public key
+1285      * @name setRSAKey
+1286      * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo
+1287      * @function
+1288      * @param {RSAKey} rsaKey {@link RSAKey} object for RSA public key
+1289      * @description
+1290      * @deprecated
+1291      * @example
+1292      * spki.setRSAKey(rsaKey);
+1293      */
+1294     this.setRSAKey = function(rsaKey) {
+1295         if (! RSAKey.prototype.isPrototypeOf(rsaKey))
+1296             throw "argument is not RSAKey instance";
+1297         this.rsaKey = rsaKey;
+1298         var asn1RsaN = new KJUR.asn1.DERInteger({'bigint': rsaKey.n});
+1299         var asn1RsaE = new KJUR.asn1.DERInteger({'int': rsaKey.e});
+1300         var asn1RsaPub = new KJUR.asn1.DERSequence({'array': [asn1RsaN, asn1RsaE]});
+1301         var rsaKeyHex = asn1RsaPub.getEncodedHex();
+1302         this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'});
+1303         this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex});
+1304     };
+1305 
+1306     /**
+1307      * (DEPRECATED) set a PEM formatted RSA public key string as RSA public key
+1308      * @name setRSAPEM
+1309      * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo
+1310      * @function
+1311      * @param {String} rsaPubPEM PEM formatted RSA public key string
+1312      * @deprecated
+1313      * @description
+1314      * @example
+1315      * spki.setRSAPEM(rsaPubPEM);
+1316      */
+1317     this.setRSAPEM = function(rsaPubPEM) {
+1318         if (rsaPubPEM.match(/-----BEGIN PUBLIC KEY-----/)) {
+1319             var s = rsaPubPEM;
+1320             s = s.replace(/^-----[^-]+-----/, '');
+1321             s = s.replace(/-----[^-]+-----\s*$/, '');
+1322             var rsaB64 = s.replace(/\s+/g, '');
+1323             var rsaWA = CryptoJS.enc.Base64.parse(rsaB64);
+1324             var rsaP8Hex = CryptoJS.enc.Hex.stringify(rsaWA);
+1325             var a = _rsapem_getHexValueArrayOfChildrenFromHex(rsaP8Hex);
+1326             var hBitStrVal = a[1];
+1327             var rsaHex = hBitStrVal.substr(2);
+1328             var a3 = _rsapem_getHexValueArrayOfChildrenFromHex(rsaHex);
+1329             var rsaKey = new RSAKey();
+1330             rsaKey.setPublic(a3[0], a3[1]);
+1331             this.setRSAKey(rsaKey);
+1332         } else {
+1333             throw "key not supported";
+1334         }
+1335     };
+1336 
+1337     /*
+1338      * @since asn1x509 1.0.7
+1339      */
+1340     this.getASN1Object = function() {
+1341         if (this.asn1AlgId == null || this.asn1SubjPKey == null)
+1342             throw "algId and/or subjPubKey not set";
+1343         var o = new KJUR.asn1.DERSequence({'array':
+1344                                            [this.asn1AlgId, this.asn1SubjPKey]});
+1345         return o;
+1346     };
+1347 
+1348     this.getEncodedHex = function() {
+1349         var o = this.getASN1Object();
+1350         this.hTLV = o.getEncodedHex();
+1351         return this.hTLV;
+1352     };
+1353 
+1354     this._setRSAKey = function(key) {
+1355         var asn1RsaPub = KJUR.asn1.ASN1Util.newObject({
+1356             'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}]
+1357         });
+1358         var rsaKeyHex = asn1RsaPub.getEncodedHex();
+1359         this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'});
+1360         this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex});
+1361     };
+1362 
+1363     this._setEC = function(key) {
+1364         var asn1Params = new KJUR.asn1.DERObjectIdentifier({'name': key.curveName});
+1365         this.asn1AlgId = 
+1366             new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'ecPublicKey',
+1367                                                     'asn1params': asn1Params});
+1368         this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + key.pubKeyHex});
+1369     };
+1370 
+1371     this._setDSA = function(key) {
+1372         var asn1Params = new KJUR.asn1.ASN1Util.newObject({
+1373             'seq': [{'int': {'bigint': key.p}},
+1374                     {'int': {'bigint': key.q}},
+1375                     {'int': {'bigint': key.g}}]
+1376         });
+1377         this.asn1AlgId = 
+1378             new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'dsa',
+1379                                                     'asn1params': asn1Params});
+1380         var pubInt = new KJUR.asn1.DERInteger({'bigint': key.y});
+1381         this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + pubInt.getEncodedHex()});
+1382     };
+1383 
+1384     if (typeof params != "undefined") {
+1385         if (typeof RSAKey != 'undefined' && params instanceof RSAKey) {
+1386             this._setRSAKey(params);
+1387         } else if (typeof KJUR.crypto.ECDSA != 'undefined' &&
+1388                    params instanceof KJUR.crypto.ECDSA) {
+1389             this._setEC(params);
+1390         } else if (typeof KJUR.crypto.DSA != 'undefined' &&
+1391                    params instanceof KJUR.crypto.DSA) {
+1392             this._setDSA(params);
+1393         } else if (typeof params['rsakey'] != "undefined") {
+1394             this.setRSAKey(params['rsakey']);
+1395         } else if (typeof params['rsapem'] != "undefined") {
+1396             this.setRSAPEM(params['rsapem']);
+1397         }
+1398     }
+1399 };
+1400 YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object);
+1401 
+1402 /**
+1403  * Time ASN.1 structure class
+1404  * @name KJUR.asn1.x509.Time
+1405  * @class Time ASN.1 structure class
+1406  * @param {Array} params associative array of parameters (ex. {'str': '130508235959Z'})
+1407  * @extends KJUR.asn1.ASN1Object
+1408  * @description
+1409  * <br/>
+1410  * <h4>EXAMPLES</h4>
+1411  * @example
+1412  * var t1 = new KJUR.asn1.x509.Time{'str': '130508235959Z'} // UTCTime by default
+1413  * var t2 = new KJUR.asn1.x509.Time{'type': 'gen',  'str': '20130508235959Z'} // GeneralizedTime
+1414  */
+1415 KJUR.asn1.x509.Time = function(params) {
+1416     KJUR.asn1.x509.Time.superclass.constructor.call(this);
+1417     var type = null;
+1418     var timeParams = null;
+1419 
+1420     this.setTimeParams = function(timeParams) {
+1421         this.timeParams = timeParams;
+1422     }
+1423 
+1424     this.getEncodedHex = function() {
+1425         if (this.timeParams == null) {
+1426             throw "timeParams shall be specified. ({'str':'130403235959Z'}}";
+1427         }
+1428         var o = null;
+1429         if (this.type == "utc") {
+1430             o = new KJUR.asn1.DERUTCTime(this.timeParams);
+1431         } else {
+1432             o = new KJUR.asn1.DERGeneralizedTime(this.timeParams);
+1433         }
+1434         this.TLV = o.getEncodedHex();
+1435         return this.TLV;
+1436     };
+1437     
+1438     this.type = "utc";
+1439     if (typeof params != "undefined") {
+1440         if (typeof params['type'] != "undefined") {
+1441             this.type = params['type'];
+1442         }
+1443         this.timeParams = params;
+1444     }
+1445 };
+1446 YAHOO.lang.extend(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object);
+1447 
+1448 /**
+1449  * AlgorithmIdentifier ASN.1 structure class
+1450  * @name KJUR.asn1.x509.AlgorithmIdentifier
+1451  * @class AlgorithmIdentifier ASN.1 structure class
+1452  * @param {Array} params associative array of parameters (ex. {'name': 'SHA1withRSA'})
+1453  * @extends KJUR.asn1.ASN1Object
+1454  * @description
+1455  * @example
+1456  */
+1457 KJUR.asn1.x509.AlgorithmIdentifier = function(params) {
+1458     KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);
+1459     var nameAlg = null;
+1460     var asn1Alg = null;
+1461     var asn1Params = null;
+1462     var paramEmpty = false;
+1463 
+1464     this.getEncodedHex = function() {
+1465         if (this.nameAlg == null && this.asn1Alg == null) {
+1466             throw "algorithm not specified";
+1467         }
+1468         if (this.nameAlg != null && this.asn1Alg == null) {
+1469             this.asn1Alg = KJUR.asn1.x509.OID.name2obj(this.nameAlg);
+1470         }
+1471         var a = [this.asn1Alg];
+1472         if (! this.paramEmpty) a.push(this.asn1Params);
+1473         var o = new KJUR.asn1.DERSequence({'array': a});
+1474         this.hTLV = o.getEncodedHex();
+1475         return this.hTLV;
+1476     };
+1477 
+1478     if (typeof params != "undefined") {
+1479         if (typeof params['name'] != "undefined") {
+1480             this.nameAlg = params['name'];
+1481         }
+1482         if (typeof params['asn1params'] != "undefined") {
+1483             this.asn1Params = params['asn1params'];
+1484         }
+1485         if (typeof params['paramempty'] != "undefined") {
+1486             this.paramEmpty = params['paramempty'];
+1487         }
+1488     }
+1489     if (this.asn1Params == null) {
+1490         this.asn1Params = new KJUR.asn1.DERNull();
+1491     }
+1492 };
+1493 YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object);
+1494 
+1495 /**
+1496  * GeneralName ASN.1 structure class
+1497  * @name KJUR.asn1.x509.GeneralName
+1498  * @class GeneralName ASN.1 structure class
+1499  * @description
+1500  * <br/>
+1501  * As for argument 'params' for constructor, you can specify one of
+1502  * following properties:
+1503  * <ul>
+1504  * <li>rfc822 - rfc822Name[1] (ex. user1@foo.com)</li>
+1505  * <li>dns - dNSName[2] (ex. foo.com)</li>
+1506  * <li>uri - uniformResourceIdentifier[6] (ex. http://foo.com/)</li>
+1507  * </ul>
+1508  * NOTE: Currently this only supports 'uniformResourceIdentifier'.
+1509  * <h4>EXAMPLE AND ASN.1 SYNTAX</h4>
+1510  * @example
+1511  * var gn = new KJUR.asn1.x509.GeneralName({'uri': 'http://aaa.com/'});
+1512  *
+1513  * GeneralName ::= CHOICE {
+1514  *         otherName                       [0]     OtherName,
+1515  *         rfc822Name                      [1]     IA5String,
+1516  *         dNSName                         [2]     IA5String,
+1517  *         x400Address                     [3]     ORAddress,
+1518  *         directoryName                   [4]     Name,
+1519  *         ediPartyName                    [5]     EDIPartyName,
+1520  *         uniformResourceIdentifier       [6]     IA5String,
+1521  *         iPAddress                       [7]     OCTET STRING,
+1522  *         registeredID                    [8]     OBJECT IDENTIFIER } 
+1523  */
+1524 KJUR.asn1.x509.GeneralName = function(params) {
+1525     KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);
+1526     var asn1Obj = null;
+1527     var type = null;
+1528     var pTag = {'rfc822': '81', 'dns': '82', 'uri': '86'};
+1529 
+1530     this.setByParam = function(params) {
+1531         var str = null;
+1532         var v = null;
+1533 
+1534         if (typeof params['rfc822'] != "undefined") {
+1535             this.type = 'rfc822';
+1536             v = new KJUR.asn1.DERIA5String({'str': params[this.type]});
+1537         }
+1538         if (typeof params['dns'] != "undefined") {
+1539             this.type = 'dns';
+1540             v = new KJUR.asn1.DERIA5String({'str': params[this.type]});
+1541         }
+1542         if (typeof params['uri'] != "undefined") {
+1543             this.type = 'uri';
+1544             v = new KJUR.asn1.DERIA5String({'str': params[this.type]});
+1545         }
+1546 
+1547         if (this.type == null)
+1548             throw "unsupported type in params=" + params;
+1549         this.asn1Obj = new KJUR.asn1.DERTaggedObject({'explicit': false,
+1550                                                       'tag': pTag[this.type],
+1551                                                       'obj': v});
+1552     };
+1553 
+1554     this.getEncodedHex = function() {
+1555         return this.asn1Obj.getEncodedHex();
+1556     }
+1557 
+1558     if (typeof params != "undefined") {
+1559         this.setByParam(params);
+1560     }
+1561 
+1562 };
+1563 YAHOO.lang.extend(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object);
+1564 
+1565 /**
+1566  * GeneralNames ASN.1 structure class
+1567  * @name KJUR.asn1.x509.GeneralNames
+1568  * @class GeneralNames ASN.1 structure class
+1569  * @description
+1570  * <br/>
+1571  * <h4>EXAMPLE AND ASN.1 SYNTAX</h4>
+1572  * @example
+1573  * var gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]); 
+1574  *
+1575  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+1576  */
+1577 KJUR.asn1.x509.GeneralNames = function(paramsArray) {
+1578     KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);
+1579     var asn1Array = null;
+1580 
+1581     /**
+1582      * set a array of {@link KJUR.asn1.x509.GeneralName} parameters
+1583      * @name setByParamArray
+1584      * @memberOf KJUR.asn1.x509.GeneralNames
+1585      * @function
+1586      * @param {Array} paramsArray Array of {@link KJUR.asn1.x509.GeneralNames}
+1587      * @description
+1588      * <br/>
+1589      * <h4>EXAMPLES</h4>
+1590      * @example
+1591      * var gns = new KJUR.asn1.x509.GeneralNames();
+1592      * gns.setByParamArray([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]);
+1593      */
+1594     this.setByParamArray = function(paramsArray) {
+1595         for (var i = 0; i < paramsArray.length; i++) {
+1596             var o = new KJUR.asn1.x509.GeneralName(paramsArray[i]);
+1597             this.asn1Array.push(o);
+1598         }
+1599     };
+1600 
+1601     this.getEncodedHex = function() {
+1602         var o = new KJUR.asn1.DERSequence({'array': this.asn1Array});
+1603         return o.getEncodedHex();
+1604     };
+1605 
+1606     this.asn1Array = new Array();
+1607     if (typeof paramsArray != "undefined") {
+1608         this.setByParamArray(paramsArray);
+1609     }
+1610 };
+1611 YAHOO.lang.extend(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object);
+1612 
+1613 /**
+1614  * DistributionPointName ASN.1 structure class
+1615  * @name KJUR.asn1.x509.DistributionPointName
+1616  * @class DistributionPointName ASN.1 structure class
+1617  * @description
+1618  * @example
+1619  */
+1620 KJUR.asn1.x509.DistributionPointName = function(gnOrRdn) {
+1621     KJUR.asn1.x509.DistributionPointName.superclass.constructor.call(this);
+1622     var asn1Obj = null;
+1623     var type = null;
+1624     var tag = null;
+1625     var asn1V = null;
+1626 
+1627     this.getEncodedHex = function() {
+1628         if (this.type != "full")
+1629             throw "currently type shall be 'full': " + this.type;
+1630         this.asn1Obj = new KJUR.asn1.DERTaggedObject({'explicit': false,
+1631                                                       'tag': this.tag,
+1632                                                       'obj': this.asn1V});
+1633         this.hTLV = this.asn1Obj.getEncodedHex();
+1634         return this.hTLV;
+1635     };
+1636 
+1637     if (typeof gnOrRdn != "undefined") {
+1638         if (KJUR.asn1.x509.GeneralNames.prototype.isPrototypeOf(gnOrRdn)) {
+1639             this.type = "full";
+1640             this.tag = "a0";
+1641             this.asn1V = gnOrRdn;
+1642         } else {
+1643             throw "This class supports GeneralNames only as argument";
+1644         }
+1645     }
+1646 };
+1647 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPointName, KJUR.asn1.ASN1Object);
+1648 
+1649 /**
+1650  * DistributionPoint ASN.1 structure class
+1651  * @name KJUR.asn1.x509.DistributionPoint
+1652  * @class DistributionPoint ASN.1 structure class
+1653  * @description
+1654  * @example
+1655  */
+1656 KJUR.asn1.x509.DistributionPoint = function(params) {
+1657     KJUR.asn1.x509.DistributionPoint.superclass.constructor.call(this);
+1658     var asn1DP = null;
+1659 
+1660     this.getEncodedHex = function() {
+1661         var seq = new KJUR.asn1.DERSequence();
+1662         if (this.asn1DP != null) {
+1663             var o1 = new KJUR.asn1.DERTaggedObject({'explicit': true,
+1664                                                     'tag': 'a0',
+1665                                                     'obj': this.asn1DP});
+1666             seq.appendASN1Object(o1);
+1667         }
+1668         this.hTLV = seq.getEncodedHex();
+1669         return this.hTLV;
+1670     };
+1671 
+1672     if (typeof params != "undefined") {
+1673         if (typeof params['dpobj'] != "undefined") {
+1674             this.asn1DP = params['dpobj'];
+1675         }
+1676     }
+1677 };
+1678 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPoint, KJUR.asn1.ASN1Object);
+1679 
+1680 /**
+1681  * static object for OID
+1682  * @name KJUR.asn1.x509.OID
+1683  * @class static object for OID
+1684  * @property {Assoc Array} atype2oidList for short attribyte type name and oid (i.e. 'C' and '2.5.4.6')
+1685  * @property {Assoc Array} name2oidList for oid name and oid (i.e. 'keyUsage' and '2.5.29.15')
+1686  * @property {Assoc Array} objCache for caching name and DERObjectIdentifier object 
+1687  * @description
+1688  * <dl>
+1689  * <dt><b>atype2oidList</b>
+1690  * <dd>currently supports 'C', 'O', 'OU', 'ST', 'L' and 'CN' only.
+1691  * <dt><b>name2oidList</b>
+1692  * <dd>currently supports 'SHA1withRSA', 'rsaEncryption' and some extension OIDs
+1693  * </dl>
+1694  * @example
+1695  */
+1696 KJUR.asn1.x509.OID = new function(params) {
+1697     this.atype2oidList = {
+1698         'C':    '2.5.4.6',
+1699         'O':    '2.5.4.10',
+1700         'OU':   '2.5.4.11',
+1701         'ST':   '2.5.4.8',
+1702         'L':    '2.5.4.7',
+1703         'CN':   '2.5.4.3',
+1704     };
+1705     this.name2oidList = {
+1706         'sha384':           '2.16.840.1.101.3.4.2.2',
+1707         'sha224':           '2.16.840.1.101.3.4.2.4',
+1708 
+1709         'MD2withRSA':           '1.2.840.113549.1.1.2',
+1710         'MD4withRSA':           '1.2.840.113549.1.1.3',
+1711         'MD5withRSA':           '1.2.840.113549.1.1.4',
+1712         'SHA1withRSA':          '1.2.840.113549.1.1.5',
+1713         'SHA224withRSA':        '1.2.840.113549.1.1.14',
+1714         'SHA256withRSA':        '1.2.840.113549.1.1.11',
+1715         'SHA384withRSA':        '1.2.840.113549.1.1.12',
+1716         'SHA512withRSA':        '1.2.840.113549.1.1.13',
+1717 
+1718         'SHA1withECDSA':        '1.2.840.10045.4.1',
+1719         'SHA224withECDSA':      '1.2.840.10045.4.3.1',
+1720         'SHA256withECDSA':      '1.2.840.10045.4.3.2',
+1721         'SHA384withECDSA':      '1.2.840.10045.4.3.3',
+1722         'SHA512withECDSA':      '1.2.840.10045.4.3.4',
+1723 
+1724         'dsa':              '1.2.840.10040.4.1',
+1725         'SHA1withDSA':          '1.2.840.10040.4.3',
+1726         'SHA224withDSA':        '2.16.840.1.101.3.4.3.1',
+1727         'SHA256withDSA':        '2.16.840.1.101.3.4.3.2',
+1728 
+1729         'rsaEncryption':        '1.2.840.113549.1.1.1',
+1730         'subjectKeyIdentifier':     '2.5.29.14',
+1731 
+1732         'countryName':          '2.5.4.6',
+1733         'organization':         '2.5.4.10',
+1734         'organizationalUnit':       '2.5.4.11',
+1735         'stateOrProvinceName':      '2.5.4.8',
+1736         'locality':         '2.5.4.7',
+1737         'commonName':           '2.5.4.3',
+1738 
+1739         'keyUsage':         '2.5.29.15',
+1740         'basicConstraints':     '2.5.29.19',
+1741         'cRLDistributionPoints':    '2.5.29.31',
+1742         'certificatePolicies':      '2.5.29.32',
+1743         'authorityKeyIdentifier':   '2.5.29.35',
+1744         'extKeyUsage':          '2.5.29.37',
+1745 
+1746         'anyExtendedKeyUsage':      '2.5.29.37.0',
+1747         'serverAuth':           '1.3.6.1.5.5.7.3.1',
+1748         'clientAuth':           '1.3.6.1.5.5.7.3.2',
+1749         'codeSigning':          '1.3.6.1.5.5.7.3.3',
+1750         'emailProtection':      '1.3.6.1.5.5.7.3.4',
+1751         'timeStamping':         '1.3.6.1.5.5.7.3.8',
+1752         'ocspSigning':          '1.3.6.1.5.5.7.3.9',
+1753 
+1754         'ecPublicKey':          '1.2.840.10045.2.1',
+1755         'secp256r1':            '1.2.840.10045.3.1.7',
+1756         'secp256k1':            '1.3.132.0.10',
+1757         'secp384r1':            '1.3.132.0.34',
+1758 
+1759         'pkcs5PBES2':           '1.2.840.113549.1.5.13',
+1760         'pkcs5PBKDF2':          '1.2.840.113549.1.5.12',
+1761 
+1762         'des-EDE3-CBC':         '1.2.840.113549.3.7',
+1763     };
 1764 
-1765     if (param.subject !== undefined)
-1766 	o.setSubjectByParam(param.subject);
-1767     else
-1768 	throw "subject name undefined.";
-1769 
-1770     if (param.sbjpubkey !== undefined)
-1771 	o.setSubjectPublicKeyByGetKey(param.sbjpubkey);
-1772     else
-1773 	throw "subject public key undefined.";
-1774 
-1775     if (param.ext.length !== undefined) {
-1776 	for (var i = 0; i < param.ext.length; i++) {
-1777 	    for (key in param.ext[i]) {
-1778 		o.appendExtensionByName(key, param.ext[i][key]);
-1779 	    }
-1780 	}
-1781     }
-1782 
-1783     var caKey = null;
-1784     if (param.cakey)
-1785 	caKey = KEYUTIL.getKey.apply(null, param.cakey);
-1786     else
-1787 	throw "ca key undefined";
-1788 
-1789     var cert = new ns1.Certificate({'tbscertobj': o, 'prvkeyobj': caKey});
-1790     cert.sign();
-1791     return cert.getPEMString();
-1792 };
-1793 
-1794 /*
-1795 org.bouncycastle.asn1.x500
-1796 AttributeTypeAndValue
-1797 DirectoryString
-1798 RDN
-1799 X500Name
-1800 X500NameBuilder
-1801 
-1802 org.bouncycastleasn1.x509
-1803 TBSCertificate
-1804  */
-1805 
    
