diff --git a/ChangeLog.txt b/ChangeLog.txt index 3e7d5833..3c52d8d5 100755 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,6 +1,18 @@ ChangeLog for jsrsasign +* Changes from 8.0.0 to 8.0.1 (2017-Ju1-01) + - x509 1.1.16 to 1.1.17 + - add getExtSubjectAltName2 which supports + GeneralName type + - make getExtSubjectAltName deprecated + - fix getExtCRLDistributionPointsURI() for #269. + caused error if CDP containts directory name. + now fixed. + - getInfo now supports certificatePolicies + - tool/tool_certview.html + - SHA1 fingerprint issue fixed for #273 + * Changes from 7.2.2 to 8.0.0 (2017-Jun-30) - all of deprecated classes, methods and files are removed. diff --git a/api/files.html b/api/files.html index dced74ab..e994fe74 100644 --- a/api/files.html +++ b/api/files.html @@ -802,7 +802,7 @@
x = new X509(); x.readCertPEM(sCertPEM); // parseExt() will also be called internally. -x.getExtSubjectAltName(hCert) → ["example.com", "example.org"]+x.getExtSubjectAltName() → ["example.com", "example.org"] +
x = new X509(); +x.readCertPEM(sCertPEM); // parseExt() will also be called internally. +x.getExtSubjectAltName2() → +[["DNS", "example.com"], + ["DNS", "example.org"], + ["MAIL", "foo@example.com"], + ["IP", "192.168.1.1"], + ["DN", "/C=US/O=TEST1"]]+ + + + + + +
1 /* x509-1.1.16.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license +1 /* x509-1.1.17.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license 2 */ 3 /* 4 * x509.js - X509 class to read subject public key from certificate. @@ -23,7 +23,7 @@ 16 * @fileOverview 17 * @name x509-1.1.js 18 * @author Kenji Urushima kenji.urushima@gmail.com - 19 * @version jsrsasign 7.2.1 x509 1.1.16 (2017-Jun-23) + 19 * @version jsrsasign 8.0.1 x509 1.1.17 (2017-Jun-30) 20 * @since jsrsasign 1.x.x 21 * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a> 22 */ @@ -678,513 +678,589 @@ 671 }; 672 673 /** -674 * get subjectAltName value as array of string in the certificate +674 * (DEPRECATED) get subjectAltName value as array of string in the certificate 675 * @name getExtSubjectAltName 676 * @memberOf X509# 677 * @function 678 * @return {Object} array of alt names 679 * @since jsrsasign 7.2.0 x509 1.1.14 -680 * @description -681 * This method will get subject alt name extension value -682 * as array of name. -683 * If there is this in the certificate, it returns undefined; -684 * <br> -685 * NOTE: Currently this method supports only dNSName so that -686 * other name type such like iPAddress or generalName will not be returned. -687 * @example -688 * x = new X509(); -689 * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. -690 * x.getExtSubjectAltName(hCert) → ["example.com", "example.org"] -691 */ -692 this.getExtSubjectAltName = function() { -693 var info = this.getExtInfo("subjectAltName"); -694 if (info === undefined) return info; -695 -696 var result = new Array(); -697 var h = _getTLV(this.hex, info.vidx); -698 -699 var a = _getChildIdx(h, 0); -700 for (var i = 0; i < a.length; i++) { -701 if (h.substr(a[i], 2) === "82") { -702 var fqdn = hextoutf8(_getV(h, a[i])); -703 result.push(fqdn); -704 } -705 } -706 return result; -707 }; -708 -709 /** -710 * get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate -711 * @name getExtCRLDistributionPointsURI -712 * @memberOf X509# -713 * @function -714 * @return {Object} array of fullName URIs of CDP of the certificate -715 * @since jsrsasign 7.2.0 x509 1.1.14 -716 * @description -717 * This method will get all fullName URIs of cRLDistributionPoints extension -718 * in the certificate as array of URI