\ No newline at end of file
+1765         this.objCache = {};
+1766 
+1767     /**
+1768      * get DERObjectIdentifier by registered OID name
+1769      * @name name2obj
+1770      * @memberOf KJUR.asn1.x509.OID
+1771      * @function
+1772      * @param {String} name OID
+1773      * @description
+1774      * @example
+1775      * var asn1ObjOID = OID.name2obj('SHA1withRSA');
+1776      */
+1777     this.name2obj = function(name) {
+1778         if (typeof this.objCache[name] != "undefined")
+1779             return this.objCache[name];
+1780         if (typeof this.name2oidList[name] == "undefined")
+1781             throw "Name of ObjectIdentifier not defined: " + name;
+1782         var oid = this.name2oidList[name];
+1783         var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
+1784         this.objCache[name] = obj;
+1785         return obj;
+1786     };
+1787 
+1788     /**
+1789      * get DERObjectIdentifier by registered attribyte type name such like 'C' or 'CN'
+1790      * @name atype2obj
+1791      * @memberOf KJUR.asn1.x509.OID
+1792      * @function
+1793      * @param {String} atype short attribute type name such like 'C' or 'CN'
+1794      * @description
+1795      * @example
+1796      * var asn1ObjOID = OID.atype2obj('CN');
+1797      */
+1798     this.atype2obj = function(atype) {
+1799         if (typeof this.objCache[atype] != "undefined")
+1800             return this.objCache[atype];
+1801         if (typeof this.atype2oidList[atype] == "undefined")
+1802             throw "AttributeType name undefined: " + atype;
+1803         var oid = this.atype2oidList[atype];
+1804         var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
+1805         this.objCache[atype] = obj;
+1806         return obj;
+1807     };
+1808 };
+1809 
+1810 /**
+1811  * X.509 certificate and CRL utilities class
+1812  * @name KJUR.asn1.x509.X509Util
+1813  * @class X.509 certificate and CRL utilities class
+1814  */
+1815 KJUR.asn1.x509.X509Util = new function() {
+1816     /**
+1817      * get PKCS#8 PEM public key string from RSAKey object
+1818      * @name getPKCS8PubKeyPEMfromRSAKey
+1819      * @memberOf KJUR.asn1.x509.X509Util
+1820      * @function
+1821      * @param {RSAKey} rsaKey RSA public key of {@link RSAKey} object
+1822      * @description
+1823      * @example
+1824      * var pem = KJUR.asn1.x509.X509Util.getPKCS8PubKeyPEMfromRSAKey(pubKey);
+1825      */
+1826     this.getPKCS8PubKeyPEMfromRSAKey = function(rsaKey) {
+1827         var pem = null;
+1828         var hN = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(rsaKey.n);
+1829         var hE = KJUR.asn1.ASN1Util.integerToByteHex(rsaKey.e);
+1830         var iN = new KJUR.asn1.DERInteger({hex: hN});
+1831         var iE = new KJUR.asn1.DERInteger({hex: hE});
+1832         var asn1PubKey = new KJUR.asn1.DERSequence({array: [iN, iE]});
+1833         var hPubKey = asn1PubKey.getEncodedHex();
+1834         var o1 = new KJUR.asn1.x509.AlgorithmIdentifier({name: 'rsaEncryption'});
+1835         var o2 = new KJUR.asn1.DERBitString({hex: '00' + hPubKey});
+1836         var seq = new KJUR.asn1.DERSequence({array: [o1, o2]});
+1837         var hP8 = seq.getEncodedHex();
+1838         var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(hP8, "PUBLIC KEY");
+1839         return pem;
+1840     };
+1841 };
+1842 /**
+1843  * issue a certificate in PEM format
+1844  * @name newCertPEM
+1845  * @memberOf KJUR.asn1.x509.X509Util
+1846  * @function
+1847  * @param {Array} param parameter to issue a certificate
+1848  * @since asn1x509 1.0.6
+1849  * @description
+1850  * This method can issue a certificate by a simple
+1851  * JSON object.
+1852  * Signature value will be provided by signing with 
+1853  * private key using 'cakey' parameter or 
+1854  * hexa decimal signature value by 'sighex' parameter.
+1855  *
+1856  * NOTE: When using DSA or ECDSA CA signing key,
+1857  * use 'paramempty' in 'sigalg' to ommit parameter field
+1858  * of AlgorithmIdentifer. In case of RSA, parameter
+1859  * NULL will be specified by default.
+1860  *
+1861  * @example
+1862  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM(
+1863  * { serial: {int: 4},
+1864  *   sigalg: {name: 'SHA1withECDSA', paramempty: true},
+1865  *   issuer: {str: '/C=US/O=a'},
+1866  *   notbefore: {'str': '130504235959Z'},
+1867  *   notafter: {'str': '140504235959Z'},
+1868  *   subject: {str: '/C=US/O=b'},
+1869  *   sbjpubkey: pubKeyPEM,
+1870  *   ext: [
+1871  *     {basicConstraints: {cA: true, critical: true}},
+1872  *     {keyUsage: {bin: '11'}},
+1873  *   ],
+1874  *   cakey: [prvkey, pass]}
+1875  * );
+1876  * // -- or --
+1877  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM(
+1878  * { serial: {int: 1},
+1879  *   sigalg: {name: 'SHA1withRSA', paramempty: true},
+1880  *   issuer: {str: '/C=US/O=T1'},
+1881  *   notbefore: {'str': '130504235959Z'},
+1882  *   notafter: {'str': '140504235959Z'},
+1883  *   subject: {str: '/C=US/O=T1'},
+1884  *   sbjpubkey: pubKeyObj,
+1885  *   sighex: '0102030405..'}
+1886  * );
+1887  */
+1888 KJUR.asn1.x509.X509Util.newCertPEM = function(param) {
+1889     var ns1 = KJUR.asn1.x509;
+1890     var o = new ns1.TBSCertificate();
+1891 
+1892     if (param.serial !== undefined)
+1893         o.setSerialNumberByParam(param.serial);
+1894     else
+1895         throw "serial number undefined.";
+1896 
+1897     if (typeof param.sigalg.name == 'string')
+1898         o.setSignatureAlgByParam(param.sigalg);
+1899     else 
+1900         throw "unproper signature algorithm name";
+1901 
+1902     if (param.issuer !== undefined)
+1903         o.setIssuerByParam(param.issuer);
+1904     else
+1905         throw "issuer name undefined.";
+1906     
+1907     if (param.notbefore !== undefined)
+1908         o.setNotBeforeByParam(param.notbefore);
+1909     else
+1910         throw "notbefore undefined.";
+1911 
+1912     if (param.notafter !== undefined)
+1913         o.setNotAfterByParam(param.notafter);
+1914     else
+1915         throw "notafter undefined.";
+1916 
+1917     if (param.subject !== undefined)
+1918         o.setSubjectByParam(param.subject);
+1919     else
+1920         throw "subject name undefined.";
+1921 
+1922     if (param.sbjpubkey !== undefined)
+1923         o.setSubjectPublicKeyByGetKey(param.sbjpubkey);
+1924     else
+1925         throw "subject public key undefined.";
+1926 
+1927     if (param.ext !== undefined && param.ext.length !== undefined) {
+1928         for (var i = 0; i < param.ext.length; i++) {
+1929             for (key in param.ext[i]) {
+1930                 o.appendExtensionByName(key, param.ext[i][key]);
+1931             }
+1932         }
+1933     }
+1934 
+1935 	// set signature
+1936 	if (param.cakey === undefined && param.sighex === undefined)
+1937 		throw "param cakey and sighex undefined.";
+1938 
+1939     var caKey = null;
+1940 	var cert = null;
+1941 
+1942     if (param.cakey) {
+1943         caKey = KEYUTIL.getKey.apply(null, param.cakey);
+1944 		cert = new ns1.Certificate({'tbscertobj': o, 'prvkeyobj': caKey});
+1945 		cert.sign();
+1946 	}
+1947 
+1948 	if (param.sighex) {
+1949 		cert = new ns1.Certificate({'tbscertobj': o});
+1950 		cert.setSignatureHex(param.sighex);
+1951 	}
+1952 
+1953     return cert.getPEMString();
+1954 };
+1955 
+1956 /*
+1957   org.bouncycastle.asn1.x500
+1958   AttributeTypeAndValue
+1959   DirectoryString
+1960   RDN
+1961   X500Name
+1962   X500NameBuilder
+1963 
+1964   org.bouncycastleasn1.x509
+1965   TBSCertificate
+1966 */
+1967
    \ No newline at end of file diff --git a/api/symbols/src/keyutil-1.0.js.html b/api/symbols/src/keyutil-1.0.js.html index 2519f8c7..2e4f9a00 100755 --- a/api/symbols/src/keyutil-1.0.js.html +++ b/api/symbols/src/keyutil-1.0.js.html @@ -5,12 +5,12 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
      1 /*! keyutil-1.0.4.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
      1 /*! keyutil-1.0.5.js (c) 2013-2014 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * keyutil.js - key utility for PKCS#1/5/8 PEM, RSA/DSA/ECDSA key object
   5  *
-  6  * Copyright (c) 2013 Kenji Urushima (kenji.urushima@gmail.com)
+  6  * Copyright (c) 2013-2014 Kenji Urushima (kenji.urushima@gmail.com)
   7  *
   8  * This software is licensed under the terms of the MIT License.
   9  * http://kjur.github.com/jsrsasign/license
@@ -22,7 +22,7 @@
  15  * @fileOverview
  16  * @name keyutil-1.0.js
  17  * @author Kenji Urushima kenji.urushima@gmail.com
- 18  * @version keyutil 1.0.4 (2013-Oct-11)
+ 18  * @version keyutil 1.0.5 (2014-Apr-18)
  19  * @since jsrsasign 4.1.4
  20  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
  21  */
@@ -88,20 +88,20 @@
  81  */
  82 /*
  83  * DEPRECATED METHODS
- 84  * GET P8
+ 84  * GET PKCS8
  85  * KEYUTIL.getRSAKeyFromPlainPKCS8PEM
  86  * KEYUTIL.getRSAKeyFromPlainPKCS8Hex
  87  * KEYUTIL.getRSAKeyFromEncryptedPKCS8PEM
  88  * P8 UTIL (make internal use)
  89  * KEYUTIL.getPlainPKCS8HexFromEncryptedPKCS8PEM
- 90  * GET P8 PUB
+ 90  * GET PKCS8 PUB
  91  * KEYUTIL.getKeyFromPublicPKCS8PEM
  92  * KEYUTIL.getKeyFromPublicPKCS8Hex
  93  * KEYUTIL.getRSAKeyFromPublicPKCS8PEM
  94  * KEYUTIL.getRSAKeyFromPublicPKCS8Hex
- 95  * GET P5
+ 95  * GET PKCS5
  96  * KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM
- 97  * PUT P5
+ 97  * PUT PKCS5
  98  * KEYUTIL.getEncryptedPKCS5PEMFromRSAKey
  99  * OTHER METHODS (FOR INTERNAL?)
 100  * KEYUTIL.getHexFromPEM
@@ -113,131 +113,131 @@
 106     // *****************************************************************
 107     // shared key decryption ------------------------------------------
 108     var decryptAES = function(dataHex, keyHex, ivHex) {
-109 	return decryptGeneral(CryptoJS.AES, dataHex, keyHex, ivHex);
+109 		return decryptGeneral(CryptoJS.AES, dataHex, keyHex, ivHex);
 110     };
 111 
 112     var decrypt3DES = function(dataHex, keyHex, ivHex) {
-113 	return decryptGeneral(CryptoJS.TripleDES, dataHex, keyHex, ivHex);
+113 		return decryptGeneral(CryptoJS.TripleDES, dataHex, keyHex, ivHex);
 114     };
 115 
 116     var decryptDES = function(dataHex, keyHex, ivHex) {
-117 	return decryptGeneral(CryptoJS.DES, dataHex, keyHex, ivHex);
+117 		return decryptGeneral(CryptoJS.DES, dataHex, keyHex, ivHex);
 118     };
 119 
 120     var decryptGeneral = function(f, dataHex, keyHex, ivHex) {
-121 	var data = CryptoJS.enc.Hex.parse(dataHex);
-122 	var key = CryptoJS.enc.Hex.parse(keyHex);
-123 	var iv = CryptoJS.enc.Hex.parse(ivHex);
-124 	var encrypted = {};
-125 	encrypted.key = key;
-126 	encrypted.iv = iv;
-127 	encrypted.ciphertext = data;
-128 	var decrypted = f.decrypt(encrypted, key, { iv: iv });
-129 	return CryptoJS.enc.Hex.stringify(decrypted);
+121 		var data = CryptoJS.enc.Hex.parse(dataHex);
+122 		var key = CryptoJS.enc.Hex.parse(keyHex);
+123 		var iv = CryptoJS.enc.Hex.parse(ivHex);
+124 		var encrypted = {};
+125 		encrypted.key = key;
+126 		encrypted.iv = iv;
+127 		encrypted.ciphertext = data;
+128 		var decrypted = f.decrypt(encrypted, key, { iv: iv });
+129 		return CryptoJS.enc.Hex.stringify(decrypted);
 130     };
 131 
 132     // shared key decryption ------------------------------------------
 133     var encryptAES = function(dataHex, keyHex, ivHex) {
-134 	return encryptGeneral(CryptoJS.AES, dataHex, keyHex, ivHex);
+134 		return encryptGeneral(CryptoJS.AES, dataHex, keyHex, ivHex);
 135     };
 136 
 137     var encrypt3DES = function(dataHex, keyHex, ivHex) {
-138 	return encryptGeneral(CryptoJS.TripleDES, dataHex, keyHex, ivHex);
+138 		return encryptGeneral(CryptoJS.TripleDES, dataHex, keyHex, ivHex);
 139     };
 140 
 141     var encryptDES = function(dataHex, keyHex, ivHex) {
-142 	return encryptGeneral(CryptoJS.DES, dataHex, keyHex, ivHex);
+142 		return encryptGeneral(CryptoJS.DES, dataHex, keyHex, ivHex);
 143     };
 144 
 145     var encryptGeneral = function(f, dataHex, keyHex, ivHex) {
-146 	var data = CryptoJS.enc.Hex.parse(dataHex);
-147 	var key = CryptoJS.enc.Hex.parse(keyHex);
-148 	var iv = CryptoJS.enc.Hex.parse(ivHex);
-149 	var encryptedHex = f.encrypt(data, key, { iv: iv });
+146 		var data = CryptoJS.enc.Hex.parse(dataHex);
+147 		var key = CryptoJS.enc.Hex.parse(keyHex);
+148 		var iv = CryptoJS.enc.Hex.parse(ivHex);
+149 		var encryptedHex = f.encrypt(data, key, { iv: iv });
 150         var encryptedWA = CryptoJS.enc.Hex.parse(encryptedHex.toString());
 151         var encryptedB64 = CryptoJS.enc.Base64.stringify(encryptedWA);
-152 	return encryptedB64;
+152 		return encryptedB64;
 153     };
 154 
 155     // other methods and properties ----------------------------------------
 156     var ALGLIST = {
-157 	'AES-256-CBC':  { 'proc': decryptAES,  'eproc': encryptAES,  keylen: 32, ivlen: 16 },
-158 	'AES-192-CBC':  { 'proc': decryptAES,  'eproc': encryptAES,  keylen: 24, ivlen: 16 },
-159 	'AES-128-CBC':  { 'proc': decryptAES,  'eproc': encryptAES,  keylen: 16, ivlen: 16 },
-160 	'DES-EDE3-CBC': { 'proc': decrypt3DES, 'eproc': encrypt3DES, keylen: 24, ivlen: 8 },
-161 	'DES-CBC':      { 'proc': decryptDES,  'eproc': encryptDES,  keylen: 8,  ivlen: 8 }
+157 		'AES-256-CBC':  { 'proc': decryptAES,  'eproc': encryptAES,  keylen: 32, ivlen: 16 },
+158 		'AES-192-CBC':  { 'proc': decryptAES,  'eproc': encryptAES,  keylen: 24, ivlen: 16 },
+159 		'AES-128-CBC':  { 'proc': decryptAES,  'eproc': encryptAES,  keylen: 16, ivlen: 16 },
+160 		'DES-EDE3-CBC': { 'proc': decrypt3DES, 'eproc': encrypt3DES, keylen: 24, ivlen: 8 },
+161 		'DES-CBC':      { 'proc': decryptDES,  'eproc': encryptDES,  keylen: 8,  ivlen: 8 }
 162     };
 163 
 164     var getFuncByName = function(algName) {
-165 	return ALGLIST[algName]['proc'];
+165 		return ALGLIST[algName]['proc'];
 166     };
 167 
 168     var _generateIvSaltHex = function(numBytes) {
-169 	var wa = CryptoJS.lib.WordArray.random(numBytes);
-170 	var hex = CryptoJS.enc.Hex.stringify(wa);
-171 	return hex;
+169 		var wa = CryptoJS.lib.WordArray.random(numBytes);
+170 		var hex = CryptoJS.enc.Hex.stringify(wa);
+171 		return hex;
 172     };
 173 
 174     var _parsePKCS5PEM = function(sPKCS5PEM) {
-175 	var info = {};
-176 	if (sPKCS5PEM.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)", "m"))) {
-177 	    info.cipher = RegExp.$1;
-178 	    info.ivsalt = RegExp.$2;
-179 	}
-180 	if (sPKCS5PEM.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"))) {
-181 	    info.type = RegExp.$1;
-182 	}
-183 	var i1 = -1;
-184 	var lenNEWLINE = 0;
-185 	if (sPKCS5PEM.indexOf("\r\n\r\n") != -1) {
-186 	    i1 = sPKCS5PEM.indexOf("\r\n\r\n");
-187 	    lenNEWLINE = 2;
-188 	}
-189 	if (sPKCS5PEM.indexOf("\n\n") != -1) {
-190 	    i1 = sPKCS5PEM.indexOf("\n\n");
-191 	    lenNEWLINE = 1;
-192 	}
-193 	var i2 = sPKCS5PEM.indexOf("-----END");
-194 	if (i1 != -1 && i2 != -1) {
-195 	    var s = sPKCS5PEM.substring(i1 + lenNEWLINE * 2, i2 - lenNEWLINE);
-196 	    s = s.replace(/\s+/g, '');
-197 	    info.data = s;
-198 	}
-199 	return info;
+175 		var info = {};
+176 		if (sPKCS5PEM.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)", "m"))) {
+177 			info.cipher = RegExp.$1;
+178 			info.ivsalt = RegExp.$2;
+179 		}
+180 		if (sPKCS5PEM.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"))) {
+181 			info.type = RegExp.$1;
+182 		}
+183 		var i1 = -1;
+184 		var lenNEWLINE = 0;
+185 		if (sPKCS5PEM.indexOf("\r\n\r\n") != -1) {
+186 			i1 = sPKCS5PEM.indexOf("\r\n\r\n");
+187 			lenNEWLINE = 2;
+188 		}
+189 		if (sPKCS5PEM.indexOf("\n\n") != -1) {
+190 			i1 = sPKCS5PEM.indexOf("\n\n");
+191 			lenNEWLINE = 1;
+192 		}
+193 		var i2 = sPKCS5PEM.indexOf("-----END");
+194 		if (i1 != -1 && i2 != -1) {
+195 			var s = sPKCS5PEM.substring(i1 + lenNEWLINE * 2, i2 - lenNEWLINE);
+196 			s = s.replace(/\s+/g, '');
+197 			info.data = s;
+198 		}
+199 		return info;
 200     };
 201 
 202     var _getKeyAndUnusedIvByPasscodeAndIvsalt = function(algName, passcode, ivsaltHex) {
-203 	//alert("ivsaltHex(2) = " + ivsaltHex);
-204 	var saltHex = ivsaltHex.substring(0, 16);
-205 	//alert("salt = " + saltHex);
+203 		//alert("ivsaltHex(2) = " + ivsaltHex);
+204 		var saltHex = ivsaltHex.substring(0, 16);
+205 		//alert("salt = " + saltHex);
 206 	    
-207 	var salt = CryptoJS.enc.Hex.parse(saltHex);
-208 	var data = CryptoJS.enc.Utf8.parse(passcode);
-209 	//alert("salt = " + salt);
-210 	//alert("data = " + data);
+207 		var salt = CryptoJS.enc.Hex.parse(saltHex);
+208 		var data = CryptoJS.enc.Utf8.parse(passcode);
+209 		//alert("salt = " + salt);
+210 		//alert("data = " + data);
 211 
-212 	var nRequiredBytes = ALGLIST[algName]['keylen'] + ALGLIST[algName]['ivlen'];
-213 	var hHexValueJoined = '';
-214 	var hLastValue = null;
-215 	//alert("nRequiredBytes = " + nRequiredBytes);
-216 	for (;;) {
-217 	    var h = CryptoJS.algo.MD5.create();
-218 	    if (hLastValue != null) {
-219 		h.update(hLastValue);
-220 	    }
-221 	    h.update(data);
-222 	    h.update(salt);
-223 	    hLastValue = h.finalize();
-224 	    hHexValueJoined = hHexValueJoined + CryptoJS.enc.Hex.stringify(hLastValue);
-225 	    //alert("joined = " + hHexValueJoined);
-226 	    if (hHexValueJoined.length >= nRequiredBytes * 2) {
-227 		break;
-228 	    }
-229 	}
-230 	var result = {};
-231 	result.keyhex = hHexValueJoined.substr(0, ALGLIST[algName]['keylen'] * 2);
-232 	result.ivhex = hHexValueJoined.substr(ALGLIST[algName]['keylen'] * 2, ALGLIST[algName]['ivlen'] * 2);
-233 	return result;
+212 		var nRequiredBytes = ALGLIST[algName]['keylen'] + ALGLIST[algName]['ivlen'];
+213 		var hHexValueJoined = '';
+214 		var hLastValue = null;
+215 		//alert("nRequiredBytes = " + nRequiredBytes);
+216 		for (;;) {
+217 			var h = CryptoJS.algo.MD5.create();
+218 			if (hLastValue != null) {
+219 				h.update(hLastValue);
+220 			}
+221 			h.update(data);
+222 			h.update(salt);
+223 			hLastValue = h.finalize();
+224 			hHexValueJoined = hHexValueJoined + CryptoJS.enc.Hex.stringify(hLastValue);
+225 			//alert("joined = " + hHexValueJoined);
+226 			if (hHexValueJoined.length >= nRequiredBytes * 2) {
+227 				break;
+228 			}
+229 		}
+230 		var result = {};
+231 		result.keyhex = hHexValueJoined.substr(0, ALGLIST[algName]['keylen'] * 2);
+232 		result.ivhex = hHexValueJoined.substr(ALGLIST[algName]['keylen'] * 2, ALGLIST[algName]['ivlen'] * 2);
+233 		return result;
 234     };
 235 
 236     /*
@@ -248,11 +248,11 @@
 241      * @param {String} hexadecimal string of decrypted private key
 242      */
 243     var _decryptKeyB64 = function(privateKeyB64, sharedKeyAlgName, sharedKeyHex, ivsaltHex) {
-244 	var privateKeyWA = CryptoJS.enc.Base64.parse(privateKeyB64);
-245 	var privateKeyHex = CryptoJS.enc.Hex.stringify(privateKeyWA);
-246 	var f = ALGLIST[sharedKeyAlgName]['proc'];
-247 	var decryptedKeyHex = f(privateKeyHex, sharedKeyHex, ivsaltHex);
-248 	return decryptedKeyHex;
+244 		var privateKeyWA = CryptoJS.enc.Base64.parse(privateKeyB64);
+245 		var privateKeyHex = CryptoJS.enc.Hex.stringify(privateKeyWA);
+246 		var f = ALGLIST[sharedKeyAlgName]['proc'];
+247 		var decryptedKeyHex = f(privateKeyHex, sharedKeyHex, ivsaltHex);
+248 		return decryptedKeyHex;
 249     };
 250     
 251     /*
@@ -263,9 +263,9 @@
 256      * @param {String} base64 string of encrypted private key
 257      */
 258     var _encryptKeyHex = function(privateKeyHex, sharedKeyAlgName, sharedKeyHex, ivsaltHex) {
-259 	var f = ALGLIST[sharedKeyAlgName]['eproc'];
-260 	var encryptedKeyB64 = f(privateKeyHex, sharedKeyHex, ivsaltHex);
-261 	return encryptedKeyB64;
+259 		var f = ALGLIST[sharedKeyAlgName]['eproc'];
+260 		var encryptedKeyB64 = f(privateKeyHex, sharedKeyHex, ivsaltHex);
+261 		return encryptedKeyB64;
 262     };
 263 
 264     // *****************************************************************
@@ -273,558 +273,558 @@
 266     // *****************************************************************
 267     return {
 268         // -- UTILITY METHODS ------------------------------------------------------------
-269 	/**
+269 		/**
 270          * decrypt private key by shared key
-271 	 * @name version
-272 	 * @memberOf KEYUTIL
-273 	 * @property {String} version
-274 	 * @description version string of KEYUTIL class
-275 	 */
-276 	version: "1.0.0",
+271 		 * @name version
+272 		 * @memberOf KEYUTIL
+273 		 * @property {String} version
+274 		 * @description version string of KEYUTIL class
+275 		 */
+276 		version: "1.0.0",
 277 
-278 	/**
+278 		/**
 279          * get hexacedimal string of PEM format
-280 	 * @name getHexFromPEM
-281 	 * @memberOf KEYUTIL
-282 	 * @function
-283 	 * @param {String} sPEM PEM formatted string
-284 	 * @param {String} sHead PEM header string without BEGIN/END
-285 	 * @return {String} hexadecimal string data of PEM contents
-286 	 * @since pkcs5pkey 1.0.5
-287 	 */
+280 		 * @name getHexFromPEM
+281 		 * @memberOf KEYUTIL
+282 		 * @function
+283 		 * @param {String} sPEM PEM formatted string
+284 		 * @param {String} sHead PEM header string without BEGIN/END
+285 		 * @return {String} hexadecimal string data of PEM contents
+286 		 * @since pkcs5pkey 1.0.5
+287 		 */
 288         getHexFromPEM: function(sPEM, sHead) {
-289 	    var s = sPEM;
-290 	    if (s.indexOf("BEGIN " + sHead) == -1) {
-291 		throw "can't find PEM header: " + sHead;
-292 	    }
-293 	    s = s.replace("-----BEGIN " + sHead + "-----", "");
-294 	    s = s.replace("-----END " + sHead + "-----", "");
-295 	    var sB64 = s.replace(/\s+/g, '');
+289 			var s = sPEM;
+290 			if (s.indexOf("BEGIN " + sHead) == -1) {
+291 				throw "can't find PEM header: " + sHead;
+292 			}
+293 			s = s.replace("-----BEGIN " + sHead + "-----", "");
+294 			s = s.replace("-----END " + sHead + "-----", "");
+295 			var sB64 = s.replace(/\s+/g, '');
 296             var dataHex = b64tohex(sB64);
-297 	    return dataHex;
-298 	},
+297 			return dataHex;
+298 		},
 299 
-300 	/**
+300 		/**
 301          * decrypt private key by shared key
-302 	 * @name getDecryptedKeyHexByKeyIV
-303 	 * @memberOf KEYUTIL
-304 	 * @function
-305 	 * @param {String} encryptedKeyHex hexadecimal string of encrypted private key
-306 	 * @param {String} algName name of symmetric key algorithm (ex. 'DES-EBE3-CBC')
-307 	 * @param {String} sharedKeyHex hexadecimal string of symmetric key
-308 	 * @param {String} ivHex hexadecimal string of initial vector(IV).
-309 	 * @return {String} hexadecimal string of decrypted privated key
-310 	 */
-311 	getDecryptedKeyHexByKeyIV: function(encryptedKeyHex, algName, sharedKeyHex, ivHex) {
-312 	    var f1 = getFuncByName(algName);
-313 	    return f1(encryptedKeyHex, sharedKeyHex, ivHex);
-314 	},
+302 		 * @name getDecryptedKeyHexByKeyIV
+303 		 * @memberOf KEYUTIL
+304 		 * @function
+305 		 * @param {String} encryptedKeyHex hexadecimal string of encrypted private key
+306 		 * @param {String} algName name of symmetric key algorithm (ex. 'DES-EBE3-CBC')
+307 		 * @param {String} sharedKeyHex hexadecimal string of symmetric key
+308 		 * @param {String} ivHex hexadecimal string of initial vector(IV).
+309 		 * @return {String} hexadecimal string of decrypted privated key
+310 		 */
+311 		getDecryptedKeyHexByKeyIV: function(encryptedKeyHex, algName, sharedKeyHex, ivHex) {
+312 			var f1 = getFuncByName(algName);
+313 			return f1(encryptedKeyHex, sharedKeyHex, ivHex);
+314 		},
 315 
-316 	/**
+316 		/**
 317          * parse PEM formatted passcode protected PKCS#5 private key
-318 	 * @name parsePKCS5PEM
-319 	 * @memberOf KEYUTIL
-320 	 * @function
-321 	 * @param {String} sEncryptedPEM PEM formatted protected passcode protected PKCS#5 private key
-322 	 * @return {Hash} hash of key information
-323 	 * @description
+318 		 * @name parsePKCS5PEM
+319 		 * @memberOf KEYUTIL
+320 		 * @function
+321 		 * @param {String} sEncryptedPEM PEM formatted protected passcode protected PKCS#5 private key
+322 		 * @return {Hash} hash of key information
+323 		 * @description
 324          * Resulted hash has following attributes.
-325 	 * <ul>
-326 	 * <li>cipher - symmetric key algorithm name (ex. 'DES-EBE3-CBC', 'AES-256-CBC')</li>
-327 	 * <li>ivsalt - IV used for decrypt. Its heading 8 bytes will be used for passcode salt.</li>
-328 	 * <li>type - asymmetric key algorithm name of private key described in PEM header.</li>
-329 	 * <li>data - base64 encoded encrypted private key.</li>
-330 	 * </ul>
+325 		 * <ul>
+326 		 * <li>cipher - symmetric key algorithm name (ex. 'DES-EBE3-CBC', 'AES-256-CBC')</li>
+327 		 * <li>ivsalt - IV used for decrypt. Its heading 8 bytes will be used for passcode salt.</li>
+328 		 * <li>type - asymmetric key algorithm name of private key described in PEM header.</li>
+329 		 * <li>data - base64 encoded encrypted private key.</li>
+330 		 * </ul>
 331          *
-332 	 */
+332 		 */
 333         parsePKCS5PEM: function(sPKCS5PEM) {
-334 	    return _parsePKCS5PEM(sPKCS5PEM);
-335 	},
+334 			return _parsePKCS5PEM(sPKCS5PEM);
+335 		},
 336 
-337 	/**
+337 		/**
 338          * the same function as OpenSSL EVP_BytsToKey to generate shared key and IV
-339 	 * @name getKeyAndUnusedIvByPasscodeAndIvsalt
-340 	 * @memberOf KEYUTIL
-341 	 * @function
-342 	 * @param {String} algName name of symmetric key algorithm (ex. 'DES-EBE3-CBC')
-343 	 * @param {String} passcode passcode to decrypt private key (ex. 'password')
-344 	 * @param {String} hexadecimal string of IV. heading 8 bytes will be used for passcode salt
-345 	 * @return {Hash} hash of key and unused IV (ex. {keyhex:2fe3..., ivhex:3fad..})
-346 	 */
-347 	getKeyAndUnusedIvByPasscodeAndIvsalt: function(algName, passcode, ivsaltHex) {
-348 	    return _getKeyAndUnusedIvByPasscodeAndIvsalt(algName, passcode, ivsaltHex);
-349 	},
+339 		 * @name getKeyAndUnusedIvByPasscodeAndIvsalt
+340 		 * @memberOf KEYUTIL
+341 		 * @function
+342 		 * @param {String} algName name of symmetric key algorithm (ex. 'DES-EBE3-CBC')
+343 		 * @param {String} passcode passcode to decrypt private key (ex. 'password')
+344 		 * @param {String} hexadecimal string of IV. heading 8 bytes will be used for passcode salt
+345 		 * @return {Hash} hash of key and unused IV (ex. {keyhex:2fe3..., ivhex:3fad..})
+346 		 */
+347 		getKeyAndUnusedIvByPasscodeAndIvsalt: function(algName, passcode, ivsaltHex) {
+348 			return _getKeyAndUnusedIvByPasscodeAndIvsalt(algName, passcode, ivsaltHex);
+349 		},
 350 
 351         decryptKeyB64: function(privateKeyB64, sharedKeyAlgName, sharedKeyHex, ivsaltHex) {
-352 	    return _decryptKeyB64(privateKeyB64, sharedKeyAlgName, sharedKeyHex, ivsaltHex);
+352 			return _decryptKeyB64(privateKeyB64, sharedKeyAlgName, sharedKeyHex, ivsaltHex);
 353         },
 354 
-355 	/**
+355 		/**
 356          * decrypt PEM formatted protected PKCS#5 private key with passcode
-357 	 * @name getDecryptedKeyHex
-358 	 * @memberOf KEYUTIL
-359 	 * @function
-360 	 * @param {String} sEncryptedPEM PEM formatted protected passcode protected PKCS#5 private key
-361 	 * @param {String} passcode passcode to decrypt private key (ex. 'password')
-362 	 * @return {String} hexadecimal string of decrypted RSA priavte key
-363 	 */
-364 	getDecryptedKeyHex: function(sEncryptedPEM, passcode) {
-365 	    // 1. parse pem
-366 	    var info = _parsePKCS5PEM(sEncryptedPEM);
-367 	    var publicKeyAlgName = info.type;
-368 	    var sharedKeyAlgName = info.cipher;
-369 	    var ivsaltHex = info.ivsalt;
-370 	    var privateKeyB64 = info.data;
-371 	    //alert("ivsaltHex = " + ivsaltHex);
+357 		 * @name getDecryptedKeyHex
+358 		 * @memberOf KEYUTIL
+359 		 * @function
+360 		 * @param {String} sEncryptedPEM PEM formatted protected passcode protected PKCS#5 private key
+361 		 * @param {String} passcode passcode to decrypt private key (ex. 'password')
+362 		 * @return {String} hexadecimal string of decrypted RSA priavte key
+363 		 */
+364 		getDecryptedKeyHex: function(sEncryptedPEM, passcode) {
+365 			// 1. parse pem
+366 			var info = _parsePKCS5PEM(sEncryptedPEM);
+367 			var publicKeyAlgName = info.type;
+368 			var sharedKeyAlgName = info.cipher;
+369 			var ivsaltHex = info.ivsalt;
+370 			var privateKeyB64 = info.data;
+371 			//alert("ivsaltHex = " + ivsaltHex);
 372 
-373 	    // 2. generate shared key
-374 	    var sharedKeyInfo = _getKeyAndUnusedIvByPasscodeAndIvsalt(sharedKeyAlgName, passcode, ivsaltHex);
-375 	    var sharedKeyHex = sharedKeyInfo.keyhex;
-376 	    //alert("sharedKeyHex = " + sharedKeyHex);
+373 			// 2. generate shared key
+374 			var sharedKeyInfo = _getKeyAndUnusedIvByPasscodeAndIvsalt(sharedKeyAlgName, passcode, ivsaltHex);
+375 			var sharedKeyHex = sharedKeyInfo.keyhex;
+376 			//alert("sharedKeyHex = " + sharedKeyHex);
 377 
-378 	    // 3. decrypt private key
+378 			// 3. decrypt private key
 379             var decryptedKey = _decryptKeyB64(privateKeyB64, sharedKeyAlgName, sharedKeyHex, ivsaltHex);
-380 	    return decryptedKey;
-381 	},
+380 			return decryptedKey;
+381 		},
 382 
-383 	/**
+383 		/**
 384          * (DEPRECATED) read PEM formatted encrypted PKCS#5 private key and returns RSAKey object
-385 	 * @name getRSAKeyFromEncryptedPKCS5PEM
-386 	 * @memberOf KEYUTIL
-387 	 * @function
-388 	 * @param {String} sEncryptedP5PEM PEM formatted encrypted PKCS#5 private key
-389 	 * @param {String} passcode passcode to decrypt private key
-390 	 * @return {RSAKey} loaded RSAKey object of RSA private key
+385 		 * @name getRSAKeyFromEncryptedPKCS5PEM
+386 		 * @memberOf KEYUTIL
+387 		 * @function
+388 		 * @param {String} sEncryptedP5PEM PEM formatted encrypted PKCS#5 private key
+389 		 * @param {String} passcode passcode to decrypt private key
+390 		 * @return {RSAKey} loaded RSAKey object of RSA private key
 391          * @since pkcs5pkey 1.0.2
-392 	 * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}.
-393 	 */
-394 	getRSAKeyFromEncryptedPKCS5PEM: function(sEncryptedP5PEM, passcode) {
-395 	    var hPKey = this.getDecryptedKeyHex(sEncryptedP5PEM, passcode);
-396 	    var rsaKey = new RSAKey();
-397 	    rsaKey.readPrivateKeyFromASN1HexString(hPKey);
-398 	    return rsaKey;
-399 	},
+392 		 * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}.
+393 		 */
+394 		getRSAKeyFromEncryptedPKCS5PEM: function(sEncryptedP5PEM, passcode) {
+395 			var hPKey = this.getDecryptedKeyHex(sEncryptedP5PEM, passcode);
+396 			var rsaKey = new RSAKey();
+397 			rsaKey.readPrivateKeyFromASN1HexString(hPKey);
+398 			return rsaKey;
+399 		},
 400 
-401 	/*
+401 		/*
 402          * get PEM formatted encrypted PKCS#5 private key from hexadecimal string of plain private key
-403 	 * @name getEncryptedPKCS5PEMFromPrvKeyHex
-404 	 * @memberOf KEYUTIL
-405 	 * @function
-406 	 * @param {String} pemHeadAlg algorithm name in the pem header (i.e. RSA,EC or DSA)
-407 	 * @param {String} hPrvKey hexadecimal string of plain private key
-408 	 * @param {String} passcode pass code to protect private key (ex. password)
-409 	 * @param {String} sharedKeyAlgName algorithm name to protect private key (ex. AES-256-CBC)
-410 	 * @param {String} ivsaltHex hexadecimal string of IV and salt
-411 	 * @return {String} string of PEM formatted encrypted PKCS#5 private key
+403 		 * @name getEncryptedPKCS5PEMFromPrvKeyHex
+404 		 * @memberOf KEYUTIL
+405 		 * @function
+406 		 * @param {String} pemHeadAlg algorithm name in the pem header (i.e. RSA,EC or DSA)
+407 		 * @param {String} hPrvKey hexadecimal string of plain private key
+408 		 * @param {String} passcode pass code to protect private key (ex. password)
+409 		 * @param {String} sharedKeyAlgName algorithm name to protect private key (ex. AES-256-CBC)
+410 		 * @param {String} ivsaltHex hexadecimal string of IV and salt
+411 		 * @return {String} string of PEM formatted encrypted PKCS#5 private key
 412          * @since pkcs5pkey 1.0.2
-413 	 * @description
-414 	 * <br/>
-415 	 * generate PEM formatted encrypted PKCS#5 private key by hexadecimal string encoded
-416 	 * ASN.1 object of plain RSA private key.
-417 	 * Following arguments can be omitted.
-418 	 * <ul>
-419 	 * <li>alg - AES-256-CBC will be used if omitted.</li>
-420 	 * <li>ivsaltHex - automatically generate IV and salt which length depends on algorithm</li>
-421 	 * </ul>
-422 	 * NOTE1: DES-CBC, DES-EDE3-CBC, AES-{128,192.256}-CBC algorithm are supported.
-423 	 * @example
-424 	 * var pem = 
+413 		 * @description
+414 		 * <br/>
+415 		 * generate PEM formatted encrypted PKCS#5 private key by hexadecimal string encoded
+416 		 * ASN.1 object of plain RSA private key.
+417 		 * Following arguments can be omitted.
+418 		 * <ul>
+419 		 * <li>alg - AES-256-CBC will be used if omitted.</li>
+420 		 * <li>ivsaltHex - automatically generate IV and salt which length depends on algorithm</li>
+421 		 * </ul>
+422 		 * NOTE1: DES-CBC, DES-EDE3-CBC, AES-{128,192.256}-CBC algorithm are supported.
+423 		 * @example
+424 		 * var pem = 
 425          *   KEYUTIL.getEncryptedPKCS5PEMFromPrvKeyHex(plainKeyHex, "password");
-426 	 * var pem2 = 
+426 		 * var pem2 = 
 427          *   KEYUTIL.getEncryptedPKCS5PEMFromPrvKeyHex(plainKeyHex, "password", "AES-128-CBC");
-428 	 * var pem3 = 
+428 		 * var pem3 = 
 429          *   KEYUTIL.getEncryptedPKCS5PEMFromPrvKeyHex(plainKeyHex, "password", "AES-128-CBC", "1f3d02...");
-430 	 */
-431 	getEncryptedPKCS5PEMFromPrvKeyHex: function(pemHeadAlg, hPrvKey, passcode, sharedKeyAlgName, ivsaltHex) {
-432 	    var sPEM = "";
+430 		 */
+431 		getEncryptedPKCS5PEMFromPrvKeyHex: function(pemHeadAlg, hPrvKey, passcode, sharedKeyAlgName, ivsaltHex) {
+432 			var sPEM = "";
 433 
-434 	    // 1. set sharedKeyAlgName if undefined (default AES-256-CBC)
-435 	    if (typeof sharedKeyAlgName == "undefined" || sharedKeyAlgName == null) {
-436 		sharedKeyAlgName = "AES-256-CBC";
-437 	    }
-438 	    if (typeof ALGLIST[sharedKeyAlgName] == "undefined")
-439 		throw "KEYUTIL unsupported algorithm: " + sharedKeyAlgName;
+434 			// 1. set sharedKeyAlgName if undefined (default AES-256-CBC)
+435 			if (typeof sharedKeyAlgName == "undefined" || sharedKeyAlgName == null) {
+436 				sharedKeyAlgName = "AES-256-CBC";
+437 			}
+438 			if (typeof ALGLIST[sharedKeyAlgName] == "undefined")
+439 				throw "KEYUTIL unsupported algorithm: " + sharedKeyAlgName;
 440 
-441 	    // 2. set ivsaltHex if undefined
-442 	    if (typeof ivsaltHex == "undefined" || ivsaltHex == null) {
-443 		var ivlen = ALGLIST[sharedKeyAlgName]['ivlen'];
-444 		var randIV = _generateIvSaltHex(ivlen);
-445 		ivsaltHex = randIV.toUpperCase();
-446 	    }
+441 			// 2. set ivsaltHex if undefined
+442 			if (typeof ivsaltHex == "undefined" || ivsaltHex == null) {
+443 				var ivlen = ALGLIST[sharedKeyAlgName]['ivlen'];
+444 				var randIV = _generateIvSaltHex(ivlen);
+445 				ivsaltHex = randIV.toUpperCase();
+446 			}
 447 
-448 	    // 3. get shared key
+448 			// 3. get shared key
 449             //alert("ivsalthex=" + ivsaltHex);
-450 	    var sharedKeyInfo = _getKeyAndUnusedIvByPasscodeAndIvsalt(sharedKeyAlgName, passcode, ivsaltHex);
-451 	    var sharedKeyHex = sharedKeyInfo.keyhex;
-452 	    // alert("sharedKeyHex = " + sharedKeyHex);
+450 			var sharedKeyInfo = _getKeyAndUnusedIvByPasscodeAndIvsalt(sharedKeyAlgName, passcode, ivsaltHex);
+451 			var sharedKeyHex = sharedKeyInfo.keyhex;
+452 			// alert("sharedKeyHex = " + sharedKeyHex);
 453 
 454             // 3. get encrypted Key in Base64
 455             var encryptedKeyB64 = _encryptKeyHex(hPrvKey, sharedKeyAlgName, sharedKeyHex, ivsaltHex);
 456 
-457 	    var pemBody = encryptedKeyB64.replace(/(.{64})/g, "$1\r\n");
-458 	    var sPEM = "-----BEGIN " + pemHeadAlg + " PRIVATE KEY-----\r\n";
-459 	    sPEM += "Proc-Type: 4,ENCRYPTED\r\n";
-460 	    sPEM += "DEK-Info: " + sharedKeyAlgName + "," + ivsaltHex + "\r\n";
-461 	    sPEM += "\r\n";
-462 	    sPEM += pemBody;
-463 	    sPEM += "\r\n-----END " + pemHeadAlg + " PRIVATE KEY-----\r\n";
+457 			var pemBody = encryptedKeyB64.replace(/(.{64})/g, "$1\r\n");
+458 			var sPEM = "-----BEGIN " + pemHeadAlg + " PRIVATE KEY-----\r\n";
+459 			sPEM += "Proc-Type: 4,ENCRYPTED\r\n";
+460 			sPEM += "DEK-Info: " + sharedKeyAlgName + "," + ivsaltHex + "\r\n";
+461 			sPEM += "\r\n";
+462 			sPEM += pemBody;
+463 			sPEM += "\r\n-----END " + pemHeadAlg + " PRIVATE KEY-----\r\n";
 464 
-465 	    return sPEM;
+465 			return sPEM;
 466         },
 467 
-468 	/**
+468 		/**
 469          * (DEPRECATED) get PEM formatted encrypted PKCS#5 private key from RSAKey object of private key
-470 	 * @name getEncryptedPKCS5PEMFromRSAKey
-471 	 * @memberOf KEYUTIL
-472 	 * @function
-473 	 * @param {RSAKey} pKey RSAKey object of private key
-474 	 * @param {String} passcode pass code to protect private key (ex. password)
-475 	 * @param {String} alg algorithm name to protect private key (default AES-256-CBC)
-476 	 * @param {String} ivsaltHex hexadecimal string of IV and salt (default generated random IV)
-477 	 * @return {String} string of PEM formatted encrypted PKCS#5 private key
+470 		 * @name getEncryptedPKCS5PEMFromRSAKey
+471 		 * @memberOf KEYUTIL
+472 		 * @function
+473 		 * @param {RSAKey} pKey RSAKey object of private key
+474 		 * @param {String} passcode pass code to protect private key (ex. password)
+475 		 * @param {String} alg algorithm name to protect private key (default AES-256-CBC)
+476 		 * @param {String} ivsaltHex hexadecimal string of IV and salt (default generated random IV)
+477 		 * @return {String} string of PEM formatted encrypted PKCS#5 private key
 478          * @since pkcs5pkey 1.0.2
-479 	 * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getPEM#}.
-480 	 * @description
-481 	 * <br/>
-482 	 * generate PEM formatted encrypted PKCS#5 private key by
-483 	 * {@link RSAKey} object of RSA private key and passcode.
-484 	 * Following argument can be omitted.
-485 	 * <ul>
-486 	 * <li>alg - AES-256-CBC will be used if omitted.</li>
-487 	 * <li>ivsaltHex - automatically generate IV and salt which length depends on algorithm</li>
-488 	 * </ul>
-489 	 * @example
-490 	 * var pkey = new RSAKey();
-491 	 * pkey.generate(1024, '10001'); // generate 1024bit RSA private key with public exponent 'x010001'
-492 	 * var pem = KEYUTIL.getEncryptedPKCS5PEMFromRSAKey(pkey, "password");
-493 	 */
+479 		 * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getPEM#}.
+480 		 * @description
+481 		 * <br/>
+482 		 * generate PEM formatted encrypted PKCS#5 private key by
+483 		 * {@link RSAKey} object of RSA private key and passcode.
+484 		 * Following argument can be omitted.
+485 		 * <ul>
+486 		 * <li>alg - AES-256-CBC will be used if omitted.</li>
+487 		 * <li>ivsaltHex - automatically generate IV and salt which length depends on algorithm</li>
+488 		 * </ul>
+489 		 * @example
+490 		 * var pkey = new RSAKey();
+491 		 * pkey.generate(1024, '10001'); // generate 1024bit RSA private key with public exponent 'x010001'
+492 		 * var pem = KEYUTIL.getEncryptedPKCS5PEMFromRSAKey(pkey, "password");
+493 		 */
 494         getEncryptedPKCS5PEMFromRSAKey: function(pKey, passcode, alg, ivsaltHex) {
-495 	    var version = new KJUR.asn1.DERInteger({'int': 0});
-496 	    var n = new KJUR.asn1.DERInteger({'bigint': pKey.n});
-497 	    var e = new KJUR.asn1.DERInteger({'int': pKey.e});
-498 	    var d = new KJUR.asn1.DERInteger({'bigint': pKey.d});
-499 	    var p = new KJUR.asn1.DERInteger({'bigint': pKey.p});
-500 	    var q = new KJUR.asn1.DERInteger({'bigint': pKey.q});
-501 	    var dmp1 = new KJUR.asn1.DERInteger({'bigint': pKey.dmp1});
-502 	    var dmq1 = new KJUR.asn1.DERInteger({'bigint': pKey.dmq1});
-503 	    var coeff = new KJUR.asn1.DERInteger({'bigint': pKey.coeff});
-504 	    var seq = new KJUR.asn1.DERSequence({'array': [version, n, e, d, p, q, dmp1, dmq1, coeff]});
-505 	    var hex = seq.getEncodedHex();
-506 	    return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA", hex, passcode, alg, ivsaltHex);
+495 			var version = new KJUR.asn1.DERInteger({'int': 0});
+496 			var n = new KJUR.asn1.DERInteger({'bigint': pKey.n});
+497 			var e = new KJUR.asn1.DERInteger({'int': pKey.e});
+498 			var d = new KJUR.asn1.DERInteger({'bigint': pKey.d});
+499 			var p = new KJUR.asn1.DERInteger({'bigint': pKey.p});
+500 			var q = new KJUR.asn1.DERInteger({'bigint': pKey.q});
+501 			var dmp1 = new KJUR.asn1.DERInteger({'bigint': pKey.dmp1});
+502 			var dmq1 = new KJUR.asn1.DERInteger({'bigint': pKey.dmq1});
+503 			var coeff = new KJUR.asn1.DERInteger({'bigint': pKey.coeff});
+504 			var seq = new KJUR.asn1.DERSequence({'array': [version, n, e, d, p, q, dmp1, dmq1, coeff]});
+505 			var hex = seq.getEncodedHex();
+506 			return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA", hex, passcode, alg, ivsaltHex);
 507         },
 508 
-509 	/**
+509 		/**
 510          * generate RSAKey and PEM formatted encrypted PKCS#5 private key
-511 	 * @name newEncryptedPKCS5PEM
-512 	 * @memberOf KEYUTIL
-513 	 * @function
-514 	 * @param {String} passcode pass code to protect private key (ex. password)
-515 	 * @param {Integer} keyLen key bit length of RSA key to be generated. (default 1024)
-516 	 * @param {String} hPublicExponent hexadecimal string of public exponent (default 10001)
-517 	 * @param {String} alg shared key algorithm to encrypt private key (default AES-258-CBC)
-518 	 * @return {String} string of PEM formatted encrypted PKCS#5 private key
+511 		 * @name newEncryptedPKCS5PEM
+512 		 * @memberOf KEYUTIL
+513 		 * @function
+514 		 * @param {String} passcode pass code to protect private key (ex. password)
+515 		 * @param {Integer} keyLen key bit length of RSA key to be generated. (default 1024)
+516 		 * @param {String} hPublicExponent hexadecimal string of public exponent (default 10001)
+517 		 * @param {String} alg shared key algorithm to encrypt private key (default AES-258-CBC)
+518 		 * @return {String} string of PEM formatted encrypted PKCS#5 private key
 519          * @since pkcs5pkey 1.0.2
-520 	 * @example
-521 	 * var pem1 = KEYUTIL.newEncryptedPKCS5PEM("password");           // RSA1024bit/10001/AES-256-CBC
-522 	 * var pem2 = KEYUTIL.newEncryptedPKCS5PEM("password", 512);      // RSA 512bit/10001/AES-256-CBC
-523 	 * var pem3 = KEYUTIL.newEncryptedPKCS5PEM("password", 512, '3'); // RSA 512bit/    3/AES-256-CBC
-524 	 */
-525 	newEncryptedPKCS5PEM: function(passcode, keyLen, hPublicExponent, alg) {
-526 	    if (typeof keyLen == "undefined" || keyLen == null) {
-527 		keyLen = 1024;
-528 	    }
-529 	    if (typeof hPublicExponent == "undefined" || hPublicExponent == null) {
-530 		hPublicExponent = '10001';
-531 	    }
-532 	    var pKey = new RSAKey();
-533 	    pKey.generate(keyLen, hPublicExponent);
-534 	    var pem = null;
-535 	    if (typeof alg == "undefined" || alg == null) {
-536 		pem = this.getEncryptedPKCS5PEMFromRSAKey(pKey, passcode);
-537 	    } else {
-538 		pem = this.getEncryptedPKCS5PEMFromRSAKey(pKey, passcode, alg);
-539 	    }
-540 	    return pem;
+520 		 * @example
+521 		 * var pem1 = KEYUTIL.newEncryptedPKCS5PEM("password");           // RSA1024bit/10001/AES-256-CBC
+522 		 * var pem2 = KEYUTIL.newEncryptedPKCS5PEM("password", 512);      // RSA 512bit/10001/AES-256-CBC
+523 		 * var pem3 = KEYUTIL.newEncryptedPKCS5PEM("password", 512, '3'); // RSA 512bit/    3/AES-256-CBC
+524 		 */
+525 		newEncryptedPKCS5PEM: function(passcode, keyLen, hPublicExponent, alg) {
+526 			if (typeof keyLen == "undefined" || keyLen == null) {
+527 				keyLen = 1024;
+528 			}
+529 			if (typeof hPublicExponent == "undefined" || hPublicExponent == null) {
+530 				hPublicExponent = '10001';
+531 			}
+532 			var pKey = new RSAKey();
+533 			pKey.generate(keyLen, hPublicExponent);
+534 			var pem = null;
+535 			if (typeof alg == "undefined" || alg == null) {
+536 				pem = this.getEncryptedPKCS5PEMFromRSAKey(pKey, passcode);
+537 			} else {
+538 				pem = this.getEncryptedPKCS5PEMFromRSAKey(pKey, passcode, alg);
+539 			}
+540 			return pem;
 541         },
 542 
-543 	// === PKCS8 ===============================================================
+543 		// === PKCS8 ===============================================================
 544 
-545 	/**
+545 		/**
 546          * (DEPRECATED) read PEM formatted unencrypted PKCS#8 private key and returns RSAKey object
-547 	 * @name getRSAKeyFromPlainPKCS8PEM
-548 	 * @memberOf KEYUTIL
-549 	 * @function
-550 	 * @param {String} pkcs8PEM PEM formatted unencrypted PKCS#8 private key
-551 	 * @return {RSAKey} loaded RSAKey object of RSA private key
+547 		 * @name getRSAKeyFromPlainPKCS8PEM
+548 		 * @memberOf KEYUTIL
+549 		 * @function
+550 		 * @param {String} pkcs8PEM PEM formatted unencrypted PKCS#8 private key
+551 		 * @return {RSAKey} loaded RSAKey object of RSA private key
 552          * @since pkcs5pkey 1.0.1
-553 	 * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}.
-554 	 */
+553 		 * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}.
+554 		 */
 555         getRSAKeyFromPlainPKCS8PEM: function(pkcs8PEM) {
 556             if (pkcs8PEM.match(/ENCRYPTED/))
 557                 throw "pem shall be not ENCRYPTED";
 558             var prvKeyHex = this.getHexFromPEM(pkcs8PEM, "PRIVATE KEY");
 559             var rsaKey = this.getRSAKeyFromPlainPKCS8Hex(prvKeyHex);
-560 	    return rsaKey;
+560 			return rsaKey;
 561         },
 562 
-563 	/**
+563 		/**
 564          * (DEPRECATED) provide hexadecimal string of unencrypted PKCS#8 private key and returns RSAKey object
-565 	 * @name getRSAKeyFromPlainPKCS8Hex
-566 	 * @memberOf KEYUTIL
-567 	 * @function
-568 	 * @param {String} prvKeyHex hexadecimal string of unencrypted PKCS#8 private key
-569 	 * @return {RSAKey} loaded RSAKey object of RSA private key
+565 		 * @name getRSAKeyFromPlainPKCS8Hex
+566 		 * @memberOf KEYUTIL
+567 		 * @function
+568 		 * @param {String} prvKeyHex hexadecimal string of unencrypted PKCS#8 private key
+569 		 * @return {RSAKey} loaded RSAKey object of RSA private key
 570          * @since pkcs5pkey 1.0.3
-571 	 * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}.
-572 	 */
+571 		 * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}.
+572 		 */
 573         getRSAKeyFromPlainPKCS8Hex: function(prvKeyHex) {
-574 	    var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(prvKeyHex, 0);
-575 	    if (a1.length != 3)
-576 		throw "outer DERSequence shall have 3 elements: " + a1.length;
+574 			var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(prvKeyHex, 0);
+575 			if (a1.length != 3)
+576 				throw "outer DERSequence shall have 3 elements: " + a1.length;
 577             var algIdTLV =ASN1HEX.getHexOfTLV_AtObj(prvKeyHex, a1[1]);
-578 	    if (algIdTLV != "300d06092a864886f70d0101010500") // AlgId rsaEncryption
-579 		throw "PKCS8 AlgorithmIdentifier is not rsaEnc: " + algIdTLV;
+578 			if (algIdTLV != "300d06092a864886f70d0101010500") // AlgId rsaEncryption
+579 				throw "PKCS8 AlgorithmIdentifier is not rsaEnc: " + algIdTLV;
 580             var algIdTLV = ASN1HEX.getHexOfTLV_AtObj(prvKeyHex, a1[1]);
-581 	    var octetStr = ASN1HEX.getHexOfTLV_AtObj(prvKeyHex, a1[2]);
-582 	    var p5KeyHex = ASN1HEX.getHexOfV_AtObj(octetStr, 0);
+581 			var octetStr = ASN1HEX.getHexOfTLV_AtObj(prvKeyHex, a1[2]);
+582 			var p5KeyHex = ASN1HEX.getHexOfV_AtObj(octetStr, 0);
 583             //alert(p5KeyHex);
-584 	    var rsaKey = new RSAKey();
-585 	    rsaKey.readPrivateKeyFromASN1HexString(p5KeyHex);
-586 	    return rsaKey;
+584 			var rsaKey = new RSAKey();
+585 			rsaKey.readPrivateKeyFromASN1HexString(p5KeyHex);
+586 			return rsaKey;
 587         },
 588 
-589 	/**
+589 		/**
 590          * generate PBKDF2 key hexstring with specified passcode and information
-591 	 * @name parseHexOfEncryptedPKCS8
-592 	 * @memberOf KEYUTIL
-593 	 * @function
-594 	 * @param {String} passcode passcode to decrypto private key
-595 	 * @return {Array} info associative array of PKCS#8 parameters
+591 		 * @name parseHexOfEncryptedPKCS8
+592 		 * @memberOf KEYUTIL
+593 		 * @function
+594 		 * @param {String} passcode passcode to decrypto private key
+595 		 * @return {Array} info associative array of PKCS#8 parameters
 596          * @since pkcs5pkey 1.0.3
-597 	 * @description
-598 	 * The associative array which is returned by this method has following properties:
-599 	 * <ul>
-600 	 * <li>info.pbkdf2Salt - hexadecimal string of PBKDF2 salt</li>
-601 	 * <li>info.pkbdf2Iter - iteration count</li>
-602 	 * <li>info.ciphertext - hexadecimal string of encrypted private key</li>
-603 	 * <li>info.encryptionSchemeAlg - encryption algorithm name (currently TripleDES only)</li>
-604 	 * <li>info.encryptionSchemeIV - initial vector for encryption algorithm</li>
-605 	 * </ul>
-606 	 * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
-607 	 * <ul>
-608 	 * <li>keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1</li>
-609 	 * <li>encryptionScheme = des-EDE3-CBC(i.e. TripleDES</li>
-610 	 * </ul>
-611 	 * @example
-612 	 * // to convert plain PKCS#5 private key to encrypted PKCS#8 private
-613 	 * // key with PBKDF2 with TripleDES
-614 	 * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem
-615 	 */
+597 		 * @description
+598 		 * The associative array which is returned by this method has following properties:
+599 		 * <ul>
+600 		 * <li>info.pbkdf2Salt - hexadecimal string of PBKDF2 salt</li>
+601 		 * <li>info.pkbdf2Iter - iteration count</li>
+602 		 * <li>info.ciphertext - hexadecimal string of encrypted private key</li>
+603 		 * <li>info.encryptionSchemeAlg - encryption algorithm name (currently TripleDES only)</li>
+604 		 * <li>info.encryptionSchemeIV - initial vector for encryption algorithm</li>
+605 		 * </ul>
+606 		 * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
+607 		 * <ul>
+608 		 * <li>keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1</li>
+609 		 * <li>encryptionScheme = des-EDE3-CBC(i.e. TripleDES</li>
+610 		 * </ul>
+611 		 * @example
+612 		 * // to convert plain PKCS#5 private key to encrypted PKCS#8 private
+613 		 * // key with PBKDF2 with TripleDES
+614 		 * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem
+615 		 */
 616         parseHexOfEncryptedPKCS8: function(sHEX) {
 617             var info = {};
-618 	    
-619 	    var a0 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, 0);
-620 	    if (a0.length != 2)
-621 		throw "malformed format: SEQUENCE(0).items != 2: " + a0.length;
+618 			
+619 			var a0 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, 0);
+620 			if (a0.length != 2)
+621 				throw "malformed format: SEQUENCE(0).items != 2: " + a0.length;
 622 
-623 	    // 1. ciphertext
-624 	    info.ciphertext = ASN1HEX.getHexOfV_AtObj(sHEX, a0[1]);
+623 			// 1. ciphertext
+624 			info.ciphertext = ASN1HEX.getHexOfV_AtObj(sHEX, a0[1]);
 625 
-626 	    // 2. pkcs5PBES2
-627 	    var a0_0 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0[0]); 
-628 	    if (a0_0.length != 2)
-629 		throw "malformed format: SEQUENCE(0.0).items != 2: " + a0_0.length;
+626 			// 2. pkcs5PBES2
+627 			var a0_0 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0[0]); 
+628 			if (a0_0.length != 2)
+629 				throw "malformed format: SEQUENCE(0.0).items != 2: " + a0_0.length;
 630 
-631 	    // 2.1 check if pkcs5PBES2(1 2 840 113549 1 5 13)
-632 	    if (ASN1HEX.getHexOfV_AtObj(sHEX, a0_0[0]) != "2a864886f70d01050d")
-633 		throw "this only supports pkcs5PBES2";
+631 			// 2.1 check if pkcs5PBES2(1 2 840 113549 1 5 13)
+632 			if (ASN1HEX.getHexOfV_AtObj(sHEX, a0_0[0]) != "2a864886f70d01050d")
+633 				throw "this only supports pkcs5PBES2";
 634 
-635 	    // 2.2 pkcs5PBES2 param
+635 			// 2.2 pkcs5PBES2 param
 636             var a0_0_1 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0[1]); 
-637 	    if (a0_0.length != 2)
-638 		throw "malformed format: SEQUENCE(0.0.1).items != 2: " + a0_0_1.length;
+637 			if (a0_0.length != 2)
+638 				throw "malformed format: SEQUENCE(0.0.1).items != 2: " + a0_0_1.length;
 639 
-640 	    // 2.2.1 encryptionScheme
-641 	    var a0_0_1_1 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0_1[1]); 
-642 	    if (a0_0_1_1.length != 2)
-643 		throw "malformed format: SEQUENCE(0.0.1.1).items != 2: " + a0_0_1_1.length;
-644 	    if (ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_1[0]) != "2a864886f70d0307")
-645 		throw "this only supports TripleDES";
-646 	    info.encryptionSchemeAlg = "TripleDES";
+640 			// 2.2.1 encryptionScheme
+641 			var a0_0_1_1 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0_1[1]); 
+642 			if (a0_0_1_1.length != 2)
+643 				throw "malformed format: SEQUENCE(0.0.1.1).items != 2: " + a0_0_1_1.length;
+644 			if (ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_1[0]) != "2a864886f70d0307")
+645 				throw "this only supports TripleDES";
+646 			info.encryptionSchemeAlg = "TripleDES";
 647 
-648 	    // 2.2.1.1 IV of encryptionScheme
-649 	    info.encryptionSchemeIV = ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_1[1]);
+648 			// 2.2.1.1 IV of encryptionScheme
+649 			info.encryptionSchemeIV = ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_1[1]);
 650 
-651 	    // 2.2.2 keyDerivationFunc
-652 	    var a0_0_1_0 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0_1[0]); 
-653 	    if (a0_0_1_0.length != 2)
-654 		throw "malformed format: SEQUENCE(0.0.1.0).items != 2: " + a0_0_1_0.length;
-655 	    if (ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_0[0]) != "2a864886f70d01050c")
-656 		throw "this only supports pkcs5PBKDF2";
+651 			// 2.2.2 keyDerivationFunc
+652 			var a0_0_1_0 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0_1[0]); 
+653 			if (a0_0_1_0.length != 2)
+654 				throw "malformed format: SEQUENCE(0.0.1.0).items != 2: " + a0_0_1_0.length;
+655 			if (ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_0[0]) != "2a864886f70d01050c")
+656 				throw "this only supports pkcs5PBKDF2";
 657 
-658 	    // 2.2.2.1 pkcs5PBKDF2 param
-659 	    var a0_0_1_0_1 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0_1_0[1]); 
-660 	    if (a0_0_1_0_1.length < 2)
-661 		throw "malformed format: SEQUENCE(0.0.1.0.1).items < 2: " + a0_0_1_0_1.length;
+658 			// 2.2.2.1 pkcs5PBKDF2 param
+659 			var a0_0_1_0_1 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0_1_0[1]); 
+660 			if (a0_0_1_0_1.length < 2)
+661 				throw "malformed format: SEQUENCE(0.0.1.0.1).items < 2: " + a0_0_1_0_1.length;
 662 
-663 	    // 2.2.2.1.1 PBKDF2 salt
-664 	    info.pbkdf2Salt = ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_0_1[0]);
+663 			// 2.2.2.1.1 PBKDF2 salt
+664 			info.pbkdf2Salt = ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_0_1[0]);
 665 
-666 	    // 2.2.2.1.2 PBKDF2 iter
-667 	    var iterNumHex = ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_0_1[1]);
-668 	    try {
-669 		info.pbkdf2Iter = parseInt(iterNumHex, 16);
-670 	    } catch(ex) {
-671 		throw "malformed format pbkdf2Iter: " + iterNumHex;
-672 	    }
+666 			// 2.2.2.1.2 PBKDF2 iter
+667 			var iterNumHex = ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_0_1[1]);
+668 			try {
+669 				info.pbkdf2Iter = parseInt(iterNumHex, 16);
+670 			} catch(ex) {
+671 				throw "malformed format pbkdf2Iter: " + iterNumHex;
+672 			}
 673 
-674 	    return info;
-675 	},
+674 			return info;
+675 		},
 676 
-677 	/**
+677 		/**
 678          * generate PBKDF2 key hexstring with specified passcode and information
-679 	 * @name getPBKDF2KeyHexFromParam
-680 	 * @memberOf KEYUTIL
-681 	 * @function
-682 	 * @param {Array} info result of {@link parseHexOfEncryptedPKCS8} which has preference of PKCS#8 file
-683 	 * @param {String} passcode passcode to decrypto private key
-684 	 * @return {String} hexadecimal string of PBKDF2 key
+679 		 * @name getPBKDF2KeyHexFromParam
+680 		 * @memberOf KEYUTIL
+681 		 * @function
+682 		 * @param {Array} info result of {@link parseHexOfEncryptedPKCS8} which has preference of PKCS#8 file
+683 		 * @param {String} passcode passcode to decrypto private key
+684 		 * @return {String} hexadecimal string of PBKDF2 key
 685          * @since pkcs5pkey 1.0.3
-686 	 * @description
-687 	 * As for info, this uses following properties:
-688 	 * <ul>
-689 	 * <li>info.pbkdf2Salt - hexadecimal string of PBKDF2 salt</li>
-690 	 * <li>info.pkbdf2Iter - iteration count</li>
-691 	 * </ul>
-692 	 * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
-693 	 * <ul>
-694 	 * <li>keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1</li>
-695 	 * <li>encryptionScheme = des-EDE3-CBC(i.e. TripleDES</li>
-696 	 * </ul>
-697 	 * @example
-698 	 * // to convert plain PKCS#5 private key to encrypted PKCS#8 private
-699 	 * // key with PBKDF2 with TripleDES
-700 	 * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem
-701 	 */
-702 	getPBKDF2KeyHexFromParam: function(info, passcode) {
-703 	    var pbkdf2SaltWS = CryptoJS.enc.Hex.parse(info.pbkdf2Salt);
-704 	    var pbkdf2Iter = info.pbkdf2Iter;
-705 	    var pbkdf2KeyWS = CryptoJS.PBKDF2(passcode, 
-706 					      pbkdf2SaltWS, 
-707 					      { keySize: 192/32, iterations: pbkdf2Iter });
-708 	    var pbkdf2KeyHex = CryptoJS.enc.Hex.stringify(pbkdf2KeyWS);
-709 	    return pbkdf2KeyHex;
-710 	},
+686 		 * @description
+687 		 * As for info, this uses following properties:
+688 		 * <ul>
+689 		 * <li>info.pbkdf2Salt - hexadecimal string of PBKDF2 salt</li>
+690 		 * <li>info.pkbdf2Iter - iteration count</li>
+691 		 * </ul>
+692 		 * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
+693 		 * <ul>
+694 		 * <li>keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1</li>
+695 		 * <li>encryptionScheme = des-EDE3-CBC(i.e. TripleDES</li>
+696 		 * </ul>
+697 		 * @example
+698 		 * // to convert plain PKCS#5 private key to encrypted PKCS#8 private
+699 		 * // key with PBKDF2 with TripleDES
+700 		 * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem
+701 		 */
+702 		getPBKDF2KeyHexFromParam: function(info, passcode) {
+703 			var pbkdf2SaltWS = CryptoJS.enc.Hex.parse(info.pbkdf2Salt);
+704 			var pbkdf2Iter = info.pbkdf2Iter;
+705 			var pbkdf2KeyWS = CryptoJS.PBKDF2(passcode, 
+706 											  pbkdf2SaltWS, 
+707 											  { keySize: 192/32, iterations: pbkdf2Iter });
+708 			var pbkdf2KeyHex = CryptoJS.enc.Hex.stringify(pbkdf2KeyWS);
+709 			return pbkdf2KeyHex;
+710 		},
 711 
-712 	/**
+712 		/**
 713          * read PEM formatted encrypted PKCS#8 private key and returns hexadecimal string of plain PKCS#8 private key
-714 	 * @name getPlainPKCS8HexFromEncryptedPKCS8PEM
-715 	 * @memberOf KEYUTIL
-716 	 * @function
-717 	 * @param {String} pkcs8PEM PEM formatted encrypted PKCS#8 private key
-718 	 * @param {String} passcode passcode to decrypto private key
-719 	 * @return {String} hexadecimal string of plain PKCS#8 private key
+714 		 * @name getPlainPKCS8HexFromEncryptedPKCS8PEM
+715 		 * @memberOf KEYUTIL
+716 		 * @function
+717 		 * @param {String} pkcs8PEM PEM formatted encrypted PKCS#8 private key
+718 		 * @param {String} passcode passcode to decrypto private key
+719 		 * @return {String} hexadecimal string of plain PKCS#8 private key
 720          * @since pkcs5pkey 1.0.3
-721 	 * @description
-722 	 * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
-723 	 * <ul>
-724 	 * <li>keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1</li>
-725 	 * <li>encryptionScheme = des-EDE3-CBC(i.e. TripleDES</li>
-726 	 * </ul>
-727 	 * @example
-728 	 * // to convert plain PKCS#5 private key to encrypted PKCS#8 private
-729 	 * // key with PBKDF2 with TripleDES
-730 	 * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem
-731 	 */
-732 	getPlainPKCS8HexFromEncryptedPKCS8PEM: function(pkcs8PEM, passcode) {
-733 	    // 1. derHex - PKCS#8 private key encrypted by PBKDF2
+721 		 * @description
+722 		 * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
+723 		 * <ul>
+724 		 * <li>keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1</li>
+725 		 * <li>encryptionScheme = des-EDE3-CBC(i.e. TripleDES</li>
+726 		 * </ul>
+727 		 * @example
+728 		 * // to convert plain PKCS#5 private key to encrypted PKCS#8 private
+729 		 * // key with PBKDF2 with TripleDES
+730 		 * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem
+731 		 */
+732 		getPlainPKCS8HexFromEncryptedPKCS8PEM: function(pkcs8PEM, passcode) {
+733 			// 1. derHex - PKCS#8 private key encrypted by PBKDF2
 734             var derHex = this.getHexFromPEM(pkcs8PEM, "ENCRYPTED PRIVATE KEY");
-735 	    // 2. info - PKCS#5 PBES info
-736 	    var info = this.parseHexOfEncryptedPKCS8(derHex);
-737 	    // 3. hKey - PBKDF2 key
-738 	    var pbkdf2KeyHex = KEYUTIL.getPBKDF2KeyHexFromParam(info, passcode);
-739 	    // 4. decrypt ciphertext by PBKDF2 key
-740 	    var encrypted = {};
-741 	    encrypted.ciphertext = CryptoJS.enc.Hex.parse(info.ciphertext);
-742 	    var pbkdf2KeyWS = CryptoJS.enc.Hex.parse(pbkdf2KeyHex);
-743 	    var des3IVWS = CryptoJS.enc.Hex.parse(info.encryptionSchemeIV);
-744 	    var decWS = CryptoJS.TripleDES.decrypt(encrypted, pbkdf2KeyWS, { iv: des3IVWS });
-745 	    var decHex = CryptoJS.enc.Hex.stringify(decWS);
-746 	    return decHex;
-747 	},
+735 			// 2. info - PKCS#5 PBES info
+736 			var info = this.parseHexOfEncryptedPKCS8(derHex);
+737 			// 3. hKey - PBKDF2 key
+738 			var pbkdf2KeyHex = KEYUTIL.getPBKDF2KeyHexFromParam(info, passcode);
+739 			// 4. decrypt ciphertext by PBKDF2 key
+740 			var encrypted = {};
+741 			encrypted.ciphertext = CryptoJS.enc.Hex.parse(info.ciphertext);
+742 			var pbkdf2KeyWS = CryptoJS.enc.Hex.parse(pbkdf2KeyHex);
+743 			var des3IVWS = CryptoJS.enc.Hex.parse(info.encryptionSchemeIV);
+744 			var decWS = CryptoJS.TripleDES.decrypt(encrypted, pbkdf2KeyWS, { iv: des3IVWS });
+745 			var decHex = CryptoJS.enc.Hex.stringify(decWS);
+746 			return decHex;
+747 		},
 748 
-749 	/**
+749 		/**
 750          * (DEPRECATED) read PEM formatted encrypted PKCS#8 private key and returns RSAKey object
-751 	 * @name getRSAKeyFromEncryptedPKCS8PEM
-752 	 * @memberOf KEYUTIL
-753 	 * @function
-754 	 * @param {String} pkcs8PEM PEM formatted encrypted PKCS#8 private key
-755 	 * @param {String} passcode passcode to decrypto private key
-756 	 * @return {RSAKey} loaded RSAKey object of RSA private key
+751 		 * @name getRSAKeyFromEncryptedPKCS8PEM
+752 		 * @memberOf KEYUTIL
+753 		 * @function
+754 		 * @param {String} pkcs8PEM PEM formatted encrypted PKCS#8 private key
+755 		 * @param {String} passcode passcode to decrypto private key
+756 		 * @return {RSAKey} loaded RSAKey object of RSA private key
 757          * @since pkcs5pkey 1.0.3
-758 	 * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}.
-759 	 * @description
-760 	 * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
-761 	 * <ul>
-762 	 * <li>keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1</li>
-763 	 * <li>encryptionScheme = des-EDE3-CBC(i.e. TripleDES</li>
-764 	 * </ul>
-765 	 * @example
-766 	 * // to convert plain PKCS#5 private key to encrypted PKCS#8 private
-767 	 * // key with PBKDF2 with TripleDES
-768 	 * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem
-769 	 */
+758 		 * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}.
+759 		 * @description
+760 		 * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
+761 		 * <ul>
+762 		 * <li>keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1</li>
+763 		 * <li>encryptionScheme = des-EDE3-CBC(i.e. TripleDES</li>
+764 		 * </ul>
+765 		 * @example
+766 		 * // to convert plain PKCS#5 private key to encrypted PKCS#8 private
+767 		 * // key with PBKDF2 with TripleDES
+768 		 * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem
+769 		 */
 770         getRSAKeyFromEncryptedPKCS8PEM: function(pkcs8PEM, passcode) {
-771 	    var prvKeyHex = this.getPlainPKCS8HexFromEncryptedPKCS8PEM(pkcs8PEM, passcode);
-772 	    var rsaKey = this.getRSAKeyFromPlainPKCS8Hex(prvKeyHex);
-773 	    return rsaKey;
+771 			var prvKeyHex = this.getPlainPKCS8HexFromEncryptedPKCS8PEM(pkcs8PEM, passcode);
+772 			var rsaKey = this.getRSAKeyFromPlainPKCS8Hex(prvKeyHex);
+773 			return rsaKey;
 774         },
 775 
-776 	/**
+776 		/**
 777          * get RSAKey/ECDSA private key object from encrypted PEM PKCS#8 private key
-778 	 * @name getKeyFromEncryptedPKCS8PEM
-779 	 * @memberOf KEYUTIL
-780 	 * @function
-781 	 * @param {String} pkcs8PEM string of PEM formatted PKCS#8 private key
-782 	 * @param {String} passcode passcode string to decrypt key
-783 	 * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object
-784 	 * @since pkcs5pkey 1.0.5
-785 	 */
+778 		 * @name getKeyFromEncryptedPKCS8PEM
+779 		 * @memberOf KEYUTIL
+780 		 * @function
+781 		 * @param {String} pkcs8PEM string of PEM formatted PKCS#8 private key
+782 		 * @param {String} passcode passcode string to decrypt key
+783 		 * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object
+784 		 * @since pkcs5pkey 1.0.5
+785 		 */
 786         getKeyFromEncryptedPKCS8PEM: function(pkcs8PEM, passcode) {
-787 	    var prvKeyHex = this.getPlainPKCS8HexFromEncryptedPKCS8PEM(pkcs8PEM, passcode);
-788 	    var key = this.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex);
-789 	    return key;
+787 			var prvKeyHex = this.getPlainPKCS8HexFromEncryptedPKCS8PEM(pkcs8PEM, passcode);
+788 			var key = this.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex);
+789 			return key;
 790         },
 791 
-792 	/**
+792 		/**
 793          * parse hexadecimal string of plain PKCS#8 private key
-794 	 * @name parsePlainPrivatePKCS8Hex
-795 	 * @memberOf KEYUTIL
-796 	 * @function
-797 	 * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 plain private key
-798 	 * @return {Array} associative array of parsed key
-799 	 * @since pkcs5pkey 1.0.5
-800 	 * @description
-801 	 * Resulted associative array has following properties:
-802 	 * <ul>
-803 	 * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
-804 	 * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
-805 	 * <li>keyidx - string starting index of key in pkcs8PrvHex</li>
-806 	 * </ul>
-807 	 */
-808 	parsePlainPrivatePKCS8Hex: function(pkcs8PrvHex) {
-809 	    var result = {};
-810 	    result.algparam = null;
+794 		 * @name parsePlainPrivatePKCS8Hex
+795 		 * @memberOf KEYUTIL
+796 		 * @function
+797 		 * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 plain private key
+798 		 * @return {Array} associative array of parsed key
+799 		 * @since pkcs5pkey 1.0.5
+800 		 * @description
+801 		 * Resulted associative array has following properties:
+802 		 * <ul>
+803 		 * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
+804 		 * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
+805 		 * <li>keyidx - string starting index of key in pkcs8PrvHex</li>
+806 		 * </ul>
+807 		 */
+808 		parsePlainPrivatePKCS8Hex: function(pkcs8PrvHex) {
+809 			var result = {};
+810 			result.algparam = null;
 811 
-812 	    // 1. sequence
-813 	    if (pkcs8PrvHex.substr(0, 2) != "30")
-814 		throw "malformed plain PKCS8 private key(code:001)"; // not sequence
+812 			// 1. sequence
+813 			if (pkcs8PrvHex.substr(0, 2) != "30")
+814 				throw "malformed plain PKCS8 private key(code:001)"; // not sequence
 815 
-816 	    var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PrvHex, 0);
-817 	    if (a1.length != 3)
-818 		throw "malformed plain PKCS8 private key(code:002)";
+816 			var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PrvHex, 0);
+817 			if (a1.length != 3)
+818 				throw "malformed plain PKCS8 private key(code:002)";
 819 
-820 	    // 2. AlgID
+820 			// 2. AlgID
 821             if (pkcs8PrvHex.substr(a1[1], 2) != "30")
 822                 throw "malformed PKCS8 private key(code:003)"; // AlgId not sequence
 823 
@@ -832,289 +832,289 @@
 825             if (a2.length != 2)
 826                 throw "malformed PKCS8 private key(code:004)"; // AlgId not have two elements
 827 
-828 	    // 2.1. AlgID OID
-829 	    if (pkcs8PrvHex.substr(a2[0], 2) != "06")
-830 		throw "malformed PKCS8 private key(code:005)"; // AlgId.oid is not OID
+828 			// 2.1. AlgID OID
+829 			if (pkcs8PrvHex.substr(a2[0], 2) != "06")
+830 				throw "malformed PKCS8 private key(code:005)"; // AlgId.oid is not OID
 831 
-832 	    result.algoid = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a2[0]);
+832 			result.algoid = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a2[0]);
 833 
-834 	    // 2.2. AlgID param
-835 	    if (pkcs8PrvHex.substr(a2[1], 2) == "06") {
-836 		result.algparam = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a2[1]);
-837 	    }
+834 			// 2.2. AlgID param
+835 			if (pkcs8PrvHex.substr(a2[1], 2) == "06") {
+836 				result.algparam = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a2[1]);
+837 			}
 838 
-839 	    // 3. Key index
-840 	    if (pkcs8PrvHex.substr(a1[2], 2) != "04")
-841 		throw "malformed PKCS8 private key(code:006)"; // not octet string
+839 			// 3. Key index
+840 			if (pkcs8PrvHex.substr(a1[2], 2) != "04")
+841 				throw "malformed PKCS8 private key(code:006)"; // not octet string
 842 
-843 	    result.keyidx = ASN1HEX.getStartPosOfV_AtObj(pkcs8PrvHex, a1[2]);
+843 			result.keyidx = ASN1HEX.getStartPosOfV_AtObj(pkcs8PrvHex, a1[2]);
 844 
-845 	    return result;
+845 			return result;
 846         },
 847 
-848 	/**
+848 		/**
 849          * get RSAKey/ECDSA private key object from PEM plain PEM PKCS#8 private key
-850 	 * @name getKeyFromPlainPrivatePKCS8PEM
-851 	 * @memberOf KEYUTIL
-852 	 * @function
-853 	 * @param {String} pkcs8PEM string of plain PEM formatted PKCS#8 private key
-854 	 * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object
-855 	 * @since pkcs5pkey 1.0.5
-856 	 */
-857 	getKeyFromPlainPrivatePKCS8PEM: function(prvKeyPEM) {
-858 	    var prvKeyHex = this.getHexFromPEM(prvKeyPEM, "PRIVATE KEY");
-859 	    var key = this.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex);
-860 	    return key;
-861 	},
+850 		 * @name getKeyFromPlainPrivatePKCS8PEM
+851 		 * @memberOf KEYUTIL
+852 		 * @function
+853 		 * @param {String} pkcs8PEM string of plain PEM formatted PKCS#8 private key
+854 		 * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object
+855 		 * @since pkcs5pkey 1.0.5
+856 		 */
+857 		getKeyFromPlainPrivatePKCS8PEM: function(prvKeyPEM) {
+858 			var prvKeyHex = this.getHexFromPEM(prvKeyPEM, "PRIVATE KEY");
+859 			var key = this.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex);
+860 			return key;
+861 		},
 862 
-863 	/**
+863 		/**
 864          * get RSAKey/ECDSA private key object from HEX plain PEM PKCS#8 private key
-865 	 * @name getKeyFromPlainPrivatePKCS8Hex
-866 	 * @memberOf KEYUTIL
-867 	 * @function
-868 	 * @param {String} prvKeyHex hexadecimal string of plain PKCS#8 private key
-869 	 * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object
-870 	 * @since pkcs5pkey 1.0.5
-871 	 */
-872 	getKeyFromPlainPrivatePKCS8Hex: function(prvKeyHex) {
-873 	    var p8 = this.parsePlainPrivatePKCS8Hex(prvKeyHex);
-874 	    
-875 	    if (p8.algoid == "2a864886f70d010101") { // RSA
-876 		this.parsePrivateRawRSAKeyHexAtObj(prvKeyHex, p8);
-877 		var k = p8.key;
-878 		var key = new RSAKey();
-879 		key.setPrivateEx(k.n, k.e, k.d, k.p, k.q, k.dp, k.dq, k.co);
-880 		return key;
-881 	    } else if (p8.algoid == "2a8648ce3d0201") { // ECC
-882 		this.parsePrivateRawECKeyHexAtObj(prvKeyHex, p8);
-883 		if (KJUR.crypto.OID.oidhex2name[p8.algparam] === undefined)
-884 		    throw "KJUR.crypto.OID.oidhex2name undefined: " + p8.algparam;
-885 		var curveName = KJUR.crypto.OID.oidhex2name[p8.algparam];
-886 		var key = new KJUR.crypto.ECDSA({'curve': curveName});
-887 		key.setPublicKeyHex(p8.pubkey);
-888 		key.setPrivateKeyHex(p8.key);
-889 		key.isPublic = false;
-890 		return key;
-891 	    } else if (p8.algoid == "2a8648ce380401") { // DSA
-892 		var hP = ASN1HEX.getVbyList(prvKeyHex, 0, [1,1,0], "02");
-893 		var hQ = ASN1HEX.getVbyList(prvKeyHex, 0, [1,1,1], "02");
-894 		var hG = ASN1HEX.getVbyList(prvKeyHex, 0, [1,1,2], "02");
-895 		var hX = ASN1HEX.getVbyList(prvKeyHex, 0, [2,0], "02");
-896 		var biP = new BigInteger(hP, 16);
-897 		var biQ = new BigInteger(hQ, 16);
-898 		var biG = new BigInteger(hG, 16);
-899 		var biX = new BigInteger(hX, 16);
-900 		var key = new KJUR.crypto.DSA();
-901 		key.setPrivate(biP, biQ, biG, null, biX);
-902 		return key;
-903 	    } else {
-904 		throw "unsupported private key algorithm";
-905 	    }
-906 	},
+865 		 * @name getKeyFromPlainPrivatePKCS8Hex
+866 		 * @memberOf KEYUTIL
+867 		 * @function
+868 		 * @param {String} prvKeyHex hexadecimal string of plain PKCS#8 private key
+869 		 * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object
+870 		 * @since pkcs5pkey 1.0.5
+871 		 */
+872 		getKeyFromPlainPrivatePKCS8Hex: function(prvKeyHex) {
+873 			var p8 = this.parsePlainPrivatePKCS8Hex(prvKeyHex);
+874 			
+875 			if (p8.algoid == "2a864886f70d010101") { // RSA
+876 				this.parsePrivateRawRSAKeyHexAtObj(prvKeyHex, p8);
+877 				var k = p8.key;
+878 				var key = new RSAKey();
+879 				key.setPrivateEx(k.n, k.e, k.d, k.p, k.q, k.dp, k.dq, k.co);
+880 				return key;
+881 			} else if (p8.algoid == "2a8648ce3d0201") { // ECC
+882 				this.parsePrivateRawECKeyHexAtObj(prvKeyHex, p8);
+883 				if (KJUR.crypto.OID.oidhex2name[p8.algparam] === undefined)
+884 					throw "KJUR.crypto.OID.oidhex2name undefined: " + p8.algparam;
+885 				var curveName = KJUR.crypto.OID.oidhex2name[p8.algparam];
+886 				var key = new KJUR.crypto.ECDSA({'curve': curveName});
+887 				key.setPublicKeyHex(p8.pubkey);
+888 				key.setPrivateKeyHex(p8.key);
+889 				key.isPublic = false;
+890 				return key;
+891 			} else if (p8.algoid == "2a8648ce380401") { // DSA
+892 				var hP = ASN1HEX.getVbyList(prvKeyHex, 0, [1,1,0], "02");
+893 				var hQ = ASN1HEX.getVbyList(prvKeyHex, 0, [1,1,1], "02");
+894 				var hG = ASN1HEX.getVbyList(prvKeyHex, 0, [1,1,2], "02");
+895 				var hX = ASN1HEX.getVbyList(prvKeyHex, 0, [2,0], "02");
+896 				var biP = new BigInteger(hP, 16);
+897 				var biQ = new BigInteger(hQ, 16);
+898 				var biG = new BigInteger(hG, 16);
+899 				var biX = new BigInteger(hX, 16);
+900 				var key = new KJUR.crypto.DSA();
+901 				key.setPrivate(biP, biQ, biG, null, biX);
+902 				return key;
+903 			} else {
+904 				throw "unsupported private key algorithm";
+905 			}
+906 		},
 907 
-908 	// === PKCS8 RSA Public Key ================================================
-909 	/**
+908 		// === PKCS8 RSA Public Key ================================================
+909 		/**
 910          * (DEPRECATED) read PEM formatted PKCS#8 public key and returns RSAKey object
-911 	 * @name getRSAKeyFromPublicPKCS8PEM
-912 	 * @memberOf KEYUTIL
-913 	 * @function
-914 	 * @param {String} pkcs8PubPEM PEM formatted PKCS#8 public key
-915 	 * @return {RSAKey} loaded RSAKey object of RSA public key
+911 		 * @name getRSAKeyFromPublicPKCS8PEM
+912 		 * @memberOf KEYUTIL
+913 		 * @function
+914 		 * @param {String} pkcs8PubPEM PEM formatted PKCS#8 public key
+915 		 * @return {RSAKey} loaded RSAKey object of RSA public key
 916          * @since pkcs5pkey 1.0.4
-917 	 * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}.
-918 	 */
+917 		 * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}.
+918 		 */
 919         getRSAKeyFromPublicPKCS8PEM: function(pkcs8PubPEM) {
 920             var pubKeyHex = this.getHexFromPEM(pkcs8PubPEM, "PUBLIC KEY");
 921             var rsaKey = this.getRSAKeyFromPublicPKCS8Hex(pubKeyHex);
-922 	    return rsaKey;
-923 	},
+922 			return rsaKey;
+923 		},
 924 
-925 	/**
+925 		/**
 926          * (DEPRECATED) get RSAKey/ECDSA public key object from PEM PKCS#8 public key
-927 	 * @name getKeyFromPublicPKCS8PEM
-928 	 * @memberOf KEYUTIL
-929 	 * @function
-930 	 * @param {String} pkcsPub8PEM string of PEM formatted PKCS#8 public key
-931 	 * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object
-932 	 * @since pkcs5pkey 1.0.5
-933 	 * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}.
-934 	 */
+927 		 * @name getKeyFromPublicPKCS8PEM
+928 		 * @memberOf KEYUTIL
+929 		 * @function
+930 		 * @param {String} pkcsPub8PEM string of PEM formatted PKCS#8 public key
+931 		 * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object
+932 		 * @since pkcs5pkey 1.0.5
+933 		 * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}.
+934 		 */
 935         getKeyFromPublicPKCS8PEM: function(pkcs8PubPEM) {
 936             var pubKeyHex = this.getHexFromPEM(pkcs8PubPEM, "PUBLIC KEY");
 937             var key = this.getKeyFromPublicPKCS8Hex(pubKeyHex);
-938 	    return key;
-939 	},
+938 			return key;
+939 		},
 940 
-941 	/**
+941 		/**
 942          * (DEPRECATED) get RSAKey/DSA/ECDSA public key object from hexadecimal string of PKCS#8 public key
-943 	 * @name getKeyFromPublicPKCS8Hex
-944 	 * @memberOf KEYUTIL
-945 	 * @function
-946 	 * @param {String} pkcsPub8Hex hexadecimal string of PKCS#8 public key
-947 	 * @return {Object} RSAKey or KJUR.crypto.{ECDSA,DSA} private key object
-948 	 * @since pkcs5pkey 1.0.5
-949 	 * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}.
-950 	 */
+943 		 * @name getKeyFromPublicPKCS8Hex
+944 		 * @memberOf KEYUTIL
+945 		 * @function
+946 		 * @param {String} pkcsPub8Hex hexadecimal string of PKCS#8 public key
+947 		 * @return {Object} RSAKey or KJUR.crypto.{ECDSA,DSA} private key object
+948 		 * @since pkcs5pkey 1.0.5
+949 		 * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}.
+950 		 */
 951         getKeyFromPublicPKCS8Hex: function(pkcs8PubHex) {
-952 	    var p8 = this.parsePublicPKCS8Hex(pkcs8PubHex);
-953 	    
-954 	    if (p8.algoid == "2a864886f70d010101") { // RSA
-955 		var aRSA = this.parsePublicRawRSAKeyHex(p8.key);
-956 		var key = new RSAKey();
-957 		key.setPublic(aRSA.n, aRSA.e);
-958 		return key;
-959 	    } else if (p8.algoid == "2a8648ce3d0201") { // ECC
-960 		if (KJUR.crypto.OID.oidhex2name[p8.algparam] === undefined)
-961 		    throw "KJUR.crypto.OID.oidhex2name undefined: " + p8.algparam;
-962 		var curveName = KJUR.crypto.OID.oidhex2name[p8.algparam];
-963 		var key = new KJUR.crypto.ECDSA({'curve': curveName, 'pub': p8.key});
-964 		return key;
-965 	    } else if (p8.algoid == "2a8648ce380401") { // DSA 1.2.840.10040.4.1
-966 		var param = p8.algparam;
+952 			var p8 = this.parsePublicPKCS8Hex(pkcs8PubHex);
+953 			
+954 			if (p8.algoid == "2a864886f70d010101") { // RSA
+955 				var aRSA = this.parsePublicRawRSAKeyHex(p8.key);
+956 				var key = new RSAKey();
+957 				key.setPublic(aRSA.n, aRSA.e);
+958 				return key;
+959 			} else if (p8.algoid == "2a8648ce3d0201") { // ECC
+960 				if (KJUR.crypto.OID.oidhex2name[p8.algparam] === undefined)
+961 					throw "KJUR.crypto.OID.oidhex2name undefined: " + p8.algparam;
+962 				var curveName = KJUR.crypto.OID.oidhex2name[p8.algparam];
+963 				var key = new KJUR.crypto.ECDSA({'curve': curveName, 'pub': p8.key});
+964 				return key;
+965 			} else if (p8.algoid == "2a8648ce380401") { // DSA 1.2.840.10040.4.1
+966 				var param = p8.algparam;
 967                 var y = ASN1HEX.getHexOfV_AtObj(p8.key, 0);
-968 		var key = new KJUR.crypto.DSA();
-969 		key.setPublic(new BigInteger(param.p, 16),
-970 			      new BigInteger(param.q, 16),
-971 			      new BigInteger(param.g, 16),
-972 			      new BigInteger(y, 16));
-973 		return key;
-974 	    } else {
-975 		throw "unsupported public key algorithm";
-976 	    }
-977 	},
+968 				var key = new KJUR.crypto.DSA();
+969 				key.setPublic(new BigInteger(param.p, 16),
+970 							  new BigInteger(param.q, 16),
+971 							  new BigInteger(param.g, 16),
+972 							  new BigInteger(y, 16));
+973 				return key;
+974 			} else {
+975 				throw "unsupported public key algorithm";
+976 			}
+977 		},
 978 
-979 	/**
+979 		/**
 980          * parse hexadecimal string of plain PKCS#8 private key
-981 	 * @name parsePublicRawRSAKeyHex
-982 	 * @memberOf KEYUTIL
-983 	 * @function
-984 	 * @param {String} pubRawRSAHex hexadecimal string of ASN.1 encoded PKCS#8 public key
-985 	 * @return {Array} associative array of parsed key
-986 	 * @since pkcs5pkey 1.0.5
-987 	 * @description
-988 	 * Resulted associative array has following properties:
-989 	 * <ul>
-990 	 * <li>n - hexadecimal string of public key
-991 	 * <li>e - hexadecimal string of public exponent
-992 	 * </ul>
-993 	 */
-994 	parsePublicRawRSAKeyHex: function(pubRawRSAHex) {
-995 	    var result = {};
-996 	    
-997 	    // 1. Sequence
-998 	    if (pubRawRSAHex.substr(0, 2) != "30")
-999 		throw "malformed RSA key(code:001)"; // not sequence
-1000 	    
-1001 	    var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pubRawRSAHex, 0);
-1002 	    if (a1.length != 2)
-1003 		throw "malformed RSA key(code:002)"; // not 2 items in seq
+981 		 * @name parsePublicRawRSAKeyHex
+982 		 * @memberOf KEYUTIL
+983 		 * @function
+984 		 * @param {String} pubRawRSAHex hexadecimal string of ASN.1 encoded PKCS#8 public key
+985 		 * @return {Array} associative array of parsed key
+986 		 * @since pkcs5pkey 1.0.5
+987 		 * @description
+988 		 * Resulted associative array has following properties:
+989 		 * <ul>
+990 		 * <li>n - hexadecimal string of public key
+991 		 * <li>e - hexadecimal string of public exponent
+992 		 * </ul>
+993 		 */
+994 		parsePublicRawRSAKeyHex: function(pubRawRSAHex) {
+995 			var result = {};
+996 			
+997 			// 1. Sequence
+998 			if (pubRawRSAHex.substr(0, 2) != "30")
+999 				throw "malformed RSA key(code:001)"; // not sequence
+1000 			
+1001 			var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pubRawRSAHex, 0);
+1002 			if (a1.length != 2)
+1003 				throw "malformed RSA key(code:002)"; // not 2 items in seq
 1004 
-1005 	    // 2. public key "N"
-1006 	    if (pubRawRSAHex.substr(a1[0], 2) != "02")
-1007 		throw "malformed RSA key(code:003)"; // 1st item is not integer
+1005 			// 2. public key "N"
+1006 			if (pubRawRSAHex.substr(a1[0], 2) != "02")
+1007 				throw "malformed RSA key(code:003)"; // 1st item is not integer
 1008 
-1009 	    result.n = ASN1HEX.getHexOfV_AtObj(pubRawRSAHex, a1[0]);
+1009 			result.n = ASN1HEX.getHexOfV_AtObj(pubRawRSAHex, a1[0]);
 1010 
-1011 	    // 3. public key "E"
-1012 	    if (pubRawRSAHex.substr(a1[1], 2) != "02")
-1013 		throw "malformed RSA key(code:004)"; // 2nd item is not integer
+1011 			// 3. public key "E"
+1012 			if (pubRawRSAHex.substr(a1[1], 2) != "02")
+1013 				throw "malformed RSA key(code:004)"; // 2nd item is not integer
 1014 
-1015 	    result.e = ASN1HEX.getHexOfV_AtObj(pubRawRSAHex, a1[1]);
+1015 			result.e = ASN1HEX.getHexOfV_AtObj(pubRawRSAHex, a1[1]);
 1016 
-1017 	    return result;
-1018 	},
+1017 			return result;
+1018 		},
 1019 
-1020 	/**
+1020 		/**
 1021          * parse hexadecimal string of RSA private key
-1022 	 * @name parsePrivateRawRSAKeyHexAtObj
-1023 	 * @memberOf KEYUTIL
-1024 	 * @function
-1025 	 * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 private key concluding RSA private key
-1026 	 * @return {Array} info associative array to add parsed RSA private key information
-1027 	 * @since pkcs5pkey 1.0.5
-1028 	 * @description
-1029 	 * Following properties are added to associative array 'info'
-1030 	 * <ul>
-1031 	 * <li>n - hexadecimal string of public key
-1032 	 * <li>e - hexadecimal string of public exponent
-1033 	 * <li>d - hexadecimal string of private key
-1034 	 * <li>p - hexadecimal string
-1035 	 * <li>q - hexadecimal string
-1036 	 * <li>dp - hexadecimal string
-1037 	 * <li>dq - hexadecimal string
-1038 	 * <li>co - hexadecimal string
-1039 	 * </ul>
-1040 	 */
-1041 	parsePrivateRawRSAKeyHexAtObj: function(pkcs8PrvHex, info) {
-1042 	    var keyIdx = info.keyidx;
-1043 	    
-1044 	    // 1. sequence
-1045 	    if (pkcs8PrvHex.substr(keyIdx, 2) != "30")
-1046 		throw "malformed RSA private key(code:001)"; // not sequence
+1022 		 * @name parsePrivateRawRSAKeyHexAtObj
+1023 		 * @memberOf KEYUTIL
+1024 		 * @function
+1025 		 * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 private key concluding RSA private key
+1026 		 * @return {Array} info associative array to add parsed RSA private key information
+1027 		 * @since pkcs5pkey 1.0.5
+1028 		 * @description
+1029 		 * Following properties are added to associative array 'info'
+1030 		 * <ul>
+1031 		 * <li>n - hexadecimal string of public key
+1032 		 * <li>e - hexadecimal string of public exponent
+1033 		 * <li>d - hexadecimal string of private key
+1034 		 * <li>p - hexadecimal string
+1035 		 * <li>q - hexadecimal string
+1036 		 * <li>dp - hexadecimal string
+1037 		 * <li>dq - hexadecimal string
+1038 		 * <li>co - hexadecimal string
+1039 		 * </ul>
+1040 		 */
+1041 		parsePrivateRawRSAKeyHexAtObj: function(pkcs8PrvHex, info) {
+1042 			var keyIdx = info.keyidx;
+1043 			
+1044 			// 1. sequence
+1045 			if (pkcs8PrvHex.substr(keyIdx, 2) != "30")
+1046 				throw "malformed RSA private key(code:001)"; // not sequence
 1047 
-1048 	    var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PrvHex, keyIdx);
-1049 	    if (a1.length != 9)
-1050 		throw "malformed RSA private key(code:002)"; // not sequence
+1048 			var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PrvHex, keyIdx);
+1049 			if (a1.length != 9)
+1050 				throw "malformed RSA private key(code:002)"; // not sequence
 1051 
-1052 	    // 2. RSA key
-1053 	    info.key = {};
-1054 	    info.key.n = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[1]);
-1055 	    info.key.e = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[2]);
-1056 	    info.key.d = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[3]);
-1057 	    info.key.p = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[4]);
-1058 	    info.key.q = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[5]);
-1059 	    info.key.dp = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[6]);
-1060 	    info.key.dq = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[7]);
-1061 	    info.key.co = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[8]);
-1062 	},
+1052 			// 2. RSA key
+1053 			info.key = {};
+1054 			info.key.n = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[1]);
+1055 			info.key.e = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[2]);
+1056 			info.key.d = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[3]);
+1057 			info.key.p = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[4]);
+1058 			info.key.q = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[5]);
+1059 			info.key.dp = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[6]);
+1060 			info.key.dq = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[7]);
+1061 			info.key.co = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[8]);
+1062 		},
 1063 
-1064 	/**
+1064 		/**
 1065          * parse hexadecimal string of ECC private key
-1066 	 * @name parsePrivateRawECKeyHexAtObj
-1067 	 * @memberOf KEYUTIL
-1068 	 * @function
-1069 	 * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 private key concluding EC private key
-1070 	 * @return {Array} info associative array to add parsed ECC private key information
-1071 	 * @since pkcs5pkey 1.0.5
-1072 	 * @description
-1073 	 * Following properties are added to associative array 'info'
-1074 	 * <ul>
-1075 	 * <li>key - hexadecimal string of ECC private key
-1076 	 * </ul>
-1077 	 */
-1078 	parsePrivateRawECKeyHexAtObj: function(pkcs8PrvHex, info) {
-1079 	    var keyIdx = info.keyidx;
-1080 	    
-1081 	    var key = ASN1HEX.getVbyList(pkcs8PrvHex, keyIdx, [1], "04");
-1082 	    var pubkey = ASN1HEX.getVbyList(pkcs8PrvHex, keyIdx, [2,0], "03").substr(2);
+1066 		 * @name parsePrivateRawECKeyHexAtObj
+1067 		 * @memberOf KEYUTIL
+1068 		 * @function
+1069 		 * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 private key concluding EC private key
+1070 		 * @return {Array} info associative array to add parsed ECC private key information
+1071 		 * @since pkcs5pkey 1.0.5
+1072 		 * @description
+1073 		 * Following properties are added to associative array 'info'
+1074 		 * <ul>
+1075 		 * <li>key - hexadecimal string of ECC private key
+1076 		 * </ul>
+1077 		 */
+1078 		parsePrivateRawECKeyHexAtObj: function(pkcs8PrvHex, info) {
+1079 			var keyIdx = info.keyidx;
+1080 			
+1081 			var key = ASN1HEX.getVbyList(pkcs8PrvHex, keyIdx, [1], "04");
+1082 			var pubkey = ASN1HEX.getVbyList(pkcs8PrvHex, keyIdx, [2,0], "03").substr(2);
 1083 
-1084 	    info.key = key;
-1085 	    info.pubkey = pubkey;
-1086 	},
+1084 			info.key = key;
+1085 			info.pubkey = pubkey;
+1086 		},
 1087 
-1088 	/**
+1088 		/**
 1089          * parse hexadecimal string of PKCS#8 RSA/EC/DSA public key
-1090 	 * @name parsePublicPKCS8Hex
-1091 	 * @memberOf KEYUTIL
-1092 	 * @function
-1093 	 * @param {String} pkcs8PubHex hexadecimal string of PKCS#8 public key
-1094 	 * @return {Hash} hash of key information
-1095 	 * @description
+1090 		 * @name parsePublicPKCS8Hex
+1091 		 * @memberOf KEYUTIL
+1092 		 * @function
+1093 		 * @param {String} pkcs8PubHex hexadecimal string of PKCS#8 public key
+1094 		 * @return {Hash} hash of key information
+1095 		 * @description
 1096          * Resulted hash has following attributes.
-1097 	 * <ul>
-1098 	 * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
-1099 	 * <li>algparam - hexadecimal string of OID of ECC curve name, parameter SEQUENCE of DSA or null</li>
-1100 	 * <li>key - hexadecimal string of public key</li>
-1101 	 * </ul>
-1102 	 */
+1097 		 * <ul>
+1098 		 * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
+1099 		 * <li>algparam - hexadecimal string of OID of ECC curve name, parameter SEQUENCE of DSA or null</li>
+1100 		 * <li>key - hexadecimal string of public key</li>
+1101 		 * </ul>
+1102 		 */
 1103         parsePublicPKCS8Hex: function(pkcs8PubHex) {
-1104 	    var result = {};
-1105 	    result.algparam = null;
+1104 			var result = {};
+1105 			result.algparam = null;
 1106 
 1107             // 1. AlgID and Key bit string
-1108 	    var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PubHex, 0);
-1109 	    if (a1.length != 2)
-1110 		throw "outer DERSequence shall have 2 elements: " + a1.length;
+1108 			var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PubHex, 0);
+1109 			if (a1.length != 2)
+1110 				throw "outer DERSequence shall have 2 elements: " + a1.length;
 1111 
 1112             // 2. AlgID
 1113             var idxAlgIdTLV = a1[0];
@@ -1125,79 +1125,79 @@
 1118             if (a2.length != 2)
 1119                 throw "malformed PKCS8 public key(code:002)"; // AlgId not have two elements
 1120 
-1121 	    // 2.1. AlgID OID
-1122 	    if (pkcs8PubHex.substr(a2[0], 2) != "06")
-1123 		throw "malformed PKCS8 public key(code:003)"; // AlgId.oid is not OID
+1121 			// 2.1. AlgID OID
+1122 			if (pkcs8PubHex.substr(a2[0], 2) != "06")
+1123 				throw "malformed PKCS8 public key(code:003)"; // AlgId.oid is not OID
 1124 
-1125 	    result.algoid = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[0]);
+1125 			result.algoid = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[0]);
 1126 
-1127 	    // 2.2. AlgID param
-1128 	    if (pkcs8PubHex.substr(a2[1], 2) == "06") { // OID for EC
-1129 		result.algparam = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[1]);
-1130 	    } else if (pkcs8PubHex.substr(a2[1], 2) == "30") { // SEQ for DSA
-1131 		result.algparam = {};
-1132 		result.algparam.p = ASN1HEX.getVbyList(pkcs8PubHex, a2[1], [0], "02");
-1133 		result.algparam.q = ASN1HEX.getVbyList(pkcs8PubHex, a2[1], [1], "02");
-1134 		result.algparam.g = ASN1HEX.getVbyList(pkcs8PubHex, a2[1], [2], "02");
-1135 	    }
+1127 			// 2.2. AlgID param
+1128 			if (pkcs8PubHex.substr(a2[1], 2) == "06") { // OID for EC
+1129 				result.algparam = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[1]);
+1130 			} else if (pkcs8PubHex.substr(a2[1], 2) == "30") { // SEQ for DSA
+1131 				result.algparam = {};
+1132 				result.algparam.p = ASN1HEX.getVbyList(pkcs8PubHex, a2[1], [0], "02");
+1133 				result.algparam.q = ASN1HEX.getVbyList(pkcs8PubHex, a2[1], [1], "02");
+1134 				result.algparam.g = ASN1HEX.getVbyList(pkcs8PubHex, a2[1], [2], "02");
+1135 			}
 1136 
-1137 	    // 3. Key
-1138 	    if (pkcs8PubHex.substr(a1[1], 2) != "03")
-1139 		throw "malformed PKCS8 public key(code:004)"; // Key is not bit string
+1137 			// 3. Key
+1138 			if (pkcs8PubHex.substr(a1[1], 2) != "03")
+1139 				throw "malformed PKCS8 public key(code:004)"; // Key is not bit string
 1140 
-1141 	    result.key = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a1[1]).substr(2);
+1141 			result.key = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a1[1]).substr(2);
 1142             
-1143 	    // 4. return result assoc array
-1144 	    return result;
+1143 			// 4. return result assoc array
+1144 			return result;
 1145         },
 1146 
-1147 	/**
+1147 		/**
 1148          * (DEPRECATED) provide hexadecimal string of unencrypted PKCS#8 private key and returns RSAKey object
-1149 	 * @name getRSAKeyFromPublicPKCS8Hex
-1150 	 * @memberOf KEYUTIL
-1151 	 * @function
-1152 	 * @param {String} pkcs8PubHex hexadecimal string of unencrypted PKCS#8 public key
-1153 	 * @return {RSAKey} loaded RSAKey object of RSA public key
+1149 		 * @name getRSAKeyFromPublicPKCS8Hex
+1150 		 * @memberOf KEYUTIL
+1151 		 * @function
+1152 		 * @param {String} pkcs8PubHex hexadecimal string of unencrypted PKCS#8 public key
+1153 		 * @return {RSAKey} loaded RSAKey object of RSA public key
 1154          * @since pkcs5pkey 1.0.4
-1155 	 * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}.
-1156 	 */
+1155 		 * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}.
+1156 		 */
 1157         getRSAKeyFromPublicPKCS8Hex: function(pkcs8PubHex) {
-1158 	    var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PubHex, 0);
-1159 	    if (a1.length != 2)
-1160 		throw "outer DERSequence shall have 2 elements: " + a1.length;
+1158 			var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PubHex, 0);
+1159 			if (a1.length != 2)
+1160 				throw "outer DERSequence shall have 2 elements: " + a1.length;
 1161 
 1162             var algIdTLV =ASN1HEX.getHexOfTLV_AtObj(pkcs8PubHex, a1[0]);
-1163 	    if (algIdTLV != "300d06092a864886f70d0101010500") // AlgId rsaEncryption
-1164 		throw "PKCS8 AlgorithmId is not rsaEncryption";
-1165 	    
-1166 	    if (pkcs8PubHex.substr(a1[1], 2) != "03")
-1167 		throw "PKCS8 Public Key is not BITSTRING encapslated.";
+1163 			if (algIdTLV != "300d06092a864886f70d0101010500") // AlgId rsaEncryption
+1164 				throw "PKCS8 AlgorithmId is not rsaEncryption";
+1165 			
+1166 			if (pkcs8PubHex.substr(a1[1], 2) != "03")
+1167 				throw "PKCS8 Public Key is not BITSTRING encapslated.";
 1168 
-1169 	    var idxPub = ASN1HEX.getStartPosOfV_AtObj(pkcs8PubHex, a1[1]) + 2; // 2 for unused bit
-1170 	    
-1171 	    if (pkcs8PubHex.substr(idxPub, 2) != "30")
-1172 		throw "PKCS8 Public Key is not SEQUENCE.";
+1169 			var idxPub = ASN1HEX.getStartPosOfV_AtObj(pkcs8PubHex, a1[1]) + 2; // 2 for unused bit
+1170 			
+1171 			if (pkcs8PubHex.substr(idxPub, 2) != "30")
+1172 				throw "PKCS8 Public Key is not SEQUENCE.";
 1173 
-1174 	    var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PubHex, idxPub);
-1175 	    if (a2.length != 2)
-1176 		throw "inner DERSequence shall have 2 elements: " + a2.length;
+1174 			var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PubHex, idxPub);
+1175 			if (a2.length != 2)
+1176 				throw "inner DERSequence shall have 2 elements: " + a2.length;
 1177 
-1178 	    if (pkcs8PubHex.substr(a2[0], 2) != "02") 
-1179 		throw "N is not ASN.1 INTEGER";
-1180 	    if (pkcs8PubHex.substr(a2[1], 2) != "02") 
-1181 		throw "E is not ASN.1 INTEGER";
-1182 		
-1183 	    var hN = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[0]);
-1184 	    var hE = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[1]);
+1178 			if (pkcs8PubHex.substr(a2[0], 2) != "02") 
+1179 				throw "N is not ASN.1 INTEGER";
+1180 			if (pkcs8PubHex.substr(a2[1], 2) != "02") 
+1181 				throw "E is not ASN.1 INTEGER";
+1182 			
+1183 			var hN = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[0]);
+1184 			var hE = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[1]);
 1185 
-1186 	    var pubKey = new RSAKey();
-1187 	    pubKey.setPublic(hN, hE);
-1188 	    
-1189 	    return pubKey;
-1190 	},
+1186 			var pubKey = new RSAKey();
+1187 			pubKey.setPublic(hN, hE);
+1188 			
+1189 			return pubKey;
+1190 		},
 1191 
-1192 	//addAlgorithm: function(functionObject, algName, keyLen, ivLen) {
-1193 	//}
+1192 		//addAlgorithm: function(functionObject, algName, keyLen, ivLen) {
+1193 		//}
 1194     };
 1195 }();
 1196 
@@ -1250,165 +1250,165 @@
 1243 KEYUTIL.getKey = function(param, passcode, hextype) {
 1244     // 1. by key object
 1245     if (typeof RSAKey != 'undefined' && param instanceof RSAKey)
-1246 	return param;
+1246 		return param;
 1247     if (typeof KJUR.crypto.ECDSA != 'undefined' && param instanceof KJUR.crypto.ECDSA)
-1248 	return param;
+1248 		return param;
 1249     if (typeof KJUR.crypto.DSA != 'undefined' && param instanceof KJUR.crypto.DSA)
-1250 	return param;
+1250 		return param;
 1251 
 1252     // 2. by key spec
 1253     // 2.1. ECC private key
 1254     if (param.xy !== undefined && param.curve !== undefined) {
-1255 	return new KJUR.crypto.ECDSA({prv: param.xy, curve: param.curve});
+1255 		return new KJUR.crypto.ECDSA({prv: param.xy, curve: param.curve});
 1256     }
 1257     // 2.2. RSA private key
 1258     if (param.n !== undefined && param.e !== undefined && param.d !== undefined &&
-1259 	param.p !== undefined && param.q !== undefined &&
-1260 	param.dp !== undefined && param.dq !== undefined && param.co !== undefined) {
-1261 	var key = new RSAKey();
-1262 	key.setPrivateEx(param.n, param.e, param.d, param.p, param.q,
-1263 			 param.dp, param.dq, param.co);
-1264 	return key;
+1259 		param.p !== undefined && param.q !== undefined &&
+1260 		param.dp !== undefined && param.dq !== undefined && param.co !== undefined) {
+1261 		var key = new RSAKey();
+1262 		key.setPrivateEx(param.n, param.e, param.d, param.p, param.q,
+1263 						 param.dp, param.dq, param.co);
+1264 		return key;
 1265     }
 1266     // 2.3. DSA private key
 1267     if (param.p !== undefined && param.q !== undefined && param.g !== undefined && 
-1268 	param.y !== undefined && param.x !== undefined) {
-1269 	var key = new KJUR.crypto.DSA();
-1270 	key.setPrivate(param.p, param.q, param.g, param.y, param.x);
-1271 	return key;
+1268 		param.y !== undefined && param.x !== undefined) {
+1269 		var key = new KJUR.crypto.DSA();
+1270 		key.setPrivate(param.p, param.q, param.g, param.y, param.x);
+1271 		return key;
 1272     }
 1273 
 1274     // 2.4. ECC public key
 1275     if (param.d !== undefined && param.curve !== undefined) {
-1276 	return new KJUR.crypto.ECDSA({pub: param.d, curve: param.curve});
+1276 		return new KJUR.crypto.ECDSA({pub: param.d, curve: param.curve});
 1277     }
 1278     // 2.5. RSA private key
 1279     if (param.n !== undefined && param.e) {
-1280 	var key = new RSAKey();
-1281 	key.setPublic(param.n, param.e);
-1282 	return key;
+1280 		var key = new RSAKey();
+1281 		key.setPublic(param.n, param.e);
+1282 		return key;
 1283     }
 1284     // 2.6. DSA public key
 1285     if (param.p !== undefined && param.q !== undefined && param.g !== undefined && 
-1286 	param.y !== undefined && param.x === undefined) {
-1287 	var key = new KJUR.crypto.DSA();
-1288 	key.setPublic(param.p, param.q, param.g, param.y);
-1289 	return key;
+1286 		param.y !== undefined && param.x === undefined) {
+1287 		var key = new KJUR.crypto.DSA();
+1288 		key.setPublic(param.p, param.q, param.g, param.y);
+1289 		return key;
 1290     }
 1291 
 1292     // 3. by cert
 1293     if (param.indexOf("-END CERTIFICATE-", 0) != -1 ||
-1294 	param.indexOf("-END X509 CERTIFICATE-", 0) != -1 ||
-1295 	param.indexOf("-END TRUSTED CERTIFICATE-", 0) != -1) {
-1296 	return X509.getPublicKeyFromCertPEM(param);
+1294 		param.indexOf("-END X509 CERTIFICATE-", 0) != -1 ||
+1295 		param.indexOf("-END TRUSTED CERTIFICATE-", 0) != -1) {
+1296 		return X509.getPublicKeyFromCertPEM(param);
 1297     }
 1298 
 1299     // 4. public key by PKCS#8 hexadecimal string
 1300     if (hextype === "pkcs8pub") {
-1301 	return KEYUTIL.getKeyFromPublicPKCS8Hex(param);
+1301 		return KEYUTIL.getKeyFromPublicPKCS8Hex(param);
 1302     }
 1303 
 1304     // 5. public key by PKCS#8 PEM string
 1305     if (param.indexOf("-END PUBLIC KEY-") != -1) {
-1306 	return KEYUTIL.getKeyFromPublicPKCS8PEM(param);
+1306 		return KEYUTIL.getKeyFromPublicPKCS8PEM(param);
 1307     }
 1308     
 1309     // 6. private key by PKCS#5 plain hexadecimal RSA string
 1310     if (hextype === "pkcs5prv") {
-1311 	var key = new RSAKey();
-1312 	key.readPrivateKeyFromASN1HexString(param);
-1313 	return key;
+1311 		var key = new RSAKey();
+1312 		key.readPrivateKeyFromASN1HexString(param);
+1313 		return key;
 1314     }
 1315 
 1316     // 7. private key by plain PKCS#5 hexadecimal RSA string
 1317     if (hextype === "pkcs5prv") {
-1318 	var key = new RSAKey();
-1319 	key.readPrivateKeyFromASN1HexString(param);
-1320 	return key;
+1318 		var key = new RSAKey();
+1319 		key.readPrivateKeyFromASN1HexString(param);
+1320 		return key;
 1321     }
 1322 
 1323     // 8. private key by plain PKCS#5 PEM RSA string
 1324     if (param.indexOf("-END RSA PRIVATE KEY-") != -1 &&
-1325 	param.indexOf("4,ENCRYPTED") == -1) {
-1326 	var key = new RSAKey();
-1327 	key.readPrivateKeyFromPEMString(param);
-1328 	return key;
+1325 		param.indexOf("4,ENCRYPTED") == -1) {
+1326 		var key = new RSAKey();
+1327 		key.readPrivateKeyFromPEMString(param);
+1328 		return key;
 1329     }
 1330 
 1331     // 8.2. private key by plain PKCS#5 PEM DSA string
 1332     if (param.indexOf("-END DSA PRIVATE KEY-") != -1 &&
-1333 	param.indexOf("4,ENCRYPTED") == -1) {
+1333 		param.indexOf("4,ENCRYPTED") == -1) {
 1334 
-1335 	var hKey = this.getHexFromPEM(param, "DSA PRIVATE KEY");
-1336 	var p = ASN1HEX.getVbyList(hKey, 0, [1], "02");
-1337 	var q = ASN1HEX.getVbyList(hKey, 0, [2], "02");
-1338 	var g = ASN1HEX.getVbyList(hKey, 0, [3], "02");
-1339 	var y = ASN1HEX.getVbyList(hKey, 0, [4], "02");
-1340 	var x = ASN1HEX.getVbyList(hKey, 0, [5], "02");
-1341 	var key = new KJUR.crypto.DSA();
-1342 	key.setPrivate(new BigInteger(p, 16),
-1343 		       new BigInteger(q, 16),
-1344 		       new BigInteger(g, 16),
-1345 		       new BigInteger(y, 16),
-1346 		       new BigInteger(x, 16));
-1347 	return key;
+1335 		var hKey = this.getHexFromPEM(param, "DSA PRIVATE KEY");
+1336 		var p = ASN1HEX.getVbyList(hKey, 0, [1], "02");
+1337 		var q = ASN1HEX.getVbyList(hKey, 0, [2], "02");
+1338 		var g = ASN1HEX.getVbyList(hKey, 0, [3], "02");
+1339 		var y = ASN1HEX.getVbyList(hKey, 0, [4], "02");
+1340 		var x = ASN1HEX.getVbyList(hKey, 0, [5], "02");
+1341 		var key = new KJUR.crypto.DSA();
+1342 		key.setPrivate(new BigInteger(p, 16),
+1343 					   new BigInteger(q, 16),
+1344 					   new BigInteger(g, 16),
+1345 					   new BigInteger(y, 16),
+1346 					   new BigInteger(x, 16));
+1347 		return key;
 1348     }
 1349 
 1350     // 9. private key by plain PKCS#8 PEM ECC/RSA string
 1351     if (param.indexOf("-END PRIVATE KEY-") != -1) {
-1352 	return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(param);
+1352 		return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(param);
 1353     }
 1354 
 1355     // 10. private key by encrypted PKCS#5 PEM RSA string
 1356     if (param.indexOf("-END RSA PRIVATE KEY-") != -1 &&
-1357 	param.indexOf("4,ENCRYPTED") != -1) {
-1358 	return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(param, passcode);
+1357 		param.indexOf("4,ENCRYPTED") != -1) {
+1358 		return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(param, passcode);
 1359     }
 1360 
 1361     // 10.2. private key by encrypted PKCS#5 PEM ECDSA string
 1362     if (param.indexOf("-END EC PRIVATE KEY-") != -1 &&
-1363 	param.indexOf("4,ENCRYPTED") != -1) {
-1364 	var hKey = KEYUTIL.getDecryptedKeyHex(param, passcode);
+1363 		param.indexOf("4,ENCRYPTED") != -1) {
+1364 		var hKey = KEYUTIL.getDecryptedKeyHex(param, passcode);
 1365 
-1366 	var key = ASN1HEX.getVbyList(hKey, 0, [1], "04");
-1367 	var curveNameOidHex = ASN1HEX.getVbyList(hKey, 0, [2,0], "06");
-1368 	var pubkey = ASN1HEX.getVbyList(hKey, 0, [3,0], "03").substr(2);
-1369 	var curveName = "";
+1366 		var key = ASN1HEX.getVbyList(hKey, 0, [1], "04");
+1367 		var curveNameOidHex = ASN1HEX.getVbyList(hKey, 0, [2,0], "06");
+1368 		var pubkey = ASN1HEX.getVbyList(hKey, 0, [3,0], "03").substr(2);
+1369 		var curveName = "";
 1370 
-1371 	if (KJUR.crypto.OID.oidhex2name[curveNameOidHex] !== undefined) {
-1372 	    curveName = KJUR.crypto.OID.oidhex2name[curveNameOidHex];
-1373 	} else {
-1374 	    throw "undefined OID(hex) in KJUR.crypto.OID: " + curveNameOidHex;
-1375 	}
+1371 		if (KJUR.crypto.OID.oidhex2name[curveNameOidHex] !== undefined) {
+1372 			curveName = KJUR.crypto.OID.oidhex2name[curveNameOidHex];
+1373 		} else {
+1374 			throw "undefined OID(hex) in KJUR.crypto.OID: " + curveNameOidHex;
+1375 		}
 1376 
-1377 	var ec = new KJUR.crypto.ECDSA({'name': curveName});
-1378 	ec.setPublicKeyHex(pubkey);
-1379 	ec.setPrivateKeyHex(key);
-1380 	ec.isPublic = false;
-1381 	return ec;
+1377 		var ec = new KJUR.crypto.ECDSA({'name': curveName});
+1378 		ec.setPublicKeyHex(pubkey);
+1379 		ec.setPrivateKeyHex(key);
+1380 		ec.isPublic = false;
+1381 		return ec;
 1382     }
 1383 
 1384     // 10.3. private key by encrypted PKCS#5 PEM DSA string
 1385     if (param.indexOf("-END DSA PRIVATE KEY-") != -1 &&
-1386 	param.indexOf("4,ENCRYPTED") != -1) {
-1387 	var hKey = KEYUTIL.getDecryptedKeyHex(param, passcode);
-1388 	var p = ASN1HEX.getVbyList(hKey, 0, [1], "02");
-1389 	var q = ASN1HEX.getVbyList(hKey, 0, [2], "02");
-1390 	var g = ASN1HEX.getVbyList(hKey, 0, [3], "02");
-1391 	var y = ASN1HEX.getVbyList(hKey, 0, [4], "02");
-1392 	var x = ASN1HEX.getVbyList(hKey, 0, [5], "02");
-1393 	var key = new KJUR.crypto.DSA();
-1394 	key.setPrivate(new BigInteger(p, 16),
-1395 		       new BigInteger(q, 16),
-1396 		       new BigInteger(g, 16),
-1397 		       new BigInteger(y, 16),
-1398 		       new BigInteger(x, 16));
-1399 	return key;
+1386 		param.indexOf("4,ENCRYPTED") != -1) {
+1387 		var hKey = KEYUTIL.getDecryptedKeyHex(param, passcode);
+1388 		var p = ASN1HEX.getVbyList(hKey, 0, [1], "02");
+1389 		var q = ASN1HEX.getVbyList(hKey, 0, [2], "02");
+1390 		var g = ASN1HEX.getVbyList(hKey, 0, [3], "02");
+1391 		var y = ASN1HEX.getVbyList(hKey, 0, [4], "02");
+1392 		var x = ASN1HEX.getVbyList(hKey, 0, [5], "02");
+1393 		var key = new KJUR.crypto.DSA();
+1394 		key.setPrivate(new BigInteger(p, 16),
+1395 					   new BigInteger(q, 16),
+1396 					   new BigInteger(g, 16),
+1397 					   new BigInteger(y, 16),
+1398 					   new BigInteger(x, 16));
+1399 		return key;
 1400     }
 1401 
 1402     // 11. private key by encrypted PKCS#8 hexadecimal RSA/ECDSA string
 1403     if (param.indexOf("-END ENCRYPTED PRIVATE KEY-") != -1) {
-1404 	return KEYUTIL.getKeyFromEncryptedPKCS8PEM(param, passcode);
+1404 		return KEYUTIL.getKeyFromEncryptedPKCS8PEM(param, passcode);
 1405     }
 1406 
 1407     throw "not supported argument";
@@ -1443,36 +1443,36 @@
 1436  */
 1437 KEYUTIL.generateKeypair = function(alg, keylenOrCurve) {
 1438     if (alg == "RSA") {
-1439 	var keylen = keylenOrCurve;
-1440 	var prvKey = new RSAKey();
-1441 	prvKey.generate(keylen, '10001');
-1442 	
-1443 	var pubKey = new RSAKey();
-1444 	var hN = prvKey.n.toString(16);
-1445 	var hE = prvKey.e.toString(16);
-1446 	pubKey.setPublic(hN, hE);
-1447 	
-1448 	var result = {};
-1449 	result.prvKeyObj = prvKey;
-1450 	result.pubKeyObj = pubKey;
-1451 	return result;
+1439 		var keylen = keylenOrCurve;
+1440 		var prvKey = new RSAKey();
+1441 		prvKey.generate(keylen, '10001');
+1442 		
+1443 		var pubKey = new RSAKey();
+1444 		var hN = prvKey.n.toString(16);
+1445 		var hE = prvKey.e.toString(16);
+1446 		pubKey.setPublic(hN, hE);
+1447 		
+1448 		var result = {};
+1449 		result.prvKeyObj = prvKey;
+1450 		result.pubKeyObj = pubKey;
+1451 		return result;
 1452     } else if (alg == "EC") {
-1453 	var curve = keylenOrCurve;
-1454 	var ec = new KJUR.crypto.ECDSA({curve: curve});
-1455 	var keypairHex = ec.generateKeyPairHex();
+1453 		var curve = keylenOrCurve;
+1454 		var ec = new KJUR.crypto.ECDSA({curve: curve});
+1455 		var keypairHex = ec.generateKeyPairHex();
 1456 
-1457 	var prvKey = new KJUR.crypto.ECDSA({curve: curve});
-1458 	prvKey.setPrivateKeyHex(keypairHex.ecprvhex);
+1457 		var prvKey = new KJUR.crypto.ECDSA({curve: curve});
+1458 		prvKey.setPrivateKeyHex(keypairHex.ecprvhex);
 1459 
-1460 	var pubKey = new KJUR.crypto.ECDSA({curve: curve});
-1461 	pubKey.setPublicKeyHex(keypairHex.ecpubhex);
+1460 		var pubKey = new KJUR.crypto.ECDSA({curve: curve});
+1461 		pubKey.setPublicKeyHex(keypairHex.ecpubhex);
 1462 
-1463 	var result = {};
-1464 	result.prvKeyObj = prvKey;
-1465 	result.pubKeyObj = pubKey;
-1466 	return result;
+1463 		var result = {};
+1464 		result.prvKeyObj = prvKey;
+1465 		result.pubKeyObj = pubKey;
+1466 		return result;
 1467     } else {
-1468 	throw "unknown algorithm: " + alg;
+1468 		throw "unknown algorithm: " + alg;
 1469     }
 1470 };
 1471 
@@ -1513,37 +1513,37 @@
 1506     var ns2 = KJUR.crypto;
 1507 
 1508     function _rsaprv2asn1obj(keyObjOrHex) {
-1509 	var asn1Obj = KJUR.asn1.ASN1Util.newObject({
-1510 		"seq": [
+1509 		var asn1Obj = KJUR.asn1.ASN1Util.newObject({
+1510 			"seq": [
 1511 	            {"int": 0 },
 1512 	            {"int": {"bigint": keyObjOrHex.n}},
-1513 		    {"int": keyObjOrHex.e},
-1514 		    {"int": {"bigint": keyObjOrHex.d}},
-1515 		    {"int": {"bigint": keyObjOrHex.p}},
-1516 		    {"int": {"bigint": keyObjOrHex.q}},
-1517 		    {"int": {"bigint": keyObjOrHex.dmp1}},
-1518 		    {"int": {"bigint": keyObjOrHex.dmq1}},
-1519 		    {"int": {"bigint": keyObjOrHex.coeff}}
+1513 				{"int": keyObjOrHex.e},
+1514 				{"int": {"bigint": keyObjOrHex.d}},
+1515 				{"int": {"bigint": keyObjOrHex.p}},
+1516 				{"int": {"bigint": keyObjOrHex.q}},
+1517 				{"int": {"bigint": keyObjOrHex.dmp1}},
+1518 				{"int": {"bigint": keyObjOrHex.dmq1}},
+1519 				{"int": {"bigint": keyObjOrHex.coeff}}
 1520 			]
 1521 	    });
-1522 	return asn1Obj;
+1522 		return asn1Obj;
 1523     };
 1524 
 1525     function _ecdsaprv2asn1obj(keyObjOrHex) {
-1526 	var asn1Obj2 = KJUR.asn1.ASN1Util.newObject({
-1527 		"seq": [
+1526 		var asn1Obj2 = KJUR.asn1.ASN1Util.newObject({
+1527 			"seq": [
 1528 	            {"int": 1 },
 1529 	            {"octstr": {"hex": keyObjOrHex.prvKeyHex}},
 1530 	            {"tag": ['a0', true, {'oid': {'name': keyObjOrHex.curveName}}]},
 1531 	            {"tag": ['a1', true, {'bitstr': {'hex': '00' + keyObjOrHex.pubKeyHex}}]}
 1532 			]
 1533 	    });
-1534 	return asn1Obj2;
+1534 		return asn1Obj2;
 1535     };
 1536 
 1537     function _dsaprv2asn1obj(keyObjOrHex) {
-1538 	var asn1Obj = KJUR.asn1.ASN1Util.newObject({
-1539 		"seq": [
+1538 		var asn1Obj = KJUR.asn1.ASN1Util.newObject({
+1539 			"seq": [
 1540 	            {"int": 0 },
 1541 	            {"int": {"bigint": keyObjOrHex.p}},
 1542 	            {"int": {"bigint": keyObjOrHex.q}},
@@ -1552,119 +1552,119 @@
 1545 	            {"int": {"bigint": keyObjOrHex.x}}
 1546 			]
 1547 	    });
-1548 	return asn1Obj;
+1548 		return asn1Obj;
 1549     };
 1550 
 1551     // 1. public key
 1552 
 1553     // x. PEM PKCS#8 public key of RSA/ECDSA/DSA public key object
 1554     if (((typeof RSAKey != "undefined" && keyObjOrHex instanceof RSAKey) ||
-1555 	 (typeof ns2.DSA != "undefined" && keyObjOrHex instanceof ns2.DSA) ||
-1556 	 (typeof ns2.ECDSA != "undefined" && keyObjOrHex instanceof ns2.ECDSA)) &&
-1557 	keyObjOrHex.isPublic == true &&
-1558 	(formatType === undefined || formatType == "PKCS8PUB")) {
-1559 	var asn1Obj = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObjOrHex);
-1560 	var asn1Hex = asn1Obj.getEncodedHex();
-1561 	return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PUBLIC KEY");
+1555 		 (typeof ns2.DSA != "undefined" && keyObjOrHex instanceof ns2.DSA) ||
+1556 		 (typeof ns2.ECDSA != "undefined" && keyObjOrHex instanceof ns2.ECDSA)) &&
+1557 		keyObjOrHex.isPublic == true &&
+1558 		(formatType === undefined || formatType == "PKCS8PUB")) {
+1559 		var asn1Obj = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObjOrHex);
+1560 		var asn1Hex = asn1Obj.getEncodedHex();
+1561 		return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PUBLIC KEY");
 1562     }
 1563     
 1564     // 2. private
 1565 
 1566     // x. PEM PKCS#1 plain private key of RSA private key object
 1567     if (formatType == "PKCS1PRV" &&
-1568 	typeof RSAKey != "undefined" &&
-1569 	keyObjOrHex instanceof RSAKey &&
-1570 	(passwd === undefined || passwd == null) &&
-1571 	keyObjOrHex.isPrivate  == true) {
+1568 		typeof RSAKey != "undefined" &&
+1569 		keyObjOrHex instanceof RSAKey &&
+1570 		(passwd === undefined || passwd == null) &&
+1571 		keyObjOrHex.isPrivate  == true) {
 1572 
-1573 	var asn1Obj = _rsaprv2asn1obj(keyObjOrHex);
+1573 		var asn1Obj = _rsaprv2asn1obj(keyObjOrHex);
 1574         var asn1Hex = asn1Obj.getEncodedHex();
-1575 	return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "RSA PRIVATE KEY");
+1575 		return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "RSA PRIVATE KEY");
 1576     }
 1577 
 1578     // x. PEM PKCS#1 plain private key of ECDSA private key object
 1579     if (formatType == "PKCS1PRV" &&
-1580 	typeof RSAKey != "undefined" &&
-1581 	keyObjOrHex instanceof KJUR.crypto.ECDSA &&
-1582 	(passwd === undefined || passwd == null) &&
-1583 	keyObjOrHex.isPrivate  == true) {
+1580 		typeof RSAKey != "undefined" &&
+1581 		keyObjOrHex instanceof KJUR.crypto.ECDSA &&
+1582 		(passwd === undefined || passwd == null) &&
+1583 		keyObjOrHex.isPrivate  == true) {
 1584 
-1585 	var asn1Obj1 = new KJUR.asn1.DERObjectIdentifier({'name': keyObjOrHex.curveName});
-1586 	var asn1Hex1 = asn1Obj1.getEncodedHex();
-1587 	var asn1Obj2 = _ecdsaprv2asn1obj(keyObjOrHex);
+1585 		var asn1Obj1 = new KJUR.asn1.DERObjectIdentifier({'name': keyObjOrHex.curveName});
+1586 		var asn1Hex1 = asn1Obj1.getEncodedHex();
+1587 		var asn1Obj2 = _ecdsaprv2asn1obj(keyObjOrHex);
 1588         var asn1Hex2 = asn1Obj2.getEncodedHex();
 1589 
-1590 	var s = "";
-1591 	s += ns1.ASN1Util.getPEMStringFromHex(asn1Hex1, "EC PARAMETERS");
-1592 	s += ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "EC PRIVATE KEY");
-1593 	return s;
+1590 		var s = "";
+1591 		s += ns1.ASN1Util.getPEMStringFromHex(asn1Hex1, "EC PARAMETERS");
+1592 		s += ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "EC PRIVATE KEY");
+1593 		return s;
 1594     }
 1595 
 1596     // x. PEM PKCS#1 plain private key of DSA private key object
 1597     if (formatType == "PKCS1PRV" &&
-1598 	typeof KJUR.crypto.DSA != "undefined" &&
-1599 	keyObjOrHex instanceof KJUR.crypto.DSA &&
-1600 	(passwd === undefined || passwd == null) &&
-1601 	keyObjOrHex.isPrivate  == true) {
+1598 		typeof KJUR.crypto.DSA != "undefined" &&
+1599 		keyObjOrHex instanceof KJUR.crypto.DSA &&
+1600 		(passwd === undefined || passwd == null) &&
+1601 		keyObjOrHex.isPrivate  == true) {
 1602 
-1603 	var asn1Obj = _dsaprv2asn1obj(keyObjOrHex);
+1603 		var asn1Obj = _dsaprv2asn1obj(keyObjOrHex);
 1604         var asn1Hex = asn1Obj.getEncodedHex();
-1605 	return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "DSA PRIVATE KEY");
+1605 		return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "DSA PRIVATE KEY");
 1606     }
 1607 
 1608     // 3. private
 1609 
 1610     // x. PEM PKCS#5 encrypted private key of RSA private key object
 1611     if (formatType == "PKCS5PRV" &&
-1612 	typeof RSAKey != "undefined" &&
-1613 	keyObjOrHex instanceof RSAKey &&
-1614 	(passwd !== undefined && passwd != null) &&
-1615 	keyObjOrHex.isPrivate  == true) {
+1612 		typeof RSAKey != "undefined" &&
+1613 		keyObjOrHex instanceof RSAKey &&
+1614 		(passwd !== undefined && passwd != null) &&
+1615 		keyObjOrHex.isPrivate  == true) {
 1616 
-1617 	var asn1Obj = _rsaprv2asn1obj(keyObjOrHex);
+1617 		var asn1Obj = _rsaprv2asn1obj(keyObjOrHex);
 1618         var asn1Hex = asn1Obj.getEncodedHex();
 1619 
-1620 	if (encAlg === undefined) encAlg = "DES-EDE3-CBC";
-1621 	return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA", asn1Hex, passwd, encAlg);
+1620 		if (encAlg === undefined) encAlg = "DES-EDE3-CBC";
+1621 		return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA", asn1Hex, passwd, encAlg);
 1622     }
 1623 
 1624     // x. PEM PKCS#5 encrypted private key of ECDSA private key object
 1625     if (formatType == "PKCS5PRV" &&
-1626 	typeof KJUR.crypto.ECDSA != "undefined" &&
-1627 	keyObjOrHex instanceof KJUR.crypto.ECDSA &&
-1628 	(passwd !== undefined && passwd != null) &&
-1629 	keyObjOrHex.isPrivate  == true) {
+1626 		typeof KJUR.crypto.ECDSA != "undefined" &&
+1627 		keyObjOrHex instanceof KJUR.crypto.ECDSA &&
+1628 		(passwd !== undefined && passwd != null) &&
+1629 		keyObjOrHex.isPrivate  == true) {
 1630 
-1631 	var asn1Obj = _ecdsaprv2asn1obj(keyObjOrHex);
+1631 		var asn1Obj = _ecdsaprv2asn1obj(keyObjOrHex);
 1632         var asn1Hex = asn1Obj.getEncodedHex();
 1633 
-1634 	if (encAlg === undefined) encAlg = "DES-EDE3-CBC";
-1635 	return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC", asn1Hex, passwd, encAlg);
+1634 		if (encAlg === undefined) encAlg = "DES-EDE3-CBC";
+1635 		return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC", asn1Hex, passwd, encAlg);
 1636     }
 1637 
 1638     // x. PEM PKCS#5 encrypted private key of DSA private key object
 1639     if (formatType == "PKCS5PRV" &&
-1640 	typeof KJUR.crypto.DSA != "undefined" &&
-1641 	keyObjOrHex instanceof KJUR.crypto.DSA &&
-1642 	(passwd !== undefined && passwd != null) &&
-1643 	keyObjOrHex.isPrivate  == true) {
+1640 		typeof KJUR.crypto.DSA != "undefined" &&
+1641 		keyObjOrHex instanceof KJUR.crypto.DSA &&
+1642 		(passwd !== undefined && passwd != null) &&
+1643 		keyObjOrHex.isPrivate  == true) {
 1644 
-1645 	var asn1Obj = _dsaprv2asn1obj(keyObjOrHex);
+1645 		var asn1Obj = _dsaprv2asn1obj(keyObjOrHex);
 1646         var asn1Hex = asn1Obj.getEncodedHex();
 1647 
-1648 	if (encAlg === undefined) encAlg = "DES-EDE3-CBC";
-1649 	return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA", asn1Hex, passwd, encAlg);
+1648 		if (encAlg === undefined) encAlg = "DES-EDE3-CBC";
+1649 		return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA", asn1Hex, passwd, encAlg);
 1650     }
 1651 
 1652     // x. ======================================================================
 1653 
 1654     var _getEncryptedPKCS8 = function(plainKeyHex, passcode) {
-1655 	var info = _getEencryptedPKCS8Info(plainKeyHex, passcode);
-1656 	//alert("iv=" + info.encryptionSchemeIV);
-1657 	//alert("info.ciphertext2[" + info.ciphertext.length + "=" + info.ciphertext);
-1658 	var asn1Obj = new KJUR.asn1.ASN1Util.newObject({
-1659 		"seq": [
-1660      	            {"seq": [
+1655 		var info = _getEencryptedPKCS8Info(plainKeyHex, passcode);
+1656 		//alert("iv=" + info.encryptionSchemeIV);
+1657 		//alert("info.ciphertext2[" + info.ciphertext.length + "=" + info.ciphertext);
+1658 		var asn1Obj = new KJUR.asn1.ASN1Util.newObject({
+1659 			"seq": [
+1660      	        {"seq": [
 1661 	                {"oid": {"name": "pkcs5PBES2"}},
 1662 	                {"seq": [
 1663 	                    {"seq": [
@@ -1672,80 +1672,80 @@
 1665 	                        {"seq": [
 1666 	                            {"octstr": {"hex": info.pbkdf2Salt}},
 1667 	                            {"int": info.pbkdf2Iter}
-1668 					 ]}
-1669 				     ]},
+1668 							]}
+1669 						]},
 1670 	                    {"seq": [
 1671 	                        {"oid": {"name": "des-EDE3-CBC"}},
 1672 	                        {"octstr": {"hex": info.encryptionSchemeIV}}
-1673 				     ]}
-1674 				 ]}
-1675 			     ]},
+1673 						]}
+1674 					]}
+1675 			    ]},
 1676 	            {"octstr": {"hex": info.ciphertext}}
 1677 			]
 1678 	    });
-1679 	return asn1Obj.getEncodedHex();
+1679 		return asn1Obj.getEncodedHex();
 1680     };
 1681 
 1682     var _getEencryptedPKCS8Info = function(plainKeyHex, passcode) {
-1683 	var pbkdf2Iter = 100;
-1684 	var pbkdf2SaltWS = CryptoJS.lib.WordArray.random(8);
-1685 	var encryptionSchemeAlg = "DES-EDE3-CBC";
-1686 	var encryptionSchemeIVWS = CryptoJS.lib.WordArray.random(8);
-1687 	// PBKDF2 key
-1688 	var pbkdf2KeyWS = CryptoJS.PBKDF2(passcode, 
-1689 					  pbkdf2SaltWS, { "keySize": 192/32,
-1690 							  "iterations": pbkdf2Iter });
-1691 	// ENCRYPT
-1692 	var plainKeyWS = CryptoJS.enc.Hex.parse(plainKeyHex);
-1693 	var encryptedKeyHex = 
-1694 	    CryptoJS.TripleDES.encrypt(plainKeyWS, pbkdf2KeyWS, { "iv": encryptionSchemeIVWS }) + "";
+1683 		var pbkdf2Iter = 100;
+1684 		var pbkdf2SaltWS = CryptoJS.lib.WordArray.random(8);
+1685 		var encryptionSchemeAlg = "DES-EDE3-CBC";
+1686 		var encryptionSchemeIVWS = CryptoJS.lib.WordArray.random(8);
+1687 		// PBKDF2 key
+1688 		var pbkdf2KeyWS = CryptoJS.PBKDF2(passcode, 
+1689 										  pbkdf2SaltWS, { "keySize": 192/32,
+1690 														  "iterations": pbkdf2Iter });
+1691 		// ENCRYPT
+1692 		var plainKeyWS = CryptoJS.enc.Hex.parse(plainKeyHex);
+1693 		var encryptedKeyHex = 
+1694 			CryptoJS.TripleDES.encrypt(plainKeyWS, pbkdf2KeyWS, { "iv": encryptionSchemeIVWS }) + "";
 1695 
-1696 	//alert("encryptedKeyHex=" + encryptedKeyHex);
+1696 		//alert("encryptedKeyHex=" + encryptedKeyHex);
 1697 
-1698 	var info = {};
-1699 	info.ciphertext = encryptedKeyHex;
-1700 	//alert("info.ciphertext=" + info.ciphertext);
-1701 	info.pbkdf2Salt = CryptoJS.enc.Hex.stringify(pbkdf2SaltWS);
-1702 	info.pbkdf2Iter = pbkdf2Iter;
-1703 	info.encryptionSchemeAlg = encryptionSchemeAlg;
-1704 	info.encryptionSchemeIV = CryptoJS.enc.Hex.stringify(encryptionSchemeIVWS);
-1705 	return info;
+1698 		var info = {};
+1699 		info.ciphertext = encryptedKeyHex;
+1700 		//alert("info.ciphertext=" + info.ciphertext);
+1701 		info.pbkdf2Salt = CryptoJS.enc.Hex.stringify(pbkdf2SaltWS);
+1702 		info.pbkdf2Iter = pbkdf2Iter;
+1703 		info.encryptionSchemeAlg = encryptionSchemeAlg;
+1704 		info.encryptionSchemeIV = CryptoJS.enc.Hex.stringify(encryptionSchemeIVWS);
+1705 		return info;
 1706     };
 1707 
 1708     // x. PEM PKCS#8 plain private key of RSA private key object
 1709     if (formatType == "PKCS8PRV" &&
-1710 	typeof RSAKey != "undefined" &&
-1711 	keyObjOrHex instanceof RSAKey &&
-1712 	keyObjOrHex.isPrivate  == true) {
+1710 		typeof RSAKey != "undefined" &&
+1711 		keyObjOrHex instanceof RSAKey &&
+1712 		keyObjOrHex.isPrivate  == true) {
 1713 
-1714 	var keyObj = _rsaprv2asn1obj(keyObjOrHex);
+1714 		var keyObj = _rsaprv2asn1obj(keyObjOrHex);
 1715         var keyHex = keyObj.getEncodedHex();
 1716 
-1717 	var asn1Obj = KJUR.asn1.ASN1Util.newObject({
-1718 		"seq": [
-1719 	             {"int": 0},
-1720 	             {"seq": [{"oid": {"name": "rsaEncryption"}},{"null": true}]},
-1721 		     {"octstr": {"hex": keyHex}}
+1717 		var asn1Obj = KJUR.asn1.ASN1Util.newObject({
+1718 			"seq": [
+1719 	            {"int": 0},
+1720 	            {"seq": [{"oid": {"name": "rsaEncryption"}},{"null": true}]},
+1721 				{"octstr": {"hex": keyHex}}
 1722 			]
 1723 	    });
-1724 	var asn1Hex = asn1Obj.getEncodedHex();
+1724 		var asn1Hex = asn1Obj.getEncodedHex();
 1725 
-1726 	if (passwd === undefined || passwd == null) {
-1727 	    return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY");
-1728 	} else {
-1729 	    var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd);
-1730 	    return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY");
-1731 	}
+1726 		if (passwd === undefined || passwd == null) {
+1727 			return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY");
+1728 		} else {
+1729 			var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd);
+1730 			return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY");
+1731 		}
 1732     }
 1733 
 1734     // x. PEM PKCS#8 plain private key of ECDSA private key object
 1735     if (formatType == "PKCS8PRV" &&
-1736 	typeof KJUR.crypto.ECDSA != "undefined" &&
-1737 	keyObjOrHex instanceof KJUR.crypto.ECDSA &&
-1738 	keyObjOrHex.isPrivate  == true) {
+1736 		typeof KJUR.crypto.ECDSA != "undefined" &&
+1737 		keyObjOrHex instanceof KJUR.crypto.ECDSA &&
+1738 		keyObjOrHex.isPrivate  == true) {
 1739 
-1740 	var keyObj = new KJUR.asn1.ASN1Util.newObject({
-1741 		"seq": [
+1740 		var keyObj = new KJUR.asn1.ASN1Util.newObject({
+1741 			"seq": [
 1742 	            {"int": 1},
 1743 	            {"octstr": {"hex": keyObjOrHex.prvKeyHex}},
 1744 	            {"tag": ['a1', true, {"bitstr": {"hex": "00" + keyObjOrHex.pubKeyHex}}]}
@@ -1753,60 +1753,132 @@
 1746 	    });
 1747         var keyHex = keyObj.getEncodedHex();
 1748 
-1749 	var asn1Obj = KJUR.asn1.ASN1Util.newObject({
-1750 		"seq": [
-1751 	             {"int": 0},
-1752 	             {"seq": [
+1749 		var asn1Obj = KJUR.asn1.ASN1Util.newObject({
+1750 			"seq": [
+1751 	            {"int": 0},
+1752 	            {"seq": [
 1753 	                {"oid": {"name": "ecPublicKey"}},
 1754 	                {"oid": {"name": keyObjOrHex.curveName}}
-1755 			      ]},
-1756 	             {"octstr": {"hex": keyHex}}
+1755 			    ]},
+1756 	            {"octstr": {"hex": keyHex}}
 1757 			]
 1758 	    });
 1759 
-1760 	var asn1Hex = asn1Obj.getEncodedHex();
-1761 	if (passwd === undefined || passwd == null) {
-1762 	    return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY");
-1763 	} else {
-1764 	    var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd);
-1765 	    return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY");
-1766 	}
+1760 		var asn1Hex = asn1Obj.getEncodedHex();
+1761 		if (passwd === undefined || passwd == null) {
+1762 			return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY");
+1763 		} else {
+1764 			var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd);
+1765 			return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY");
+1766 		}
 1767     }
 1768 
 1769     // x. PEM PKCS#8 plain private key of DSA private key object
 1770     if (formatType == "PKCS8PRV" &&
-1771 	typeof KJUR.crypto.DSA != "undefined" &&
-1772 	keyObjOrHex instanceof KJUR.crypto.DSA &&
-1773 	keyObjOrHex.isPrivate  == true) {
+1771 		typeof KJUR.crypto.DSA != "undefined" &&
+1772 		keyObjOrHex instanceof KJUR.crypto.DSA &&
+1773 		keyObjOrHex.isPrivate  == true) {
 1774 
-1775 	var keyObj = new KJUR.asn1.DERInteger({'bigint': keyObjOrHex.x});
+1775 		var keyObj = new KJUR.asn1.DERInteger({'bigint': keyObjOrHex.x});
 1776         var keyHex = keyObj.getEncodedHex();
 1777 
-1778 	var asn1Obj = KJUR.asn1.ASN1Util.newObject({
-1779 		"seq": [
-1780 	             {"int": 0},
-1781 	             {"seq": [
+1778 		var asn1Obj = KJUR.asn1.ASN1Util.newObject({
+1779 			"seq": [
+1780 	            {"int": 0},
+1781 	            {"seq": [
 1782 	                {"oid": {"name": "dsa"}},
 1783 	                {"seq": [
 1784 	                    {"int": {"bigint": keyObjOrHex.p}},
 1785 	                    {"int": {"bigint": keyObjOrHex.q}},
 1786 	                    {"int": {"bigint": keyObjOrHex.g}}
-1787 				 ]}
-1788 			      ]},
-1789 	             {"octstr": {"hex": keyHex}}
+1787 					]}
+1788 			    ]},
+1789 	            {"octstr": {"hex": keyHex}}
 1790 			]
 1791 	    });
 1792 
-1793 	var asn1Hex = asn1Obj.getEncodedHex();
-1794 	if (passwd === undefined || passwd == null) {
-1795 	    return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY");
-1796 	} else {
-1797 	    var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd);
-1798 	    return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY");
-1799 	}
+1793 		var asn1Hex = asn1Obj.getEncodedHex();
+1794 		if (passwd === undefined || passwd == null) {
+1795 			return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY");
+1796 		} else {
+1797 			var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd);
+1798 			return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY");
+1799 		}
 1800     }
 1801 
 1802     throw "unsupported object nor format";
 1803 };
 1804 
-1805 
    
\ No newline at end of file
+1805     // -- PUBLIC METHODS FOR CSR -------------------------------------------------------
+1806 
+1807 /**
+1808  * get RSAKey/DSA/ECDSA public key object from PEM formatted PKCS#10 CSR string
+1809  * @name getKeyFromCSRPEM
+1810  * @memberOf KEYUTIL
+1811  * @function
+1812  * @param {String} csrPEM PEM formatted PKCS#10 CSR string
+1813  * @return {Object} RSAKey/DSA/ECDSA public key object
+1814  * @since keyutil 1.0.5
+1815  */
+1816 KEYUTIL.getKeyFromCSRPEM = function(csrPEM) {
+1817 	var csrHex = KEYUTIL.getHexFromPEM(csrPEM, "CERTIFICATE REQUEST");
+1818 	var key = KEYUTIL.getKeyFromCSRHex(csrHex);
+1819 	return key;
+1820 };
+1821 
+1822 /**
+1823  * get RSAKey/DSA/ECDSA public key object from hexadecimal string of PKCS#10 CSR
+1824  * @name getKeyFromCSRHex
+1825  * @memberOf KEYUTIL
+1826  * @function
+1827  * @param {String} csrHex hexadecimal string of PKCS#10 CSR
+1828  * @return {Object} RSAKey/DSA/ECDSA public key object
+1829  * @since keyutil 1.0.5
+1830  */
+1831 KEYUTIL.getKeyFromCSRHex = function(csrHex) {
+1832 	var info = KEYUTIL.parseCSRHex(csrHex);
+1833 	var key = KEYUTIL.getKey(info.p8pubkeyhex, null, "pkcs8pub");
+1834 	return key;
+1835 };
+1836 
+1837 /**
+1838  * parse hexadecimal string of PKCS#10 CSR (certificate signing request)
+1839  * @name parseCSRHex
+1840  * @memberOf KEYUTIL
+1841  * @function
+1842  * @param {String} csrHex hexadecimal string of PKCS#10 CSR
+1843  * @return {Array} associative array of parsed CSR
+1844  * @since keyutil 1.0.5
+1845  * @description
+1846  * Resulted associative array has following properties:
+1847  * <ul>
+1848  * <li>p8pubkeyhex - hexadecimal string of subject public key in PKCS#8</li>
+1849  * </ul>
+1850  */
+1851 KEYUTIL.parseCSRHex = function(csrHex) {
+1852     var result = {};
+1853     var h = csrHex;
+1854 
+1855     // 1. sequence
+1856     if (h.substr(0, 2) != "30")
+1857         throw "malformed CSR(code:001)"; // not sequence
+1858 
+1859     var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(h, 0);
+1860     if (a1.length < 1)
+1861         throw "malformed CSR(code:002)"; // short length
+1862 
+1863     // 2. 2nd sequence
+1864     if (h.substr(a1[0], 2) != "30")
+1865         throw "malformed CSR(code:003)"; // not sequence
+1866 
+1867     var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(h, a1[0]);
+1868     if (a2.length < 3)
+1869         throw "malformed CSR(code:004)"; // 2nd seq short elem
+1870 
+1871     result.p8pubkeyhex = ASN1HEX.getHexOfTLV_AtObj(h, a2[2]);
+1872 
+1873     return result;
+1874 };
+1875 
+1876 
+1877
    \ No newline at end of file diff --git a/api/symbols/src/pkcs5pkey-1.0.js.html b/api/symbols/src/pkcs5pkey-1.0.js.html index a6aa904a..041a86c0 100755 --- a/api/symbols/src/pkcs5pkey-1.0.js.html +++ b/api/symbols/src/pkcs5pkey-1.0.js.html @@ -5,12 +5,12 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
      1 /*! pkcs5pkey-1.0.5.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
      1 /*! pkcs5pkey-1.0.6.js (c) 2013-2014 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * pkcs5pkey.js - reading passcode protected PKCS#5 PEM formatted RSA private key
   5  *
-  6  * Copyright (c) 2013 Kenji Urushima (kenji.urushima@gmail.com)
+  6  * Copyright (c) 2013-2014 Kenji Urushima (kenji.urushima@gmail.com)
   7  *
   8  * This software is licensed under the terms of the MIT License.
   9  * http://kjur.github.com/jsrsasign/license
@@ -22,7 +22,7 @@
  15  * @fileOverview
  16  * @name pkcs5pkey-1.0.js
  17  * @author Kenji Urushima kenji.urushima@gmail.com
- 18  * @version pkcs5pkey 1.0.5 (2013-Aug-20)
+ 18  * @version pkcs5pkey 1.0.6 (2014-Apr-16)
  19  * @since jsrsasign 2.0.0
  20  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
  21  */
@@ -95,123 +95,123 @@
  88     // *****************************************************************
  89     // shared key decryption ------------------------------------------
  90     var decryptAES = function(dataHex, keyHex, ivHex) {
- 91 	return decryptGeneral(CryptoJS.AES, dataHex, keyHex, ivHex);
+ 91         return decryptGeneral(CryptoJS.AES, dataHex, keyHex, ivHex);
  92     };
  93 
  94     var decrypt3DES = function(dataHex, keyHex, ivHex) {
- 95 	return decryptGeneral(CryptoJS.TripleDES, dataHex, keyHex, ivHex);
+ 95         return decryptGeneral(CryptoJS.TripleDES, dataHex, keyHex, ivHex);
  96     };
  97 
  98     var decryptGeneral = function(f, dataHex, keyHex, ivHex) {
- 99 	var data = CryptoJS.enc.Hex.parse(dataHex);
-100 	var key = CryptoJS.enc.Hex.parse(keyHex);
-101 	var iv = CryptoJS.enc.Hex.parse(ivHex);
-102 	var encrypted = {};
-103 	encrypted.key = key;
-104 	encrypted.iv = iv;
-105 	encrypted.ciphertext = data;
-106 	var decrypted = f.decrypt(encrypted, key, { iv: iv });
-107 	return CryptoJS.enc.Hex.stringify(decrypted);
+ 99     var data = CryptoJS.enc.Hex.parse(dataHex);
+100     var key = CryptoJS.enc.Hex.parse(keyHex);
+101     var iv = CryptoJS.enc.Hex.parse(ivHex);
+102     var encrypted = {};
+103     encrypted.key = key;
+104     encrypted.iv = iv;
+105     encrypted.ciphertext = data;
+106     var decrypted = f.decrypt(encrypted, key, { iv: iv });
+107     return CryptoJS.enc.Hex.stringify(decrypted);
 108     };
 109 
 110     // shared key decryption ------------------------------------------
 111     var encryptAES = function(dataHex, keyHex, ivHex) {
-112 	return encryptGeneral(CryptoJS.AES, dataHex, keyHex, ivHex);
+112         return encryptGeneral(CryptoJS.AES, dataHex, keyHex, ivHex);
 113     };
 114 
 115     var encrypt3DES = function(dataHex, keyHex, ivHex) {
-116 	return encryptGeneral(CryptoJS.TripleDES, dataHex, keyHex, ivHex);
+116         return encryptGeneral(CryptoJS.TripleDES, dataHex, keyHex, ivHex);
 117     };
 118 
 119     var encryptGeneral = function(f, dataHex, keyHex, ivHex) {
-120 	var data = CryptoJS.enc.Hex.parse(dataHex);
-121 	var key = CryptoJS.enc.Hex.parse(keyHex);
-122 	var iv = CryptoJS.enc.Hex.parse(ivHex);
-123 	var msg = {};
-124 	var encryptedHex = f.encrypt(data, key, { iv: iv });
+120     var data = CryptoJS.enc.Hex.parse(dataHex);
+121     var key = CryptoJS.enc.Hex.parse(keyHex);
+122     var iv = CryptoJS.enc.Hex.parse(ivHex);
+123     var msg = {};
+124     var encryptedHex = f.encrypt(data, key, { iv: iv });
 125         var encryptedWA = CryptoJS.enc.Hex.parse(encryptedHex.toString());
 126         var encryptedB64 = CryptoJS.enc.Base64.stringify(encryptedWA);
-127 	return encryptedB64;
+127         return encryptedB64;
 128     };
 129 
 130     // other methods and properties ----------------------------------------
 131     var ALGLIST = {
-132 	'AES-256-CBC': { 'proc': decryptAES, 'eproc': encryptAES, keylen: 32, ivlen: 16 },
-133 	'AES-192-CBC': { 'proc': decryptAES, 'eproc': encryptAES, keylen: 24, ivlen: 16 },
-134 	'AES-128-CBC': { 'proc': decryptAES, 'eproc': encryptAES, keylen: 16, ivlen: 16 },
-135 	'DES-EDE3-CBC': { 'proc': decrypt3DES, 'eproc': encrypt3DES, keylen: 24, ivlen: 8 }
+132     'AES-256-CBC': { 'proc': decryptAES, 'eproc': encryptAES, keylen: 32, ivlen: 16 },
+133     'AES-192-CBC': { 'proc': decryptAES, 'eproc': encryptAES, keylen: 24, ivlen: 16 },
+134     'AES-128-CBC': { 'proc': decryptAES, 'eproc': encryptAES, keylen: 16, ivlen: 16 },
+135     'DES-EDE3-CBC': { 'proc': decrypt3DES, 'eproc': encrypt3DES, keylen: 24, ivlen: 8 }
 136     };
 137 
 138     var getFuncByName = function(algName) {
-139 	return ALGLIST[algName]['proc'];
+139         return ALGLIST[algName]['proc'];
 140     };
 141 
 142     var _generateIvSaltHex = function(numBytes) {
-143 	var wa = CryptoJS.lib.WordArray.random(numBytes);
-144 	var hex = CryptoJS.enc.Hex.stringify(wa);
-145 	return hex;
+143         var wa = CryptoJS.lib.WordArray.random(numBytes);
+144         var hex = CryptoJS.enc.Hex.stringify(wa);
+145         return hex;
 146     };
 147 
 148     var _parsePKCS5PEM = function(sPKCS5PEM) {
-149 	var info = {};
-150 	if (sPKCS5PEM.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)", "m"))) {
-151 	    info.cipher = RegExp.$1;
-152 	    info.ivsalt = RegExp.$2;
-153 	}
-154 	if (sPKCS5PEM.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"))) {
-155 	    info.type = RegExp.$1;
-156 	}
-157 	var i1 = -1;
-158 	var lenNEWLINE = 0;
-159 	if (sPKCS5PEM.indexOf("\r\n\r\n") != -1) {
-160 	    i1 = sPKCS5PEM.indexOf("\r\n\r\n");
-161 	    lenNEWLINE = 2;
-162 	}
-163 	if (sPKCS5PEM.indexOf("\n\n") != -1) {
-164 	    i1 = sPKCS5PEM.indexOf("\n\n");
-165 	    lenNEWLINE = 1;
-166 	}
-167 	var i2 = sPKCS5PEM.indexOf("-----END");
-168 	if (i1 != -1 && i2 != -1) {
-169 	    var s = sPKCS5PEM.substring(i1 + lenNEWLINE * 2, i2 - lenNEWLINE);
-170 	    s = s.replace(/\s+/g, '');
-171 	    info.data = s;
-172 	}
-173 	return info;
+149         var info = {};
+150         if (sPKCS5PEM.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)", "m"))) {
+151             info.cipher = RegExp.$1;
+152             info.ivsalt = RegExp.$2;
+153         }
+154         if (sPKCS5PEM.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"))) {
+155             info.type = RegExp.$1;
+156         }
+157         var i1 = -1;
+158         var lenNEWLINE = 0;
+159         if (sPKCS5PEM.indexOf("\r\n\r\n") != -1) {
+160             i1 = sPKCS5PEM.indexOf("\r\n\r\n");
+161             lenNEWLINE = 2;
+162         }
+163         if (sPKCS5PEM.indexOf("\n\n") != -1) {
+164             i1 = sPKCS5PEM.indexOf("\n\n");
+165             lenNEWLINE = 1;
+166         }
+167         var i2 = sPKCS5PEM.indexOf("-----END");
+168         if (i1 != -1 && i2 != -1) {
+169             var s = sPKCS5PEM.substring(i1 + lenNEWLINE * 2, i2 - lenNEWLINE);
+170             s = s.replace(/\s+/g, '');
+171             info.data = s;
+172         }
+173         return info;
 174     };
 175 
 176     var _getKeyAndUnusedIvByPasscodeAndIvsalt = function(algName, passcode, ivsaltHex) {
-177 	//alert("ivsaltHex(2) = " + ivsaltHex);
-178 	var saltHex = ivsaltHex.substring(0, 16);
-179 	//alert("salt = " + saltHex);
-180 	    
-181 	var salt = CryptoJS.enc.Hex.parse(saltHex);
-182 	var data = CryptoJS.enc.Utf8.parse(passcode);
-183 	//alert("salt = " + salt);
-184 	//alert("data = " + data);
+177         //alert("ivsaltHex(2) = " + ivsaltHex);
+178         var saltHex = ivsaltHex.substring(0, 16);
+179         //alert("salt = " + saltHex);
+180         
+181         var salt = CryptoJS.enc.Hex.parse(saltHex);
+182         var data = CryptoJS.enc.Utf8.parse(passcode);
+183         //alert("salt = " + salt);
+184         //alert("data = " + data);
 185 
-186 	var nRequiredBytes = ALGLIST[algName]['keylen'] + ALGLIST[algName]['ivlen'];
-187 	var hHexValueJoined = '';
-188 	var hLastValue = null;
-189 	//alert("nRequiredBytes = " + nRequiredBytes);
-190 	for (;;) {
-191 	    var h = CryptoJS.algo.MD5.create();
-192 	    if (hLastValue != null) {
-193 		h.update(hLastValue);
-194 	    }
-195 	    h.update(data);
-196 	    h.update(salt);
-197 	    hLastValue = h.finalize();
-198 	    hHexValueJoined = hHexValueJoined + CryptoJS.enc.Hex.stringify(hLastValue);
-199 	    //alert("joined = " + hHexValueJoined);
-200 	    if (hHexValueJoined.length >= nRequiredBytes * 2) {
-201 		break;
-202 	    }
-203 	}
-204 	var result = {};
-205 	result.keyhex = hHexValueJoined.substr(0, ALGLIST[algName]['keylen'] * 2);
-206 	result.ivhex = hHexValueJoined.substr(ALGLIST[algName]['keylen'] * 2, ALGLIST[algName]['ivlen'] * 2);
-207 	return result;
+186         var nRequiredBytes = ALGLIST[algName]['keylen'] + ALGLIST[algName]['ivlen'];
+187         var hHexValueJoined = '';
+188         var hLastValue = null;
+189         //alert("nRequiredBytes = " + nRequiredBytes);
+190         for (;;) {
+191             var h = CryptoJS.algo.MD5.create();
+192             if (hLastValue != null) {
+193                 h.update(hLastValue);
+194             }
+195             h.update(data);
+196             h.update(salt);
+197             hLastValue = h.finalize();
+198             hHexValueJoined = hHexValueJoined + CryptoJS.enc.Hex.stringify(hLastValue);
+199             //alert("joined = " + hHexValueJoined);
+200             if (hHexValueJoined.length >= nRequiredBytes * 2) {
+201                 break;
+202             }
+203         }
+204         var result = {};
+205         result.keyhex = hHexValueJoined.substr(0, ALGLIST[algName]['keylen'] * 2);
+206         result.ivhex = hHexValueJoined.substr(ALGLIST[algName]['keylen'] * 2, ALGLIST[algName]['ivlen'] * 2);
+207         return result;
 208     };
 209 
 210     /*
@@ -222,11 +222,11 @@
 215      * @param {String} hexadecimal string of decrypted private key
 216      */
 217     var _decryptKeyB64 = function(privateKeyB64, sharedKeyAlgName, sharedKeyHex, ivsaltHex) {
-218 	var privateKeyWA = CryptoJS.enc.Base64.parse(privateKeyB64);
-219 	var privateKeyHex = CryptoJS.enc.Hex.stringify(privateKeyWA);
-220 	var f = ALGLIST[sharedKeyAlgName]['proc'];
-221 	var decryptedKeyHex = f(privateKeyHex, sharedKeyHex, ivsaltHex);
-222 	return decryptedKeyHex;
+218         var privateKeyWA = CryptoJS.enc.Base64.parse(privateKeyB64);
+219         var privateKeyHex = CryptoJS.enc.Hex.stringify(privateKeyWA);
+220         var f = ALGLIST[sharedKeyAlgName]['proc'];
+221         var decryptedKeyHex = f(privateKeyHex, sharedKeyHex, ivsaltHex);
+222         return decryptedKeyHex;
 223     };
 224     
 225     /*
@@ -237,561 +237,561 @@
 230      * @param {String} base64 string of encrypted private key
 231      */
 232     var _encryptKeyHex = function(privateKeyHex, sharedKeyAlgName, sharedKeyHex, ivsaltHex) {
-233 	var f = ALGLIST[sharedKeyAlgName]['eproc'];
-234 	var encryptedKeyB64 = f(privateKeyHex, sharedKeyHex, ivsaltHex);
-235 	return encryptedKeyB64;
+233         var f = ALGLIST[sharedKeyAlgName]['eproc'];
+234         var encryptedKeyB64 = f(privateKeyHex, sharedKeyHex, ivsaltHex);
+235         return encryptedKeyB64;
 236     };
 237 
 238     // *****************************************************************
 239     // *** PUBLIC PROPERTIES AND METHODS *******************************
 240     // *****************************************************************
 241     return {
-242         // -- UTILITY METHODS ------------------------------------------------------------
-243 	/**
+242         // -- UTILITY METHODS ------------------------------------------
+243         /**
 244          * decrypt private key by shared key
-245 	 * @name version
-246 	 * @memberOf PKCS5PKEY
-247 	 * @property {String} version
-248 	 * @description version string of PKCS5PKEY class
-249 	 */
-250 	version: "1.0.5",
+245          * @name version
+246          * @memberOf PKCS5PKEY
+247          * @property {String} version
+248          * @description version string of PKCS5PKEY class
+249          */
+250         version: "1.0.5",
 251 
-252 	/**
+252         /**
 253          * get hexacedimal string of PEM format
-254 	 * @name getHexFromPEM
-255 	 * @memberOf PKCS5PKEY
-256 	 * @function
-257 	 * @param {String} sPEM PEM formatted string
-258 	 * @param {String} sHead PEM header string without BEGIN/END
-259 	 * @return {String} hexadecimal string data of PEM contents
-260 	 * @since pkcs5pkey 1.0.5
-261 	 */
+254          * @name getHexFromPEM
+255          * @memberOf PKCS5PKEY
+256          * @function
+257          * @param {String} sPEM PEM formatted string
+258          * @param {String} sHead PEM header string without BEGIN/END
+259          * @return {String} hexadecimal string data of PEM contents
+260          * @since pkcs5pkey 1.0.5
+261          */
 262         getHexFromPEM: function(sPEM, sHead) {
-263 	    var s = sPEM;
-264 	    if (s.indexOf("BEGIN " + sHead) == -1) {
-265 		throw "can't find PEM header: " + sHead;
-266 	    }
-267 	    s = s.replace("-----BEGIN " + sHead + "-----", "");
-268 	    s = s.replace("-----END " + sHead + "-----", "");
-269 	    var sB64 = s.replace(/\s+/g, '');
+263             var s = sPEM;
+264             if (s.indexOf("BEGIN " + sHead) == -1) {
+265                 throw "can't find PEM header: " + sHead;
+266             }
+267             s = s.replace("-----BEGIN " + sHead + "-----", "");
+268             s = s.replace("-----END " + sHead + "-----", "");
+269             var sB64 = s.replace(/\s+/g, '');
 270             var dataHex = b64tohex(sB64);
-271 	    return dataHex;
-272 	},
+271             return dataHex;
+272         },
 273 
-274 	/**
+274         /**
 275          * decrypt private key by shared key
-276 	 * @name getDecryptedKeyHexByKeyIV
-277 	 * @memberOf PKCS5PKEY
-278 	 * @function
-279 	 * @param {String} encryptedKeyHex hexadecimal string of encrypted private key
-280 	 * @param {String} algName name of symmetric key algorithm (ex. 'DES-EBE3-CBC')
-281 	 * @param {String} sharedKeyHex hexadecimal string of symmetric key
-282 	 * @param {String} ivHex hexadecimal string of initial vector(IV).
-283 	 * @return {String} hexadecimal string of decrypted privated key
-284 	 */
-285 	getDecryptedKeyHexByKeyIV: function(encryptedKeyHex, algName, sharedKeyHex, ivHex) {
-286 	    var f1 = getFuncByName(algName);
-287 	    return f1(encryptedKeyHex, sharedKeyHex, ivHex);
-288 	},
+276          * @name getDecryptedKeyHexByKeyIV
+277          * @memberOf PKCS5PKEY
+278          * @function
+279          * @param {String} encryptedKeyHex hexadecimal string of encrypted private key
+280          * @param {String} algName name of symmetric key algorithm (ex. 'DES-EBE3-CBC')
+281          * @param {String} sharedKeyHex hexadecimal string of symmetric key
+282          * @param {String} ivHex hexadecimal string of initial vector(IV).
+283          * @return {String} hexadecimal string of decrypted privated key
+284          */
+285         getDecryptedKeyHexByKeyIV: function(encryptedKeyHex, algName, sharedKeyHex, ivHex) {
+286             var f1 = getFuncByName(algName);
+287             return f1(encryptedKeyHex, sharedKeyHex, ivHex);
+288         },
 289 
-290 	/**
+290         /**
 291          * parse PEM formatted passcode protected PKCS#5 private key
-292 	 * @name parsePKCS5PEM
-293 	 * @memberOf PKCS5PKEY
-294 	 * @function
-295 	 * @param {String} sEncryptedPEM PEM formatted protected passcode protected PKCS#5 private key
-296 	 * @return {Hash} hash of key information
-297 	 * @description
+292          * @name parsePKCS5PEM
+293          * @memberOf PKCS5PKEY
+294          * @function
+295          * @param {String} sEncryptedPEM PEM formatted protected passcode protected PKCS#5 private key
+296          * @return {Hash} hash of key information
+297          * @description
 298          * Resulted hash has following attributes.
-299 	 * <ul>
-300 	 * <li>cipher - symmetric key algorithm name (ex. 'DES-EBE3-CBC', 'AES-256-CBC')</li>
-301 	 * <li>ivsalt - IV used for decrypt. Its heading 8 bytes will be used for passcode salt.</li>
-302 	 * <li>type - asymmetric key algorithm name of private key described in PEM header.</li>
-303 	 * <li>data - base64 encoded encrypted private key.</li>
-304 	 * </ul>
+299          * <ul>
+300          * <li>cipher - symmetric key algorithm name (ex. 'DES-EBE3-CBC', 'AES-256-CBC')</li>
+301          * <li>ivsalt - IV used for decrypt. Its heading 8 bytes will be used for passcode salt.</li>
+302          * <li>type - asymmetric key algorithm name of private key described in PEM header.</li>
+303          * <li>data - base64 encoded encrypted private key.</li>
+304          * </ul>
 305          *
-306 	 */
+306          */
 307         parsePKCS5PEM: function(sPKCS5PEM) {
-308 	    return _parsePKCS5PEM(sPKCS5PEM);
-309 	},
+308             return _parsePKCS5PEM(sPKCS5PEM);
+309         },
 310 
-311 	/**
+311         /**
 312          * the same function as OpenSSL EVP_BytsToKey to generate shared key and IV
-313 	 * @name getKeyAndUnusedIvByPasscodeAndIvsalt
-314 	 * @memberOf PKCS5PKEY
-315 	 * @function
-316 	 * @param {String} algName name of symmetric key algorithm (ex. 'DES-EBE3-CBC')
-317 	 * @param {String} passcode passcode to decrypt private key (ex. 'password')
-318 	 * @param {String} hexadecimal string of IV. heading 8 bytes will be used for passcode salt
-319 	 * @return {Hash} hash of key and unused IV (ex. {keyhex:2fe3..., ivhex:3fad..})
-320 	 */
-321 	getKeyAndUnusedIvByPasscodeAndIvsalt: function(algName, passcode, ivsaltHex) {
-322 	    return _getKeyAndUnusedIvByPasscodeAndIvsalt(algName, passcode, ivsaltHex);
-323 	},
+313          * @name getKeyAndUnusedIvByPasscodeAndIvsalt
+314          * @memberOf PKCS5PKEY
+315          * @function
+316          * @param {String} algName name of symmetric key algorithm (ex. 'DES-EBE3-CBC')
+317          * @param {String} passcode passcode to decrypt private key (ex. 'password')
+318          * @param {String} hexadecimal string of IV. heading 8 bytes will be used for passcode salt
+319          * @return {Hash} hash of key and unused IV (ex. {keyhex:2fe3..., ivhex:3fad..})
+320          */
+321         getKeyAndUnusedIvByPasscodeAndIvsalt: function(algName, passcode, ivsaltHex) {
+322             return _getKeyAndUnusedIvByPasscodeAndIvsalt(algName, passcode, ivsaltHex);
+323         },
 324 
 325         decryptKeyB64: function(privateKeyB64, sharedKeyAlgName, sharedKeyHex, ivsaltHex) {
-326 	    return _decryptKeyB64(privateKeyB64, sharedKeyAlgName, sharedKeyHex, ivsaltHex);
+326             return _decryptKeyB64(privateKeyB64, sharedKeyAlgName, sharedKeyHex, ivsaltHex);
 327         },
 328 
-329 	/**
+329         /**
 330          * decrypt PEM formatted protected PKCS#5 private key with passcode
-331 	 * @name getDecryptedKeyHex
-332 	 * @memberOf PKCS5PKEY
-333 	 * @function
-334 	 * @param {String} sEncryptedPEM PEM formatted protected passcode protected PKCS#5 private key
-335 	 * @param {String} passcode passcode to decrypt private key (ex. 'password')
-336 	 * @return {String} hexadecimal string of decrypted RSA priavte key
-337 	 */
-338 	getDecryptedKeyHex: function(sEncryptedPEM, passcode) {
-339 	    // 1. parse pem
-340 	    var info = _parsePKCS5PEM(sEncryptedPEM);
-341 	    var publicKeyAlgName = info.type;
-342 	    var sharedKeyAlgName = info.cipher;
-343 	    var ivsaltHex = info.ivsalt;
-344 	    var privateKeyB64 = info.data;
-345 	    //alert("ivsaltHex = " + ivsaltHex);
+331          * @name getDecryptedKeyHex
+332          * @memberOf PKCS5PKEY
+333          * @function
+334          * @param {String} sEncryptedPEM PEM formatted protected passcode protected PKCS#5 private key
+335          * @param {String} passcode passcode to decrypt private key (ex. 'password')
+336          * @return {String} hexadecimal string of decrypted RSA priavte key
+337          */
+338         getDecryptedKeyHex: function(sEncryptedPEM, passcode) {
+339             // 1. parse pem
+340             var info = _parsePKCS5PEM(sEncryptedPEM);
+341             var publicKeyAlgName = info.type;
+342             var sharedKeyAlgName = info.cipher;
+343             var ivsaltHex = info.ivsalt;
+344             var privateKeyB64 = info.data;
+345             //alert("ivsaltHex = " + ivsaltHex);
 346 
-347 	    // 2. generate shared key
-348 	    var sharedKeyInfo = _getKeyAndUnusedIvByPasscodeAndIvsalt(sharedKeyAlgName, passcode, ivsaltHex);
-349 	    var sharedKeyHex = sharedKeyInfo.keyhex;
-350 	    //alert("sharedKeyHex = " + sharedKeyHex);
+347             // 2. generate shared key
+348             var sharedKeyInfo = _getKeyAndUnusedIvByPasscodeAndIvsalt(sharedKeyAlgName, passcode, ivsaltHex);
+349             var sharedKeyHex = sharedKeyInfo.keyhex;
+350             //alert("sharedKeyHex = " + sharedKeyHex);
 351 
-352 	    // 3. decrypt private key
+352             // 3. decrypt private key
 353             var decryptedKey = _decryptKeyB64(privateKeyB64, sharedKeyAlgName, sharedKeyHex, ivsaltHex);
-354 	    return decryptedKey;
-355 	},
+354             return decryptedKey;
+355         },
 356 
-357 	/**
+357         /**
 358          * read PEM formatted encrypted PKCS#5 private key and returns RSAKey object
-359 	 * @name getRSAKeyFromEncryptedPKCS5PEM
-360 	 * @memberOf PKCS5PKEY
-361 	 * @function
-362 	 * @param {String} sEncryptedP5PEM PEM formatted encrypted PKCS#5 private key
-363 	 * @param {String} passcode passcode to decrypt private key
-364 	 * @return {RSAKey} loaded RSAKey object of RSA private key
+359          * @name getRSAKeyFromEncryptedPKCS5PEM
+360          * @memberOf PKCS5PKEY
+361          * @function
+362          * @param {String} sEncryptedP5PEM PEM formatted encrypted PKCS#5 private key
+363          * @param {String} passcode passcode to decrypt private key
+364          * @return {RSAKey} loaded RSAKey object of RSA private key
 365          * @since pkcs5pkey 1.0.2
-366 	 */
-367 	getRSAKeyFromEncryptedPKCS5PEM: function(sEncryptedP5PEM, passcode) {
-368 	    var hPKey = this.getDecryptedKeyHex(sEncryptedP5PEM, passcode);
-369 	    var rsaKey = new RSAKey();
-370 	    rsaKey.readPrivateKeyFromASN1HexString(hPKey);
-371 	    return rsaKey;
-372 	},
+366          */
+367         getRSAKeyFromEncryptedPKCS5PEM: function(sEncryptedP5PEM, passcode) {
+368             var hPKey = this.getDecryptedKeyHex(sEncryptedP5PEM, passcode);
+369             var rsaKey = new RSAKey();
+370             rsaKey.readPrivateKeyFromASN1HexString(hPKey);
+371             return rsaKey;
+372         },
 373 
-374 	/**
+374         /**
 375          * get PEM formatted encrypted PKCS#5 private key from hexadecimal string of plain private key
-376 	 * @name getEryptedPKCS5PEMFromPrvKeyHex
-377 	 * @memberOf PKCS5PKEY
-378 	 * @function
-379 	 * @param {String} hPrvKey hexadecimal string of plain private key
-380 	 * @param {String} passcode pass code to protect private key (ex. password)
-381 	 * @param {String} sharedKeyAlgName algorithm name to protect private key (ex. AES-256-CBC)
-382 	 * @param {String} ivsaltHex hexadecimal string of IV and salt
-383 	 * @return {String} string of PEM formatted encrypted PKCS#5 private key
+376          * @name getEryptedPKCS5PEMFromPrvKeyHex
+377          * @memberOf PKCS5PKEY
+378          * @function
+379          * @param {String} hPrvKey hexadecimal string of plain private key
+380          * @param {String} passcode pass code to protect private key (ex. password)
+381          * @param {String} sharedKeyAlgName algorithm name to protect private key (ex. AES-256-CBC)
+382          * @param {String} ivsaltHex hexadecimal string of IV and salt
+383          * @return {String} string of PEM formatted encrypted PKCS#5 private key
 384          * @since pkcs5pkey 1.0.2
-385 	 * @description
-386 	 * <br/>
-387 	 * generate PEM formatted encrypted PKCS#5 private key by hexadecimal string encoded
-388 	 * ASN.1 object of plain RSA private key.
-389 	 * Following arguments can be omitted.
-390 	 * <ul>
-391 	 * <li>alg - AES-256-CBC will be used if omitted.</li>
-392 	 * <li>ivsaltHex - automatically generate IV and salt which length depends on algorithm</li>
-393 	 * </ul>
-394 	 * @example
-395 	 * var pem = 
+385          * @description
+386          * <br/>
+387          * generate PEM formatted encrypted PKCS#5 private key by hexadecimal string encoded
+388          * ASN.1 object of plain RSA private key.
+389          * Following arguments can be omitted.
+390          * <ul>
+391          * <li>alg - AES-256-CBC will be used if omitted.</li>
+392          * <li>ivsaltHex - automatically generate IV and salt which length depends on algorithm</li>
+393          * </ul>
+394          * @example
+395          * var pem = 
 396          *   PKCS5PKEY.getEryptedPKCS5PEMFromPrvKeyHex(plainKeyHex, "password");
-397 	 * var pem2 = 
+397          * var pem2 = 
 398          *   PKCS5PKEY.getEryptedPKCS5PEMFromPrvKeyHex(plainKeyHex, "password", "AES-128-CBC");
-399 	 * var pem3 = 
+399          * var pem3 = 
 400          *   PKCS5PKEY.getEryptedPKCS5PEMFromPrvKeyHex(plainKeyHex, "password", "AES-128-CBC", "1f3d02...");
-401 	 */
-402 	getEryptedPKCS5PEMFromPrvKeyHex: function(hPrvKey, passcode, sharedKeyAlgName, ivsaltHex) {
-403 	    var sPEM = "";
+401          */
+402         getEryptedPKCS5PEMFromPrvKeyHex: function(hPrvKey, passcode, sharedKeyAlgName, ivsaltHex) {
+403             var sPEM = "";
 404 
-405 	    // 1. set sharedKeyAlgName if undefined (default AES-256-CBC)
-406 	    if (typeof sharedKeyAlgName == "undefined" || sharedKeyAlgName == null) {
-407 		sharedKeyAlgName = "AES-256-CBC";
-408 	    }
-409 	    if (typeof ALGLIST[sharedKeyAlgName] == "undefined")
-410 		throw "PKCS5PKEY unsupported algorithm: " + sharedKeyAlgName;
+405             // 1. set sharedKeyAlgName if undefined (default AES-256-CBC)
+406             if (typeof sharedKeyAlgName == "undefined" || sharedKeyAlgName == null) {
+407                 sharedKeyAlgName = "AES-256-CBC";
+408             }
+409             if (typeof ALGLIST[sharedKeyAlgName] == "undefined")
+410                 throw "PKCS5PKEY unsupported algorithm: " + sharedKeyAlgName;
 411 
-412 	    // 2. set ivsaltHex if undefined
-413 	    if (typeof ivsaltHex == "undefined" || ivsaltHex == null) {
-414 		var ivlen = ALGLIST[sharedKeyAlgName]['ivlen'];
-415 		var randIV = _generateIvSaltHex(ivlen);
-416 		ivsaltHex = randIV.toUpperCase();
-417 	    }
+412             // 2. set ivsaltHex if undefined
+413             if (typeof ivsaltHex == "undefined" || ivsaltHex == null) {
+414                 var ivlen = ALGLIST[sharedKeyAlgName]['ivlen'];
+415                 var randIV = _generateIvSaltHex(ivlen);
+416                 ivsaltHex = randIV.toUpperCase();
+417             }
 418 
-419 	    // 3. get shared key
+419             // 3. get shared key
 420             //alert("ivsalthex=" + ivsaltHex);
-421 	    var sharedKeyInfo = _getKeyAndUnusedIvByPasscodeAndIvsalt(sharedKeyAlgName, passcode, ivsaltHex);
-422 	    var sharedKeyHex = sharedKeyInfo.keyhex;
-423 	    // alert("sharedKeyHex = " + sharedKeyHex);
+421             var sharedKeyInfo = _getKeyAndUnusedIvByPasscodeAndIvsalt(sharedKeyAlgName, passcode, ivsaltHex);
+422             var sharedKeyHex = sharedKeyInfo.keyhex;
+423             // alert("sharedKeyHex = " + sharedKeyHex);
 424 
 425             // 3. get encrypted Key in Base64
 426             var encryptedKeyB64 = _encryptKeyHex(hPrvKey, sharedKeyAlgName, sharedKeyHex, ivsaltHex);
 427 
-428 	    var pemBody = encryptedKeyB64.replace(/(.{64})/g, "$1\r\n");
-429 	    var sPEM = "-----BEGIN RSA PRIVATE KEY-----\r\n";
-430 	    sPEM += "Proc-Type: 4,ENCRYPTED\r\n";
-431 	    sPEM += "DEK-Info: " + sharedKeyAlgName + "," + ivsaltHex + "\r\n";
-432 	    sPEM += "\r\n";
-433 	    sPEM += pemBody;
-434 	    sPEM += "\r\n-----END RSA PRIVATE KEY-----\r\n";
-435 
-436 	    return sPEM;
+428             var pemBody = encryptedKeyB64.replace(/(.{64})/g, "$1\r\n");
+429             var sPEM = "-----BEGIN RSA PRIVATE KEY-----\r\n";
+430             sPEM += "Proc-Type: 4,ENCRYPTED\r\n";
+431             sPEM += "DEK-Info: " + sharedKeyAlgName + "," + ivsaltHex + "\r\n";
+432             sPEM += "\r\n";
+433             sPEM += pemBody;
+434             sPEM += "\r\n-----END RSA PRIVATE KEY-----\r\n";
+435             
+436             return sPEM;
 437         },
 438 
-439 	/**
+439         /**
 440          * get PEM formatted encrypted PKCS#5 private key from RSAKey object of private key
-441 	 * @name getEryptedPKCS5PEMFromRSAKey
-442 	 * @memberOf PKCS5PKEY
-443 	 * @function
-444 	 * @param {RSAKey} pKey RSAKey object of private key
-445 	 * @param {String} passcode pass code to protect private key (ex. password)
-446 	 * @param {String} alg algorithm name to protect private key (default AES-256-CBC)
-447 	 * @param {String} ivsaltHex hexadecimal string of IV and salt (default generated random IV)
-448 	 * @return {String} string of PEM formatted encrypted PKCS#5 private key
+441          * @name getEryptedPKCS5PEMFromRSAKey
+442          * @memberOf PKCS5PKEY
+443          * @function
+444          * @param {RSAKey} pKey RSAKey object of private key
+445          * @param {String} passcode pass code to protect private key (ex. password)
+446          * @param {String} alg algorithm name to protect private key (default AES-256-CBC)
+447          * @param {String} ivsaltHex hexadecimal string of IV and salt (default generated random IV)
+448          * @return {String} string of PEM formatted encrypted PKCS#5 private key
 449          * @since pkcs5pkey 1.0.2
-450 	 * @description
-451 	 * <br/>
-452 	 * generate PEM formatted encrypted PKCS#5 private key by
-453 	 * {@link RSAKey} object of RSA private key and passcode.
-454 	 * Following argument can be omitted.
-455 	 * <ul>
-456 	 * <li>alg - AES-256-CBC will be used if omitted.</li>
-457 	 * <li>ivsaltHex - automatically generate IV and salt which length depends on algorithm</li>
-458 	 * </ul>
-459 	 * @example
-460 	 * var pkey = new RSAKey();
-461 	 * pkey.generate(1024, '10001'); // generate 1024bit RSA private key with public exponent 'x010001'
-462 	 * var pem = PKCS5PKEY.getEryptedPKCS5PEMFromRSAKey(pkey, "password");
-463 	 */
+450          * @description
+451          * <br/>
+452          * generate PEM formatted encrypted PKCS#5 private key by
+453          * {@link RSAKey} object of RSA private key and passcode.
+454          * Following argument can be omitted.
+455          * <ul>
+456          * <li>alg - AES-256-CBC will be used if omitted.</li>
+457          * <li>ivsaltHex - automatically generate IV and salt which length depends on algorithm</li>
+458          * </ul>
+459          * @example
+460          * var pkey = new RSAKey();
+461          * pkey.generate(1024, '10001'); // generate 1024bit RSA private key with public exponent 'x010001'
+462          * var pem = PKCS5PKEY.getEryptedPKCS5PEMFromRSAKey(pkey, "password");
+463          */
 464         getEryptedPKCS5PEMFromRSAKey: function(pKey, passcode, alg, ivsaltHex) {
-465 	    var version = new KJUR.asn1.DERInteger({'int': 0});
-466 	    var n = new KJUR.asn1.DERInteger({'bigint': pKey.n});
-467 	    var e = new KJUR.asn1.DERInteger({'int': pKey.e});
-468 	    var d = new KJUR.asn1.DERInteger({'bigint': pKey.d});
-469 	    var p = new KJUR.asn1.DERInteger({'bigint': pKey.p});
-470 	    var q = new KJUR.asn1.DERInteger({'bigint': pKey.q});
-471 	    var dmp1 = new KJUR.asn1.DERInteger({'bigint': pKey.dmp1});
-472 	    var dmq1 = new KJUR.asn1.DERInteger({'bigint': pKey.dmq1});
-473 	    var coeff = new KJUR.asn1.DERInteger({'bigint': pKey.coeff});
-474 	    var seq = new KJUR.asn1.DERSequence({'array': [version, n, e, d, p, q, dmp1, dmq1, coeff]});
-475 	    var hex = seq.getEncodedHex();
-476 	    return this.getEryptedPKCS5PEMFromPrvKeyHex(hex, passcode, alg, ivsaltHex);
+465             var version = new KJUR.asn1.DERInteger({'int': 0});
+466             var n = new KJUR.asn1.DERInteger({'bigint': pKey.n});
+467             var e = new KJUR.asn1.DERInteger({'int': pKey.e});
+468             var d = new KJUR.asn1.DERInteger({'bigint': pKey.d});
+469             var p = new KJUR.asn1.DERInteger({'bigint': pKey.p});
+470             var q = new KJUR.asn1.DERInteger({'bigint': pKey.q});
+471             var dmp1 = new KJUR.asn1.DERInteger({'bigint': pKey.dmp1});
+472             var dmq1 = new KJUR.asn1.DERInteger({'bigint': pKey.dmq1});
+473             var coeff = new KJUR.asn1.DERInteger({'bigint': pKey.coeff});
+474             var seq = new KJUR.asn1.DERSequence({'array': [version, n, e, d, p, q, dmp1, dmq1, coeff]});
+475             var hex = seq.getEncodedHex();
+476             return this.getEryptedPKCS5PEMFromPrvKeyHex(hex, passcode, alg, ivsaltHex);
 477         },
 478 
-479 	/**
+479         /**
 480          * generate RSAKey and PEM formatted encrypted PKCS#5 private key
-481 	 * @name newEncryptedPKCS5PEM
-482 	 * @memberOf PKCS5PKEY
-483 	 * @function
-484 	 * @param {String} passcode pass code to protect private key (ex. password)
-485 	 * @param {Integer} keyLen key bit length of RSA key to be generated. (default 1024)
-486 	 * @param {String} hPublicExponent hexadecimal string of public exponent (default 10001)
-487 	 * @param {String} alg shared key algorithm to encrypt private key (default AES-258-CBC)
-488 	 * @return {String} string of PEM formatted encrypted PKCS#5 private key
+481          * @name newEncryptedPKCS5PEM
+482          * @memberOf PKCS5PKEY
+483          * @function
+484          * @param {String} passcode pass code to protect private key (ex. password)
+485          * @param {Integer} keyLen key bit length of RSA key to be generated. (default 1024)
+486          * @param {String} hPublicExponent hexadecimal string of public exponent (default 10001)
+487          * @param {String} alg shared key algorithm to encrypt private key (default AES-258-CBC)
+488          * @return {String} string of PEM formatted encrypted PKCS#5 private key
 489          * @since pkcs5pkey 1.0.2
-490 	 * @example
-491 	 * var pem1 = PKCS5PKEY.newEncryptedPKCS5PEM("password");           // RSA1024bit/10001/AES-256-CBC
-492 	 * var pem2 = PKCS5PKEY.newEncryptedPKCS5PEM("password", 512);      // RSA 512bit/10001/AES-256-CBC
-493 	 * var pem3 = PKCS5PKEY.newEncryptedPKCS5PEM("password", 512, '3'); // RSA 512bit/    3/AES-256-CBC
-494 	 */
-495 	newEncryptedPKCS5PEM: function(passcode, keyLen, hPublicExponent, alg) {
-496 	    if (typeof keyLen == "undefined" || keyLen == null) {
-497 		keyLen = 1024;
-498 	    }
-499 	    if (typeof hPublicExponent == "undefined" || hPublicExponent == null) {
-500 		hPublicExponent = '10001';
-501 	    }
-502 	    var pKey = new RSAKey();
-503 	    pKey.generate(keyLen, hPublicExponent);
-504 	    var pem = null;
-505 	    if (typeof alg == "undefined" || alg == null) {
-506 		pem = this.getEncryptedPKCS5PEMFromRSAKey(pkey, passcode);
-507 	    } else {
-508 		pem = this.getEncryptedPKCS5PEMFromRSAKey(pkey, passcode, alg);
-509 	    }
-510 	    return pem;
+490          * @example
+491          * var pem1 = PKCS5PKEY.newEncryptedPKCS5PEM("password");           // RSA1024bit/10001/AES-256-CBC
+492          * var pem2 = PKCS5PKEY.newEncryptedPKCS5PEM("password", 512);      // RSA 512bit/10001/AES-256-CBC
+493          * var pem3 = PKCS5PKEY.newEncryptedPKCS5PEM("password", 512, '3'); // RSA 512bit/    3/AES-256-CBC
+494          */
+495         newEncryptedPKCS5PEM: function(passcode, keyLen, hPublicExponent, alg) {
+496             if (typeof keyLen == "undefined" || keyLen == null) {
+497                 keyLen = 1024;
+498             }
+499             if (typeof hPublicExponent == "undefined" || hPublicExponent == null) {
+500                 hPublicExponent = '10001';
+501             }
+502             var pKey = new RSAKey();
+503             pKey.generate(keyLen, hPublicExponent);
+504             var pem = null;
+505             if (typeof alg == "undefined" || alg == null) {
+506                 pem = this.getEncryptedPKCS5PEMFromRSAKey(pkey, passcode);
+507             } else {
+508                 pem = this.getEncryptedPKCS5PEMFromRSAKey(pkey, passcode, alg);
+509             }
+510             return pem;
 511         },
 512 
-513 	// === PKCS8 ===============================================================
+513         // === PKCS8 ===============================================================
 514 
-515 	/**
+515         /**
 516          * read PEM formatted unencrypted PKCS#8 private key and returns RSAKey object
-517 	 * @name getRSAKeyFromPlainPKCS8PEM
-518 	 * @memberOf PKCS5PKEY
-519 	 * @function
-520 	 * @param {String} pkcs8PEM PEM formatted unencrypted PKCS#8 private key
-521 	 * @return {RSAKey} loaded RSAKey object of RSA private key
+517          * @name getRSAKeyFromPlainPKCS8PEM
+518          * @memberOf PKCS5PKEY
+519          * @function
+520          * @param {String} pkcs8PEM PEM formatted unencrypted PKCS#8 private key
+521          * @return {RSAKey} loaded RSAKey object of RSA private key
 522          * @since pkcs5pkey 1.0.1
-523 	 */
+523          */
 524         getRSAKeyFromPlainPKCS8PEM: function(pkcs8PEM) {
 525             if (pkcs8PEM.match(/ENCRYPTED/))
 526                 throw "pem shall be not ENCRYPTED";
 527             var prvKeyHex = this.getHexFromPEM(pkcs8PEM, "PRIVATE KEY");
 528             var rsaKey = this.getRSAKeyFromPlainPKCS8Hex(prvKeyHex);
-529 	    return rsaKey;
+529             return rsaKey;
 530         },
 531 
-532 	/**
+532         /**
 533          * provide hexadecimal string of unencrypted PKCS#8 private key and returns RSAKey object
-534 	 * @name getRSAKeyFromPlainPKCS8Hex
-535 	 * @memberOf PKCS5PKEY
-536 	 * @function
-537 	 * @param {String} prvKeyHex hexadecimal string of unencrypted PKCS#8 private key
-538 	 * @return {RSAKey} loaded RSAKey object of RSA private key
+534          * @name getRSAKeyFromPlainPKCS8Hex
+535          * @memberOf PKCS5PKEY
+536          * @function
+537          * @param {String} prvKeyHex hexadecimal string of unencrypted PKCS#8 private key
+538          * @return {RSAKey} loaded RSAKey object of RSA private key
 539          * @since pkcs5pkey 1.0.3
-540 	 */
+540          */
 541         getRSAKeyFromPlainPKCS8Hex: function(prvKeyHex) {
-542 	    var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(prvKeyHex, 0);
-543 	    if (a1.length != 3)
-544 		throw "outer DERSequence shall have 3 elements: " + a1.length;
+542             var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(prvKeyHex, 0);
+543             if (a1.length != 3)
+544                 throw "outer DERSequence shall have 3 elements: " + a1.length;
 545             var algIdTLV =ASN1HEX.getHexOfTLV_AtObj(prvKeyHex, a1[1]);
-546 	    if (algIdTLV != "300d06092a864886f70d0101010500") // AlgId rsaEncryption
-547 		throw "PKCS8 AlgorithmIdentifier is not rsaEnc: " + algIdTLV;
+546             if (algIdTLV != "300d06092a864886f70d0101010500") // AlgId rsaEncryption
+547                 throw "PKCS8 AlgorithmIdentifier is not rsaEnc: " + algIdTLV;
 548             var algIdTLV = ASN1HEX.getHexOfTLV_AtObj(prvKeyHex, a1[1]);
-549 	    var octetStr = ASN1HEX.getHexOfTLV_AtObj(prvKeyHex, a1[2]);
-550 	    var p5KeyHex = ASN1HEX.getHexOfV_AtObj(octetStr, 0);
+549             var octetStr = ASN1HEX.getHexOfTLV_AtObj(prvKeyHex, a1[2]);
+550             var p5KeyHex = ASN1HEX.getHexOfV_AtObj(octetStr, 0);
 551             //alert(p5KeyHex);
-552 	    var rsaKey = new RSAKey();
-553 	    rsaKey.readPrivateKeyFromASN1HexString(p5KeyHex);
-554 	    return rsaKey;
+552             var rsaKey = new RSAKey();
+553             rsaKey.readPrivateKeyFromASN1HexString(p5KeyHex);
+554             return rsaKey;
 555         },
 556 
-557 	/**
+557         /**
 558          * generate PBKDF2 key hexstring with specified passcode and information
-559 	 * @name parseHexOfEncryptedPKCS8
-560 	 * @memberOf PKCS5PKEY
-561 	 * @function
-562 	 * @param {String} passcode passcode to decrypto private key
-563 	 * @return {Array} info associative array of PKCS#8 parameters
+559          * @name parseHexOfEncryptedPKCS8
+560          * @memberOf PKCS5PKEY
+561          * @function
+562          * @param {String} passcode passcode to decrypto private key
+563          * @return {Array} info associative array of PKCS#8 parameters
 564          * @since pkcs5pkey 1.0.3
-565 	 * @description
-566 	 * The associative array which is returned by this method has following properties:
-567 	 * <ul>
-568 	 * <li>info.pbkdf2Salt - hexadecimal string of PBKDF2 salt</li>
-569 	 * <li>info.pkbdf2Iter - iteration count</li>
-570 	 * <li>info.ciphertext - hexadecimal string of encrypted private key</li>
-571 	 * <li>info.encryptionSchemeAlg - encryption algorithm name (currently TripleDES only)</li>
-572 	 * <li>info.encryptionSchemeIV - initial vector for encryption algorithm</li>
-573 	 * </ul>
-574 	 * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
-575 	 * <ul>
-576 	 * <li>keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1</li>
-577 	 * <li>encryptionScheme = des-EDE3-CBC(i.e. TripleDES</li>
-578 	 * </ul>
-579 	 * @example
-580 	 * // to convert plain PKCS#5 private key to encrypted PKCS#8 private
-581 	 * // key with PBKDF2 with TripleDES
-582 	 * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem
-583 	 */
+565          * @description
+566          * The associative array which is returned by this method has following properties:
+567          * <ul>
+568          * <li>info.pbkdf2Salt - hexadecimal string of PBKDF2 salt</li>
+569          * <li>info.pkbdf2Iter - iteration count</li>
+570          * <li>info.ciphertext - hexadecimal string of encrypted private key</li>
+571          * <li>info.encryptionSchemeAlg - encryption algorithm name (currently TripleDES only)</li>
+572          * <li>info.encryptionSchemeIV - initial vector for encryption algorithm</li>
+573          * </ul>
+574          * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
+575          * <ul>
+576          * <li>keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1</li>
+577          * <li>encryptionScheme = des-EDE3-CBC(i.e. TripleDES</li>
+578          * </ul>
+579          * @example
+580          * // to convert plain PKCS#5 private key to encrypted PKCS#8 private
+581          * // key with PBKDF2 with TripleDES
+582          * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem
+583          */
 584         parseHexOfEncryptedPKCS8: function(sHEX) {
 585             var info = {};
-586 	    
-587 	    var a0 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, 0);
-588 	    if (a0.length != 2)
-589 		throw "malformed format: SEQUENCE(0).items != 2: " + a0.length;
+586         
+587             var a0 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, 0);
+588             if (a0.length != 2)
+589                 throw "malformed format: SEQUENCE(0).items != 2: " + a0.length;
 590 
-591 	    // 1. ciphertext
-592 	    info.ciphertext = ASN1HEX.getHexOfV_AtObj(sHEX, a0[1]);
+591             // 1. ciphertext
+592             info.ciphertext = ASN1HEX.getHexOfV_AtObj(sHEX, a0[1]);
 593 
-594 	    // 2. pkcs5PBES2
-595 	    var a0_0 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0[0]); 
-596 	    if (a0_0.length != 2)
-597 		throw "malformed format: SEQUENCE(0.0).items != 2: " + a0_0.length;
+594             // 2. pkcs5PBES2
+595             var a0_0 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0[0]); 
+596             if (a0_0.length != 2)
+597                 throw "malformed format: SEQUENCE(0.0).items != 2: " + a0_0.length;
 598 
-599 	    // 2.1 check if pkcs5PBES2(1 2 840 113549 1 5 13)
-600 	    if (ASN1HEX.getHexOfV_AtObj(sHEX, a0_0[0]) != "2a864886f70d01050d")
-601 		throw "this only supports pkcs5PBES2";
+599             // 2.1 check if pkcs5PBES2(1 2 840 113549 1 5 13)
+600             if (ASN1HEX.getHexOfV_AtObj(sHEX, a0_0[0]) != "2a864886f70d01050d")
+601                 throw "this only supports pkcs5PBES2";
 602 
-603 	    // 2.2 pkcs5PBES2 param
+603             // 2.2 pkcs5PBES2 param
 604             var a0_0_1 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0[1]); 
-605 	    if (a0_0.length != 2)
-606 		throw "malformed format: SEQUENCE(0.0.1).items != 2: " + a0_0_1.length;
+605             if (a0_0.length != 2)
+606                 throw "malformed format: SEQUENCE(0.0.1).items != 2: " + a0_0_1.length;
 607 
-608 	    // 2.2.1 encryptionScheme
-609 	    var a0_0_1_1 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0_1[1]); 
-610 	    if (a0_0_1_1.length != 2)
-611 		throw "malformed format: SEQUENCE(0.0.1.1).items != 2: " + a0_0_1_1.length;
-612 	    if (ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_1[0]) != "2a864886f70d0307")
-613 		throw "this only supports TripleDES";
-614 	    info.encryptionSchemeAlg = "TripleDES";
+608             // 2.2.1 encryptionScheme
+609             var a0_0_1_1 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0_1[1]); 
+610             if (a0_0_1_1.length != 2)
+611                 throw "malformed format: SEQUENCE(0.0.1.1).items != 2: " + a0_0_1_1.length;
+612             if (ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_1[0]) != "2a864886f70d0307")
+613                 throw "this only supports TripleDES";
+614             info.encryptionSchemeAlg = "TripleDES";
 615 
-616 	    // 2.2.1.1 IV of encryptionScheme
-617 	    info.encryptionSchemeIV = ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_1[1]);
+616             // 2.2.1.1 IV of encryptionScheme
+617             info.encryptionSchemeIV = ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_1[1]);
 618 
-619 	    // 2.2.2 keyDerivationFunc
-620 	    var a0_0_1_0 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0_1[0]); 
-621 	    if (a0_0_1_0.length != 2)
-622 		throw "malformed format: SEQUENCE(0.0.1.0).items != 2: " + a0_0_1_0.length;
-623 	    if (ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_0[0]) != "2a864886f70d01050c")
-624 		throw "this only supports pkcs5PBKDF2";
-625 
-626 	    // 2.2.2.1 pkcs5PBKDF2 param
-627 	    var a0_0_1_0_1 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0_1_0[1]); 
-628 	    if (a0_0_1_0_1.length < 2)
-629 		throw "malformed format: SEQUENCE(0.0.1.0.1).items < 2: " + a0_0_1_0_1.length;
+619             // 2.2.2 keyDerivationFunc
+620             var a0_0_1_0 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0_1[0]); 
+621             if (a0_0_1_0.length != 2)
+622                 throw "malformed format: SEQUENCE(0.0.1.0).items != 2: " + a0_0_1_0.length;
+623             if (ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_0[0]) != "2a864886f70d01050c")
+624                 throw "this only supports pkcs5PBKDF2";
+625             
+626             // 2.2.2.1 pkcs5PBKDF2 param
+627             var a0_0_1_0_1 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0_1_0[1]); 
+628             if (a0_0_1_0_1.length < 2)
+629                 throw "malformed format: SEQUENCE(0.0.1.0.1).items < 2: " + a0_0_1_0_1.length;
 630 
-631 	    // 2.2.2.1.1 PBKDF2 salt
-632 	    info.pbkdf2Salt = ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_0_1[0]);
+631             // 2.2.2.1.1 PBKDF2 salt
+632             info.pbkdf2Salt = ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_0_1[0]);
 633 
-634 	    // 2.2.2.1.2 PBKDF2 iter
-635 	    var iterNumHex = ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_0_1[1]);
-636 	    try {
-637 		info.pbkdf2Iter = parseInt(iterNumHex, 16);
-638 	    } catch(ex) {
-639 		throw "malformed format pbkdf2Iter: " + iterNumHex;
-640 	    }
+634             // 2.2.2.1.2 PBKDF2 iter
+635             var iterNumHex = ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_0_1[1]);
+636             try {
+637                 info.pbkdf2Iter = parseInt(iterNumHex, 16);
+638             } catch(ex) {
+639                 throw "malformed format pbkdf2Iter: " + iterNumHex;
+640             }
 641 
-642 	    return info;
-643 	},
+642             return info;
+643         },
 644 
-645 	/**
+645         /**
 646          * generate PBKDF2 key hexstring with specified passcode and information
-647 	 * @name getPBKDF2KeyHexFromParam
-648 	 * @memberOf PKCS5PKEY
-649 	 * @function
-650 	 * @param {Array} info result of {@link parseHexOfEncryptedPKCS8} which has preference of PKCS#8 file
-651 	 * @param {String} passcode passcode to decrypto private key
-652 	 * @return {String} hexadecimal string of PBKDF2 key
+647          * @name getPBKDF2KeyHexFromParam
+648          * @memberOf PKCS5PKEY
+649          * @function
+650          * @param {Array} info result of {@link parseHexOfEncryptedPKCS8} which has preference of PKCS#8 file
+651          * @param {String} passcode passcode to decrypto private key
+652          * @return {String} hexadecimal string of PBKDF2 key
 653          * @since pkcs5pkey 1.0.3
-654 	 * @description
-655 	 * As for info, this uses following properties:
-656 	 * <ul>
-657 	 * <li>info.pbkdf2Salt - hexadecimal string of PBKDF2 salt</li>
-658 	 * <li>info.pkbdf2Iter - iteration count</li>
-659 	 * </ul>
-660 	 * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
-661 	 * <ul>
-662 	 * <li>keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1</li>
-663 	 * <li>encryptionScheme = des-EDE3-CBC(i.e. TripleDES</li>
-664 	 * </ul>
-665 	 * @example
-666 	 * // to convert plain PKCS#5 private key to encrypted PKCS#8 private
-667 	 * // key with PBKDF2 with TripleDES
-668 	 * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem
-669 	 */
-670 	getPBKDF2KeyHexFromParam: function(info, passcode) {
-671 	    var pbkdf2SaltWS = CryptoJS.enc.Hex.parse(info.pbkdf2Salt);
-672 	    var pbkdf2Iter = info.pbkdf2Iter;
-673 	    var pbkdf2KeyWS = CryptoJS.PBKDF2(passcode, 
-674 					      pbkdf2SaltWS, 
-675 					      { keySize: 192/32, iterations: pbkdf2Iter });
-676 	    var pbkdf2KeyHex = CryptoJS.enc.Hex.stringify(pbkdf2KeyWS);
-677 	    return pbkdf2KeyHex;
-678 	},
+654          * @description
+655          * As for info, this uses following properties:
+656          * <ul>
+657          * <li>info.pbkdf2Salt - hexadecimal string of PBKDF2 salt</li>
+658          * <li>info.pkbdf2Iter - iteration count</li>
+659          * </ul>
+660          * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
+661          * <ul>
+662          * <li>keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1</li>
+663          * <li>encryptionScheme = des-EDE3-CBC(i.e. TripleDES</li>
+664          * </ul>
+665          * @example
+666          * // to convert plain PKCS#5 private key to encrypted PKCS#8 private
+667          * // key with PBKDF2 with TripleDES
+668          * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem
+669          */
+670         getPBKDF2KeyHexFromParam: function(info, passcode) {
+671             var pbkdf2SaltWS = CryptoJS.enc.Hex.parse(info.pbkdf2Salt);
+672             var pbkdf2Iter = info.pbkdf2Iter;
+673             var pbkdf2KeyWS = CryptoJS.PBKDF2(passcode, 
+674                                               pbkdf2SaltWS, 
+675                                               { keySize: 192/32, iterations: pbkdf2Iter });
+676             var pbkdf2KeyHex = CryptoJS.enc.Hex.stringify(pbkdf2KeyWS);
+677             return pbkdf2KeyHex;
+678         },
 679 
-680 	/**
+680         /**
 681          * read PEM formatted encrypted PKCS#8 private key and returns hexadecimal string of plain PKCS#8 private key
-682 	 * @name getPlainPKCS8HexFromEncryptedPKCS8PEM
-683 	 * @memberOf PKCS5PKEY
-684 	 * @function
-685 	 * @param {String} pkcs8PEM PEM formatted encrypted PKCS#8 private key
-686 	 * @param {String} passcode passcode to decrypto private key
-687 	 * @return {String} hexadecimal string of plain PKCS#8 private key
+682          * @name getPlainPKCS8HexFromEncryptedPKCS8PEM
+683          * @memberOf PKCS5PKEY
+684          * @function
+685          * @param {String} pkcs8PEM PEM formatted encrypted PKCS#8 private key
+686          * @param {String} passcode passcode to decrypto private key
+687          * @return {String} hexadecimal string of plain PKCS#8 private key
 688          * @since pkcs5pkey 1.0.3
-689 	 * @description
-690 	 * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
-691 	 * <ul>
-692 	 * <li>keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1</li>
-693 	 * <li>encryptionScheme = des-EDE3-CBC(i.e. TripleDES</li>
-694 	 * </ul>
-695 	 * @example
-696 	 * // to convert plain PKCS#5 private key to encrypted PKCS#8 private
-697 	 * // key with PBKDF2 with TripleDES
-698 	 * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem
-699 	 */
-700 	getPlainPKCS8HexFromEncryptedPKCS8PEM: function(pkcs8PEM, passcode) {
-701 	    // 1. derHex - PKCS#8 private key encrypted by PBKDF2
+689          * @description
+690          * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
+691          * <ul>
+692          * <li>keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1</li>
+693          * <li>encryptionScheme = des-EDE3-CBC(i.e. TripleDES</li>
+694          * </ul>
+695          * @example
+696          * // to convert plain PKCS#5 private key to encrypted PKCS#8 private
+697          * // key with PBKDF2 with TripleDES
+698          * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem
+699          */
+700         getPlainPKCS8HexFromEncryptedPKCS8PEM: function(pkcs8PEM, passcode) {
+701             // 1. derHex - PKCS#8 private key encrypted by PBKDF2
 702             var derHex = this.getHexFromPEM(pkcs8PEM, "ENCRYPTED PRIVATE KEY");
-703 	    // 2. info - PKCS#5 PBES info
-704 	    var info = this.parseHexOfEncryptedPKCS8(derHex);
-705 	    // 3. hKey - PBKDF2 key
-706 	    var pbkdf2KeyHex = PKCS5PKEY.getPBKDF2KeyHexFromParam(info, passcode);
-707 	    // 4. decrypt ciphertext by PBKDF2 key
-708 	    var encrypted = {};
-709 	    encrypted.ciphertext = CryptoJS.enc.Hex.parse(info.ciphertext);
-710 	    var pbkdf2KeyWS = CryptoJS.enc.Hex.parse(pbkdf2KeyHex);
-711 	    var des3IVWS = CryptoJS.enc.Hex.parse(info.encryptionSchemeIV);
-712 	    var decWS = CryptoJS.TripleDES.decrypt(encrypted, pbkdf2KeyWS, { iv: des3IVWS });
-713 	    var decHex = CryptoJS.enc.Hex.stringify(decWS);
-714 	    return decHex;
-715 	},
+703             // 2. info - PKCS#5 PBES info
+704             var info = this.parseHexOfEncryptedPKCS8(derHex);
+705             // 3. hKey - PBKDF2 key
+706             var pbkdf2KeyHex = PKCS5PKEY.getPBKDF2KeyHexFromParam(info, passcode);
+707             // 4. decrypt ciphertext by PBKDF2 key
+708             var encrypted = {};
+709             encrypted.ciphertext = CryptoJS.enc.Hex.parse(info.ciphertext);
+710             var pbkdf2KeyWS = CryptoJS.enc.Hex.parse(pbkdf2KeyHex);
+711             var des3IVWS = CryptoJS.enc.Hex.parse(info.encryptionSchemeIV);
+712             var decWS = CryptoJS.TripleDES.decrypt(encrypted, pbkdf2KeyWS, { iv: des3IVWS });
+713             var decHex = CryptoJS.enc.Hex.stringify(decWS);
+714             return decHex;
+715         },
 716 
-717 	/**
+717         /**
 718          * read PEM formatted encrypted PKCS#8 private key and returns RSAKey object
-719 	 * @name getRSAKeyFromEncryptedPKCS8PEM
-720 	 * @memberOf PKCS5PKEY
-721 	 * @function
-722 	 * @param {String} pkcs8PEM PEM formatted encrypted PKCS#8 private key
-723 	 * @param {String} passcode passcode to decrypto private key
-724 	 * @return {RSAKey} loaded RSAKey object of RSA private key
+719          * @name getRSAKeyFromEncryptedPKCS8PEM
+720          * @memberOf PKCS5PKEY
+721          * @function
+722          * @param {String} pkcs8PEM PEM formatted encrypted PKCS#8 private key
+723          * @param {String} passcode passcode to decrypto private key
+724          * @return {RSAKey} loaded RSAKey object of RSA private key
 725          * @since pkcs5pkey 1.0.3
-726 	 * @description
-727 	 * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
-728 	 * <ul>
-729 	 * <li>keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1</li>
-730 	 * <li>encryptionScheme = des-EDE3-CBC(i.e. TripleDES</li>
-731 	 * </ul>
-732 	 * @example
-733 	 * // to convert plain PKCS#5 private key to encrypted PKCS#8 private
-734 	 * // key with PBKDF2 with TripleDES
-735 	 * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem
-736 	 */
+726          * @description
+727          * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES.
+728          * <ul>
+729          * <li>keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1</li>
+730          * <li>encryptionScheme = des-EDE3-CBC(i.e. TripleDES</li>
+731          * </ul>
+732          * @example
+733          * // to convert plain PKCS#5 private key to encrypted PKCS#8 private
+734          * // key with PBKDF2 with TripleDES
+735          * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem
+736          */
 737         getRSAKeyFromEncryptedPKCS8PEM: function(pkcs8PEM, passcode) {
-738 	    var prvKeyHex = this.getPlainPKCS8HexFromEncryptedPKCS8PEM(pkcs8PEM, passcode);
-739 	    var rsaKey = this.getRSAKeyFromPlainPKCS8Hex(prvKeyHex);
-740 	    return rsaKey;
+738             var prvKeyHex = this.getPlainPKCS8HexFromEncryptedPKCS8PEM(pkcs8PEM, passcode);
+739             var rsaKey = this.getRSAKeyFromPlainPKCS8Hex(prvKeyHex);
+740             return rsaKey;
 741         },
 742 
-743 	/**
+743         /**
 744          * get RSAKey/ECDSA private key object from encrypted PEM PKCS#8 private key
-745 	 * @name getKeyFromEncryptedPKCS8PEM
-746 	 * @memberOf PKCS5PKEY
-747 	 * @function
-748 	 * @param {String} pkcs8PEM string of PEM formatted PKCS#8 private key
-749 	 * @param {String} passcode passcode string to decrypt key
-750 	 * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object
-751 	 * @since pkcs5pkey 1.0.5
-752 	 */
+745          * @name getKeyFromEncryptedPKCS8PEM
+746          * @memberOf PKCS5PKEY
+747          * @function
+748          * @param {String} pkcs8PEM string of PEM formatted PKCS#8 private key
+749          * @param {String} passcode passcode string to decrypt key
+750          * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object
+751          * @since pkcs5pkey 1.0.5
+752          */
 753         getKeyFromEncryptedPKCS8PEM: function(pkcs8PEM, passcode) {
-754 	    var prvKeyHex = this.getPlainPKCS8HexFromEncryptedPKCS8PEM(pkcs8PEM, passcode);
-755 	    var key = this.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex);
-756 	    return key;
+754             var prvKeyHex = this.getPlainPKCS8HexFromEncryptedPKCS8PEM(pkcs8PEM, passcode);
+755             var key = this.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex);
+756             return key;
 757         },
 758 
-759 	/**
+759         /**
 760          * parse hexadecimal string of plain PKCS#8 private key
-761 	 * @name parsePlainPrivatePKCS8Hex
-762 	 * @memberOf PKCS5PKEY
-763 	 * @function
-764 	 * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 plain private key
-765 	 * @return {Array} associative array of parsed key
-766 	 * @since pkcs5pkey 1.0.5
-767 	 * @description
-768 	 * Resulted associative array has following properties:
-769 	 * <ul>
-770 	 * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
-771 	 * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
-772 	 * <li>keyidx - string starting index of key in pkcs8PrvHex</li>
-773 	 * </ul>
-774 	 */
-775 	parsePlainPrivatePKCS8Hex: function(pkcs8PrvHex) {
-776 	    var result = {};
-777 	    result.algparam = null;
+761          * @name parsePlainPrivatePKCS8Hex
+762          * @memberOf PKCS5PKEY
+763          * @function
+764          * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 plain private key
+765          * @return {Array} associative array of parsed key
+766          * @since pkcs5pkey 1.0.5
+767          * @description
+768          * Resulted associative array has following properties:
+769          * <ul>
+770          * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
+771          * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
+772          * <li>keyidx - string starting index of key in pkcs8PrvHex</li>
+773          * </ul>
+774          */
+775         parsePlainPrivatePKCS8Hex: function(pkcs8PrvHex) {
+776             var result = {};
+777             result.algparam = null;
 778 
-779 	    // 1. sequence
-780 	    if (pkcs8PrvHex.substr(0, 2) != "30")
-781 		throw "malformed plain PKCS8 private key(code:001)"; // not sequence
+779             // 1. sequence
+780             if (pkcs8PrvHex.substr(0, 2) != "30")
+781                 throw "malformed plain PKCS8 private key(code:001)"; // not sequence
 782 
-783 	    var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PrvHex, 0);
-784 	    if (a1.length != 3)
-785 		throw "malformed plain PKCS8 private key(code:002)";
+783             var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PrvHex, 0);
+784             if (a1.length != 3)
+785                 throw "malformed plain PKCS8 private key(code:002)";
 786 
-787 	    // 2. AlgID
+787             // 2. AlgID
 788             if (pkcs8PrvHex.substr(a1[1], 2) != "30")
 789                 throw "malformed PKCS8 private key(code:003)"; // AlgId not sequence
 790 
@@ -799,270 +799,270 @@
 792             if (a2.length != 2)
 793                 throw "malformed PKCS8 private key(code:004)"; // AlgId not have two elements
 794 
-795 	    // 2.1. AlgID OID
-796 	    if (pkcs8PrvHex.substr(a2[0], 2) != "06")
-797 		throw "malformed PKCS8 private key(code:005)"; // AlgId.oid is not OID
+795             // 2.1. AlgID OID
+796             if (pkcs8PrvHex.substr(a2[0], 2) != "06")
+797                 throw "malformed PKCS8 private key(code:005)"; // AlgId.oid is not OID
 798 
-799 	    result.algoid = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a2[0]);
+799             result.algoid = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a2[0]);
 800 
-801 	    // 2.2. AlgID param
-802 	    if (pkcs8PrvHex.substr(a2[1], 2) == "06") {
-803 		result.algparam = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a2[1]);
-804 	    }
+801             // 2.2. AlgID param
+802             if (pkcs8PrvHex.substr(a2[1], 2) == "06") {
+803                 result.algparam = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a2[1]);
+804             }
 805 
-806 	    // 3. Key index
-807 	    if (pkcs8PrvHex.substr(a1[2], 2) != "04")
-808 		throw "malformed PKCS8 private key(code:006)"; // not octet string
+806             // 3. Key index
+807             if (pkcs8PrvHex.substr(a1[2], 2) != "04")
+808                 throw "malformed PKCS8 private key(code:006)"; // not octet string
 809 
-810 	    result.keyidx = ASN1HEX.getStartPosOfV_AtObj(pkcs8PrvHex, a1[2]);
+810             result.keyidx = ASN1HEX.getStartPosOfV_AtObj(pkcs8PrvHex, a1[2]);
 811 
-812 	    return result;
+812             return result;
 813         },
 814 
-815 	/**
+815         /**
 816          * get RSAKey/ECDSA private key object from PEM plain PEM PKCS#8 private key
-817 	 * @name getKeyFromPlainPrivatePKCS8PEM
-818 	 * @memberOf PKCS5PKEY
-819 	 * @function
-820 	 * @param {String} pkcs8PEM string of plain PEM formatted PKCS#8 private key
-821 	 * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object
-822 	 * @since pkcs5pkey 1.0.5
-823 	 */
-824 	getKeyFromPlainPrivatePKCS8PEM: function(prvKeyPEM) {
-825 	    var prvKeyHex = this.getHexFromPEM(prvKeyPEM, "PRIVATE KEY");
-826 	    var key = this.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex);
-827 	    return key;
-828 	},
+817          * @name getKeyFromPlainPrivatePKCS8PEM
+818          * @memberOf PKCS5PKEY
+819          * @function
+820          * @param {String} pkcs8PEM string of plain PEM formatted PKCS#8 private key
+821          * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object
+822          * @since pkcs5pkey 1.0.5
+823          */
+824         getKeyFromPlainPrivatePKCS8PEM: function(prvKeyPEM) {
+825             var prvKeyHex = this.getHexFromPEM(prvKeyPEM, "PRIVATE KEY");
+826             var key = this.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex);
+827             return key;
+828         },
 829 
-830 	/**
+830         /**
 831          * get RSAKey/ECDSA private key object from HEX plain PEM PKCS#8 private key
-832 	 * @name getKeyFromPlainPrivatePKCS8Hex
-833 	 * @memberOf PKCS5PKEY
-834 	 * @function
-835 	 * @param {String} prvKeyHex hexadecimal string of plain PKCS#8 private key
-836 	 * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object
-837 	 * @since pkcs5pkey 1.0.5
-838 	 */
-839 	getKeyFromPlainPrivatePKCS8Hex: function(prvKeyHex) {
-840 	    var p8 = this.parsePlainPrivatePKCS8Hex(prvKeyHex);
-841 	    
-842 	    if (p8.algoid == "2a864886f70d010101") { // RSA
-843 		this.parsePrivateRawRSAKeyHexAtObj(prvKeyHex, p8);
-844 		var k = p8.key;
-845 		var key = new RSAKey();
-846 		key.setPrivateEx(k.n, k.e, k.d, k.p, k.q, k.dp, k.dq, k.co);
-847 		return key;
-848 	    } else if (p8.algoid == "2a8648ce3d0201") { // ECC
-849 		this.parsePrivateRawECKeyHexAtObj(prvKeyHex, p8);
-850 		if (KJUR.crypto.OID.oidhex2name[p8.algparam] === undefined)
-851 		    throw "KJUR.crypto.OID.oidhex2name undefined: " + p8.algparam;
-852 		var curveName = KJUR.crypto.OID.oidhex2name[p8.algparam];
-853 		var key = new KJUR.crypto.ECDSA({'curve': curveName, 'prv': p8.key});
-854 		return key;
-855 	    } else {
-856 		throw "unsupported private key algorithm";
-857 	    }
-858 	},
+832          * @name getKeyFromPlainPrivatePKCS8Hex
+833          * @memberOf PKCS5PKEY
+834          * @function
+835          * @param {String} prvKeyHex hexadecimal string of plain PKCS#8 private key
+836          * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object
+837          * @since pkcs5pkey 1.0.5
+838          */
+839         getKeyFromPlainPrivatePKCS8Hex: function(prvKeyHex) {
+840             var p8 = this.parsePlainPrivatePKCS8Hex(prvKeyHex);
+841             
+842             if (p8.algoid == "2a864886f70d010101") { // RSA
+843                 this.parsePrivateRawRSAKeyHexAtObj(prvKeyHex, p8);
+844                 var k = p8.key;
+845                 var key = new RSAKey();
+846                 key.setPrivateEx(k.n, k.e, k.d, k.p, k.q, k.dp, k.dq, k.co);
+847                 return key;
+848             } else if (p8.algoid == "2a8648ce3d0201") { // ECC
+849                 this.parsePrivateRawECKeyHexAtObj(prvKeyHex, p8);
+850                 if (KJUR.crypto.OID.oidhex2name[p8.algparam] === undefined)
+851                     throw "KJUR.crypto.OID.oidhex2name undefined: " + p8.algparam;
+852                 var curveName = KJUR.crypto.OID.oidhex2name[p8.algparam];
+853                 var key = new KJUR.crypto.ECDSA({'curve': curveName, 'prv': p8.key});
+854                 return key;
+855             } else {
+856                 throw "unsupported private key algorithm";
+857             }
+858         },
 859 
-860 	// === PKCS8 RSA Public Key ================================================
-861 	/**
+860         // === PKCS8 RSA Public Key ================================================
+861         /**
 862          * read PEM formatted PKCS#8 public key and returns RSAKey object
-863 	 * @name getRSAKeyFromPublicPKCS8PEM
-864 	 * @memberOf PKCS5PKEY
-865 	 * @function
-866 	 * @param {String} pkcs8PubPEM PEM formatted PKCS#8 public key
-867 	 * @return {RSAKey} loaded RSAKey object of RSA public key
+863          * @name getRSAKeyFromPublicPKCS8PEM
+864          * @memberOf PKCS5PKEY
+865          * @function
+866          * @param {String} pkcs8PubPEM PEM formatted PKCS#8 public key
+867          * @return {RSAKey} loaded RSAKey object of RSA public key
 868          * @since pkcs5pkey 1.0.4
-869 	 */
+869          */
 870         getRSAKeyFromPublicPKCS8PEM: function(pkcs8PubPEM) {
 871             var pubKeyHex = this.getHexFromPEM(pkcs8PubPEM, "PUBLIC KEY");
 872             var rsaKey = this.getRSAKeyFromPublicPKCS8Hex(pubKeyHex);
-873 	    return rsaKey;
-874 	},
+873             return rsaKey;
+874         },
 875 
-876 	/**
+876         /**
 877          * get RSAKey/ECDSA public key object from PEM PKCS#8 public key
-878 	 * @name getKeyFromPublicPKCS8PEM
-879 	 * @memberOf PKCS5PKEY
-880 	 * @function
-881 	 * @param {String} pkcsPub8PEM string of PEM formatted PKCS#8 public key
-882 	 * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object
-883 	 * @since pkcs5pkey 1.0.5
-884 	 */
+878          * @name getKeyFromPublicPKCS8PEM
+879          * @memberOf PKCS5PKEY
+880          * @function
+881          * @param {String} pkcsPub8PEM string of PEM formatted PKCS#8 public key
+882          * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object
+883          * @since pkcs5pkey 1.0.5
+884          */
 885         getKeyFromPublicPKCS8PEM: function(pkcs8PubPEM) {
 886             var pubKeyHex = this.getHexFromPEM(pkcs8PubPEM, "PUBLIC KEY");
 887             var key = this.getKeyFromPublicPKCS8Hex(pubKeyHex);
-888 	    return key;
-889 	},
+888             return key;
+889         },
 890 
-891 	/**
+891         /**
 892          * get RSAKey/ECDSA public key object from hexadecimal string of PKCS#8 public key
-893 	 * @name getKeyFromPublicPKCS8Hex
-894 	 * @memberOf PKCS5PKEY
-895 	 * @function
-896 	 * @param {String} pkcsPub8Hex hexadecimal string of PKCS#8 public key
-897 	 * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object
-898 	 * @since pkcs5pkey 1.0.5
-899 	 */
+893          * @name getKeyFromPublicPKCS8Hex
+894          * @memberOf PKCS5PKEY
+895          * @function
+896          * @param {String} pkcsPub8Hex hexadecimal string of PKCS#8 public key
+897          * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object
+898          * @since pkcs5pkey 1.0.5
+899          */
 900         getKeyFromPublicPKCS8Hex: function(pkcs8PubHex) {
-901 	    var p8 = this.parsePublicPKCS8Hex(pkcs8PubHex);
-902 	    
-903 	    if (p8.algoid == "2a864886f70d010101") { // RSA
-904 		var aRSA = this.parsePublicRawRSAKeyHex(p8.key);
-905 		var key = new RSAKey();
-906 		key.setPublic(aRSA.n, aRSA.e);
-907 		return key;
-908 	    } else if (p8.algoid == "2a8648ce3d0201") { // ECC
-909 		if (KJUR.crypto.OID.oidhex2name[p8.algparam] === undefined)
-910 		    throw "KJUR.crypto.OID.oidhex2name undefined: " + p8.algparam;
-911 		var curveName = KJUR.crypto.OID.oidhex2name[p8.algparam];
-912 		var key = new KJUR.crypto.ECDSA({'curve': curveName, 'pub': p8.key});
-913 		return key;
-914 	    } else {
-915 		throw "unsupported public key algorithm";
-916 	    }
-917 	},
+901             var p8 = this.parsePublicPKCS8Hex(pkcs8PubHex);
+902             
+903             if (p8.algoid == "2a864886f70d010101") { // RSA
+904                 var aRSA = this.parsePublicRawRSAKeyHex(p8.key);
+905                 var key = new RSAKey();
+906                 key.setPublic(aRSA.n, aRSA.e);
+907                 return key;
+908             } else if (p8.algoid == "2a8648ce3d0201") { // ECC
+909                 if (KJUR.crypto.OID.oidhex2name[p8.algparam] === undefined)
+910                     throw "KJUR.crypto.OID.oidhex2name undefined: " + p8.algparam;
+911                 var curveName = KJUR.crypto.OID.oidhex2name[p8.algparam];
+912                 var key = new KJUR.crypto.ECDSA({'curve': curveName, 'pub': p8.key});
+913                 return key;
+914             } else {
+915                 throw "unsupported public key algorithm";
+916             }
+917         },
 918 
-919 	/**
+919         /**
 920          * parse hexadecimal string of plain PKCS#8 private key
-921 	 * @name parsePublicRawRSAKeyHex
-922 	 * @memberOf PKCS5PKEY
-923 	 * @function
-924 	 * @param {String} pubRawRSAHex hexadecimal string of ASN.1 encoded PKCS#8 public key
-925 	 * @return {Array} associative array of parsed key
-926 	 * @since pkcs5pkey 1.0.5
-927 	 * @description
-928 	 * Resulted associative array has following properties:
-929 	 * <ul>
-930 	 * <li>n - hexadecimal string of public key
-931 	 * <li>e - hexadecimal string of public exponent
-932 	 * </ul>
-933 	 */
-934 	parsePublicRawRSAKeyHex: function(pubRawRSAHex) {
-935 	    var result = {};
-936 	    
-937 	    // 1. Sequence
-938 	    if (pubRawRSAHex.substr(0, 2) != "30")
-939 		throw "malformed RSA key(code:001)"; // not sequence
-940 	    
-941 	    var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pubRawRSAHex, 0);
-942 	    if (a1.length != 2)
-943 		throw "malformed RSA key(code:002)"; // not 2 items in seq
+921          * @name parsePublicRawRSAKeyHex
+922          * @memberOf PKCS5PKEY
+923          * @function
+924          * @param {String} pubRawRSAHex hexadecimal string of ASN.1 encoded PKCS#8 public key
+925          * @return {Array} associative array of parsed key
+926          * @since pkcs5pkey 1.0.5
+927          * @description
+928          * Resulted associative array has following properties:
+929          * <ul>
+930          * <li>n - hexadecimal string of public key
+931          * <li>e - hexadecimal string of public exponent
+932          * </ul>
+933          */
+934         parsePublicRawRSAKeyHex: function(pubRawRSAHex) {
+935             var result = {};
+936             
+937             // 1. Sequence
+938             if (pubRawRSAHex.substr(0, 2) != "30")
+939                 throw "malformed RSA key(code:001)"; // not sequence
+940             
+941             var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pubRawRSAHex, 0);
+942             if (a1.length != 2)
+943                 throw "malformed RSA key(code:002)"; // not 2 items in seq
 944 
-945 	    // 2. public key "N"
-946 	    if (pubRawRSAHex.substr(a1[0], 2) != "02")
-947 		throw "malformed RSA key(code:003)"; // 1st item is not integer
+945             // 2. public key "N"
+946             if (pubRawRSAHex.substr(a1[0], 2) != "02")
+947                 throw "malformed RSA key(code:003)"; // 1st item is not integer
 948 
-949 	    result.n = ASN1HEX.getHexOfV_AtObj(pubRawRSAHex, a1[0]);
+949             result.n = ASN1HEX.getHexOfV_AtObj(pubRawRSAHex, a1[0]);
 950 
-951 	    // 3. public key "E"
-952 	    if (pubRawRSAHex.substr(a1[1], 2) != "02")
-953 		throw "malformed RSA key(code:004)"; // 2nd item is not integer
+951             // 3. public key "E"
+952             if (pubRawRSAHex.substr(a1[1], 2) != "02")
+953                 throw "malformed RSA key(code:004)"; // 2nd item is not integer
 954 
-955 	    result.e = ASN1HEX.getHexOfV_AtObj(pubRawRSAHex, a1[1]);
+955             result.e = ASN1HEX.getHexOfV_AtObj(pubRawRSAHex, a1[1]);
 956 
-957 	    return result;
-958 	},
+957             return result;
+958         },
 959 
-960 	/**
+960         /**
 961          * parse hexadecimal string of RSA private key
-962 	 * @name parsePrivateRawRSAKeyHexAtObj
-963 	 * @memberOf PKCS5PKEY
-964 	 * @function
-965 	 * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 private key concluding RSA private key
-966 	 * @return {Array} info associative array to add parsed RSA private key information
-967 	 * @since pkcs5pkey 1.0.5
-968 	 * @description
-969 	 * Following properties are added to associative array 'info'
-970 	 * <ul>
-971 	 * <li>n - hexadecimal string of public key
-972 	 * <li>e - hexadecimal string of public exponent
-973 	 * <li>d - hexadecimal string of private key
-974 	 * <li>p - hexadecimal string
-975 	 * <li>q - hexadecimal string
-976 	 * <li>dp - hexadecimal string
-977 	 * <li>dq - hexadecimal string
-978 	 * <li>co - hexadecimal string
-979 	 * </ul>
-980 	 */
-981 	parsePrivateRawRSAKeyHexAtObj: function(pkcs8PrvHex, info) {
-982 	    var keyIdx = info.keyidx;
-983 	    
-984 	    // 1. sequence
-985 	    if (pkcs8PrvHex.substr(keyIdx, 2) != "30")
-986 		throw "malformed RSA private key(code:001)"; // not sequence
+962          * @name parsePrivateRawRSAKeyHexAtObj
+963          * @memberOf PKCS5PKEY
+964          * @function
+965          * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 private key concluding RSA private key
+966          * @return {Array} info associative array to add parsed RSA private key information
+967          * @since pkcs5pkey 1.0.5
+968          * @description
+969          * Following properties are added to associative array 'info'
+970          * <ul>
+971          * <li>n - hexadecimal string of public key
+972          * <li>e - hexadecimal string of public exponent
+973          * <li>d - hexadecimal string of private key
+974          * <li>p - hexadecimal string
+975          * <li>q - hexadecimal string
+976          * <li>dp - hexadecimal string
+977          * <li>dq - hexadecimal string
+978          * <li>co - hexadecimal string
+979          * </ul>
+980          */
+981         parsePrivateRawRSAKeyHexAtObj: function(pkcs8PrvHex, info) {
+982             var keyIdx = info.keyidx;
+983             
+984             // 1. sequence
+985             if (pkcs8PrvHex.substr(keyIdx, 2) != "30")
+986                 throw "malformed RSA private key(code:001)"; // not sequence
 987 
-988 	    var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PrvHex, keyIdx);
-989 	    if (a1.length != 9)
-990 		throw "malformed RSA private key(code:002)"; // not sequence
+988             var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PrvHex, keyIdx);
+989             if (a1.length != 9)
+990                 throw "malformed RSA private key(code:002)"; // not sequence
 991 
-992 	    // 2. RSA key
-993 	    info.key = {};
-994 	    info.key.n = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[1]);
-995 	    info.key.e = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[2]);
-996 	    info.key.d = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[3]);
-997 	    info.key.p = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[4]);
-998 	    info.key.q = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[5]);
-999 	    info.key.dp = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[6]);
-1000 	    info.key.dq = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[7]);
-1001 	    info.key.co = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[8]);
-1002 	},
+992             // 2. RSA key
+993             info.key = {};
+994             info.key.n = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[1]);
+995             info.key.e = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[2]);
+996             info.key.d = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[3]);
+997             info.key.p = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[4]);
+998             info.key.q = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[5]);
+999             info.key.dp = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[6]);
+1000             info.key.dq = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[7]);
+1001             info.key.co = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[8]);
+1002         },
 1003 
-1004 	/**
+1004         /**
 1005          * parse hexadecimal string of ECC private key
-1006 	 * @name parsePrivateRawECKeyHexAtObj
-1007 	 * @memberOf PKCS5PKEY
-1008 	 * @function
-1009 	 * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 private key concluding EC private key
-1010 	 * @return {Array} info associative array to add parsed ECC private key information
-1011 	 * @since pkcs5pkey 1.0.5
-1012 	 * @description
-1013 	 * Following properties are added to associative array 'info'
-1014 	 * <ul>
-1015 	 * <li>key - hexadecimal string of ECC private key
-1016 	 * </ul>
-1017 	 */
-1018 	parsePrivateRawECKeyHexAtObj: function(pkcs8PrvHex, info) {
-1019 	    var keyIdx = info.keyidx;
-1020 	    
-1021 	    // 1. sequence
-1022 	    if (pkcs8PrvHex.substr(keyIdx, 2) != "30")
-1023 		throw "malformed ECC private key(code:001)"; // not sequence
+1006          * @name parsePrivateRawECKeyHexAtObj
+1007          * @memberOf PKCS5PKEY
+1008          * @function
+1009          * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 private key concluding EC private key
+1010          * @return {Array} info associative array to add parsed ECC private key information
+1011          * @since pkcs5pkey 1.0.5
+1012          * @description
+1013          * Following properties are added to associative array 'info'
+1014          * <ul>
+1015          * <li>key - hexadecimal string of ECC private key
+1016          * </ul>
+1017          */
+1018         parsePrivateRawECKeyHexAtObj: function(pkcs8PrvHex, info) {
+1019             var keyIdx = info.keyidx;
+1020             
+1021             // 1. sequence
+1022             if (pkcs8PrvHex.substr(keyIdx, 2) != "30")
+1023                 throw "malformed ECC private key(code:001)"; // not sequence
 1024 
-1025 	    var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PrvHex, keyIdx);
-1026 	    if (a1.length != 3)
-1027 		throw "malformed ECC private key(code:002)"; // not sequence
+1025             var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PrvHex, keyIdx);
+1026             if (a1.length != 3)
+1027                 throw "malformed ECC private key(code:002)"; // not sequence
 1028 
-1029 	    // 2. EC private key
-1030 	    if (pkcs8PrvHex.substr(a1[1], 2) != "04")
-1031 		throw "malformed ECC private key(code:003)"; // not octetstring
+1029             // 2. EC private key
+1030             if (pkcs8PrvHex.substr(a1[1], 2) != "04")
+1031                 throw "malformed ECC private key(code:003)"; // not octetstring
 1032 
-1033 	    info.key = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[1]);
-1034 	},
+1033             info.key = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[1]);
+1034         },
 1035 
-1036 	/**
+1036         /**
 1037          * parse hexadecimal string of PKCS#8 public key
-1038 	 * @name parsePublicPKCS8Hex
-1039 	 * @memberOf PKCS5PKEY
-1040 	 * @function
-1041 	 * @param {String} pkcs8PubHex hexadecimal string of PKCS#8 public key
-1042 	 * @return {Hash} hash of key information
-1043 	 * @description
+1038          * @name parsePublicPKCS8Hex
+1039          * @memberOf PKCS5PKEY
+1040          * @function
+1041          * @param {String} pkcs8PubHex hexadecimal string of PKCS#8 public key
+1042          * @return {Hash} hash of key information
+1043          * @description
 1044          * Resulted hash has following attributes.
-1045 	 * <ul>
-1046 	 * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
-1047 	 * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
-1048 	 * <li>key - hexadecimal string of public key</li>
-1049 	 * </ul>
-1050 	 */
+1045          * <ul>
+1046          * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
+1047          * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
+1048          * <li>key - hexadecimal string of public key</li>
+1049          * </ul>
+1050          */
 1051         parsePublicPKCS8Hex: function(pkcs8PubHex) {
-1052 	    var result = {};
-1053 	    result.algparam = null;
+1052             var result = {};
+1053             result.algparam = null;
 1054 
 1055             // 1. AlgID and Key bit string
-1056 	    var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PubHex, 0);
-1057 	    if (a1.length != 2)
-1058 		throw "outer DERSequence shall have 2 elements: " + a1.length;
+1056             var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PubHex, 0);
+1057             if (a1.length != 2)
+1058                 throw "outer DERSequence shall have 2 elements: " + a1.length;
 1059 
 1060             // 2. AlgID
 1061             var idxAlgIdTLV = a1[0];
@@ -1073,73 +1073,70 @@
 1066             if (a2.length != 2)
 1067                 throw "malformed PKCS8 public key(code:002)"; // AlgId not have two elements
 1068 
-1069 	    // 2.1. AlgID OID
-1070 	    if (pkcs8PubHex.substr(a2[0], 2) != "06")
-1071 		throw "malformed PKCS8 public key(code:003)"; // AlgId.oid is not OID
+1069             // 2.1. AlgID OID
+1070             if (pkcs8PubHex.substr(a2[0], 2) != "06")
+1071                 throw "malformed PKCS8 public key(code:003)"; // AlgId.oid is not OID
 1072 
-1073 	    result.algoid = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[0]);
+1073             result.algoid = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[0]);
 1074 
-1075 	    // 2.2. AlgID param
-1076 	    if (pkcs8PubHex.substr(a2[1], 2) == "06") {
-1077 		result.algparam = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[1]);
-1078 	    }
+1075             // 2.2. AlgID param
+1076             if (pkcs8PubHex.substr(a2[1], 2) == "06") {
+1077                 result.algparam = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[1]);
+1078             }
 1079 
-1080 	    // 3. Key
-1081 	    if (pkcs8PubHex.substr(a1[1], 2) != "03")
-1082 		throw "malformed PKCS8 public key(code:004)"; // Key is not bit string
+1080             // 3. Key
+1081             if (pkcs8PubHex.substr(a1[1], 2) != "03")
+1082                 throw "malformed PKCS8 public key(code:004)"; // Key is not bit string
 1083 
-1084 	    result.key = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a1[1]).substr(2);
+1084             result.key = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a1[1]).substr(2);
 1085             
-1086 	    // 4. return result assoc array
-1087 	    return result;
+1086             // 4. return result assoc array
+1087             return result;
 1088         },
 1089 
-1090 	/**
+1090         /**
 1091          * provide hexadecimal string of unencrypted PKCS#8 private key and returns RSAKey object
-1092 	 * @name getRSAKeyFromPublicPKCS8Hex
-1093 	 * @memberOf PKCS5PKEY
-1094 	 * @function
-1095 	 * @param {String} pkcs8PubHex hexadecimal string of unencrypted PKCS#8 public key
-1096 	 * @return {RSAKey} loaded RSAKey object of RSA public key
+1092          * @name getRSAKeyFromPublicPKCS8Hex
+1093          * @memberOf PKCS5PKEY
+1094          * @function
+1095          * @param {String} pkcs8PubHex hexadecimal string of unencrypted PKCS#8 public key
+1096          * @return {RSAKey} loaded RSAKey object of RSA public key
 1097          * @since pkcs5pkey 1.0.4
-1098 	 */
+1098          */
 1099         getRSAKeyFromPublicPKCS8Hex: function(pkcs8PubHex) {
-1100 	    var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PubHex, 0);
-1101 	    if (a1.length != 2)
-1102 		throw "outer DERSequence shall have 2 elements: " + a1.length;
+1100             var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PubHex, 0);
+1101             if (a1.length != 2)
+1102                 throw "outer DERSequence shall have 2 elements: " + a1.length;
 1103 
 1104             var algIdTLV =ASN1HEX.getHexOfTLV_AtObj(pkcs8PubHex, a1[0]);
-1105 	    if (algIdTLV != "300d06092a864886f70d0101010500") // AlgId rsaEncryption
-1106 		throw "PKCS8 AlgorithmId is not rsaEncryption";
-1107 	    
-1108 	    if (pkcs8PubHex.substr(a1[1], 2) != "03")
-1109 		throw "PKCS8 Public Key is not BITSTRING encapslated.";
+1105             if (algIdTLV != "300d06092a864886f70d0101010500") // AlgId rsaEncryption
+1106                 throw "PKCS8 AlgorithmId is not rsaEncryption";
+1107             
+1108             if (pkcs8PubHex.substr(a1[1], 2) != "03")
+1109                 throw "PKCS8 Public Key is not BITSTRING encapslated.";
 1110 
-1111 	    var idxPub = ASN1HEX.getStartPosOfV_AtObj(pkcs8PubHex, a1[1]) + 2; // 2 for unused bit
-1112 	    
-1113 	    if (pkcs8PubHex.substr(idxPub, 2) != "30")
-1114 		throw "PKCS8 Public Key is not SEQUENCE.";
+1111             var idxPub = ASN1HEX.getStartPosOfV_AtObj(pkcs8PubHex, a1[1]) + 2; // 2 for unused bit
+1112             
+1113             if (pkcs8PubHex.substr(idxPub, 2) != "30")
+1114                 throw "PKCS8 Public Key is not SEQUENCE.";
 1115 
-1116 	    var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PubHex, idxPub);
-1117 	    if (a2.length != 2)
-1118 		throw "inner DERSequence shall have 2 elements: " + a2.length;
+1116             var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PubHex, idxPub);
+1117             if (a2.length != 2)
+1118                 throw "inner DERSequence shall have 2 elements: " + a2.length;
 1119 
-1120 	    if (pkcs8PubHex.substr(a2[0], 2) != "02") 
-1121 		throw "N is not ASN.1 INTEGER";
-1122 	    if (pkcs8PubHex.substr(a2[1], 2) != "02") 
-1123 		throw "E is not ASN.1 INTEGER";
-1124 		
-1125 	    var hN = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[0]);
-1126 	    var hE = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[1]);
+1120             if (pkcs8PubHex.substr(a2[0], 2) != "02") 
+1121                 throw "N is not ASN.1 INTEGER";
+1122             if (pkcs8PubHex.substr(a2[1], 2) != "02") 
+1123                 throw "E is not ASN.1 INTEGER";
+1124             
+1125             var hN = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[0]);
+1126             var hE = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[1]);
 1127 
-1128 	    var pubKey = new RSAKey();
-1129 	    pubKey.setPublic(hN, hE);
-1130 	    
-1131 	    return pubKey;
-1132 	},
-1133 
-1134 	//addAlgorithm: function(functionObject, algName, keyLen, ivLen) {
-1135 	//}
-1136     };
-1137 }();
-1138 
    