string. -719 * If there is this in the certificate, it returns undefined; -720 * <br> -721 * NOTE: Currently this method supports only fullName URI so that -722 * other parameters will not be returned. -723 * @example -724 * x = new X509(); -725 * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. -726 * x.getExtCRLDistributionPointsURI() → -727 * ["http://example.com/aaa.crl", "http://example.org/aaa.crl"] -728 */ -729 this.getExtCRLDistributionPointsURI = function() { -730 var info = this.getExtInfo("cRLDistributionPoints"); -731 if (info === undefined) return info; -732 -733 var result = new Array(); -734 var a = _getChildIdx(this.hex, info.vidx); -735 for (var i = 0; i < a.length; i++) { -736 var hURI = _getVbyList(this.hex, a[i], [0, 0, 0], "86"); -737 var uri = hextoutf8(hURI); -738 result.push(uri); -739 } -740 -741 return result; -742 }; -743 -744 /** -745 * get AuthorityInfoAccess extension value in the certificate as associative array -746 * @name getExtAIAInfo -747 * @memberOf X509# -748 * @function -749 * @return {Object} associative array of AIA extension properties -750 * @since jsrsasign 7.2.0 x509 1.1.14 -751 * @description -752 * This method will get authority info access value -753 * as associate array which has following properties: -754 * <ul> -755 * <li>ocsp - array of string for OCSP responder URL</li> -756 * <li>caissuer - array of string for caIssuer value (i.e. CA certificates URL)</li> -757 * </ul> -758 * If there is this in the certificate, it returns undefined; -759 * @example -760 * x = new X509(); -761 * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. -762 * x.getExtAIAInfo(hCert) → -763 * { ocsp: ["http://ocsp.foo.com"], -764 * caissuer: ["http://rep.foo.com/aaa.p8m"] } -765 */ -766 this.getExtAIAInfo = function() { -767 var info = this.getExtInfo("authorityInfoAccess"); -768 if (info === undefined) return info; -769 -770 var result = { ocsp: [], caissuer: [] }; -771 var a = _getChildIdx(this.hex, info.vidx); -772 for (var i = 0; i < a.length; i++) { -773 var hOID = _getVbyList(this.hex, a[i], [0], "06"); -774 var hName = _getVbyList(this.hex, a[i], [1], "86"); -775 if (hOID === "2b06010505073001") { -776 result.ocsp.push(hextoutf8(hName)); -777 } -778 if (hOID === "2b06010505073002") { -779 result.caissuer.push(hextoutf8(hName)); -780 } -781 } -782 -783 return result; -784 }; -785 -786 /** -787 * get CertificatePolicies extension value in the certificate as array -788 * @name getExtCertificatePolicies -789 * @memberOf X509# -790 * @function -791 * @return {Object} array of PolicyInformation JSON object -792 * @since jsrsasign 7.2.0 x509 1.1.14 -793 * @description -794 * This method will get certificate policies value -795 * as an array of JSON object which has following properties: -796 * <ul> -797 * <li>id - </li> -798 * <li>cps - URI of certification practice statement</li> -799 * <li>unotice - string of UserNotice explicitText</li> -800 * </ul> -801 * If there is this extension in the certificate, -802 * it returns undefined; -803 * @example -804 * x = new X509(); -805 * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. -806 * x.getExtCertificatePolicies → -807 * [{ id: 1.2.3.4, -808 * cps: "http://example.com/cps", -809 * unotice: "explicit text" }] -810 */ -811 this.getExtCertificatePolicies = function() { -812 var info = this.getExtInfo("certificatePolicies"); -813 if (info === undefined) return info; -814 -815 var hExt = _getTLV(this.hex, info.vidx); -816 var result = []; -817 -818 var a = _getChildIdx(hExt, 0); -819 for (var i = 0; i < a.length; i++) { -820 var