\ No newline at end of file
+1128                 var pubKey = new RSAKey();
+1129             pubKey.setPublic(hN, hE);
+1130             
+1131             return pubKey;
+1132         },
+1133     };
+1134 }();
+1135
    \ No newline at end of file diff --git a/asn1-1.0.js b/asn1-1.0.js old mode 100755 new mode 100644 diff --git a/asn1-1.0.min.js b/asn1-1.0.min.js old mode 100755 new mode 100644 diff --git a/asn1x509-1.0.js b/asn1x509-1.0.js old mode 100755 new mode 100644 index c589da1c..c4f4e1ee --- a/asn1x509-1.0.js +++ b/asn1x509-1.0.js @@ -1,9 +1,9 @@ -/*! asn1x509-1.0.7.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! asn1x509-1.0.8.js (c) 2013-2014 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate * - * Copyright (c) 2013 Kenji Urushima (kenji.urushima@gmail.com) + * Copyright (c) 2013-2014 Kenji Urushima (kenji.urushima@gmail.com) * * This software is licensed under the terms of the MIT License. * http://kjur.github.com/jsrsasign/license @@ -16,7 +16,7 @@ * @fileOverview * @name asn1x509-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version 1.0.7 (2013-Oct-11) + * @version 1.0.8 (2014-Apr-16) * @since jsrsasign 2.1 * @license MIT License */ @@ -27,7 +27,7 @@ * @name KJUR * @namespace kjur's class library name space */ -if (typeof KJUR == "undefined" || !KJUR) KJUR = {}; + if (typeof KJUR == "undefined" || !KJUR) KJUR = {}; /** * kjur's ASN.1 class library name space @@ -71,6 +71,7 @@ if (typeof KJUR.asn1 == "undefined" || !KJUR.asn1) KJUR.asn1 = {}; *
  • {@link KJUR.asn1.x509.KeyUsage}
    • *
  • {@link KJUR.asn1.x509.CRLDistributionPoints}
    • *
  • {@link KJUR.asn1.x509.ExtKeyUsage}
    • + *
  • {@link KJUR.asn1.x509.AuthorityKeyIdentifier}
    • * * NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2. * @name KJUR.asn1.x509 @@ -107,7 +108,7 @@ if (typeof KJUR.asn1.x509 == "undefined" || !KJUR.asn1.x509) KJUR.asn1.x509 = {} * // Certificate ::= SEQUENCE { * // tbsCertificate TBSCertificate, * // signatureAlgorithm AlgorithmIdentifier, - * // signature BIT STRING } + * // signature BIT STRING } */ KJUR.asn1.x509.Certificate = function(params) { KJUR.asn1.x509.Certificate.superclass.constructor.call(this); @@ -135,10 +136,10 @@ KJUR.asn1.x509.Certificate = function(params) { * cert.setRsaPrvKeyByPEMandPass("-----BEGIN RSA PRIVATE..(snip)", "password"); */ this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) { - var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM); - var caKey = new RSAKey(); - caKey.readPrivateKeyFromASN1HexString(caKeyHex); - this.prvKey = caKey; + var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM); + var caKey = new RSAKey(); + caKey.readPrivateKeyFromASN1HexString(caKeyHex); + this.prvKey = caKey; }; /** @@ -152,25 +153,48 @@ KJUR.asn1.x509.Certificate = function(params) { * cert.sign(); */ this.sign = function() { - this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg; + this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg; - sig = new KJUR.crypto.Signature({'alg': 'SHA1withRSA'}); - sig.init(this.prvKey); - sig.updateHex(this.asn1TBSCert.getEncodedHex()); - this.hexSig = sig.sign(); + sig = new KJUR.crypto.Signature({'alg': 'SHA1withRSA'}); + sig.init(this.prvKey); + sig.updateHex(this.asn1TBSCert.getEncodedHex()); + this.hexSig = sig.sign(); - this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig}); - - var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCert, - this.asn1SignatureAlg, - this.asn1Sig]}); - this.hTLV = seq.getEncodedHex(); - this.isModified = false; + this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig}); + + var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCert, + this.asn1SignatureAlg, + this.asn1Sig]}); + this.hTLV = seq.getEncodedHex(); + this.isModified = false; }; + /** + * set signature value internally by hex string + * @name setSignatureHex + * @memberOf KJUR.asn1.x509.Certificate + * @function + * @since asn1x509 1.0.8 + * @description + * @example + * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs}); + * cert.setSignatureHex('01020304'); + */ + this.setSignatureHex = function(sigHex) { + this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg; + this.hexSig = sigHex; + this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig}); + + var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCert, + this.asn1SignatureAlg, + this.asn1Sig]}); + this.hTLV = seq.getEncodedHex(); + this.isModified = false; + }; + this.getEncodedHex = function() { - if (this.isModified == false && this.hTLV != null) return this.hTLV; - throw "not signed yet"; + if (this.isModified == false && this.hTLV != null) return this.hTLV; + throw "not signed yet"; }; /** @@ -186,25 +210,25 @@ KJUR.asn1.x509.Certificate = function(params) { * var sPEM = cert.getPEMString(); */ this.getPEMString = function() { - var hCert = this.getEncodedHex(); - var wCert = CryptoJS.enc.Hex.parse(hCert); - var b64Cert = CryptoJS.enc.Base64.stringify(wCert); - var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n"); - return "-----BEGIN CERTIFICATE-----\r\n" + pemBody + "\r\n-----END CERTIFICATE-----\r\n"; + var hCert = this.getEncodedHex(); + var wCert = CryptoJS.enc.Hex.parse(hCert); + var b64Cert = CryptoJS.enc.Base64.stringify(wCert); + var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n"); + return "-----BEGIN CERTIFICATE-----\r\n" + pemBody + "\r\n-----END CERTIFICATE-----\r\n"; }; if (typeof params != "undefined") { - if (typeof params['tbscertobj'] != "undefined") { - this.asn1TBSCert = params['tbscertobj']; - } - if (typeof params['prvkeyobj'] != "undefined") { - this.prvKey = params['prvkeyobj']; - } else if (typeof params['rsaprvkey'] != "undefined") { - this.prvKey = params['rsaprvkey']; + if (typeof params['tbscertobj'] != "undefined") { + this.asn1TBSCert = params['tbscertobj']; + } + if (typeof params['prvkeyobj'] != "undefined") { + this.prvKey = params['prvkeyobj']; + } else if (typeof params['rsaprvkey'] != "undefined") { + this.prvKey = params['rsaprvkey']; } else if ((typeof params['rsaprvpem'] != "undefined") && - (typeof params['rsaprvpas'] != "undefined")) { - this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']); - } + (typeof params['rsaprvpas'] != "undefined")) { + this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']); + } } }; YAHOO.lang.extend(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object); @@ -234,18 +258,18 @@ KJUR.asn1.x509.TBSCertificate = function(params) { KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this); this._initialize = function() { - this.asn1Array = new Array(); + this.asn1Array = new Array(); - this.asn1Version = - new KJUR.asn1.DERTaggedObject({'obj': new KJUR.asn1.DERInteger({'int': 2})}); - this.asn1SerialNumber = null; - this.asn1SignatureAlg = null; - this.asn1Issuer = null; - this.asn1NotBefore = null; - this.asn1NotAfter = null; - this.asn1Subject = null; - this.asn1SubjPKey = null; - this.extensionsArray = new Array(); + this.asn1Version = + new KJUR.asn1.DERTaggedObject({'obj': new KJUR.asn1.DERInteger({'int': 2})}); + this.asn1SerialNumber = null; + this.asn1SignatureAlg = null; + this.asn1Issuer = null; + this.asn1NotBefore = null; + this.asn1NotAfter = null; + this.asn1Subject = null; + this.asn1SubjPKey = null; + this.extensionsArray = new Array(); }; /** @@ -259,7 +283,7 @@ KJUR.asn1.x509.TBSCertificate = function(params) { * tbsc.setSerialNumberByParam({'int': 3}); */ this.setSerialNumberByParam = function(intParam) { - this.asn1SerialNumber = new KJUR.asn1.DERInteger(intParam); + this.asn1SerialNumber = new KJUR.asn1.DERInteger(intParam); }; /** @@ -273,7 +297,7 @@ KJUR.asn1.x509.TBSCertificate = function(params) { * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'}); */ this.setSignatureAlgByParam = function(algIdParam) { - this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam); + this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam); }; /** @@ -288,7 +312,7 @@ KJUR.asn1.x509.TBSCertificate = function(params) { * @see KJUR.asn1.x509.X500Name */ this.setIssuerByParam = function(x500NameParam) { - this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam); + this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam); }; /** @@ -303,7 +327,7 @@ KJUR.asn1.x509.TBSCertificate = function(params) { * @see KJUR.asn1.x509.Time */ this.setNotBeforeByParam = function(timeParam) { - this.asn1NotBefore = new KJUR.asn1.x509.Time(timeParam); + this.asn1NotBefore = new KJUR.asn1.x509.Time(timeParam); }; /** @@ -318,7 +342,7 @@ KJUR.asn1.x509.TBSCertificate = function(params) { * @see KJUR.asn1.x509.Time */ this.setNotAfterByParam = function(timeParam) { - this.asn1NotAfter = new KJUR.asn1.x509.Time(timeParam); + this.asn1NotAfter = new KJUR.asn1.x509.Time(timeParam); }; /** @@ -333,7 +357,7 @@ KJUR.asn1.x509.TBSCertificate = function(params) { * @see KJUR.asn1.x509.X500Name */ this.setSubjectByParam = function(x500NameParam) { - this.asn1Subject = new KJUR.asn1.x509.X500Name(x500NameParam); + this.asn1Subject = new KJUR.asn1.x509.X500Name(x500NameParam); }; /** @@ -349,7 +373,7 @@ KJUR.asn1.x509.TBSCertificate = function(params) { * @see KJUR.asn1.x509.SubjectPublicKeyInfo */ this.setSubjectPublicKeyByParam = function(subjPKeyParam) { - this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(subjPKeyParam); + this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(subjPKeyParam); }; /** @@ -368,8 +392,8 @@ KJUR.asn1.x509.TBSCertificate = function(params) { * @since asn1x509 1.0.6 */ this.setSubjectPublicKeyByGetKey = function(keyParam) { - var keyObj = KEYUTIL.getKey(keyParam); - this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObj); + var keyObj = KEYUTIL.getKey(keyParam); + this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObj); }; /** @@ -385,7 +409,7 @@ KJUR.asn1.x509.TBSCertificate = function(params) { * @see KJUR.asn1.x509.Extension */ this.appendExtension = function(extObj) { - this.extensionsArray.push(extObj); + this.extensionsArray.push(extObj); }; /** @@ -401,54 +425,58 @@ KJUR.asn1.x509.TBSCertificate = function(params) { * tbsc.appendExtensionByName('KeyUsage', {'bin':'11'}); * tbsc.appendExtensionByName('CRLDistributionPoints', {uri: 'http://aaa.com/a.crl'}); * tbsc.appendExtensionByName('ExtKeyUsage', {array: [{name: 'clientAuth'}]}); + * tbsc.appendExtensionByName('AuthorityKeyIdentifier', {kid: '1234ab..'}); * @see KJUR.asn1.x509.Extension */ this.appendExtensionByName = function(name, extParams) { - if (name.toLowerCase() == "basicconstraints") { - var extObj = new KJUR.asn1.x509.BasicConstraints(extParams); - this.appendExtension(extObj); - } else if (name.toLowerCase() == "keyusage") { - var extObj = new KJUR.asn1.x509.KeyUsage(extParams); - this.appendExtension(extObj); - } else if (name.toLowerCase() == "crldistributionpoints") { - var extObj = new KJUR.asn1.x509.CRLDistributionPoints(extParams); - this.appendExtension(extObj); - } else if (name.toLowerCase() == "extkeyusage") { - var extObj = new KJUR.asn1.x509.ExtKeyUsage(extParams); - this.appendExtension(extObj); - } else { - throw "unsupported extension name: " + name; - } + if (name.toLowerCase() == "basicconstraints") { + var extObj = new KJUR.asn1.x509.BasicConstraints(extParams); + this.appendExtension(extObj); + } else if (name.toLowerCase() == "keyusage") { + var extObj = new KJUR.asn1.x509.KeyUsage(extParams); + this.appendExtension(extObj); + } else if (name.toLowerCase() == "crldistributionpoints") { + var extObj = new KJUR.asn1.x509.CRLDistributionPoints(extParams); + this.appendExtension(extObj); + } else if (name.toLowerCase() == "extkeyusage") { + var extObj = new KJUR.asn1.x509.ExtKeyUsage(extParams); + this.appendExtension(extObj); + } else if (name.toLowerCase() == "authoritykeyidentifier") { + var extObj = new KJUR.asn1.x509.AuthorityKeyIdentifier(extParams); + this.appendExtension(extObj); + } else { + throw "unsupported extension name: " + name; + } }; this.getEncodedHex = function() { - if (this.asn1NotBefore == null || this.asn1NotAfter == null) - throw "notBefore and/or notAfter not set"; - var asn1Validity = - new KJUR.asn1.DERSequence({'array':[this.asn1NotBefore, this.asn1NotAfter]}); - - this.asn1Array = new Array(); - - this.asn1Array.push(this.asn1Version); - this.asn1Array.push(this.asn1SerialNumber); - this.asn1Array.push(this.asn1SignatureAlg); - this.asn1Array.push(this.asn1Issuer); - this.asn1Array.push(asn1Validity); - this.asn1Array.push(this.asn1Subject); - this.asn1Array.push(this.asn1SubjPKey); - - if (this.extensionsArray.length > 0) { - var extSeq = new KJUR.asn1.DERSequence({"array": this.extensionsArray}); - var extTagObj = new KJUR.asn1.DERTaggedObject({'explicit': true, - 'tag': 'a3', - 'obj': extSeq}); - this.asn1Array.push(extTagObj); - } - - var o = new KJUR.asn1.DERSequence({"array": this.asn1Array}); - this.hTLV = o.getEncodedHex(); - this.isModified = false; - return this.hTLV; + if (this.asn1NotBefore == null || this.asn1NotAfter == null) + throw "notBefore and/or notAfter not set"; + var asn1Validity = + new KJUR.asn1.DERSequence({'array':[this.asn1NotBefore, this.asn1NotAfter]}); + + this.asn1Array = new Array(); + + this.asn1Array.push(this.asn1Version); + this.asn1Array.push(this.asn1SerialNumber); + this.asn1Array.push(this.asn1SignatureAlg); + this.asn1Array.push(this.asn1Issuer); + this.asn1Array.push(asn1Validity); + this.asn1Array.push(this.asn1Subject); + this.asn1Array.push(this.asn1SubjPKey); + + if (this.extensionsArray.length > 0) { + var extSeq = new KJUR.asn1.DERSequence({"array": this.extensionsArray}); + var extTagObj = new KJUR.asn1.DERTaggedObject({'explicit': true, + 'tag': 'a3', + 'obj': extSeq}); + this.asn1Array.push(extTagObj); + } + + var o = new KJUR.asn1.DERSequence({"array": this.asn1Array}); + this.hTLV = o.getEncodedHex(); + this.isModified = false; + return this.hTLV; }; this._initialize(); @@ -477,24 +505,24 @@ KJUR.asn1.x509.Extension = function(params) { var asn1ExtnValue = null; this.getEncodedHex = function() { - var asn1Oid = new KJUR.asn1.DERObjectIdentifier({'oid': this.oid}); - var asn1EncapExtnValue = - new KJUR.asn1.DEROctetString({'hex': this.getExtnValueHex()}); + var asn1Oid = new KJUR.asn1.DERObjectIdentifier({'oid': this.oid}); + var asn1EncapExtnValue = + new KJUR.asn1.DEROctetString({'hex': this.getExtnValueHex()}); - var asn1Array = new Array(); - asn1Array.push(asn1Oid); - if (this.critical) asn1Array.push(new KJUR.asn1.DERBoolean()); - asn1Array.push(asn1EncapExtnValue); + var asn1Array = new Array(); + asn1Array.push(asn1Oid); + if (this.critical) asn1Array.push(new KJUR.asn1.DERBoolean()); + asn1Array.push(asn1EncapExtnValue); - var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array}); - return asn1Seq.getEncodedHex(); + var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array}); + return asn1Seq.getEncodedHex(); }; this.critical = false; if (typeof params != "undefined") { - if (typeof params['critical'] != "undefined") { - this.critical = params['critical']; - } + if (typeof params['critical'] != "undefined") { + this.critical = params['critical']; + } } }; YAHOO.lang.extend(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object); @@ -512,14 +540,14 @@ KJUR.asn1.x509.KeyUsage = function(params) { KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this, params); this.getExtnValueHex = function() { - return this.asn1ExtnValue.getEncodedHex(); + return this.asn1ExtnValue.getEncodedHex(); }; this.oid = "2.5.29.15"; if (typeof params != "undefined") { - if (typeof params['bin'] != "undefined") { - this.asn1ExtnValue = new KJUR.asn1.DERBitString(params); - } + if (typeof params['bin'] != "undefined") { + this.asn1ExtnValue = new KJUR.asn1.DERBitString(params); + } } }; YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage, KJUR.asn1.x509.Extension); @@ -539,25 +567,25 @@ KJUR.asn1.x509.BasicConstraints = function(params) { var pathLen = -1; this.getExtnValueHex = function() { - var asn1Array = new Array(); - if (this.cA) asn1Array.push(new KJUR.asn1.DERBoolean()); - if (this.pathLen > -1) - asn1Array.push(new KJUR.asn1.DERInteger({'int': this.pathLen})); - var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array}); - this.asn1ExtnValue = asn1Seq; - return this.asn1ExtnValue.getEncodedHex(); + var asn1Array = new Array(); + if (this.cA) asn1Array.push(new KJUR.asn1.DERBoolean()); + if (this.pathLen > -1) + asn1Array.push(new KJUR.asn1.DERInteger({'int': this.pathLen})); + var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array}); + this.asn1ExtnValue = asn1Seq; + return this.asn1ExtnValue.getEncodedHex(); }; this.oid = "2.5.29.19"; this.cA = false; this.pathLen = -1; if (typeof params != "undefined") { - if (typeof params['cA'] != "undefined") { - this.cA = params['cA']; - } - if (typeof params['pathLen'] != "undefined") { - this.pathLen = params['pathLen']; - } + if (typeof params['cA'] != "undefined") { + this.cA = params['cA']; + } + if (typeof params['pathLen'] != "undefined") { + this.pathLen = params['pathLen']; + } } }; YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension); @@ -575,27 +603,27 @@ KJUR.asn1.x509.CRLDistributionPoints = function(params) { KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params); this.getExtnValueHex = function() { - return this.asn1ExtnValue.getEncodedHex(); + return this.asn1ExtnValue.getEncodedHex(); }; this.setByDPArray = function(dpArray) { - this.asn1ExtnValue = new KJUR.asn1.DERSequence({'array': dpArray}); + this.asn1ExtnValue = new KJUR.asn1.DERSequence({'array': dpArray}); }; this.setByOneURI = function(uri) { - var gn1 = new KJUR.asn1.x509.GeneralNames([{'uri': uri}]); - var dpn1 = new KJUR.asn1.x509.DistributionPointName(gn1); - var dp1 = new KJUR.asn1.x509.DistributionPoint({'dpobj': dpn1}); - this.setByDPArray([dp1]); + var gn1 = new KJUR.asn1.x509.GeneralNames([{'uri': uri}]); + var dpn1 = new KJUR.asn1.x509.DistributionPointName(gn1); + var dp1 = new KJUR.asn1.x509.DistributionPoint({'dpobj': dpn1}); + this.setByDPArray([dp1]); }; this.oid = "2.5.29.31"; if (typeof params != "undefined") { - if (typeof params['array'] != "undefined") { - this.setByDPArray(params['array']); - } else if (typeof params['uri'] != "undefined") { - this.setByOneURI(params['uri']); - } + if (typeof params['array'] != "undefined") { + this.setByDPArray(params['array']); + } else if (typeof params['uri'] != "undefined") { + this.setByOneURI(params['uri']); + } } }; YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension); @@ -622,26 +650,134 @@ KJUR.asn1.x509.ExtKeyUsage = function(params) { KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params); this.setPurposeArray = function(purposeArray) { - this.asn1ExtnValue = new KJUR.asn1.DERSequence(); - for (var i = 0; i < purposeArray.length; i++) { - var o = new KJUR.asn1.DERObjectIdentifier(purposeArray[i]); - this.asn1ExtnValue.appendASN1Object(o); - } + this.asn1ExtnValue = new KJUR.asn1.DERSequence(); + for (var i = 0; i < purposeArray.length; i++) { + var o = new KJUR.asn1.DERObjectIdentifier(purposeArray[i]); + this.asn1ExtnValue.appendASN1Object(o); + } }; this.getExtnValueHex = function() { - return this.asn1ExtnValue.getEncodedHex(); + return this.asn1ExtnValue.getEncodedHex(); }; this.oid = "2.5.29.37"; if (typeof params != "undefined") { - if (typeof params['array'] != "undefined") { + if (typeof params['array'] != "undefined") { this.setPurposeArray(params['array']); - } + } } }; YAHOO.lang.extend(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension); +/** + * AuthorityKeyIdentifier ASN.1 structure class + * @name KJUR.asn1.x509.AuthorityKeyIdentifier + * @class AuthorityKeyIdentifier ASN.1 structure class + * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true}) + * @extends KJUR.asn1.x509.Extension + * @since asn1x509 1.0.8 + * @description + * 
    + * d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
+ * AuthorityKeyIdentifier ::= SEQUENCE {
+ *    keyIdentifier             [0] KeyIdentifier           OPTIONAL,
+ *    authorityCertIssuer       [1] GeneralNames            OPTIONAL,
+ *    authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }
+ * KeyIdentifier ::= OCTET STRING
+ *
    + * @example + * var param = {'kid': {'hex': '89ab'}, + * 'issuer': {'str': '/C=US/CN=a'}, + * 'sn': {'hex': '1234'}, + * 'critical': true}); + * var e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier(param); + */ +KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) { + KJUR.asn1.x509.AuthorityKeyIdentifier.superclass.constructor.call(this, params); + this.asn1KID = null; + this.asn1CertIssuer = null; + this.asn1CertSN = null; + + this.getExtnValueHex = function() { + var a = new Array(); + if (this.asn1KID) + a.push(new KJUR.asn1.DERTaggedObject({'explicit': false, + 'tag': '80', + 'obj': this.asn1KID})); + if (this.asn1CertIssuer) + a.push(new KJUR.asn1.DERTaggedObject({'explicit': false, + 'tag': 'a1', + 'obj': this.asn1CertIssuer})); + if (this.asn1CertSN) + a.push(new KJUR.asn1.DERTaggedObject({'explicit': false, + 'tag': '82', + 'obj': this.asn1CertSN})); + + var asn1Seq = new KJUR.asn1.DERSequence({'array': a}); + this.asn1ExtnValue = asn1Seq; + return this.asn1ExtnValue.getEncodedHex(); + }; + + /** + * set keyIdentifier value by DERInteger parameter + * @name setKIDByParam + * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier + * @function + * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter + * @since asn1x509 1.0.8 + * @description + * NOTE: Automatic keyIdentifier value calculation by an issuer + * public key will be supported in future version. + */ + this.setKIDByParam = function(param) { + this.asn1KID = new KJUR.asn1.DEROctetString(param); + }; + + /** + * set authorityCertIssuer value by X500Name parameter + * @name setCertIssuerByParam + * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier + * @function + * @param {Array} param array of {@link KJUR.asn1.x509.X500Name} parameter + * @since asn1x509 1.0.8 + * @description + * NOTE: Automatic authorityCertIssuer name setting by an issuer + * certificate will be supported in future version. + */ + this.setCertIssuerByParam = function(param) { + this.asn1CertIssuer = new KJUR.asn1.x509.X500Name(param); + }; + + /** + * set authorityCertSerialNumber value by DERInteger parameter + * @name setCertSerialNumberByParam + * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier + * @function + * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter + * @since asn1x509 1.0.8 + * @description + * NOTE: Automatic authorityCertSerialNumber setting by an issuer + * certificate will be supported in future version. + */ + this.setCertSNByParam = function(param) { + this.asn1CertSN = new KJUR.asn1.DERInteger(param); + }; + + this.oid = "2.5.29.35"; + if (typeof params != "undefined") { + if (typeof params['kid'] != "undefined") { + this.setKIDByParam(params['kid']); + } + if (typeof params['issuer'] != "undefined") { + this.setCertIssuerByParam(params['issuer']); + } + if (typeof params['sn'] != "undefined") { + this.setCertSNByParam(params['sn']); + } + } +}; +YAHOO.lang.extend(KJUR.asn1.x509.AuthorityKeyIdentifier, KJUR.asn1.x509.Extension); // === END X.509v3 Extensions Related ======================================= @@ -697,10 +833,10 @@ KJUR.asn1.x509.CRL = function(params) { * @example */ this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) { - var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM); - var caKey = new RSAKey(); - caKey.readPrivateKeyFromASN1HexString(caKeyHex); - this.rsaPrvKey = caKey; + var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM); + var caKey = new RSAKey(); + caKey.readPrivateKeyFromASN1HexString(caKeyHex); + this.rsaPrvKey = caKey; }; /** @@ -714,25 +850,25 @@ KJUR.asn1.x509.CRL = function(params) { * cert.sign(); */ this.sign = function() { - this.asn1SignatureAlg = this.asn1TBSCertList.asn1SignatureAlg; + this.asn1SignatureAlg = this.asn1TBSCertList.asn1SignatureAlg; - sig = new KJUR.crypto.Signature({'alg': 'SHA1withRSA', 'prov': 'cryptojs/jsrsa'}); - sig.initSign(this.rsaPrvKey); - sig.updateHex(this.asn1TBSCertList.getEncodedHex()); - this.hexSig = sig.sign(); + sig = new KJUR.crypto.Signature({'alg': 'SHA1withRSA', 'prov': 'cryptojs/jsrsa'}); + sig.initSign(this.rsaPrvKey); + sig.updateHex(this.asn1TBSCertList.getEncodedHex()); + this.hexSig = sig.sign(); - this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig}); - - var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCertList, - this.asn1SignatureAlg, - this.asn1Sig]}); - this.hTLV = seq.getEncodedHex(); - this.isModified = false; + this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig}); + + var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCertList, + this.asn1SignatureAlg, + this.asn1Sig]}); + this.hTLV = seq.getEncodedHex(); + this.isModified = false; }; this.getEncodedHex = function() { - if (this.isModified == false && this.hTLV != null) return this.hTLV; - throw "not signed yet"; + if (this.isModified == false && this.hTLV != null) return this.hTLV; + throw "not signed yet"; }; /** @@ -748,24 +884,24 @@ KJUR.asn1.x509.CRL = function(params) { * var sPEM = cert.getPEMString(); */ this.getPEMString = function() { - var hCert = this.getEncodedHex(); - var wCert = CryptoJS.enc.Hex.parse(hCert); - var b64Cert = CryptoJS.enc.Base64.stringify(wCert); - var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n"); - return "-----BEGIN X509 CRL-----\r\n" + pemBody + "\r\n-----END X509 CRL-----\r\n"; + var hCert = this.getEncodedHex(); + var wCert = CryptoJS.enc.Hex.parse(hCert); + var b64Cert = CryptoJS.enc.Base64.stringify(wCert); + var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n"); + return "-----BEGIN X509 CRL-----\r\n" + pemBody + "\r\n-----END X509 CRL-----\r\n"; }; if (typeof params != "undefined") { - if (typeof params['tbsobj'] != "undefined") { - this.asn1TBSCertList = params['tbsobj']; - } - if (typeof params['rsaprvkey'] != "undefined") { - this.rsaPrvKey = params['rsaprvkey']; - } - if ((typeof params['rsaprvpem'] != "undefined") && - (typeof params['rsaprvpas'] != "undefined")) { - this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']); - } + if (typeof params['tbsobj'] != "undefined") { + this.asn1TBSCertList = params['tbsobj']; + } + if (typeof params['rsaprvkey'] != "undefined") { + this.rsaPrvKey = params['rsaprvkey']; + } + if ((typeof params['rsaprvpem'] != "undefined") && + (typeof params['rsaprvpas'] != "undefined")) { + this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']); + } } }; YAHOO.lang.extend(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object); @@ -819,7 +955,7 @@ KJUR.asn1.x509.TBSCertList = function(params) { * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'}); */ this.setSignatureAlgByParam = function(algIdParam) { - this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam); + this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam); }; /** @@ -834,7 +970,7 @@ KJUR.asn1.x509.TBSCertList = function(params) { * @see KJUR.asn1.x509.X500Name */ this.setIssuerByParam = function(x500NameParam) { - this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam); + this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam); }; /** @@ -849,7 +985,7 @@ KJUR.asn1.x509.TBSCertList = function(params) { * @see KJUR.asn1.x509.Time */ this.setThisUpdateByParam = function(timeParam) { - this.asn1ThisUpdate = new KJUR.asn1.x509.Time(timeParam); + this.asn1ThisUpdate = new KJUR.asn1.x509.Time(timeParam); }; /** @@ -864,7 +1000,7 @@ KJUR.asn1.x509.TBSCertList = function(params) { * @see KJUR.asn1.x509.Time */ this.setNextUpdateByParam = function(timeParam) { - this.asn1NextUpdate = new KJUR.asn1.x509.Time(timeParam); + this.asn1NextUpdate = new KJUR.asn1.x509.Time(timeParam); }; /** @@ -880,40 +1016,40 @@ KJUR.asn1.x509.TBSCertList = function(params) { * @see KJUR.asn1.x509.Time */ this.addRevokedCert = function(snParam, timeParam) { - var param = {}; - if (snParam != undefined && snParam != null) param['sn'] = snParam; - if (timeParam != undefined && timeParam != null) param['time'] = timeParam; - var o = new KJUR.asn1.x509.CRLEntry(param); - this.aRevokedCert.push(o); + var param = {}; + if (snParam != undefined && snParam != null) param['sn'] = snParam; + if (timeParam != undefined && timeParam != null) param['time'] = timeParam; + var o = new KJUR.asn1.x509.CRLEntry(param); + this.aRevokedCert.push(o); }; this.getEncodedHex = function() { - this.asn1Array = new Array(); + this.asn1Array = new Array(); - if (this.asn1Version != null) this.asn1Array.push(this.asn1Version); - this.asn1Array.push(this.asn1SignatureAlg); - this.asn1Array.push(this.asn1Issuer); - this.asn1Array.push(this.asn1ThisUpdate); - if (this.asn1NextUpdate != null) this.asn1Array.push(this.asn1NextUpdate); + if (this.asn1Version != null) this.asn1Array.push(this.asn1Version); + this.asn1Array.push(this.asn1SignatureAlg); + this.asn1Array.push(this.asn1Issuer); + this.asn1Array.push(this.asn1ThisUpdate); + if (this.asn1NextUpdate != null) this.asn1Array.push(this.asn1NextUpdate); - if (this.aRevokedCert.length > 0) { - var seq = new KJUR.asn1.DERSequence({'array': this.aRevokedCert}); - this.asn1Array.push(seq); - } + if (this.aRevokedCert.length > 0) { + var seq = new KJUR.asn1.DERSequence({'array': this.aRevokedCert}); + this.asn1Array.push(seq); + } - var o = new KJUR.asn1.DERSequence({"array": this.asn1Array}); - this.hTLV = o.getEncodedHex(); - this.isModified = false; - return this.hTLV; + var o = new KJUR.asn1.DERSequence({"array": this.asn1Array}); + this.hTLV = o.getEncodedHex(); + this.isModified = false; + return this.hTLV; }; this._initialize = function() { - this.asn1Version = null; - this.asn1SignatureAlg = null; - this.asn1Issuer = null; - this.asn1ThisUpdate = null; - this.asn1NextUpdate = null; - this.aRevokedCert = new Array(); + this.asn1Version = null; + this.asn1SignatureAlg = null; + this.asn1Issuer = null; + this.asn1ThisUpdate = null; + this.asn1NextUpdate = null; + this.aRevokedCert = new Array(); }; this._initialize(); @@ -953,7 +1089,7 @@ KJUR.asn1.x509.CRLEntry = function(params) { * entry.setCertSerial({'int': 3}); */ this.setCertSerial = function(intParam) { - this.sn = new KJUR.asn1.DERInteger(intParam); + this.sn = new KJUR.asn1.DERInteger(intParam); }; /** @@ -967,22 +1103,22 @@ KJUR.asn1.x509.CRLEntry = function(params) { * entry.setRevocationDate({'str': '130508235959Z'}); */ this.setRevocationDate = function(timeParam) { - this.time = new KJUR.asn1.x509.Time(timeParam); + this.time = new KJUR.asn1.x509.Time(timeParam); }; this.getEncodedHex = function() { - var o = new KJUR.asn1.DERSequence({"array": [this.sn, this.time]}); - this.TLV = o.getEncodedHex(); - return this.TLV; + var o = new KJUR.asn1.DERSequence({"array": [this.sn, this.time]}); + this.TLV = o.getEncodedHex(); + return this.TLV; }; if (typeof params != "undefined") { - if (typeof params['time'] != "undefined") { - this.setRevocationDate(params['time']); - } - if (typeof params['sn'] != "undefined") { - this.setCertSerial(params['sn']); - } + if (typeof params['time'] != "undefined") { + this.setRevocationDate(params['time']); + } + if (typeof params['sn'] != "undefined") { + this.setCertSerial(params['sn']); + } } }; YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object); @@ -1004,23 +1140,23 @@ KJUR.asn1.x509.X500Name = function(params) { this.asn1Array = new Array(); this.setByString = function(dnStr) { - var a = dnStr.split('/'); - a.shift(); - for (var i = 0; i < a.length; i++) { - this.asn1Array.push(new KJUR.asn1.x509.RDN({'str':a[i]})); - } + var a = dnStr.split('/'); + a.shift(); + for (var i = 0; i < a.length; i++) { + this.asn1Array.push(new KJUR.asn1.x509.RDN({'str':a[i]})); + } }; this.getEncodedHex = function() { - var o = new KJUR.asn1.DERSequence({"array": this.asn1Array}); - this.TLV = o.getEncodedHex(); - return this.TLV; + var o = new KJUR.asn1.DERSequence({"array": this.asn1Array}); + this.TLV = o.getEncodedHex(); + return this.TLV; }; if (typeof params != "undefined") { - if (typeof params['str'] != "undefined") { - this.setByString(params['str']); - } + if (typeof params['str'] != "undefined") { + this.setByString(params['str']); + } } }; @@ -1040,19 +1176,19 @@ KJUR.asn1.x509.RDN = function(params) { this.asn1Array = new Array(); this.addByString = function(rdnStr) { - this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str':rdnStr})); + this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str':rdnStr})); }; this.getEncodedHex = function() { - var o = new KJUR.asn1.DERSet({"array": this.asn1Array}); - this.TLV = o.getEncodedHex(); - return this.TLV; + var o = new KJUR.asn1.DERSet({"array": this.asn1Array}); + this.TLV = o.getEncodedHex(); + return this.TLV; }; if (typeof params != "undefined") { - if (typeof params['str'] != "undefined") { - this.addByString(params['str']); - } + if (typeof params['str'] != "undefined") { + this.addByString(params['str']); + } } }; YAHOO.lang.extend(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object); @@ -1073,38 +1209,38 @@ KJUR.asn1.x509.AttributeTypeAndValue = function(params) { var defaultDSType = "utf8"; this.setByString = function(attrTypeAndValueStr) { - if (attrTypeAndValueStr.match(/^([^=]+)=(.+)$/)) { - this.setByAttrTypeAndValueStr(RegExp.$1, RegExp.$2); - } else { - throw "malformed attrTypeAndValueStr: " + attrTypeAndValueStr; - } + if (attrTypeAndValueStr.match(/^([^=]+)=(.+)$/)) { + this.setByAttrTypeAndValueStr(RegExp.$1, RegExp.$2); + } else { + throw "malformed attrTypeAndValueStr: " + attrTypeAndValueStr; + } }; this.setByAttrTypeAndValueStr = function(shortAttrType, valueStr) { - this.typeObj = KJUR.asn1.x509.OID.atype2obj(shortAttrType); - var dsType = defaultDSType; - if (shortAttrType == "C") dsType = "prn"; - this.valueObj = this.getValueObj(dsType, valueStr); + this.typeObj = KJUR.asn1.x509.OID.atype2obj(shortAttrType); + var dsType = defaultDSType; + if (shortAttrType == "C") dsType = "prn"; + this.valueObj = this.getValueObj(dsType, valueStr); }; this.getValueObj = function(dsType, valueStr) { - if (dsType == "utf8") return new KJUR.asn1.DERUTF8String({"str": valueStr}); - if (dsType == "prn") return new KJUR.asn1.DERPrintableString({"str": valueStr}); - if (dsType == "tel") return new KJUR.asn1.DERTeletexString({"str": valueStr}); - if (dsType == "ia5") return new KJUR.asn1.DERIA5String({"str": valueStr}); - throw "unsupported directory string type: type=" + dsType + " value=" + valueStr; + if (dsType == "utf8") return new KJUR.asn1.DERUTF8String({"str": valueStr}); + if (dsType == "prn") return new KJUR.asn1.DERPrintableString({"str": valueStr}); + if (dsType == "tel") return new KJUR.asn1.DERTeletexString({"str": valueStr}); + if (dsType == "ia5") return new KJUR.asn1.DERIA5String({"str": valueStr}); + throw "unsupported directory string type: type=" + dsType + " value=" + valueStr; }; this.getEncodedHex = function() { - var o = new KJUR.asn1.DERSequence({"array": [this.typeObj, this.valueObj]}); - this.TLV = o.getEncodedHex(); - return this.TLV; + var o = new KJUR.asn1.DERSequence({"array": [this.typeObj, this.valueObj]}); + this.TLV = o.getEncodedHex(); + return this.TLV; }; if (typeof params != "undefined") { - if (typeof params['str'] != "undefined") { - this.setByString(params['str']); - } + if (typeof params['str'] != "undefined") { + this.setByString(params['str']); + } } }; YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object); @@ -1156,15 +1292,15 @@ KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) { * spki.setRSAKey(rsaKey); */ this.setRSAKey = function(rsaKey) { - if (! RSAKey.prototype.isPrototypeOf(rsaKey)) - throw "argument is not RSAKey instance"; + if (! RSAKey.prototype.isPrototypeOf(rsaKey)) + throw "argument is not RSAKey instance"; this.rsaKey = rsaKey; - var asn1RsaN = new KJUR.asn1.DERInteger({'bigint': rsaKey.n}); - var asn1RsaE = new KJUR.asn1.DERInteger({'int': rsaKey.e}); - var asn1RsaPub = new KJUR.asn1.DERSequence({'array': [asn1RsaN, asn1RsaE]}); - var rsaKeyHex = asn1RsaPub.getEncodedHex(); - this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'}); - this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex}); + var asn1RsaN = new KJUR.asn1.DERInteger({'bigint': rsaKey.n}); + var asn1RsaE = new KJUR.asn1.DERInteger({'int': rsaKey.e}); + var asn1RsaPub = new KJUR.asn1.DERSequence({'array': [asn1RsaN, asn1RsaE]}); + var rsaKeyHex = asn1RsaPub.getEncodedHex(); + this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'}); + this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex}); }; /** @@ -1179,86 +1315,86 @@ KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) { * spki.setRSAPEM(rsaPubPEM); */ this.setRSAPEM = function(rsaPubPEM) { - if (rsaPubPEM.match(/-----BEGIN PUBLIC KEY-----/)) { - var s = rsaPubPEM; - s = s.replace(/^-----[^-]+-----/, ''); - s = s.replace(/-----[^-]+-----\s*$/, ''); - var rsaB64 = s.replace(/\s+/g, ''); - var rsaWA = CryptoJS.enc.Base64.parse(rsaB64); - var rsaP8Hex = CryptoJS.enc.Hex.stringify(rsaWA); - var a = _rsapem_getHexValueArrayOfChildrenFromHex(rsaP8Hex); - var hBitStrVal = a[1]; - var rsaHex = hBitStrVal.substr(2); - var a3 = _rsapem_getHexValueArrayOfChildrenFromHex(rsaHex); - var rsaKey = new RSAKey(); - rsaKey.setPublic(a3[0], a3[1]); - this.setRSAKey(rsaKey); - } else { - throw "key not supported"; - } + if (rsaPubPEM.match(/-----BEGIN PUBLIC KEY-----/)) { + var s = rsaPubPEM; + s = s.replace(/^-----[^-]+-----/, ''); + s = s.replace(/-----[^-]+-----\s*$/, ''); + var rsaB64 = s.replace(/\s+/g, ''); + var rsaWA = CryptoJS.enc.Base64.parse(rsaB64); + var rsaP8Hex = CryptoJS.enc.Hex.stringify(rsaWA); + var a = _rsapem_getHexValueArrayOfChildrenFromHex(rsaP8Hex); + var hBitStrVal = a[1]; + var rsaHex = hBitStrVal.substr(2); + var a3 = _rsapem_getHexValueArrayOfChildrenFromHex(rsaHex); + var rsaKey = new RSAKey(); + rsaKey.setPublic(a3[0], a3[1]); + this.setRSAKey(rsaKey); + } else { + throw "key not supported"; + } }; /* * @since asn1x509 1.0.7 */ this.getASN1Object = function() { - if (this.asn1AlgId == null || this.asn1SubjPKey == null) - throw "algId and/or subjPubKey not set"; - var o = new KJUR.asn1.DERSequence({'array': - [this.asn1AlgId, this.asn1SubjPKey]}); - return o; + if (this.asn1AlgId == null || this.asn1SubjPKey == null) + throw "algId and/or subjPubKey not set"; + var o = new KJUR.asn1.DERSequence({'array': + [this.asn1AlgId, this.asn1SubjPKey]}); + return o; }; this.getEncodedHex = function() { - var o = this.getASN1Object(); - this.hTLV = o.getEncodedHex(); - return this.hTLV; + var o = this.getASN1Object(); + this.hTLV = o.getEncodedHex(); + return this.hTLV; }; this._setRSAKey = function(key) { - var asn1RsaPub = KJUR.asn1.ASN1Util.newObject({ - 'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}] - }); - var rsaKeyHex = asn1RsaPub.getEncodedHex(); - this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'}); - this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex}); + var asn1RsaPub = KJUR.asn1.ASN1Util.newObject({ + 'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}] + }); + var rsaKeyHex = asn1RsaPub.getEncodedHex(); + this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'}); + this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex}); }; this._setEC = function(key) { - var asn1Params = new KJUR.asn1.DERObjectIdentifier({'name': key.curveName}); - this.asn1AlgId = - new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'ecPublicKey', - 'asn1params': asn1Params}); - this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + key.pubKeyHex}); + var asn1Params = new KJUR.asn1.DERObjectIdentifier({'name': key.curveName}); + this.asn1AlgId = + new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'ecPublicKey', + 'asn1params': asn1Params}); + this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + key.pubKeyHex}); }; this._setDSA = function(key) { - var asn1Params = new KJUR.asn1.ASN1Util.newObject({ - 'seq': [{'int': {'bigint': key.p}}, - {'int': {'bigint': key.q}}, - {'int': {'bigint': key.g}}] - }); - this.asn1AlgId = - new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'dsa', - 'asn1params': asn1Params}); - var pubInt = new KJUR.asn1.DERInteger({'bigint': key.y}); - this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + pubInt.getEncodedHex()}); + var asn1Params = new KJUR.asn1.ASN1Util.newObject({ + 'seq': [{'int': {'bigint': key.p}}, + {'int': {'bigint': key.q}}, + {'int': {'bigint': key.g}}] + }); + this.asn1AlgId = + new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'dsa', + 'asn1params': asn1Params}); + var pubInt = new KJUR.asn1.DERInteger({'bigint': key.y}); + this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + pubInt.getEncodedHex()}); }; if (typeof params != "undefined") { - if (typeof RSAKey != 'undefined' && params instanceof RSAKey) { - this._setRSAKey(params); - } else if (typeof KJUR.crypto.ECDSA != 'undefined' && - params instanceof KJUR.crypto.ECDSA) { - this._setEC(params); - } else if (typeof KJUR.crypto.DSA != 'undefined' && - params instanceof KJUR.crypto.DSA) { - this._setDSA(params); - } else if (typeof params['rsakey'] != "undefined") { - this.setRSAKey(params['rsakey']); - } else if (typeof params['rsapem'] != "undefined") { - this.setRSAPEM(params['rsapem']); - } + if (typeof RSAKey != 'undefined' && params instanceof RSAKey) { + this._setRSAKey(params); + } else if (typeof KJUR.crypto.ECDSA != 'undefined' && + params instanceof KJUR.crypto.ECDSA) { + this._setEC(params); + } else if (typeof KJUR.crypto.DSA != 'undefined' && + params instanceof KJUR.crypto.DSA) { + this._setDSA(params); + } else if (typeof params['rsakey'] != "undefined") { + this.setRSAKey(params['rsakey']); + } else if (typeof params['rsapem'] != "undefined") { + this.setRSAPEM(params['rsapem']); + } } }; YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object); @@ -1282,29 +1418,29 @@ KJUR.asn1.x509.Time = function(params) { var timeParams = null; this.setTimeParams = function(timeParams) { - this.timeParams = timeParams; + this.timeParams = timeParams; } this.getEncodedHex = function() { - if (this.timeParams == null) { - throw "timeParams shall be specified. ({'str':'130403235959Z'}}"; - } - var o = null; - if (this.type == "utc") { - o = new KJUR.asn1.DERUTCTime(this.timeParams); - } else { - o = new KJUR.asn1.DERGeneralizedTime(this.timeParams); - } - this.TLV = o.getEncodedHex(); - return this.TLV; + if (this.timeParams == null) { + throw "timeParams shall be specified. ({'str':'130403235959Z'}}"; + } + var o = null; + if (this.type == "utc") { + o = new KJUR.asn1.DERUTCTime(this.timeParams); + } else { + o = new KJUR.asn1.DERGeneralizedTime(this.timeParams); + } + this.TLV = o.getEncodedHex(); + return this.TLV; }; - + this.type = "utc"; if (typeof params != "undefined") { - if (typeof params['type'] != "undefined") { - this.type = params['type']; - } - this.timeParams = params; + if (typeof params['type'] != "undefined") { + this.type = params['type']; + } + this.timeParams = params; } }; YAHOO.lang.extend(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object); @@ -1326,32 +1462,32 @@ KJUR.asn1.x509.AlgorithmIdentifier = function(params) { var paramEmpty = false; this.getEncodedHex = function() { - if (this.nameAlg == null && this.asn1Alg == null) { - throw "algorithm not specified"; - } - if (this.nameAlg != null && this.asn1Alg == null) { - this.asn1Alg = KJUR.asn1.x509.OID.name2obj(this.nameAlg); - } - var a = [this.asn1Alg]; - if (! this.paramEmpty) a.push(this.asn1Params); - var o = new KJUR.asn1.DERSequence({'array': a}); - this.hTLV = o.getEncodedHex(); - return this.hTLV; + if (this.nameAlg == null && this.asn1Alg == null) { + throw "algorithm not specified"; + } + if (this.nameAlg != null && this.asn1Alg == null) { + this.asn1Alg = KJUR.asn1.x509.OID.name2obj(this.nameAlg); + } + var a = [this.asn1Alg]; + if (! this.paramEmpty) a.push(this.asn1Params); + var o = new KJUR.asn1.DERSequence({'array': a}); + this.hTLV = o.getEncodedHex(); + return this.hTLV; }; if (typeof params != "undefined") { - if (typeof params['name'] != "undefined") { - this.nameAlg = params['name']; - } - if (typeof params['asn1params'] != "undefined") { - this.asn1Params = params['asn1params']; - } - if (typeof params['paramempty'] != "undefined") { - this.paramEmpty = params['paramempty']; - } + if (typeof params['name'] != "undefined") { + this.nameAlg = params['name']; + } + if (typeof params['asn1params'] != "undefined") { + this.asn1Params = params['asn1params']; + } + if (typeof params['paramempty'] != "undefined") { + this.paramEmpty = params['paramempty']; + } } if (this.asn1Params == null) { - this.asn1Params = new KJUR.asn1.DERNull(); + this.asn1Params = new KJUR.asn1.DERNull(); } }; YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object); @@ -1392,35 +1528,35 @@ KJUR.asn1.x509.GeneralName = function(params) { var pTag = {'rfc822': '81', 'dns': '82', 'uri': '86'}; this.setByParam = function(params) { - var str = null; - var v = null; - - if (typeof params['rfc822'] != "undefined") { - this.type = 'rfc822'; - v = new KJUR.asn1.DERIA5String({'str': params[this.type]}); - } - if (typeof params['dns'] != "undefined") { - this.type = 'dns'; - v = new KJUR.asn1.DERIA5String({'str': params[this.type]}); - } - if (typeof params['uri'] != "undefined") { - this.type = 'uri'; - v = new KJUR.asn1.DERIA5String({'str': params[this.type]}); - } - - if (this.type == null) - throw "unsupported type in params=" + params; + var str = null; + var v = null; + + if (typeof params['rfc822'] != "undefined") { + this.type = 'rfc822'; + v = new KJUR.asn1.DERIA5String({'str': params[this.type]}); + } + if (typeof params['dns'] != "undefined") { + this.type = 'dns'; + v = new KJUR.asn1.DERIA5String({'str': params[this.type]}); + } + if (typeof params['uri'] != "undefined") { + this.type = 'uri'; + v = new KJUR.asn1.DERIA5String({'str': params[this.type]}); + } + + if (this.type == null) + throw "unsupported type in params=" + params; this.asn1Obj = new KJUR.asn1.DERTaggedObject({'explicit': false, - 'tag': pTag[this.type], - 'obj': v}); + 'tag': pTag[this.type], + 'obj': v}); }; this.getEncodedHex = function() { - return this.asn1Obj.getEncodedHex(); + return this.asn1Obj.getEncodedHex(); } if (typeof params != "undefined") { - this.setByParam(params); + this.setByParam(params); } }; @@ -1456,20 +1592,20 @@ KJUR.asn1.x509.GeneralNames = function(paramsArray) { * gns.setByParamArray([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]); */ this.setByParamArray = function(paramsArray) { - for (var i = 0; i < paramsArray.length; i++) { - var o = new KJUR.asn1.x509.GeneralName(paramsArray[i]); - this.asn1Array.push(o); - } + for (var i = 0; i < paramsArray.length; i++) { + var o = new KJUR.asn1.x509.GeneralName(paramsArray[i]); + this.asn1Array.push(o); + } }; this.getEncodedHex = function() { - var o = new KJUR.asn1.DERSequence({'array': this.asn1Array}); - return o.getEncodedHex(); + var o = new KJUR.asn1.DERSequence({'array': this.asn1Array}); + return o.getEncodedHex(); }; this.asn1Array = new Array(); if (typeof paramsArray != "undefined") { - this.setByParamArray(paramsArray); + this.setByParamArray(paramsArray); } }; YAHOO.lang.extend(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object); @@ -1489,23 +1625,23 @@ KJUR.asn1.x509.DistributionPointName = function(gnOrRdn) { var asn1V = null; this.getEncodedHex = function() { - if (this.type != "full") - throw "currently type shall be 'full': " + this.type; - this.asn1Obj = new KJUR.asn1.DERTaggedObject({'explicit': false, - 'tag': this.tag, - 'obj': this.asn1V}); - this.hTLV = this.asn1Obj.getEncodedHex(); - return this.hTLV; + if (this.type != "full") + throw "currently type shall be 'full': " + this.type; + this.asn1Obj = new KJUR.asn1.DERTaggedObject({'explicit': false, + 'tag': this.tag, + 'obj': this.asn1V}); + this.hTLV = this.asn1Obj.getEncodedHex(); + return this.hTLV; }; if (typeof gnOrRdn != "undefined") { - if (KJUR.asn1.x509.GeneralNames.prototype.isPrototypeOf(gnOrRdn)) { - this.type = "full"; - this.tag = "a0"; - this.asn1V = gnOrRdn; - } else { - throw "This class supports GeneralNames only as argument"; - } + if (KJUR.asn1.x509.GeneralNames.prototype.isPrototypeOf(gnOrRdn)) { + this.type = "full"; + this.tag = "a0"; + this.asn1V = gnOrRdn; + } else { + throw "This class supports GeneralNames only as argument"; + } } }; YAHOO.lang.extend(KJUR.asn1.x509.DistributionPointName, KJUR.asn1.ASN1Object); @@ -1522,21 +1658,21 @@ KJUR.asn1.x509.DistributionPoint = function(params) { var asn1DP = null; this.getEncodedHex = function() { - var seq = new KJUR.asn1.DERSequence(); - if (this.asn1DP != null) { - var o1 = new KJUR.asn1.DERTaggedObject({'explicit': true, - 'tag': 'a0', - 'obj': this.asn1DP}); - seq.appendASN1Object(o1); - } - this.hTLV = seq.getEncodedHex(); - return this.hTLV; + var seq = new KJUR.asn1.DERSequence(); + if (this.asn1DP != null) { + var o1 = new KJUR.asn1.DERTaggedObject({'explicit': true, + 'tag': 'a0', + 'obj': this.asn1DP}); + seq.appendASN1Object(o1); + } + this.hTLV = seq.getEncodedHex(); + return this.hTLV; }; if (typeof params != "undefined") { - if (typeof params['dpobj'] != "undefined") { - this.asn1DP = params['dpobj']; - } + if (typeof params['dpobj'] != "undefined") { + this.asn1DP = params['dpobj']; + } } }; YAHOO.lang.extend(KJUR.asn1.x509.DistributionPoint, KJUR.asn1.ASN1Object); @@ -1559,71 +1695,71 @@ YAHOO.lang.extend(KJUR.asn1.x509.DistributionPoint, KJUR.asn1.ASN1Object); */ KJUR.asn1.x509.OID = new function(params) { this.atype2oidList = { - 'C': '2.5.4.6', - 'O': '2.5.4.10', - 'OU': '2.5.4.11', - 'ST': '2.5.4.8', - 'L': '2.5.4.7', - 'CN': '2.5.4.3', + 'C': '2.5.4.6', + 'O': '2.5.4.10', + 'OU': '2.5.4.11', + 'ST': '2.5.4.8', + 'L': '2.5.4.7', + 'CN': '2.5.4.3', }; this.name2oidList = { - 'sha384': '2.16.840.1.101.3.4.2.2', - 'sha224': '2.16.840.1.101.3.4.2.4', - - 'MD2withRSA': '1.2.840.113549.1.1.2', - 'MD4withRSA': '1.2.840.113549.1.1.3', - 'MD5withRSA': '1.2.840.113549.1.1.4', - 'SHA1withRSA': '1.2.840.113549.1.1.5', - 'SHA224withRSA': '1.2.840.113549.1.1.14', - 'SHA256withRSA': '1.2.840.113549.1.1.11', - 'SHA384withRSA': '1.2.840.113549.1.1.12', - 'SHA512withRSA': '1.2.840.113549.1.1.13', - - 'SHA1withECDSA': '1.2.840.10045.4.1', - 'SHA224withECDSA': '1.2.840.10045.4.3.1', - 'SHA256withECDSA': '1.2.840.10045.4.3.2', - 'SHA384withECDSA': '1.2.840.10045.4.3.3', - 'SHA512withECDSA': '1.2.840.10045.4.3.4', - - 'dsa': '1.2.840.10040.4.1', - 'SHA1withDSA': '1.2.840.10040.4.3', - 'SHA224withDSA': '2.16.840.1.101.3.4.3.1', - 'SHA256withDSA': '2.16.840.1.101.3.4.3.2', - - 'rsaEncryption': '1.2.840.113549.1.1.1', - 'subjectKeyIdentifier': '2.5.29.14', - - 'countryName': '2.5.4.6', - 'organization': '2.5.4.10', - 'organizationalUnit': '2.5.4.11', - 'stateOrProvinceName': '2.5.4.8', - 'locality': '2.5.4.7', - 'commonName': '2.5.4.3', - - 'keyUsage': '2.5.29.15', - 'basicConstraints': '2.5.29.19', - 'cRLDistributionPoints': '2.5.29.31', - 'certificatePolicies': '2.5.29.32', - 'authorityKeyIdentifier': '2.5.29.35', - 'extKeyUsage': '2.5.29.37', - - 'anyExtendedKeyUsage': '2.5.29.37.0', - 'serverAuth': '1.3.6.1.5.5.7.3.1', - 'clientAuth': '1.3.6.1.5.5.7.3.2', - 'codeSigning': '1.3.6.1.5.5.7.3.3', - 'emailProtection': '1.3.6.1.5.5.7.3.4', - 'timeStamping': '1.3.6.1.5.5.7.3.8', - 'ocspSigning': '1.3.6.1.5.5.7.3.9', - - 'ecPublicKey': '1.2.840.10045.2.1', - 'secp256r1': '1.2.840.10045.3.1.7', - 'secp256k1': '1.3.132.0.10', - 'secp384r1': '1.3.132.0.34', - - 'pkcs5PBES2': '1.2.840.113549.1.5.13', - 'pkcs5PBKDF2': '1.2.840.113549.1.5.12', - - 'des-EDE3-CBC': '1.2.840.113549.3.7', + 'sha384': '2.16.840.1.101.3.4.2.2', + 'sha224': '2.16.840.1.101.3.4.2.4', + + 'MD2withRSA': '1.2.840.113549.1.1.2', + 'MD4withRSA': '1.2.840.113549.1.1.3', + 'MD5withRSA': '1.2.840.113549.1.1.4', + 'SHA1withRSA': '1.2.840.113549.1.1.5', + 'SHA224withRSA': '1.2.840.113549.1.1.14', + 'SHA256withRSA': '1.2.840.113549.1.1.11', + 'SHA384withRSA': '1.2.840.113549.1.1.12', + 'SHA512withRSA': '1.2.840.113549.1.1.13', + + 'SHA1withECDSA': '1.2.840.10045.4.1', + 'SHA224withECDSA': '1.2.840.10045.4.3.1', + 'SHA256withECDSA': '1.2.840.10045.4.3.2', + 'SHA384withECDSA': '1.2.840.10045.4.3.3', + 'SHA512withECDSA': '1.2.840.10045.4.3.4', + + 'dsa': '1.2.840.10040.4.1', + 'SHA1withDSA': '1.2.840.10040.4.3', + 'SHA224withDSA': '2.16.840.1.101.3.4.3.1', + 'SHA256withDSA': '2.16.840.1.101.3.4.3.2', + + 'rsaEncryption': '1.2.840.113549.1.1.1', + 'subjectKeyIdentifier': '2.5.29.14', + + 'countryName': '2.5.4.6', + 'organization': '2.5.4.10', + 'organizationalUnit': '2.5.4.11', + 'stateOrProvinceName': '2.5.4.8', + 'locality': '2.5.4.7', + 'commonName': '2.5.4.3', + + 'keyUsage': '2.5.29.15', + 'basicConstraints': '2.5.29.19', + 'cRLDistributionPoints': '2.5.29.31', + 'certificatePolicies': '2.5.29.32', + 'authorityKeyIdentifier': '2.5.29.35', + 'extKeyUsage': '2.5.29.37', + + 'anyExtendedKeyUsage': '2.5.29.37.0', + 'serverAuth': '1.3.6.1.5.5.7.3.1', + 'clientAuth': '1.3.6.1.5.5.7.3.2', + 'codeSigning': '1.3.6.1.5.5.7.3.3', + 'emailProtection': '1.3.6.1.5.5.7.3.4', + 'timeStamping': '1.3.6.1.5.5.7.3.8', + 'ocspSigning': '1.3.6.1.5.5.7.3.9', + + 'ecPublicKey': '1.2.840.10045.2.1', + 'secp256r1': '1.2.840.10045.3.1.7', + 'secp256k1': '1.3.132.0.10', + 'secp384r1': '1.3.132.0.34', + + 'pkcs5PBES2': '1.2.840.113549.1.5.13', + 'pkcs5PBKDF2': '1.2.840.113549.1.5.12', + + 'des-EDE3-CBC': '1.2.840.113549.3.7', }; this.objCache = {}; @@ -1639,14 +1775,14 @@ KJUR.asn1.x509.OID = new function(params) { * var asn1ObjOID = OID.name2obj('SHA1withRSA'); */ this.name2obj = function(name) { - if (typeof this.objCache[name] != "undefined") - return this.objCache[name]; - if (typeof this.name2oidList[name] == "undefined") - throw "Name of ObjectIdentifier not defined: " + name; - var oid = this.name2oidList[name]; - var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid}); - this.objCache[name] = obj; - return obj; + if (typeof this.objCache[name] != "undefined") + return this.objCache[name]; + if (typeof this.name2oidList[name] == "undefined") + throw "Name of ObjectIdentifier not defined: " + name; + var oid = this.name2oidList[name]; + var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid}); + this.objCache[name] = obj; + return obj; }; /** @@ -1660,14 +1796,14 @@ KJUR.asn1.x509.OID = new function(params) { * var asn1ObjOID = OID.atype2obj('CN'); */ this.atype2obj = function(atype) { - if (typeof this.objCache[atype] != "undefined") - return this.objCache[atype]; - if (typeof this.atype2oidList[atype] == "undefined") - throw "AttributeType name undefined: " + atype; - var oid = this.atype2oidList[atype]; - var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid}); - this.objCache[atype] = obj; - return obj; + if (typeof this.objCache[atype] != "undefined") + return this.objCache[atype]; + if (typeof this.atype2oidList[atype] == "undefined") + throw "AttributeType name undefined: " + atype; + var oid = this.atype2oidList[atype]; + var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid}); + this.objCache[atype] = obj; + return obj; }; }; @@ -1687,21 +1823,21 @@ KJUR.asn1.x509.X509Util = new function() { * @example * var pem = KJUR.asn1.x509.X509Util.getPKCS8PubKeyPEMfromRSAKey(pubKey); */ - this.getPKCS8PubKeyPEMfromRSAKey = function(rsaKey) { - var pem = null; - var hN = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(rsaKey.n); - var hE = KJUR.asn1.ASN1Util.integerToByteHex(rsaKey.e); - var iN = new KJUR.asn1.DERInteger({hex: hN}); - var iE = new KJUR.asn1.DERInteger({hex: hE}); - var asn1PubKey = new KJUR.asn1.DERSequence({array: [iN, iE]}); - var hPubKey = asn1PubKey.getEncodedHex(); - var o1 = new KJUR.asn1.x509.AlgorithmIdentifier({name: 'rsaEncryption'}); - var o2 = new KJUR.asn1.DERBitString({hex: '00' + hPubKey}); - var seq = new KJUR.asn1.DERSequence({array: [o1, o2]}); - var hP8 = seq.getEncodedHex(); - var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(hP8, "PUBLIC KEY"); - return pem; - }; + this.getPKCS8PubKeyPEMfromRSAKey = function(rsaKey) { + var pem = null; + var hN = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(rsaKey.n); + var hE = KJUR.asn1.ASN1Util.integerToByteHex(rsaKey.e); + var iN = new KJUR.asn1.DERInteger({hex: hN}); + var iE = new KJUR.asn1.DERInteger({hex: hE}); + var asn1PubKey = new KJUR.asn1.DERSequence({array: [iN, iE]}); + var hPubKey = asn1PubKey.getEncodedHex(); + var o1 = new KJUR.asn1.x509.AlgorithmIdentifier({name: 'rsaEncryption'}); + var o2 = new KJUR.asn1.DERBitString({hex: '00' + hPubKey}); + var seq = new KJUR.asn1.DERSequence({array: [o1, o2]}); + var hP8 = seq.getEncodedHex(); + var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(hP8, "PUBLIC KEY"); + return pem; + }; }; /** * issue a certificate in PEM format @@ -1713,10 +1849,15 @@ KJUR.asn1.x509.X509Util = new function() { * @description * This method can issue a certificate by a simple * JSON object. + * Signature value will be provided by signing with + * private key using 'cakey' parameter or + * hexa decimal signature value by 'sighex' parameter. + * * NOTE: When using DSA or ECDSA CA signing key, * use 'paramempty' in 'sigalg' to ommit parameter field * of AlgorithmIdentifer. In case of RSA, parameter * NULL will be specified by default. + * * @example * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM( * { serial: {int: 4}, @@ -1732,73 +1873,94 @@ KJUR.asn1.x509.X509Util = new function() { * ], * cakey: [prvkey, pass]} * ); + * // -- or -- + * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM( + * { serial: {int: 1}, + * sigalg: {name: 'SHA1withRSA', paramempty: true}, + * issuer: {str: '/C=US/O=T1'}, + * notbefore: {'str': '130504235959Z'}, + * notafter: {'str': '140504235959Z'}, + * subject: {str: '/C=US/O=T1'}, + * sbjpubkey: pubKeyObj, + * sighex: '0102030405..'} + * ); */ KJUR.asn1.x509.X509Util.newCertPEM = function(param) { var ns1 = KJUR.asn1.x509; var o = new ns1.TBSCertificate(); if (param.serial !== undefined) - o.setSerialNumberByParam(param.serial); + o.setSerialNumberByParam(param.serial); else - throw "serial number undefined."; + throw "serial number undefined."; if (typeof param.sigalg.name == 'string') - o.setSignatureAlgByParam(param.sigalg); + o.setSignatureAlgByParam(param.sigalg); else - throw "unproper signature algorithm name"; + throw "unproper signature algorithm name"; if (param.issuer !== undefined) - o.setIssuerByParam(param.issuer); + o.setIssuerByParam(param.issuer); else - throw "issuer name undefined."; + throw "issuer name undefined."; if (param.notbefore !== undefined) - o.setNotBeforeByParam(param.notbefore); + o.setNotBeforeByParam(param.notbefore); else - throw "notbefore undefined."; + throw "notbefore undefined."; if (param.notafter !== undefined) - o.setNotAfterByParam(param.notafter); + o.setNotAfterByParam(param.notafter); else - throw "notafter undefined."; + throw "notafter undefined."; if (param.subject !== undefined) - o.setSubjectByParam(param.subject); + o.setSubjectByParam(param.subject); else - throw "subject name undefined."; + throw "subject name undefined."; if (param.sbjpubkey !== undefined) - o.setSubjectPublicKeyByGetKey(param.sbjpubkey); + o.setSubjectPublicKeyByGetKey(param.sbjpubkey); else - throw "subject public key undefined."; - - if (param.ext.length !== undefined) { - for (var i = 0; i < param.ext.length; i++) { - for (key in param.ext[i]) { - o.appendExtensionByName(key, param.ext[i][key]); - } - } + throw "subject public key undefined."; + + if (param.ext !== undefined && param.ext.length !== undefined) { + for (var i = 0; i < param.ext.length; i++) { + for (key in param.ext[i]) { + o.appendExtensionByName(key, param.ext[i][key]); + } + } } + // set signature + if (param.cakey === undefined && param.sighex === undefined) + throw "param cakey and sighex undefined."; + var caKey = null; - if (param.cakey) - caKey = KEYUTIL.getKey.apply(null, param.cakey); - else - throw "ca key undefined"; + var cert = null; + + if (param.cakey) { + caKey = KEYUTIL.getKey.apply(null, param.cakey); + cert = new ns1.Certificate({'tbscertobj': o, 'prvkeyobj': caKey}); + cert.sign(); + } + + if (param.sighex) { + cert = new ns1.Certificate({'tbscertobj': o}); + cert.setSignatureHex(param.sighex); + } - var cert = new ns1.Certificate({'tbscertobj': o, 'prvkeyobj': caKey}); - cert.sign(); return cert.getPEMString(); }; /* -org.bouncycastle.asn1.x500 -AttributeTypeAndValue -DirectoryString -RDN -X500Name -X500NameBuilder - -org.bouncycastleasn1.x509 -TBSCertificate - */ + org.bouncycastle.asn1.x500 + AttributeTypeAndValue + DirectoryString + RDN + X500Name + X500NameBuilder + + org.bouncycastleasn1.x509 + TBSCertificate +*/ diff --git a/asn1x509-1.0.min.js b/asn1x509-1.0.min.js old mode 100755 new mode 100644 index 21c7f028..b407befe --- a/asn1x509-1.0.min.js +++ b/asn1x509-1.0.min.js @@ -1,3 +1,3 @@ -/*! asn1x509-1.0.7.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! asn1x509-1.0.8.js (c) 2013-2014 Kenji Urushima | kjur.github.com/jsrsasign/license */ -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}if(typeof KJUR.asn1.x509=="undefined"||!KJUR.asn1.x509){KJUR.asn1.x509={}}KJUR.asn1.x509.Certificate=function(g){KJUR.asn1.x509.Certificate.superclass.constructor.call(this);var b=null;var d=null;var f=null;var c=null;var a=null;var e=null;this.setRsaPrvKeyByPEMandPass=function(i,k){var h=PKCS5PKEY.getDecryptedKeyHex(i,k);var j=new RSAKey();j.readPrivateKeyFromASN1HexString(h);this.prvKey=j};this.sign=function(){this.asn1SignatureAlg=this.asn1TBSCert.asn1SignatureAlg;sig=new KJUR.crypto.Signature({alg:"SHA1withRSA"});sig.init(this.prvKey);sig.updateHex(this.asn1TBSCert.getEncodedHex());this.hexSig=sig.sign();this.asn1Sig=new KJUR.asn1.DERBitString({hex:"00"+this.hexSig});var h=new KJUR.asn1.DERSequence({array:[this.asn1TBSCert,this.asn1SignatureAlg,this.asn1Sig]});this.hTLV=h.getEncodedHex();this.isModified=false};this.getEncodedHex=function(){if(this.isModified==false&&this.hTLV!=null){return this.hTLV}throw"not signed yet"};this.getPEMString=function(){var j=this.getEncodedHex();var h=CryptoJS.enc.Hex.parse(j);var i=CryptoJS.enc.Base64.stringify(h);var k=i.replace(/(.{64})/g,"$1\r\n");return"-----BEGIN CERTIFICATE-----\r\n"+k+"\r\n-----END CERTIFICATE-----\r\n"};if(typeof g!="undefined"){if(typeof g.tbscertobj!="undefined"){this.asn1TBSCert=g.tbscertobj}if(typeof g.prvkeyobj!="undefined"){this.prvKey=g.prvkeyobj}else{if(typeof g.rsaprvkey!="undefined"){this.prvKey=g.rsaprvkey}else{if((typeof g.rsaprvpem!="undefined")&&(typeof g.rsaprvpas!="undefined")){this.setRsaPrvKeyByPEMandPass(g.rsaprvpem,g.rsaprvpas)}}}}};YAHOO.lang.extend(KJUR.asn1.x509.Certificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.TBSCertificate=function(a){KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this);this._initialize=function(){this.asn1Array=new Array();this.asn1Version=new KJUR.asn1.DERTaggedObject({obj:new KJUR.asn1.DERInteger({"int":2})});this.asn1SerialNumber=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1NotBefore=null;this.asn1NotAfter=null;this.asn1Subject=null;this.asn1SubjPKey=null;this.extensionsArray=new Array()};this.setSerialNumberByParam=function(b){this.asn1SerialNumber=new KJUR.asn1.DERInteger(b)};this.setSignatureAlgByParam=function(b){this.asn1SignatureAlg=new KJUR.asn1.x509.AlgorithmIdentifier(b)};this.setIssuerByParam=function(b){this.asn1Issuer=new KJUR.asn1.x509.X500Name(b)};this.setNotBeforeByParam=function(b){this.asn1NotBefore=new KJUR.asn1.x509.Time(b)};this.setNotAfterByParam=function(b){this.asn1NotAfter=new KJUR.asn1.x509.Time(b)};this.setSubjectByParam=function(b){this.asn1Subject=new KJUR.asn1.x509.X500Name(b)};this.setSubjectPublicKeyByParam=function(b){this.asn1SubjPKey=new KJUR.asn1.x509.SubjectPublicKeyInfo(b)};this.setSubjectPublicKeyByGetKey=function(c){var b=KEYUTIL.getKey(c);this.asn1SubjPKey=new KJUR.asn1.x509.SubjectPublicKeyInfo(b)};this.appendExtension=function(b){this.extensionsArray.push(b)};this.appendExtensionByName=function(d,b){if(d.toLowerCase()=="basicconstraints"){var c=new KJUR.asn1.x509.BasicConstraints(b);this.appendExtension(c)}else{if(d.toLowerCase()=="keyusage"){var c=new KJUR.asn1.x509.KeyUsage(b);this.appendExtension(c)}else{if(d.toLowerCase()=="crldistributionpoints"){var c=new KJUR.asn1.x509.CRLDistributionPoints(b);this.appendExtension(c)}else{if(d.toLowerCase()=="extkeyusage"){var c=new KJUR.asn1.x509.ExtKeyUsage(b);this.appendExtension(c)}else{throw"unsupported extension name: "+d}}}}};this.getEncodedHex=function(){if(this.asn1NotBefore==null||this.asn1NotAfter==null){throw"notBefore and/or notAfter not set"}var c=new KJUR.asn1.DERSequence({array:[this.asn1NotBefore,this.asn1NotAfter]});this.asn1Array=new Array();this.asn1Array.push(this.asn1Version);this.asn1Array.push(this.asn1SerialNumber);this.asn1Array.push(this.asn1SignatureAlg);this.asn1Array.push(this.asn1Issuer);this.asn1Array.push(c);this.asn1Array.push(this.asn1Subject);this.asn1Array.push(this.asn1SubjPKey);if(this.extensionsArray.length>0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(a){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(b){var c=b.split("/");c.shift();for(var d=0;d0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(a){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(b){var c=b.split("/");c.shift();for(var d=0;dFEATURES

    NEWS

    +
    2014-Apr-19: +
    Release 4.2.2 is now available. +
      +
    • PKCS#10 CSR(certificate signing request) support in keyutil.js
      • +
    • AuthorityKeyIdentifier v3 extension support in asn1x509.js
      • +
    • Fake certificate converter tool from CSR for factorable.net key check
      • +
    +
    2013-Oct-12:
    Release 4.2.1 is now available.
      diff --git a/jsrsasign-4.2.2-all-min.js b/jsrsasign-4.2.2-all-min.js new file mode 100644 index 00000000..711a8362 --- /dev/null +++ b/jsrsasign-4.2.2-all-min.js @@ -0,0 +1,249 @@ +/* + * jsrsasign 4.2.2 (c) 2010-2014 Kenji Urushima | kjur.github.com/jsrsasign/license + */ +/* +yahoo-min.js +Copyright (c) 2011, Yahoo! Inc. All rights reserved. +Code licensed under the BSD License: +http://developer.yahoo.com/yui/license.html +version: 2.9.0 +*/ +if(typeof YAHOO=="undefined"||!YAHOO){var YAHOO={};}YAHOO.namespace=function(){var b=arguments,g=null,e,c,f;for(e=0;e":">",'"':""","'":"'","/":"/","`":"`"},d=["toString","valueOf"],e={isArray:function(j){return a.toString.apply(j)===c;},isBoolean:function(j){return typeof j==="boolean";},isFunction:function(j){return(typeof j==="function")||a.toString.apply(j)===h;},isNull:function(j){return j===null;},isNumber:function(j){return typeof j==="number"&&isFinite(j);},isObject:function(j){return(j&&(typeof j==="object"||f.isFunction(j)))||false;},isString:function(j){return typeof j==="string";},isUndefined:function(j){return typeof j==="undefined";},_IEEnumFix:(YAHOO.env.ua.ie)?function(l,k){var j,n,m;for(j=0;j"'\/`]/g,function(k){return g[k];});},extend:function(m,n,l){if(!n||!m){throw new Error("extend failed, please check that "+"all dependencies are included.");}var k=function(){},j;k.prototype=n.prototype;m.prototype=new k();m.prototype.constructor=m;m.superclass=n.prototype;if(n.prototype.constructor==a.constructor){n.prototype.constructor=n;}if(l){for(j in l){if(f.hasOwnProperty(l,j)){m.prototype[j]=l[j];}}f._IEEnumFix(m.prototype,l);}},augmentObject:function(n,m){if(!m||!n){throw new Error("Absorb failed, verify dependencies.");}var j=arguments,l,o,k=j[2];if(k&&k!==true){for(l=2;l0)?f.dump(j[l],p-1):t);}else{r.push(j[l]);}r.push(q);}if(r.length>1){r.pop();}r.push("]");}else{r.push("{");for(l in j){if(f.hasOwnProperty(j,l)){r.push(l+m);if(f.isObject(j[l])){r.push((p>0)?f.dump(j[l],p-1):t);}else{r.push(j[l]);}r.push(q);}}if(r.length>1){r.pop();}r.push("}");}return r.join("");},substitute:function(x,y,E,l){var D,C,B,G,t,u,F=[],p,z=x.length,A="dump",r=" ",q="{",m="}",n,w;for(;;){D=x.lastIndexOf(q,z);if(D<0){break;}C=x.indexOf(m,D);if(D+1>C){break;}p=x.substring(D+1,C);G=p;u=null;B=G.indexOf(r);if(B>-1){u=G.substring(B+1);G=G.substring(0,B);}t=y[G];if(E){t=E(G,t,u);}if(f.isObject(t)){if(f.isArray(t)){t=f.dump(t,parseInt(u,10));}else{u=u||"";n=u.indexOf(A);if(n>-1){u=u.substring(4);}w=t.toString();if(w===i||n>-1){t=f.dump(t,parseInt(u,10));}else{t=w;}}}else{if(!f.isString(t)&&!f.isNumber(t)){t="~-"+F.length+"-~";F[F.length]=p;}}x=x.substring(0,D)+t+x.substring(C+1);if(l===false){z=D-1;}}for(D=F.length-1;D>=0;D=D-1){x=x.replace(new RegExp("~-"+D+"-~"),"{"+F[D]+"}","g");}return x;},trim:function(j){try{return j.replace(/^\s+|\s+$/g,"");}catch(k){return j; +}},merge:function(){var n={},k=arguments,j=k.length,m;for(m=0;m>>2]>>>(24-(r%4)*8))&255;q[(n+r)>>>2]|=o<<(24-((n+r)%4)*8)}}else{for(var r=0;r>>2]=p[r>>>2]}}this.sigBytes+=s;return this},clamp:function(){var o=this.words;var n=this.sigBytes;o[n>>>2]&=4294967295<<(32-(n%4)*8);o.length=e.ceil(n/4)},clone:function(){var n=j.clone.call(this);n.words=this.words.slice(0);return n},random:function(p){var o=[];for(var n=0;n>>2]>>>(24-(n%4)*8))&255;q.push((s>>>4).toString(16));q.push((s&15).toString(16))}return q.join("")},parse:function(p){var n=p.length;var q=[];for(var o=0;o>>3]|=parseInt(p.substr(o,2),16)<<(24-(o%8)*4)}return new l.init(q,n/2)}};var d=m.Latin1={stringify:function(q){var r=q.words;var p=q.sigBytes;var n=[];for(var o=0;o>>2]>>>(24-(o%4)*8))&255;n.push(String.fromCharCode(s))}return n.join("")},parse:function(p){var n=p.length;var q=[];for(var o=0;o>>2]|=(p.charCodeAt(o)&255)<<(24-(o%4)*8)}return new l.init(q,n)}};var c=m.Utf8={stringify:function(n){try{return decodeURIComponent(escape(d.stringify(n)))}catch(o){throw new Error("Malformed UTF-8 data")}},parse:function(n){return d.parse(unescape(encodeURIComponent(n)))}};var i=b.BufferedBlockAlgorithm=j.extend({reset:function(){this._data=new l.init();this._nDataBytes=0},_append:function(n){if(typeof n=="string"){n=c.parse(n)}this._data.concat(n);this._nDataBytes+=n.sigBytes},_process:function(w){var q=this._data;var x=q.words;var n=q.sigBytes;var t=this.blockSize;var v=t*4;var u=n/v;if(w){u=e.ceil(u)}else{u=e.max((u|0)-this._minBufferSize,0)}var s=u*t;var r=e.min(s*4,n);if(s){for(var p=0;pe&&(b=a.finalize(b));b.clamp();for(var f=this._oKey=b.clone(),g=this._iKey=b.clone(),h=f.words,j=g.words,d=0;db;){var d;a:{d=l;for(var w=k.sqrt(d),r=2;r<=w;r++)if(!(d%r)){d=!1;break a}d=!0}d&&(8>b&&(s[b]=u(k.pow(l,0.5))),t[b]=u(k.pow(l,1/3)),b++);l++}var n=[],h=h.SHA256=j.extend({_doReset:function(){this._hash=new v.init(s.slice(0))},_doProcessBlock:function(q,h){for(var a=this._hash.words,c=a[0],d=a[1],b=a[2],k=a[3],f=a[4],g=a[5],j=a[6],l=a[7],e=0;64>e;e++){if(16>e)n[e]= +q[h+e]|0;else{var m=n[e-15],p=n[e-2];n[e]=((m<<25|m>>>7)^(m<<14|m>>>18)^m>>>3)+n[e-7]+((p<<15|p>>>17)^(p<<13|p>>>19)^p>>>10)+n[e-16]}m=l+((f<<26|f>>>6)^(f<<21|f>>>11)^(f<<7|f>>>25))+(f&g^~f&j)+t[e]+n[e];p=((c<<30|c>>>2)^(c<<19|c>>>13)^(c<<10|c>>>22))+(c&d^c&b^d&b);l=j;j=g;g=f;f=k+m|0;k=b;b=d;d=c;c=m+p|0}a[0]=a[0]+c|0;a[1]=a[1]+d|0;a[2]=a[2]+b|0;a[3]=a[3]+k|0;a[4]=a[4]+f|0;a[5]=a[5]+g|0;a[6]=a[6]+j|0;a[7]=a[7]+l|0},_doFinalize:function(){var d=this._data,b=d.words,a=8*this._nDataBytes,c=8*d.sigBytes; +b[c>>>5]|=128<<24-c%32;b[(c+64>>>9<<4)+14]=k.floor(a/4294967296);b[(c+64>>>9<<4)+15]=a;d.sigBytes=4*b.length;this._process();return this._hash},clone:function(){var b=j.clone.call(this);b._hash=this._hash.clone();return b}});g.SHA256=j._createHelper(h);g.HmacSHA256=j._createHmacHelper(h)})(Math); +/* +CryptoJS v3.1.2 sha224-min.js +code.google.com/p/crypto-js +(c) 2009-2013 by Jeff Mott. All rights reserved. +code.google.com/p/crypto-js/wiki/License +*/ +(function(){var b=CryptoJS,d=b.lib.WordArray,a=b.algo,c=a.SHA256,a=a.SHA224=c.extend({_doReset:function(){this._hash=new d.init([3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428])},_doFinalize:function(){var a=c._doFinalize.call(this);a.sigBytes-=4;return a}});b.SHA224=c._createHelper(a);b.HmacSHA224=c._createHmacHelper(a)})(); +/* +CryptoJS v3.1.2 sha512-min.js +code.google.com/p/crypto-js +(c) 2009-2013 by Jeff Mott. All rights reserved. +code.google.com/p/crypto-js/wiki/License +*/ +(function(){function a(){return d.create.apply(d,arguments)}for(var n=CryptoJS,r=n.lib.Hasher,e=n.x64,d=e.Word,T=e.WordArray,e=n.algo,ea=[a(1116352408,3609767458),a(1899447441,602891725),a(3049323471,3964484399),a(3921009573,2173295548),a(961987163,4081628472),a(1508970993,3053834265),a(2453635748,2937671579),a(2870763221,3664609560),a(3624381080,2734883394),a(310598401,1164996542),a(607225278,1323610764),a(1426881987,3590304994),a(1925078388,4068182383),a(2162078206,991336113),a(2614888103,633803317), +a(3248222580,3479774868),a(3835390401,2666613458),a(4022224774,944711139),a(264347078,2341262773),a(604807628,2007800933),a(770255983,1495990901),a(1249150122,1856431235),a(1555081692,3175218132),a(1996064986,2198950837),a(2554220882,3999719339),a(2821834349,766784016),a(2952996808,2566594879),a(3210313671,3203337956),a(3336571891,1034457026),a(3584528711,2466948901),a(113926993,3758326383),a(338241895,168717936),a(666307205,1188179964),a(773529912,1546045734),a(1294757372,1522805485),a(1396182291, +2643833823),a(1695183700,2343527390),a(1986661051,1014477480),a(2177026350,1206759142),a(2456956037,344077627),a(2730485921,1290863460),a(2820302411,3158454273),a(3259730800,3505952657),a(3345764771,106217008),a(3516065817,3606008344),a(3600352804,1432725776),a(4094571909,1467031594),a(275423344,851169720),a(430227734,3100823752),a(506948616,1363258195),a(659060556,3750685593),a(883997877,3785050280),a(958139571,3318307427),a(1322822218,3812723403),a(1537002063,2003034995),a(1747873779,3602036899), +a(1955562222,1575990012),a(2024104815,1125592928),a(2227730452,2716904306),a(2361852424,442776044),a(2428436474,593698344),a(2756734187,3733110249),a(3204031479,2999351573),a(3329325298,3815920427),a(3391569614,3928383900),a(3515267271,566280711),a(3940187606,3454069534),a(4118630271,4000239992),a(116418474,1914138554),a(174292421,2731055270),a(289380356,3203993006),a(460393269,320620315),a(685471733,587496836),a(852142971,1086792851),a(1017036298,365543100),a(1126000580,2618297676),a(1288033470, +3409855158),a(1501505948,4234509866),a(1607167915,987167468),a(1816402316,1246189591)],v=[],w=0;80>w;w++)v[w]=a();e=e.SHA512=r.extend({_doReset:function(){this._hash=new T.init([new d.init(1779033703,4089235720),new d.init(3144134277,2227873595),new d.init(1013904242,4271175723),new d.init(2773480762,1595750129),new d.init(1359893119,2917565137),new d.init(2600822924,725511199),new d.init(528734635,4215389547),new d.init(1541459225,327033209)])},_doProcessBlock:function(a,d){for(var f=this._hash.words, +F=f[0],e=f[1],n=f[2],r=f[3],G=f[4],H=f[5],I=f[6],f=f[7],w=F.high,J=F.low,X=e.high,K=e.low,Y=n.high,L=n.low,Z=r.high,M=r.low,$=G.high,N=G.low,aa=H.high,O=H.low,ba=I.high,P=I.low,ca=f.high,Q=f.low,k=w,g=J,z=X,x=K,A=Y,y=L,U=Z,B=M,l=$,h=N,R=aa,C=O,S=ba,D=P,V=ca,E=Q,m=0;80>m;m++){var s=v[m];if(16>m)var j=s.high=a[d+2*m]|0,b=s.low=a[d+2*m+1]|0;else{var j=v[m-15],b=j.high,p=j.low,j=(b>>>1|p<<31)^(b>>>8|p<<24)^b>>>7,p=(p>>>1|b<<31)^(p>>>8|b<<24)^(p>>>7|b<<25),u=v[m-2],b=u.high,c=u.low,u=(b>>>19|c<<13)^(b<< +3|c>>>29)^b>>>6,c=(c>>>19|b<<13)^(c<<3|b>>>29)^(c>>>6|b<<26),b=v[m-7],W=b.high,t=v[m-16],q=t.high,t=t.low,b=p+b.low,j=j+W+(b>>>0

      >>0?1:0),b=b+c,j=j+u+(b>>>0>>0?1:0),b=b+t,j=j+q+(b>>>0>>0?1:0);s.high=j;s.low=b}var W=l&R^~l&S,t=h&C^~h&D,s=k&z^k&A^z&A,T=g&x^g&y^x&y,p=(k>>>28|g<<4)^(k<<30|g>>>2)^(k<<25|g>>>7),u=(g>>>28|k<<4)^(g<<30|k>>>2)^(g<<25|k>>>7),c=ea[m],fa=c.high,da=c.low,c=E+((h>>>14|l<<18)^(h>>>18|l<<14)^(h<<23|l>>>9)),q=V+((l>>>14|h<<18)^(l>>>18|h<<14)^(l<<23|h>>>9))+(c>>>0>>0?1: +0),c=c+t,q=q+W+(c>>>0>>0?1:0),c=c+da,q=q+fa+(c>>>0>>0?1:0),c=c+b,q=q+j+(c>>>0>>0?1:0),b=u+T,s=p+s+(b>>>0>>0?1:0),V=S,E=D,S=R,D=C,R=l,C=h,h=B+c|0,l=U+q+(h>>>0>>0?1:0)|0,U=A,B=y,A=z,y=x,z=k,x=g,g=c+b|0,k=q+s+(g>>>0>>0?1:0)|0}J=F.low=J+g;F.high=w+k+(J>>>0>>0?1:0);K=e.low=K+x;e.high=X+z+(K>>>0>>0?1:0);L=n.low=L+y;n.high=Y+A+(L>>>0>>0?1:0);M=r.low=M+B;r.high=Z+U+(M>>>0>>0?1:0);N=G.low=N+h;G.high=$+l+(N>>>0>>0?1:0);O=H.low=O+C;H.high=aa+R+(O>>>0>>0?1:0);P=I.low=P+D; +I.high=ba+S+(P>>>0>>0?1:0);Q=f.low=Q+E;f.high=ca+V+(Q>>>0>>0?1:0)},_doFinalize:function(){var a=this._data,d=a.words,f=8*this._nDataBytes,e=8*a.sigBytes;d[e>>>5]|=128<<24-e%32;d[(e+128>>>10<<5)+30]=Math.floor(f/4294967296);d[(e+128>>>10<<5)+31]=f;a.sigBytes=4*d.length;this._process();return this._hash.toX32()},clone:function(){var a=r.clone.call(this);a._hash=this._hash.clone();return a},blockSize:32});n.SHA512=r._createHelper(e);n.HmacSHA512=r._createHmacHelper(e)})(); +/* +CryptoJS v3.1.2 sha384-min.js +code.google.com/p/crypto-js +(c) 2009-2013 by Jeff Mott. All rights reserved. +code.google.com/p/crypto-js/wiki/License +*/ +(function(){var c=CryptoJS,a=c.x64,b=a.Word,e=a.WordArray,a=c.algo,d=a.SHA512,a=a.SHA384=d.extend({_doReset:function(){this._hash=new e.init([new b.init(3418070365,3238371032),new b.init(1654270250,914150663),new b.init(2438529370,812702999),new b.init(355462360,4144912697),new b.init(1731405415,4290775857),new b.init(2394180231,1750603025),new b.init(3675008525,1694076839),new b.init(1203062813,3204075428)])},_doFinalize:function(){var a=d._doFinalize.call(this);a.sigBytes-=16;return a}});c.SHA384= +d._createHelper(a);c.HmacSHA384=d._createHmacHelper(a)})(); +/* +CryptoJS v3.1.2 md5-min.js +code.google.com/p/crypto-js +(c) 2009-2013 by Jeff Mott. All rights reserved. +code.google.com/p/crypto-js/wiki/License +*/ +(function(E){function h(a,f,g,j,p,h,k){a=a+(f&g|~f&j)+p+k;return(a<>>32-h)+f}function k(a,f,g,j,p,h,k){a=a+(f&j|g&~j)+p+k;return(a<>>32-h)+f}function l(a,f,g,j,h,k,l){a=a+(f^g^j)+h+l;return(a<>>32-k)+f}function n(a,f,g,j,h,k,l){a=a+(g^(f|~j))+h+l;return(a<>>32-k)+f}for(var r=CryptoJS,q=r.lib,F=q.WordArray,s=q.Hasher,q=r.algo,a=[],t=0;64>t;t++)a[t]=4294967296*E.abs(E.sin(t+1))|0;q=q.MD5=s.extend({_doReset:function(){this._hash=new F.init([1732584193,4023233417,2562383102,271733878])}, +_doProcessBlock:function(m,f){for(var g=0;16>g;g++){var j=f+g,p=m[j];m[j]=(p<<8|p>>>24)&16711935|(p<<24|p>>>8)&4278255360}var g=this._hash.words,j=m[f+0],p=m[f+1],q=m[f+2],r=m[f+3],s=m[f+4],t=m[f+5],u=m[f+6],v=m[f+7],w=m[f+8],x=m[f+9],y=m[f+10],z=m[f+11],A=m[f+12],B=m[f+13],C=m[f+14],D=m[f+15],b=g[0],c=g[1],d=g[2],e=g[3],b=h(b,c,d,e,j,7,a[0]),e=h(e,b,c,d,p,12,a[1]),d=h(d,e,b,c,q,17,a[2]),c=h(c,d,e,b,r,22,a[3]),b=h(b,c,d,e,s,7,a[4]),e=h(e,b,c,d,t,12,a[5]),d=h(d,e,b,c,u,17,a[6]),c=h(c,d,e,b,v,22,a[7]), +b=h(b,c,d,e,w,7,a[8]),e=h(e,b,c,d,x,12,a[9]),d=h(d,e,b,c,y,17,a[10]),c=h(c,d,e,b,z,22,a[11]),b=h(b,c,d,e,A,7,a[12]),e=h(e,b,c,d,B,12,a[13]),d=h(d,e,b,c,C,17,a[14]),c=h(c,d,e,b,D,22,a[15]),b=k(b,c,d,e,p,5,a[16]),e=k(e,b,c,d,u,9,a[17]),d=k(d,e,b,c,z,14,a[18]),c=k(c,d,e,b,j,20,a[19]),b=k(b,c,d,e,t,5,a[20]),e=k(e,b,c,d,y,9,a[21]),d=k(d,e,b,c,D,14,a[22]),c=k(c,d,e,b,s,20,a[23]),b=k(b,c,d,e,x,5,a[24]),e=k(e,b,c,d,C,9,a[25]),d=k(d,e,b,c,r,14,a[26]),c=k(c,d,e,b,w,20,a[27]),b=k(b,c,d,e,B,5,a[28]),e=k(e,b, +c,d,q,9,a[29]),d=k(d,e,b,c,v,14,a[30]),c=k(c,d,e,b,A,20,a[31]),b=l(b,c,d,e,t,4,a[32]),e=l(e,b,c,d,w,11,a[33]),d=l(d,e,b,c,z,16,a[34]),c=l(c,d,e,b,C,23,a[35]),b=l(b,c,d,e,p,4,a[36]),e=l(e,b,c,d,s,11,a[37]),d=l(d,e,b,c,v,16,a[38]),c=l(c,d,e,b,y,23,a[39]),b=l(b,c,d,e,B,4,a[40]),e=l(e,b,c,d,j,11,a[41]),d=l(d,e,b,c,r,16,a[42]),c=l(c,d,e,b,u,23,a[43]),b=l(b,c,d,e,x,4,a[44]),e=l(e,b,c,d,A,11,a[45]),d=l(d,e,b,c,D,16,a[46]),c=l(c,d,e,b,q,23,a[47]),b=n(b,c,d,e,j,6,a[48]),e=n(e,b,c,d,v,10,a[49]),d=n(d,e,b,c, +C,15,a[50]),c=n(c,d,e,b,t,21,a[51]),b=n(b,c,d,e,A,6,a[52]),e=n(e,b,c,d,r,10,a[53]),d=n(d,e,b,c,y,15,a[54]),c=n(c,d,e,b,p,21,a[55]),b=n(b,c,d,e,w,6,a[56]),e=n(e,b,c,d,D,10,a[57]),d=n(d,e,b,c,u,15,a[58]),c=n(c,d,e,b,B,21,a[59]),b=n(b,c,d,e,s,6,a[60]),e=n(e,b,c,d,z,10,a[61]),d=n(d,e,b,c,q,15,a[62]),c=n(c,d,e,b,x,21,a[63]);g[0]=g[0]+b|0;g[1]=g[1]+c|0;g[2]=g[2]+d|0;g[3]=g[3]+e|0},_doFinalize:function(){var a=this._data,f=a.words,g=8*this._nDataBytes,j=8*a.sigBytes;f[j>>>5]|=128<<24-j%32;var h=E.floor(g/ +4294967296);f[(j+64>>>9<<4)+15]=(h<<8|h>>>24)&16711935|(h<<24|h>>>8)&4278255360;f[(j+64>>>9<<4)+14]=(g<<8|g>>>24)&16711935|(g<<24|g>>>8)&4278255360;a.sigBytes=4*(f.length+1);this._process();a=this._hash;f=a.words;for(g=0;4>g;g++)j=f[g],f[g]=(j<<8|j>>>24)&16711935|(j<<24|j>>>8)&4278255360;return a},clone:function(){var a=s.clone.call(this);a._hash=this._hash.clone();return a}});r.MD5=s._createHelper(q);r.HmacMD5=s._createHmacHelper(q)})(Math); +/* +CryptoJS v3.1.2 enc-base64-min.js +code.google.com/p/crypto-js +(c) 2009-2013 by Jeff Mott. All rights reserved. +code.google.com/p/crypto-js/wiki/License +*/ +(function(){var h=CryptoJS,j=h.lib.WordArray;h.enc.Base64={stringify:function(b){var e=b.words,f=b.sigBytes,c=this._map;b.clamp();b=[];for(var a=0;a>>2]>>>24-8*(a%4)&255)<<16|(e[a+1>>>2]>>>24-8*((a+1)%4)&255)<<8|e[a+2>>>2]>>>24-8*((a+2)%4)&255,g=0;4>g&&a+0.75*g>>6*(3-g)&63));if(e=c.charAt(64))for(;b.length%4;)b.push(e);return b.join("")},parse:function(b){var e=b.length,f=this._map,c=f.charAt(64);c&&(c=b.indexOf(c),-1!=c&&(e=c));for(var c=[],a=0,d=0;d< +e;d++)if(d%4){var g=f.indexOf(b.charAt(d-1))<<2*(d%4),h=f.indexOf(b.charAt(d))>>>6-2*(d%4);c[a>>>2]|=(g|h)<<24-8*(a%4);a++}return j.create(c,a)},_map:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="}})(); +/* +CryptoJS v3.1.2 cipher-core-min.js +code.google.com/p/crypto-js +(c) 2009-2013 by Jeff Mott. All rights reserved. +code.google.com/p/crypto-js/wiki/License +*/ +CryptoJS.lib.Cipher||function(u){var g=CryptoJS,f=g.lib,k=f.Base,l=f.WordArray,q=f.BufferedBlockAlgorithm,r=g.enc.Base64,v=g.algo.EvpKDF,n=f.Cipher=q.extend({cfg:k.extend(),createEncryptor:function(a,b){return this.create(this._ENC_XFORM_MODE,a,b)},createDecryptor:function(a,b){return this.create(this._DEC_XFORM_MODE,a,b)},init:function(a,b,c){this.cfg=this.cfg.extend(c);this._xformMode=a;this._key=b;this.reset()},reset:function(){q.reset.call(this);this._doReset()},process:function(a){this._append(a); +return this._process()},finalize:function(a){a&&this._append(a);return this._doFinalize()},keySize:4,ivSize:4,_ENC_XFORM_MODE:1,_DEC_XFORM_MODE:2,_createHelper:function(a){return{encrypt:function(b,c,d){return("string"==typeof c?s:j).encrypt(a,b,c,d)},decrypt:function(b,c,d){return("string"==typeof c?s:j).decrypt(a,b,c,d)}}}});f.StreamCipher=n.extend({_doFinalize:function(){return this._process(!0)},blockSize:1});var m=g.mode={},t=function(a,b,c){var d=this._iv;d?this._iv=u:d=this._prevBlock;for(var e= +0;e>>2]&255}};f.BlockCipher=n.extend({cfg:n.cfg.extend({mode:m,padding:h}),reset:function(){n.reset.call(this);var a=this.cfg,b=a.iv,a=a.mode;if(this._xformMode==this._ENC_XFORM_MODE)var c=a.createEncryptor;else c=a.createDecryptor,this._minBufferSize=1; +this._mode=c.call(a,this,b&&b.words)},_doProcessBlock:function(a,b){this._mode.processBlock(a,b)},_doFinalize:function(){var a=this.cfg.padding;if(this._xformMode==this._ENC_XFORM_MODE){a.pad(this._data,this.blockSize);var b=this._process(!0)}else b=this._process(!0),a.unpad(b);return b},blockSize:4});var p=f.CipherParams=k.extend({init:function(a){this.mixIn(a)},toString:function(a){return(a||this.formatter).stringify(this)}}),m=(g.format={}).OpenSSL={stringify:function(a){var b=a.ciphertext;a=a.salt; +return(a?l.create([1398893684,1701076831]).concat(a).concat(b):b).toString(r)},parse:function(a){a=r.parse(a);var b=a.words;if(1398893684==b[0]&&1701076831==b[1]){var c=l.create(b.slice(2,4));b.splice(0,4);a.sigBytes-=16}return p.create({ciphertext:a,salt:c})}},j=f.SerializableCipher=k.extend({cfg:k.extend({format:m}),encrypt:function(a,b,c,d){d=this.cfg.extend(d);var e=a.createEncryptor(c,d);b=e.finalize(b);e=e.cfg;return p.create({ciphertext:b,key:c,iv:e.iv,algorithm:a,mode:e.mode,padding:e.padding, +blockSize:a.blockSize,formatter:d.format})},decrypt:function(a,b,c,d){d=this.cfg.extend(d);b=this._parse(b,d.format);return a.createDecryptor(c,d).finalize(b.ciphertext)},_parse:function(a,b){return"string"==typeof a?b.parse(a,this):a}}),g=(g.kdf={}).OpenSSL={execute:function(a,b,c,d){d||(d=l.random(8));a=v.create({keySize:b+c}).compute(a,d);c=l.create(a.words.slice(b),4*c);a.sigBytes=4*b;return p.create({key:a,iv:c,salt:d})}},s=f.PasswordBasedCipher=j.extend({cfg:j.cfg.extend({kdf:g}),encrypt:function(a, +b,c,d){d=this.cfg.extend(d);c=d.kdf.execute(c,a.keySize,a.ivSize);d.iv=c.iv;a=j.encrypt.call(this,a,b,c.key,d);a.mixIn(c);return a},decrypt:function(a,b,c,d){d=this.cfg.extend(d);b=this._parse(b,d.format);c=d.kdf.execute(c,a.keySize,a.ivSize,b.salt);d.iv=c.iv;return j.decrypt.call(this,a,b,c.key,d)}})}(); +/* +CryptoJS v3.1.2 aes-min.js +code.google.com/p/crypto-js +(c) 2009-2013 by Jeff Mott. All rights reserved. +code.google.com/p/crypto-js/wiki/License +*/ +(function(){for(var q=CryptoJS,x=q.lib.BlockCipher,r=q.algo,j=[],y=[],z=[],A=[],B=[],C=[],s=[],u=[],v=[],w=[],g=[],k=0;256>k;k++)g[k]=128>k?k<<1:k<<1^283;for(var n=0,l=0,k=0;256>k;k++){var f=l^l<<1^l<<2^l<<3^l<<4,f=f>>>8^f&255^99;j[n]=f;y[f]=n;var t=g[n],D=g[t],E=g[D],b=257*g[f]^16843008*f;z[n]=b<<24|b>>>8;A[n]=b<<16|b>>>16;B[n]=b<<8|b>>>24;C[n]=b;b=16843009*E^65537*D^257*t^16843008*n;s[f]=b<<24|b>>>8;u[f]=b<<16|b>>>16;v[f]=b<<8|b>>>24;w[f]=b;n?(n=t^g[g[g[E^t]]],l^=g[g[l]]):n=l=1}var F=[0,1,2,4,8, +16,32,64,128,27,54],r=r.AES=x.extend({_doReset:function(){for(var c=this._key,e=c.words,a=c.sigBytes/4,c=4*((this._nRounds=a+6)+1),b=this._keySchedule=[],h=0;h>>24]<<24|j[d>>>16&255]<<16|j[d>>>8&255]<<8|j[d&255]):(d=d<<8|d>>>24,d=j[d>>>24]<<24|j[d>>>16&255]<<16|j[d>>>8&255]<<8|j[d&255],d^=F[h/a|0]<<24);b[h]=b[h-a]^d}e=this._invKeySchedule=[];for(a=0;aa||4>=h?d:s[j[d>>>24]]^u[j[d>>>16&255]]^v[j[d>>> +8&255]]^w[j[d&255]]},encryptBlock:function(c,e){this._doCryptBlock(c,e,this._keySchedule,z,A,B,C,j)},decryptBlock:function(c,e){var a=c[e+1];c[e+1]=c[e+3];c[e+3]=a;this._doCryptBlock(c,e,this._invKeySchedule,s,u,v,w,y);a=c[e+1];c[e+1]=c[e+3];c[e+3]=a},_doCryptBlock:function(c,e,a,b,h,d,j,m){for(var n=this._nRounds,f=c[e]^a[0],g=c[e+1]^a[1],k=c[e+2]^a[2],p=c[e+3]^a[3],l=4,t=1;t>>24]^h[g>>>16&255]^d[k>>>8&255]^j[p&255]^a[l++],r=b[g>>>24]^h[k>>>16&255]^d[p>>>8&255]^j[f&255]^a[l++],s= +b[k>>>24]^h[p>>>16&255]^d[f>>>8&255]^j[g&255]^a[l++],p=b[p>>>24]^h[f>>>16&255]^d[g>>>8&255]^j[k&255]^a[l++],f=q,g=r,k=s;q=(m[f>>>24]<<24|m[g>>>16&255]<<16|m[k>>>8&255]<<8|m[p&255])^a[l++];r=(m[g>>>24]<<24|m[k>>>16&255]<<16|m[p>>>8&255]<<8|m[f&255])^a[l++];s=(m[k>>>24]<<24|m[p>>>16&255]<<16|m[f>>>8&255]<<8|m[g&255])^a[l++];p=(m[p>>>24]<<24|m[f>>>16&255]<<16|m[g>>>8&255]<<8|m[k&255])^a[l++];c[e]=q;c[e+1]=r;c[e+2]=s;c[e+3]=p},keySize:8});q.AES=x._createHelper(r)})(); +/* +CryptoJS v3.1.2 tripledes-min.js +code.google.com/p/crypto-js +(c) 2009-2013 by Jeff Mott. All rights reserved. +code.google.com/p/crypto-js/wiki/License +*/ +(function(){function j(b,c){var a=(this._lBlock>>>b^this._rBlock)&c;this._rBlock^=a;this._lBlock^=a<>>b^this._lBlock)&c;this._lBlock^=a;this._rBlock^=a<a;a++){var f=q[a]-1;c[a]=b[f>>>5]>>>31-f%32&1}b=this._subKeys=[];for(f=0;16>f;f++){for(var d=b[f]=[],e=r[f],a=0;24>a;a++)d[a/6|0]|=c[(p[a]-1+e)%28]<<31-a%6,d[4+(a/6|0)]|=c[28+(p[a+24]-1+e)%28]<<31-a%6;d[0]=d[0]<<1|d[0]>>>31;for(a=1;7>a;a++)d[a]>>>= +4*(a-1)+3;d[7]=d[7]<<5|d[7]>>>27}c=this._invSubKeys=[];for(a=0;16>a;a++)c[a]=b[15-a]},encryptBlock:function(b,c){this._doCryptBlock(b,c,this._subKeys)},decryptBlock:function(b,c){this._doCryptBlock(b,c,this._invSubKeys)},_doCryptBlock:function(b,c,a){this._lBlock=b[c];this._rBlock=b[c+1];j.call(this,4,252645135);j.call(this,16,65535);l.call(this,2,858993459);l.call(this,8,16711935);j.call(this,1,1431655765);for(var f=0;16>f;f++){for(var d=a[f],e=this._lBlock,h=this._rBlock,g=0,k=0;8>k;k++)g|=s[k][((h^ +d[k])&t[k])>>>0];this._lBlock=h;this._rBlock=e^g}a=this._lBlock;this._lBlock=this._rBlock;this._rBlock=a;j.call(this,1,1431655765);l.call(this,8,16711935);l.call(this,2,858993459);j.call(this,16,65535);j.call(this,4,252645135);b[c]=this._lBlock;b[c+1]=this._rBlock},keySize:2,ivSize:2,blockSize:2});h.DES=e._createHelper(m);g=g.TripleDES=e.extend({_doReset:function(){var b=this._key.words;this._des1=m.createEncryptor(n.create(b.slice(0,2)));this._des2=m.createEncryptor(n.create(b.slice(2,4)));this._des3= +m.createEncryptor(n.create(b.slice(4,6)))},encryptBlock:function(b,c){this._des1.encryptBlock(b,c);this._des2.decryptBlock(b,c);this._des3.encryptBlock(b,c)},decryptBlock:function(b,c){this._des3.decryptBlock(b,c);this._des2.encryptBlock(b,c);this._des1.decryptBlock(b,c)},keySize:6,ivSize:2,blockSize:2});h.TripleDES=e._createHelper(g)})(); +/* +CryptoJS v3.1.2 sha1-min.js +code.google.com/p/crypto-js +(c) 2009-2013 by Jeff Mott. All rights reserved. +code.google.com/p/crypto-js/wiki/License +*/ +(function(){var k=CryptoJS,b=k.lib,m=b.WordArray,l=b.Hasher,d=[],b=k.algo.SHA1=l.extend({_doReset:function(){this._hash=new m.init([1732584193,4023233417,2562383102,271733878,3285377520])},_doProcessBlock:function(n,p){for(var a=this._hash.words,e=a[0],f=a[1],h=a[2],j=a[3],b=a[4],c=0;80>c;c++){if(16>c)d[c]=n[p+c]|0;else{var g=d[c-3]^d[c-8]^d[c-14]^d[c-16];d[c]=g<<1|g>>>31}g=(e<<5|e>>>27)+b+d[c];g=20>c?g+((f&h|~f&j)+1518500249):40>c?g+((f^h^j)+1859775393):60>c?g+((f&h|f&j|h&j)-1894007588):g+((f^h^ +j)-899497514);b=j;j=h;h=f<<30|f>>>2;f=e;e=g}a[0]=a[0]+e|0;a[1]=a[1]+f|0;a[2]=a[2]+h|0;a[3]=a[3]+j|0;a[4]=a[4]+b|0},_doFinalize:function(){var b=this._data,d=b.words,a=8*this._nDataBytes,e=8*b.sigBytes;d[e>>>5]|=128<<24-e%32;d[(e+64>>>9<<4)+14]=Math.floor(a/4294967296);d[(e+64>>>9<<4)+15]=a;b.sigBytes=4*d.length;this._process();return this._hash},clone:function(){var b=l.clone.call(this);b._hash=this._hash.clone();return b}});k.SHA1=l._createHelper(b);k.HmacSHA1=l._createHmacHelper(b)})(); +/* +CryptoJS v3.1.2 ripemd160-min.js +code.google.com/p/crypto-js +(c) 2009-2013 by Jeff Mott. All rights reserved. +code.google.com/p/crypto-js/wiki/License +*/ +/* + +(c) 2012 by Cedric Mesnil. All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + + - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ +(function(){var q=CryptoJS,d=q.lib,n=d.WordArray,p=d.Hasher,d=q.algo,x=n.create([0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13]),y=n.create([5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11]),z=n.create([11,14,15,12, +5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6]),A=n.create([8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11]),B=n.create([0,1518500249,1859775393,2400959708,2840853838]),C=n.create([1352829926,1548603684,1836072691, +2053994217,0]),d=d.RIPEMD160=p.extend({_doReset:function(){this._hash=n.create([1732584193,4023233417,2562383102,271733878,3285377520])},_doProcessBlock:function(e,v){for(var b=0;16>b;b++){var c=v+b,f=e[c];e[c]=(f<<8|f>>>24)&16711935|(f<<24|f>>>8)&4278255360}var c=this._hash.words,f=B.words,d=C.words,n=x.words,q=y.words,p=z.words,w=A.words,t,g,h,j,r,u,k,l,m,s;u=t=c[0];k=g=c[1];l=h=c[2];m=j=c[3];s=r=c[4];for(var a,b=0;80>b;b+=1)a=t+e[v+n[b]]|0,a=16>b?a+((g^h^j)+f[0]):32>b?a+((g&h|~g&j)+f[1]):48>b? +a+(((g|~h)^j)+f[2]):64>b?a+((g&j|h&~j)+f[3]):a+((g^(h|~j))+f[4]),a|=0,a=a<>>32-p[b],a=a+r|0,t=r,r=j,j=h<<10|h>>>22,h=g,g=a,a=u+e[v+q[b]]|0,a=16>b?a+((k^(l|~m))+d[0]):32>b?a+((k&m|l&~m)+d[1]):48>b?a+(((k|~l)^m)+d[2]):64>b?a+((k&l|~k&m)+d[3]):a+((k^l^m)+d[4]),a|=0,a=a<>>32-w[b],a=a+s|0,u=s,s=m,m=l<<10|l>>>22,l=k,k=a;a=c[1]+h+m|0;c[1]=c[2]+j+s|0;c[2]=c[3]+r+u|0;c[3]=c[4]+t+k|0;c[4]=c[0]+g+l|0;c[0]=a},_doFinalize:function(){var e=this._data,d=e.words,b=8*this._nDataBytes,c=8*e.sigBytes; +d[c>>>5]|=128<<24-c%32;d[(c+64>>>9<<4)+14]=(b<<8|b>>>24)&16711935|(b<<24|b>>>8)&4278255360;e.sigBytes=4*(d.length+1);this._process();e=this._hash;d=e.words;for(b=0;5>b;b++)c=d[b],d[b]=(c<<8|c>>>24)&16711935|(c<<24|c>>>8)&4278255360;return e},clone:function(){var d=p.clone.call(this);d._hash=this._hash.clone();return d}});q.RIPEMD160=p._createHelper(d);q.HmacRIPEMD160=p._createHmacHelper(d)})(Math); +/* +CryptoJS v3.1.2 pbkdf2-min.js +code.google.com/p/crypto-js +(c) 2009-2013 by Jeff Mott. All rights reserved. +code.google.com/p/crypto-js/wiki/License +*/ +(function(){var b=CryptoJS,a=b.lib,d=a.Base,m=a.WordArray,a=b.algo,q=a.HMAC,l=a.PBKDF2=d.extend({cfg:d.extend({keySize:4,hasher:a.SHA1,iterations:1}),init:function(a){this.cfg=this.cfg.extend(a)},compute:function(a,b){for(var c=this.cfg,f=q.create(c.hasher,a),g=m.create(),d=m.create([1]),l=g.words,r=d.words,n=c.keySize,c=c.iterations;l.length>6)+b64map.charAt(e&63)}if(b+1==d.length){e=parseInt(d.substring(b,b+1),16);a+=b64map.charAt(e<<2)}else{if(b+2==d.length){e=parseInt(d.substring(b,b+2),16);a+=b64map.charAt(e>>2)+b64map.charAt((e&3)<<4)}}if(b64pad){while((a.length&3)>0){a+=b64pad}}return a}function b64tohex(f){var d="";var e;var b=0;var c;var a;for(e=0;e>2);c=a&3;b=1}else{if(b==1){d+=int2char((c<<2)|(a>>4));c=a&15;b=2}else{if(b==2){d+=int2char(c);d+=int2char(a>>2);c=a&3;b=3}else{d+=int2char((c<<2)|(a>>4));d+=int2char(a&15);b=0}}}}if(b==1){d+=int2char(c<<2)}return d}function b64toBA(e){var d=b64tohex(e);var c;var b=new Array();for(c=0;2*c=0){var d=a*this[f++]+b[e]+h;h=Math.floor(d/67108864);b[e++]=d&67108863}return h}function am2(f,q,r,e,o,a){var k=q&32767,p=q>>15;while(--a>=0){var d=this[f]&32767;var g=this[f++]>>15;var b=p*d+g*k;d=k*d+((b&32767)<<15)+r[e]+(o&1073741823);o=(d>>>30)+(b>>>15)+p*g+(o>>>30);r[e++]=d&1073741823}return o}function am3(f,q,r,e,o,a){var k=q&16383,p=q>>14;while(--a>=0){var d=this[f]&16383;var g=this[f++]>>14;var b=p*d+g*k;d=k*d+((b&16383)<<14)+r[e]+o;o=(d>>28)+(b>>14)+p*g;r[e++]=d&268435455}return o}if(j_lm&&(navigator.appName=="Microsoft Internet Explorer")){BigInteger.prototype.am=am2;dbits=30}else{if(j_lm&&(navigator.appName!="Netscape")){BigInteger.prototype.am=am1;dbits=26}else{BigInteger.prototype.am=am3;dbits=28}}BigInteger.prototype.DB=dbits;BigInteger.prototype.DM=((1<=0;--a){b[a]=this[a]}b.t=this.t;b.s=this.s}function bnpFromInt(a){this.t=1;this.s=(a<0)?-1:0;if(a>0){this[0]=a}else{if(a<-1){this[0]=a+this.DV}else{this.t=0}}}function nbv(a){var b=nbi();b.fromInt(a);return b}function bnpFromString(h,c){var e;if(c==16){e=4}else{if(c==8){e=3}else{if(c==256){e=8}else{if(c==2){e=1}else{if(c==32){e=5}else{if(c==4){e=2}else{this.fromRadix(h,c);return}}}}}}this.t=0;this.s=0;var g=h.length,d=false,f=0;while(--g>=0){var a=(e==8)?h[g]&255:intAt(h,g);if(a<0){if(h.charAt(g)=="-"){d=true}continue}d=false;if(f==0){this[this.t++]=a}else{if(f+e>this.DB){this[this.t-1]|=(a&((1<<(this.DB-f))-1))<>(this.DB-f))}else{this[this.t-1]|=a<=this.DB){f-=this.DB}}if(e==8&&(h[0]&128)!=0){this.s=-1;if(f>0){this[this.t-1]|=((1<<(this.DB-f))-1)<0&&this[this.t-1]==a){--this.t}}function bnToString(c){if(this.s<0){return"-"+this.negate().toString(c)}var e;if(c==16){e=4}else{if(c==8){e=3}else{if(c==2){e=1}else{if(c==32){e=5}else{if(c==4){e=2}else{return this.toRadix(c)}}}}}var g=(1<0){if(j>j)>0){a=true;h=int2char(l)}while(f>=0){if(j>(j+=this.DB-e)}else{l=(this[f]>>(j-=e))&g;if(j<=0){j+=this.DB;--f}}if(l>0){a=true}if(a){h+=int2char(l)}}}return a?h:"0"}function bnNegate(){var a=nbi();BigInteger.ZERO.subTo(this,a);return a}function bnAbs(){return(this.s<0)?this.negate():this}function bnCompareTo(b){var d=this.s-b.s;if(d!=0){return d}var c=this.t;d=c-b.t;if(d!=0){return(this.s<0)?-d:d}while(--c>=0){if((d=this[c]-b[c])!=0){return d}}return 0}function nbits(a){var c=1,b;if((b=a>>>16)!=0){a=b;c+=16}if((b=a>>8)!=0){a=b;c+=8}if((b=a>>4)!=0){a=b;c+=4}if((b=a>>2)!=0){a=b;c+=2}if((b=a>>1)!=0){a=b;c+=1}return c}function bnBitLength(){if(this.t<=0){return 0}return this.DB*(this.t-1)+nbits(this[this.t-1]^(this.s&this.DM))}function bnpDLShiftTo(c,b){var a;for(a=this.t-1;a>=0;--a){b[a+c]=this[a]}for(a=c-1;a>=0;--a){b[a]=0}b.t=this.t+c;b.s=this.s}function bnpDRShiftTo(c,b){for(var a=c;a=0;--d){e[d+f+1]=(this[d]>>a)|h;h=(this[d]&g)<=0;--d){e[d]=0}e[f]=h;e.t=this.t+f+1;e.s=this.s;e.clamp()}function bnpRShiftTo(g,d){d.s=this.s;var e=Math.floor(g/this.DB);if(e>=this.t){d.t=0;return}var b=g%this.DB;var a=this.DB-b;var f=(1<>b;for(var c=e+1;c>b}if(b>0){d[this.t-e-1]|=(this.s&f)<>=this.DB}if(d.t>=this.DB}g+=this.s}else{g+=this.s;while(e>=this.DB}g-=d.s}f.s=(g<0)?-1:0;if(g<-1){f[e++]=this.DV+g}else{if(g>0){f[e++]=g}}f.t=e;f.clamp()}function bnpMultiplyTo(c,e){var b=this.abs(),f=c.abs();var d=b.t;e.t=d+f.t;while(--d>=0){e[d]=0}for(d=0;d=0){d[b]=0}for(b=0;b=a.DV){d[b+a.t]-=a.DV;d[b+a.t+1]=1}}if(d.t>0){d[d.t-1]+=a.am(b,a[b],d,2*b,0,1)}d.s=0;d.clamp()}function bnpDivRemTo(n,h,g){var w=n.abs();if(w.t<=0){return}var k=this.abs();if(k.t0){w.lShiftTo(v,d);k.lShiftTo(v,g)}else{w.copyTo(d);k.copyTo(g)}var p=d.t;var b=d[p-1];if(b==0){return}var o=b*(1<1)?d[p-2]>>this.F2:0);var A=this.FV/o,z=(1<=0){g[g.t++]=1;g.subTo(f,g)}BigInteger.ONE.dlShiftTo(p,f);f.subTo(d,d);while(d.t=0){var c=(g[--u]==b)?this.DM:Math.floor(g[u]*A+(g[u-1]+x)*z);if((g[u]+=d.am(0,c,g,s,0,p))0){g.rShiftTo(v,g)}if(a<0){BigInteger.ZERO.subTo(g,g)}}function bnMod(b){var c=nbi();this.abs().divRemTo(b,null,c);if(this.s<0&&c.compareTo(BigInteger.ZERO)>0){b.subTo(c,c)}return c}function Classic(a){this.m=a}function cConvert(a){if(a.s<0||a.compareTo(this.m)>=0){return a.mod(this.m)}else{return a}}function cRevert(a){return a}function cReduce(a){a.divRemTo(this.m,null,a)}function cMulTo(a,c,b){a.multiplyTo(c,b);this.reduce(b)}function cSqrTo(a,b){a.squareTo(b);this.reduce(b)}Classic.prototype.convert=cConvert;Classic.prototype.revert=cRevert;Classic.prototype.reduce=cReduce;Classic.prototype.mulTo=cMulTo;Classic.prototype.sqrTo=cSqrTo;function bnpInvDigit(){if(this.t<1){return 0}var a=this[0];if((a&1)==0){return 0}var b=a&3;b=(b*(2-(a&15)*b))&15;b=(b*(2-(a&255)*b))&255;b=(b*(2-(((a&65535)*b)&65535)))&65535;b=(b*(2-a*b%this.DV))%this.DV;return(b>0)?this.DV-b:-b}function Montgomery(a){this.m=a;this.mp=a.invDigit();this.mpl=this.mp&32767;this.mph=this.mp>>15;this.um=(1<<(a.DB-15))-1;this.mt2=2*a.t}function montConvert(a){var b=nbi();a.abs().dlShiftTo(this.m.t,b);b.divRemTo(this.m,null,b);if(a.s<0&&b.compareTo(BigInteger.ZERO)>0){this.m.subTo(b,b)}return b}function montRevert(a){var b=nbi();a.copyTo(b);this.reduce(b);return b}function montReduce(a){while(a.t<=this.mt2){a[a.t++]=0}for(var c=0;c>15)*this.mpl)&this.um)<<15))&a.DM;b=c+this.m.t;a[b]+=this.m.am(0,d,a,c,0,this.m.t);while(a[b]>=a.DV){a[b]-=a.DV;a[++b]++}}a.clamp();a.drShiftTo(this.m.t,a);if(a.compareTo(this.m)>=0){a.subTo(this.m,a)}}function montSqrTo(a,b){a.squareTo(b);this.reduce(b)}function montMulTo(a,c,b){a.multiplyTo(c,b);this.reduce(b)}Montgomery.prototype.convert=montConvert;Montgomery.prototype.revert=montRevert;Montgomery.prototype.reduce=montReduce;Montgomery.prototype.mulTo=montMulTo;Montgomery.prototype.sqrTo=montSqrTo;function bnpIsEven(){return((this.t>0)?(this[0]&1):this.s)==0}function bnpExp(h,j){if(h>4294967295||h<1){return BigInteger.ONE}var f=nbi(),a=nbi(),d=j.convert(this),c=nbits(h)-1;d.copyTo(f);while(--c>=0){j.sqrTo(f,a);if((h&(1<0){j.mulTo(a,d,f)}else{var b=f;f=a;a=b}}return j.revert(f)}function bnModPowInt(b,a){var c;if(b<256||a.isEven()){c=new Classic(a)}else{c=new Montgomery(a)}return this.exp(b,c)}BigInteger.prototype.copyTo=bnpCopyTo;BigInteger.prototype.fromInt=bnpFromInt;BigInteger.prototype.fromString=bnpFromString;BigInteger.prototype.clamp=bnpClamp;BigInteger.prototype.dlShiftTo=bnpDLShiftTo;BigInteger.prototype.drShiftTo=bnpDRShiftTo;BigInteger.prototype.lShiftTo=bnpLShiftTo;BigInteger.prototype.rShiftTo=bnpRShiftTo;BigInteger.prototype.subTo=bnpSubTo;BigInteger.prototype.multiplyTo=bnpMultiplyTo;BigInteger.prototype.squareTo=bnpSquareTo;BigInteger.prototype.divRemTo=bnpDivRemTo;BigInteger.prototype.invDigit=bnpInvDigit;BigInteger.prototype.isEven=bnpIsEven;BigInteger.prototype.exp=bnpExp;BigInteger.prototype.toString=bnToString;BigInteger.prototype.negate=bnNegate;BigInteger.prototype.abs=bnAbs;BigInteger.prototype.compareTo=bnCompareTo;BigInteger.prototype.bitLength=bnBitLength;BigInteger.prototype.mod=bnMod;BigInteger.prototype.modPowInt=bnModPowInt;BigInteger.ZERO=nbv(0);BigInteger.ONE=nbv(1); +/*! (c) Tom Wu | http://www-cs-students.stanford.edu/~tjw/jsbn/ + */ +function bnClone(){var a=nbi();this.copyTo(a);return a}function bnIntValue(){if(this.s<0){if(this.t==1){return this[0]-this.DV}else{if(this.t==0){return -1}}}else{if(this.t==1){return this[0]}else{if(this.t==0){return 0}}}return((this[1]&((1<<(32-this.DB))-1))<>24}function bnShortValue(){return(this.t==0)?this.s:(this[0]<<16)>>16}function bnpChunkSize(a){return Math.floor(Math.LN2*this.DB/Math.log(a))}function bnSigNum(){if(this.s<0){return -1}else{if(this.t<=0||(this.t==1&&this[0]<=0)){return 0}else{return 1}}}function bnpToRadix(c){if(c==null){c=10}if(this.signum()==0||c<2||c>36){return"0"}var f=this.chunkSize(c);var e=Math.pow(c,f);var i=nbv(e),j=nbi(),h=nbi(),g="";this.divRemTo(i,j,h);while(j.signum()>0){g=(e+h.intValue()).toString(c).substr(1)+g;j.divRemTo(i,j,h)}return h.intValue().toString(c)+g}function bnpFromRadix(m,h){this.fromInt(0);if(h==null){h=10}var f=this.chunkSize(h);var g=Math.pow(h,f),e=false,a=0,l=0;for(var c=0;c=f){this.dMultiply(g);this.dAddOffset(l,0);a=0;l=0}}if(a>0){this.dMultiply(Math.pow(h,a));this.dAddOffset(l,0)}if(e){BigInteger.ZERO.subTo(this,this)}}function bnpFromNumber(f,e,h){if("number"==typeof e){if(f<2){this.fromInt(1)}else{this.fromNumber(f,h);if(!this.testBit(f-1)){this.bitwiseTo(BigInteger.ONE.shiftLeft(f-1),op_or,this)}if(this.isEven()){this.dAddOffset(1,0)}while(!this.isProbablePrime(e)){this.dAddOffset(2,0);if(this.bitLength()>f){this.subTo(BigInteger.ONE.shiftLeft(f-1),this)}}}}else{var d=new Array(),g=f&7;d.length=(f>>3)+1;e.nextBytes(d);if(g>0){d[0]&=((1<0){if(e>e)!=(this.s&this.DM)>>e){c[a++]=f|(this.s<<(this.DB-e))}while(b>=0){if(e<8){f=(this[b]&((1<>(e+=this.DB-8)}else{f=(this[b]>>(e-=8))&255;if(e<=0){e+=this.DB;--b}}if((f&128)!=0){f|=-256}if(a==0&&(this.s&128)!=(f&128)){++a}if(a>0||f!=this.s){c[a++]=f}}}return c}function bnEquals(b){return(this.compareTo(b)==0)}function bnMin(b){return(this.compareTo(b)<0)?this:b}function bnMax(b){return(this.compareTo(b)>0)?this:b}function bnpBitwiseTo(c,h,e){var d,g,b=Math.min(c.t,this.t);for(d=0;d>=16;b+=16}if((a&255)==0){a>>=8;b+=8}if((a&15)==0){a>>=4;b+=4}if((a&3)==0){a>>=2;b+=2}if((a&1)==0){++b}return b}function bnGetLowestSetBit(){for(var a=0;a=this.t){return(this.s!=0)}return((this[a]&(1<<(b%this.DB)))!=0)}function bnpChangeBit(c,b){var a=BigInteger.ONE.shiftLeft(c);this.bitwiseTo(a,b,a);return a}function bnSetBit(a){return this.changeBit(a,op_or)}function bnClearBit(a){return this.changeBit(a,op_andnot)}function bnFlipBit(a){return this.changeBit(a,op_xor)}function bnpAddTo(d,f){var e=0,g=0,b=Math.min(d.t,this.t);while(e>=this.DB}if(d.t>=this.DB}g+=this.s}else{g+=this.s;while(e>=this.DB}g+=d.s}f.s=(g<0)?-1:0;if(g>0){f[e++]=g}else{if(g<-1){f[e++]=this.DV+g}}f.t=e;f.clamp()}function bnAdd(b){var c=nbi();this.addTo(b,c);return c}function bnSubtract(b){var c=nbi();this.subTo(b,c);return c}function bnMultiply(b){var c=nbi();this.multiplyTo(b,c);return c}function bnSquare(){var a=nbi();this.squareTo(a);return a}function bnDivide(b){var c=nbi();this.divRemTo(b,c,null);return c}function bnRemainder(b){var c=nbi();this.divRemTo(b,null,c);return c}function bnDivideAndRemainder(b){var d=nbi(),c=nbi();this.divRemTo(b,d,c);return new Array(d,c)}function bnpDMultiply(a){this[this.t]=this.am(0,a-1,this,0,0,this.t);++this.t;this.clamp()}function bnpDAddOffset(b,a){if(b==0){return}while(this.t<=a){this[this.t++]=0}this[a]+=b;while(this[a]>=this.DV){this[a]-=this.DV;if(++a>=this.t){this[this.t++]=0}++this[a]}}function NullExp(){}function nNop(a){return a}function nMulTo(a,c,b){a.multiplyTo(c,b)}function nSqrTo(a,b){a.squareTo(b)}NullExp.prototype.convert=nNop;NullExp.prototype.revert=nNop;NullExp.prototype.mulTo=nMulTo;NullExp.prototype.sqrTo=nSqrTo;function bnPow(a){return this.exp(a,new NullExp())}function bnpMultiplyLowerTo(b,f,e){var d=Math.min(this.t+b.t,f);e.s=0;e.t=d;while(d>0){e[--d]=0}var c;for(c=e.t-this.t;d=0){d[c]=0}for(c=Math.max(e-this.t,0);c2*this.m.t){return a.mod(this.m)}else{if(a.compareTo(this.m)<0){return a}else{var b=nbi();a.copyTo(b);this.reduce(b);return b}}}function barrettRevert(a){return a}function barrettReduce(a){a.drShiftTo(this.m.t-1,this.r2);if(a.t>this.m.t+1){a.t=this.m.t+1;a.clamp()}this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3);this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2);while(a.compareTo(this.r2)<0){a.dAddOffset(1,this.m.t+1)}a.subTo(this.r2,a);while(a.compareTo(this.m)>=0){a.subTo(this.m,a)}}function barrettSqrTo(a,b){a.squareTo(b);this.reduce(b)}function barrettMulTo(a,c,b){a.multiplyTo(c,b);this.reduce(b)}Barrett.prototype.convert=barrettConvert;Barrett.prototype.revert=barrettRevert;Barrett.prototype.reduce=barrettReduce;Barrett.prototype.mulTo=barrettMulTo;Barrett.prototype.sqrTo=barrettSqrTo;function bnModPow(q,f){var o=q.bitLength(),h,b=nbv(1),v;if(o<=0){return b}else{if(o<18){h=1}else{if(o<48){h=3}else{if(o<144){h=4}else{if(o<768){h=5}else{h=6}}}}}if(o<8){v=new Classic(f)}else{if(f.isEven()){v=new Barrett(f)}else{v=new Montgomery(f)}}var p=new Array(),d=3,s=h-1,a=(1<1){var A=nbi();v.sqrTo(p[1],A);while(d<=a){p[d]=nbi();v.mulTo(A,p[d-2],p[d]);d+=2}}var l=q.t-1,x,u=true,c=nbi(),y;o=nbits(q[l])-1;while(l>=0){if(o>=s){x=(q[l]>>(o-s))&a}else{x=(q[l]&((1<<(o+1))-1))<<(s-o);if(l>0){x|=q[l-1]>>(this.DB+o-s)}}d=h;while((x&1)==0){x>>=1;--d}if((o-=d)<0){o+=this.DB;--l}if(u){p[x].copyTo(b);u=false}else{while(d>1){v.sqrTo(b,c);v.sqrTo(c,b);d-=2}if(d>0){v.sqrTo(b,c)}else{y=b;b=c;c=y}v.mulTo(c,p[x],b)}while(l>=0&&(q[l]&(1<0){b.rShiftTo(f,b);h.rShiftTo(f,h)}while(b.signum()>0){if((d=b.getLowestSetBit())>0){b.rShiftTo(d,b)}if((d=h.getLowestSetBit())>0){h.rShiftTo(d,h)}if(b.compareTo(h)>=0){b.subTo(h,b);b.rShiftTo(1,b)}else{h.subTo(b,h);h.rShiftTo(1,h)}}if(f>0){h.lShiftTo(f,h)}return h}function bnpModInt(e){if(e<=0){return 0}var c=this.DV%e,b=(this.s<0)?e-1:0;if(this.t>0){if(c==0){b=this[0]%e}else{for(var a=this.t-1;a>=0;--a){b=(c*b+this[a])%e}}}return b}function bnModInverse(f){var j=f.isEven();if((this.isEven()&&j)||f.signum()==0){return BigInteger.ZERO}var i=f.clone(),h=this.clone();var g=nbv(1),e=nbv(0),l=nbv(0),k=nbv(1);while(i.signum()!=0){while(i.isEven()){i.rShiftTo(1,i);if(j){if(!g.isEven()||!e.isEven()){g.addTo(this,g);e.subTo(f,e)}g.rShiftTo(1,g)}else{if(!e.isEven()){e.subTo(f,e)}}e.rShiftTo(1,e)}while(h.isEven()){h.rShiftTo(1,h);if(j){if(!l.isEven()||!k.isEven()){l.addTo(this,l);k.subTo(f,k)}l.rShiftTo(1,l)}else{if(!k.isEven()){k.subTo(f,k)}}k.rShiftTo(1,k)}if(i.compareTo(h)>=0){i.subTo(h,i);if(j){g.subTo(l,g)}e.subTo(k,e)}else{h.subTo(i,h);if(j){l.subTo(g,l)}k.subTo(e,k)}}if(h.compareTo(BigInteger.ONE)!=0){return BigInteger.ZERO}if(k.compareTo(f)>=0){return k.subtract(f)}if(k.signum()<0){k.addTo(f,k)}else{return k}if(k.signum()<0){return k.add(f)}else{return k}}var lowprimes=[2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997];var lplim=(1<<26)/lowprimes[lowprimes.length-1];function bnIsProbablePrime(e){var d,b=this.abs();if(b.t==1&&b[0]<=lowprimes[lowprimes.length-1]){for(d=0;d>1;if(f>lowprimes.length){f=lowprimes.length}var b=nbi();for(var e=0;e>8)&255;rng_pool[rng_pptr++]^=(a>>16)&255;rng_pool[rng_pptr++]^=(a>>24)&255;if(rng_pptr>=rng_psize){rng_pptr-=rng_psize}}function rng_seed_time(){rng_seed_int(new Date().getTime())}if(rng_pool==null){rng_pool=new Array();rng_pptr=0;var t;if(navigator.appName=="Netscape"&&navigator.appVersion<"5"&&window.crypto){var z=window.crypto.random(32);for(t=0;t>>8;rng_pool[rng_pptr++]=t&255}rng_pptr=0;rng_seed_time()}function rng_get_byte(){if(rng_state==null){rng_seed_time();rng_state=prng_newstate();rng_state.init(rng_pool);for(rng_pptr=0;rng_pptr=0&&h>0){var f=e.charCodeAt(d--);if(f<128){g[--h]=f}else{if((f>127)&&(f<2048)){g[--h]=(f&63)|128;g[--h]=(f>>6)|192}else{g[--h]=(f&63)|128;g[--h]=((f>>6)&63)|128;g[--h]=(f>>12)|224}}}g[--h]=0;var b=new SecureRandom();var a=new Array();while(h>2){a[0]=0;while(a[0]==0){b.nextBytes(a)}g[--h]=a[0]}g[--h]=2;g[--h]=0;return new BigInteger(g)}function oaep_mgf1_arr(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255])));d+=1}return b}var SHA1_SIZE=20;function oaep_pad(l,a,c){if(l.length+2*SHA1_SIZE+2>a){throw"Message too long for RSA"}var h="",d;for(d=0;d0&&a.length>0){this.n=parseBigInt(b,16);this.e=parseInt(a,16)}else{alert("Invalid RSA public key")}}}function RSADoPublic(a){return a.modPowInt(this.e,this.n)}function RSAEncrypt(d){var a=pkcs1pad2(d,(this.n.bitLength()+7)>>3);if(a==null){return null}var e=this.doPublic(a);if(e==null){return null}var b=e.toString(16);if((b.length&1)==0){return b}else{return"0"+b}}function RSAEncryptOAEP(e,d){var a=oaep_pad(e,(this.n.bitLength()+7)>>3,d);if(a==null){return null}var f=this.doPublic(a);if(f==null){return null}var b=f.toString(16);if((b.length&1)==0){return b}else{return"0"+b}}RSAKey.prototype.doPublic=RSADoPublic;RSAKey.prototype.setPublic=RSASetPublic;RSAKey.prototype.encrypt=RSAEncrypt;RSAKey.prototype.encryptOAEP=RSAEncryptOAEP;RSAKey.prototype.type="RSA"; +/*! (c) Tom Wu | http://www-cs-students.stanford.edu/~tjw/jsbn/ + */ +function pkcs1unpad2(g,j){var a=g.toByteArray();var f=0;while(f=a.length){return null}}var e="";while(++f191)&&(h<224)){e+=String.fromCharCode(((h&31)<<6)|(a[f+1]&63));++f}else{e+=String.fromCharCode(((h&15)<<12)|((a[f+1]&63)<<6)|(a[f+2]&63));f+=2}}}return e}function oaep_mgf1_str(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255]));d+=1}return b}var SHA1_SIZE=20;function oaep_unpad(l,b,e){l=l.toByteArray();var f;for(f=0;f0&&a.length>0){this.n=parseBigInt(c,16);this.e=parseInt(a,16);this.d=parseBigInt(b,16)}else{alert("Invalid RSA private key")}}}function RSASetPrivateEx(g,d,e,c,b,a,h,f){this.isPrivate=true;if(g==null){throw"RSASetPrivateEx N == null"}if(d==null){throw"RSASetPrivateEx E == null"}if(g.length==0){throw"RSASetPrivateEx N.length == 0"}if(d.length==0){throw"RSASetPrivateEx E.length == 0"}if(g!=null&&d!=null&&g.length>0&&d.length>0){this.n=parseBigInt(g,16);this.e=parseInt(d,16);this.d=parseBigInt(e,16);this.p=parseBigInt(c,16);this.q=parseBigInt(b,16);this.dmp1=parseBigInt(a,16);this.dmq1=parseBigInt(h,16);this.coeff=parseBigInt(f,16)}else{alert("Invalid RSA private key in RSASetPrivateEx")}}function RSAGenerate(b,i){var a=new SecureRandom();var f=b>>1;this.e=parseInt(i,16);var c=new BigInteger(i,16);for(;;){for(;;){this.p=new BigInteger(b-f,1,a);if(this.p.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.p.isProbablePrime(10)){break}}for(;;){this.q=new BigInteger(f,1,a);if(this.q.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.q.isProbablePrime(10)){break}}if(this.p.compareTo(this.q)<=0){var h=this.p;this.p=this.q;this.q=h}var g=this.p.subtract(BigInteger.ONE);var d=this.q.subtract(BigInteger.ONE);var e=g.multiply(d);if(e.gcd(c).compareTo(BigInteger.ONE)==0){this.n=this.p.multiply(this.q);this.d=c.modInverse(e);this.dmp1=this.d.mod(g);this.dmq1=this.d.mod(d);this.coeff=this.q.modInverse(this.p);break}}}function RSADoPrivate(a){if(this.p==null||this.q==null){return a.modPow(this.d,this.n)}var c=a.mod(this.p).modPow(this.dmp1,this.p);var b=a.mod(this.q).modPow(this.dmq1,this.q);while(c.compareTo(b)<0){c=c.add(this.p)}return c.subtract(b).multiply(this.coeff).mod(this.p).multiply(this.q).add(b)}function RSADecrypt(b){var d=parseBigInt(b,16);var a=this.doPrivate(d);if(a==null){return null}return pkcs1unpad2(a,(this.n.bitLength()+7)>>3)}function RSADecryptOAEP(d,b){var e=parseBigInt(d,16);var a=this.doPrivate(e);if(a==null){return null}return oaep_unpad(a,(this.n.bitLength()+7)>>3,b)}RSAKey.prototype.doPrivate=RSADoPrivate;RSAKey.prototype.setPrivate=RSASetPrivate;RSAKey.prototype.setPrivateEx=RSASetPrivateEx;RSAKey.prototype.generate=RSAGenerate;RSAKey.prototype.decrypt=RSADecrypt;RSAKey.prototype.decryptOAEP=RSADecryptOAEP; +/*! (c) Tom Wu | http://www-cs-students.stanford.edu/~tjw/jsbn/ + */ +function ECFieldElementFp(b,a){this.x=a;this.q=b}function feFpEquals(a){if(a==this){return true}return(this.q.equals(a.q)&&this.x.equals(a.x))}function feFpToBigInteger(){return this.x}function feFpNegate(){return new ECFieldElementFp(this.q,this.x.negate().mod(this.q))}function feFpAdd(a){return new ECFieldElementFp(this.q,this.x.add(a.toBigInteger()).mod(this.q))}function feFpSubtract(a){return new ECFieldElementFp(this.q,this.x.subtract(a.toBigInteger()).mod(this.q))}function feFpMultiply(a){return new ECFieldElementFp(this.q,this.x.multiply(a.toBigInteger()).mod(this.q))}function feFpSquare(){return new ECFieldElementFp(this.q,this.x.square().mod(this.q))}function feFpDivide(a){return new ECFieldElementFp(this.q,this.x.multiply(a.toBigInteger().modInverse(this.q)).mod(this.q))}ECFieldElementFp.prototype.equals=feFpEquals;ECFieldElementFp.prototype.toBigInteger=feFpToBigInteger;ECFieldElementFp.prototype.negate=feFpNegate;ECFieldElementFp.prototype.add=feFpAdd;ECFieldElementFp.prototype.subtract=feFpSubtract;ECFieldElementFp.prototype.multiply=feFpMultiply;ECFieldElementFp.prototype.square=feFpSquare;ECFieldElementFp.prototype.divide=feFpDivide;function ECPointFp(c,a,d,b){this.curve=c;this.x=a;this.y=d;if(b==null){this.z=BigInteger.ONE}else{this.z=b}this.zinv=null}function pointFpGetX(){if(this.zinv==null){this.zinv=this.z.modInverse(this.curve.q)}return this.curve.fromBigInteger(this.x.toBigInteger().multiply(this.zinv).mod(this.curve.q))}function pointFpGetY(){if(this.zinv==null){this.zinv=this.z.modInverse(this.curve.q)}return this.curve.fromBigInteger(this.y.toBigInteger().multiply(this.zinv).mod(this.curve.q))}function pointFpEquals(a){if(a==this){return true}if(this.isInfinity()){return a.isInfinity()}if(a.isInfinity()){return this.isInfinity()}var c,b;c=a.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(a.z)).mod(this.curve.q);if(!c.equals(BigInteger.ZERO)){return false}b=a.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(a.z)).mod(this.curve.q);return b.equals(BigInteger.ZERO)}function pointFpIsInfinity(){if((this.x==null)&&(this.y==null)){return true}return this.z.equals(BigInteger.ZERO)&&!this.y.toBigInteger().equals(BigInteger.ZERO)}function pointFpNegate(){return new ECPointFp(this.curve,this.x,this.y.negate(),this.z)}function pointFpAdd(l){if(this.isInfinity()){return l}if(l.isInfinity()){return this}var p=l.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(l.z)).mod(this.curve.q);var o=l.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(l.z)).mod(this.curve.q);if(BigInteger.ZERO.equals(o)){if(BigInteger.ZERO.equals(p)){return this.twice()}return this.curve.getInfinity()}var j=new BigInteger("3");var e=this.x.toBigInteger();var n=this.y.toBigInteger();var c=l.x.toBigInteger();var k=l.y.toBigInteger();var m=o.square();var i=m.multiply(o);var d=e.multiply(m);var g=p.square().multiply(this.z);var a=g.subtract(d.shiftLeft(1)).multiply(l.z).subtract(i).multiply(o).mod(this.curve.q);var h=d.multiply(j).multiply(p).subtract(n.multiply(i)).subtract(g.multiply(p)).multiply(l.z).add(p.multiply(i)).mod(this.curve.q);var f=i.multiply(this.z).multiply(l.z).mod(this.curve.q);return new ECPointFp(this.curve,this.curve.fromBigInteger(a),this.curve.fromBigInteger(h),f)}function pointFpTwice(){if(this.isInfinity()){return this}if(this.y.toBigInteger().signum()==0){return this.curve.getInfinity()}var g=new BigInteger("3");var c=this.x.toBigInteger();var h=this.y.toBigInteger();var e=h.multiply(this.z);var j=e.multiply(h).mod(this.curve.q);var i=this.curve.a.toBigInteger();var k=c.square().multiply(g);if(!BigInteger.ZERO.equals(i)){k=k.add(this.z.square().multiply(i))}k=k.mod(this.curve.q);var b=k.square().subtract(c.shiftLeft(3).multiply(j)).shiftLeft(1).multiply(e).mod(this.curve.q);var f=k.multiply(g).multiply(c).subtract(j.shiftLeft(1)).shiftLeft(2).multiply(j).subtract(k.square().multiply(k)).mod(this.curve.q);var d=e.square().multiply(e).shiftLeft(3).mod(this.curve.q);return new ECPointFp(this.curve,this.curve.fromBigInteger(b),this.curve.fromBigInteger(f),d)}function pointFpMultiply(b){if(this.isInfinity()){return this}if(b.signum()==0){return this.curve.getInfinity()}var g=b;var f=g.multiply(new BigInteger("3"));var l=this.negate();var d=this;var c;for(c=f.bitLength()-2;c>0;--c){d=d.twice();var a=f.testBit(c);var j=g.testBit(c);if(a!=j){d=d.add(a?this:l)}}return d}function pointFpMultiplyTwo(c,a,b){var d;if(c.bitLength()>b.bitLength()){d=c.bitLength()-1}else{d=b.bitLength()-1}var f=this.curve.getInfinity();var e=this.add(a);while(d>=0){f=f.twice();if(c.testBit(d)){if(b.testBit(d)){f=f.add(e)}else{f=f.add(this)}}else{if(b.testBit(d)){f=f.add(a)}}--d}return f}ECPointFp.prototype.getX=pointFpGetX;ECPointFp.prototype.getY=pointFpGetY;ECPointFp.prototype.equals=pointFpEquals;ECPointFp.prototype.isInfinity=pointFpIsInfinity;ECPointFp.prototype.negate=pointFpNegate;ECPointFp.prototype.add=pointFpAdd;ECPointFp.prototype.twice=pointFpTwice;ECPointFp.prototype.multiply=pointFpMultiply;ECPointFp.prototype.multiplyTwo=pointFpMultiplyTwo;function ECCurveFp(e,d,c){this.q=e;this.a=this.fromBigInteger(d);this.b=this.fromBigInteger(c);this.infinity=new ECPointFp(this,null,null)}function curveFpGetQ(){return this.q}function curveFpGetA(){return this.a}function curveFpGetB(){return this.b}function curveFpEquals(a){if(a==this){return true}return(this.q.equals(a.q)&&this.a.equals(a.a)&&this.b.equals(a.b))}function curveFpGetInfinity(){return this.infinity}function curveFpFromBigInteger(a){return new ECFieldElementFp(this.q,a)}function curveFpDecodePointHex(d){switch(parseInt(d.substr(0,2),16)){case 0:return this.infinity;case 2:case 3:return null;case 4:case 6:case 7:var a=(d.length-2)/2;var c=d.substr(2,a);var b=d.substr(a+2,a);return new ECPointFp(this,this.fromBigInteger(new BigInteger(c,16)),this.fromBigInteger(new BigInteger(b,16)));default:return null}}ECCurveFp.prototype.getQ=curveFpGetQ;ECCurveFp.prototype.getA=curveFpGetA;ECCurveFp.prototype.getB=curveFpGetB;ECCurveFp.prototype.equals=curveFpEquals;ECCurveFp.prototype.getInfinity=curveFpGetInfinity;ECCurveFp.prototype.fromBigInteger=curveFpFromBigInteger;ECCurveFp.prototype.decodePointHex=curveFpDecodePointHex; +/*! (c) Stefan Thomas | https://github.com/bitcoinjs/bitcoinjs-lib + */ +ECFieldElementFp.prototype.getByteLength=function(){return Math.floor((this.toBigInteger().bitLength()+7)/8)};ECPointFp.prototype.getEncoded=function(c){var d=function(h,f){var g=h.toByteArrayUnsigned();if(fg.length){g.unshift(0)}}return g};var a=this.getX().toBigInteger();var e=this.getY().toBigInteger();var b=d(a,32);if(c){if(e.isEven()){b.unshift(2)}else{b.unshift(3)}}else{b.unshift(4);b=b.concat(d(e,32))}return b};ECPointFp.decodeFrom=function(g,c){var f=c[0];var e=c.length-1;var d=c.slice(1,1+e/2);var b=c.slice(1+e/2,1+e);d.unshift(0);b.unshift(0);var a=new BigInteger(d);var h=new BigInteger(b);return new ECPointFp(g,g.fromBigInteger(a),g.fromBigInteger(h))};ECPointFp.decodeFromHex=function(g,c){var f=c.substr(0,2);var e=c.length-2;var d=c.substr(2,e/2);var b=c.substr(2+e/2,e/2);var a=new BigInteger(d,16);var h=new BigInteger(b,16);return new ECPointFp(g,g.fromBigInteger(a),g.fromBigInteger(h))};ECPointFp.prototype.add2D=function(c){if(this.isInfinity()){return c}if(c.isInfinity()){return this}if(this.x.equals(c.x)){if(this.y.equals(c.y)){return this.twice()}return this.curve.getInfinity()}var g=c.x.subtract(this.x);var e=c.y.subtract(this.y);var a=e.divide(g);var d=a.square().subtract(this.x).subtract(c.x);var f=a.multiply(this.x.subtract(d)).subtract(this.y);return new ECPointFp(this.curve,d,f)};ECPointFp.prototype.twice2D=function(){if(this.isInfinity()){return this}if(this.y.toBigInteger().signum()==0){return this.curve.getInfinity()}var b=this.curve.fromBigInteger(BigInteger.valueOf(2));var e=this.curve.fromBigInteger(BigInteger.valueOf(3));var a=this.x.square().multiply(e).add(this.curve.a).divide(this.y.multiply(b));var c=a.square().subtract(this.x.multiply(b));var d=a.multiply(this.x.subtract(c)).subtract(this.y);return new ECPointFp(this.curve,c,d)};ECPointFp.prototype.multiply2D=function(b){if(this.isInfinity()){return this}if(b.signum()==0){return this.curve.getInfinity()}var g=b;var f=g.multiply(new BigInteger("3"));var l=this.negate();var d=this;var c;for(c=f.bitLength()-2;c>0;--c){d=d.twice();var a=f.testBit(c);var j=g.testBit(c);if(a!=j){d=d.add2D(a?this:l)}}return d};ECPointFp.prototype.isOnCurve=function(){var d=this.getX().toBigInteger();var i=this.getY().toBigInteger();var f=this.curve.getA().toBigInteger();var c=this.curve.getB().toBigInteger();var h=this.curve.getQ();var e=i.multiply(i).mod(h);var g=d.multiply(d).multiply(d).add(f.multiply(d)).add(c).mod(h);return e.equals(g)};ECPointFp.prototype.toString=function(){return"("+this.getX().toBigInteger().toString()+","+this.getY().toBigInteger().toString()+")"};ECPointFp.prototype.validate=function(){var c=this.curve.getQ();if(this.isInfinity()){throw new Error("Point is at infinity.")}var a=this.getX().toBigInteger();var b=this.getY().toBigInteger();if(a.compareTo(BigInteger.ONE)<0||a.compareTo(c.subtract(BigInteger.ONE))>0){throw new Error("x coordinate out of bounds")}if(b.compareTo(BigInteger.ONE)<0||b.compareTo(c.subtract(BigInteger.ONE))>0){throw new Error("y coordinate out of bounds")}if(!this.isOnCurve()){throw new Error("Point is not on the curve.")}if(this.multiply(c).isInfinity()){throw new Error("Point is not a scalar multiple of G.")}return true}; +/*! asn1-1.0.4.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license + */ +if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw"ASN.1 length too long to represent by 8x: n = "+i.toString(16)}var f=128+g;return f.toString(16)+h}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(this.s)};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(f){utc=f.getTime()+(f.getTimezoneOffset()*60000);var e=new Date(utc);return e};this.formatDate=function(j,l){var e=this.zeroPadding;var k=this.localDateToUTC(j);var m=String(k.getFullYear());if(l=="utc"){m=m.substr(2,2)}var i=e(String(k.getMonth()+1),2);var n=e(String(k.getDate()),2);var f=e(String(k.getHours()),2);var g=e(String(k.getMinutes()),2);var h=e(String(k.getSeconds()),2);return m+i+n+f+g+h+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";this.hTLV="0101ff"};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(a){KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(b){this.hTLV=null;this.isModified=true;this.hV=b};this.setUnusedBitsAndHexValue=function(b,d){if(b<0||7=(b*2))){break}if(d>=200){break}c.push(e);g=e;d++}return c};this.getNthChildIndex_AtObj=function(d,b,e){var c=this.getPosArrayOfChildren_AtObj(d,b);return c[e]};this.getDecendantIndexByNthList=function(e,d,c){if(c.length==0){return d}var f=c.shift();var b=this.getPosArrayOfChildren_AtObj(e,d);return this.getDecendantIndexByNthList(e,b[f],c)};this.getDecendantHexTLVByNthList=function(d,c,b){var a=this.getDecendantIndexByNthList(d,c,b);return this.getHexOfTLV_AtObj(d,a)};this.getDecendantHexVByNthList=function(d,c,b){var a=this.getDecendantIndexByNthList(d,c,b);return this.getHexOfV_AtObj(d,a)}};ASN1HEX.getVbyList=function(d,c,b,e){var a=this.getDecendantIndexByNthList(d,c,b);if(a===undefined){throw"can't find nthList object"}if(e!==undefined){if(d.substr(a,2)!=e){throw"checking tag doesn't match: "+d.substr(a,2)+"!="+e}}return this.getHexOfV_AtObj(d,a)}; +/*! asn1x509-1.0.8.js (c) 2013-2014 Kenji Urushima | kjur.github.com/jsrsasign/license + */ +if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}if(typeof KJUR.asn1.x509=="undefined"||!KJUR.asn1.x509){KJUR.asn1.x509={}}KJUR.asn1.x509.Certificate=function(g){KJUR.asn1.x509.Certificate.superclass.constructor.call(this);var b=null;var d=null;var f=null;var c=null;var a=null;var e=null;this.setRsaPrvKeyByPEMandPass=function(i,k){var h=PKCS5PKEY.getDecryptedKeyHex(i,k);var j=new RSAKey();j.readPrivateKeyFromASN1HexString(h);this.prvKey=j};this.sign=function(){this.asn1SignatureAlg=this.asn1TBSCert.asn1SignatureAlg;sig=new KJUR.crypto.Signature({alg:"SHA1withRSA"});sig.init(this.prvKey);sig.updateHex(this.asn1TBSCert.getEncodedHex());this.hexSig=sig.sign();this.asn1Sig=new KJUR.asn1.DERBitString({hex:"00"+this.hexSig});var h=new KJUR.asn1.DERSequence({array:[this.asn1TBSCert,this.asn1SignatureAlg,this.asn1Sig]});this.hTLV=h.getEncodedHex();this.isModified=false};this.setSignatureHex=function(h){this.asn1SignatureAlg=this.asn1TBSCert.asn1SignatureAlg;this.hexSig=h;this.asn1Sig=new KJUR.asn1.DERBitString({hex:"00"+this.hexSig});var i=new KJUR.asn1.DERSequence({array:[this.asn1TBSCert,this.asn1SignatureAlg,this.asn1Sig]});this.hTLV=i.getEncodedHex();this.isModified=false};this.getEncodedHex=function(){if(this.isModified==false&&this.hTLV!=null){return this.hTLV}throw"not signed yet"};this.getPEMString=function(){var j=this.getEncodedHex();var h=CryptoJS.enc.Hex.parse(j);var i=CryptoJS.enc.Base64.stringify(h);var k=i.replace(/(.{64})/g,"$1\r\n");return"-----BEGIN CERTIFICATE-----\r\n"+k+"\r\n-----END CERTIFICATE-----\r\n"};if(typeof g!="undefined"){if(typeof g.tbscertobj!="undefined"){this.asn1TBSCert=g.tbscertobj}if(typeof g.prvkeyobj!="undefined"){this.prvKey=g.prvkeyobj}else{if(typeof g.rsaprvkey!="undefined"){this.prvKey=g.rsaprvkey}else{if((typeof g.rsaprvpem!="undefined")&&(typeof g.rsaprvpas!="undefined")){this.setRsaPrvKeyByPEMandPass(g.rsaprvpem,g.rsaprvpas)}}}}};YAHOO.lang.extend(KJUR.asn1.x509.Certificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.TBSCertificate=function(a){KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this);this._initialize=function(){this.asn1Array=new Array();this.asn1Version=new KJUR.asn1.DERTaggedObject({obj:new KJUR.asn1.DERInteger({"int":2})});this.asn1SerialNumber=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1NotBefore=null;this.asn1NotAfter=null;this.asn1Subject=null;this.asn1SubjPKey=null;this.extensionsArray=new Array()};this.setSerialNumberByParam=function(b){this.asn1SerialNumber=new KJUR.asn1.DERInteger(b)};this.setSignatureAlgByParam=function(b){this.asn1SignatureAlg=new KJUR.asn1.x509.AlgorithmIdentifier(b)};this.setIssuerByParam=function(b){this.asn1Issuer=new KJUR.asn1.x509.X500Name(b)};this.setNotBeforeByParam=function(b){this.asn1NotBefore=new KJUR.asn1.x509.Time(b)};this.setNotAfterByParam=function(b){this.asn1NotAfter=new KJUR.asn1.x509.Time(b)};this.setSubjectByParam=function(b){this.asn1Subject=new KJUR.asn1.x509.X500Name(b)};this.setSubjectPublicKeyByParam=function(b){this.asn1SubjPKey=new KJUR.asn1.x509.SubjectPublicKeyInfo(b)};this.setSubjectPublicKeyByGetKey=function(c){var b=KEYUTIL.getKey(c);this.asn1SubjPKey=new KJUR.asn1.x509.SubjectPublicKeyInfo(b)};this.appendExtension=function(b){this.extensionsArray.push(b)};this.appendExtensionByName=function(d,b){if(d.toLowerCase()=="basicconstraints"){var c=new KJUR.asn1.x509.BasicConstraints(b);this.appendExtension(c)}else{if(d.toLowerCase()=="keyusage"){var c=new KJUR.asn1.x509.KeyUsage(b);this.appendExtension(c)}else{if(d.toLowerCase()=="crldistributionpoints"){var c=new KJUR.asn1.x509.CRLDistributionPoints(b);this.appendExtension(c)}else{if(d.toLowerCase()=="extkeyusage"){var c=new KJUR.asn1.x509.ExtKeyUsage(b);this.appendExtension(c)}else{if(d.toLowerCase()=="authoritykeyidentifier"){var c=new KJUR.asn1.x509.AuthorityKeyIdentifier(b);this.appendExtension(c)}else{throw"unsupported extension name: "+d}}}}}};this.getEncodedHex=function(){if(this.asn1NotBefore==null||this.asn1NotAfter==null){throw"notBefore and/or notAfter not set"}var c=new KJUR.asn1.DERSequence({array:[this.asn1NotBefore,this.asn1NotAfter]});this.asn1Array=new Array();this.asn1Array.push(this.asn1Version);this.asn1Array.push(this.asn1SerialNumber);this.asn1Array.push(this.asn1SignatureAlg);this.asn1Array.push(this.asn1Issuer);this.asn1Array.push(c);this.asn1Array.push(this.asn1Subject);this.asn1Array.push(this.asn1SubjPKey);if(this.extensionsArray.length>0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(a){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(b){var c=b.split("/");c.shift();for(var d=0;dd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f=0;--p){q=q.twice2D();q.z=BigInteger.ONE;if(o.testBit(p)){if(n.testBit(p)){q=q.add2D(t)}else{q=q.add2D(s)}}else{if(n.testBit(p)){q=q.add2D(r)}}}return q}this.getBigRandom=function(i){return new BigInteger(i.bitLength(),a).mod(i.subtract(BigInteger.ONE)).add(BigInteger.ONE)};this.setNamedCurve=function(i){this.ecparams=KJUR.crypto.ECParameterDB.getByName(i);this.prvKeyHex=null;this.pubKeyHex=null;this.curveName=i};this.setPrivateKeyHex=function(i){this.isPrivate=true;this.prvKeyHex=i};this.setPublicKeyHex=function(i){this.isPublic=true;this.pubKeyHex=i};this.generateKeyPairHex=function(){var k=this.ecparams.n;var n=this.getBigRandom(k);var l=this.ecparams.G.multiply(n);var q=l.getX().toBigInteger();var o=l.getY().toBigInteger();var i=this.ecparams.keylen/4;var m=("0000000000"+n.toString(16)).slice(-i);var r=("0000000000"+q.toString(16)).slice(-i);var p=("0000000000"+o.toString(16)).slice(-i);var j="04"+r+p;this.setPrivateKeyHex(m);this.setPublicKeyHex(j);return{ecprvhex:m,ecpubhex:j}};this.signWithMessageHash=function(i){return this.signHex(i,this.prvKeyHex)};this.signHex=function(o,j){var t=new BigInteger(j,16);var l=this.ecparams.n;var q=new BigInteger(o,16);do{var m=this.getBigRandom(l);var u=this.ecparams.G;var p=u.multiply(m);var i=p.getX().toBigInteger().mod(l)}while(i.compareTo(BigInteger.ZERO)<=0);var v=m.modInverse(l).multiply(q.add(t.multiply(i))).mod(l);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(i,v)};this.sign=function(m,u){var q=u;var j=this.ecparams.n;var p=BigInteger.fromByteArrayUnsigned(m);do{var l=this.getBigRandom(j);var t=this.ecparams.G;var o=t.multiply(l);var i=o.getX().toBigInteger().mod(j)}while(i.compareTo(BigInteger.ZERO)<=0);var v=l.modInverse(j).multiply(p.add(q.multiply(i))).mod(j);return this.serializeSig(i,v)};this.verifyWithMessageHash=function(j,i){return this.verifyHex(j,i,this.pubKeyHex)};this.verifyHex=function(m,i,p){var l,j;var o=KJUR.crypto.ECDSA.parseSigHex(i);l=o.r;j=o.s;var k;k=ECPointFp.decodeFromHex(this.ecparams.curve,p);var n=new BigInteger(m,16);return this.verifyRaw(n,l,j,k)};this.verify=function(o,p,j){var l,i;if(Bitcoin.Util.isArray(p)){var n=this.parseSig(p);l=n.r;i=n.s}else{if("object"===typeof p&&p.r&&p.s){l=p.r;i=p.s}else{throw"Invalid value for signature"}}var k;if(j instanceof ECPointFp){k=j}else{if(Bitcoin.Util.isArray(j)){k=ECPointFp.decodeFrom(this.ecparams.curve,j)}else{throw"Invalid format for pubkey value, must be byte array or ECPointFp"}}var m=BigInteger.fromByteArrayUnsigned(o);return this.verifyRaw(m,l,i,k)};this.verifyRaw=function(o,i,w,m){var l=this.ecparams.n;var u=this.ecparams.G;if(i.compareTo(BigInteger.ONE)<0||i.compareTo(l)>=0){return false}if(w.compareTo(BigInteger.ONE)<0||w.compareTo(l)>=0){return false}var p=w.modInverse(l);var k=o.multiply(p).mod(l);var j=i.multiply(p).mod(l);var q=u.multiply(k).add(m.multiply(j));var t=q.getX().toBigInteger().mod(l);return t.equals(i)};this.serializeSig=function(k,j){var l=k.toByteArraySigned();var i=j.toByteArraySigned();var m=[];m.push(2);m.push(l.length);m=m.concat(l);m.push(2);m.push(i.length);m=m.concat(i);m.unshift(m.length);m.unshift(48);return m};this.parseSig=function(n){var m;if(n[0]!=48){throw new Error("Signature not a valid DERSequence")}m=2;if(n[m]!=2){throw new Error("First element in signature must be a DERInteger")}var l=n.slice(m+2,m+2+n[m+1]);m+=2+n[m+1];if(n[m]!=2){throw new Error("Second element in signature must be a DERInteger")}var i=n.slice(m+2,m+2+n[m+1]);m+=2+n[m+1];var k=BigInteger.fromByteArrayUnsigned(l);var j=BigInteger.fromByteArrayUnsigned(i);return{r:k,s:j}};this.parseSigCompact=function(m){if(m.length!==65){throw"Signature has the wrong length"}var j=m[0]-27;if(j<0||j>7){throw"Invalid signature type"}var o=this.ecparams.n;var l=BigInteger.fromByteArrayUnsigned(m.slice(1,33)).mod(o);var k=BigInteger.fromByteArrayUnsigned(m.slice(33,65)).mod(o);return{r:l,s:k,i:j}};if(h!==undefined){if(h.curve!==undefined){this.curveName=h.curve}}if(this.curveName===undefined){this.curveName=e}this.setNamedCurve(this.curveName);if(h!==undefined){if(h.prv!==undefined){this.setPrivateKeyHex(h.prv)}if(h.pub!==undefined){this.setPublicKeyHex(h.pub)}}};KJUR.crypto.ECDSA.parseSigHex=function(a){var b=KJUR.crypto.ECDSA.parseSigHexInHexRS(a);var d=new BigInteger(b.r,16);var c=new BigInteger(b.s,16);return{r:d,s:c}};KJUR.crypto.ECDSA.parseSigHexInHexRS=function(c){if(c.substr(0,2)!="30"){throw"signature is not a ASN.1 sequence"}var b=ASN1HEX.getPosArrayOfChildren_AtObj(c,0);if(b.length!=2){throw"number of signature ASN.1 sequence elements seem wrong"}var g=b[0];var f=b[1];if(c.substr(g,2)!="02"){throw"1st item of sequene of signature is not ASN.1 integer"}if(c.substr(f,2)!="02"){throw"2nd item of sequene of signature is not ASN.1 integer"}var e=ASN1HEX.getHexOfV_AtObj(c,g);var d=ASN1HEX.getHexOfV_AtObj(c,f);return{r:e,s:d}};KJUR.crypto.ECDSA.asn1SigToConcatSig=function(c){var d=KJUR.crypto.ECDSA.parseSigHexInHexRS(c);var b=d.r;var a=d.s;if(b.substr(0,2)=="00"&&(((b.length/2)*8)%(16*8))==8){b=b.substr(2)}if(a.substr(0,2)=="00"&&(((a.length/2)*8)%(16*8))==8){a=a.substr(2)}if((((b.length/2)*8)%(16*8))!=0){throw"unknown ECDSA sig r length error"}if((((a.length/2)*8)%(16*8))!=0){throw"unknown ECDSA sig s length error"}return b+a};KJUR.crypto.ECDSA.concatSigToASN1Sig=function(a){if((((a.length/2)*8)%(16*8))!=0){throw"unknown ECDSA concatinated r-s sig length error"}var c=a.substr(0,a.length/2);var b=a.substr(a.length/2);return KJUR.crypto.ECDSA.hexRSSigToASN1Sig(c,b)};KJUR.crypto.ECDSA.hexRSSigToASN1Sig=function(b,a){var d=new BigInteger(b,16);var c=new BigInteger(a,16);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(d,c)};KJUR.crypto.ECDSA.biRSSigToASN1Sig=function(e,c){var b=new KJUR.asn1.DERInteger({bigint:e});var a=new KJUR.asn1.DERInteger({bigint:c});var d=new KJUR.asn1.DERSequence({array:[b,a]});return d.getEncodedHex()}; +/*! ecparam-1.0.0.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license + */ +if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.ECParameterDB=new function(){var b={};var c={};function a(d){return new BigInteger(d,16)}this.getByName=function(e){var d=e;if(typeof c[d]!="undefined"){d=c[e]}if(typeof b[d]!="undefined"){return b[d]}throw"unregistered EC curve name: "+d};this.regist=function(A,l,o,g,m,e,j,f,k,u,d,x){b[A]={};var s=a(o);var z=a(g);var y=a(m);var t=a(e);var w=a(j);var r=new ECCurveFp(s,z,y);var q=r.decodePointHex("04"+f+k);b[A]["name"]=A;b[A]["keylen"]=l;b[A]["curve"]=r;b[A]["G"]=q;b[A]["n"]=t;b[A]["h"]=w;b[A]["oid"]=d;b[A]["info"]=x;for(var v=0;v0||K.compareTo(u)>0||BigInteger.ZERO.compareTo(J)>0||J.compareTo(u)>0){throw"invalid DSA signature"}var I=J.modInverse(u);var A=D.multiply(I).mod(u);var v=K.multiply(I).mod(u);var F=G.modPow(A,z).multiply(H.modPow(v,z)).mod(z).mod(u);return F.compareTo(K)==0};this.parseASN1Signature=function(u){try{var y=new BigInteger(ASN1HEX.getVbyList(u,0,[0],"02"),16);var v=new BigInteger(ASN1HEX.getVbyList(u,0,[1],"02"),16);return[y,v]}catch(w){throw"malformed DSA signature"}};function d(E,w,B,v,u,C){var z=KJUR.crypto.Util.hashString(w,E.toLowerCase());var z=z.substr(0,u.bitLength()/4);var A=new BigInteger(z,16);var y=n(BigInteger.ONE.add(BigInteger.ONE),u.subtract(BigInteger.ONE));var F=(B.modPow(y,v)).mod(u);var D=(y.modInverse(u).multiply(A.add(C.multiply(F)))).mod(u);var G=new Array();G[0]=F;G[1]=D;return G}function r(v){var u=openpgp.config.config.prefer_hash_algorithm;switch(Math.round(v.bitLength()/8)){case 20:if(u!=2&&u>11&&u!=10&&u<8){return 2}return u;case 28:if(u>11&&u<8){return 11}return u;case 32:if(u>10&&u<8){return 8}return u;default:util.print_debug("DSA select hash algorithm: returning null for an unknown length of q");return null}}this.select_hash_algorithm=r;function m(I,K,J,B,z,u,F,G){var C=KJUR.crypto.Util.hashString(B,I.toLowerCase());var C=C.substr(0,u.bitLength()/4);var D=new BigInteger(C,16);if(BigInteger.ZERO.compareTo(K)>0||K.compareTo(u)>0||BigInteger.ZERO.compareTo(J)>0||J.compareTo(u)>0){util.print_error("invalid DSA Signature");return null}var H=J.modInverse(u);var A=D.multiply(H).mod(u);var v=K.multiply(H).mod(u);var E=F.modPow(A,z).multiply(G.modPow(v,z)).mod(z).mod(u);return E.compareTo(K)==0}function a(z){var A=new BigInteger(z,primeCenterie);var y=j(q,512);var u=t(p,q,z);var v;do{v=new BigInteger(q.bitCount(),rand)}while(x.compareTo(BigInteger.ZERO)!=1&&x.compareTo(q)!=-1);var w=g.modPow(x,p);return{x:v,q:A,p:y,g:u,y:w}}function j(y,z,w){if(z%64!=0){return false}var u;var v;do{u=w(bitcount,true);v=u.subtract(BigInteger.ONE);u=u.subtract(v.remainder(y))}while(!u.isProbablePrime(primeCenterie)||u.bitLength()!=l);return u}function t(B,z,A,w){var u=B.subtract(BigInteger.ONE);var y=u.divide(z);var v;do{v=w(A)}while(v.compareTo(u)!=-1&&v.compareTo(BigInteger.ONE)!=1);return v.modPow(y,B)}function o(w,y,u){var v;do{v=u(y,false)}while(v.compareTo(w)!=-1&&v.compareTo(BigInteger.ZERO)!=1);return v}function i(v,w){k=o(v);var u=g.modPow(k,w).mod(v);return u}function h(B,w,y,v,z,u){var A=B(v);s=(w.modInverse(z).multiply(A.add(u.multiply(y)))).mod(z);return s}this.sign=d;this.verify=m;function n(w,u){if(u.compareTo(w)<=0){return}var v=u.subtract(w);var y=e(v.bitLength());while(y>v){y=e(v.bitLength())}return w.add(y)}function e(w){if(w<0){return null}var u=Math.floor((w+7)/8);var v=c(u);if(w%8>0){v=String.fromCharCode((Math.pow(2,w%8)-1)&v.charCodeAt(0))+v.substring(1)}return new BigInteger(f(v),16)}function c(w){var u="";for(var v=0;v=s*2){break}}var x={};x.keyhex=v.substr(0,g[o]["keylen"]*2);x.ivhex=v.substr(g[o]["keylen"]*2,g[o]["ivlen"]*2);return x};var a=function(n,t,p,u){var q=CryptoJS.enc.Base64.parse(n);var o=CryptoJS.enc.Hex.stringify(q);var s=g[t]["proc"];var r=s(o,p,u);return r};var f=function(n,q,o,s){var p=g[q]["eproc"];var r=p(n,o,s);return r};return{version:"1.0.5",getHexFromPEM:function(o,r){var p=o;if(p.indexOf("BEGIN "+r)==-1){throw"can't find PEM header: "+r}p=p.replace("-----BEGIN "+r+"-----","");p=p.replace("-----END "+r+"-----","");var q=p.replace(/\s+/g,"");var n=b64tohex(q);return n},getDecryptedKeyHexByKeyIV:function(o,r,q,p){var n=b(r);return n(o,q,p)},parsePKCS5PEM:function(n){return l(n)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(o,n,p){return h(o,n,p)},decryptKeyB64:function(n,p,o,q){return a(n,p,o,q)},getDecryptedKeyHex:function(w,v){var o=l(w);var r=o.type;var p=o.cipher;var n=o.ivsalt;var q=o.data;var u=h(p,v,n);var t=u.keyhex;var s=a(q,p,t,n);return s},getRSAKeyFromEncryptedPKCS5PEM:function(p,o){var q=this.getDecryptedKeyHex(p,o);var n=new RSAKey();n.readPrivateKeyFromASN1HexString(q);return n},getEryptedPKCS5PEMFromPrvKeyHex:function(q,x,r,p){var n="";if(typeof r=="undefined"||r==null){r="AES-256-CBC"}if(typeof g[r]=="undefined"){throw"PKCS5PKEY unsupported algorithm: "+r}if(typeof p=="undefined"||p==null){var t=g[r]["ivlen"];var s=k(t);p=s.toUpperCase()}var w=h(r,x,p);var v=w.keyhex;var u=f(q,r,v,p);var o=u.replace(/(.{64})/g,"$1\r\n");var n="-----BEGIN RSA PRIVATE KEY-----\r\n";n+="Proc-Type: 4,ENCRYPTED\r\n";n+="DEK-Info: "+r+","+p+"\r\n";n+="\r\n";n+=o;n+="\r\n-----END RSA PRIVATE KEY-----\r\n";return n},getEryptedPKCS5PEMFromRSAKey:function(C,D,o,s){var A=new KJUR.asn1.DERInteger({"int":0});var v=new KJUR.asn1.DERInteger({bigint:C.n});var z=new KJUR.asn1.DERInteger({"int":C.e});var B=new KJUR.asn1.DERInteger({bigint:C.d});var t=new KJUR.asn1.DERInteger({bigint:C.p});var r=new KJUR.asn1.DERInteger({bigint:C.q});var y=new KJUR.asn1.DERInteger({bigint:C.dmp1});var u=new KJUR.asn1.DERInteger({bigint:C.dmq1});var x=new KJUR.asn1.DERInteger({bigint:C.coeff});var E=new KJUR.asn1.DERSequence({array:[A,v,z,B,t,r,y,u,x]});var w=E.getEncodedHex();return this.getEryptedPKCS5PEMFromPrvKeyHex(w,D,o,s)},newEncryptedPKCS5PEM:function(n,o,r,s){if(typeof o=="undefined"||o==null){o=1024}if(typeof r=="undefined"||r==null){r="10001"}var p=new RSAKey();p.generate(o,r);var q=null;if(typeof s=="undefined"||s==null){q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n)}else{q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n,s)}return q},getRSAKeyFromPlainPKCS8PEM:function(p){if(p.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var o=this.getHexFromPEM(p,"PRIVATE KEY");var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getRSAKeyFromPlainPKCS8Hex:function(q){var p=ASN1HEX.getPosArrayOfChildren_AtObj(q,0);if(p.length!=3){throw"outer DERSequence shall have 3 elements: "+p.length}var o=ASN1HEX.getHexOfTLV_AtObj(q,p[1]);if(o!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmIdentifier is not rsaEnc: "+o}var o=ASN1HEX.getHexOfTLV_AtObj(q,p[1]);var r=ASN1HEX.getHexOfTLV_AtObj(q,p[2]);var s=ASN1HEX.getHexOfV_AtObj(r,0);var n=new RSAKey();n.readPrivateKeyFromASN1HexString(s);return n},parseHexOfEncryptedPKCS8:function(u){var q={};var p=ASN1HEX.getPosArrayOfChildren_AtObj(u,0);if(p.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+p.length}q.ciphertext=ASN1HEX.getHexOfV_AtObj(u,p[1]);var w=ASN1HEX.getPosArrayOfChildren_AtObj(u,p[0]);if(w.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+w.length}if(ASN1HEX.getHexOfV_AtObj(u,w[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(u,w[1]);if(w.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+n.length}var o=ASN1HEX.getPosArrayOfChildren_AtObj(u,n[1]);if(o.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+o.length}if(ASN1HEX.getHexOfV_AtObj(u,o[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}q.encryptionSchemeAlg="TripleDES";q.encryptionSchemeIV=ASN1HEX.getHexOfV_AtObj(u,o[1]);var r=ASN1HEX.getPosArrayOfChildren_AtObj(u,n[0]);if(r.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+r.length}if(ASN1HEX.getHexOfV_AtObj(u,r[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var v=ASN1HEX.getPosArrayOfChildren_AtObj(u,r[1]);if(v.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+v.length}q.pbkdf2Salt=ASN1HEX.getHexOfV_AtObj(u,v[0]);var s=ASN1HEX.getHexOfV_AtObj(u,v[1]);try{q.pbkdf2Iter=parseInt(s,16)}catch(t){throw"malformed format pbkdf2Iter: "+s}return q},getPBKDF2KeyHexFromParam:function(s,n){var r=CryptoJS.enc.Hex.parse(s.pbkdf2Salt);var o=s.pbkdf2Iter;var q=CryptoJS.PBKDF2(n,r,{keySize:192/32,iterations:o});var p=CryptoJS.enc.Hex.stringify(q);return p},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(v,w){var p=this.getHexFromPEM(v,"ENCRYPTED PRIVATE KEY");var n=this.parseHexOfEncryptedPKCS8(p);var s=PKCS5PKEY.getPBKDF2KeyHexFromParam(n,w);var t={};t.ciphertext=CryptoJS.enc.Hex.parse(n.ciphertext);var r=CryptoJS.enc.Hex.parse(s);var q=CryptoJS.enc.Hex.parse(n.encryptionSchemeIV);var u=CryptoJS.TripleDES.decrypt(t,r,{iv:q});var o=CryptoJS.enc.Hex.stringify(u);return o},getRSAKeyFromEncryptedPKCS8PEM:function(q,p){var o=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,p);var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getKeyFromEncryptedPKCS8PEM:function(q,o){var n=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,o);var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},parsePlainPrivatePKCS8Hex:function(q){var o={};o.algparam=null;if(q.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(q,0);if(p.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(q.substr(p[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(q,p[1]);if(n.length!=2){throw"malformed PKCS8 private key(code:004)"}if(q.substr(n[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}o.algoid=ASN1HEX.getHexOfV_AtObj(q,n[0]);if(q.substr(n[1],2)=="06"){o.algparam=ASN1HEX.getHexOfV_AtObj(q,n[1])}if(q.substr(p[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}o.keyidx=ASN1HEX.getStartPosOfV_AtObj(q,p[2]);return o},getKeyFromPlainPrivatePKCS8PEM:function(o){var n=this.getHexFromPEM(o,"PRIVATE KEY");var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},getKeyFromPlainPrivatePKCS8Hex:function(n){var p=this.parsePlainPrivatePKCS8Hex(n);if(p.algoid=="2a864886f70d010101"){this.parsePrivateRawRSAKeyHexAtObj(n,p);var o=p.key;var q=new RSAKey();q.setPrivateEx(o.n,o.e,o.d,o.p,o.q,o.dp,o.dq,o.co);return q}else{if(p.algoid=="2a8648ce3d0201"){this.parsePrivateRawECKeyHexAtObj(n,p);if(KJUR.crypto.OID.oidhex2name[p.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+p.algparam}var r=KJUR.crypto.OID.oidhex2name[p.algparam];var q=new KJUR.crypto.ECDSA({curve:r,prv:p.key});return q}else{throw"unsupported private key algorithm"}}},getRSAKeyFromPublicPKCS8PEM:function(o){var p=this.getHexFromPEM(o,"PUBLIC KEY");var n=this.getRSAKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8PEM:function(o){var p=this.getHexFromPEM(o,"PUBLIC KEY");var n=this.getKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8Hex:function(o){var n=this.parsePublicPKCS8Hex(o);if(n.algoid=="2a864886f70d010101"){var r=this.parsePublicRawRSAKeyHex(n.key);var p=new RSAKey();p.setPublic(r.n,r.e);return p}else{if(n.algoid=="2a8648ce3d0201"){if(KJUR.crypto.OID.oidhex2name[n.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+n.algparam}var q=KJUR.crypto.OID.oidhex2name[n.algparam];var p=new KJUR.crypto.ECDSA({curve:q,pub:n.key});return p}else{throw"unsupported public key algorithm"}}},parsePublicRawRSAKeyHex:function(p){var n={};if(p.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var o=ASN1HEX.getPosArrayOfChildren_AtObj(p,0);if(o.length!=2){throw"malformed RSA key(code:002)"}if(p.substr(o[0],2)!="02"){throw"malformed RSA key(code:003)"}n.n=ASN1HEX.getHexOfV_AtObj(p,o[0]);if(p.substr(o[1],2)!="02"){throw"malformed RSA key(code:004)"}n.e=ASN1HEX.getHexOfV_AtObj(p,o[1]);return n},parsePrivateRawRSAKeyHexAtObj:function(o,q){var p=q.keyidx;if(o.substr(p,2)!="30"){throw"malformed RSA private key(code:001)"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(o,p);if(n.length!=9){throw"malformed RSA private key(code:002)"}q.key={};q.key.n=ASN1HEX.getHexOfV_AtObj(o,n[1]);q.key.e=ASN1HEX.getHexOfV_AtObj(o,n[2]);q.key.d=ASN1HEX.getHexOfV_AtObj(o,n[3]);q.key.p=ASN1HEX.getHexOfV_AtObj(o,n[4]);q.key.q=ASN1HEX.getHexOfV_AtObj(o,n[5]);q.key.dp=ASN1HEX.getHexOfV_AtObj(o,n[6]);q.key.dq=ASN1HEX.getHexOfV_AtObj(o,n[7]);q.key.co=ASN1HEX.getHexOfV_AtObj(o,n[8])},parsePrivateRawECKeyHexAtObj:function(o,q){var p=q.keyidx;if(o.substr(p,2)!="30"){throw"malformed ECC private key(code:001)"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(o,p);if(n.length!=3){throw"malformed ECC private key(code:002)"}if(o.substr(n[1],2)!="04"){throw"malformed ECC private key(code:003)"}q.key=ASN1HEX.getHexOfV_AtObj(o,n[1])},parsePublicPKCS8Hex:function(q){var o={};o.algparam=null;var p=ASN1HEX.getPosArrayOfChildren_AtObj(q,0);if(p.length!=2){throw"outer DERSequence shall have 2 elements: "+p.length}var r=p[0];if(q.substr(r,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(q,r);if(n.length!=2){throw"malformed PKCS8 public key(code:002)"}if(q.substr(n[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}o.algoid=ASN1HEX.getHexOfV_AtObj(q,n[0]);if(q.substr(n[1],2)=="06"){o.algparam=ASN1HEX.getHexOfV_AtObj(q,n[1])}if(q.substr(p[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}o.key=ASN1HEX.getHexOfV_AtObj(q,p[1]).substr(2);return o},getRSAKeyFromPublicPKCS8Hex:function(r){var q=ASN1HEX.getPosArrayOfChildren_AtObj(r,0);if(q.length!=2){throw"outer DERSequence shall have 2 elements: "+q.length}var p=ASN1HEX.getHexOfTLV_AtObj(r,q[0]);if(p!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmId is not rsaEncryption"}if(r.substr(q[1],2)!="03"){throw"PKCS8 Public Key is not BITSTRING encapslated."}var t=ASN1HEX.getStartPosOfV_AtObj(r,q[1])+2;if(r.substr(t,2)!="30"){throw"PKCS8 Public Key is not SEQUENCE."}var n=ASN1HEX.getPosArrayOfChildren_AtObj(r,t);if(n.length!=2){throw"inner DERSequence shall have 2 elements: "+n.length}if(r.substr(n[0],2)!="02"){throw"N is not ASN.1 INTEGER"}if(r.substr(n[1],2)!="02"){throw"E is not ASN.1 INTEGER"}var u=ASN1HEX.getHexOfV_AtObj(r,n[0]);var s=ASN1HEX.getHexOfV_AtObj(r,n[1]);var o=new RSAKey();o.setPublic(u,s);return o},}}(); +/*! keyutil-1.0.5.js (c) 2013-2014 Kenji Urushima | kjur.github.com/jsrsasign/license + */ +var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(t){var u={};if(t.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"))){u.cipher=RegExp.$1;u.ivsalt=RegExp.$2}if(t.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"))){u.type=RegExp.$1}var r=-1;var v=0;if(t.indexOf("\r\n\r\n")!=-1){r=t.indexOf("\r\n\r\n");v=2}if(t.indexOf("\n\n")!=-1){r=t.indexOf("\n\n");v=1}var q=t.indexOf("-----END");if(r!=-1&&q!=-1){var p=t.substring(r+v*2,q-v);p=p.replace(/\s+/g,"");u.data=p}return u};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",getHexFromPEM:function(q,u){var r=q;if(r.indexOf("BEGIN "+u)==-1){throw"can't find PEM header: "+u}r=r.replace("-----BEGIN "+u+"-----","");r=r.replace("-----END "+u+"-----","");var t=r.replace(/\s+/g,"");var p=b64tohex(t);return p},getDecryptedKeyHexByKeyIV:function(q,t,s,r){var p=c(t);return p(q,s,r)},parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getRSAKeyFromEncryptedPKCS5PEM:function(r,q){var s=this.getDecryptedKeyHex(r,q);var p=new RSAKey();p.readPrivateKeyFromASN1HexString(s);return p},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},getEncryptedPKCS5PEMFromRSAKey:function(D,E,r,t){var B=new KJUR.asn1.DERInteger({"int":0});var w=new KJUR.asn1.DERInteger({bigint:D.n});var A=new KJUR.asn1.DERInteger({"int":D.e});var C=new KJUR.asn1.DERInteger({bigint:D.d});var u=new KJUR.asn1.DERInteger({bigint:D.p});var s=new KJUR.asn1.DERInteger({bigint:D.q});var z=new KJUR.asn1.DERInteger({bigint:D.dmp1});var v=new KJUR.asn1.DERInteger({bigint:D.dmq1});var y=new KJUR.asn1.DERInteger({bigint:D.coeff});var F=new KJUR.asn1.DERSequence({array:[B,w,A,C,u,s,z,v,y]});var x=F.getEncodedHex();return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",x,E,r,t)},newEncryptedPKCS5PEM:function(p,q,t,u){if(typeof q=="undefined"||q==null){q=1024}if(typeof t=="undefined"||t==null){t="10001"}var r=new RSAKey();r.generate(q,t);var s=null;if(typeof u=="undefined"||u==null){s=this.getEncryptedPKCS5PEMFromRSAKey(r,p)}else{s=this.getEncryptedPKCS5PEMFromRSAKey(r,p,u)}return s},getRSAKeyFromPlainPKCS8PEM:function(r){if(r.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var q=this.getHexFromPEM(r,"PRIVATE KEY");var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getRSAKeyFromPlainPKCS8Hex:function(s){var r=ASN1HEX.getPosArrayOfChildren_AtObj(s,0);if(r.length!=3){throw"outer DERSequence shall have 3 elements: "+r.length}var q=ASN1HEX.getHexOfTLV_AtObj(s,r[1]);if(q!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmIdentifier is not rsaEnc: "+q}var q=ASN1HEX.getHexOfTLV_AtObj(s,r[1]);var t=ASN1HEX.getHexOfTLV_AtObj(s,r[2]);var u=ASN1HEX.getHexOfV_AtObj(t,0);var p=new RSAKey();p.readPrivateKeyFromASN1HexString(u);return p},parseHexOfEncryptedPKCS8:function(w){var s={};var r=ASN1HEX.getPosArrayOfChildren_AtObj(w,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}s.ciphertext=ASN1HEX.getHexOfV_AtObj(w,r[1]);var y=ASN1HEX.getPosArrayOfChildren_AtObj(w,r[0]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+y.length}if(ASN1HEX.getHexOfV_AtObj(w,y[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(w,y[1]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=ASN1HEX.getPosArrayOfChildren_AtObj(w,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(ASN1HEX.getHexOfV_AtObj(w,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}s.encryptionSchemeAlg="TripleDES";s.encryptionSchemeIV=ASN1HEX.getHexOfV_AtObj(w,q[1]);var t=ASN1HEX.getPosArrayOfChildren_AtObj(w,p[0]);if(t.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+t.length}if(ASN1HEX.getHexOfV_AtObj(w,t[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=ASN1HEX.getPosArrayOfChildren_AtObj(w,t[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}s.pbkdf2Salt=ASN1HEX.getHexOfV_AtObj(w,x[0]);var u=ASN1HEX.getHexOfV_AtObj(w,x[1]);try{s.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return s},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=this.getHexFromPEM(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getRSAKeyFromEncryptedPKCS8PEM:function(s,r){var q=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,r);var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=ASN1HEX.getPosArrayOfChildren_AtObj(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=ASN1HEX.getHexOfV_AtObj(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=ASN1HEX.getHexOfV_AtObj(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=ASN1HEX.getStartPosOfV_AtObj(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=this.getHexFromPEM(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var w=this.parsePlainPrivatePKCS8Hex(p);if(w.algoid=="2a864886f70d010101"){this.parsePrivateRawRSAKeyHexAtObj(p,w);var u=w.key;var z=new RSAKey();z.setPrivateEx(u.n,u.e,u.d,u.p,u.q,u.dp,u.dq,u.co);return z}else{if(w.algoid=="2a8648ce3d0201"){this.parsePrivateRawECKeyHexAtObj(p,w);if(KJUR.crypto.OID.oidhex2name[w.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+w.algparam}var v=KJUR.crypto.OID.oidhex2name[w.algparam];var z=new KJUR.crypto.ECDSA({curve:v});z.setPublicKeyHex(w.pubkey);z.setPrivateKeyHex(w.key);z.isPublic=false;return z}else{if(w.algoid=="2a8648ce380401"){var t=ASN1HEX.getVbyList(p,0,[1,1,0],"02");var s=ASN1HEX.getVbyList(p,0,[1,1,1],"02");var y=ASN1HEX.getVbyList(p,0,[1,1,2],"02");var B=ASN1HEX.getVbyList(p,0,[2,0],"02");var r=new BigInteger(t,16);var q=new BigInteger(s,16);var x=new BigInteger(y,16);var A=new BigInteger(B,16);var z=new KJUR.crypto.DSA();z.setPrivate(r,q,x,null,A);return z}else{throw"unsupported private key algorithm"}}}},getRSAKeyFromPublicPKCS8PEM:function(q){var r=this.getHexFromPEM(q,"PUBLIC KEY");var p=this.getRSAKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8PEM:function(q){var r=this.getHexFromPEM(q,"PUBLIC KEY");var p=this.getKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8Hex:function(q){var p=this.parsePublicPKCS8Hex(q);if(p.algoid=="2a864886f70d010101"){var u=this.parsePublicRawRSAKeyHex(p.key);var r=new RSAKey();r.setPublic(u.n,u.e);return r}else{if(p.algoid=="2a8648ce3d0201"){if(KJUR.crypto.OID.oidhex2name[p.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+p.algparam}var s=KJUR.crypto.OID.oidhex2name[p.algparam];var r=new KJUR.crypto.ECDSA({curve:s,pub:p.key});return r}else{if(p.algoid=="2a8648ce380401"){var t=p.algparam;var v=ASN1HEX.getHexOfV_AtObj(p.key,0);var r=new KJUR.crypto.DSA();r.setPublic(new BigInteger(t.p,16),new BigInteger(t.q,16),new BigInteger(t.g,16),new BigInteger(v,16));return r}else{throw"unsupported public key algorithm"}}}},parsePublicRawRSAKeyHex:function(r){var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=ASN1HEX.getPosArrayOfChildren_AtObj(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=ASN1HEX.getHexOfV_AtObj(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=ASN1HEX.getHexOfV_AtObj(r,q[1]);return p},parsePrivateRawRSAKeyHexAtObj:function(q,s){var r=s.keyidx;if(q.substr(r,2)!="30"){throw"malformed RSA private key(code:001)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(q,r);if(p.length!