policyInfo = {}; -821 var a1 = _getChildIdx(hExt, a[i]); -822 -823 policyInfo.id = _oidname(_getV(hExt, a1[0])); -824 -825 if (a1.length === 2) { -826 var a2 = _getChildIdx(hExt, a1[1]); -827 -828 for (var j = 0; j < a2.length; j++) { -829 var hQualifierId = _getVbyList(hExt, a2[j], [0], "06"); -830 -831 if (hQualifierId === "2b06010505070201") { // cps -832 policyInfo.cps = hextoutf8(_getVbyList(hExt, a2[j], [1])); -833 } else if (hQualifierId === "2b06010505070202") { // unotice -834 policyInfo.unotice = -835 hextoutf8(_getVbyList(hExt, a2[j], [1, 0])); -836 } -837 } -838 } -839 -840 result.push(policyInfo); -841 } -842 -843 return result; -844 } -845 -846 // ===== read certificate ===================================== -847 /** -848 * read PEM formatted X.509 certificate from string.<br/> -849 * @name readCertPEM -850 * @memberOf X509# -851 * @function -852 * @param {String} sCertPEM string for PEM formatted X.509 certificate -853 * @example -854 * x = new X509(); -855 * x.readCertPEM(sCertPEM); // read certificate -856 */ -857 this.readCertPEM = function(sCertPEM) { -858 this.readCertHex(_pemtohex(sCertPEM)); -859 }; -860 -861 /** -862 * read a hexadecimal string of X.509 certificate<br/> -863 * @name readCertHex -864 * @memberOf X509# -865 * @function -866 * @param {String} sCertHex hexadecimal string of X.509 certificate -867 * @since jsrsasign 7.1.4 x509 1.1.13 -868 * @description -869 * NOTE: {@link X509#parseExt} will called internally since jsrsasign 7.2.0. -870 * @example -871 * x = new X509(); -872 * x.readCertHex("3082..."); // read certificate -873 */ -874 this.readCertHex = function(sCertHex) { -875 this.hex = sCertHex; -876 this.getVersion(); // set version parameter -877 -878 try { -879 _getIdxbyList(this.hex, 0, [0, 7], "a3"); // has [3] v3ext -880 this.parseExt(); -881 } catch(ex) {}; -882 }; -883 -884 /** -885 * get certificate information as string.<br/> -886 * @name getInfo -887 * @memberOf X509# -888 * @function -889 * @return {String} certificate information string -890 * @since jsrsasign 5.0.10 x509 1.1.8 -891 * @example -892 * x = new X509(); -893 * x.readCertPEM(certPEM); -894 * console.log(x.getInfo()); -895 * // this shows as following -896 * Basic Fields -897 * serial number: 02ac5c266a0b409b8f0b79f2ae462577 -898 * signature algorithm: SHA1withRSA -899 * issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA -900 * notBefore: 061110000000Z -901 * notAfter: 311110000000Z -902 * subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA -903 * subject public key info: -904 * key algorithm: RSA -905 * n=c6cce573e6fbd4bb... -906 * e=10001 -907 * X509v3 Extensions: -908 * keyUsage CRITICAL: -909 * digitalSignature,keyCertSign,cRLSign -910 * basicConstraints CRITICAL: -911 * cA=true -912 * subjectKeyIdentifier : -913 * b13ec36903f8bf4701d498261a0802ef63642bc3 -914 * authorityKeyIdentifier : -915 * kid=b13ec36903f8bf4701d498261a0802ef63642bc3 -916 * signature algorithm: SHA1withRSA -917 * signature: 1c1a0697dcd79c9f... -918 */ -919 this.getInfo = function() { -920 var _X509 = X509; -921 var s, pubkey, aExt; -922 s = "Basic Fields\n"; -923 s += " serial number: " + this.getSerialNumberHex() + "\n"; -924 s += " signature algorithm: " + this.getSignatureAlgorithmField() + "\n"; -925 s += " issuer: " + this.getIssuerString() + "\n"; -926 s += " notBefore: " + this.getNotBefore() + "\n"; -927 s += " notAfter: " + this.getNotAfter() + "\n"; -928 s += " subject: " + this.getSubjectString() + "\n"; -929 s += " subject public key info: " + "\n"; -930 -931 // subject public key info -932 pubkey = this.getPublicKey(); -933 s += " key algorithm: " + pubkey.type + "\n"; -934 -935 if (pubkey.type === "RSA") { -936 s += " n=" + hextoposhex(pubkey.n.toString(16)).substr(0, 16) + "...\n"; -937 s += " e=" + hextoposhex(pubkey.e.toString(16)) + "\n"; -938 } -939 -940 s += "X509v3 Extensions:\n"; -941 -942 aExt = this.aExtInfo; -943 for (var i = 0; i < aExt.length; i++) { -944 var info = aExt[i]; +680 * @deprecated since jsrsasign 8.0.1 x509 1.1.17. Please move to {@link X509#getExtSubjectAltName2} +681 * @description +682 * This method will get subject alt name extension value +683 * as array of name. +684 * If there is this in the certificate, it returns undefined; +685 * <br> +686 * NOTE: Currently this method supports only dNSName so that +687 * other name type such like iPAddress or generalName will not be returned. +688 * @example +689 * x = new X509(); +690 * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. +691 * x.getExtSubjectAltName() → ["example.com", "example.org"] +692 */ +693 this.getExtSubjectAltName = function() { +694 var a = this.getExtSubjectAltName2(); +695 var result = new Array(); +696 +697 for (var i = 0; i < a.length; i++) { +698 if (a[i][0] === "DNS") result.push(a[i][1]); +699 } +700 return result; +701 }; +702 +703 /** +704 * get subjectAltName value as array of string in the certificate +705 * @name getExtSubjectAltName2 +706 * @memberOf X509# +707 * @function +708 * @return {Object} array of alt name array +709 * @since jsrsasign 8.0.1 x509 1.1.17 +710 * @description +711 * This method will get subject alt name extension value +712 * as array of type and name. +713 * If there is this in the certificate, it returns undefined; +714 * Type of GeneralName will be shown as following: +715 * <ul> +716 * <li>"MAIL" - [1]rfc822Name</li> +717 * <li>"DNS" - [2]dNSName</li> +718 * <li>"DN" - [4]directoryName</li> +719 * <li>"URI" - [6]uniformResourceIdentifier</li> +720 * <li>"IP" - [7]iPAddress</li> +721 * </ul> +722 * @example +723 * x = new X509(); +724 * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. +725 * x.getExtSubjectAltName2() → +726 * [["DNS", "example.com"], +727 * ["DNS", "example.org"], +728 * ["MAIL", "foo@example.com"], +729 * ["IP", "192.168.1.1"], +730 * ["DN", "/C=US/O=TEST1"]] +731 */ +732 this.getExtSubjectAltName2 = function() { +733 var gnValueHex, gnValueStr, gnTag; +734 var info = this.getExtInfo("subjectAltName"); +735 if (info === undefined) return info; +736 +737 var result = new Array(); +738 var h = _getTLV(this.hex, info.vidx); +739 +740 var a = _getChildIdx(h, 0); +741 for (var i = 0; i < a.length; i++) { +742 gnTag = h.substr(a[i], 2); +743 gnValueHex = _getV(h, a[i]); +744 +745 if (gnTag === "81") { // rfc822Name [1] +746 gnValueStr = hextoutf8(gnValueHex); +747 result.push(["MAIL", gnValueStr]); +748 } +749 if (gnTag === "82") { // dNSName [2] +750 gnValueStr = hextoutf8(gnValueHex); +751 result.push(["DNS", gnValueStr]); +752 } +753 if (gnTag === "84") { // directoryName [4] +754 gnValueStr = X509.hex2dn(gnValueHex, 0); +755 result.push(["DN", gnValueStr]); +756 } +757 if (gnTag === "86") { // uniformResourceIdentifier [6] +758 gnValueStr = hextoutf8(gnValueHex); +759 result.push(["URI", gnValueStr]); +760 } +761 if (gnTag === "87") { // iPAddress [7] +762 try { +763 gnValueStr = +764 parseInt(gnValueStr.substr(0, 2), 16) + "." + +765 parseInt(gnValueStr.substr(2, 2), 16) + "." + +766 parseInt(gnValueStr.substr(4, 2), 16) + "." + +767 parseInt(gnValueStr.substr(6, 2), 16); +768 result.push(["IP", gnValueStr]); +769 } catch (ex) {}; +770 } +771 } +772 