=9){throw"malformed RSA private key(code:002)"}s.key={};s.key.n=ASN1HEX.getHexOfV_AtObj(q,p[1]);s.key.e=ASN1HEX.getHexOfV_AtObj(q,p[2]);s.key.d=ASN1HEX.getHexOfV_AtObj(q,p[3]);s.key.p=ASN1HEX.getHexOfV_AtObj(q,p[4]);s.key.q=ASN1HEX.getHexOfV_AtObj(q,p[5]);s.key.dp=ASN1HEX.getHexOfV_AtObj(q,p[6]);s.key.dq=ASN1HEX.getHexOfV_AtObj(q,p[7]);s.key.co=ASN1HEX.getHexOfV_AtObj(q,p[8])},parsePrivateRawECKeyHexAtObj:function(p,t){var q=t.keyidx;var r=ASN1HEX.getVbyList(p,q,[1],"04");var s=ASN1HEX.getVbyList(p,q,[2,0],"03").substr(2);t.key=r;t.pubkey=s},parsePublicPKCS8Hex:function(s){var q={};q.algparam=null;var r=ASN1HEX.getPosArrayOfChildren_AtObj(s,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var t=r[0];if(s.substr(t,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(s,t);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=ASN1HEX.getHexOfV_AtObj(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=ASN1HEX.getHexOfV_AtObj(s,p[1])}else{if(s.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=ASN1HEX.getVbyList(s,p[1],[0],"02");q.algparam.q=ASN1HEX.getVbyList(s,p[1],[1],"02");q.algparam.g=ASN1HEX.getVbyList(s,p[1],[2],"02")}}if(s.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=ASN1HEX.getHexOfV_AtObj(s,r[1]).substr(2);return q},getRSAKeyFromPublicPKCS8Hex:function(t){var s=ASN1HEX.getPosArrayOfChildren_AtObj(t,0);if(s.length!=2){throw"outer DERSequence shall have 2 elements: "+s.length}var r=ASN1HEX.getHexOfTLV_AtObj(t,s[0]);if(r!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmId is not rsaEncryption"}if(t.substr(s[1],2)!="03"){throw"PKCS8 Public Key is not BITSTRING encapslated."}var v=ASN1HEX.getStartPosOfV_AtObj(t,s[1])+2;if(t.substr(v,2)!="30"){throw"PKCS8 Public Key is not SEQUENCE."}var p=ASN1HEX.getPosArrayOfChildren_AtObj(t,v);if(p.length!=2){throw"inner DERSequence shall have 2 elements: "+p.length}if(t.substr(p[0],2)!="02"){throw"N is not ASN.1 INTEGER"}if(t.substr(p[1],2)!="02"){throw"E is not ASN.1 INTEGER"}var w=ASN1HEX.getHexOfV_AtObj(t,p[0]);var u=ASN1HEX.getHexOfV_AtObj(t,p[1]);var q=new RSAKey();q.setPublic(w,u);return q},}}();KEYUTIL.getKey=function(c,o,i){if(typeof RSAKey!="undefined"&&c instanceof RSAKey){return c}if(typeof KJUR.crypto.ECDSA!="undefined"&&c instanceof KJUR.crypto.ECDSA){return c}if(typeof KJUR.crypto.DSA!="undefined"&&c instanceof KJUR.crypto.DSA){return c}if(c.xy!==undefined&&c.curve!==undefined){return new KJUR.crypto.ECDSA({prv:c.xy,curve:c.curve})}if(c.n!==undefined&&c.e!==undefined&&c.d!==undefined&&c.p!==undefined&&c.q!==undefined&&c.dp!==undefined&&c.dq!==undefined&&c.co!==undefined){var n=new RSAKey();n.setPrivateEx(c.n,c.e,c.d,c.p,c.q,c.dp,c.dq,c.co);return n}if(c.p!==undefined&&c.q!==undefined&&c.g!==undefined&&c.y!==undefined&&c.x!==undefined){var n=new KJUR.crypto.DSA();n.setPrivate(c.p,c.q,c.g,c.y,c.x);return n}if(c.d!==undefined&&c.curve!==undefined){return new KJUR.crypto.ECDSA({pub:c.d,curve:c.curve})}if(c.n!==undefined&&c.e){var n=new RSAKey();n.setPublic(c.n,c.e);return n}if(c.p!==undefined&&c.q!==undefined&&c.g!==undefined&&c.y!==undefined&&c.x===undefined){var n=new KJUR.crypto.DSA();n.setPublic(c.p,c.q,c.g,c.y);return n}if(c.indexOf("-END CERTIFICATE-",0)!=-1||c.indexOf("-END X509 CERTIFICATE-",0)!=-1||c.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(c)}if(i==="pkcs8pub"){return KEYUTIL.getKeyFromPublicPKCS8Hex(c)}if(c.indexOf("-END PUBLIC KEY-")!=-1){return KEYUTIL.getKeyFromPublicPKCS8PEM(c)}if(i==="pkcs5prv"){var n=new RSAKey();n.readPrivateKeyFromASN1HexString(c);return n}if(i==="pkcs5prv"){var n=new RSAKey();n.readPrivateKeyFromASN1HexString(c);return n}if(c.indexOf("-END RSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")==-1){var n=new RSAKey();n.readPrivateKeyFromPEMString(c);return n}if(c.indexOf("-END DSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")==-1){var m=this.getHexFromPEM(c,"DSA PRIVATE KEY");var b=ASN1HEX.getVbyList(m,0,[1],"02");var a=ASN1HEX.getVbyList(m,0,[2],"02");var e=ASN1HEX.getVbyList(m,0,[3],"02");var k=ASN1HEX.getVbyList(m,0,[4],"02");var l=ASN1HEX.getVbyList(m,0,[5],"02");var n=new KJUR.crypto.DSA();n.setPrivate(new BigInteger(b,16),new BigInteger(a,16),new BigInteger(e,16),new BigInteger(k,16),new BigInteger(l,16));return n}if(c.indexOf("-END PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(c)}if(c.indexOf("-END RSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")!=-1){return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(c,o)}if(c.indexOf("-END EC PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")!=-1){var m=KEYUTIL.getDecryptedKeyHex(c,o);var n=ASN1HEX.getVbyList(m,0,[1],"04");var j=ASN1HEX.getVbyList(m,0,[2,0],"06");var d=ASN1HEX.getVbyList(m,0,[3,0],"03").substr(2);var h="";if(KJUR.crypto.OID.oidhex2name[j]!==undefined){h=KJUR.crypto.OID.oidhex2name[j]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+j}var f=new KJUR.crypto.ECDSA({name:h});f.setPublicKeyHex(d);f.setPrivateKeyHex(n);f.isPublic=false;return f}if(c.indexOf("-END DSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")!=-1){var m=KEYUTIL.getDecryptedKeyHex(c,o);var b=ASN1HEX.getVbyList(m,0,[1],"02");var a=ASN1HEX.getVbyList(m,0,[2],"02");var e=ASN1HEX.getVbyList(m,0,[3],"02");var k=ASN1HEX.getVbyList(m,0,[4],"02");var l=ASN1HEX.getVbyList(m,0,[5],"02");var n=new KJUR.crypto.DSA();n.setPrivate(new BigInteger(b,16),new BigInteger(a,16),new BigInteger(e,16),new BigInteger(k,16),new BigInteger(l,16));return n}if(c.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromEncryptedPKCS8PEM(c,o)}throw"not supported argument"};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPrivateKeyHex(j.ecprvhex);var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(a,r,o,g,j){var v=KJUR.asn1;var u=KJUR.crypto;function p(s){var w=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return w}function q(w){var s=KJUR.asn1.ASN1Util.newObject({seq:[{"int":1},{octstr:{hex:w.prvKeyHex}},{tag:["a0",true,{oid:{name:w.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+w.pubKeyHex}}]}]});return s}function n(s){var w=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return w}if(((typeof RSAKey!="undefined"&&a instanceof RSAKey)||(typeof u.DSA!="undefined"&&a instanceof u.DSA)||(typeof u.ECDSA!="undefined"&&a instanceof u.ECDSA))&&a.isPublic==true&&(r===undefined||r=="PKCS8PUB")){var t=new KJUR.asn1.x509.SubjectPublicKeyInfo(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"PUBLIC KEY")}if(r=="PKCS1PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&(o===undefined||o==null)&&a.isPrivate==true){var t=p(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"RSA PRIVATE KEY")}if(r=="PKCS1PRV"&&typeof RSAKey!="undefined"&&a instanceof KJUR.crypto.ECDSA&&(o===undefined||o==null)&&a.isPrivate==true){var f=new KJUR.asn1.DERObjectIdentifier({name:a.curveName});var l=f.getEncodedHex();var e=q(a);var k=e.getEncodedHex();var i="";i+=v.ASN1Util.getPEMStringFromHex(l,"EC PARAMETERS");i+=v.ASN1Util.getPEMStringFromHex(k,"EC PRIVATE KEY");return i}if(r=="PKCS1PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&(o===undefined||o==null)&&a.isPrivate==true){var t=n(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"DSA PRIVATE KEY")}if(r=="PKCS5PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=p(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",m,o,g)}if(r=="PKCS5PRV"&&typeof KJUR.crypto.ECDSA!="undefined"&&a instanceof KJUR.crypto.ECDSA&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=q(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",m,o,g)}if(r=="PKCS5PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=n(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",m,o,g)}var h=function(w,s){var y=b(w,s);var x=new KJUR.asn1.ASN1Util.newObject({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:y.pbkdf2Salt}},{"int":y.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:y.encryptionSchemeIV}}]}]}]},{octstr:{hex:y.ciphertext}}]});return x.getEncodedHex()};var b=function(D,E){var x=100;var C=CryptoJS.lib.WordArray.random(8);var B="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var y=CryptoJS.PBKDF2(E,C,{keySize:192/32,iterations:x});var z=CryptoJS.enc.Hex.parse(D);var A=CryptoJS.TripleDES.encrypt(z,y,{iv:s})+"";var w={};w.ciphertext=A;w.pbkdf2Salt=CryptoJS.enc.Hex.stringify(C);w.pbkdf2Iter=x;w.encryptionSchemeAlg=B;w.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return w};if(r=="PKCS8PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&a.isPrivate==true){var d=p(a);var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}if(r=="PKCS8PRV"&&typeof KJUR.crypto.ECDSA!="undefined"&&a instanceof KJUR.crypto.ECDSA&&a.isPrivate==true){var d=new KJUR.asn1.ASN1Util.newObject({seq:[{"int":1},{octstr:{hex:a.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+a.pubKeyHex}}]}]});var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:a.curveName}}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}if(r=="PKCS8PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&a.isPrivate==true){var d=new KJUR.asn1.DERInteger({bigint:a.x});var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:a.p}},{"int":{bigint:a.q}},{"int":{bigint:a.g}}]}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}throw"unsupported object nor format"};KEYUTIL.getKeyFromCSRPEM=function(b){var a=KEYUTIL.getHexFromPEM(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(c){var b={};var e=c;if(e.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var d=ASN1HEX.getPosArrayOfChildren_AtObj(e,0);if(d.length<1){throw"malformed CSR(code:002)"}if(e.substr(d[0],2)!="30"){throw"malformed CSR(code:003)"}var a=ASN1HEX.getPosArrayOfChildren_AtObj(e,d[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=ASN1HEX.getHexOfTLV_AtObj(e,a[2]);return b}; +/*! rsapem-1.1.js (c) 2012 Kenji Urushima | kjur.github.com/jsrsasign/license + */ +function _rsapem_pemToBase64(b){var a=b;a=a.replace("-----BEGIN RSA PRIVATE KEY-----","");a=a.replace("-----END RSA PRIVATE KEY-----","");a=a.replace(/[ \n]+/g,"");return a}function _rsapem_getPosArrayOfChildrenFromHex(d){var j=new Array();var k=ASN1HEX.getStartPosOfV_AtObj(d,0);var f=ASN1HEX.getPosOfNextSibling_AtObj(d,k);var h=ASN1HEX.getPosOfNextSibling_AtObj(d,f);var b=ASN1HEX.getPosOfNextSibling_AtObj(d,h);var l=ASN1HEX.getPosOfNextSibling_AtObj(d,b);var e=ASN1HEX.getPosOfNextSibling_AtObj(d,l);var g=ASN1HEX.getPosOfNextSibling_AtObj(d,e);var c=ASN1HEX.getPosOfNextSibling_AtObj(d,g);var i=ASN1HEX.getPosOfNextSibling_AtObj(d,c);j.push(k,f,h,b,l,e,g,c,i);return j}function _rsapem_getHexValueArrayOfChildrenFromHex(i){var o=_rsapem_getPosArrayOfChildrenFromHex(i);var r=ASN1HEX.getHexOfV_AtObj(i,o[0]);var f=ASN1HEX.getHexOfV_AtObj(i,o[1]);var j=ASN1HEX.getHexOfV_AtObj(i,o[2]);var k=ASN1HEX.getHexOfV_AtObj(i,o[3]);var c=ASN1HEX.getHexOfV_AtObj(i,o[4]);var b=ASN1HEX.getHexOfV_AtObj(i,o[5]);var h=ASN1HEX.getHexOfV_AtObj(i,o[6]);var g=ASN1HEX.getHexOfV_AtObj(i,o[7]);var l=ASN1HEX.getHexOfV_AtObj(i,o[8]);var m=new Array();m.push(r,f,j,k,c,b,h,g,l);return m}function _rsapem_readPrivateKeyFromASN1HexString(c){var b=_rsapem_getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])}function _rsapem_readPrivateKeyFromPEMString(e){var c=_rsapem_pemToBase64(e);var d=b64tohex(c);var b=_rsapem_getHexValueArrayOfChildrenFromHex(d);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])}RSAKey.prototype.readPrivateKeyFromPEMString=_rsapem_readPrivateKeyFromPEMString;RSAKey.prototype.readPrivateKeyFromASN1HexString=_rsapem_readPrivateKeyFromASN1HexString; +/*! rsasign-1.2.7.js (c) 2012 Kenji Urushima | kjur.github.com/jsrsasign/license + */ +var _RE_HEXDECONLY=new RegExp("");_RE_HEXDECONLY.compile("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}function _rsasign_signStringPSS(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)}function _rsasign_signWithMessageHashPSS(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw"invalid salt length"}}}if(c<(g+k+2)){throw"data too long"}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)}function _rsasign_verifyWithMessageHash(e,a){a=a.replace(_RE_HEXDECONLY,"");a=a.replace(/[ \n]+/g,"");var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)}function _rsasign_verifyStringPSS(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)}function _rsasign_verifyWithMessageHashPSS(f,s,l,c){var k=new BigInteger(s,16);if(k.bitLength()>this.n.bitLength()){return false}var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw"invalid salt length"}}}if(m<(h+c+2)){throw"data too long"}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw"bits beyond keysize not zero"}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q=(b*2))){break}if(d>=200){break}c.push(e);g=e;d++}return c};this.getNthChildIndex_AtObj=function(d,b,e){var c=this.getPosArrayOfChildren_AtObj(d,b);return c[e]};this.getDecendantIndexByNthList=function(e,d,c){if(c.length==0){return d}var f=c.shift();var b=this.getPosArrayOfChildren_AtObj(e,d);return this.getDecendantIndexByNthList(e,b[f],c)};this.getDecendantHexTLVByNthList=function(d,c,b){var a=this.getDecendantIndexByNthList(d,c,b);return this.getHexOfTLV_AtObj(d,a)};this.getDecendantHexVByNthList=function(d,c,b){var a=this.getDecendantIndexByNthList(d,c,b);return this.getHexOfV_AtObj(d,a)}};ASN1HEX.getVbyList=function(d,c,b,e){var a=this.getDecendantIndexByNthList(d,c,b);if(a===undefined){throw"can't find nthList object"}if(e!==undefined){if(d.substr(a,2)!=e){throw"checking tag doesn't match: "+d.substr(a,2)+"!="+e}}return this.getHexOfV_AtObj(d,a)}; -/*! asn1x509-1.0.7.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! asn1x509-1.0.8.js (c) 2013-2014 Kenji Urushima | kjur.github.com/jsrsasign/license */ -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}if(typeof KJUR.asn1.x509=="undefined"||!KJUR.asn1.x509){KJUR.asn1.x509={}}KJUR.asn1.x509.Certificate=function(g){KJUR.asn1.x509.Certificate.superclass.constructor.call(this);var b=null;var d=null;var f=null;var c=null;var a=null;var e=null;this.setRsaPrvKeyByPEMandPass=function(i,k){var h=PKCS5PKEY.getDecryptedKeyHex(i,k);var j=new RSAKey();j.readPrivateKeyFromASN1HexString(h);this.prvKey=j};this.sign=function(){this.asn1SignatureAlg=this.asn1TBSCert.asn1SignatureAlg;sig=new KJUR.crypto.Signature({alg:"SHA1withRSA"});sig.init(this.prvKey);sig.updateHex(this.asn1TBSCert.getEncodedHex());this.hexSig=sig.sign();this.asn1Sig=new KJUR.asn1.DERBitString({hex:"00"+this.hexSig});var h=new KJUR.asn1.DERSequence({array:[this.asn1TBSCert,this.asn1SignatureAlg,this.asn1Sig]});this.hTLV=h.getEncodedHex();this.isModified=false};this.getEncodedHex=function(){if(this.isModified==false&&this.hTLV!=null){return this.hTLV}throw"not signed yet"};this.getPEMString=function(){var j=this.getEncodedHex();var h=CryptoJS.enc.Hex.parse(j);var i=CryptoJS.enc.Base64.stringify(h);var k=i.replace(/(.{64})/g,"$1\r\n");return"-----BEGIN CERTIFICATE-----\r\n"+k+"\r\n-----END CERTIFICATE-----\r\n"};if(typeof g!="undefined"){if(typeof g.tbscertobj!="undefined"){this.asn1TBSCert=g.tbscertobj}if(typeof g.prvkeyobj!="undefined"){this.prvKey=g.prvkeyobj}else{if(typeof g.rsaprvkey!="undefined"){this.prvKey=g.rsaprvkey}else{if((typeof g.rsaprvpem!="undefined")&&(typeof g.rsaprvpas!="undefined")){this.setRsaPrvKeyByPEMandPass(g.rsaprvpem,g.rsaprvpas)}}}}};YAHOO.lang.extend(KJUR.asn1.x509.Certificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.TBSCertificate=function(a){KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this);this._initialize=function(){this.asn1Array=new Array();this.asn1Version=new KJUR.asn1.DERTaggedObject({obj:new KJUR.asn1.DERInteger({"int":2})});this.asn1SerialNumber=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1NotBefore=null;this.asn1NotAfter=null;this.asn1Subject=null;this.asn1SubjPKey=null;this.extensionsArray=new Array()};this.setSerialNumberByParam=function(b){this.asn1SerialNumber=new KJUR.asn1.DERInteger(b)};this.setSignatureAlgByParam=function(b){this.asn1SignatureAlg=new KJUR.asn1.x509.AlgorithmIdentifier(b)};this.setIssuerByParam=function(b){this.asn1Issuer=new KJUR.asn1.x509.X500Name(b)};this.setNotBeforeByParam=function(b){this.asn1NotBefore=new KJUR.asn1.x509.Time(b)};this.setNotAfterByParam=function(b){this.asn1NotAfter=new KJUR.asn1.x509.Time(b)};this.setSubjectByParam=function(b){this.asn1Subject=new KJUR.asn1.x509.X500Name(b)};this.setSubjectPublicKeyByParam=function(b){this.asn1SubjPKey=new KJUR.asn1.x509.SubjectPublicKeyInfo(b)};this.setSubjectPublicKeyByGetKey=function(c){var b=KEYUTIL.getKey(c);this.asn1SubjPKey=new KJUR.asn1.x509.SubjectPublicKeyInfo(b)};this.appendExtension=function(b){this.extensionsArray.push(b)};this.appendExtensionByName=function(d,b){if(d.toLowerCase()=="basicconstraints"){var c=new KJUR.asn1.x509.BasicConstraints(b);this.appendExtension(c)}else{if(d.toLowerCase()=="keyusage"){var c=new KJUR.asn1.x509.KeyUsage(b);this.appendExtension(c)}else{if(d.toLowerCase()=="crldistributionpoints"){var c=new KJUR.asn1.x509.CRLDistributionPoints(b);this.appendExtension(c)}else{if(d.toLowerCase()=="extkeyusage"){var c=new KJUR.asn1.x509.ExtKeyUsage(b);this.appendExtension(c)}else{throw"unsupported extension name: "+d}}}}};this.getEncodedHex=function(){if(this.asn1NotBefore==null||this.asn1NotAfter==null){throw"notBefore and/or notAfter not set"}var c=new KJUR.asn1.DERSequence({array:[this.asn1NotBefore,this.asn1NotAfter]});this.asn1Array=new Array();this.asn1Array.push(this.asn1Version);this.asn1Array.push(this.asn1SerialNumber);this.asn1Array.push(this.asn1SignatureAlg);this.asn1Array.push(this.asn1Issuer);this.asn1Array.push(c);this.asn1Array.push(this.asn1Subject);this.asn1Array.push(this.asn1SubjPKey);if(this.extensionsArray.length>0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(a){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(b){var c=b.split("/");c.shift();for(var d=0;d0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(a){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(b){var c=b.split("/");c.shift();for(var d=0;d0||K.compareTo(u)>0||BigInteger.ZERO.compareTo(J)>0||J.compareTo(u)>0){throw"invalid DSA signature"}var I=J.modInverse(u);var A=D.multiply(I).mod(u);var v=K.multiply(I).mod(u);var F=G.modPow(A,z).multiply(H.modPow(v,z)).mod(z).mod(u);return F.compareTo(K)==0};this.parseASN1Signature=function(u){try{var y=new BigInteger(ASN1HEX.getVbyList(u,0,[0],"02"),16);var v=new BigInteger(ASN1HEX.getVbyList(u,0,[1],"02"),16);return[y,v]}catch(w){throw"malformed DSA signature"}};function d(E,w,B,v,u,C){var z=KJUR.crypto.Util.hashString(w,E.toLowerCase());var z=z.substr(0,u.bitLength()/4);var A=new BigInteger(z,16);var y=n(BigInteger.ONE.add(BigInteger.ONE),u.subtract(BigInteger.ONE));var F=(B.modPow(y,v)).mod(u);var D=(y.modInverse(u).multiply(A.add(C.multiply(F)))).mod(u);var G=new Array();G[0]=F;G[1]=D;return G}function r(v){var u=openpgp.config.config.prefer_hash_algorithm;switch(Math.round(v.bitLength()/8)){case 20:if(u!=2&&u>11&&u!=10&&u<8){return 2}return u;case 28:if(u>11&&u<8){return 11}return u;case 32:if(u>10&&u<8){return 8}return u;default:util.print_debug("DSA select hash algorithm: returning null for an unknown length of q");return null}}this.select_hash_algorithm=r;function m(I,K,J,B,z,u,F,G){var C=KJUR.crypto.Util.hashString(B,I.toLowerCase());var C=C.substr(0,u.bitLength()/4);var D=new BigInteger(C,16);if(BigInteger.ZERO.compareTo(K)>0||K.compareTo(u)>0||BigInteger.ZERO.compareTo(J)>0||J.compareTo(u)>0){util.print_error("invalid DSA Signature");return null}var H=J.modInverse(u);var A=D.multiply(H).mod(u);var v=K.multiply(H).mod(u);var E=F.modPow(A,z).multiply(G.modPow(v,z)).mod(z).mod(u);return E.compareTo(K)==0}function a(z){var A=new BigInteger(z,primeCenterie);var y=j(q,512);var u=t(p,q,z);var v;do{v=new BigInteger(q.bitCount(),rand)}while(x.compareTo(BigInteger.ZERO)!=1&&x.compareTo(q)!=-1);var w=g.modPow(x,p);return{x:v,q:A,p:y,g:u,y:w}}function j(y,z,w){if(z%64!=0){return false}var u;var v;do{u=w(bitcount,true);v=u.subtract(BigInteger.ONE);u=u.subtract(v.remainder(y))}while(!u.isProbablePrime(primeCenterie)||u.bitLength()!=l);return u}function t(B,z,A,w){var u=B.subtract(BigInteger.ONE);var y=u.divide(z);var v;do{v=w(A)}while(v.compareTo(u)!=-1&&v.compareTo(BigInteger.ONE)!=1);return v.modPow(y,B)}function o(w,y,u){var v;do{v=u(y,false)}while(v.compareTo(w)!=-1&&v.compareTo(BigInteger.ZERO)!=1);return v}function i(v,w){k=o(v);var u=g.modPow(k,w).mod(v);return u}function h(B,w,y,v,z,u){var A=B(v);s=(w.modInverse(z).multiply(A.add(u.multiply(y)))).mod(z);return s}this.sign=d;this.verify=m;function n(w,u){if(u.compareTo(w)<=0){return}var v=u.subtract(w);var y=e(v.bitLength());while(y>v){y=e(v.bitLength())}return w.add(y)}function e(w){if(w<0){return null}var u=Math.floor((w+7)/8);var v=c(u);if(w%8>0){v=String.fromCharCode((Math.pow(2,w%8)-1)&v.charCodeAt(0))+v.substring(1)}return new BigInteger(f(v),16)}function c(w){var u="";for(var v=0;v=s*2){break}}var x={};x.keyhex=v.substr(0,g[o]["keylen"]*2);x.ivhex=v.substr(g[o]["keylen"]*2,g[o]["ivlen"]*2);return x};var a=function(n,t,p,u){var q=CryptoJS.enc.Base64.parse(n);var o=CryptoJS.enc.Hex.stringify(q);var s=g[t]["proc"];var r=s(o,p,u);return r};var f=function(n,q,o,s){var p=g[q]["eproc"];var r=p(n,o,s);return r};return{version:"1.0.5",getHexFromPEM:function(o,r){var p=o;if(p.indexOf("BEGIN "+r)==-1){throw"can't find PEM header: "+r}p=p.replace("-----BEGIN "+r+"-----","");p=p.replace("-----END "+r+"-----","");var q=p.replace(/\s+/g,"");var n=b64tohex(q);return n},getDecryptedKeyHexByKeyIV:function(o,r,q,p){var n=b(r);return n(o,q,p)},parsePKCS5PEM:function(n){return l(n)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(o,n,p){return h(o,n,p)},decryptKeyB64:function(n,p,o,q){return a(n,p,o,q)},getDecryptedKeyHex:function(w,v){var o=l(w);var r=o.type;var p=o.cipher;var n=o.ivsalt;var q=o.data;var u=h(p,v,n);var t=u.keyhex;var s=a(q,p,t,n);return s},getRSAKeyFromEncryptedPKCS5PEM:function(p,o){var q=this.getDecryptedKeyHex(p,o);var n=new RSAKey();n.readPrivateKeyFromASN1HexString(q);return n},getEryptedPKCS5PEMFromPrvKeyHex:function(q,x,r,p){var n="";if(typeof r=="undefined"||r==null){r="AES-256-CBC"}if(typeof g[r]=="undefined"){throw"PKCS5PKEY unsupported algorithm: "+r}if(typeof p=="undefined"||p==null){var t=g[r]["ivlen"];var s=k(t);p=s.toUpperCase()}var w=h(r,x,p);var v=w.keyhex;var u=f(q,r,v,p);var o=u.replace(/(.{64})/g,"$1\r\n");var n="-----BEGIN RSA PRIVATE KEY-----\r\n";n+="Proc-Type: 4,ENCRYPTED\r\n";n+="DEK-Info: "+r+","+p+"\r\n";n+="\r\n";n+=o;n+="\r\n-----END RSA PRIVATE KEY-----\r\n";return n},getEryptedPKCS5PEMFromRSAKey:function(C,D,o,s){var A=new KJUR.asn1.DERInteger({"int":0});var v=new KJUR.asn1.DERInteger({bigint:C.n});var z=new KJUR.asn1.DERInteger({"int":C.e});var B=new KJUR.asn1.DERInteger({bigint:C.d});var t=new KJUR.asn1.DERInteger({bigint:C.p});var r=new KJUR.asn1.DERInteger({bigint:C.q});var y=new KJUR.asn1.DERInteger({bigint:C.dmp1});var u=new KJUR.asn1.DERInteger({bigint:C.dmq1});var x=new KJUR.asn1.DERInteger({bigint:C.coeff});var E=new KJUR.asn1.DERSequence({array:[A,v,z,B,t,r,y,u,x]});var w=E.getEncodedHex();return this.getEryptedPKCS5PEMFromPrvKeyHex(w,D,o,s)},newEncryptedPKCS5PEM:function(n,o,r,s){if(typeof o=="undefined"||o==null){o=1024}if(typeof r=="undefined"||r==null){r="10001"}var p=new RSAKey();p.generate(o,r);var q=null;if(typeof s=="undefined"||s==null){q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n)}else{q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n,s)}return q},getRSAKeyFromPlainPKCS8PEM:function(p){if(p.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var o=this.getHexFromPEM(p,"PRIVATE KEY");var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getRSAKeyFromPlainPKCS8Hex:function(q){var p=ASN1HEX.getPosArrayOfChildren_AtObj(q,0);if(p.length!=3){throw"outer DERSequence shall have 3 elements: "+p.length}var o=ASN1HEX.getHexOfTLV_AtObj(q,p[1]);if(o!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmIdentifier is not rsaEnc: "+o}var o=ASN1HEX.getHexOfTLV_AtObj(q,p[1]);var r=ASN1HEX.getHexOfTLV_AtObj(q,p[2]);var s=ASN1HEX.getHexOfV_AtObj(r,0);var n=new RSAKey();n.readPrivateKeyFromASN1HexString(s);return n},parseHexOfEncryptedPKCS8:function(u){var q={};var p=ASN1HEX.getPosArrayOfChildren_AtObj(u,0);if(p.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+p.length}q.ciphertext=ASN1HEX.getHexOfV_AtObj(u,p[1]);var w=ASN1HEX.getPosArrayOfChildren_AtObj(u,p[0]);if(w.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+w.length}if(ASN1HEX.getHexOfV_AtObj(u,w[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(u,w[1]);if(w.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+n.length}var o=ASN1HEX.getPosArrayOfChildren_AtObj(u,n[1]);if(o.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+o.length}if(ASN1HEX.getHexOfV_AtObj(u,o[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}q.encryptionSchemeAlg="TripleDES";q.encryptionSchemeIV=ASN1HEX.getHexOfV_AtObj(u,o[1]);var r=ASN1HEX.getPosArrayOfChildren_AtObj(u,n[0]);if(r.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+r.length}if(ASN1HEX.getHexOfV_AtObj(u,r[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var v=ASN1HEX.getPosArrayOfChildren_AtObj(u,r[1]);if(v.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+v.length}q.pbkdf2Salt=ASN1HEX.getHexOfV_AtObj(u,v[0]);var s=ASN1HEX.getHexOfV_AtObj(u,v[1]);try{q.pbkdf2Iter=parseInt(s,16)}catch(t){throw"malformed format pbkdf2Iter: "+s}return q},getPBKDF2KeyHexFromParam:function(s,n){var r=CryptoJS.enc.Hex.parse(s.pbkdf2Salt);var o=s.pbkdf2Iter;var q=CryptoJS.PBKDF2(n,r,{keySize:192/32,iterations:o});var p=CryptoJS.enc.Hex.stringify(q);return p},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(v,w){var p=this.getHexFromPEM(v,"ENCRYPTED PRIVATE KEY");var n=this.parseHexOfEncryptedPKCS8(p);var s=PKCS5PKEY.getPBKDF2KeyHexFromParam(n,w);var t={};t.ciphertext=CryptoJS.enc.Hex.parse(n.ciphertext);var r=CryptoJS.enc.Hex.parse(s);var q=CryptoJS.enc.Hex.parse(n.encryptionSchemeIV);var u=CryptoJS.TripleDES.decrypt(t,r,{iv:q});var o=CryptoJS.enc.Hex.stringify(u);return o},getRSAKeyFromEncryptedPKCS8PEM:function(q,p){var o=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,p);var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getKeyFromEncryptedPKCS8PEM:function(q,o){var n=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,o);var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},parsePlainPrivatePKCS8Hex:function(q){var o={};o.algparam=null;if(q.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(q,0);if(p.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(q.substr(p[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(q,p[1]);if(n.length!=2){throw"malformed PKCS8 private key(code:004)"}if(q.substr(n[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}o.algoid=ASN1HEX.getHexOfV_AtObj(q,n[0]);if(q.substr(n[1],2)=="06"){o.algparam=ASN1HEX.getHexOfV_AtObj(q,n[1])}if(q.substr(p[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}o.keyidx=ASN1HEX.getStartPosOfV_AtObj(q,p[2]);return o},getKeyFromPlainPrivatePKCS8PEM:function(o){var n=this.getHexFromPEM(o,"PRIVATE KEY");var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},getKeyFromPlainPrivatePKCS8Hex:function(n){var p=this.parsePlainPrivatePKCS8Hex(n);if(p.algoid=="2a864886f70d010101"){this.parsePrivateRawRSAKeyHexAtObj(n,p);var o=p.key;var q=new RSAKey();q.setPrivateEx(o.n,o.e,o.d,o.p,o.q,o.dp,o.dq,o.co);return q}else{if(p.algoid=="2a8648ce3d0201"){this.parsePrivateRawECKeyHexAtObj(n,p);if(KJUR.crypto.OID.oidhex2name[p.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+p.algparam}var r=KJUR.crypto.OID.oidhex2name[p.algparam];var q=new KJUR.crypto.ECDSA({curve:r,prv:p.key});return q}else{throw"unsupported private key algorithm"}}},getRSAKeyFromPublicPKCS8PEM:function(o){var p=this.getHexFromPEM(o,"PUBLIC KEY");var n=this.getRSAKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8PEM:function(o){var p=this.getHexFromPEM(o,"PUBLIC KEY");var n=this.getKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8Hex:function(o){var n=this.parsePublicPKCS8Hex(o);if(n.algoid=="2a864886f70d010101"){var r=this.parsePublicRawRSAKeyHex(n.key);var p=new RSAKey();p.setPublic(r.n,r.e);return p}else{if(n.algoid=="2a8648ce3d0201"){if(KJUR.crypto.OID.oidhex2name[n.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+n.algparam}var q=KJUR.crypto.OID.oidhex2name[n.algparam];var p=new KJUR.crypto.ECDSA({curve:q,pub:n.key});return p}else{throw"unsupported public key algorithm"}}},parsePublicRawRSAKeyHex:function(p){var n={};if(p.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var o=ASN1HEX.getPosArrayOfChildren_AtObj(p,0);if(o.length!=2){throw"malformed RSA key(code:002)"}if(p.substr(o[0],2)!="02"){throw"malformed RSA key(code:003)"}n.n=ASN1HEX.getHexOfV_AtObj(p,o[0]);if(p.substr(o[1],2)!="02"){throw"malformed RSA key(code:004)"}n.e=ASN1HEX.getHexOfV_AtObj(p,o[1]);return n},parsePrivateRawRSAKeyHexAtObj:function(o,q){var p=q.keyidx;if(o.substr(p,2)!="30"){throw"malformed RSA private key(code:001)"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(o,p);if(n.length!=9){throw"malformed RSA private key(code:002)"}q.key={};q.key.n=ASN1HEX.getHexOfV_AtObj(o,n[1]);q.key.e=ASN1HEX.getHexOfV_AtObj(o,n[2]);q.key.d=ASN1HEX.getHexOfV_AtObj(o,n[3]);q.key.p=ASN1HEX.getHexOfV_AtObj(o,n[4]);q.key.q=ASN1HEX.getHexOfV_AtObj(o,n[5]);q.key.dp=ASN1HEX.getHexOfV_AtObj(o,n[6]);q.key.dq=ASN1HEX.getHexOfV_AtObj(o,n[7]);q.key.co=ASN1HEX.getHexOfV_AtObj(o,n[8])},parsePrivateRawECKeyHexAtObj:function(o,q){var p=q.keyidx;if(o.substr(p,2)!="30"){throw"malformed ECC private key(code:001)"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(o,p);if(n.length!=3){throw"malformed ECC private key(code:002)"}if(o.substr(n[1],2)!="04"){throw"malformed ECC private key(code:003)"}q.key=ASN1HEX.getHexOfV_AtObj(o,n[1])},parsePublicPKCS8Hex:function(q){var o={};o.algparam=null;var p=ASN1HEX.getPosArrayOfChildren_AtObj(q,0);if(p.length!=2){throw"outer DERSequence shall have 2 elements: "+p.length}var r=p[0];if(q.substr(r,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(q,r);if(n.length!=2){throw"malformed PKCS8 public key(code:002)"}if(q.substr(n[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}o.algoid=ASN1HEX.getHexOfV_AtObj(q,n[0]);if(q.substr(n[1],2)=="06"){o.algparam=ASN1HEX.getHexOfV_AtObj(q,n[1])}if(q.substr(p[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}o.key=ASN1HEX.getHexOfV_AtObj(q,p[1]).substr(2);return o},getRSAKeyFromPublicPKCS8Hex:function(r){var q=ASN1HEX.getPosArrayOfChildren_AtObj(r,0);if(q.length!=2){throw"outer DERSequence shall have 2 elements: "+q.length}var p=ASN1HEX.getHexOfTLV_AtObj(r,q[0]);if(p!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmId is not rsaEncryption"}if(r.substr(q[1],2)!="03"){throw"PKCS8 Public Key is not BITSTRING encapslated."}var t=ASN1HEX.getStartPosOfV_AtObj(r,q[1])+2;if(r.substr(t,2)!="30"){throw"PKCS8 Public Key is not SEQUENCE."}var n=ASN1HEX.getPosArrayOfChildren_AtObj(r,t);if(n.length!=2){throw"inner DERSequence shall have 2 elements: "+n.length}if(r.substr(n[0],2)!="02"){throw"N is not ASN.1 INTEGER"}if(r.substr(n[1],2)!="02"){throw"E is not ASN.1 INTEGER"}var u=ASN1HEX.getHexOfV_AtObj(r,n[0]);var s=ASN1HEX.getHexOfV_AtObj(r,n[1]);var o=new RSAKey();o.setPublic(u,s);return o},}}(); -/*! keyutil-1.0.4.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! keyutil-1.0.5.js (c) 2013-2014 Kenji Urushima | kjur.github.com/jsrsasign/license */ -var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(t){var u={};if(t.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"))){u.cipher=RegExp.$1;u.ivsalt=RegExp.$2}if(t.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"))){u.type=RegExp.$1}var r=-1;var v=0;if(t.indexOf("\r\n\r\n")!=-1){r=t.indexOf("\r\n\r\n");v=2}if(t.indexOf("\n\n")!=-1){r=t.indexOf("\n\n");v=1}var q=t.indexOf("-----END");if(r!=-1&&q!=-1){var p=t.substring(r+v*2,q-v);p=p.replace(/\s+/g,"");u.data=p}return u};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",getHexFromPEM:function(q,u){var r=q;if(r.indexOf("BEGIN "+u)==-1){throw"can't find PEM header: "+u}r=r.replace("-----BEGIN "+u+"-----","");r=r.replace("-----END "+u+"-----","");var t=r.replace(/\s+/g,"");var p=b64tohex(t);return p},getDecryptedKeyHexByKeyIV:function(q,t,s,r){var p=c(t);return p(q,s,r)},parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getRSAKeyFromEncryptedPKCS5PEM:function(r,q){var s=this.getDecryptedKeyHex(r,q);var p=new RSAKey();p.readPrivateKeyFromASN1HexString(s);return p},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},getEncryptedPKCS5PEMFromRSAKey:function(D,E,r,t){var B=new KJUR.asn1.DERInteger({"int":0});var w=new KJUR.asn1.DERInteger({bigint:D.n});var A=new KJUR.asn1.DERInteger({"int":D.e});var C=new KJUR.asn1.DERInteger({bigint:D.d});var u=new KJUR.asn1.DERInteger({bigint:D.p});var s=new KJUR.asn1.DERInteger({bigint:D.q});var z=new KJUR.asn1.DERInteger({bigint:D.dmp1});var v=new KJUR.asn1.DERInteger({bigint:D.dmq1});var y=new KJUR.asn1.DERInteger({bigint:D.coeff});var F=new KJUR.asn1.DERSequence({array:[B,w,A,C,u,s,z,v,y]});var x=F.getEncodedHex();return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",x,E,r,t)},newEncryptedPKCS5PEM:function(p,q,t,u){if(typeof q=="undefined"||q==null){q=1024}if(typeof t=="undefined"||t==null){t="10001"}var r=new RSAKey();r.generate(q,t);var s=null;if(typeof u=="undefined"||u==null){s=this.getEncryptedPKCS5PEMFromRSAKey(r,p)}else{s=this.getEncryptedPKCS5PEMFromRSAKey(r,p,u)}return s},getRSAKeyFromPlainPKCS8PEM:function(r){if(r.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var q=this.getHexFromPEM(r,"PRIVATE KEY");var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getRSAKeyFromPlainPKCS8Hex:function(s){var r=ASN1HEX.getPosArrayOfChildren_AtObj(s,0);if(r.length!=3){throw"outer DERSequence shall have 3 elements: "+r.length}var q=ASN1HEX.getHexOfTLV_AtObj(s,r[1]);if(q!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmIdentifier is not rsaEnc: "+q}var q=ASN1HEX.getHexOfTLV_AtObj(s,r[1]);var t=ASN1HEX.getHexOfTLV_AtObj(s,r[2]);var u=ASN1HEX.getHexOfV_AtObj(t,0);var p=new RSAKey();p.readPrivateKeyFromASN1HexString(u);return p},parseHexOfEncryptedPKCS8:function(w){var s={};var r=ASN1HEX.getPosArrayOfChildren_AtObj(w,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}s.ciphertext=ASN1HEX.getHexOfV_AtObj(w,r[1]);var y=ASN1HEX.getPosArrayOfChildren_AtObj(w,r[0]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+y.length}if(ASN1HEX.getHexOfV_AtObj(w,y[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(w,y[1]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=ASN1HEX.getPosArrayOfChildren_AtObj(w,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(ASN1HEX.getHexOfV_AtObj(w,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}s.encryptionSchemeAlg="TripleDES";s.encryptionSchemeIV=ASN1HEX.getHexOfV_AtObj(w,q[1]);var t=ASN1HEX.getPosArrayOfChildren_AtObj(w,p[0]);if(t.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+t.length}if(ASN1HEX.getHexOfV_AtObj(w,t[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=ASN1HEX.getPosArrayOfChildren_AtObj(w,t[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}s.pbkdf2Salt=ASN1HEX.getHexOfV_AtObj(w,x[0]);var u=ASN1HEX.getHexOfV_AtObj(w,x[1]);try{s.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return s},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=this.getHexFromPEM(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getRSAKeyFromEncryptedPKCS8PEM:function(s,r){var q=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,r);var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=ASN1HEX.getPosArrayOfChildren_AtObj(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=ASN1HEX.getHexOfV_AtObj(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=ASN1HEX.getHexOfV_AtObj(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=ASN1HEX.getStartPosOfV_AtObj(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=this.getHexFromPEM(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var w=this.parsePlainPrivatePKCS8Hex(p);if(w.algoid=="2a864886f70d010101"){this.parsePrivateRawRSAKeyHexAtObj(p,w);var u=w.key;var z=new RSAKey();z.setPrivateEx(u.n,u.e,u.d,u.p,u.q,u.dp,u.dq,u.co);return z}else{if(w.algoid=="2a8648ce3d0201"){this.parsePrivateRawECKeyHexAtObj(p,w);if(KJUR.crypto.OID.oidhex2name[w.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+w.algparam}var v=KJUR.crypto.OID.oidhex2name[w.algparam];var z=new KJUR.crypto.ECDSA({curve:v});z.setPublicKeyHex(w.pubkey);z.setPrivateKeyHex(w.key);z.isPublic=false;return z}else{if(w.algoid=="2a8648ce380401"){var t=ASN1HEX.getVbyList(p,0,[1,1,0],"02");var s=ASN1HEX.getVbyList(p,0,[1,1,1],"02");var y=ASN1HEX.getVbyList(p,0,[1,1,2],"02");var B=ASN1HEX.getVbyList(p,0,[2,0],"02");var r=new BigInteger(t,16);var q=new BigInteger(s,16);var x=new BigInteger(y,16);var A=new BigInteger(B,16);var z=new KJUR.crypto.DSA();z.setPrivate(r,q,x,null,A);return z}else{throw"unsupported private key algorithm"}}}},getRSAKeyFromPublicPKCS8PEM:function(q){var r=this.getHexFromPEM(q,"PUBLIC KEY");var p=this.getRSAKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8PEM:function(q){var r=this.getHexFromPEM(q,"PUBLIC KEY");var p=this.getKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8Hex:function(q){var p=this.parsePublicPKCS8Hex(q);if(p.algoid=="2a864886f70d010101"){var u=this.parsePublicRawRSAKeyHex(p.key);var r=new RSAKey();r.setPublic(u.n,u.e);return r}else{if(p.algoid=="2a8648ce3d0201"){if(KJUR.crypto.OID.oidhex2name[p.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+p.algparam}var s=KJUR.crypto.OID.oidhex2name[p.algparam];var r=new KJUR.crypto.ECDSA({curve:s,pub:p.key});return r}else{if(p.algoid=="2a8648ce380401"){var t=p.algparam;var v=ASN1HEX.getHexOfV_AtObj(p.key,0);var r=new KJUR.crypto.DSA();r.setPublic(new BigInteger(t.p,16),new BigInteger(t.q,16),new BigInteger(t.g,16),new BigInteger(v,16));return r}else{throw"unsupported public key algorithm"}}}},parsePublicRawRSAKeyHex:function(r){var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=ASN1HEX.getPosArrayOfChildren_AtObj(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=ASN1HEX.getHexOfV_AtObj(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=ASN1HEX.getHexOfV_AtObj(r,q[1]);return p},parsePrivateRawRSAKeyHexAtObj:function(q,s){var r=s.keyidx;if(q.substr(r,2)!="30"){throw"malformed RSA private key(code:001)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(q,r);if(p.length!=9){throw"malformed RSA private key(code:002)"}s.key={};s.key.n=ASN1HEX.getHexOfV_AtObj(q,p[1]);s.key.e=ASN1HEX.getHexOfV_AtObj(q,p[2]);s.key.d=ASN1HEX.getHexOfV_AtObj(q,p[3]);s.key.p=ASN1HEX.getHexOfV_AtObj(q,p[4]);s.key.q=ASN1HEX.getHexOfV_AtObj(q,p[5]);s.key.dp=ASN1HEX.getHexOfV_AtObj(q,p[6]);s.key.dq=ASN1HEX.getHexOfV_AtObj(q,p[7]);s.key.co=ASN1HEX.getHexOfV_AtObj(q,p[8])},parsePrivateRawECKeyHexAtObj:function(p,t){var q=t.keyidx;var r=ASN1HEX.getVbyList(p,q,[1],"04");var s=ASN1HEX.getVbyList(p,q,[2,0],"03").substr(2);t.key=r;t.pubkey=s},parsePublicPKCS8Hex:function(s){var q={};q.algparam=null;var r=ASN1HEX.getPosArrayOfChildren_AtObj(s,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var t=r[0];if(s.substr(t,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(s,t);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=ASN1HEX.getHexOfV_AtObj(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=ASN1HEX.getHexOfV_AtObj(s,p[1])}else{if(s.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=ASN1HEX.getVbyList(s,p[1],[0],"02");q.algparam.q=ASN1HEX.getVbyList(s,p[1],[1],"02");q.algparam.g=ASN1HEX.getVbyList(s,p[1],[2],"02")}}if(s.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=ASN1HEX.getHexOfV_AtObj(s,r[1]).substr(2);return q},getRSAKeyFromPublicPKCS8Hex:function(t){var s=ASN1HEX.getPosArrayOfChildren_AtObj(t,0);if(s.length!=2){throw"outer DERSequence shall have 2 elements: "+s.length}var r=ASN1HEX.getHexOfTLV_AtObj(t,s[0]);if(r!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmId is not rsaEncryption"}if(t.substr(s[1],2)!="03"){throw"PKCS8 Public Key is not BITSTRING encapslated."}var v=ASN1HEX.getStartPosOfV_AtObj(t,s[1])+2;if(t.substr(v,2)!="30"){throw"PKCS8 Public Key is not SEQUENCE."}var p=ASN1HEX.getPosArrayOfChildren_AtObj(t,v);if(p.length!=2){throw"inner DERSequence shall have 2 elements: "+p.length}if(t.substr(p[0],2)!="02"){throw"N is not ASN.1 INTEGER"}if(t.substr(p[1],2)!="02"){throw"E is not ASN.1 INTEGER"}var w=ASN1HEX.getHexOfV_AtObj(t,p[0]);var u=ASN1HEX.getHexOfV_AtObj(t,p[1]);var q=new RSAKey();q.setPublic(w,u);return q},}}();KEYUTIL.getKey=function(c,o,i){if(typeof RSAKey!="undefined"&&c instanceof RSAKey){return c}if(typeof KJUR.crypto.ECDSA!="undefined"&&c instanceof KJUR.crypto.ECDSA){return c}if(typeof KJUR.crypto.DSA!="undefined"&&c instanceof KJUR.crypto.DSA){return c}if(c.xy!==undefined&&c.curve!==undefined){return new KJUR.crypto.ECDSA({prv:c.xy,curve:c.curve})}if(c.n!==undefined&&c.e!==undefined&&c.d!==undefined&&c.p!==undefined&&c.q!==undefined&&c.dp!==undefined&&c.dq!==undefined&&c.co!==undefined){var n=new RSAKey();n.setPrivateEx(c.n,c.e,c.d,c.p,c.q,c.dp,c.dq,c.co);return n}if(c.p!==undefined&&c.q!==undefined&&c.g!==undefined&&c.y!==undefined&&c.x!==undefined){var n=new KJUR.crypto.DSA();n.setPrivate(c.p,c.q,c.g,c.y,c.x);return n}if(c.d!==undefined&&c.curve!==undefined){return new KJUR.crypto.ECDSA({pub:c.d,curve:c.curve})}if(c.n!==undefined&&c.e){var n=new RSAKey();n.setPublic(c.n,c.e);return n}if(c.p!==undefined&&c.q!==undefined&&c.g!==undefined&&c.y!==undefined&&c.x===undefined){var n=new KJUR.crypto.DSA();n.setPublic(c.p,c.q,c.g,c.y);return n}if(c.indexOf("-END CERTIFICATE-",0)!=-1||c.indexOf("-END X509 CERTIFICATE-",0)!=-1||c.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(c)}if(i==="pkcs8pub"){return KEYUTIL.getKeyFromPublicPKCS8Hex(c)}if(c.indexOf("-END PUBLIC KEY-")!=-1){return KEYUTIL.getKeyFromPublicPKCS8PEM(c)}if(i==="pkcs5prv"){var n=new RSAKey();n.readPrivateKeyFromASN1HexString(c);return n}if(i==="pkcs5prv"){var n=new RSAKey();n.readPrivateKeyFromASN1HexString(c);return n}if(c.indexOf("-END RSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")==-1){var n=new RSAKey();n.readPrivateKeyFromPEMString(c);return n}if(c.indexOf("-END DSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")==-1){var m=this.getHexFromPEM(c,"DSA PRIVATE KEY");var b=ASN1HEX.getVbyList(m,0,[1],"02");var a=ASN1HEX.getVbyList(m,0,[2],"02");var e=ASN1HEX.getVbyList(m,0,[3],"02");var k=ASN1HEX.getVbyList(m,0,[4],"02");var l=ASN1HEX.getVbyList(m,0,[5],"02");var n=new KJUR.crypto.DSA();n.setPrivate(new BigInteger(b,16),new BigInteger(a,16),new BigInteger(e,16),new BigInteger(k,16),new BigInteger(l,16));return n}if(c.indexOf("-END PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(c)}if(c.indexOf("-END RSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")!=-1){return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(c,o)}if(c.indexOf("-END EC PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")!=-1){var m=KEYUTIL.getDecryptedKeyHex(c,o);var n=ASN1HEX.getVbyList(m,0,[1],"04");var j=ASN1HEX.getVbyList(m,0,[2,0],"06");var d=ASN1HEX.getVbyList(m,0,[3,0],"03").substr(2);var h="";if(KJUR.crypto.OID.oidhex2name[j]!==undefined){h=KJUR.crypto.OID.oidhex2name[j]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+j}var f=new KJUR.crypto.ECDSA({name:h});f.setPublicKeyHex(d);f.setPrivateKeyHex(n);f.isPublic=false;return f}if(c.indexOf("-END DSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")!=-1){var m=KEYUTIL.getDecryptedKeyHex(c,o);var b=ASN1HEX.getVbyList(m,0,[1],"02");var a=ASN1HEX.getVbyList(m,0,[2],"02");var e=ASN1HEX.getVbyList(m,0,[3],"02");var k=ASN1HEX.getVbyList(m,0,[4],"02");var l=ASN1HEX.getVbyList(m,0,[5],"02");var n=new KJUR.crypto.DSA();n.setPrivate(new BigInteger(b,16),new BigInteger(a,16),new BigInteger(e,16),new BigInteger(k,16),new BigInteger(l,16));return n}if(c.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromEncryptedPKCS8PEM(c,o)}throw"not supported argument"};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPrivateKeyHex(j.ecprvhex);var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(a,r,o,g,j){var v=KJUR.asn1;var u=KJUR.crypto;function p(s){var w=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return w}function q(w){var s=KJUR.asn1.ASN1Util.newObject({seq:[{"int":1},{octstr:{hex:w.prvKeyHex}},{tag:["a0",true,{oid:{name:w.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+w.pubKeyHex}}]}]});return s}function n(s){var w=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return w}if(((typeof RSAKey!="undefined"&&a instanceof RSAKey)||(typeof u.DSA!="undefined"&&a instanceof u.DSA)||(typeof u.ECDSA!="undefined"&&a instanceof u.ECDSA))&&a.isPublic==true&&(r===undefined||r=="PKCS8PUB")){var t=new KJUR.asn1.x509.SubjectPublicKeyInfo(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"PUBLIC KEY")}if(r=="PKCS1PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&(o===undefined||o==null)&&a.isPrivate==true){var t=p(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"RSA PRIVATE KEY")}if(r=="PKCS1PRV"&&typeof RSAKey!="undefined"&&a instanceof KJUR.crypto.ECDSA&&(o===undefined||o==null)&&a.isPrivate==true){var f=new KJUR.asn1.DERObjectIdentifier({name:a.curveName});var l=f.getEncodedHex();var e=q(a);var k=e.getEncodedHex();var i="";i+=v.ASN1Util.getPEMStringFromHex(l,"EC PARAMETERS");i+=v.ASN1Util.getPEMStringFromHex(k,"EC PRIVATE KEY");return i}if(r=="PKCS1PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&(o===undefined||o==null)&&a.isPrivate==true){var t=n(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"DSA PRIVATE KEY")}if(r=="PKCS5PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=p(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",m,o,g)}if(r=="PKCS5PRV"&&typeof KJUR.crypto.ECDSA!="undefined"&&a instanceof KJUR.crypto.ECDSA&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=q(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",m,o,g)}if(r=="PKCS5PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=n(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",m,o,g)}var h=function(w,s){var y=b(w,s);var x=new KJUR.asn1.ASN1Util.newObject({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:y.pbkdf2Salt}},{"int":y.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:y.encryptionSchemeIV}}]}]}]},{octstr:{hex:y.ciphertext}}]});return x.getEncodedHex()};var b=function(D,E){var x=100;var C=CryptoJS.lib.WordArray.random(8);var B="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var y=CryptoJS.PBKDF2(E,C,{keySize:192/32,iterations:x});var z=CryptoJS.enc.Hex.parse(D);var A=CryptoJS.TripleDES.encrypt(z,y,{iv:s})+"";var w={};w.ciphertext=A;w.pbkdf2Salt=CryptoJS.enc.Hex.stringify(C);w.pbkdf2Iter=x;w.encryptionSchemeAlg=B;w.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return w};if(r=="PKCS8PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&a.isPrivate==true){var d=p(a);var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}if(r=="PKCS8PRV"&&typeof KJUR.crypto.ECDSA!="undefined"&&a instanceof KJUR.crypto.ECDSA&&a.isPrivate==true){var d=new KJUR.asn1.ASN1Util.newObject({seq:[{"int":1},{octstr:{hex:a.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+a.pubKeyHex}}]}]});var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:a.curveName}}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}if(r=="PKCS8PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&a.isPrivate==true){var d=new KJUR.asn1.DERInteger({bigint:a.x});var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:a.p}},{"int":{bigint:a.q}},{"int":{bigint:a.g}}]}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}throw"unsupported object nor format"}; +var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(t){var u={};if(t.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"))){u.cipher=RegExp.$1;u.ivsalt=RegExp.$2}if(t.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"))){u.type=RegExp.$1}var r=-1;var v=0;if(t.indexOf("\r\n\r\n")!=-1){r=t.indexOf("\r\n\r\n");v=2}if(t.indexOf("\n\n")!=-1){r=t.indexOf("\n\n");v=1}var q=t.indexOf("-----END");if(r!=-1&&q!=-1){var p=t.substring(r+v*2,q-v);p=p.replace(/\s+/g,"");u.data=p}return u};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",getHexFromPEM:function(q,u){var r=q;if(r.indexOf("BEGIN "+u)==-1){throw"can't find PEM header: "+u}r=r.replace("-----BEGIN "+u+"-----","");r=r.replace("-----END "+u+"-----","");var t=r.replace(/\s+/g,"");var p=b64tohex(t);return p},getDecryptedKeyHexByKeyIV:function(q,t,s,r){var p=c(t);return p(q,s,r)},parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getRSAKeyFromEncryptedPKCS5PEM:function(r,q){var s=this.getDecryptedKeyHex(r,q);var p=new RSAKey();p.readPrivateKeyFromASN1HexString(s);return p},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},getEncryptedPKCS5PEMFromRSAKey:function(D,E,r,t){var B=new KJUR.asn1.DERInteger({"int":0});var w=new KJUR.asn1.DERInteger({bigint:D.n});var A=new KJUR.asn1.DERInteger({"int":D.e});var C=new KJUR.asn1.DERInteger({bigint:D.d});var u=new KJUR.asn1.DERInteger({bigint:D.p});var s=new KJUR.asn1.DERInteger({bigint:D.q});var z=new KJUR.asn1.DERInteger({bigint:D.dmp1});var v=new KJUR.asn1.DERInteger({bigint:D.dmq1});var y=new KJUR.asn1.DERInteger({bigint:D.coeff});var F=new KJUR.asn1.DERSequence({array:[B,w,A,C,u,s,z,v,y]});var x=F.getEncodedHex();return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",x,E,r,t)},newEncryptedPKCS5PEM:function(p,q,t,u){if(typeof q=="undefined"||q==null){q=1024}if(typeof t=="undefined"||t==null){t="10001"}var r=new RSAKey();r.generate(q,t);var s=null;if(typeof u=="undefined"||u==null){s=this.getEncryptedPKCS5PEMFromRSAKey(r,p)}else{s=this.getEncryptedPKCS5PEMFromRSAKey(r,p,u)}return s},getRSAKeyFromPlainPKCS8PEM:function(r){if(r.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var q=this.getHexFromPEM(r,"PRIVATE KEY");var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getRSAKeyFromPlainPKCS8Hex:function(s){var r=ASN1HEX.getPosArrayOfChildren_AtObj(s,0);if(r.length!=3){throw"outer DERSequence shall have 3 elements: "+r.length}var q=ASN1HEX.getHexOfTLV_AtObj(s,r[1]);if(q!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmIdentifier is not rsaEnc: "+q}var q=ASN1HEX.getHexOfTLV_AtObj(s,r[1]);var t=ASN1HEX.getHexOfTLV_AtObj(s,r[2]);var u=ASN1HEX.getHexOfV_AtObj(t,0);var p=new RSAKey();p.readPrivateKeyFromASN1HexString(u);return p},parseHexOfEncryptedPKCS8:function(w){var s={};var r=ASN1HEX.getPosArrayOfChildren_AtObj(w,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}s.ciphertext=ASN1HEX.getHexOfV_AtObj(w,r[1]);var y=ASN1HEX.getPosArrayOfChildren_AtObj(w,r[0]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+y.length}if(ASN1HEX.getHexOfV_AtObj(w,y[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(w,y[1]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=ASN1HEX.getPosArrayOfChildren_AtObj(w,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(ASN1HEX.getHexOfV_AtObj(w,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}s.encryptionSchemeAlg="TripleDES";s.encryptionSchemeIV=ASN1HEX.getHexOfV_AtObj(w,q[1]);var t=ASN1HEX.getPosArrayOfChildren_AtObj(w,p[0]);if(t.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+t.length}if(ASN1HEX.getHexOfV_AtObj(w,t[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=ASN1HEX.getPosArrayOfChildren_AtObj(w,t[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}s.pbkdf2Salt=ASN1HEX.getHexOfV_AtObj(w,x[0]);var u=ASN1HEX.getHexOfV_AtObj(w,x[1]);try{s.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return s},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=this.getHexFromPEM(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getRSAKeyFromEncryptedPKCS8PEM:function(s,r){var q=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,r);var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=ASN1HEX.getPosArrayOfChildren_AtObj(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=ASN1HEX.getHexOfV_AtObj(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=ASN1HEX.getHexOfV_AtObj(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=ASN1HEX.getStartPosOfV_AtObj(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=this.getHexFromPEM(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var w=this.parsePlainPrivatePKCS8Hex(p);if(w.algoid=="2a864886f70d010101"){this.parsePrivateRawRSAKeyHexAtObj(p,w);var u=w.key;var z=new RSAKey();z.setPrivateEx(u.n,u.e,u.d,u.p,u.q,u.dp,u.dq,u.co);return z}else{if(w.algoid=="2a8648ce3d0201"){this.parsePrivateRawECKeyHexAtObj(p,w);if(KJUR.crypto.OID.oidhex2name[w.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+w.algparam}var v=KJUR.crypto.OID.oidhex2name[w.algparam];var z=new KJUR.crypto.ECDSA({curve:v});z.setPublicKeyHex(w.pubkey);z.setPrivateKeyHex(w.key);z.isPublic=false;return z}else{if(w.algoid=="2a8648ce380401"){var t=ASN1HEX.getVbyList(p,0,[1,1,0],"02");var s=ASN1HEX.getVbyList(p,0,[1,1,1],"02");var y=ASN1HEX.getVbyList(p,0,[1,1,2],"02");var B=ASN1HEX.getVbyList(p,0,[2,0],"02");var r=new BigInteger(t,16);var q=new BigInteger(s,16);var x=new BigInteger(y,16);var A=new BigInteger(B,16);var z=new KJUR.crypto.DSA();z.setPrivate(r,q,x,null,A);return z}else{throw"unsupported private key algorithm"}}}},getRSAKeyFromPublicPKCS8PEM:function(q){var r=this.getHexFromPEM(q,"PUBLIC KEY");var p=this.getRSAKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8PEM:function(q){var r=this.getHexFromPEM(q,"PUBLIC KEY");var p=this.getKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8Hex:function(q){var p=this.parsePublicPKCS8Hex(q);if(p.algoid=="2a864886f70d010101"){var u=this.parsePublicRawRSAKeyHex(p.key);var r=new RSAKey();r.setPublic(u.n,u.e);return r}else{if(p.algoid=="2a8648ce3d0201"){if(KJUR.crypto.OID.oidhex2name[p.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+p.algparam}var s=KJUR.crypto.OID.oidhex2name[p.algparam];var r=new KJUR.crypto.ECDSA({curve:s,pub:p.key});return r}else{if(p.algoid=="2a8648ce380401"){var t=p.algparam;var v=ASN1HEX.getHexOfV_AtObj(p.key,0);var r=new KJUR.crypto.DSA();r.setPublic(new BigInteger(t.p,16),new BigInteger(t.q,16),new BigInteger(t.g,16),new BigInteger(v,16));return r}else{throw"unsupported public key algorithm"}}}},parsePublicRawRSAKeyHex:function(r){var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=ASN1HEX.getPosArrayOfChildren_AtObj(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=ASN1HEX.getHexOfV_AtObj(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=ASN1HEX.getHexOfV_AtObj(r,q[1]);return p},parsePrivateRawRSAKeyHexAtObj:function(q,s){var r=s.keyidx;if(q.substr(r,2)!="30"){throw"malformed RSA private key(code:001)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(q,r);if(p.length!=9){throw"malformed RSA private key(code:002)"}s.key={};s.key.n=ASN1HEX.getHexOfV_AtObj(q,p[1]);s.key.e=ASN1HEX.getHexOfV_AtObj(q,p[2]);s.key.d=ASN1HEX.getHexOfV_AtObj(q,p[3]);s.key.p=ASN1HEX.getHexOfV_AtObj(q,p[4]);s.key.q=ASN1HEX.getHexOfV_AtObj(q,p[5]);s.key.dp=ASN1HEX.getHexOfV_AtObj(q,p[6]);s.key.dq=ASN1HEX.getHexOfV_AtObj(q,p[7]);s.key.co=ASN1HEX.getHexOfV_AtObj(q,p[8])},parsePrivateRawECKeyHexAtObj:function(p,t){var q=t.keyidx;var r=ASN1HEX.getVbyList(p,q,[1],"04");var s=ASN1HEX.getVbyList(p,q,[2,0],"03").substr(2);t.key=r;t.pubkey=s},parsePublicPKCS8Hex:function(s){var q={};q.algparam=null;var r=ASN1HEX.getPosArrayOfChildren_AtObj(s,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var t=r[0];if(s.substr(t,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(s,t);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=ASN1HEX.getHexOfV_AtObj(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=ASN1HEX.getHexOfV_AtObj(s,p[1])}else{if(s.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=ASN1HEX.getVbyList(s,p[1],[0],"02");q.algparam.q=ASN1HEX.getVbyList(s,p[1],[1],"02");q.algparam.g=ASN1HEX.getVbyList(s,p[1],[2],"02")}}if(s.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=ASN1HEX.getHexOfV_AtObj(s,r[1]).substr(2);return q},getRSAKeyFromPublicPKCS8Hex:function(t){var s=ASN1HEX.getPosArrayOfChildren_AtObj(t,0);if(s.length!=2){throw"outer DERSequence shall have 2 elements: "+s.length}var r=ASN1HEX.getHexOfTLV_AtObj(t,s[0]);if(r!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmId is not rsaEncryption"}if(t.substr(s[1],2)!="03"){throw"PKCS8 Public Key is not BITSTRING encapslated."}var v=ASN1HEX.getStartPosOfV_AtObj(t,s[1])+2;if(t.substr(v,2)!="30"){throw"PKCS8 Public Key is not SEQUENCE."}var p=ASN1HEX.getPosArrayOfChildren_AtObj(t,v);if(p.length!=2){throw"inner DERSequence shall have 2 elements: "+p.length}if(t.substr(p[0],2)!="02"){throw"N is not ASN.1 INTEGER"}if(t.substr(p[1],2)!="02"){throw"E is not ASN.1 INTEGER"}var w=ASN1HEX.getHexOfV_AtObj(t,p[0]);var u=ASN1HEX.getHexOfV_AtObj(t,p[1]);var q=new RSAKey();q.setPublic(w,u);return q},}}();KEYUTIL.getKey=function(c,o,i){if(typeof RSAKey!="undefined"&&c instanceof RSAKey){return c}if(typeof KJUR.crypto.ECDSA!="undefined"&&c instanceof KJUR.crypto.ECDSA){return c}if(typeof KJUR.crypto.DSA!="undefined"&&c instanceof KJUR.crypto.DSA){return c}if(c.xy!==undefined&&c.curve!==undefined){return new KJUR.crypto.ECDSA({prv:c.xy,curve:c.curve})}if(c.n!==undefined&&c.e!==undefined&&c.d!==undefined&&c.p!==undefined&&c.q!==undefined&&c.dp!==undefined&&c.dq!==undefined&&c.co!==undefined){var n=new RSAKey();n.setPrivateEx(c.n,c.e,c.d,c.p,c.q,c.dp,c.dq,c.co);return n}if(c.p!==undefined&&c.q!==undefined&&c.g!==undefined&&c.y!==undefined&&c.x!==undefined){var n=new KJUR.crypto.DSA();n.setPrivate(c.p,c.q,c.g,c.y,c.x);return n}if(c.d!==undefined&&c.curve!==undefined){return new KJUR.crypto.ECDSA({pub:c.d,curve:c.curve})}if(c.n!==undefined&&c.e){var n=new RSAKey();n.setPublic(c.n,c.e);return n}if(c.p!==undefined&&c.q!==undefined&&c.g!==undefined&&c.y!==undefined&&c.x===undefined){var n=new KJUR.crypto.DSA();n.setPublic(c.p,c.q,c.g,c.y);return n}if(c.indexOf("-END CERTIFICATE-",0)!=-1||c.indexOf("-END X509 CERTIFICATE-",0)!=-1||c.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(c)}if(i==="pkcs8pub"){return KEYUTIL.getKeyFromPublicPKCS8Hex(c)}if(c.indexOf("-END PUBLIC KEY-")!=-1){return KEYUTIL.getKeyFromPublicPKCS8PEM(c)}if(i==="pkcs5prv"){var n=new RSAKey();n.readPrivateKeyFromASN1HexString(c);return n}if(i==="pkcs5prv"){var n=new RSAKey();n.readPrivateKeyFromASN1HexString(c);return n}if(c.indexOf("-END RSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")==-1){var n=new RSAKey();n.readPrivateKeyFromPEMString(c);return n}if(c.indexOf("-END DSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")==-1){var m=this.getHexFromPEM(c,"DSA PRIVATE KEY");var b=ASN1HEX.getVbyList(m,0,[1],"02");var a=ASN1HEX.getVbyList(m,0,[2],"02");var e=ASN1HEX.getVbyList(m,0,[3],"02");var k=ASN1HEX.getVbyList(m,0,[4],"02");var l=ASN1HEX.getVbyList(m,0,[5],"02");var n=new KJUR.crypto.DSA();n.setPrivate(new BigInteger(b,16),new BigInteger(a,16),new BigInteger(e,16),new BigInteger(k,16),new BigInteger(l,16));return n}if(c.indexOf("-END PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(c)}if(c.indexOf("-END RSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")!=-1){return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(c,o)}if(c.indexOf("-END EC PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")!=-1){var m=KEYUTIL.getDecryptedKeyHex(c,o);var n=ASN1HEX.getVbyList(m,0,[1],"04");var j=ASN1HEX.getVbyList(m,0,[2,0],"06");var d=ASN1HEX.getVbyList(m,0,[3,0],"03").substr(2);var h="";if(KJUR.crypto.OID.oidhex2name[j]!==undefined){h=KJUR.crypto.OID.oidhex2name[j]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+j}var f=new KJUR.crypto.ECDSA({name:h});f.setPublicKeyHex(d);f.setPrivateKeyHex(n);f.isPublic=false;return f}if(c.indexOf("-END DSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")!=-1){var m=KEYUTIL.getDecryptedKeyHex(c,o);var b=ASN1HEX.getVbyList(m,0,[1],"02");var a=ASN1HEX.getVbyList(m,0,[2],"02");var e=ASN1HEX.getVbyList(m,0,[3],"02");var k=ASN1HEX.getVbyList(m,0,[4],"02");var l=ASN1HEX.getVbyList(m,0,[5],"02");var n=new KJUR.crypto.DSA();n.setPrivate(new BigInteger(b,16),new BigInteger(a,16),new BigInteger(e,16),new BigInteger(k,16),new BigInteger(l,16));return n}if(c.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromEncryptedPKCS8PEM(c,o)}throw"not supported argument"};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPrivateKeyHex(j.ecprvhex);var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(a,r,o,g,j){var v=KJUR.asn1;var u=KJUR.crypto;function p(s){var w=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return w}function q(w){var s=KJUR.asn1.ASN1Util.newObject({seq:[{"int":1},{octstr:{hex:w.prvKeyHex}},{tag:["a0",true,{oid:{name:w.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+w.pubKeyHex}}]}]});return s}function n(s){var w=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return w}if(((typeof RSAKey!="undefined"&&a instanceof RSAKey)||(typeof u.DSA!="undefined"&&a instanceof u.DSA)||(typeof u.ECDSA!="undefined"&&a instanceof u.ECDSA))&&a.isPublic==true&&(r===undefined||r=="PKCS8PUB")){var t=new KJUR.asn1.x509.SubjectPublicKeyInfo(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"PUBLIC KEY")}if(r=="PKCS1PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&(o===undefined||o==null)&&a.isPrivate==true){var t=p(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"RSA PRIVATE KEY")}if(r=="PKCS1PRV"&&typeof RSAKey!="undefined"&&a instanceof KJUR.crypto.ECDSA&&(o===undefined||o==null)&&a.isPrivate==true){var f=new KJUR.asn1.DERObjectIdentifier({name:a.curveName});var l=f.getEncodedHex();var e=q(a);var k=e.getEncodedHex();var i="";i+=v.ASN1Util.getPEMStringFromHex(l,"EC PARAMETERS");i+=v.ASN1Util.getPEMStringFromHex(k,"EC PRIVATE KEY");return i}if(r=="PKCS1PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&(o===undefined||o==null)&&a.isPrivate==true){var t=n(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"DSA PRIVATE KEY")}if(r=="PKCS5PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=p(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",m,o,g)}if(r=="PKCS5PRV"&&typeof KJUR.crypto.ECDSA!="undefined"&&a instanceof KJUR.crypto.ECDSA&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=q(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",m,o,g)}if(r=="PKCS5PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=n(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",m,o,g)}var h=function(w,s){var y=b(w,s);var x=new KJUR.asn1.ASN1Util.newObject({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:y.pbkdf2Salt}},{"int":y.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:y.encryptionSchemeIV}}]}]}]},{octstr:{hex:y.ciphertext}}]});return x.getEncodedHex()};var b=function(D,E){var x=100;var C=CryptoJS.lib.WordArray.random(8);var B="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var y=CryptoJS.PBKDF2(E,C,{keySize:192/32,iterations:x});var z=CryptoJS.enc.Hex.parse(D);var A=CryptoJS.TripleDES.encrypt(z,y,{iv:s})+"";var w={};w.ciphertext=A;w.pbkdf2Salt=CryptoJS.enc.Hex.stringify(C);w.pbkdf2Iter=x;w.encryptionSchemeAlg=B;w.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return w};if(r=="PKCS8PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&a.isPrivate==true){var d=p(a);var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}if(r=="PKCS8PRV"&&typeof KJUR.crypto.ECDSA!="undefined"&&a instanceof KJUR.crypto.ECDSA&&a.isPrivate==true){var d=new KJUR.asn1.ASN1Util.newObject({seq:[{"int":1},{octstr:{hex:a.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+a.pubKeyHex}}]}]});var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:a.curveName}}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}if(r=="PKCS8PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&a.isPrivate==true){var d=new KJUR.asn1.DERInteger({bigint:a.x});var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:a.p}},{"int":{bigint:a.q}},{"int":{bigint:a.g}}]}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}throw"unsupported object nor format"};KEYUTIL.getKeyFromCSRPEM=function(b){var a=KEYUTIL.getHexFromPEM(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(c){var b={};var e=c;if(e.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var d=ASN1HEX.getPosArrayOfChildren_AtObj(e,0);if(d.length<1){throw"malformed CSR(code:002)"}if(e.substr(d[0],2)!="30"){throw"malformed CSR(code:003)"}var a=ASN1HEX.getPosArrayOfChildren_AtObj(e,d[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=ASN1HEX.getHexOfTLV_AtObj(e,a[2]);return b}; /*! rsapem-1.1.js (c) 2012 Kenji Urushima | kjur.github.com/jsrsasign/license */ function _rsapem_pemToBase64(b){var a=b;a=a.replace("-----BEGIN RSA PRIVATE KEY-----","");a=a.replace("-----END RSA PRIVATE KEY-----","");a=a.replace(/[ \n]+/g,"");return a}function _rsapem_getPosArrayOfChildrenFromHex(d){var j=new Array();var k=ASN1HEX.getStartPosOfV_AtObj(d,0);var f=ASN1HEX.getPosOfNextSibling_AtObj(d,k);var h=ASN1HEX.getPosOfNextSibling_AtObj(d,f);var b=ASN1HEX.getPosOfNextSibling_AtObj(d,h);var l=ASN1HEX.getPosOfNextSibling_AtObj(d,b);var e=ASN1HEX.getPosOfNextSibling_AtObj(d,l);var g=ASN1HEX.getPosOfNextSibling_AtObj(d,e);var c=ASN1HEX.getPosOfNextSibling_AtObj(d,g);var i=ASN1HEX.getPosOfNextSibling_AtObj(d,c);j.push(k,f,h,b,l,e,g,c,i);return j}function _rsapem_getHexValueArrayOfChildrenFromHex(i){var o=_rsapem_getPosArrayOfChildrenFromHex(i);var r=ASN1HEX.getHexOfV_AtObj(i,o[0]);var f=ASN1HEX.getHexOfV_AtObj(i,o[1]);var j=ASN1HEX.getHexOfV_AtObj(i,o[2]);var k=ASN1HEX.getHexOfV_AtObj(i,o[3]);var c=ASN1HEX.getHexOfV_AtObj(i,o[4]);var b=ASN1HEX.getHexOfV_AtObj(i,o[5]);var h=ASN1HEX.getHexOfV_AtObj(i,o[6]);var g=ASN1HEX.getHexOfV_AtObj(i,o[7]);var l=ASN1HEX.getHexOfV_AtObj(i,o[8]);var m=new Array();m.push(r,f,j,k,c,b,h,g,l);return m}function _rsapem_readPrivateKeyFromASN1HexString(c){var b=_rsapem_getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])}function _rsapem_readPrivateKeyFromPEMString(e){var c=_rsapem_pemToBase64(e);var d=b64tohex(c);var b=_rsapem_getHexValueArrayOfChildrenFromHex(d);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])}RSAKey.prototype.readPrivateKeyFromPEMString=_rsapem_readPrivateKeyFromPEMString;RSAKey.prototype.readPrivateKeyFromASN1HexString=_rsapem_readPrivateKeyFromASN1HexString; diff --git a/keyutil-1.0.js b/keyutil-1.0.js old mode 100755 new mode 100644 index 144ba8c7..aa5e7f74 --- a/keyutil-1.0.js +++ b/keyutil-1.0.js @@ -1,9 +1,9 @@ -/*! keyutil-1.0.4.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! keyutil-1.0.5.js (c) 2013-2014 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * keyutil.js - key utility for PKCS#1/5/8 PEM, RSA/DSA/ECDSA key object * - * Copyright (c) 2013 Kenji Urushima (kenji.urushima@gmail.com) + * Copyright (c) 2013-2014 Kenji Urushima (kenji.urushima@gmail.com) * * This software is licensed under the terms of the MIT License. * http://kjur.github.com/jsrsasign/license @@ -15,7 +15,7 @@ * @fileOverview * @name keyutil-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version keyutil 1.0.4 (2013-Oct-11) + * @version keyutil 1.0.5 (2014-Apr-18) * @since jsrsasign 4.1.4 * @license MIT License */ @@ -81,20 +81,20 @@ */ /* * DEPRECATED METHODS - * GET P8 + * GET PKCS8 * KEYUTIL.getRSAKeyFromPlainPKCS8PEM * KEYUTIL.getRSAKeyFromPlainPKCS8Hex * KEYUTIL.getRSAKeyFromEncryptedPKCS8PEM * P8 UTIL (make internal use) * KEYUTIL.getPlainPKCS8HexFromEncryptedPKCS8PEM - * GET P8 PUB + * GET PKCS8 PUB * KEYUTIL.getKeyFromPublicPKCS8PEM * KEYUTIL.getKeyFromPublicPKCS8Hex * KEYUTIL.getRSAKeyFromPublicPKCS8PEM * KEYUTIL.getRSAKeyFromPublicPKCS8Hex - * GET P5 + * GET PKCS5 * KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM - * PUT P5 + * PUT PKCS5 * KEYUTIL.getEncryptedPKCS5PEMFromRSAKey * OTHER METHODS (FOR INTERNAL?) * KEYUTIL.getHexFromPEM @@ -106,131 +106,131 @@ var KEYUTIL = function() { // ***************************************************************** // shared key decryption ------------------------------------------ var decryptAES = function(dataHex, keyHex, ivHex) { - return decryptGeneral(CryptoJS.AES, dataHex, keyHex, ivHex); + return decryptGeneral(CryptoJS.AES, dataHex, keyHex, ivHex); }; var decrypt3DES = function(dataHex, keyHex, ivHex) { - return decryptGeneral(CryptoJS.TripleDES, dataHex, keyHex, ivHex); + return decryptGeneral(CryptoJS.TripleDES, dataHex, keyHex, ivHex); }; var decryptDES = function(dataHex, keyHex, ivHex) { - return decryptGeneral(CryptoJS.DES, dataHex, keyHex, ivHex); + return decryptGeneral(CryptoJS.DES, dataHex, keyHex, ivHex); }; var decryptGeneral = function(f, dataHex, keyHex, ivHex) { - var data = CryptoJS.enc.Hex.parse(dataHex); - var key = CryptoJS.enc.Hex.parse(keyHex); - var iv = CryptoJS.enc.Hex.parse(ivHex); - var encrypted = {}; - encrypted.key = key; - encrypted.iv = iv; - encrypted.ciphertext = data; - var decrypted = f.decrypt(encrypted, key, { iv: iv }); - return CryptoJS.enc.Hex.stringify(decrypted); + var data = CryptoJS.enc.Hex.parse(dataHex); + var key = CryptoJS.enc.Hex.parse(keyHex); + var iv = CryptoJS.enc.Hex.parse(ivHex); + var encrypted = {}; + encrypted.key = key; + encrypted.iv = iv; + encrypted.ciphertext = data; + var decrypted = f.decrypt(encrypted, key, { iv: iv }); + return CryptoJS.enc.Hex.stringify(decrypted); }; // shared key decryption ------------------------------------------ var encryptAES = function(dataHex, keyHex, ivHex) { - return encryptGeneral(CryptoJS.AES, dataHex, keyHex, ivHex); + return encryptGeneral(CryptoJS.AES, dataHex, keyHex, ivHex); }; var encrypt3DES = function(dataHex, keyHex, ivHex) { - return encryptGeneral(CryptoJS.TripleDES, dataHex, keyHex, ivHex); + return encryptGeneral(CryptoJS.TripleDES, dataHex, keyHex, ivHex); }; var encryptDES = function(dataHex, keyHex, ivHex) { - return encryptGeneral(CryptoJS.DES, dataHex, keyHex, ivHex); + return encryptGeneral(CryptoJS.DES, dataHex, keyHex, ivHex); }; var encryptGeneral = function(f, dataHex, keyHex, ivHex) { - var data = CryptoJS.enc.Hex.parse(dataHex); - var key = CryptoJS.enc.Hex.parse(keyHex); - var iv = CryptoJS.enc.Hex.parse(ivHex); - var encryptedHex = f.encrypt(data, key, { iv: iv }); + var data = CryptoJS.enc.Hex.parse(dataHex); + var key = CryptoJS.enc.Hex.parse(keyHex); + var iv = CryptoJS.enc.Hex.parse(ivHex); + var encryptedHex = f.encrypt(data, key, { iv: iv }); var encryptedWA = CryptoJS.enc.Hex.parse(encryptedHex.toString()); var encryptedB64 = CryptoJS.enc.Base64.stringify(encryptedWA); - return encryptedB64; + return encryptedB64; }; // other methods and properties ---------------------------------------- var ALGLIST = { - 'AES-256-CBC': { 'proc': decryptAES, 'eproc': encryptAES, keylen: 32, ivlen: 16 }, - 'AES-192-CBC': { 'proc': decryptAES, 'eproc': encryptAES, keylen: 24, ivlen: 16 }, - 'AES-128-CBC': { 'proc': decryptAES, 'eproc': encryptAES, keylen: 16, ivlen: 16 }, - 'DES-EDE3-CBC': { 'proc': decrypt3DES, 'eproc': encrypt3DES, keylen: 24, ivlen: 8 }, - 'DES-CBC': { 'proc': decryptDES, 'eproc': encryptDES, keylen: 8, ivlen: 8 } + 'AES-256-CBC': { 'proc': decryptAES, 'eproc': encryptAES, keylen: 32, ivlen: 16 }, + 'AES-192-CBC': { 'proc': decryptAES, 'eproc': encryptAES, keylen: 24, ivlen: 16 }, + 'AES-128-CBC': { 'proc': decryptAES, 'eproc': encryptAES, keylen: 16, ivlen: 16 }, + 'DES-EDE3-CBC': { 'proc': decrypt3DES, 'eproc': encrypt3DES, keylen: 24, ivlen: 8 }, + 'DES-CBC': { 'proc': decryptDES, 'eproc': encryptDES, keylen: 8, ivlen: 8 } }; var getFuncByName = function(algName) { - return ALGLIST[algName]['proc']; + return ALGLIST[algName]['proc']; }; var _generateIvSaltHex = function(numBytes) { - var wa = CryptoJS.lib.WordArray.random(numBytes); - var hex = CryptoJS.enc.Hex.stringify(wa); - return hex; + var wa = CryptoJS.lib.WordArray.random(numBytes); + var hex = CryptoJS.enc.Hex.stringify(wa); + return hex; }; var _parsePKCS5PEM = function(sPKCS5PEM) { - var info = {}; - if (sPKCS5PEM.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)", "m"))) { - info.cipher = RegExp.$1; - info.ivsalt = RegExp.$2; - } - if (sPKCS5PEM.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"))) { - info.type = RegExp.$1; - } - var i1 = -1; - var lenNEWLINE = 0; - if (sPKCS5PEM.indexOf("\r\n\r\n") != -1) { - i1 = sPKCS5PEM.indexOf("\r\n\r\n"); - lenNEWLINE = 2; - } - if (sPKCS5PEM.indexOf("\n\n") != -1) { - i1 = sPKCS5PEM.indexOf("\n\n"); - lenNEWLINE = 1; - } - var i2 = sPKCS5PEM.indexOf("-----END"); - if (i1 != -1 && i2 != -1) { - var s = sPKCS5PEM.substring(i1 + lenNEWLINE * 2, i2 - lenNEWLINE); - s = s.replace(/\s+/g, ''); - info.data = s; - } - return info; + var info = {}; + if (sPKCS5PEM.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)", "m"))) { + info.cipher = RegExp.$1; + info.ivsalt = RegExp.$2; + } + if (sPKCS5PEM.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"))) { + info.type = RegExp.$1; + } + var i1 = -1; + var lenNEWLINE = 0; + if (sPKCS5PEM.indexOf("\r\n\r\n") != -1) { + i1 = sPKCS5PEM.indexOf("\r\n\r\n"); + lenNEWLINE = 2; + } + if (sPKCS5PEM.indexOf("\n\n") != -1) { + i1 = sPKCS5PEM.indexOf("\n\n"); + lenNEWLINE = 1; + } + var i2 = sPKCS5PEM.indexOf("-----END"); + if (i1 != -1 && i2 != -1) { + var s = sPKCS5PEM.substring(i1 + lenNEWLINE * 2, i2 - lenNEWLINE); + s = s.replace(/\s+/g, ''); + info.data = s; + } + return info; }; var _getKeyAndUnusedIvByPasscodeAndIvsalt = function(algName, passcode, ivsaltHex) { - //alert("ivsaltHex(2) = " + ivsaltHex); - var saltHex = ivsaltHex.substring(0, 16); - //alert("salt = " + saltHex); + //alert("ivsaltHex(2) = " + ivsaltHex); + var saltHex = ivsaltHex.substring(0, 16); + //alert("salt = " + saltHex); - var salt = CryptoJS.enc.Hex.parse(saltHex); - var data = CryptoJS.enc.Utf8.parse(passcode); - //alert("salt = " + salt); - //alert("data = " + data); - - var nRequiredBytes = ALGLIST[algName]['keylen'] + ALGLIST[algName]['ivlen']; - var hHexValueJoined = ''; - var hLastValue = null; - //alert("nRequiredBytes = " + nRequiredBytes); - for (;;) { - var h = CryptoJS.algo.MD5.create(); - if (hLastValue != null) { - h.update(hLastValue); - } - h.update(data); - h.update(salt); - hLastValue = h.finalize(); - hHexValueJoined = hHexValueJoined + CryptoJS.enc.Hex.stringify(hLastValue); - //alert("joined = " + hHexValueJoined); - if (hHexValueJoined.length >= nRequiredBytes * 2) { - break; - } - } - var result = {}; - result.keyhex = hHexValueJoined.substr(0, ALGLIST[algName]['keylen'] * 2); - result.ivhex = hHexValueJoined.substr(ALGLIST[algName]['keylen'] * 2, ALGLIST[algName]['ivlen'] * 2); - return result; + var salt = CryptoJS.enc.Hex.parse(saltHex); + var data = CryptoJS.enc.Utf8.parse(passcode); + //alert("salt = " + salt); + //alert("data = " + data); + + var nRequiredBytes = ALGLIST[algName]['keylen'] + ALGLIST[algName]['ivlen']; + var hHexValueJoined = ''; + var hLastValue = null; + //alert("nRequiredBytes = " + nRequiredBytes); + for (;;) { + var h = CryptoJS.algo.MD5.create(); + if (hLastValue != null) { + h.update(hLastValue); + } + h.update(data); + h.update(salt); + hLastValue = h.finalize(); + hHexValueJoined = hHexValueJoined + CryptoJS.enc.Hex.stringify(hLastValue); + //alert("joined = " + hHexValueJoined); + if (hHexValueJoined.length >= nRequiredBytes * 2) { + break; + } + } + var result = {}; + result.keyhex = hHexValueJoined.substr(0, ALGLIST[algName]['keylen'] * 2); + result.ivhex = hHexValueJoined.substr(ALGLIST[algName]['keylen'] * 2, ALGLIST[algName]['ivlen'] * 2); + return result; }; /* @@ -241,11 +241,11 @@ var KEYUTIL = function() { * @param {String} hexadecimal string of decrypted private key */ var _decryptKeyB64 = function(privateKeyB64, sharedKeyAlgName, sharedKeyHex, ivsaltHex) { - var privateKeyWA = CryptoJS.enc.Base64.parse(privateKeyB64); - var privateKeyHex = CryptoJS.enc.Hex.stringify(privateKeyWA); - var f = ALGLIST[sharedKeyAlgName]['proc']; - var decryptedKeyHex = f(privateKeyHex, sharedKeyHex, ivsaltHex); - return decryptedKeyHex; + var privateKeyWA = CryptoJS.enc.Base64.parse(privateKeyB64); + var privateKeyHex = CryptoJS.enc.Hex.stringify(privateKeyWA); + var f = ALGLIST[sharedKeyAlgName]['proc']; + var decryptedKeyHex = f(privateKeyHex, sharedKeyHex, ivsaltHex); + return decryptedKeyHex; }; /* @@ -256,9 +256,9 @@ var KEYUTIL = function() { * @param {String} base64 string of encrypted private key */ var _encryptKeyHex = function(privateKeyHex, sharedKeyAlgName, sharedKeyHex, ivsaltHex) { - var f = ALGLIST[sharedKeyAlgName]['eproc']; - var encryptedKeyB64 = f(privateKeyHex, sharedKeyHex, ivsaltHex); - return encryptedKeyB64; + var f = ALGLIST[sharedKeyAlgName]['eproc']; + var encryptedKeyB64 = f(privateKeyHex, sharedKeyHex, ivsaltHex); + return encryptedKeyB64; }; // ***************************************************************** @@ -266,558 +266,558 @@ var KEYUTIL = function() { // ***************************************************************** return { // -- UTILITY METHODS ------------------------------------------------------------ - /** + /** * decrypt private key by shared key - * @name version - * @memberOf KEYUTIL - * @property {String} version - * @description version string of KEYUTIL class - */ - version: "1.0.0", - - /** + * @name version + * @memberOf KEYUTIL + * @property {String} version + * @description version string of KEYUTIL class + */ + version: "1.0.0", + + /** * get hexacedimal string of PEM format - * @name getHexFromPEM - * @memberOf KEYUTIL - * @function - * @param {String} sPEM PEM formatted string - * @param {String} sHead PEM header string without BEGIN/END - * @return {String} hexadecimal string data of PEM contents - * @since pkcs5pkey 1.0.5 - */ + * @name getHexFromPEM + * @memberOf KEYUTIL + * @function + * @param {String} sPEM PEM formatted string + * @param {String} sHead PEM header string without BEGIN/END + * @return {String} hexadecimal string data of PEM contents + * @since pkcs5pkey 1.0.5 + */ getHexFromPEM: function(sPEM, sHead) { - var s = sPEM; - if (s.indexOf("BEGIN " + sHead) == -1) { - throw "can't find PEM header: " + sHead; - } - s = s.replace("-----BEGIN " + sHead + "-----", ""); - s = s.replace("-----END " + sHead + "-----", ""); - var sB64 = s.replace(/\s+/g, ''); + var s = sPEM; + if (s.indexOf("BEGIN " + sHead) == -1) { + throw "can't find PEM header: " + sHead; + } + s = s.replace("-----BEGIN " + sHead + "-----", ""); + s = s.replace("-----END " + sHead + "-----", ""); + var sB64 = s.replace(/\s+/g, ''); var dataHex = b64tohex(sB64); - return dataHex; - }, + return dataHex; + }, - /** + /** * decrypt private key by shared key - * @name getDecryptedKeyHexByKeyIV - * @memberOf KEYUTIL - * @function - * @param {String} encryptedKeyHex hexadecimal string of encrypted private key - * @param {String} algName name of symmetric key algorithm (ex. 'DES-EBE3-CBC') - * @param {String} sharedKeyHex hexadecimal string of symmetric key - * @param {String} ivHex hexadecimal string of initial vector(IV). - * @return {String} hexadecimal string of decrypted privated key - */ - getDecryptedKeyHexByKeyIV: function(encryptedKeyHex, algName, sharedKeyHex, ivHex) { - var f1 = getFuncByName(algName); - return f1(encryptedKeyHex, sharedKeyHex, ivHex); - }, - - /** + * @name getDecryptedKeyHexByKeyIV + * @memberOf KEYUTIL + * @function + * @param {String} encryptedKeyHex hexadecimal string of encrypted private key + * @param {String} algName name of symmetric key algorithm (ex. 'DES-EBE3-CBC') + * @param {String} sharedKeyHex hexadecimal string of symmetric key + * @param {String} ivHex hexadecimal string of initial vector(IV). + * @return {String} hexadecimal string of decrypted privated key + */ + getDecryptedKeyHexByKeyIV: function(encryptedKeyHex, algName, sharedKeyHex, ivHex) { + var f1 = getFuncByName(algName); + return f1(encryptedKeyHex, sharedKeyHex, ivHex); + }, + + /** * parse PEM formatted passcode protected PKCS#5 private key - * @name parsePKCS5PEM - * @memberOf KEYUTIL - * @function - * @param {String} sEncryptedPEM PEM formatted protected passcode protected PKCS#5 private key - * @return {Hash} hash of key information - * @description + * @name parsePKCS5PEM + * @memberOf KEYUTIL + * @function + * @param {String} sEncryptedPEM PEM formatted protected passcode protected PKCS#5 private key + * @return {Hash} hash of key information + * @description * Resulted hash has following attributes. - *