return result; +773 }; +774 +775 /** +776 * get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate +777 * @name getExtCRLDistributionPointsURI +778 * @memberOf X509# +779 * @function +780 * @return {Object} array of fullName URIs of CDP of the certificate +781 * @since jsrsasign 7.2.0 x509 1.1.14 +782 * @description +783 * This method will get all fullName URIs of cRLDistributionPoints extension +784 * in the certificate as array of URI string. +785 * If there is this in the certificate, it returns undefined; +786 * <br> +787 * NOTE: Currently this method supports only fullName URI so that +788 * other parameters will not be returned. +789 * @example +790 * x = new X509(); +791 * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. +792 * x.getExtCRLDistributionPointsURI() → +793 * ["http://example.com/aaa.crl", "http://example.org/aaa.crl"] +794 */ +795 this.getExtCRLDistributionPointsURI = function() { +796 var info = this.getExtInfo("cRLDistributionPoints"); +797 if (info === undefined) return info; +798 +799 var result = new Array(); +800 var a = _getChildIdx(this.hex, info.vidx); +801 for (var i = 0; i < a.length; i++) { +802 try { +803 var hURI = _getVbyList(this.hex, a[i], [0, 0, 0], "86"); +804 var uri = hextoutf8(hURI); +805 result.push(uri); +806 } catch(ex) {}; +807 } +808 +809 return result; +810 }; +811 +812 /** +813 * get AuthorityInfoAccess extension value in the certificate as associative array +814 * @name getExtAIAInfo +815 * @memberOf X509# +816 * @function +817 * @return {Object} associative array of AIA extension properties +818 * @since jsrsasign 7.2.0 x509 1.1.14 +819 * @description +820 * This method will get authority info access value +821 * as associate array which has following properties: +822 * <ul> +823 * <li>ocsp - array of string for OCSP responder URL</li> +824 * <li>caissuer - array of string for caIssuer value (i.e. CA certificates URL)</li> +825 * </ul> +826 * If there is this in the certificate, it returns undefined; +827 * @example +828 * x = new X509(); +829 * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. +830 * x.getExtAIAInfo(hCert) → +831 * { ocsp: ["http://ocsp.foo.com"], +832 * caissuer: ["http://rep.foo.com/aaa.p8m"] } +833 */ +834 this.getExtAIAInfo = function() { +835 var info = this.getExtInfo("authorityInfoAccess"); +836 if (info === undefined) return info; +837 +838 var result = { ocsp: [], caissuer: [] }; +839 var a = _getChildIdx(this.hex, info.vidx); +840 for (var i = 0; i < a.length; i++) { +841 var hOID = _getVbyList(this.hex, a[i], [0], "06"); +842 var hName = _getVbyList(this.hex, a[i], [1], "86"); +843 if (hOID === "2b06010505073001") { +844 result.ocsp.push(hextoutf8(hName)); +845 } +846 if (hOID === "2b06010505073002") { +847 result.caissuer.push(hextoutf8(hName)); +848 } +849 } +850 +851 return result; +852 }; +853 +854 /** +855 * get CertificatePolicies extension value in the certificate as array +856 * @name getExtCertificatePolicies +857 * @memberOf X509# +858 * @function +859 * @return {Object} array of PolicyInformation JSON object +860 * @since jsrsasign 7.2.0 x509 1.1.14 +861 * @description +862 * This method will get certificate policies value +863 * as an array of JSON object which has following properties: +864 * <ul> +865 * <li>id - </li> +866 * <li>cps - URI of certification practice statement</li> +867 * <li>unotice - string of UserNotice explicitText</li> +868 * </ul> +869 * If there is this extension in the certificate, +870 * it returns undefined; +871 * @example +872 * x = new X509(); +873 * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. +874 * x.getExtCertificatePolicies → +875 * [{ id: 1.2.3.4, +876 * cps: "http://example.com/cps", +877 * unotice: "explicit text" }] +878 */ +879 this.getExtCertificatePolicies = function() { +880 var info = this.getExtInfo("certificatePolicies"); +881 if (info === undefined) return info; +882 +883 var hExt = _getTLV(this.hex, info.vidx); +884 var result = []; +885 +886 var a = _getChildIdx(hExt, 0); +887 for (var i = 0; i < a.length; i++) { +888 var policyInfo = {}; +889 var a1 = _getChildIdx(hExt, a[i]); +890 +891 policyInfo.id = _oidname(_getV(hExt, a1[0])); +892 +893 if (a1.length === 2) { +894 var a2 = _getChildIdx(hExt, a1[1]); +895 +896 for (var j = 0; j < a2.length; j++) { +897 var hQualifierId = _getVbyList(hExt, a2[j], [0], "06"); +898 +899 if (hQualifierId === "2b06010505070201") { // cps +900 policyInfo.cps = hextoutf8(_getVbyList(hExt, a2[j], [1])); +901 } else if (hQualifierId === "2b06010505070202") { // unotice +902 policyInfo.unotice = +903 hextoutf8(_getVbyList(hExt, a2[j], [1, 0])); +904 } +905 } +906 } +907 +908 result.push(policyInfo); +909 } +910 +911 return result; +912 } +913 +914 // ===== read certificate ===================================== +915 /** +916 * read PEM formatted X.509 certificate from string.<br/> +917 * @name readCertPEM +918 * @memberOf X509# +919 * @function +920 * @param {String} sCertPEM string for PEM formatted X.509 certificate +921 * @example +922 * x = new X509(); +923 * x.readCertPEM(sCertPEM); // read certificate +924 */ +925 this.readCertPEM = function(sCertPEM) { +926 this.readCertHex(_pemtohex(sCertPEM)); +927 }; +928 +929 /** +930 * read a hexadecimal string of X.509 certificate<br/> +931 * @name readCertHex +932 * @memberOf X509# +933 * @function +934 * @param {String} sCertHex hexadecimal string of X.509 certificate +935 * @since jsrsasign 7.1.4 x509 1.1.13 +936 * @description +937 * NOTE: {@link X509#parseExt} will called internally since jsrsasign 7.2.0. +938 * @example +939 * x = new X509(); +940 * x.readCertHex("3082..."); // read certificate +941 */ +942 this.readCertHex = function(sCertHex) { +943 this.hex = sCertHex; +944 this.getVersion(); // set version parameter 945 -946 // show extension name and critical flag -947 var extName = KJUR.asn1.x509.OID.oid2name(info["oid"]); -948 if (extName === '') extName = info["oid"]; -949 -950 var critical = ''; -951 if (info["critical"] === true) critical = "CRITICAL"; -952 -953 s += " " + extName + " " + critical + ":\n"; -954 -955 // show extension value if supported -956 if (extName === "basicConstraints") { -957 var bc = this.getExtBasicConstraints(); -958 if (bc.cA === undefined) { -959 s += " {}\n"; -960 } else { -961 s += " cA=true"; -962 if (bc.pathLen !== undefined) -963 s += ", pathLen=" + bc.pathLen; -964 s += "\n"; -965 } -966 } else if (extName === "keyUsage") { -967 s += " " + this.getExtKeyUsageString() + "\n"; -968 } else if (extName === "subjectKeyIdentifier") { -969 s += " " + this.getExtSubjectKeyIdentifier() + "\n"; -970 } else if (extName === "authorityKeyIdentifier") { -971 var akid = this.getExtAuthorityKeyIdentifier(); -972 if (akid.kid !== undefined) -973 s += " kid=" + akid.kid + "\n"; -974 } else if (extName === "extKeyUsage") { -975 var eku = this.getExtExtKeyUsageName(); -976 s += " " + eku.join(", ") + "\n"; -977 } else if (extName === "subjectAltName") { -978 var san = this.getExtSubjectAltName(); -979 s += " " + san.join(", ") + "\n"; -980 } else if (extName === "cRLDistributionPoints") { -981 var cdp = this.getExtCRLDistributionPointsURI(); -982 s += " " + cdp + "\n"; -983 } else if (extName === "authorityInfoAccess") { -984 var aia = this.getExtAIAInfo(); -985 if (aia.ocsp !