        - *
      • cipher - symmetric key algorithm name (ex. 'DES-EBE3-CBC', 'AES-256-CBC')
        • - *
      • ivsalt - IV used for decrypt. Its heading 8 bytes will be used for passcode salt.
        • - *
      • type - asymmetric key algorithm name of private key described in PEM header.
        • - *
      • data - base64 encoded encrypted private key.
        • - *
      + *
        + *
      • cipher - symmetric key algorithm name (ex. 'DES-EBE3-CBC', 'AES-256-CBC')
        • + *
      • ivsalt - IV used for decrypt. Its heading 8 bytes will be used for passcode salt.
        • + *
      • type - asymmetric key algorithm name of private key described in PEM header.
        • + *
      • data - base64 encoded encrypted private key.
        • + *
      * - */ + */ parsePKCS5PEM: function(sPKCS5PEM) { - return _parsePKCS5PEM(sPKCS5PEM); - }, + return _parsePKCS5PEM(sPKCS5PEM); + }, - /** + /** * the same function as OpenSSL EVP_BytsToKey to generate shared key and IV - * @name getKeyAndUnusedIvByPasscodeAndIvsalt - * @memberOf KEYUTIL - * @function - * @param {String} algName name of symmetric key algorithm (ex. 'DES-EBE3-CBC') - * @param {String} passcode passcode to decrypt private key (ex. 'password') - * @param {String} hexadecimal string of IV. heading 8 bytes will be used for passcode salt - * @return {Hash} hash of key and unused IV (ex. {keyhex:2fe3..., ivhex:3fad..}) - */ - getKeyAndUnusedIvByPasscodeAndIvsalt: function(algName, passcode, ivsaltHex) { - return _getKeyAndUnusedIvByPasscodeAndIvsalt(algName, passcode, ivsaltHex); - }, + * @name getKeyAndUnusedIvByPasscodeAndIvsalt + * @memberOf KEYUTIL + * @function + * @param {String} algName name of symmetric key algorithm (ex. 'DES-EBE3-CBC') + * @param {String} passcode passcode to decrypt private key (ex. 'password') + * @param {String} hexadecimal string of IV. heading 8 bytes will be used for passcode salt + * @return {Hash} hash of key and unused IV (ex. {keyhex:2fe3..., ivhex:3fad..}) + */ + getKeyAndUnusedIvByPasscodeAndIvsalt: function(algName, passcode, ivsaltHex) { + return _getKeyAndUnusedIvByPasscodeAndIvsalt(algName, passcode, ivsaltHex); + }, decryptKeyB64: function(privateKeyB64, sharedKeyAlgName, sharedKeyHex, ivsaltHex) { - return _decryptKeyB64(privateKeyB64, sharedKeyAlgName, sharedKeyHex, ivsaltHex); + return _decryptKeyB64(privateKeyB64, sharedKeyAlgName, sharedKeyHex, ivsaltHex); }, - /** + /** * decrypt PEM formatted protected PKCS#5 private key with passcode - * @name getDecryptedKeyHex - * @memberOf KEYUTIL - * @function - * @param {String} sEncryptedPEM PEM formatted protected passcode protected PKCS#5 private key - * @param {String} passcode passcode to decrypt private key (ex. 'password') - * @return {String} hexadecimal string of decrypted RSA priavte key - */ - getDecryptedKeyHex: function(sEncryptedPEM, passcode) { - // 1. parse pem - var info = _parsePKCS5PEM(sEncryptedPEM); - var publicKeyAlgName = info.type; - var sharedKeyAlgName = info.cipher; - var ivsaltHex = info.ivsalt; - var privateKeyB64 = info.data; - //alert("ivsaltHex = " + ivsaltHex); - - // 2. generate shared key - var sharedKeyInfo = _getKeyAndUnusedIvByPasscodeAndIvsalt(sharedKeyAlgName, passcode, ivsaltHex); - var sharedKeyHex = sharedKeyInfo.keyhex; - //alert("sharedKeyHex = " + sharedKeyHex); - - // 3. decrypt private key + * @name getDecryptedKeyHex + * @memberOf KEYUTIL + * @function + * @param {String} sEncryptedPEM PEM formatted protected passcode protected PKCS#5 private key + * @param {String} passcode passcode to decrypt private key (ex. 'password') + * @return {String} hexadecimal string of decrypted RSA priavte key + */ + getDecryptedKeyHex: function(sEncryptedPEM, passcode) { + // 1. parse pem + var info = _parsePKCS5PEM(sEncryptedPEM); + var publicKeyAlgName = info.type; + var sharedKeyAlgName = info.cipher; + var ivsaltHex = info.ivsalt; + var privateKeyB64 = info.data; + //alert("ivsaltHex = " + ivsaltHex); + + // 2. generate shared key + var sharedKeyInfo = _getKeyAndUnusedIvByPasscodeAndIvsalt(sharedKeyAlgName, passcode, ivsaltHex); + var sharedKeyHex = sharedKeyInfo.keyhex; + //alert("sharedKeyHex = " + sharedKeyHex); + + // 3. decrypt private key var decryptedKey = _decryptKeyB64(privateKeyB64, sharedKeyAlgName, sharedKeyHex, ivsaltHex); - return decryptedKey; - }, + return decryptedKey; + }, - /** + /** * (DEPRECATED) read PEM formatted encrypted PKCS#5 private key and returns RSAKey object - * @name getRSAKeyFromEncryptedPKCS5PEM - * @memberOf KEYUTIL - * @function - * @param {String} sEncryptedP5PEM PEM formatted encrypted PKCS#5 private key - * @param {String} passcode passcode to decrypt private key - * @return {RSAKey} loaded RSAKey object of RSA private key + * @name getRSAKeyFromEncryptedPKCS5PEM + * @memberOf KEYUTIL + * @function + * @param {String} sEncryptedP5PEM PEM formatted encrypted PKCS#5 private key + * @param {String} passcode passcode to decrypt private key + * @return {RSAKey} loaded RSAKey object of RSA private key * @since pkcs5pkey 1.0.2 - * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}. - */ - getRSAKeyFromEncryptedPKCS5PEM: function(sEncryptedP5PEM, passcode) { - var hPKey = this.getDecryptedKeyHex(sEncryptedP5PEM, passcode); - var rsaKey = new RSAKey(); - rsaKey.readPrivateKeyFromASN1HexString(hPKey); - return rsaKey; - }, - - /* + * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}. + */ + getRSAKeyFromEncryptedPKCS5PEM: function(sEncryptedP5PEM, passcode) { + var hPKey = this.getDecryptedKeyHex(sEncryptedP5PEM, passcode); + var rsaKey = new RSAKey(); + rsaKey.readPrivateKeyFromASN1HexString(hPKey); + return rsaKey; + }, + + /* * get PEM formatted encrypted PKCS#5 private key from hexadecimal string of plain private key - * @name getEncryptedPKCS5PEMFromPrvKeyHex - * @memberOf KEYUTIL - * @function - * @param {String} pemHeadAlg algorithm name in the pem header (i.e. RSA,EC or DSA) - * @param {String} hPrvKey hexadecimal string of plain private key - * @param {String} passcode pass code to protect private key (ex. password) - * @param {String} sharedKeyAlgName algorithm name to protect private key (ex. AES-256-CBC) - * @param {String} ivsaltHex hexadecimal string of IV and salt - * @return {String} string of PEM formatted encrypted PKCS#5 private key + * @name getEncryptedPKCS5PEMFromPrvKeyHex + * @memberOf KEYUTIL + * @function + * @param {String} pemHeadAlg algorithm name in the pem header (i.e. RSA,EC or DSA) + * @param {String} hPrvKey hexadecimal string of plain private key + * @param {String} passcode pass code to protect private key (ex. password) + * @param {String} sharedKeyAlgName algorithm name to protect private key (ex. AES-256-CBC) + * @param {String} ivsaltHex hexadecimal string of IV and salt + * @return {String} string of PEM formatted encrypted PKCS#5 private key * @since pkcs5pkey 1.0.2 - * @description - *
      - * generate PEM formatted encrypted PKCS#5 private key by hexadecimal string encoded - * ASN.1 object of plain RSA private key. - * Following arguments can be omitted. - *
        - *
      • alg - AES-256-CBC will be used if omitted.
        • - *
      • ivsaltHex - automatically generate IV and salt which length depends on algorithm
        • - *
      - * NOTE1: DES-CBC, DES-EDE3-CBC, AES-{128,192.256}-CBC algorithm are supported. - * @example - * var pem = + * @description + *
      + * generate PEM formatted encrypted PKCS#5 private key by hexadecimal string encoded + * ASN.1 object of plain RSA private key. + * Following arguments can be omitted. + *
        + *
      • alg - AES-256-CBC will be used if omitted.
        • + *
      • ivsaltHex - automatically generate IV and salt which length depends on algorithm
        • + *
      + * NOTE1: DES-CBC, DES-EDE3-CBC, AES-{128,192.256}-CBC algorithm are supported. + * @example + * var pem = * KEYUTIL.getEncryptedPKCS5PEMFromPrvKeyHex(plainKeyHex, "password"); - * var pem2 = + * var pem2 = * KEYUTIL.getEncryptedPKCS5PEMFromPrvKeyHex(plainKeyHex, "password", "AES-128-CBC"); - * var pem3 = + * var pem3 = * KEYUTIL.getEncryptedPKCS5PEMFromPrvKeyHex(plainKeyHex, "password", "AES-128-CBC", "1f3d02..."); - */ - getEncryptedPKCS5PEMFromPrvKeyHex: function(pemHeadAlg, hPrvKey, passcode, sharedKeyAlgName, ivsaltHex) { - var sPEM = ""; - - // 1. set sharedKeyAlgName if undefined (default AES-256-CBC) - if (typeof sharedKeyAlgName == "undefined" || sharedKeyAlgName == null) { - sharedKeyAlgName = "AES-256-CBC"; - } - if (typeof ALGLIST[sharedKeyAlgName] == "undefined") - throw "KEYUTIL unsupported algorithm: " + sharedKeyAlgName; - - // 2. set ivsaltHex if undefined - if (typeof ivsaltHex == "undefined" || ivsaltHex == null) { - var ivlen = ALGLIST[sharedKeyAlgName]['ivlen']; - var randIV = _generateIvSaltHex(ivlen); - ivsaltHex = randIV.toUpperCase(); - } - - // 3. get shared key + */ + getEncryptedPKCS5PEMFromPrvKeyHex: function(pemHeadAlg, hPrvKey, passcode, sharedKeyAlgName, ivsaltHex) { + var sPEM = ""; + + // 1. set sharedKeyAlgName if undefined (default AES-256-CBC) + if (typeof sharedKeyAlgName == "undefined" || sharedKeyAlgName == null) { + sharedKeyAlgName = "AES-256-CBC"; + } + if (typeof ALGLIST[sharedKeyAlgName] == "undefined") + throw "KEYUTIL unsupported algorithm: " + sharedKeyAlgName; + + // 2. set ivsaltHex if undefined + if (typeof ivsaltHex == "undefined" || ivsaltHex == null) { + var ivlen = ALGLIST[sharedKeyAlgName]['ivlen']; + var randIV = _generateIvSaltHex(ivlen); + ivsaltHex = randIV.toUpperCase(); + } + + // 3. get shared key //alert("ivsalthex=" + ivsaltHex); - var sharedKeyInfo = _getKeyAndUnusedIvByPasscodeAndIvsalt(sharedKeyAlgName, passcode, ivsaltHex); - var sharedKeyHex = sharedKeyInfo.keyhex; - // alert("sharedKeyHex = " + sharedKeyHex); + var sharedKeyInfo = _getKeyAndUnusedIvByPasscodeAndIvsalt(sharedKeyAlgName, passcode, ivsaltHex); + var sharedKeyHex = sharedKeyInfo.keyhex; + // alert("sharedKeyHex = " + sharedKeyHex); // 3. get encrypted Key in Base64 var encryptedKeyB64 = _encryptKeyHex(hPrvKey, sharedKeyAlgName, sharedKeyHex, ivsaltHex); - var pemBody = encryptedKeyB64.replace(/(.{64})/g, "$1\r\n"); - var sPEM = "-----BEGIN " + pemHeadAlg + " PRIVATE KEY-----\r\n"; - sPEM += "Proc-Type: 4,ENCRYPTED\r\n"; - sPEM += "DEK-Info: " + sharedKeyAlgName + "," + ivsaltHex + "\r\n"; - sPEM += "\r\n"; - sPEM += pemBody; - sPEM += "\r\n-----END " + pemHeadAlg + " PRIVATE KEY-----\r\n"; + var pemBody = encryptedKeyB64.replace(/(.{64})/g, "$1\r\n"); + var sPEM = "-----BEGIN " + pemHeadAlg + " PRIVATE KEY-----\r\n"; + sPEM += "Proc-Type: 4,ENCRYPTED\r\n"; + sPEM += "DEK-Info: " + sharedKeyAlgName + "," + ivsaltHex + "\r\n"; + sPEM += "\r\n"; + sPEM += pemBody; + sPEM += "\r\n-----END " + pemHeadAlg + " PRIVATE KEY-----\r\n"; - return sPEM; + return sPEM; }, - /** + /** * (DEPRECATED) get PEM formatted encrypted PKCS#5 private key from RSAKey object of private key - * @name getEncryptedPKCS5PEMFromRSAKey - * @memberOf KEYUTIL - * @function - * @param {RSAKey} pKey RSAKey object of private key - * @param {String} passcode pass code to protect private key (ex. password) - * @param {String} alg algorithm name to protect private key (default AES-256-CBC) - * @param {String} ivsaltHex hexadecimal string of IV and salt (default generated random IV) - * @return {String} string of PEM formatted encrypted PKCS#5 private key + * @name getEncryptedPKCS5PEMFromRSAKey + * @memberOf KEYUTIL + * @function + * @param {RSAKey} pKey RSAKey object of private key + * @param {String} passcode pass code to protect private key (ex. password) + * @param {String} alg algorithm name to protect private key (default AES-256-CBC) + * @param {String} ivsaltHex hexadecimal string of IV and salt (default generated random IV) + * @return {String} string of PEM formatted encrypted PKCS#5 private key * @since pkcs5pkey 1.0.2 - * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getPEM#}. - * @description - *
      - * generate PEM formatted encrypted PKCS#5 private key by - * {@link RSAKey} object of RSA private key and passcode. - * Following argument can be omitted. - *
        - *
      • alg - AES-256-CBC will be used if omitted.
        • - *
      • ivsaltHex - automatically generate IV and salt which length depends on algorithm
        • - *
      - * @example - * var pkey = new RSAKey(); - * pkey.generate(1024, '10001'); // generate 1024bit RSA private key with public exponent 'x010001' - * var pem = KEYUTIL.getEncryptedPKCS5PEMFromRSAKey(pkey, "password"); - */ + * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getPEM#}. + * @description + *
      + * generate PEM formatted encrypted PKCS#5 private key by + * {@link RSAKey} object of RSA private key and passcode. + * Following argument can be omitted. + *
        + *
      • alg - AES-256-CBC will be used if omitted.
        • + *
      • ivsaltHex - automatically generate IV and salt which length depends on algorithm
        • + *
      + * @example + * var pkey = new RSAKey(); + * pkey.generate(1024, '10001'); // generate 1024bit RSA private key with public exponent 'x010001' + * var pem = KEYUTIL.getEncryptedPKCS5PEMFromRSAKey(pkey, "password"); + */ getEncryptedPKCS5PEMFromRSAKey: function(pKey, passcode, alg, ivsaltHex) { - var version = new KJUR.asn1.DERInteger({'int': 0}); - var n = new KJUR.asn1.DERInteger({'bigint': pKey.n}); - var e = new KJUR.asn1.DERInteger({'int': pKey.e}); - var d = new KJUR.asn1.DERInteger({'bigint': pKey.d}); - var p = new KJUR.asn1.DERInteger({'bigint': pKey.p}); - var q = new KJUR.asn1.DERInteger({'bigint': pKey.q}); - var dmp1 = new KJUR.asn1.DERInteger({'bigint': pKey.dmp1}); - var dmq1 = new KJUR.asn1.DERInteger({'bigint': pKey.dmq1}); - var coeff = new KJUR.asn1.DERInteger({'bigint': pKey.coeff}); - var seq = new KJUR.asn1.DERSequence({'array': [version, n, e, d, p, q, dmp1, dmq1, coeff]}); - var hex = seq.getEncodedHex(); - return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA", hex, passcode, alg, ivsaltHex); + var version = new KJUR.asn1.DERInteger({'int': 0}); + var n = new KJUR.asn1.DERInteger({'bigint': pKey.n}); + var e = new KJUR.asn1.DERInteger({'int': pKey.e}); + var d = new KJUR.asn1.DERInteger({'bigint': pKey.d}); + var p = new KJUR.asn1.DERInteger({'bigint': pKey.p}); + var q = new KJUR.asn1.DERInteger({'bigint': pKey.q}); + var dmp1 = new KJUR.asn1.DERInteger({'bigint': pKey.dmp1}); + var dmq1 = new KJUR.asn1.DERInteger({'bigint': pKey.dmq1}); + var coeff = new KJUR.asn1.DERInteger({'bigint': pKey.coeff}); + var seq = new KJUR.asn1.DERSequence({'array': [version, n, e, d, p, q, dmp1, dmq1, coeff]}); + var hex = seq.getEncodedHex(); + return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA", hex, passcode, alg, ivsaltHex); }, - /** + /** * generate RSAKey and PEM formatted encrypted PKCS#5 private key - * @name newEncryptedPKCS5PEM - * @memberOf KEYUTIL - * @function - * @param {String} passcode pass code to protect private key (ex. password) - * @param {Integer} keyLen key bit length of RSA key to be generated. (default 1024) - * @param {String} hPublicExponent hexadecimal string of public exponent (default 10001) - * @param {String} alg shared key algorithm to encrypt private key (default AES-258-CBC) - * @return {String} string of PEM formatted encrypted PKCS#5 private key + * @name newEncryptedPKCS5PEM + * @memberOf KEYUTIL + * @function + * @param {String} passcode pass code to protect private key (ex. password) + * @param {Integer} keyLen key bit length of RSA key to be generated. (default 1024) + * @param {String} hPublicExponent hexadecimal string of public exponent (default 10001) + * @param {String} alg shared key algorithm to encrypt private key (default AES-258-CBC) + * @return {String} string of PEM formatted encrypted PKCS#5 private key * @since pkcs5pkey 1.0.2 - * @example - * var pem1 = KEYUTIL.newEncryptedPKCS5PEM("password"); // RSA1024bit/10001/AES-256-CBC - * var pem2 = KEYUTIL.newEncryptedPKCS5PEM("password", 512); // RSA 512bit/10001/AES-256-CBC - * var pem3 = KEYUTIL.newEncryptedPKCS5PEM("password", 512, '3'); // RSA 512bit/ 3/AES-256-CBC - */ - newEncryptedPKCS5PEM: function(passcode, keyLen, hPublicExponent, alg) { - if (typeof keyLen == "undefined" || keyLen == null) { - keyLen = 1024; - } - if (typeof hPublicExponent == "undefined" || hPublicExponent == null) { - hPublicExponent = '10001'; - } - var pKey = new RSAKey(); - pKey.generate(keyLen, hPublicExponent); - var pem = null; - if (typeof alg == "undefined" || alg == null) { - pem = this.getEncryptedPKCS5PEMFromRSAKey(pKey, passcode); - } else { - pem = this.getEncryptedPKCS5PEMFromRSAKey(pKey, passcode, alg); - } - return pem; + * @example + * var pem1 = KEYUTIL.newEncryptedPKCS5PEM("password"); // RSA1024bit/10001/AES-256-CBC + * var pem2 = KEYUTIL.newEncryptedPKCS5PEM("password", 512); // RSA 512bit/10001/AES-256-CBC + * var pem3 = KEYUTIL.newEncryptedPKCS5PEM("password", 512, '3'); // RSA 512bit/ 3/AES-256-CBC + */ + newEncryptedPKCS5PEM: function(passcode, keyLen, hPublicExponent, alg) { + if (typeof keyLen == "undefined" || keyLen == null) { + keyLen = 1024; + } + if (typeof hPublicExponent == "undefined" || hPublicExponent == null) { + hPublicExponent = '10001'; + } + var pKey = new RSAKey(); + pKey.generate(keyLen, hPublicExponent); + var pem = null; + if (typeof alg == "undefined" || alg == null) { + pem = this.getEncryptedPKCS5PEMFromRSAKey(pKey, passcode); + } else { + pem = this.getEncryptedPKCS5PEMFromRSAKey(pKey, passcode, alg); + } + return pem; }, - // === PKCS8 =============================================================== + // === PKCS8 =============================================================== - /** + /** * (DEPRECATED) read PEM formatted unencrypted PKCS#8 private key and returns RSAKey object - * @name getRSAKeyFromPlainPKCS8PEM - * @memberOf KEYUTIL - * @function - * @param {String} pkcs8PEM PEM formatted unencrypted PKCS#8 private key - * @return {RSAKey} loaded RSAKey object of RSA private key + * @name getRSAKeyFromPlainPKCS8PEM + * @memberOf KEYUTIL + * @function + * @param {String} pkcs8PEM PEM formatted unencrypted PKCS#8 private key + * @return {RSAKey} loaded RSAKey object of RSA private key * @since pkcs5pkey 1.0.1 - * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}. - */ + * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}. + */ getRSAKeyFromPlainPKCS8PEM: function(pkcs8PEM) { if (pkcs8PEM.match(/ENCRYPTED/)) throw "pem shall be not ENCRYPTED"; var prvKeyHex = this.getHexFromPEM(pkcs8PEM, "PRIVATE KEY"); var rsaKey = this.getRSAKeyFromPlainPKCS8Hex(prvKeyHex); - return rsaKey; + return rsaKey; }, - /** + /** * (DEPRECATED) provide hexadecimal string of unencrypted PKCS#8 private key and returns RSAKey object - * @name getRSAKeyFromPlainPKCS8Hex - * @memberOf KEYUTIL - * @function - * @param {String} prvKeyHex hexadecimal string of unencrypted PKCS#8 private key - * @return {RSAKey} loaded RSAKey object of RSA private key + * @name getRSAKeyFromPlainPKCS8Hex + * @memberOf KEYUTIL + * @function + * @param {String} prvKeyHex hexadecimal string of unencrypted PKCS#8 private key + * @return {RSAKey} loaded RSAKey object of RSA private key * @since pkcs5pkey 1.0.3 - * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}. - */ + * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}. + */ getRSAKeyFromPlainPKCS8Hex: function(prvKeyHex) { - var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(prvKeyHex, 0); - if (a1.length != 3) - throw "outer DERSequence shall have 3 elements: " + a1.length; + var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(prvKeyHex, 0); + if (a1.length != 3) + throw "outer DERSequence shall have 3 elements: " + a1.length; var algIdTLV =ASN1HEX.getHexOfTLV_AtObj(prvKeyHex, a1[1]); - if (algIdTLV != "300d06092a864886f70d0101010500") // AlgId rsaEncryption - throw "PKCS8 AlgorithmIdentifier is not rsaEnc: " + algIdTLV; + if (algIdTLV != "300d06092a864886f70d0101010500") // AlgId rsaEncryption + throw "PKCS8 AlgorithmIdentifier is not rsaEnc: " + algIdTLV; var algIdTLV = ASN1HEX.getHexOfTLV_AtObj(prvKeyHex, a1[1]); - var octetStr = ASN1HEX.getHexOfTLV_AtObj(prvKeyHex, a1[2]); - var p5KeyHex = ASN1HEX.getHexOfV_AtObj(octetStr, 0); + var octetStr = ASN1HEX.getHexOfTLV_AtObj(prvKeyHex, a1[2]); + var p5KeyHex = ASN1HEX.getHexOfV_AtObj(octetStr, 0); //alert(p5KeyHex); - var rsaKey = new RSAKey(); - rsaKey.readPrivateKeyFromASN1HexString(p5KeyHex); - return rsaKey; + var rsaKey = new RSAKey(); + rsaKey.readPrivateKeyFromASN1HexString(p5KeyHex); + return rsaKey; }, - /** + /** * generate PBKDF2 key hexstring with specified passcode and information - * @name parseHexOfEncryptedPKCS8 - * @memberOf KEYUTIL - * @function - * @param {String} passcode passcode to decrypto private key - * @return {Array} info associative array of PKCS#8 parameters + * @name parseHexOfEncryptedPKCS8 + * @memberOf KEYUTIL + * @function + * @param {String} passcode passcode to decrypto private key + * @return {Array} info associative array of PKCS#8 parameters * @since pkcs5pkey 1.0.3 - * @description - * The associative array which is returned by this method has following properties: - *
        - *
      • info.pbkdf2Salt - hexadecimal string of PBKDF2 salt
        • - *
      • info.pkbdf2Iter - iteration count
        • - *
      • info.ciphertext - hexadecimal string of encrypted private key
        • - *
      • info.encryptionSchemeAlg - encryption algorithm name (currently TripleDES only)
        • - *
      • info.encryptionSchemeIV - initial vector for encryption algorithm
        • - *
      - * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES. - *
        - *
      • keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1
        • - *
      • encryptionScheme = des-EDE3-CBC(i.e. TripleDES
        • - *
      - * @example - * // to convert plain PKCS#5 private key to encrypted PKCS#8 private - * // key with PBKDF2 with TripleDES - * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem - */ + * @description + * The associative array which is returned by this method has following properties: + *
        + *
      • info.pbkdf2Salt - hexadecimal string of PBKDF2 salt
        • + *
      • info.pkbdf2Iter - iteration count
        • + *
      • info.ciphertext - hexadecimal string of encrypted private key
        • + *
      • info.encryptionSchemeAlg - encryption algorithm name (currently TripleDES only)
        • + *
      • info.encryptionSchemeIV - initial vector for encryption algorithm
        • + *
      + * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES. + *
        + *
      • keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1
        • + *
      • encryptionScheme = des-EDE3-CBC(i.e. TripleDES
        • + *
      + * @example + * // to convert plain PKCS#5 private key to encrypted PKCS#8 private + * // key with PBKDF2 with TripleDES + * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem + */ parseHexOfEncryptedPKCS8: function(sHEX) { var info = {}; - - var a0 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, 0); - if (a0.length != 2) - throw "malformed format: SEQUENCE(0).items != 2: " + a0.length; + + var a0 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, 0); + if (a0.length != 2) + throw "malformed format: SEQUENCE(0).items != 2: " + a0.length; - // 1. ciphertext - info.ciphertext = ASN1HEX.getHexOfV_AtObj(sHEX, a0[1]); + // 1. ciphertext + info.ciphertext = ASN1HEX.getHexOfV_AtObj(sHEX, a0[1]); - // 2. pkcs5PBES2 - var a0_0 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0[0]); - if (a0_0.length != 2) - throw "malformed format: SEQUENCE(0.0).items != 2: " + a0_0.length; + // 2. pkcs5PBES2 + var a0_0 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0[0]); + if (a0_0.length != 2) + throw "malformed format: SEQUENCE(0.0).items != 2: " + a0_0.length; - // 2.1 check if pkcs5PBES2(1 2 840 113549 1 5 13) - if (ASN1HEX.getHexOfV_AtObj(sHEX, a0_0[0]) != "2a864886f70d01050d") - throw "this only supports pkcs5PBES2"; + // 2.1 check if pkcs5PBES2(1 2 840 113549 1 5 13) + if (ASN1HEX.getHexOfV_AtObj(sHEX, a0_0[0]) != "2a864886f70d01050d") + throw "this only supports pkcs5PBES2"; - // 2.2 pkcs5PBES2 param + // 2.2 pkcs5PBES2 param var a0_0_1 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0[1]); - if (a0_0.length != 2) - throw "malformed format: SEQUENCE(0.0.1).items != 2: " + a0_0_1.length; - - // 2.2.1 encryptionScheme - var a0_0_1_1 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0_1[1]); - if (a0_0_1_1.length != 2) - throw "malformed format: SEQUENCE(0.0.1.1).items != 2: " + a0_0_1_1.length; - if (ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_1[0]) != "2a864886f70d0307") - throw "this only supports TripleDES"; - info.encryptionSchemeAlg = "TripleDES"; - - // 2.2.1.1 IV of encryptionScheme - info.encryptionSchemeIV = ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_1[1]); - - // 2.2.2 keyDerivationFunc - var a0_0_1_0 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0_1[0]); - if (a0_0_1_0.length != 2) - throw "malformed format: SEQUENCE(0.0.1.0).items != 2: " + a0_0_1_0.length; - if (ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_0[0]) != "2a864886f70d01050c") - throw "this only supports pkcs5PBKDF2"; - - // 2.2.2.1 pkcs5PBKDF2 param - var a0_0_1_0_1 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0_1_0[1]); - if (a0_0_1_0_1.length < 2) - throw "malformed format: SEQUENCE(0.0.1.0.1).items < 2: " + a0_0_1_0_1.length; - - // 2.2.2.1.1 PBKDF2 salt - info.pbkdf2Salt = ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_0_1[0]); - - // 2.2.2.1.2 PBKDF2 iter - var iterNumHex = ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_0_1[1]); - try { - info.pbkdf2Iter = parseInt(iterNumHex, 16); - } catch(ex) { - throw "malformed format pbkdf2Iter: " + iterNumHex; - } - - return info; - }, - - /** + if (a0_0.length != 2) + throw "malformed format: SEQUENCE(0.0.1).items != 2: " + a0_0_1.length; + + // 2.2.1 encryptionScheme + var a0_0_1_1 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0_1[1]); + if (a0_0_1_1.length != 2) + throw "malformed format: SEQUENCE(0.0.1.1).items != 2: " + a0_0_1_1.length; + if (ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_1[0]) != "2a864886f70d0307") + throw "this only supports TripleDES"; + info.encryptionSchemeAlg = "TripleDES"; + + // 2.2.1.1 IV of encryptionScheme + info.encryptionSchemeIV = ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_1[1]); + + // 2.2.2 keyDerivationFunc + var a0_0_1_0 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0_1[0]); + if (a0_0_1_0.length != 2) + throw "malformed format: SEQUENCE(0.0.1.0).items != 2: " + a0_0_1_0.length; + if (ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_0[0]) != "2a864886f70d01050c") + throw "this only supports pkcs5PBKDF2"; + + // 2.2.2.1 pkcs5PBKDF2 param + var a0_0_1_0_1 = ASN1HEX.getPosArrayOfChildren_AtObj(sHEX, a0_0_1_0[1]); + if (a0_0_1_0_1.length < 2) + throw "malformed format: SEQUENCE(0.0.1.0.1).items < 2: " + a0_0_1_0_1.length; + + // 2.2.2.1.1 PBKDF2 salt + info.pbkdf2Salt = ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_0_1[0]); + + // 2.2.2.1.2 PBKDF2 iter + var iterNumHex = ASN1HEX.getHexOfV_AtObj(sHEX, a0_0_1_0_1[1]); + try { + info.pbkdf2Iter = parseInt(iterNumHex, 16); + } catch(ex) { + throw "malformed format pbkdf2Iter: " + iterNumHex; + } + + return info; + }, + + /** * generate PBKDF2 key hexstring with specified passcode and information - * @name getPBKDF2KeyHexFromParam - * @memberOf KEYUTIL - * @function - * @param {Array} info result of {@link parseHexOfEncryptedPKCS8} which has preference of PKCS#8 file - * @param {String} passcode passcode to decrypto private key - * @return {String} hexadecimal string of PBKDF2 key + * @name getPBKDF2KeyHexFromParam + * @memberOf KEYUTIL + * @function + * @param {Array} info result of {@link parseHexOfEncryptedPKCS8} which has preference of PKCS#8 file + * @param {String} passcode passcode to decrypto private key + * @return {String} hexadecimal string of PBKDF2 key * @since pkcs5pkey 1.0.3 - * @description - * As for info, this uses following properties: - *
        - *
      • info.pbkdf2Salt - hexadecimal string of PBKDF2 salt
        • - *
      • info.pkbdf2Iter - iteration count
        • - *
      - * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES. - *
        - *
      • keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1
        • - *
      • encryptionScheme = des-EDE3-CBC(i.e. TripleDES
        • - *
      - * @example - * // to convert plain PKCS#5 private key to encrypted PKCS#8 private - * // key with PBKDF2 with TripleDES - * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem - */ - getPBKDF2KeyHexFromParam: function(info, passcode) { - var pbkdf2SaltWS = CryptoJS.enc.Hex.parse(info.pbkdf2Salt); - var pbkdf2Iter = info.pbkdf2Iter; - var pbkdf2KeyWS = CryptoJS.PBKDF2(passcode, - pbkdf2SaltWS, - { keySize: 192/32, iterations: pbkdf2Iter }); - var pbkdf2KeyHex = CryptoJS.enc.Hex.stringify(pbkdf2KeyWS); - return pbkdf2KeyHex; - }, - - /** + * @description + * As for info, this uses following properties: + *
        + *
      • info.pbkdf2Salt - hexadecimal string of PBKDF2 salt
        • + *
      • info.pkbdf2Iter - iteration count
        • + *
      + * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES. + *
        + *
      • keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1
        • + *
      • encryptionScheme = des-EDE3-CBC(i.e. TripleDES
        • + *
      + * @example + * // to convert plain PKCS#5 private key to encrypted PKCS#8 private + * // key with PBKDF2 with TripleDES + * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem + */ + getPBKDF2KeyHexFromParam: function(info, passcode) { + var pbkdf2SaltWS = CryptoJS.enc.Hex.parse(info.pbkdf2Salt); + var pbkdf2Iter = info.pbkdf2Iter; + var pbkdf2KeyWS = CryptoJS.PBKDF2(passcode, + pbkdf2SaltWS, + { keySize: 192/32, iterations: pbkdf2Iter }); + var pbkdf2KeyHex = CryptoJS.enc.Hex.stringify(pbkdf2KeyWS); + return pbkdf2KeyHex; + }, + + /** * read PEM formatted encrypted PKCS#8 private key and returns hexadecimal string of plain PKCS#8 private key - * @name getPlainPKCS8HexFromEncryptedPKCS8PEM - * @memberOf KEYUTIL - * @function - * @param {String} pkcs8PEM PEM formatted encrypted PKCS#8 private key - * @param {String} passcode passcode to decrypto private key - * @return {String} hexadecimal string of plain PKCS#8 private key + * @name getPlainPKCS8HexFromEncryptedPKCS8PEM + * @memberOf KEYUTIL + * @function + * @param {String} pkcs8PEM PEM formatted encrypted PKCS#8 private key + * @param {String} passcode passcode to decrypto private key + * @return {String} hexadecimal string of plain PKCS#8 private key * @since pkcs5pkey 1.0.3 - * @description - * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES. - *
        - *
      • keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1
        • - *
      • encryptionScheme = des-EDE3-CBC(i.e. TripleDES
        • - *
      - * @example - * // to convert plain PKCS#5 private key to encrypted PKCS#8 private - * // key with PBKDF2 with TripleDES - * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem - */ - getPlainPKCS8HexFromEncryptedPKCS8PEM: function(pkcs8PEM, passcode) { - // 1. derHex - PKCS#8 private key encrypted by PBKDF2 + * @description + * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES. + *
        + *
      • keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1
        • + *
      • encryptionScheme = des-EDE3-CBC(i.e. TripleDES
        • + *
      + * @example + * // to convert plain PKCS#5 private key to encrypted PKCS#8 private + * // key with PBKDF2 with TripleDES + * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem + */ + getPlainPKCS8HexFromEncryptedPKCS8PEM: function(pkcs8PEM, passcode) { + // 1. derHex - PKCS#8 private key encrypted by PBKDF2 var derHex = this.getHexFromPEM(pkcs8PEM, "ENCRYPTED PRIVATE KEY"); - // 2. info - PKCS#5 PBES info - var info = this.parseHexOfEncryptedPKCS8(derHex); - // 3. hKey - PBKDF2 key - var pbkdf2KeyHex = KEYUTIL.getPBKDF2KeyHexFromParam(info, passcode); - // 4. decrypt ciphertext by PBKDF2 key - var encrypted = {}; - encrypted.ciphertext = CryptoJS.enc.Hex.parse(info.ciphertext); - var pbkdf2KeyWS = CryptoJS.enc.Hex.parse(pbkdf2KeyHex); - var des3IVWS = CryptoJS.enc.Hex.parse(info.encryptionSchemeIV); - var decWS = CryptoJS.TripleDES.decrypt(encrypted, pbkdf2KeyWS, { iv: des3IVWS }); - var decHex = CryptoJS.enc.Hex.stringify(decWS); - return decHex; - }, - - /** + // 2. info - PKCS#5 PBES info + var info = this.parseHexOfEncryptedPKCS8(derHex); + // 3. hKey - PBKDF2 key + var pbkdf2KeyHex = KEYUTIL.getPBKDF2KeyHexFromParam(info, passcode); + // 4. decrypt ciphertext by PBKDF2 key + var encrypted = {}; + encrypted.ciphertext = CryptoJS.enc.Hex.parse(info.ciphertext); + var pbkdf2KeyWS = CryptoJS.enc.Hex.parse(pbkdf2KeyHex); + var des3IVWS = CryptoJS.enc.Hex.parse(info.encryptionSchemeIV); + var decWS = CryptoJS.TripleDES.decrypt(encrypted, pbkdf2KeyWS, { iv: des3IVWS }); + var decHex = CryptoJS.enc.Hex.stringify(decWS); + return decHex; + }, + + /** * (DEPRECATED) read PEM formatted encrypted PKCS#8 private key and returns RSAKey object - * @name getRSAKeyFromEncryptedPKCS8PEM - * @memberOf KEYUTIL - * @function - * @param {String} pkcs8PEM PEM formatted encrypted PKCS#8 private key - * @param {String} passcode passcode to decrypto private key - * @return {RSAKey} loaded RSAKey object of RSA private key + * @name getRSAKeyFromEncryptedPKCS8PEM + * @memberOf KEYUTIL + * @function + * @param {String} pkcs8PEM PEM formatted encrypted PKCS#8 private key + * @param {String} passcode passcode to decrypto private key + * @return {RSAKey} loaded RSAKey object of RSA private key * @since pkcs5pkey 1.0.3 - * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}. - * @description - * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES. - *
        - *
      • keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1
        • - *
      • encryptionScheme = des-EDE3-CBC(i.e. TripleDES
        • - *
      - * @example - * // to convert plain PKCS#5 private key to encrypted PKCS#8 private - * // key with PBKDF2 with TripleDES - * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem - */ + * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}. + * @description + * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES. + *
        + *
      • keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1
        • + *
      • encryptionScheme = des-EDE3-CBC(i.e. TripleDES
        • + *
      + * @example + * // to convert plain PKCS#5 private key to encrypted PKCS#8 private + * // key with PBKDF2 with TripleDES + * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem + */ getRSAKeyFromEncryptedPKCS8PEM: function(pkcs8PEM, passcode) { - var prvKeyHex = this.getPlainPKCS8HexFromEncryptedPKCS8PEM(pkcs8PEM, passcode); - var rsaKey = this.getRSAKeyFromPlainPKCS8Hex(prvKeyHex); - return rsaKey; + var prvKeyHex = this.getPlainPKCS8HexFromEncryptedPKCS8PEM(pkcs8PEM, passcode); + var rsaKey = this.getRSAKeyFromPlainPKCS8Hex(prvKeyHex); + return rsaKey; }, - /** + /** * get RSAKey/ECDSA private key object from encrypted PEM PKCS#8 private key - * @name getKeyFromEncryptedPKCS8PEM - * @memberOf KEYUTIL - * @function - * @param {String} pkcs8PEM string of PEM formatted PKCS#8 private key - * @param {String} passcode passcode string to decrypt key - * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object - * @since pkcs5pkey 1.0.5 - */ + * @name getKeyFromEncryptedPKCS8PEM + * @memberOf KEYUTIL + * @function + * @param {String} pkcs8PEM string of PEM formatted PKCS#8 private key + * @param {String} passcode passcode string to decrypt key + * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object + * @since pkcs5pkey 1.0.5 + */ getKeyFromEncryptedPKCS8PEM: function(pkcs8PEM, passcode) { - var prvKeyHex = this.getPlainPKCS8HexFromEncryptedPKCS8PEM(pkcs8PEM, passcode); - var key = this.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex); - return key; + var prvKeyHex = this.getPlainPKCS8HexFromEncryptedPKCS8PEM(pkcs8PEM, passcode); + var key = this.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex); + return key; }, - /** + /** * parse hexadecimal string of plain PKCS#8 private key - * @name parsePlainPrivatePKCS8Hex - * @memberOf KEYUTIL - * @function - * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 plain private key - * @return {Array} associative array of parsed key - * @since pkcs5pkey 1.0.5 - * @description - * Resulted associative array has following properties: - *
        - *
      • algoid - hexadecimal string of OID of asymmetric key algorithm
        • - *
      • algparam - hexadecimal string of OID of ECC curve name or null
        • - *
      • keyidx - string starting index of key in pkcs8PrvHex
        • - *
      - */ - parsePlainPrivatePKCS8Hex: function(pkcs8PrvHex) { - var result = {}; - result.algparam = null; - - // 1. sequence - if (pkcs8PrvHex.substr(0, 2) != "30") - throw "malformed plain PKCS8 private key(code:001)"; // not sequence - - var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PrvHex, 0); - if (a1.length != 3) - throw "malformed plain PKCS8 private key(code:002)"; - - // 2. AlgID + * @name parsePlainPrivatePKCS8Hex + * @memberOf KEYUTIL + * @function + * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 plain private key + * @return {Array} associative array of parsed key + * @since pkcs5pkey 1.0.5 + * @description + * Resulted associative array has following properties: + *
        + *
      • algoid - hexadecimal string of OID of asymmetric key algorithm
        • + *
      • algparam - hexadecimal string of OID of ECC curve name or null
        • + *
      • keyidx - string starting index of key in pkcs8PrvHex
        • + *
      + */ + parsePlainPrivatePKCS8Hex: function(pkcs8PrvHex) { + var result = {}; + result.algparam = null; + + // 1. sequence + if (pkcs8PrvHex.substr(0, 2) != "30") + throw "malformed plain PKCS8 private key(code:001)"; // not sequence + + var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PrvHex, 0); + if (a1.length != 3) + throw "malformed plain PKCS8 private key(code:002)"; + + // 2. AlgID if (pkcs8PrvHex.substr(a1[1], 2) != "30") throw "malformed PKCS8 private key(code:003)"; // AlgId not sequence @@ -825,289 +825,289 @@ var KEYUTIL = function() { if (a2.length != 2) throw "malformed PKCS8 private key(code:004)"; // AlgId not have two elements - // 2.1. AlgID OID - if (pkcs8PrvHex.substr(a2[0], 2) != "06") - throw "malformed PKCS8 private key(code:005)"; // AlgId.oid is not OID + // 2.1. AlgID OID + if (pkcs8PrvHex.substr(a2[0], 2) != "06") + throw "malformed PKCS8 private key(code:005)"; // AlgId.oid is not OID - result.algoid = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a2[0]); + result.algoid = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a2[0]); - // 2.2. AlgID param - if (pkcs8PrvHex.substr(a2[1], 2) == "06") { - result.algparam = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a2[1]); - } + // 2.2. AlgID param + if (pkcs8PrvHex.substr(a2[1], 2) == "06") { + result.algparam = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a2[1]); + } - // 3. Key index - if (pkcs8PrvHex.substr(a1[2], 2) != "04") - throw "malformed PKCS8 private key(code:006)"; // not octet string + // 3. Key index + if (pkcs8PrvHex.substr(a1[2], 2) != "04") + throw "malformed PKCS8 private key(code:006)"; // not octet string - result.keyidx = ASN1HEX.getStartPosOfV_AtObj(pkcs8PrvHex, a1[2]); + result.keyidx = ASN1HEX.getStartPosOfV_AtObj(pkcs8PrvHex, a1[2]); - return result; + return result; }, - /** + /** * get RSAKey/ECDSA private key object from PEM plain PEM PKCS#8 private key - * @name getKeyFromPlainPrivatePKCS8PEM - * @memberOf KEYUTIL - * @function - * @param {String} pkcs8PEM string of plain PEM formatted PKCS#8 private key - * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object - * @since pkcs5pkey 1.0.5 - */ - getKeyFromPlainPrivatePKCS8PEM: function(prvKeyPEM) { - var prvKeyHex = this.getHexFromPEM(prvKeyPEM, "PRIVATE KEY"); - var key = this.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex); - return key; - }, - - /** + * @name getKeyFromPlainPrivatePKCS8PEM + * @memberOf KEYUTIL + * @function + * @param {String} pkcs8PEM string of plain PEM formatted PKCS#8 private key + * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object + * @since pkcs5pkey 1.0.5 + */ + getKeyFromPlainPrivatePKCS8PEM: function(prvKeyPEM) { + var prvKeyHex = this.getHexFromPEM(prvKeyPEM, "PRIVATE KEY"); + var key = this.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex); + return key; + }, + + /** * get RSAKey/ECDSA private key object from HEX plain PEM PKCS#8 private key - * @name getKeyFromPlainPrivatePKCS8Hex - * @memberOf KEYUTIL - * @function - * @param {String} prvKeyHex hexadecimal string of plain PKCS#8 private key - * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object - * @since pkcs5pkey 1.0.5 - */ - getKeyFromPlainPrivatePKCS8Hex: function(prvKeyHex) { - var p8 = this.parsePlainPrivatePKCS8Hex(prvKeyHex); - - if (p8.algoid == "2a864886f70d010101") { // RSA - this.parsePrivateRawRSAKeyHexAtObj(prvKeyHex, p8); - var k = p8.key; - var key = new RSAKey(); - key.setPrivateEx(k.n, k.e, k.d, k.p, k.q, k.dp, k.dq, k.co); - return key; - } else if (p8.algoid == "2a8648ce3d0201") { // ECC - this.parsePrivateRawECKeyHexAtObj(prvKeyHex, p8); - if (KJUR.crypto.OID.oidhex2name[p8.algparam] === undefined) - throw "KJUR.crypto.OID.oidhex2name undefined: " + p8.algparam; - var curveName = KJUR.crypto.OID.oidhex2name[p8.algparam]; - var key = new KJUR.crypto.ECDSA({'curve': curveName}); - key.setPublicKeyHex(p8.pubkey); - key.setPrivateKeyHex(p8.key); - key.isPublic = false; - return key; - } else if (p8.algoid == "2a8648ce380401") { // DSA - var hP = ASN1HEX.getVbyList(prvKeyHex, 0, [1,1,0], "02"); - var hQ = ASN1HEX.getVbyList(prvKeyHex, 0, [1,1,1], "02"); - var hG = ASN1HEX.getVbyList(prvKeyHex, 0, [1,1,2], "02"); - var hX = ASN1HEX.getVbyList(prvKeyHex, 0, [2,0], "02"); - var biP = new BigInteger(hP, 16); - var biQ = new BigInteger(hQ, 16); - var biG = new BigInteger(hG, 16); - var biX = new BigInteger(hX, 16); - var key = new KJUR.crypto.DSA(); - key.setPrivate(biP, biQ, biG, null, biX); - return key; - } else { - throw "unsupported private key algorithm"; - } - }, - - // === PKCS8 RSA Public Key ================================================ - /** + * @name getKeyFromPlainPrivatePKCS8Hex + * @memberOf KEYUTIL + * @function + * @param {String} prvKeyHex hexadecimal string of plain PKCS#8 private key + * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object + * @since pkcs5pkey 1.0.5 + */ + getKeyFromPlainPrivatePKCS8Hex: function(prvKeyHex) { + var p8 = this.parsePlainPrivatePKCS8Hex(prvKeyHex); + + if (p8.algoid == "2a864886f70d010101") { // RSA + this.parsePrivateRawRSAKeyHexAtObj(prvKeyHex, p8); + var k = p8.key; + var key = new RSAKey(); + key.setPrivateEx(k.n, k.e, k.d, k.p, k.q, k.dp, k.dq, k.co); + return key; + } else if (p8.algoid == "2a8648ce3d0201") { // ECC + this.parsePrivateRawECKeyHexAtObj(prvKeyHex, p8); + if (KJUR.crypto.OID.oidhex2name[p8.algparam] === undefined) + throw "KJUR.crypto.OID.oidhex2name undefined: " + p8.algparam; + var curveName = KJUR.crypto.OID.oidhex2name[p8.algparam]; + var key = new KJUR.crypto.ECDSA({'curve': curveName}); + key.setPublicKeyHex(p8.pubkey); + key.setPrivateKeyHex(p8.key); + key.isPublic = false; + return key; + } else if (p8.algoid == "2a8648ce380401") { // DSA + var hP = ASN1HEX.getVbyList(prvKeyHex, 0, [1,1,0], "02"); + var hQ = ASN1HEX.getVbyList(prvKeyHex, 0, [1,1,1], "02"); + var hG = ASN1HEX.getVbyList(prvKeyHex, 0, [1,1,2], "02"); + var hX = ASN1HEX.getVbyList(prvKeyHex, 0, [2,0], "02"); + var biP = new BigInteger(hP, 16); + var biQ = new BigInteger(hQ, 16); + var biG = new BigInteger(hG, 16); + var biX = new BigInteger(hX, 16); + var key = new KJUR.crypto.DSA(); + key.setPrivate(biP, biQ, biG, null, biX); + return key; + } else { + throw "unsupported private key algorithm"; + } + }, + + // === PKCS8 RSA Public Key ================================================ + /** * (DEPRECATED) read PEM formatted PKCS#8 public key and returns RSAKey object - * @name getRSAKeyFromPublicPKCS8PEM - * @memberOf KEYUTIL - * @function - * @param {String} pkcs8PubPEM PEM formatted PKCS#8 public key - * @return {RSAKey} loaded RSAKey object of RSA public key + * @name getRSAKeyFromPublicPKCS8PEM + * @memberOf KEYUTIL + * @function + * @param {String} pkcs8PubPEM PEM formatted PKCS#8 public key + * @return {RSAKey} loaded RSAKey object of RSA public key * @since pkcs5pkey 1.0.4 - * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}. - */ + * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}. + */ getRSAKeyFromPublicPKCS8PEM: function(pkcs8PubPEM) { var pubKeyHex = this.getHexFromPEM(pkcs8PubPEM, "PUBLIC KEY"); var rsaKey = this.getRSAKeyFromPublicPKCS8Hex(pubKeyHex); - return rsaKey; - }, + return rsaKey; + }, - /** + /** * (DEPRECATED) get RSAKey/ECDSA public key object from PEM PKCS#8 public key - * @name getKeyFromPublicPKCS8PEM - * @memberOf KEYUTIL - * @function - * @param {String} pkcsPub8PEM string of PEM formatted PKCS#8 public key - * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object - * @since pkcs5pkey 1.0.5 - * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}. - */ + * @name getKeyFromPublicPKCS8PEM + * @memberOf KEYUTIL + * @function + * @param {String} pkcsPub8PEM string of PEM formatted PKCS#8 public key + * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object + * @since pkcs5pkey 1.0.5 + * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}. + */ getKeyFromPublicPKCS8PEM: function(pkcs8PubPEM) { var pubKeyHex = this.getHexFromPEM(pkcs8PubPEM, "PUBLIC KEY"); var key = this.getKeyFromPublicPKCS8Hex(pubKeyHex); - return key; - }, + return key; + }, - /** + /** * (DEPRECATED) get RSAKey/DSA/ECDSA public key object from hexadecimal string of PKCS#8 public key - * @name getKeyFromPublicPKCS8Hex - * @memberOf KEYUTIL - * @function - * @param {String} pkcsPub8Hex hexadecimal string of PKCS#8 public key - * @return {Object} RSAKey or KJUR.crypto.{ECDSA,DSA} private key object - * @since pkcs5pkey 1.0.5 - * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}. - */ + * @name getKeyFromPublicPKCS8Hex + * @memberOf KEYUTIL + * @function + * @param {String} pkcsPub8Hex hexadecimal string of PKCS#8 public key + * @return {Object} RSAKey or KJUR.crypto.{ECDSA,DSA} private key object + * @since pkcs5pkey 1.0.5 + * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}. + */ getKeyFromPublicPKCS8Hex: function(pkcs8PubHex) { - var p8 = this.parsePublicPKCS8Hex(pkcs8PubHex); - - if (p8.algoid == "2a864886f70d010101") { // RSA - var aRSA = this.parsePublicRawRSAKeyHex(p8.key); - var key = new RSAKey(); - key.setPublic(aRSA.n, aRSA.e); - return key; - } else if (p8.algoid == "2a8648ce3d0201") { // ECC - if (KJUR.crypto.OID.oidhex2name[p8.algparam] === undefined) - throw "KJUR.crypto.OID.oidhex2name undefined: " + p8.algparam; - var curveName = KJUR.crypto.OID.oidhex2name[p8.algparam]; - var key = new KJUR.crypto.ECDSA({'curve': curveName, 'pub': p8.key}); - return key; - } else if (p8.algoid == "2a8648ce380401") { // DSA 1.2.840.10040.4.1 - var param = p8.algparam; + var p8 = this.parsePublicPKCS8Hex(pkcs8PubHex); + + if (p8.algoid == "2a864886f70d010101") { // RSA + var aRSA = this.parsePublicRawRSAKeyHex(p8.key); + var key = new RSAKey(); + key.setPublic(aRSA.n, aRSA.e); + return key; + } else if (p8.algoid == "2a8648ce3d0201") { // ECC + if (KJUR.crypto.OID.oidhex2name[p8.algparam] === undefined) + throw "KJUR.crypto.OID.oidhex2name undefined: " + p8.algparam; + var curveName = KJUR.crypto.OID.oidhex2name[p8.algparam]; + var key = new KJUR.crypto.ECDSA({'curve': curveName, 'pub': p8.key}); + return key; + } else if (p8.algoid == "2a8648ce380401") { // DSA 1.2.840.10040.4.1 + var param = p8.algparam; var y = ASN1HEX.getHexOfV_AtObj(p8.key, 0); - var key = new KJUR.crypto.DSA(); - key.setPublic(new BigInteger(param.p, 16), - new BigInteger(param.q, 16), - new BigInteger(param.g, 16), - new BigInteger(y, 16)); - return key; - } else { - throw "unsupported public key algorithm"; - } - }, - - /** + var key = new KJUR.crypto.DSA(); + key.setPublic(new BigInteger(param.p, 16), + new BigInteger(param.q, 16), + new BigInteger(param.g, 16), + new BigInteger(y, 16)); + return key; + } else { + throw "unsupported public key algorithm"; + } + }, + + /** * parse hexadecimal string of plain PKCS#8 private key - * @name parsePublicRawRSAKeyHex - * @memberOf KEYUTIL - * @function - * @param {String} pubRawRSAHex hexadecimal string of ASN.1 encoded PKCS#8 public key - * @return {Array} associative array of parsed key - * @since pkcs5pkey 1.0.5 - * @description - * Resulted associative array has following properties: - *
        - *
      • n - hexadecimal string of public key - *
      • e - hexadecimal string of public exponent - *
      - */ - parsePublicRawRSAKeyHex: function(pubRawRSAHex) { - var result = {}; - - // 1. Sequence - if (pubRawRSAHex.substr(0, 2) != "30") - throw "malformed RSA key(code:001)"; // not sequence - - var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pubRawRSAHex, 0); - if (a1.length != 2) - throw "malformed RSA key(code:002)"; // not 2 items in seq - - // 2. public key "N" - if (pubRawRSAHex.substr(a1[0], 2) != "02") - throw "malformed RSA key(code:003)"; // 1st item is not integer - - result.n = ASN1HEX.getHexOfV_AtObj(pubRawRSAHex, a1[0]); - - // 3. public key "E" - if (pubRawRSAHex.substr(a1[1], 2) != "02") - throw "malformed RSA key(code:004)"; // 2nd item is not integer - - result.e = ASN1HEX.getHexOfV_AtObj(pubRawRSAHex, a1[1]); - - return result; - }, - - /** + * @name parsePublicRawRSAKeyHex + * @memberOf KEYUTIL + * @function + * @param {String} pubRawRSAHex hexadecimal string of ASN.1 encoded PKCS#8 public key + * @return {Array} associative array of parsed key + * @since pkcs5pkey 1.0.5 + * @description + * Resulted associative array has following properties: + *
        + *
      • n - hexadecimal string of public key + *
      • e - hexadecimal string of public exponent + *
      + */ + parsePublicRawRSAKeyHex: function(pubRawRSAHex) { + var result = {}; + + // 1. Sequence + if (pubRawRSAHex.substr(0, 2) != "30") + throw "malformed RSA key(code:001)"; // not sequence + + var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pubRawRSAHex, 0); + if (a1.length != 2) + throw "malformed RSA key(code:002)"; // not 2 items in seq + + // 2. public key "N" + if (pubRawRSAHex.substr(a1[0], 2) != "02") + throw "malformed RSA key(code:003)"; // 1st item is not integer + + result.n = ASN1HEX.getHexOfV_AtObj(pubRawRSAHex, a1[0]); + + // 3. public key "E" + if (pubRawRSAHex.substr(a1[1], 2) != "02") + throw "malformed RSA key(code:004)"; // 2nd item is not integer + + result.e = ASN1HEX.getHexOfV_AtObj(pubRawRSAHex, a1[1]); + + return result; + }, + + /** * parse hexadecimal string of RSA private key - * @name parsePrivateRawRSAKeyHexAtObj - * @memberOf KEYUTIL - * @function - * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 private key concluding RSA private key - * @return {Array} info associative array to add parsed RSA private key information - * @since pkcs5pkey 1.0.5 - * @description - * Following properties are added to associative array 'info' - *
        - *
      • n - hexadecimal string of public key - *
      • e - hexadecimal string of public exponent - *
      • d - hexadecimal string of private key - *
      • p - hexadecimal string - *
      • q - hexadecimal string - *
      • dp - hexadecimal string - *
      • dq - hexadecimal string - *
      • co - hexadecimal string - *
      - */ - parsePrivateRawRSAKeyHexAtObj: function(pkcs8PrvHex, info) { - var keyIdx = info.keyidx; - - // 1. sequence - if (pkcs8PrvHex.substr(keyIdx, 2) != "30") - throw "malformed RSA private key(code:001)"; // not sequence - - var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PrvHex, keyIdx); - if (a1.length != 9) - throw "malformed RSA private key(code:002)"; // not sequence - - // 2. RSA key - info.key = {}; - info.key.n = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[1]); - info.key.e = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[2]); - info.key.d = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[3]); - info.key.p = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[4]); - info.key.q = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[5]); - info.key.dp = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[6]); - info.key.dq = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[7]); - info.key.co = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[8]); - }, - - /** + * @name parsePrivateRawRSAKeyHexAtObj + * @memberOf KEYUTIL + * @function + * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 private key concluding RSA private key + * @return {Array} info associative array to add parsed RSA private key information + * @since pkcs5pkey 1.0.5 + * @description + * Following properties are added to associative array 'info' + *
        + *
      • n - hexadecimal string of public key + *
      • e - hexadecimal string of public exponent + *
      • d - hexadecimal string of private key + *
      • p - hexadecimal string + *
      • q - hexadecimal string + *
      • dp - hexadecimal string + *
      • dq - hexadecimal string + *
      • co - hexadecimal string + *
      + */ + parsePrivateRawRSAKeyHexAtObj: function(pkcs8PrvHex, info) { + var keyIdx = info.keyidx; + + // 1. sequence + if (pkcs8PrvHex.substr(keyIdx, 2) != "30") + throw "malformed RSA private key(code:001)"; // not sequence + + var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PrvHex, keyIdx); + if (a1.length != 9) + throw "malformed RSA private key(code:002)"; // not sequence + + // 2. RSA key + info.key = {}; + info.key.n = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[1]); + info.key.e = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[2]); + info.key.d = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[3]); + info.key.p = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[4]); + info.key.q = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[5]); + info.key.dp = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[6]); + info.key.dq = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[7]); + info.key.co = ASN1HEX.getHexOfV_AtObj(pkcs8PrvHex, a1[8]); + }, + + /** * parse hexadecimal string of ECC private key - * @name parsePrivateRawECKeyHexAtObj - * @memberOf KEYUTIL - * @function - * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 private key concluding EC private key - * @return {Array} info associative array to add parsed ECC private key information - * @since pkcs5pkey 1.0.5 - * @description - * Following properties are added to associative array 'info' - *
        - *
      • key - hexadecimal string of ECC private key - *
      - */ - parsePrivateRawECKeyHexAtObj: function(pkcs8PrvHex, info) { - var keyIdx = info.keyidx; - - var key = ASN1HEX.getVbyList(pkcs8PrvHex, keyIdx, [1], "04"); - var pubkey = ASN1HEX.getVbyList(pkcs8PrvHex, keyIdx, [2,0], "03").substr(2); - - info.key = key; - info.pubkey = pubkey; - }, - - /** + * @name parsePrivateRawECKeyHexAtObj + * @memberOf KEYUTIL + * @function + * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 private key concluding EC private key + * @return {Array} info associative array to add parsed ECC private key information + * @since pkcs5pkey 1.0.5 + * @description + * Following properties are added to associative array 'info' + *
        + *
      • key - hexadecimal string of ECC private key + *
      + */ + parsePrivateRawECKeyHexAtObj: function(pkcs8PrvHex, info) { + var keyIdx = info.keyidx; + + var key = ASN1HEX.getVbyList(pkcs8PrvHex, keyIdx, [1], "04"); + var pubkey = ASN1HEX.getVbyList(pkcs8PrvHex, keyIdx, [2,0], "03").substr(2); + + info.key = key; + info.pubkey = pubkey; + }, + + /** * parse hexadecimal string of PKCS#8 RSA/EC/DSA public key - * @name parsePublicPKCS8Hex - * @memberOf KEYUTIL - * @function - * @param {String} pkcs8PubHex hexadecimal string of PKCS#8 public key - * @return {Hash} hash of key information - * @description + * @name parsePublicPKCS8Hex + * @memberOf KEYUTIL + * @function + * @param {String} pkcs8PubHex hexadecimal string of PKCS#8 public key + * @return {Hash} hash of key information + * @description * Resulted hash has following attributes. - *
        - *
      • algoid - hexadecimal string of OID of asymmetric key algorithm
        • - *
      • algparam - hexadecimal string of OID of ECC curve name, parameter SEQUENCE of DSA or null
        • - *
      • key - hexadecimal string of public key
        • - *
      - */ + *
        + *
      • algoid - hexadecimal string of OID of asymmetric key algorithm
        • + *
      • algparam - hexadecimal string of OID of ECC curve name, parameter SEQUENCE of DSA or null
        • + *
      • key - hexadecimal string of public key
        • + *
      + */ parsePublicPKCS8Hex: function(pkcs8PubHex) { - var result = {}; - result.algparam = null; + var result = {}; + result.algparam = null; // 1. AlgID and Key bit string - var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PubHex, 0); - if (a1.length != 2) - throw "outer DERSequence shall have 2 elements: " + a1.length; + var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PubHex, 0); + if (a1.length != 2) + throw "outer DERSequence shall have 2 elements: " + a1.length; // 2. AlgID var idxAlgIdTLV = a1[0]; @@ -1118,79 +1118,79 @@ var KEYUTIL = function() { if (a2.length != 2) throw "malformed PKCS8 public key(code:002)"; // AlgId not have two elements - // 2.1. AlgID OID - if (pkcs8PubHex.substr(a2[0], 2) != "06") - throw "malformed PKCS8 public key(code:003)"; // AlgId.oid is not OID + // 2.1. AlgID OID + if (pkcs8PubHex.substr(a2[0], 2) != "06") + throw "malformed PKCS8 public key(code:003)"; // AlgId.oid is not OID - result.algoid = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[0]); + result.algoid = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[0]); - // 2.2. AlgID param - if (pkcs8PubHex.substr(a2[1], 2) == "06") { // OID for EC - result.algparam = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[1]); - } else if (pkcs8PubHex.substr(a2[1], 2) == "30") { // SEQ for DSA - result.algparam = {}; - result.algparam.p = ASN1HEX.getVbyList(pkcs8PubHex, a2[1], [0], "02"); - result.algparam.q = ASN1HEX.getVbyList(pkcs8PubHex, a2[1], [1], "02"); - result.algparam.g = ASN1HEX.getVbyList(pkcs8PubHex, a2[1], [2], "02"); - } + // 2.2. AlgID param + if (pkcs8PubHex.substr(a2[1], 2) == "06") { // OID for EC + result.algparam = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[1]); + } else if (pkcs8PubHex.substr(a2[1], 2) == "30") { // SEQ for DSA + result.algparam = {}; + result.algparam.p = ASN1HEX.getVbyList(pkcs8PubHex, a2[1], [0], "02"); + result.algparam.q = ASN1HEX.getVbyList(pkcs8PubHex, a2[1], [1], "02"); + result.algparam.g = ASN1HEX.getVbyList(pkcs8PubHex, a2[1], [2], "02"); + } - // 3. Key - if (pkcs8PubHex.substr(a1[1], 2) != "03") - throw "malformed PKCS8 public key(code:004)"; // Key is not bit string + // 3. Key + if (pkcs8PubHex.substr(a1[1], 2) != "03") + throw "malformed PKCS8 public key(code:004)"; // Key is not bit string - result.key = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a1[1]).substr(2); + result.key = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a1[1]).substr(2); - // 4. return result assoc array - return result; + // 4. return result assoc array + return result; }, - /** + /** * (DEPRECATED) provide hexadecimal string of unencrypted PKCS#8 private key and returns RSAKey object - * @name getRSAKeyFromPublicPKCS8Hex - * @memberOf KEYUTIL - * @function - * @param {String} pkcs8PubHex hexadecimal string of unencrypted PKCS#8 public key - * @return {RSAKey} loaded RSAKey object of RSA public key + * @name getRSAKeyFromPublicPKCS8Hex + * @memberOf KEYUTIL + * @function + * @param {String} pkcs8PubHex hexadecimal string of unencrypted PKCS#8 public key + * @return {RSAKey} loaded RSAKey object of RSA public key * @since pkcs5pkey 1.0.4 - * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}. - */ + * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}. + */ getRSAKeyFromPublicPKCS8Hex: function(pkcs8PubHex) { - var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PubHex, 0); - if (a1.length != 2) - throw "outer DERSequence shall have 2 elements: " + a1.length; + var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PubHex, 0); + if (a1.length != 2) + throw "outer DERSequence shall have 2 elements: " + a1.length; var algIdTLV =ASN1HEX.getHexOfTLV_AtObj(pkcs8PubHex, a1[0]); - if (algIdTLV != "300d06092a864886f70d0101010500") // AlgId rsaEncryption - throw "PKCS8 AlgorithmId is not rsaEncryption"; - - if (pkcs8PubHex.substr(a1[1], 2) != "03") - throw "PKCS8 Public Key is not BITSTRING encapslated."; - - var idxPub = ASN1HEX.getStartPosOfV_AtObj(pkcs8PubHex, a1[1]) + 2; // 2 for unused bit - - if (pkcs8PubHex.substr(idxPub, 2) != "30") - throw "PKCS8 Public Key is not SEQUENCE."; - - var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PubHex, idxPub); - if (a2.length != 2) - throw "inner DERSequence shall have 2 elements: " + a2.length; - - if (pkcs8PubHex.substr(a2[0], 2) != "02") - throw "N is not ASN.1 INTEGER"; - if (pkcs8PubHex.substr(a2[1], 2) != "02") - throw "E is not ASN.1 INTEGER"; - - var hN = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[0]); - var hE = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[1]); - - var pubKey = new RSAKey(); - pubKey.setPublic(hN, hE); - - return pubKey; - }, - - //addAlgorithm: function(functionObject, algName, keyLen, ivLen) { - //} + if (algIdTLV != "300d06092a864886f70d0101010500") // AlgId rsaEncryption + throw "PKCS8 AlgorithmId is not rsaEncryption"; + + if (pkcs8PubHex.substr(a1[1], 2) != "03") + throw "PKCS8 Public Key is not BITSTRING encapslated."; + + var idxPub = ASN1HEX.getStartPosOfV_AtObj(pkcs8PubHex, a1[1]) + 2; // 2 for unused bit + + if (pkcs8PubHex.substr(idxPub, 2) != "30") + throw "PKCS8 Public Key is not SEQUENCE."; + + var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(pkcs8PubHex, idxPub); + if (a2.length != 2) + throw "inner DERSequence shall have 2 elements: " + a2.length; + + if (pkcs8PubHex.substr(a2[0], 2) != "02") + throw "N is not ASN.1 INTEGER"; + if (pkcs8PubHex.substr(a2[1], 2) != "02") + throw "E is not ASN.1 INTEGER"; + + var hN = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[0]); + var hE = ASN1HEX.getHexOfV_AtObj(pkcs8PubHex, a2[1]); + + var pubKey = new RSAKey(); + pubKey.setPublic(hN, hE); + + return pubKey; + }, + + //addAlgorithm: function(functionObject, algName, keyLen, ivLen) { + //} }; }(); @@ -1243,165 +1243,165 @@ var KEYUTIL = function() { KEYUTIL.getKey = function(param, passcode, hextype) { // 1. by key object if (typeof RSAKey != 'undefined' && param instanceof RSAKey) - return param; + return param; if (typeof KJUR.crypto.ECDSA != 'undefined' && param instanceof KJUR.crypto.ECDSA) - return param; + return param; if (typeof KJUR.crypto.DSA != 'undefined' && param instanceof KJUR.crypto.DSA) - return param; + return param; // 2. by key spec // 2.1. ECC private key if (param.xy !== undefined && param.curve !== undefined) { - return new KJUR.crypto.ECDSA({prv: param.xy, curve: param.curve}); + return new KJUR.crypto.ECDSA({prv: param.xy, curve: param.curve}); } // 2.2. RSA private key if (param.n !== undefined && param.e !== undefined && param.d !== undefined && - param.p !== undefined && param.q !== undefined && - param.dp !== undefined && param.dq !== undefined && param.co !== undefined) { - var key = new RSAKey(); - key.setPrivateEx(param.n, param.e, param.d, param.p, param.q, - param.dp, param.dq, param.co); - return key; + param.p !== undefined && param.q !== undefined && + param.dp !== undefined && param.dq !== undefined && param.co !== undefined) { + var key = new RSAKey(); + key.setPrivateEx(param.n, param.e, param.d, param.p, param.q, + param.dp, param.dq, param.co); + return key; } // 2.3. DSA private key if (param.p !== undefined && param.q !== undefined && param.g !== undefined && - param.y !== undefined && param.x !== undefined) { - var key = new KJUR.crypto.DSA(); - key.setPrivate(param.p, param.q, param.g, param.y, param.x); - return key; + param.y !== undefined && param.x !== undefined) { + var key = new KJUR.crypto.DSA(); + key.setPrivate(param.p, param.q, param.g, param.y, param.x); + return key; } // 2.4. ECC public key if (param.d !== undefined && param.curve !== undefined) { - return new KJUR.crypto.ECDSA({pub: param.d, curve: param.curve}); + return new KJUR.crypto.ECDSA({pub: param.d, curve: param.curve}); } // 2.5. RSA private key if (param.n !== undefined && param.e) { - var key = new RSAKey(); - key.setPublic(param.n, param.e); - return key; + var key = new RSAKey(); + key.setPublic(param.n, param.e); + return key; } // 2.6. DSA public key if (param.p !== undefined && param.q !== undefined && param.g !== undefined && - param.y !== undefined && param.x === undefined) { - var key = new KJUR.crypto.DSA(); - key.setPublic(param.p, param.q, param.g, param.y); - return key; + param.y !== undefined && param.x === undefined) { + var key = new KJUR.crypto.DSA(); + key.setPublic(param.p, param.q, param.g, param.y); + return key; } // 3. by cert if (param.indexOf("-END CERTIFICATE-", 0) != -1 || - param.indexOf("-END X509 CERTIFICATE-", 0) != -1 || - param.indexOf("-END TRUSTED CERTIFICATE-", 0) != -1) { - return X509.getPublicKeyFromCertPEM(param); + param.indexOf("-END X509 CERTIFICATE-", 0) != -1 || + param.indexOf("-END TRUSTED CERTIFICATE-", 0) != -1) { + return X509.getPublicKeyFromCertPEM(param); } // 4. public key by PKCS#8 hexadecimal string if (hextype === "pkcs8pub") { - return KEYUTIL.getKeyFromPublicPKCS8Hex(param); + return KEYUTIL.getKeyFromPublicPKCS8Hex(param); } // 5. public key by PKCS#8 PEM string if (param.indexOf("-END PUBLIC KEY-") != -1) { - return KEYUTIL.getKeyFromPublicPKCS8PEM(param); + return KEYUTIL.getKeyFromPublicPKCS8PEM(param); } // 6. private key by PKCS#5 plain hexadecimal RSA string if (hextype === "pkcs5prv") { - var key = new RSAKey(); - key.readPrivateKeyFromASN1HexString(param); - return key; + var key = new RSAKey(); + key.readPrivateKeyFromASN1HexString(param); + return key; } // 7. private key by plain PKCS#5 hexadecimal RSA string if (hextype === "pkcs5prv") { - var key = new RSAKey(); - key.readPrivateKeyFromASN1HexString(param); - return key; + var key = new RSAKey(); + key.readPrivateKeyFromASN1HexString(param); + return key; } // 8. private key by plain PKCS#5 PEM RSA string if (param.indexOf("-END RSA PRIVATE KEY-") != -1 && - param.indexOf("4,ENCRYPTED") == -1) { - var key = new RSAKey(); - key.readPrivateKeyFromPEMString(param); - return key; + param.indexOf("4,ENCRYPTED") == -1) { + var key = new RSAKey(); + key.readPrivateKeyFromPEMString(param); + return key; } // 8.2. private key by plain PKCS#5 PEM DSA string if (param.indexOf("-END DSA PRIVATE KEY-") != -1 && - param.indexOf("4,ENCRYPTED") == -1) { - - var hKey = this.getHexFromPEM(param, "DSA PRIVATE KEY"); - var p = ASN1HEX.getVbyList(hKey, 0, [1], "02"); - var q = ASN1HEX.getVbyList(hKey, 0, [2], "02"); - var g = ASN1HEX.getVbyList(hKey, 0, [3], "02"); - var y = ASN1HEX.getVbyList(hKey, 0, [4], "02"); - var x = ASN1HEX.getVbyList(hKey, 0, [5], "02"); - var key = new KJUR.crypto.DSA(); - key.setPrivate(new BigInteger(p, 16), - new BigInteger(q, 16), - new BigInteger(g, 16), - new BigInteger(y, 16), - new BigInteger(x, 16)); - return key; + param.indexOf("4,ENCRYPTED") == -1) { + + var hKey = this.getHexFromPEM(param, "DSA PRIVATE KEY"); + var p = ASN1HEX.getVbyList(hKey, 0, [1], "02"); + var q = ASN1HEX.getVbyList(hKey, 0, [2], "02"); + var g = ASN1HEX.getVbyList(hKey, 0, [3], "02"); + var y = ASN1HEX.getVbyList(hKey, 0, [4], "02"); + var x = ASN1HEX.getVbyList(hKey, 0, [5], "02"); + var key = new KJUR.crypto.DSA(); + key.setPrivate(new BigInteger(p, 16), + new BigInteger(q, 16), + new BigInteger(g, 16), + new BigInteger(y, 16), + new BigInteger(x, 16)); + return key; } // 9. private key by plain PKCS#8 PEM ECC/RSA string if (param.indexOf("-END PRIVATE KEY-") != -1) { - return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(param); + return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(param); } // 10. private key by encrypted PKCS#5 PEM RSA string if (param.indexOf("-END RSA PRIVATE KEY-") != -1 && - param.indexOf("4,ENCRYPTED") != -1) { - return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(param, passcode); + param.indexOf("4,ENCRYPTED") != -1) { + return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(param, passcode); } // 10.2. private key by encrypted PKCS#5 PEM ECDSA string if (param.indexOf("-END EC PRIVATE KEY-") != -1 && - param.indexOf("4,ENCRYPTED") != -1) { - var hKey = KEYUTIL.getDecryptedKeyHex(param, passcode); - - var key = ASN1HEX.getVbyList(hKey, 0, [1], "04"); - var curveNameOidHex = ASN1HEX.getVbyList(hKey, 0, [2,0], "06"); - var pubkey = ASN1HEX.getVbyList(hKey, 0, [3,0], "03").substr(2); - var curveName = ""; - - if (KJUR.crypto.OID.oidhex2name[curveNameOidHex] !== undefined) { - curveName = KJUR.crypto.OID.oidhex2name[curveNameOidHex]; - } else { - throw "undefined OID(hex) in KJUR.crypto.OID: " + curveNameOidHex; - } - - var ec = new KJUR.crypto.ECDSA({'name': curveName}); - ec.setPublicKeyHex(pubkey); - ec.setPrivateKeyHex(key); - ec.isPublic = false; - return ec; + param.indexOf("4,ENCRYPTED") != -1) { + var hKey = KEYUTIL.getDecryptedKeyHex(param, passcode); + + var key = ASN1HEX.getVbyList(hKey, 0, [1], "04"); + var curveNameOidHex = ASN1HEX.getVbyList(hKey, 0, [2,0], "06"); + var pubkey = ASN1HEX.getVbyList(hKey, 0, [3,0], "03").substr(2); + var curveName = ""; + + if (KJUR.crypto.OID.oidhex2name[curveNameOidHex] !