== undefined) -986 s += " ocsp: " + aia.ocsp.join(",") + "\n"; -987 if (aia.caissuer !== undefined) -988 s += " caissuer: " + aia.caissuer.join(",") + "\n"; -989 } -990 } -991 -992 s += "signature algorithm: " + this.getSignatureAlgorithmName() + "\n"; -993 s += "signature: " + this.getSignatureValueHex().substr(0, 16) + "...\n"; -994 return s; -995 }; -996 }; -997 -998 /** -999 * get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name<br/> -1000 * @name hex2dn -1001 * @memberOf X509 -1002 * @function -1003 * @param {String} hex hexadecimal string of ASN.1 DER distinguished name -1004 * @param {Integer} idx index of hexadecimal string (DEFAULT=0) -1005 * @return {String} OpenSSL online format distinguished name -1006 * @description -1007 * This static method converts from a hexadecimal string of -1008 * distinguished name (DN) -1009 * specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a). -1010 * @example -1011 * X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1 -1012 */ -1013 X509.hex2dn = function(hex, idx) { -1014 if (idx === undefined) idx = 0; -1015 if (hex.substr(idx, 2) !== "30") throw "malformed DN"; -1016 -1017 var a = new Array(); -1018 -1019 var aIdx = ASN1HEX.getChildIdx(hex, idx); -1020 for (var i = 0; i < aIdx.length; i++) { -1021 a.push(X509.hex2rdn(hex, aIdx[i])); -1022 } -1023 -1024 a = a.map(function(s) { return s.replace("/", "\\/"); }); -1025 return "/" + a.join("/"); -1026 }; -1027 -1028 /** -1029 * get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN<br/> -1030 * @name hex2rdn -1031 * @memberOf X509 -1032 * @function -1033 * @param {String} hex hexadecimal string of ASN.1 DER concludes relative distinguished name -1034 * @param {Integer} idx index of hexadecimal string (DEFAULT=0) -1035 * @return {String} OpenSSL online format relative distinguished name -1036 * @description -1037 * This static method converts from a hexadecimal string of -1038 * relative distinguished name (RDN) -1039 * specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).<br/> -1040 * NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10. -1041 * @example -1042 * X509.hex2rdn("310a3008060355040a0c0161") → O=a -1043 * X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b -1044 */ -1045 X509.hex2rdn = function(hex, idx) { -1046 if (idx === undefined) idx = 0; -1047 if (hex.substr(idx, 2) !== "31") throw "malformed RDN"; -1048 -1049 var a = new Array(); -1050 -1051 var aIdx = ASN1HEX.getChildIdx(hex, idx); -1052 for (var i = 0; i < aIdx.length; i++) { -1053 a.push(X509.hex2attrTypeValue(hex, aIdx[i])); -1054 } -1055 -1056 a = a.map(function(s) { return s.replace("+", "\\+"); }); -1057 return a.join("+"); -1058 }; -1059 -1060 /** -1061 * get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue<br/> -1062 * @name hex2attrTypeValue -1063 * @memberOf X509 -1064 * @function -1065 * @param {String} hex hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue -1066 * @param {Integer} idx index of hexadecimal string (DEFAULT=0) -1067 * @return {String} string representation of AttributeTypeAndValue (ex. C=US) -1068 * @description -1069 * This static method converts from a hexadecimal string of AttributeTypeAndValue -1070 * specified by 'hex' and 'idx' to LDAP string representation (ex. C=US). -1071 * @example -1072 * X509.hex2attrTypeValue("3008060355040a0c0161") → O=a -1073 * X509.hex2attrTypeValue("300806035504060c0161") → C=a -1074 * X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a -1075 */ -1076 X509.hex2attrTypeValue = function(hex, idx) { -1077 var _ASN1HEX = ASN1HEX; -1078 var _getV = _ASN1HEX.getV; -1079 -1080 if (idx === undefined) idx = 0; -1081 if (hex.substr(idx, 2) !== "30") throw "malformed attribute type and value"; -1082 -1083 var aIdx = _ASN1HEX.getChildIdx(hex, idx); -1084 if (aIdx.length !== 2 || hex.substr(aIdx[0], 2) !== "06") -1085 "malformed attribute type and value"; -1086 -1087 var oidHex = _getV(hex, aIdx[0]); -1088 var oidInt = KJUR.asn1.ASN1Util.oidHexToInt(oidHex); -1089 var atype = KJUR.asn1.x509.OID.oid2atype(oidInt); -1090 -1091 var hV = _getV(hex, aIdx[1]); -1092 var rawV = hextorstr(hV); -1093 -1094 return atype + "=" + rawV; -1095 }; -1096 -1097 /** -1098 * get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string<br/> -1099 * @name getPublicKeyFromCertHex -1100 * @memberOf X509 -1101 * @function -1102 * @param {String} h hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key -1103 * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key -1104 * @since jsrasign 7.1.0 x509 1.1.11 -1105 */ -1106 X509.getPublicKeyFromCertHex = function(h) { -1107 var x = new X509(); -1108 x.readCertHex(h); -1109 return x.getPublicKey(); -1110 }; -1111 -1112 /** -1113 * get RSA/DSA/ECDSA public key object from PEM certificate string -1114 * @name getPublicKeyFromCertPEM -1115 * @memberOf X509 -1116 * @function -1117 * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate -1118 * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key -1119 * @since x509 1.1.1 -1120 * @description -1121 * NOTE: DSA is also supported since x509 1.1.2. -1122 */ -1123 X509.getPublicKeyFromCertPEM = function(sCertPEM) { -1124 var x = new X509(); -1125 x.readCertPEM(sCertPEM); -1126 return x.getPublicKey(); -1127 }; -1128 -1129 /** -1130 * get public key information from PEM certificate -1131 * @name getPublicKeyInfoPropOfCertPEM -1132 * @memberOf X509 -1133 * @function -1134 * @param {String} sCertPEM string of PEM formatted certificate -1135 * @return {Hash} hash of information for public key -1136 * @since x509 1.1.1 -1137 * @description -1138 * Resulted associative array has following properties:<br/> -1139 * <ul> -1140 * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li> -1141 * <li>algparam - hexadecimal string of OID of ECC curve name or null</li> -1142 * <li>keyhex - hexadecimal string of key in the certificate</li> -1143 * </ul> -1144 * NOTE: X509v1 certificate is also supported since x509.js 1.1.9. -1145 */ -1146 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) { -1147 var _ASN1HEX = ASN1HEX; -1148 var _getVbyList = _ASN1HEX.getVbyList; -1149 -1150 var result = {}; -1151 var x, hSPKI, pubkey; -1152 result.algparam = null; -1153 -1154 x = new X509(); -1155 x.readCertPEM(sCertPEM); -1156 -1157 hSPKI = x.getPublicKeyHex(); -1158 result.keyhex = _getVbyList(hSPKI, 0, [1], "03").substr(2); -1159 result.algoid = _getVbyList(hSPKI, 0, [0, 0], "06"); -1160 -1161 if (result.algoid === "2a8648ce3d0201") { // ecPublicKey -1162 result.algparam = _getVbyList(hSPKI, 0, [0, 1], "06"); -1163 }; -1164 -1165 return result; -1166 }; -1167 -1168 /* ====================================================================== -1169 * Specific V3 Extensions -1170 * ====================================================================== */ -1171 -1172 X509.KEYUSAGE_NAME = [ -1173 "digitalSignature", -1174 "nonRepudiation", -1175 "keyEncipherment", -1176 "dataEncipherment", -1177 "keyAgreement", -1178 "keyCertSign", -1179 "cRLSign", -1180 "encipherOnly", -1181 "decipherOnly" -1182 ]; -1183