== undefined) { + curveName = KJUR.crypto.OID.oidhex2name[curveNameOidHex]; + } else { + throw "undefined OID(hex) in KJUR.crypto.OID: " + curveNameOidHex; + } + + var ec = new KJUR.crypto.ECDSA({'name': curveName}); + ec.setPublicKeyHex(pubkey); + ec.setPrivateKeyHex(key); + ec.isPublic = false; + return ec; } // 10.3. private key by encrypted PKCS#5 PEM DSA string if (param.indexOf("-END DSA PRIVATE KEY-") != -1 && - param.indexOf("4,ENCRYPTED") != -1) { - var hKey = KEYUTIL.getDecryptedKeyHex(param, passcode); - var p = ASN1HEX.getVbyList(hKey, 0, [1], "02"); - var q = ASN1HEX.getVbyList(hKey, 0, [2], "02"); - var g = ASN1HEX.getVbyList(hKey, 0, [3], "02"); - var y = ASN1HEX.getVbyList(hKey, 0, [4], "02"); - var x = ASN1HEX.getVbyList(hKey, 0, [5], "02"); - var key = new KJUR.crypto.DSA(); - key.setPrivate(new BigInteger(p, 16), - new BigInteger(q, 16), - new BigInteger(g, 16), - new BigInteger(y, 16), - new BigInteger(x, 16)); - return key; + param.indexOf("4,ENCRYPTED") != -1) { + var hKey = KEYUTIL.getDecryptedKeyHex(param, passcode); + var p = ASN1HEX.getVbyList(hKey, 0, [1], "02"); + var q = ASN1HEX.getVbyList(hKey, 0, [2], "02"); + var g = ASN1HEX.getVbyList(hKey, 0, [3], "02"); + var y = ASN1HEX.getVbyList(hKey, 0, [4], "02"); + var x = ASN1HEX.getVbyList(hKey, 0, [5], "02"); + var key = new KJUR.crypto.DSA(); + key.setPrivate(new BigInteger(p, 16), + new BigInteger(q, 16), + new BigInteger(g, 16), + new BigInteger(y, 16), + new BigInteger(x, 16)); + return key; } // 11. private key by encrypted PKCS#8 hexadecimal RSA/ECDSA string if (param.indexOf("-END ENCRYPTED PRIVATE KEY-") != -1) { - return KEYUTIL.getKeyFromEncryptedPKCS8PEM(param, passcode); + return KEYUTIL.getKeyFromEncryptedPKCS8PEM(param, passcode); } throw "not supported argument"; @@ -1436,36 +1436,36 @@ KEYUTIL.getKey = function(param, passcode, hextype) { */ KEYUTIL.generateKeypair = function(alg, keylenOrCurve) { if (alg == "RSA") { - var keylen = keylenOrCurve; - var prvKey = new RSAKey(); - prvKey.generate(keylen, '10001'); - - var pubKey = new RSAKey(); - var hN = prvKey.n.toString(16); - var hE = prvKey.e.toString(16); - pubKey.setPublic(hN, hE); - - var result = {}; - result.prvKeyObj = prvKey; - result.pubKeyObj = pubKey; - return result; + var keylen = keylenOrCurve; + var prvKey = new RSAKey(); + prvKey.generate(keylen, '10001'); + + var pubKey = new RSAKey(); + var hN = prvKey.n.toString(16); + var hE = prvKey.e.toString(16); + pubKey.setPublic(hN, hE); + + var result = {}; + result.prvKeyObj = prvKey; + result.pubKeyObj = pubKey; + return result; } else if (alg == "EC") { - var curve = keylenOrCurve; - var ec = new KJUR.crypto.ECDSA({curve: curve}); - var keypairHex = ec.generateKeyPairHex(); + var curve = keylenOrCurve; + var ec = new KJUR.crypto.ECDSA({curve: curve}); + var keypairHex = ec.generateKeyPairHex(); - var prvKey = new KJUR.crypto.ECDSA({curve: curve}); - prvKey.setPrivateKeyHex(keypairHex.ecprvhex); + var prvKey = new KJUR.crypto.ECDSA({curve: curve}); + prvKey.setPrivateKeyHex(keypairHex.ecprvhex); - var pubKey = new KJUR.crypto.ECDSA({curve: curve}); - pubKey.setPublicKeyHex(keypairHex.ecpubhex); + var pubKey = new KJUR.crypto.ECDSA({curve: curve}); + pubKey.setPublicKeyHex(keypairHex.ecpubhex); - var result = {}; - result.prvKeyObj = prvKey; - result.pubKeyObj = pubKey; - return result; + var result = {}; + result.prvKeyObj = prvKey; + result.pubKeyObj = pubKey; + return result; } else { - throw "unknown algorithm: " + alg; + throw "unknown algorithm: " + alg; } }; @@ -1506,37 +1506,37 @@ KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) { var ns2 = KJUR.crypto; function _rsaprv2asn1obj(keyObjOrHex) { - var asn1Obj = KJUR.asn1.ASN1Util.newObject({ - "seq": [ + var asn1Obj = KJUR.asn1.ASN1Util.newObject({ + "seq": [ {"int": 0 }, {"int": {"bigint": keyObjOrHex.n}}, - {"int": keyObjOrHex.e}, - {"int": {"bigint": keyObjOrHex.d}}, - {"int": {"bigint": keyObjOrHex.p}}, - {"int": {"bigint": keyObjOrHex.q}}, - {"int": {"bigint": keyObjOrHex.dmp1}}, - {"int": {"bigint": keyObjOrHex.dmq1}}, - {"int": {"bigint": keyObjOrHex.coeff}} + {"int": keyObjOrHex.e}, + {"int": {"bigint": keyObjOrHex.d}}, + {"int": {"bigint": keyObjOrHex.p}}, + {"int": {"bigint": keyObjOrHex.q}}, + {"int": {"bigint": keyObjOrHex.dmp1}}, + {"int": {"bigint": keyObjOrHex.dmq1}}, + {"int": {"bigint": keyObjOrHex.coeff}} ] }); - return asn1Obj; + return asn1Obj; }; function _ecdsaprv2asn1obj(keyObjOrHex) { - var asn1Obj2 = KJUR.asn1.ASN1Util.newObject({ - "seq": [ + var asn1Obj2 = KJUR.asn1.ASN1Util.newObject({ + "seq": [ {"int": 1 }, {"octstr": {"hex": keyObjOrHex.prvKeyHex}}, {"tag": ['a0', true, {'oid': {'name': keyObjOrHex.curveName}}]}, {"tag": ['a1', true, {'bitstr': {'hex': '00' + keyObjOrHex.pubKeyHex}}]} ] }); - return asn1Obj2; + return asn1Obj2; }; function _dsaprv2asn1obj(keyObjOrHex) { - var asn1Obj = KJUR.asn1.ASN1Util.newObject({ - "seq": [ + var asn1Obj = KJUR.asn1.ASN1Util.newObject({ + "seq": [ {"int": 0 }, {"int": {"bigint": keyObjOrHex.p}}, {"int": {"bigint": keyObjOrHex.q}}, @@ -1545,119 +1545,119 @@ KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) { {"int": {"bigint": keyObjOrHex.x}} ] }); - return asn1Obj; + return asn1Obj; }; // 1. public key // x. PEM PKCS#8 public key of RSA/ECDSA/DSA public key object if (((typeof RSAKey != "undefined" && keyObjOrHex instanceof RSAKey) || - (typeof ns2.DSA != "undefined" && keyObjOrHex instanceof ns2.DSA) || - (typeof ns2.ECDSA != "undefined" && keyObjOrHex instanceof ns2.ECDSA)) && - keyObjOrHex.isPublic == true && - (formatType === undefined || formatType == "PKCS8PUB")) { - var asn1Obj = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObjOrHex); - var asn1Hex = asn1Obj.getEncodedHex(); - return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PUBLIC KEY"); + (typeof ns2.DSA != "undefined" && keyObjOrHex instanceof ns2.DSA) || + (typeof ns2.ECDSA != "undefined" && keyObjOrHex instanceof ns2.ECDSA)) && + keyObjOrHex.isPublic == true && + (formatType === undefined || formatType == "PKCS8PUB")) { + var asn1Obj = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObjOrHex); + var asn1Hex = asn1Obj.getEncodedHex(); + return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PUBLIC KEY"); } // 2. private // x. PEM PKCS#1 plain private key of RSA private key object if (formatType == "PKCS1PRV" && - typeof RSAKey != "undefined" && - keyObjOrHex instanceof RSAKey && - (passwd === undefined || passwd == null) && - keyObjOrHex.isPrivate == true) { + typeof RSAKey != "undefined" && + keyObjOrHex instanceof RSAKey && + (passwd === undefined || passwd == null) && + keyObjOrHex.isPrivate == true) { - var asn1Obj = _rsaprv2asn1obj(keyObjOrHex); + var asn1Obj = _rsaprv2asn1obj(keyObjOrHex); var asn1Hex = asn1Obj.getEncodedHex(); - return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "RSA PRIVATE KEY"); + return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "RSA PRIVATE KEY"); } // x. PEM PKCS#1 plain private key of ECDSA private key object if (formatType == "PKCS1PRV" && - typeof RSAKey != "undefined" && - keyObjOrHex instanceof KJUR.crypto.ECDSA && - (passwd === undefined || passwd == null) && - keyObjOrHex.isPrivate == true) { - - var asn1Obj1 = new KJUR.asn1.DERObjectIdentifier({'name': keyObjOrHex.curveName}); - var asn1Hex1 = asn1Obj1.getEncodedHex(); - var asn1Obj2 = _ecdsaprv2asn1obj(keyObjOrHex); + typeof RSAKey != "undefined" && + keyObjOrHex instanceof KJUR.crypto.ECDSA && + (passwd === undefined || passwd == null) && + keyObjOrHex.isPrivate == true) { + + var asn1Obj1 = new KJUR.asn1.DERObjectIdentifier({'name': keyObjOrHex.curveName}); + var asn1Hex1 = asn1Obj1.getEncodedHex(); + var asn1Obj2 = _ecdsaprv2asn1obj(keyObjOrHex); var asn1Hex2 = asn1Obj2.getEncodedHex(); - var s = ""; - s += ns1.ASN1Util.getPEMStringFromHex(asn1Hex1, "EC PARAMETERS"); - s += ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "EC PRIVATE KEY"); - return s; + var s = ""; + s += ns1.ASN1Util.getPEMStringFromHex(asn1Hex1, "EC PARAMETERS"); + s += ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "EC PRIVATE KEY"); + return s; } // x. PEM PKCS#1 plain private key of DSA private key object if (formatType == "PKCS1PRV" && - typeof KJUR.crypto.DSA != "undefined" && - keyObjOrHex instanceof KJUR.crypto.DSA && - (passwd === undefined || passwd == null) && - keyObjOrHex.isPrivate == true) { + typeof KJUR.crypto.DSA != "undefined" && + keyObjOrHex instanceof KJUR.crypto.DSA && + (passwd === undefined || passwd == null) && + keyObjOrHex.isPrivate == true) { - var asn1Obj = _dsaprv2asn1obj(keyObjOrHex); + var asn1Obj = _dsaprv2asn1obj(keyObjOrHex); var asn1Hex = asn1Obj.getEncodedHex(); - return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "DSA PRIVATE KEY"); + return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "DSA PRIVATE KEY"); } // 3. private // x. PEM PKCS#5 encrypted private key of RSA private key object if (formatType == "PKCS5PRV" && - typeof RSAKey != "undefined" && - keyObjOrHex instanceof RSAKey && - (passwd !== undefined && passwd != null) && - keyObjOrHex.isPrivate == true) { + typeof RSAKey != "undefined" && + keyObjOrHex instanceof RSAKey && + (passwd !== undefined && passwd != null) && + keyObjOrHex.isPrivate == true) { - var asn1Obj = _rsaprv2asn1obj(keyObjOrHex); + var asn1Obj = _rsaprv2asn1obj(keyObjOrHex); var asn1Hex = asn1Obj.getEncodedHex(); - if (encAlg === undefined) encAlg = "DES-EDE3-CBC"; - return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA", asn1Hex, passwd, encAlg); + if (encAlg === undefined) encAlg = "DES-EDE3-CBC"; + return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA", asn1Hex, passwd, encAlg); } // x. PEM PKCS#5 encrypted private key of ECDSA private key object if (formatType == "PKCS5PRV" && - typeof KJUR.crypto.ECDSA != "undefined" && - keyObjOrHex instanceof KJUR.crypto.ECDSA && - (passwd !== undefined && passwd != null) && - keyObjOrHex.isPrivate == true) { + typeof KJUR.crypto.ECDSA != "undefined" && + keyObjOrHex instanceof KJUR.crypto.ECDSA && + (passwd !== undefined && passwd != null) && + keyObjOrHex.isPrivate == true) { - var asn1Obj = _ecdsaprv2asn1obj(keyObjOrHex); + var asn1Obj = _ecdsaprv2asn1obj(keyObjOrHex); var asn1Hex = asn1Obj.getEncodedHex(); - if (encAlg === undefined) encAlg = "DES-EDE3-CBC"; - return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC", asn1Hex, passwd, encAlg); + if (encAlg === undefined) encAlg = "DES-EDE3-CBC"; + return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC", asn1Hex, passwd, encAlg); } // x. PEM PKCS#5 encrypted private key of DSA private key object if (formatType == "PKCS5PRV" && - typeof KJUR.crypto.DSA != "undefined" && - keyObjOrHex instanceof KJUR.crypto.DSA && - (passwd !== undefined && passwd != null) && - keyObjOrHex.isPrivate == true) { + typeof KJUR.crypto.DSA != "undefined" && + keyObjOrHex instanceof KJUR.crypto.DSA && + (passwd !== undefined && passwd != null) && + keyObjOrHex.isPrivate == true) { - var asn1Obj = _dsaprv2asn1obj(keyObjOrHex); + var asn1Obj = _dsaprv2asn1obj(keyObjOrHex); var asn1Hex = asn1Obj.getEncodedHex(); - if (encAlg === undefined) encAlg = "DES-EDE3-CBC"; - return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA", asn1Hex, passwd, encAlg); + if (encAlg === undefined) encAlg = "DES-EDE3-CBC"; + return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA", asn1Hex, passwd, encAlg); } // x. ====================================================================== var _getEncryptedPKCS8 = function(plainKeyHex, passcode) { - var info = _getEencryptedPKCS8Info(plainKeyHex, passcode); - //alert("iv=" + info.encryptionSchemeIV); - //alert("info.ciphertext2[" + info.ciphertext.length + "=" + info.ciphertext); - var asn1Obj = new KJUR.asn1.ASN1Util.newObject({ - "seq": [ - {"seq": [ + var info = _getEencryptedPKCS8Info(plainKeyHex, passcode); + //alert("iv=" + info.encryptionSchemeIV); + //alert("info.ciphertext2[" + info.ciphertext.length + "=" + info.ciphertext); + var asn1Obj = new KJUR.asn1.ASN1Util.newObject({ + "seq": [ + {"seq": [ {"oid": {"name": "pkcs5PBES2"}}, {"seq": [ {"seq": [ @@ -1665,80 +1665,80 @@ KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) { {"seq": [ {"octstr": {"hex": info.pbkdf2Salt}}, {"int": info.pbkdf2Iter} - ]} - ]}, + ]} + ]}, {"seq": [ {"oid": {"name": "des-EDE3-CBC"}}, {"octstr": {"hex": info.encryptionSchemeIV}} - ]} - ]} - ]}, + ]} + ]} + ]}, {"octstr": {"hex": info.ciphertext}} ] }); - return asn1Obj.getEncodedHex(); + return asn1Obj.getEncodedHex(); }; var _getEencryptedPKCS8Info = function(plainKeyHex, passcode) { - var pbkdf2Iter = 100; - var pbkdf2SaltWS = CryptoJS.lib.WordArray.random(8); - var encryptionSchemeAlg = "DES-EDE3-CBC"; - var encryptionSchemeIVWS = CryptoJS.lib.WordArray.random(8); - // PBKDF2 key - var pbkdf2KeyWS = CryptoJS.PBKDF2(passcode, - pbkdf2SaltWS, { "keySize": 192/32, - "iterations": pbkdf2Iter }); - // ENCRYPT - var plainKeyWS = CryptoJS.enc.Hex.parse(plainKeyHex); - var encryptedKeyHex = - CryptoJS.TripleDES.encrypt(plainKeyWS, pbkdf2KeyWS, { "iv": encryptionSchemeIVWS }) + ""; - - //alert("encryptedKeyHex=" + encryptedKeyHex); - - var info = {}; - info.ciphertext = encryptedKeyHex; - //alert("info.ciphertext=" + info.ciphertext); - info.pbkdf2Salt = CryptoJS.enc.Hex.stringify(pbkdf2SaltWS); - info.pbkdf2Iter = pbkdf2Iter; - info.encryptionSchemeAlg = encryptionSchemeAlg; - info.encryptionSchemeIV = CryptoJS.enc.Hex.stringify(encryptionSchemeIVWS); - return info; + var pbkdf2Iter = 100; + var pbkdf2SaltWS = CryptoJS.lib.WordArray.random(8); + var encryptionSchemeAlg = "DES-EDE3-CBC"; + var encryptionSchemeIVWS = CryptoJS.lib.WordArray.random(8); + // PBKDF2 key + var pbkdf2KeyWS = CryptoJS.PBKDF2(passcode, + pbkdf2SaltWS, { "keySize": 192/32, + "iterations": pbkdf2Iter }); + // ENCRYPT + var plainKeyWS = CryptoJS.enc.Hex.parse(plainKeyHex); + var encryptedKeyHex = + CryptoJS.TripleDES.encrypt(plainKeyWS, pbkdf2KeyWS, { "iv": encryptionSchemeIVWS }) + ""; + + //alert("encryptedKeyHex=" + encryptedKeyHex); + + var info = {}; + info.ciphertext = encryptedKeyHex; + //alert("info.ciphertext=" + info.ciphertext); + info.pbkdf2Salt = CryptoJS.enc.Hex.stringify(pbkdf2SaltWS); + info.pbkdf2Iter = pbkdf2Iter; + info.encryptionSchemeAlg = encryptionSchemeAlg; + info.encryptionSchemeIV = CryptoJS.enc.Hex.stringify(encryptionSchemeIVWS); + return info; }; // x. PEM PKCS#8 plain private key of RSA private key object if (formatType == "PKCS8PRV" && - typeof RSAKey != "undefined" && - keyObjOrHex instanceof RSAKey && - keyObjOrHex.isPrivate == true) { + typeof RSAKey != "undefined" && + keyObjOrHex instanceof RSAKey && + keyObjOrHex.isPrivate == true) { - var keyObj = _rsaprv2asn1obj(keyObjOrHex); + var keyObj = _rsaprv2asn1obj(keyObjOrHex); var keyHex = keyObj.getEncodedHex(); - var asn1Obj = KJUR.asn1.ASN1Util.newObject({ - "seq": [ - {"int": 0}, - {"seq": [{"oid": {"name": "rsaEncryption"}},{"null": true}]}, - {"octstr": {"hex": keyHex}} + var asn1Obj = KJUR.asn1.ASN1Util.newObject({ + "seq": [ + {"int": 0}, + {"seq": [{"oid": {"name": "rsaEncryption"}},{"null": true}]}, + {"octstr": {"hex": keyHex}} ] }); - var asn1Hex = asn1Obj.getEncodedHex(); - - if (passwd === undefined || passwd == null) { - return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY"); - } else { - var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd); - return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY"); - } + var asn1Hex = asn1Obj.getEncodedHex(); + + if (passwd === undefined || passwd == null) { + return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY"); + } else { + var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd); + return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY"); + } } // x. PEM PKCS#8 plain private key of ECDSA private key object if (formatType == "PKCS8PRV" && - typeof KJUR.crypto.ECDSA != "undefined" && - keyObjOrHex instanceof KJUR.crypto.ECDSA && - keyObjOrHex.isPrivate == true) { + typeof KJUR.crypto.ECDSA != "undefined" && + keyObjOrHex instanceof KJUR.crypto.ECDSA && + keyObjOrHex.isPrivate == true) { - var keyObj = new KJUR.asn1.ASN1Util.newObject({ - "seq": [ + var keyObj = new KJUR.asn1.ASN1Util.newObject({ + "seq": [ {"int": 1}, {"octstr": {"hex": keyObjOrHex.prvKeyHex}}, {"tag": ['a1', true, {"bitstr": {"hex": "00" + keyObjOrHex.pubKeyHex}}]} @@ -1746,59 +1746,131 @@ KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) { }); var keyHex = keyObj.getEncodedHex(); - var asn1Obj = KJUR.asn1.ASN1Util.newObject({ - "seq": [ - {"int": 0}, - {"seq": [ + var asn1Obj = KJUR.asn1.ASN1Util.newObject({ + "seq": [ + {"int": 0}, + {"seq": [ {"oid": {"name": "ecPublicKey"}}, {"oid": {"name": keyObjOrHex.curveName}} - ]}, - {"octstr": {"hex": keyHex}} + ]}, + {"octstr": {"hex": keyHex}} ] }); - var asn1Hex = asn1Obj.getEncodedHex(); - if (passwd === undefined || passwd == null) { - return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY"); - } else { - var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd); - return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY"); - } + var asn1Hex = asn1Obj.getEncodedHex(); + if (passwd === undefined || passwd == null) { + return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY"); + } else { + var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd); + return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY"); + } } // x. PEM PKCS#8 plain private key of DSA private key object if (formatType == "PKCS8PRV" && - typeof KJUR.crypto.DSA != "undefined" && - keyObjOrHex instanceof KJUR.crypto.DSA && - keyObjOrHex.isPrivate == true) { + typeof KJUR.crypto.DSA != "undefined" && + keyObjOrHex instanceof KJUR.crypto.DSA && + keyObjOrHex.isPrivate == true) { - var keyObj = new KJUR.asn1.DERInteger({'bigint': keyObjOrHex.x}); + var keyObj = new KJUR.asn1.DERInteger({'bigint': keyObjOrHex.x}); var keyHex = keyObj.getEncodedHex(); - var asn1Obj = KJUR.asn1.ASN1Util.newObject({ - "seq": [ - {"int": 0}, - {"seq": [ + var asn1Obj = KJUR.asn1.ASN1Util.newObject({ + "seq": [ + {"int": 0}, + {"seq": [ {"oid": {"name": "dsa"}}, {"seq": [ {"int": {"bigint": keyObjOrHex.p}}, {"int": {"bigint": keyObjOrHex.q}}, {"int": {"bigint": keyObjOrHex.g}} - ]} - ]}, - {"octstr": {"hex": keyHex}} + ]} + ]}, + {"octstr": {"hex": keyHex}} ] }); - var asn1Hex = asn1Obj.getEncodedHex(); - if (passwd === undefined || passwd == null) { - return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY"); - } else { - var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd); - return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY"); - } + var asn1Hex = asn1Obj.getEncodedHex(); + if (passwd === undefined || passwd == null) { + return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY"); + } else { + var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd); + return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY"); + } } throw "unsupported object nor format"; }; +// -- PUBLIC METHODS FOR CSR ------------------------------------------------------- + +/** + * get RSAKey/DSA/ECDSA public key object from PEM formatted PKCS#10 CSR string + * @name getKeyFromCSRPEM + * @memberOf KEYUTIL + * @function + * @param {String} csrPEM PEM formatted PKCS#10 CSR string + * @return {Object} RSAKey/DSA/ECDSA public key object + * @since keyutil 1.0.5 + */ +KEYUTIL.getKeyFromCSRPEM = function(csrPEM) { + var csrHex = KEYUTIL.getHexFromPEM(csrPEM, "CERTIFICATE REQUEST"); + var key = KEYUTIL.getKeyFromCSRHex(csrHex); + return key; +}; + +/** + * get RSAKey/DSA/ECDSA public key object from hexadecimal string of PKCS#10 CSR + * @name getKeyFromCSRHex + * @memberOf KEYUTIL + * @function + * @param {String} csrHex hexadecimal string of PKCS#10 CSR + * @return {Object} RSAKey/DSA/ECDSA public key object + * @since keyutil 1.0.5 + */ +KEYUTIL.getKeyFromCSRHex = function(csrHex) { + var info = KEYUTIL.parseCSRHex(csrHex); + var key = KEYUTIL.getKey(info.p8pubkeyhex, null, "pkcs8pub"); + return key; +}; + +/** + * parse hexadecimal string of PKCS#10 CSR (certificate signing request) + * @name parseCSRHex + * @memberOf KEYUTIL + * @function + * @param {String} csrHex hexadecimal string of PKCS#10 CSR + * @return {Array} associative array of parsed CSR + * @since keyutil 1.0.5 + * @description + * Resulted associative array has following properties: + *
        + *
      • p8pubkeyhex - hexadecimal string of subject public key in PKCS#8
        • + *
      + */ +KEYUTIL.parseCSRHex = function(csrHex) { + var result = {}; + var h = csrHex; + + // 1. sequence + if (h.substr(0, 2) != "30") + throw "malformed CSR(code:001)"; // not sequence + + var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(h, 0); + if (a1.length < 1) + throw "malformed CSR(code:002)"; // short length + + // 2. 2nd sequence + if (h.substr(a1[0], 2) != "30") + throw "malformed CSR(code:003)"; // not sequence + + var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(h, a1[0]); + if (a2.length < 3) + throw "malformed CSR(code:004)"; // 2nd seq short elem + + result.p8pubkeyhex = ASN1HEX.getHexOfTLV_AtObj(h, a2[2]); + + return result; +}; + + diff --git a/keyutil-1.0.min.js b/keyutil-1.0.min.js old mode 100755 new mode 100644 index b9754685..9596a3f7 --- a/keyutil-1.0.min.js +++ b/keyutil-1.0.min.js @@ -1,3 +1,3 @@ -/*! keyutil-1.0.4.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! keyutil-1.0.5.js (c) 2013-2014 Kenji Urushima | kjur.github.com/jsrsasign/license */ -var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(t){var u={};if(t.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"))){u.cipher=RegExp.$1;u.ivsalt=RegExp.$2}if(t.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"))){u.type=RegExp.$1}var r=-1;var v=0;if(t.indexOf("\r\n\r\n")!=-1){r=t.indexOf("\r\n\r\n");v=2}if(t.indexOf("\n\n")!=-1){r=t.indexOf("\n\n");v=1}var q=t.indexOf("-----END");if(r!=-1&&q!=-1){var p=t.substring(r+v*2,q-v);p=p.replace(/\s+/g,"");u.data=p}return u};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",getHexFromPEM:function(q,u){var r=q;if(r.indexOf("BEGIN "+u)==-1){throw"can't find PEM header: "+u}r=r.replace("-----BEGIN "+u+"-----","");r=r.replace("-----END "+u+"-----","");var t=r.replace(/\s+/g,"");var p=b64tohex(t);return p},getDecryptedKeyHexByKeyIV:function(q,t,s,r){var p=c(t);return p(q,s,r)},parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getRSAKeyFromEncryptedPKCS5PEM:function(r,q){var s=this.getDecryptedKeyHex(r,q);var p=new RSAKey();p.readPrivateKeyFromASN1HexString(s);return p},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},getEncryptedPKCS5PEMFromRSAKey:function(D,E,r,t){var B=new KJUR.asn1.DERInteger({"int":0});var w=new KJUR.asn1.DERInteger({bigint:D.n});var A=new KJUR.asn1.DERInteger({"int":D.e});var C=new KJUR.asn1.DERInteger({bigint:D.d});var u=new KJUR.asn1.DERInteger({bigint:D.p});var s=new KJUR.asn1.DERInteger({bigint:D.q});var z=new KJUR.asn1.DERInteger({bigint:D.dmp1});var v=new KJUR.asn1.DERInteger({bigint:D.dmq1});var y=new KJUR.asn1.DERInteger({bigint:D.coeff});var F=new KJUR.asn1.DERSequence({array:[B,w,A,C,u,s,z,v,y]});var x=F.getEncodedHex();return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",x,E,r,t)},newEncryptedPKCS5PEM:function(p,q,t,u){if(typeof q=="undefined"||q==null){q=1024}if(typeof t=="undefined"||t==null){t="10001"}var r=new RSAKey();r.generate(q,t);var s=null;if(typeof u=="undefined"||u==null){s=this.getEncryptedPKCS5PEMFromRSAKey(r,p)}else{s=this.getEncryptedPKCS5PEMFromRSAKey(r,p,u)}return s},getRSAKeyFromPlainPKCS8PEM:function(r){if(r.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var q=this.getHexFromPEM(r,"PRIVATE KEY");var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getRSAKeyFromPlainPKCS8Hex:function(s){var r=ASN1HEX.getPosArrayOfChildren_AtObj(s,0);if(r.length!=3){throw"outer DERSequence shall have 3 elements: "+r.length}var q=ASN1HEX.getHexOfTLV_AtObj(s,r[1]);if(q!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmIdentifier is not rsaEnc: "+q}var q=ASN1HEX.getHexOfTLV_AtObj(s,r[1]);var t=ASN1HEX.getHexOfTLV_AtObj(s,r[2]);var u=ASN1HEX.getHexOfV_AtObj(t,0);var p=new RSAKey();p.readPrivateKeyFromASN1HexString(u);return p},parseHexOfEncryptedPKCS8:function(w){var s={};var r=ASN1HEX.getPosArrayOfChildren_AtObj(w,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}s.ciphertext=ASN1HEX.getHexOfV_AtObj(w,r[1]);var y=ASN1HEX.getPosArrayOfChildren_AtObj(w,r[0]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+y.length}if(ASN1HEX.getHexOfV_AtObj(w,y[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(w,y[1]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=ASN1HEX.getPosArrayOfChildren_AtObj(w,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(ASN1HEX.getHexOfV_AtObj(w,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}s.encryptionSchemeAlg="TripleDES";s.encryptionSchemeIV=ASN1HEX.getHexOfV_AtObj(w,q[1]);var t=ASN1HEX.getPosArrayOfChildren_AtObj(w,p[0]);if(t.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+t.length}if(ASN1HEX.getHexOfV_AtObj(w,t[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=ASN1HEX.getPosArrayOfChildren_AtObj(w,t[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}s.pbkdf2Salt=ASN1HEX.getHexOfV_AtObj(w,x[0]);var u=ASN1HEX.getHexOfV_AtObj(w,x[1]);try{s.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return s},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=this.getHexFromPEM(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getRSAKeyFromEncryptedPKCS8PEM:function(s,r){var q=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,r);var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=ASN1HEX.getPosArrayOfChildren_AtObj(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=ASN1HEX.getHexOfV_AtObj(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=ASN1HEX.getHexOfV_AtObj(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=ASN1HEX.getStartPosOfV_AtObj(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=this.getHexFromPEM(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var w=this.parsePlainPrivatePKCS8Hex(p);if(w.algoid=="2a864886f70d010101"){this.parsePrivateRawRSAKeyHexAtObj(p,w);var u=w.key;var z=new RSAKey();z.setPrivateEx(u.n,u.e,u.d,u.p,u.q,u.dp,u.dq,u.co);return z}else{if(w.algoid=="2a8648ce3d0201"){this.parsePrivateRawECKeyHexAtObj(p,w);if(KJUR.crypto.OID.oidhex2name[w.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+w.algparam}var v=KJUR.crypto.OID.oidhex2name[w.algparam];var z=new KJUR.crypto.ECDSA({curve:v});z.setPublicKeyHex(w.pubkey);z.setPrivateKeyHex(w.key);z.isPublic=false;return z}else{if(w.algoid=="2a8648ce380401"){var t=ASN1HEX.getVbyList(p,0,[1,1,0],"02");var s=ASN1HEX.getVbyList(p,0,[1,1,1],"02");var y=ASN1HEX.getVbyList(p,0,[1,1,2],"02");var B=ASN1HEX.getVbyList(p,0,[2,0],"02");var r=new BigInteger(t,16);var q=new BigInteger(s,16);var x=new BigInteger(y,16);var A=new BigInteger(B,16);var z=new KJUR.crypto.DSA();z.setPrivate(r,q,x,null,A);return z}else{throw"unsupported private key algorithm"}}}},getRSAKeyFromPublicPKCS8PEM:function(q){var r=this.getHexFromPEM(q,"PUBLIC KEY");var p=this.getRSAKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8PEM:function(q){var r=this.getHexFromPEM(q,"PUBLIC KEY");var p=this.getKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8Hex:function(q){var p=this.parsePublicPKCS8Hex(q);if(p.algoid=="2a864886f70d010101"){var u=this.parsePublicRawRSAKeyHex(p.key);var r=new RSAKey();r.setPublic(u.n,u.e);return r}else{if(p.algoid=="2a8648ce3d0201"){if(KJUR.crypto.OID.oidhex2name[p.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+p.algparam}var s=KJUR.crypto.OID.oidhex2name[p.algparam];var r=new KJUR.crypto.ECDSA({curve:s,pub:p.key});return r}else{if(p.algoid=="2a8648ce380401"){var t=p.algparam;var v=ASN1HEX.getHexOfV_AtObj(p.key,0);var r=new KJUR.crypto.DSA();r.setPublic(new BigInteger(t.p,16),new BigInteger(t.q,16),new BigInteger(t.g,16),new BigInteger(v,16));return r}else{throw"unsupported public key algorithm"}}}},parsePublicRawRSAKeyHex:function(r){var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=ASN1HEX.getPosArrayOfChildren_AtObj(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=ASN1HEX.getHexOfV_AtObj(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=ASN1HEX.getHexOfV_AtObj(r,q[1]);return p},parsePrivateRawRSAKeyHexAtObj:function(q,s){var r=s.keyidx;if(q.substr(r,2)!="30"){throw"malformed RSA private key(code:001)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(q,r);if(p.length!=9){throw"malformed RSA private key(code:002)"}s.key={};s.key.n=ASN1HEX.getHexOfV_AtObj(q,p[1]);s.key.e=ASN1HEX.getHexOfV_AtObj(q,p[2]);s.key.d=ASN1HEX.getHexOfV_AtObj(q,p[3]);s.key.p=ASN1HEX.getHexOfV_AtObj(q,p[4]);s.key.q=ASN1HEX.getHexOfV_AtObj(q,p[5]);s.key.dp=ASN1HEX.getHexOfV_AtObj(q,p[6]);s.key.dq=ASN1HEX.getHexOfV_AtObj(q,p[7]);s.key.co=ASN1HEX.getHexOfV_AtObj(q,p[8])},parsePrivateRawECKeyHexAtObj:function(p,t){var q=t.keyidx;var r=ASN1HEX.getVbyList(p,q,[1],"04");var s=ASN1HEX.getVbyList(p,q,[2,0],"03").substr(2);t.key=r;t.pubkey=s},parsePublicPKCS8Hex:function(s){var q={};q.algparam=null;var r=ASN1HEX.getPosArrayOfChildren_AtObj(s,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var t=r[0];if(s.substr(t,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(s,t);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=ASN1HEX.getHexOfV_AtObj(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=ASN1HEX.getHexOfV_AtObj(s,p[1])}else{if(s.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=ASN1HEX.getVbyList(s,p[1],[0],"02");q.algparam.q=ASN1HEX.getVbyList(s,p[1],[1],"02");q.algparam.g=ASN1HEX.getVbyList(s,p[1],[2],"02")}}if(s.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=ASN1HEX.getHexOfV_AtObj(s,r[1]).substr(2);return q},getRSAKeyFromPublicPKCS8Hex:function(t){var s=ASN1HEX.getPosArrayOfChildren_AtObj(t,0);if(s.length!=2){throw"outer DERSequence shall have 2 elements: "+s.length}var r=ASN1HEX.getHexOfTLV_AtObj(t,s[0]);if(r!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmId is not rsaEncryption"}if(t.substr(s[1],2)!="03"){throw"PKCS8 Public Key is not BITSTRING encapslated."}var v=ASN1HEX.getStartPosOfV_AtObj(t,s[1])+2;if(t.substr(v,2)!="30"){throw"PKCS8 Public Key is not SEQUENCE."}var p=ASN1HEX.getPosArrayOfChildren_AtObj(t,v);if(p.length!=2){throw"inner DERSequence shall have 2 elements: "+p.length}if(t.substr(p[0],2)!="02"){throw"N is not ASN.1 INTEGER"}if(t.substr(p[1],2)!="02"){throw"E is not ASN.1 INTEGER"}var w=ASN1HEX.getHexOfV_AtObj(t,p[0]);var u=ASN1HEX.getHexOfV_AtObj(t,p[1]);var q=new RSAKey();q.setPublic(w,u);return q},}}();KEYUTIL.getKey=function(c,o,i){if(typeof RSAKey!="undefined"&&c instanceof RSAKey){return c}if(typeof KJUR.crypto.ECDSA!="undefined"&&c instanceof KJUR.crypto.ECDSA){return c}if(typeof KJUR.crypto.DSA!="undefined"&&c instanceof KJUR.crypto.DSA){return c}if(c.xy!==undefined&&c.curve!==undefined){return new KJUR.crypto.ECDSA({prv:c.xy,curve:c.curve})}if(c.n!==undefined&&c.e!==undefined&&c.d!==undefined&&c.p!==undefined&&c.q!==undefined&&c.dp!==undefined&&c.dq!==undefined&&c.co!==undefined){var n=new RSAKey();n.setPrivateEx(c.n,c.e,c.d,c.p,c.q,c.dp,c.dq,c.co);return n}if(c.p!==undefined&&c.q!==undefined&&c.g!==undefined&&c.y!==undefined&&c.x!==undefined){var n=new KJUR.crypto.DSA();n.setPrivate(c.p,c.q,c.g,c.y,c.x);return n}if(c.d!==undefined&&c.curve!==undefined){return new KJUR.crypto.ECDSA({pub:c.d,curve:c.curve})}if(c.n!==undefined&&c.e){var n=new RSAKey();n.setPublic(c.n,c.e);return n}if(c.p!==undefined&&c.q!==undefined&&c.g!==undefined&&c.y!==undefined&&c.x===undefined){var n=new KJUR.crypto.DSA();n.setPublic(c.p,c.q,c.g,c.y);return n}if(c.indexOf("-END CERTIFICATE-",0)!=-1||c.indexOf("-END X509 CERTIFICATE-",0)!=-1||c.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(c)}if(i==="pkcs8pub"){return KEYUTIL.getKeyFromPublicPKCS8Hex(c)}if(c.indexOf("-END PUBLIC KEY-")!=-1){return KEYUTIL.getKeyFromPublicPKCS8PEM(c)}if(i==="pkcs5prv"){var n=new RSAKey();n.readPrivateKeyFromASN1HexString(c);return n}if(i==="pkcs5prv"){var n=new RSAKey();n.readPrivateKeyFromASN1HexString(c);return n}if(c.indexOf("-END RSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")==-1){var n=new RSAKey();n.readPrivateKeyFromPEMString(c);return n}if(c.indexOf("-END DSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")==-1){var m=this.getHexFromPEM(c,"DSA PRIVATE KEY");var b=ASN1HEX.getVbyList(m,0,[1],"02");var a=ASN1HEX.getVbyList(m,0,[2],"02");var e=ASN1HEX.getVbyList(m,0,[3],"02");var k=ASN1HEX.getVbyList(m,0,[4],"02");var l=ASN1HEX.getVbyList(m,0,[5],"02");var n=new KJUR.crypto.DSA();n.setPrivate(new BigInteger(b,16),new BigInteger(a,16),new BigInteger(e,16),new BigInteger(k,16),new BigInteger(l,16));return n}if(c.indexOf("-END PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(c)}if(c.indexOf("-END RSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")!=-1){return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(c,o)}if(c.indexOf("-END EC PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")!=-1){var m=KEYUTIL.getDecryptedKeyHex(c,o);var n=ASN1HEX.getVbyList(m,0,[1],"04");var j=ASN1HEX.getVbyList(m,0,[2,0],"06");var d=ASN1HEX.getVbyList(m,0,[3,0],"03").substr(2);var h="";if(KJUR.crypto.OID.oidhex2name[j]!==undefined){h=KJUR.crypto.OID.oidhex2name[j]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+j}var f=new KJUR.crypto.ECDSA({name:h});f.setPublicKeyHex(d);f.setPrivateKeyHex(n);f.isPublic=false;return f}if(c.indexOf("-END DSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")!=-1){var m=KEYUTIL.getDecryptedKeyHex(c,o);var b=ASN1HEX.getVbyList(m,0,[1],"02");var a=ASN1HEX.getVbyList(m,0,[2],"02");var e=ASN1HEX.getVbyList(m,0,[3],"02");var k=ASN1HEX.getVbyList(m,0,[4],"02");var l=ASN1HEX.getVbyList(m,0,[5],"02");var n=new KJUR.crypto.DSA();n.setPrivate(new BigInteger(b,16),new BigInteger(a,16),new BigInteger(e,16),new BigInteger(k,16),new BigInteger(l,16));return n}if(c.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromEncryptedPKCS8PEM(c,o)}throw"not supported argument"};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPrivateKeyHex(j.ecprvhex);var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(a,r,o,g,j){var v=KJUR.asn1;var u=KJUR.crypto;function p(s){var w=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return w}function q(w){var s=KJUR.asn1.ASN1Util.newObject({seq:[{"int":1},{octstr:{hex:w.prvKeyHex}},{tag:["a0",true,{oid:{name:w.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+w.pubKeyHex}}]}]});return s}function n(s){var w=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return w}if(((typeof RSAKey!="undefined"&&a instanceof RSAKey)||(typeof u.DSA!="undefined"&&a instanceof u.DSA)||(typeof u.ECDSA!="undefined"&&a instanceof u.ECDSA))&&a.isPublic==true&&(r===undefined||r=="PKCS8PUB")){var t=new KJUR.asn1.x509.SubjectPublicKeyInfo(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"PUBLIC KEY")}if(r=="PKCS1PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&(o===undefined||o==null)&&a.isPrivate==true){var t=p(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"RSA PRIVATE KEY")}if(r=="PKCS1PRV"&&typeof RSAKey!="undefined"&&a instanceof KJUR.crypto.ECDSA&&(o===undefined||o==null)&&a.isPrivate==true){var f=new KJUR.asn1.DERObjectIdentifier({name:a.curveName});var l=f.getEncodedHex();var e=q(a);var k=e.getEncodedHex();var i="";i+=v.ASN1Util.getPEMStringFromHex(l,"EC PARAMETERS");i+=v.ASN1Util.getPEMStringFromHex(k,"EC PRIVATE KEY");return i}if(r=="PKCS1PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&(o===undefined||o==null)&&a.isPrivate==true){var t=n(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"DSA PRIVATE KEY")}if(r=="PKCS5PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=p(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",m,o,g)}if(r=="PKCS5PRV"&&typeof KJUR.crypto.ECDSA!="undefined"&&a instanceof KJUR.crypto.ECDSA&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=q(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",m,o,g)}if(r=="PKCS5PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=n(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",m,o,g)}var h=function(w,s){var y=b(w,s);var x=new KJUR.asn1.ASN1Util.newObject({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:y.pbkdf2Salt}},{"int":y.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:y.encryptionSchemeIV}}]}]}]},{octstr:{hex:y.ciphertext}}]});return x.getEncodedHex()};var b=function(D,E){var x=100;var C=CryptoJS.lib.WordArray.random(8);var B="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var y=CryptoJS.PBKDF2(E,C,{keySize:192/32,iterations:x});var z=CryptoJS.enc.Hex.parse(D);var A=CryptoJS.TripleDES.encrypt(z,y,{iv:s})+"";var w={};w.ciphertext=A;w.pbkdf2Salt=CryptoJS.enc.Hex.stringify(C);w.pbkdf2Iter=x;w.encryptionSchemeAlg=B;w.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return w};if(r=="PKCS8PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&a.isPrivate==true){var d=p(a);var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}if(r=="PKCS8PRV"&&typeof KJUR.crypto.ECDSA!="undefined"&&a instanceof KJUR.crypto.ECDSA&&a.isPrivate==true){var d=new KJUR.asn1.ASN1Util.newObject({seq:[{"int":1},{octstr:{hex:a.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+a.pubKeyHex}}]}]});var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:a.curveName}}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}if(r=="PKCS8PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&a.isPrivate==true){var d=new KJUR.asn1.DERInteger({bigint:a.x});var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:a.p}},{"int":{bigint:a.q}},{"int":{bigint:a.g}}]}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}throw"unsupported object nor format"}; \ No newline at end of file +var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(t){var u={};if(t.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"))){u.cipher=RegExp.$1;u.ivsalt=RegExp.$2}if(t.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"))){u.type=RegExp.$1}var r=-1;var v=0;if(t.indexOf("\r\n\r\n")!=-1){r=t.indexOf("\r\n\r\n");v=2}if(t.indexOf("\n\n")!=-1){r=t.indexOf("\n\n");v=1}var q=t.indexOf("-----END");if(r!=-1&&q!=-1){var p=t.substring(r+v*2,q-v);p=p.replace(/\s+/g,"");u.data=p}return u};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",getHexFromPEM:function(q,u){var r=q;if(r.indexOf("BEGIN "+u)==-1){throw"can't find PEM header: "+u}r=r.replace("-----BEGIN "+u+"-----","");r=r.replace("-----END "+u+"-----","");var t=r.replace(/\s+/g,"");var p=b64tohex(t);return p},getDecryptedKeyHexByKeyIV:function(q,t,s,r){var p=c(t);return p(q,s,r)},parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getRSAKeyFromEncryptedPKCS5PEM:function(r,q){var s=this.getDecryptedKeyHex(r,q);var p=new RSAKey();p.readPrivateKeyFromASN1HexString(s);return p},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},getEncryptedPKCS5PEMFromRSAKey:function(D,E,r,t){var B=new KJUR.asn1.DERInteger({"int":0});var w=new KJUR.asn1.DERInteger({bigint:D.n});var A=new KJUR.asn1.DERInteger({"int":D.e});var C=new KJUR.asn1.DERInteger({bigint:D.d});var u=new KJUR.asn1.DERInteger({bigint:D.p});var s=new KJUR.asn1.DERInteger({bigint:D.q});var z=new KJUR.asn1.DERInteger({bigint:D.dmp1});var v=new KJUR.asn1.DERInteger({bigint:D.dmq1});var y=new KJUR.asn1.DERInteger({bigint:D.coeff});var F=new KJUR.asn1.DERSequence({array:[B,w,A,C,u,s,z,v,y]});var x=F.getEncodedHex();return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",x,E,r,t)},newEncryptedPKCS5PEM:function(p,q,t,u){if(typeof q=="undefined"||q==null){q=1024}if(typeof t=="undefined"||t==null){t="10001"}var r=new RSAKey();r.generate(q,t);var s=null;if(typeof u=="undefined"||u==null){s=this.getEncryptedPKCS5PEMFromRSAKey(r,p)}else{s=this.getEncryptedPKCS5PEMFromRSAKey(r,p,u)}return s},getRSAKeyFromPlainPKCS8PEM:function(r){if(r.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var q=this.getHexFromPEM(r,"PRIVATE KEY");var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getRSAKeyFromPlainPKCS8Hex:function(s){var r=ASN1HEX.getPosArrayOfChildren_AtObj(s,0);if(r.length!=3){throw"outer DERSequence shall have 3 elements: "+r.length}var q=ASN1HEX.getHexOfTLV_AtObj(s,r[1]);if(q!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmIdentifier is not rsaEnc: "+q}var q=ASN1HEX.getHexOfTLV_AtObj(s,r[1]);var t=ASN1HEX.getHexOfTLV_AtObj(s,r[2]);var u=ASN1HEX.getHexOfV_AtObj(t,0);var p=new RSAKey();p.readPrivateKeyFromASN1HexString(u);return p},parseHexOfEncryptedPKCS8:function(w){var s={};var r=ASN1HEX.getPosArrayOfChildren_AtObj(w,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}s.ciphertext=ASN1HEX.getHexOfV_AtObj(w,r[1]);var y=ASN1HEX.getPosArrayOfChildren_AtObj(w,r[0]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+y.length}if(ASN1HEX.getHexOfV_AtObj(w,y[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(w,y[1]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=ASN1HEX.getPosArrayOfChildren_AtObj(w,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(ASN1HEX.getHexOfV_AtObj(w,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}s.encryptionSchemeAlg="TripleDES";s.encryptionSchemeIV=ASN1HEX.getHexOfV_AtObj(w,q[1]);var t=ASN1HEX.getPosArrayOfChildren_AtObj(w,p[0]);if(t.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+t.length}if(ASN1HEX.getHexOfV_AtObj(w,t[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=ASN1HEX.getPosArrayOfChildren_AtObj(w,t[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}s.pbkdf2Salt=ASN1HEX.getHexOfV_AtObj(w,x[0]);var u=ASN1HEX.getHexOfV_AtObj(w,x[1]);try{s.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return s},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=this.getHexFromPEM(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getRSAKeyFromEncryptedPKCS8PEM:function(s,r){var q=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,r);var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=ASN1HEX.getPosArrayOfChildren_AtObj(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=ASN1HEX.getHexOfV_AtObj(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=ASN1HEX.getHexOfV_AtObj(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=ASN1HEX.getStartPosOfV_AtObj(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=this.getHexFromPEM(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var w=this.parsePlainPrivatePKCS8Hex(p);if(w.algoid=="2a864886f70d010101"){this.parsePrivateRawRSAKeyHexAtObj(p,w);var u=w.key;var z=new RSAKey();z.setPrivateEx(u.n,u.e,u.d,u.p,u.q,u.dp,u.dq,u.co);return z}else{if(w.algoid=="2a8648ce3d0201"){this.parsePrivateRawECKeyHexAtObj(p,w);if(KJUR.crypto.OID.oidhex2name[w.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+w.algparam}var v=KJUR.crypto.OID.oidhex2name[w.algparam];var z=new KJUR.crypto.ECDSA({curve:v});z.setPublicKeyHex(w.pubkey);z.setPrivateKeyHex(w.key);z.isPublic=false;return z}else{if(w.algoid=="2a8648ce380401"){var t=ASN1HEX.getVbyList(p,0,[1,1,0],"02");var s=ASN1HEX.getVbyList(p,0,[1,1,1],"02");var y=ASN1HEX.getVbyList(p,0,[1,1,2],"02");var B=ASN1HEX.getVbyList(p,0,[2,0],"02");var r=new BigInteger(t,16);var q=new BigInteger(s,16);var x=new BigInteger(y,16);var A=new BigInteger(B,16);var z=new KJUR.crypto.DSA();z.setPrivate(r,q,x,null,A);return z}else{throw"unsupported private key algorithm"}}}},getRSAKeyFromPublicPKCS8PEM:function(q){var r=this.getHexFromPEM(q,"PUBLIC KEY");var p=this.getRSAKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8PEM:function(q){var r=this.getHexFromPEM(q,"PUBLIC KEY");var p=this.getKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8Hex:function(q){var p=this.parsePublicPKCS8Hex(q);if(p.algoid=="2a864886f70d010101"){var u=this.parsePublicRawRSAKeyHex(p.key);var r=new RSAKey();r.setPublic(u.n,u.e);return r}else{if(p.algoid=="2a8648ce3d0201"){if(KJUR.crypto.OID.oidhex2name[p.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+p.algparam}var s=KJUR.crypto.OID.oidhex2name[p.algparam];var r=new KJUR.crypto.ECDSA({curve:s,pub:p.key});return r}else{if(p.algoid=="2a8648ce380401"){var t=p.algparam;var v=ASN1HEX.getHexOfV_AtObj(p.key,0);var r=new KJUR.crypto.DSA();r.setPublic(new BigInteger(t.p,16),new BigInteger(t.q,16),new BigInteger(t.g,16),new BigInteger(v,16));return r}else{throw"unsupported public key algorithm"}}}},parsePublicRawRSAKeyHex:function(r){var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=ASN1HEX.getPosArrayOfChildren_AtObj(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=ASN1HEX.getHexOfV_AtObj(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=ASN1HEX.getHexOfV_AtObj(r,q[1]);return p},parsePrivateRawRSAKeyHexAtObj:function(q,s){var r=s.keyidx;if(q.substr(r,2)!="30"){throw"malformed RSA private key(code:001)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(q,r);if(p.length!=9){throw"malformed RSA private key(code:002)"}s.key={};s.key.n=ASN1HEX.getHexOfV_AtObj(q,p[1]);s.key.e=ASN1HEX.getHexOfV_AtObj(q,p[2]);s.key.d=ASN1HEX.getHexOfV_AtObj(q,p[3]);s.key.p=ASN1HEX.getHexOfV_AtObj(q,p[4]);s.key.q=ASN1HEX.getHexOfV_AtObj(q,p[5]);s.key.dp=ASN1HEX.getHexOfV_AtObj(q,p[6]);s.key.dq=ASN1HEX.getHexOfV_AtObj(q,p[7]);s.key.co=ASN1HEX.getHexOfV_AtObj(q,p[8])},parsePrivateRawECKeyHexAtObj:function(p,t){var q=t.keyidx;var r=ASN1HEX.getVbyList(p,q,[1],"04");var s=ASN1HEX.getVbyList(p,q,[2,0],"03").substr(2);t.key=r;t.pubkey=s},parsePublicPKCS8Hex:function(s){var q={};q.algparam=null;var r=ASN1HEX.getPosArrayOfChildren_AtObj(s,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var t=r[0];if(s.substr(t,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(s,t);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=ASN1HEX.getHexOfV_AtObj(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=ASN1HEX.getHexOfV_AtObj(s,p[1])}else{if(s.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=ASN1HEX.getVbyList(s,p[1],[0],"02");q.algparam.q=ASN1HEX.getVbyList(s,p[1],[1],"02");q.algparam.g=ASN1HEX.getVbyList(s,p[1],[2],"02")}}if(s.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=ASN1HEX.getHexOfV_AtObj(s,r[1]).substr(2);return q},getRSAKeyFromPublicPKCS8Hex:function(t){var s=ASN1HEX.getPosArrayOfChildren_AtObj(t,0);if(s.length!=2){throw"outer DERSequence shall have 2 elements: "+s.length}var r=ASN1HEX.getHexOfTLV_AtObj(t,s[0]);if(r!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmId is not rsaEncryption"}if(t.substr(s[1],2)!="03"){throw"PKCS8 Public Key is not BITSTRING encapslated."}var v=ASN1HEX.getStartPosOfV_AtObj(t,s[1])+2;if(t.substr(v,2)!="30"){throw"PKCS8 Public Key is not SEQUENCE."}var p=ASN1HEX.getPosArrayOfChildren_AtObj(t,v);if(p.length!=2){throw"inner DERSequence shall have 2 elements: "+p.length}if(t.substr(p[0],2)!="02"){throw"N is not ASN.1 INTEGER"}if(t.substr(p[1],2)!="02"){throw"E is not ASN.1 INTEGER"}var w=ASN1HEX.getHexOfV_AtObj(t,p[0]);var u=ASN1HEX.getHexOfV_AtObj(t,p[1]);var q=new RSAKey();q.setPublic(w,u);return q},}}();KEYUTIL.getKey=function(c,o,i){if(typeof RSAKey!="undefined"&&c instanceof RSAKey){return c}if(typeof KJUR.crypto.ECDSA!="undefined"&&c instanceof KJUR.crypto.ECDSA){return c}if(typeof KJUR.crypto.DSA!="undefined"&&c instanceof KJUR.crypto.DSA){return c}if(c.xy!==undefined&&c.curve!==undefined){return new KJUR.crypto.ECDSA({prv:c.xy,curve:c.curve})}if(c.n!==undefined&&c.e!==undefined&&c.d!==undefined&&c.p!==undefined&&c.q!==undefined&&c.dp!==undefined&&c.dq!==undefined&&c.co!==undefined){var n=new RSAKey();n.setPrivateEx(c.n,c.e,c.d,c.p,c.q,c.dp,c.dq,c.co);return n}if(c.p!==undefined&&c.q!==undefined&&c.g!==undefined&&c.y!==undefined&&c.x!==undefined){var n=new KJUR.crypto.DSA();n.setPrivate(c.p,c.q,c.g,c.y,c.x);return n}if(c.d!==undefined&&c.curve!==undefined){return new KJUR.crypto.ECDSA({pub:c.d,curve:c.curve})}if(c.n!==undefined&&c.e){var n=new RSAKey();n.setPublic(c.n,c.e);return n}if(c.p!==undefined&&c.q!==undefined&&c.g!==undefined&&c.y!==undefined&&c.x===undefined){var n=new KJUR.crypto.DSA();n.setPublic(c.p,c.q,c.g,c.y);return n}if(c.indexOf("-END CERTIFICATE-",0)!=-1||c.indexOf("-END X509 CERTIFICATE-",0)!=-1||c.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(c)}if(i==="pkcs8pub"){return KEYUTIL.getKeyFromPublicPKCS8Hex(c)}if(c.indexOf("-END PUBLIC KEY-")!=-1){return KEYUTIL.getKeyFromPublicPKCS8PEM(c)}if(i==="pkcs5prv"){var n=new RSAKey();n.readPrivateKeyFromASN1HexString(c);return n}if(i==="pkcs5prv"){var n=new RSAKey();n.readPrivateKeyFromASN1HexString(c);return n}if(c.indexOf("-END RSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")==-1){var n=new RSAKey();n.readPrivateKeyFromPEMString(c);return n}if(c.indexOf("-END DSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")==-1){var m=this.getHexFromPEM(c,"DSA PRIVATE KEY");var b=ASN1HEX.getVbyList(m,0,[1],"02");var a=ASN1HEX.getVbyList(m,0,[2],"02");var e=ASN1HEX.getVbyList(m,0,[3],"02");var k=ASN1HEX.getVbyList(m,0,[4],"02");var l=ASN1HEX.getVbyList(m,0,[5],"02");var n=new KJUR.crypto.DSA();n.setPrivate(new BigInteger(b,16),new BigInteger(a,16),new BigInteger(e,16),new BigInteger(k,16),new BigInteger(l,16));return n}if(c.indexOf("-END PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(c)}if(c.indexOf("-END RSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")!=-1){return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(c,o)}if(c.indexOf("-END EC PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")!=-1){var m=KEYUTIL.getDecryptedKeyHex(c,o);var n=ASN1HEX.getVbyList(m,0,[1],"04");var j=ASN1HEX.getVbyList(m,0,[2,0],"06");var d=ASN1HEX.getVbyList(m,0,[3,0],"03").substr(2);var h="";if(KJUR.crypto.OID.oidhex2name[j]!==undefined){h=KJUR.crypto.OID.oidhex2name[j]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+j}var f=new KJUR.crypto.ECDSA({name:h});f.setPublicKeyHex(d);f.setPrivateKeyHex(n);f.isPublic=false;return f}if(c.indexOf("-END DSA PRIVATE KEY-")!=-1&&c.indexOf("4,ENCRYPTED")!=-1){var m=KEYUTIL.getDecryptedKeyHex(c,o);var b=ASN1HEX.getVbyList(m,0,[1],"02");var a=ASN1HEX.getVbyList(m,0,[2],"02");var e=ASN1HEX.getVbyList(m,0,[3],"02");var k=ASN1HEX.getVbyList(m,0,[4],"02");var l=ASN1HEX.getVbyList(m,0,[5],"02");var n=new KJUR.crypto.DSA();n.setPrivate(new BigInteger(b,16),new BigInteger(a,16),new BigInteger(e,16),new BigInteger(k,16),new BigInteger(l,16));return n}if(c.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromEncryptedPKCS8PEM(c,o)}throw"not supported argument"};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPrivateKeyHex(j.ecprvhex);var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(a,r,o,g,j){var v=KJUR.asn1;var u=KJUR.crypto;function p(s){var w=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return w}function q(w){var s=KJUR.asn1.ASN1Util.newObject({seq:[{"int":1},{octstr:{hex:w.prvKeyHex}},{tag:["a0",true,{oid:{name:w.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+w.pubKeyHex}}]}]});return s}function n(s){var w=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return w}if(((typeof RSAKey!="undefined"&&a instanceof RSAKey)||(typeof u.DSA!="undefined"&&a instanceof u.DSA)||(typeof u.ECDSA!="undefined"&&a instanceof u.ECDSA))&&a.isPublic==true&&(r===undefined||r=="PKCS8PUB")){var t=new KJUR.asn1.x509.SubjectPublicKeyInfo(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"PUBLIC KEY")}if(r=="PKCS1PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&(o===undefined||o==null)&&a.isPrivate==true){var t=p(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"RSA PRIVATE KEY")}if(r=="PKCS1PRV"&&typeof RSAKey!="undefined"&&a instanceof KJUR.crypto.ECDSA&&(o===undefined||o==null)&&a.isPrivate==true){var f=new KJUR.asn1.DERObjectIdentifier({name:a.curveName});var l=f.getEncodedHex();var e=q(a);var k=e.getEncodedHex();var i="";i+=v.ASN1Util.getPEMStringFromHex(l,"EC PARAMETERS");i+=v.ASN1Util.getPEMStringFromHex(k,"EC PRIVATE KEY");return i}if(r=="PKCS1PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&(o===undefined||o==null)&&a.isPrivate==true){var t=n(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"DSA PRIVATE KEY")}if(r=="PKCS5PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=p(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",m,o,g)}if(r=="PKCS5PRV"&&typeof KJUR.crypto.ECDSA!="undefined"&&a instanceof KJUR.crypto.ECDSA&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=q(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",m,o,g)}if(r=="PKCS5PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=n(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",m,o,g)}var h=function(w,s){var y=b(w,s);var x=new KJUR.asn1.ASN1Util.newObject({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:y.pbkdf2Salt}},{"int":y.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:y.encryptionSchemeIV}}]}]}]},{octstr:{hex:y.ciphertext}}]});return x.getEncodedHex()};var b=function(D,E){var x=100;var C=CryptoJS.lib.WordArray.random(8);var B="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var y=CryptoJS.PBKDF2(E,C,{keySize:192/32,iterations:x});var z=CryptoJS.enc.Hex.parse(D);var A=CryptoJS.TripleDES.encrypt(z,y,{iv:s})+"";var w={};w.ciphertext=A;w.pbkdf2Salt=CryptoJS.enc.Hex.stringify(C);w.pbkdf2Iter=x;w.encryptionSchemeAlg=B;w.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return w};if(r=="PKCS8PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&a.isPrivate==true){var d=p(a);var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}if(r=="PKCS8PRV"&&typeof KJUR.crypto.ECDSA!="undefined"&&a instanceof KJUR.crypto.ECDSA&&a.isPrivate==true){var d=new KJUR.asn1.ASN1Util.newObject({seq:[{"int":1},{octstr:{hex:a.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+a.pubKeyHex}}]}]});var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:a.curveName}}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}if(r=="PKCS8PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&a.isPrivate==true){var d=new KJUR.asn1.DERInteger({bigint:a.x});var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:a.p}},{"int":{bigint:a.q}},{"int":{bigint:a.g}}]}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}throw"unsupported object nor format"};KEYUTIL.getKeyFromCSRPEM=function(b){var a=KEYUTIL.getHexFromPEM(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(c){var b={};var e=c;if(e.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var d=ASN1HEX.getPosArrayOfChildren_AtObj(e,0);if(d.length<1){throw"malformed CSR(code:002)"}if(e.substr(d[0],2)!="30"){throw"malformed CSR(code:003)"}var a=ASN1HEX.getPosArrayOfChildren_AtObj(e,d[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=ASN1HEX.getHexOfTLV_AtObj(e,a[2]);return b}; \ No newline at end of file diff --git a/npm/lib/jsrsasign.js b/npm/lib/jsrsasign.js old mode 100644 new mode 100755 diff --git a/npm/lib/lib.js b/npm/lib/lib.js new file mode 100755 index 00000000..e69de29b diff --git a/pkcs5pkey-1.0.js b/pkcs5pkey-1.0.js old mode 100755 new mode 100644 diff --git a/pkcs5pkey-1.0.min.js b/pkcs5pkey-1.0.min.js old mode 100755 new mode 100644 index 02af7e08..6f3235b9 --- a/pkcs5pkey-1.0.min.js +++ b/pkcs5pkey-1.0.min.js @@ -1,3 +1,3 @@ -/*! pkcs5pkey-1.0.5.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! pkcs5pkey-1.0.6.js (c) 2013-2014 Kenji Urushima | kjur.github.com/jsrsasign/license */ var PKCS5PKEY=function(){var c=function(n,p,o){return i(CryptoJS.AES,n,p,o)};var d=function(n,p,o){return i(CryptoJS.TripleDES,n,p,o)};var i=function(q,v,s,o){var p=CryptoJS.enc.Hex.parse(v);var u=CryptoJS.enc.Hex.parse(s);var n=CryptoJS.enc.Hex.parse(o);var r={};r.key=u;r.iv=n;r.ciphertext=p;var t=q.decrypt(r,u,{iv:n});return CryptoJS.enc.Hex.stringify(t)};var j=function(n,p,o){return e(CryptoJS.AES,n,p,o)};var m=function(n,p,o){return e(CryptoJS.TripleDES,n,p,o)};var e=function(s,x,v,p){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(v);var o=CryptoJS.enc.Hex.parse(p);var n={};var u=s.encrypt(r,w,{iv:o});var q=CryptoJS.enc.Hex.parse(u.toString());var t=CryptoJS.enc.Base64.stringify(q);return t};var g={"AES-256-CBC":{proc:c,eproc:j,keylen:32,ivlen:16},"AES-192-CBC":{proc:c,eproc:j,keylen:24,ivlen:16},"AES-128-CBC":{proc:c,eproc:j,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:d,eproc:m,keylen:24,ivlen:8}};var b=function(n){return g[n]["proc"]};var k=function(n){var p=CryptoJS.lib.WordArray.random(n);var o=CryptoJS.enc.Hex.stringify(p);return o};var l=function(q){var r={};if(q.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"))){r.cipher=RegExp.$1;r.ivsalt=RegExp.$2}if(q.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"))){r.type=RegExp.$1}var p=-1;var t=0;if(q.indexOf("\r\n\r\n")!=-1){p=q.indexOf("\r\n\r\n");t=2}if(q.indexOf("\n\n")!=-1){p=q.indexOf("\n\n");t=1}var o=q.indexOf("-----END");if(p!=-1&&o!=-1){var n=q.substring(p+t*2,o-t);n=n.replace(/\s+/g,"");r.data=n}return r};var h=function(o,w,n){var t=n.substring(0,16);var r=CryptoJS.enc.Hex.parse(t);var p=CryptoJS.enc.Utf8.parse(w);var s=g[o]["keylen"]+g[o]["ivlen"];var v="";var u=null;for(;;){var q=CryptoJS.algo.MD5.create();if(u!=null){q.update(u)}q.update(p);q.update(r);u=q.finalize();v=v+CryptoJS.enc.Hex.stringify(u);if(v.length>=s*2){break}}var x={};x.keyhex=v.substr(0,g[o]["keylen"]*2);x.ivhex=v.substr(g[o]["keylen"]*2,g[o]["ivlen"]*2);return x};var a=function(n,t,p,u){var q=CryptoJS.enc.Base64.parse(n);var o=CryptoJS.enc.Hex.stringify(q);var s=g[t]["proc"];var r=s(o,p,u);return r};var f=function(n,q,o,s){var p=g[q]["eproc"];var r=p(n,o,s);return r};return{version:"1.0.5",getHexFromPEM:function(o,r){var p=o;if(p.indexOf("BEGIN "+r)==-1){throw"can't find PEM header: "+r}p=p.replace("-----BEGIN "+r+"-----","");p=p.replace("-----END "+r+"-----","");var q=p.replace(/\s+/g,"");var n=b64tohex(q);return n},getDecryptedKeyHexByKeyIV:function(o,r,q,p){var n=b(r);return n(o,q,p)},parsePKCS5PEM:function(n){return l(n)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(o,n,p){return h(o,n,p)},decryptKeyB64:function(n,p,o,q){return a(n,p,o,q)},getDecryptedKeyHex:function(w,v){var o=l(w);var r=o.type;var p=o.cipher;var n=o.ivsalt;var q=o.data;var u=h(p,v,n);var t=u.keyhex;var s=a(q,p,t,n);return s},getRSAKeyFromEncryptedPKCS5PEM:function(p,o){var q=this.getDecryptedKeyHex(p,o);var n=new RSAKey();n.readPrivateKeyFromASN1HexString(q);return n},getEryptedPKCS5PEMFromPrvKeyHex:function(q,x,r,p){var n="";if(typeof r=="undefined"||r==null){r="AES-256-CBC"}if(typeof g[r]=="undefined"){throw"PKCS5PKEY unsupported algorithm: "+r}if(typeof p=="undefined"||p==null){var t=g[r]["ivlen"];var s=k(t);p=s.toUpperCase()}var w=h(r,x,p);var v=w.keyhex;var u=f(q,r,v,p);var o=u.replace(/(.{64})/g,"$1\r\n");var n="-----BEGIN RSA PRIVATE KEY-----\r\n";n+="Proc-Type: 4,ENCRYPTED\r\n";n+="DEK-Info: "+r+","+p+"\r\n";n+="\r\n";n+=o;n+="\r\n-----END RSA PRIVATE KEY-----\r\n";return n},getEryptedPKCS5PEMFromRSAKey:function(C,D,o,s){var A=new KJUR.asn1.DERInteger({"int":0});var v=new KJUR.asn1.DERInteger({bigint:C.n});var z=new KJUR.asn1.DERInteger({"int":C.e});var B=new KJUR.asn1.DERInteger({bigint:C.d});var t=new KJUR.asn1.DERInteger({bigint:C.p});var r=new KJUR.asn1.DERInteger({bigint:C.q});var y=new KJUR.asn1.DERInteger({bigint:C.dmp1});var u=new KJUR.asn1.DERInteger({bigint:C.dmq1});var x=new KJUR.asn1.DERInteger({bigint:C.coeff});var E=new KJUR.asn1.DERSequence({array:[A,v,z,B,t,r,y,u,x]});var w=E.getEncodedHex();return this.getEryptedPKCS5PEMFromPrvKeyHex(w,D,o,s)},newEncryptedPKCS5PEM:function(n,o,r,s){if(typeof o=="undefined"||o==null){o=1024}if(typeof r=="undefined"||r==null){r="10001"}var p=new RSAKey();p.generate(o,r);var q=null;if(typeof s=="undefined"||s==null){q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n)}else{q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n,s)}return q},getRSAKeyFromPlainPKCS8PEM:function(p){if(p.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var o=this.getHexFromPEM(p,"PRIVATE KEY");var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getRSAKeyFromPlainPKCS8Hex:function(q){var p=ASN1HEX.getPosArrayOfChildren_AtObj(q,0);if(p.length!=3){throw"outer DERSequence shall have 3 elements: "+p.length}var o=ASN1HEX.getHexOfTLV_AtObj(q,p[1]);if(o!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmIdentifier is not rsaEnc: "+o}var o=ASN1HEX.getHexOfTLV_AtObj(q,p[1]);var r=ASN1HEX.getHexOfTLV_AtObj(q,p[2]);var s=ASN1HEX.getHexOfV_AtObj(r,0);var n=new RSAKey();n.readPrivateKeyFromASN1HexString(s);return n},parseHexOfEncryptedPKCS8:function(u){var q={};var p=ASN1HEX.getPosArrayOfChildren_AtObj(u,0);if(p.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+p.length}q.ciphertext=ASN1HEX.getHexOfV_AtObj(u,p[1]);var w=ASN1HEX.getPosArrayOfChildren_AtObj(u,p[0]);if(w.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+w.length}if(ASN1HEX.getHexOfV_AtObj(u,w[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(u,w[1]);if(w.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+n.length}var o=ASN1HEX.getPosArrayOfChildren_AtObj(u,n[1]);if(o.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+o.length}if(ASN1HEX.getHexOfV_AtObj(u,o[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}q.encryptionSchemeAlg="TripleDES";q.encryptionSchemeIV=ASN1HEX.getHexOfV_AtObj(u,o[1]);var r=ASN1HEX.getPosArrayOfChildren_AtObj(u,n[0]);if(r.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+r.length}if(ASN1HEX.getHexOfV_AtObj(u,r[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var v=ASN1HEX.getPosArrayOfChildren_AtObj(u,r[1]);if(v.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+v.length}q.pbkdf2Salt=ASN1HEX.getHexOfV_AtObj(u,v[0]);var s=ASN1HEX.getHexOfV_AtObj(u,v[1]);try{q.pbkdf2Iter=parseInt(s,16)}catch(t){throw"malformed format pbkdf2Iter: "+s}return q},getPBKDF2KeyHexFromParam:function(s,n){var r=CryptoJS.enc.Hex.parse(s.pbkdf2Salt);var o=s.pbkdf2Iter;var q=CryptoJS.PBKDF2(n,r,{keySize:192/32,iterations:o});var p=CryptoJS.enc.Hex.stringify(q);return p},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(v,w){var p=this.getHexFromPEM(v,"ENCRYPTED PRIVATE KEY");var n=this.parseHexOfEncryptedPKCS8(p);var s=PKCS5PKEY.getPBKDF2KeyHexFromParam(n,w);var t={};t.ciphertext=CryptoJS.enc.Hex.parse(n.ciphertext);var r=CryptoJS.enc.Hex.parse(s);var q=CryptoJS.enc.Hex.parse(n.encryptionSchemeIV);var u=CryptoJS.TripleDES.decrypt(t,r,{iv:q});var o=CryptoJS.enc.Hex.stringify(u);return o},getRSAKeyFromEncryptedPKCS8PEM:function(q,p){var o=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,p);var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getKeyFromEncryptedPKCS8PEM:function(q,o){var n=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,o);var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},parsePlainPrivatePKCS8Hex:function(q){var o={};o.algparam=null;if(q.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(q,0);if(p.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(q.substr(p[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(q,p[1]);if(n.length!=2){throw"malformed PKCS8 private key(code:004)"}if(q.substr(n[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}o.algoid=ASN1HEX.getHexOfV_AtObj(q,n[0]);if(q.substr(n[1],2)=="06"){o.algparam=ASN1HEX.getHexOfV_AtObj(q,n[1])}if(q.substr(p[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}o.keyidx=ASN1HEX.getStartPosOfV_AtObj(q,p[2]);return o},getKeyFromPlainPrivatePKCS8PEM:function(o){var n=this.getHexFromPEM(o,"PRIVATE KEY");var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},getKeyFromPlainPrivatePKCS8Hex:function(n){var p=this.parsePlainPrivatePKCS8Hex(n);if(p.algoid=="2a864886f70d010101"){this.parsePrivateRawRSAKeyHexAtObj(n,p);var o=p.key;var q=new RSAKey();q.setPrivateEx(o.n,o.e,o.d,o.p,o.q,o.dp,o.dq,o.co);return q}else{if(p.algoid=="2a8648ce3d0201"){this.parsePrivateRawECKeyHexAtObj(n,p);if(KJUR.crypto.OID.oidhex2name[p.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+p.algparam}var r=KJUR.crypto.OID.oidhex2name[p.algparam];var q=new KJUR.crypto.ECDSA({curve:r,prv:p.key});return q}else{throw"unsupported private key algorithm"}}},getRSAKeyFromPublicPKCS8PEM:function(o){var p=this.getHexFromPEM(o,"PUBLIC KEY");var n=this.getRSAKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8PEM:function(o){var p=this.getHexFromPEM(o,"PUBLIC KEY");var n=this.getKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8Hex:function(o){var n=this.parsePublicPKCS8Hex(o);if(n.algoid=="2a864886f70d010101"){var r=this.parsePublicRawRSAKeyHex(n.key);var p=new RSAKey();p.setPublic(r.n,r.e);return p}else{if(n.algoid=="2a8648ce3d0201"){if(KJUR.crypto.OID.oidhex2name[n.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+n.algparam}var q=KJUR.crypto.OID.oidhex2name[n.algparam];var p=new KJUR.crypto.ECDSA({curve:q,pub:n.key});return p}else{throw"unsupported public key algorithm"}}},parsePublicRawRSAKeyHex:function(p){var n={};if(p.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var o=ASN1HEX.getPosArrayOfChildren_AtObj(p,0);if(o.length!=2){throw"malformed RSA key(code:002)"}if(p.substr(o[0],2)!="02"){throw"malformed RSA key(code:003)"}n.n=ASN1HEX.getHexOfV_AtObj(p,o[0]);if(p.substr(o[1],2)!="02"){throw"malformed RSA key(code:004)"}n.e=ASN1HEX.getHexOfV_AtObj(p,o[1]);return n},parsePrivateRawRSAKeyHexAtObj:function(o,q){var p=q.keyidx;if(o.substr(p,2)!="30"){throw"malformed RSA private key(code:001)"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(o,p);if(n.length!=9){throw"malformed RSA private key(code:002)"}q.key={};q.key.n=ASN1HEX.getHexOfV_AtObj(o,n[1]);q.key.e=ASN1HEX.getHexOfV_AtObj(o,n[2]);q.key.d=ASN1HEX.getHexOfV_AtObj(o,n[3]);q.key.p=ASN1HEX.getHexOfV_AtObj(o,n[4]);q.key.q=ASN1HEX.getHexOfV_AtObj(o,n[5]);q.key.dp=ASN1HEX.getHexOfV_AtObj(o,n[6]);q.key.dq=ASN1HEX.getHexOfV_AtObj(o,n[7]);q.key.co=ASN1HEX.getHexOfV_AtObj(o,n[8])},parsePrivateRawECKeyHexAtObj:function(o,q){var p=q.keyidx;if(o.substr(p,2)!="30"){throw"malformed ECC private key(code:001)"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(o,p);if(n.length!=3){throw"malformed ECC private key(code:002)"}if(o.substr(n[1],2)!="04"){throw"malformed ECC private key(code:003)"}q.key=ASN1HEX.getHexOfV_AtObj(o,n[1])},parsePublicPKCS8Hex:function(q){var o={};o.algparam=null;var p=ASN1HEX.getPosArrayOfChildren_AtObj(q,0);if(p.length!=2){throw"outer DERSequence shall have 2 elements: "+p.length}var r=p[0];if(q.substr(r,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(q,r);if(n.length!=2){throw"malformed PKCS8 public key(code:002)"}if(q.substr(n[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}o.algoid=ASN1HEX.getHexOfV_AtObj(q,n[0]);if(q.substr(n[1],2)=="06"){o.algparam=ASN1HEX.getHexOfV_AtObj(q,n[1])}if(q.substr(p[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}o.key=ASN1HEX.getHexOfV_AtObj(q,p[1]).substr(2);return o},getRSAKeyFromPublicPKCS8Hex:function(r){var q=ASN1HEX.getPosArrayOfChildren_AtObj(r,0);if(q.length!=2){throw"outer DERSequence shall have 2 elements: "+q.length}var p=ASN1HEX.getHexOfTLV_AtObj(r,q[0]);if(p!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmId is not rsaEncryption"}if(r.substr(q[1],2)!="03"){throw"PKCS8 Public Key is not BITSTRING encapslated."}var t=ASN1HEX.getStartPosOfV_AtObj(r,q[1])+2;if(r.substr(t,2)!="30"){throw"PKCS8 Public Key is not SEQUENCE."}var n=ASN1HEX.getPosArrayOfChildren_AtObj(r,t);if(n.length!=2){throw"inner DERSequence shall have 2 elements: "+n.length}if(r.substr(n[0],2)!="02"){throw"N is not ASN.1 INTEGER"}if(r.substr(n[1],2)!="02"){throw"E is not ASN.1 INTEGER"}var u=ASN1HEX.getHexOfV_AtObj(r,n[0]);var s=ASN1HEX.getHexOfV_AtObj(r,n[1]);var o=new RSAKey();o.setPublic(u,s);return o},}}(); \ No newline at end of file diff --git a/test/qunit-do-asn1x509-newcrt.html b/test/qunit-do-asn1x509-newcrt.html index bda4d61f..82203d21 100755 --- a/test/qunit-do-asn1x509-newcrt.html +++ b/test/qunit-do-asn1x509-newcrt.html @@ -228,6 +228,26 @@ equal(tbsHex, "30820282a003020102020104300906072a8648ce3804033019310b3009060355040613025553310a3008060355040a0c0161301e170d3133303530343233353935395a170d3134303530343233353935395a3019310b3009060355040613025553310a3008060355040a0c0162308201b73082012b06072a8648ce3804013082011e028181009ed327a12407c8d2dc9a6b9359fbc48f2a317504f33b48661c4b03778f55b818af219285bbcdfa60f63f96f5c3c06738d72432a36f46d6490a0fe70238517671e7abdb430c4ffb74a17fb6d0ceceee28fddb49273bcd165a520e4a9717b4d27ef06f3417df6a9ea2da35058f119ae76ac8095a2c45ee576c3dfe8253f3449a4f021500832124c3188298f8d6dd1ad84121c2ef33a5d52b028180711ac4053baf502aa0a09abcb7af72885495e1efb0de129d93c7bb16f0e4b80a1a10d0409ed52bcd0df0b5511f6e08f74715517e9406edd45d78f0ef15d92b27ef398ea7bf9365fa13591322149fa84635187da277f15cbc8c9a28423feb233221e5d1ad36d926d2e1e0c770f34dc04a616f55685222a9b1cf4f8ecf87c19b7e03818500028181008cafd9654ce51818e154613bd0b14ee974fbdffc5a19802c4301302bc854d5e17daf0d6745a4aaa8e46ff96b57c89371fa72cca12a2248821645d1ff75869a2549ad7fd110ceefea5616d00be5941036e1a2d87bbcf0bfbe6c3b1e18ba0d3b3af6d34bacf613270a0b5f67c78668e4ba5b3ec0aa28e762ea1f9f2e0167e0523ba35c305a300f0603551d130101ff040530030101ff300b0603551d0f0404030206c030250603551d1f041e301c301aa018a0168614687474703a2f2f6161612e636f6d2f612e63726c30130603551d25040c300a06082b06010505070302", "expected tbsCert"); }); +test("newCertPEM by sighex(RSA)", function() { +var pem = KJUR.asn1.x509.X509Util.newCertPEM( + { serial: {int: 1}, + sigalg: {name: 'SHA1withRSA', paramempty: true}, + issuer: {str: '/C=US/O=r1'}, + notbefore: {'str': '130504235959Z'}, + notafter: {'str': '140504235959Z'}, + subject: {str: '/C=US/O=r1'}, + sbjpubkey: z1PubP8PEM, + sighex: '0102030405060708'}); +var hex = KEYUTIL.getHexFromPEM(pem, "CERTIFICATE"); +var tbsHex = ASN1HEX.getDecendantHexTLVByNthList(hex, 0, [0]); +alert(pem); +expect(2); + +equal(tbsHex, "3081cba003020102020101300b06092a864886f70d010105301a310b3009060355040613025553310b3009060355040a0c027231301e170d3133303530343233353935395a170d3134303530343233353935395a301a310b3009060355040613025553310b3009060355040a0c027231305c300d06092a864886f70d0101010500034b003048024100e8664dd2b40529121568f3b39bc97a62e7ba3c09babdc4f0dcd8df90eb790b9bb645a2b70e3112747b4d3c41b51424895115fef88f79d43eae5b1a4e3518fd590203010001", "expected tbsCert"); + +equal(hex, "3081e63081cba003020102020101300b06092a864886f70d010105301a310b3009060355040613025553310b3009060355040a0c027231301e170d3133303530343233353935395a170d3134303530343233353935395a301a310b3009060355040613025553310b3009060355040a0c027231305c300d06092a864886f70d0101010500034b003048024100e8664dd2b40529121568f3b39bc97a62e7ba3c09babdc4f0dcd8df90eb790b9bb645a2b70e3112747b4d3c41b51424895115fef88f79d43eae5b1a4e3518fd590203010001300b06092a864886f70d0101050309000102030405060708", "fake cert"); +}); + }); --> diff --git a/test/qunit-do-asn1x509.html b/test/qunit-do-asn1x509.html index f626a39f..18394019 100755 --- a/test/qunit-do-asn1x509.html +++ b/test/qunit-do-asn1x509.html @@ -199,6 +199,7 @@ "06092a864886f70d010105", "name2obj SHA1withRSA"); }); +// BasicConstraints test("BasicConstraints class test", function() { expect(6); var o1 = new KJUR.asn1.x509.BasicConstraints({}); @@ -214,6 +215,7 @@ equal(o3.getEncodedHex(), "300f0603551d13040830060101ff020107", "constructor cA=t pl=7 getEncodedHex"); }); +// KeyUsage test("KeyUsage class test", function() { expect(3); var o = new KJUR.asn1.x509.KeyUsage({'bin':'11'}); @@ -224,6 +226,7 @@ equal(o2.getEncodedHex(), "300e0603551d0f0101ff0404030206c0", "constructor bin 11 critical getEncodedHex"); }); +// CRLDP test("CRLDistributionPoints class test", function() { expect(2); @@ -237,6 +240,7 @@ equal(cdp2.getEncodedHex(), "30200603551d1f041930173015a013a011860f687474703a2f2f6161612e636f6d2f", "constructor uri http://aaa.com/"); }); +// ExtKeyUsage test("ExtKeyUsage class test", function() { expect(1); @@ -247,6 +251,45 @@ equal(eku1.getEncodedHex(), "30190603551d25041230100604551d250006082b06010505070302", "constructor array"); }); +// AuthorityKeyIdentifier +test("AuthorityKeyIdentifier class test (KID)", function() { + expect(2); + var o1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({'kid': {'hex': '89ab'}}); + equal(o1.getExtnValueHex(), "3004800289ab", "kid value"); + equal(o1.getEncodedHex(), "300d0603551d2304063004800289ab", "ext hex"); +}); + +test("AuthorityKeyIdentifier class test (CertIssuer)", function() { + expect(2); + var o1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({'issuer': {'str': '/C=US/CN=a'}}); + equal(o1.getExtnValueHex(), "301ba119310b3009060355040613025553310a300806035504030c0161", "issuer name"); + equal(o1.getEncodedHex(), "30240603551d23041d301ba119310b3009060355040613025553310a300806035504030c0161", "ext hex"); +}); + +test("AuthorityKeyIdentifier class test (CertSN)", function() { + expect(2); + var o1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({'sn': {'hex': '1234'}}); + equal(o1.getExtnValueHex(), "300482021234", "cert SN"); + equal(o1.getEncodedHex(), "300d0603551d230406300482021234", "ext hex"); +}); + +test("AuthorityKeyIdentifier class test (All)", function() { + expect(2); + var o1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({'kid': {'hex': '89ab'}, + 'issuer': {'str': '/C=US/CN=a'}, + 'sn': {'hex': '1234'}}); + equal(o1.getExtnValueHex(), "3023800289aba119310b3009060355040613025553310a300806035504030c016182021234", "all"); + equal(o1.getEncodedHex(), "302c0603551d2304253023800289aba119310b3009060355040613025553310a300806035504030c016182021234", "ext hex"); +}); + +test("AuthorityKeyIdentifier class test (KID critical)", function() { + expect(2); + var o1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({'kid': {'hex': '89ab'}, 'critical': true}); + equal(o1.getExtnValueHex(), "3004800289ab", "kid critical"); + equal(o1.getEncodedHex(), "30100603551d230101ff04063004800289ab", "ext hex"); +}); + +// ==== END OF X.509V3 EXTENSION TEST =================== test("CRL class test", function() { expect(1); diff --git a/test/qunit-do-keyutil-csr.html b/test/qunit-do-keyutil-csr.html new file mode 100755 index 00000000..b96f6665 --- /dev/null +++ b/test/qunit-do-keyutil-csr.html @@ -0,0 +1,86 @@ + + + +QUnit for CSR in 'keyutil.js' + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      +
      test markup
      +QUnit for +keyutil | +keyutil-eprv | +keyutil-pub | + + + + diff --git a/test/qunit-do-keyutil-gen.html b/test/qunit-do-keyutil-gen.html index 778a2387..79bbc883 100755 --- a/test/qunit-do-keyutil-gen.html +++ b/test/qunit-do-keyutil-gen.html @@ -50,21 +50,26 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      +
      +

      CSR to certificate converter

      +

      for checking weak RSA public key by factorable.net

      + + TOP | + DOWNLOADS | + TUTORIALS | + API REFERENCE | + DEMOS | +
      +
      + + +
      +
      + + +
      +

      +The factorable.net site provides +key checker to +verify whether weak or compromised key or not. +However this can only check X.509 certificate or SSH public key. +Thus you can't easily check your key before its certificate issuance +by PKCS#10 CSR (certificate signing request) or PKCS#8 PEM public key. +

      +

      +This tool can generate a fake certificate by specifying CSR +for checking factorable weak key checker. +Resulting certificate has wrong signature value but it doesn't matter for the checker. +

      + +

      (Step1) Fill PEM formatted PKCS#10 CSR (certificate signing request)

      + + + + +

      (Step2) Press "Convert" button

      + + + +

      Fake Certificate for factorable.net key checker

      + + +
      + +Copy this certificate, paste it on the bottom text field of +key checker +then click "Check" button. +You can see the weak key checking result for the CSR and public key pair. + +
      + + + +
      +
      + + + + + +