diff --git a/ChangeLog.txt b/ChangeLog.txt index 3e7d5833..3c52d8d5 100755 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,6 +1,18 @@ ChangeLog for jsrsasign +* Changes from 8.0.0 to 8.0.1 (2017-Ju1-01) + - x509 1.1.16 to 1.1.17 + - add getExtSubjectAltName2 which supports + GeneralName type + - make getExtSubjectAltName deprecated + - fix getExtCRLDistributionPointsURI() for #269. + caused error if CDP containts directory name. + now fixed. + - getInfo now supports certificatePolicies + - tool/tool_certview.html + - SHA1 fingerprint issue fixed for #273 + * Changes from 7.2.2 to 8.0.0 (2017-Jun-30) - all of deprecated classes, methods and files are removed. diff --git a/api/files.html b/api/files.html index dced74ab..e994fe74 100644 --- a/api/files.html +++ b/api/files.html @@ -802,7 +802,7 @@

x509-1.1.js

Version:
-
jsrsasign 7.2.1 x509 1.1.16 (2017-Jun-23)
+
jsrsasign 8.0.1 x509 1.1.17 (2017-Jun-30)
diff --git a/api/symbols/X509.html b/api/symbols/X509.html index ac40db3e..5f6983f5 100644 --- a/api/symbols/X509.html +++ b/api/symbols/X509.html @@ -643,12 +643,23 @@

getExtSubjectAltName()
-
get subjectAltName value as array of string in the certificate +
(DEPRECATED) get subjectAltName value as array of string in the certificate This method will get subject alt name extension value as array of name.
+ +   + + +
get subjectAltName value as array of string in the certificate +This method will get subject alt name extension value +as array of type and name.
+ + +   @@ -1559,7 +1570,7 @@

- get subjectAltName value as array of string in the certificate + (DEPRECATED) get subjectAltName value as array of string in the certificate This method will get subject alt name extension value as array of name. If there is this in the certificate, it returns undefined; @@ -1574,12 +1585,19 @@

x = new X509();
 x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-x.getExtSubjectAltName(hCert) → ["example.com", "example.org"]
+x.getExtSubjectAltName() → ["example.com", "example.org"] +
+
Deprecated:
+
+ since jsrsasign 8.0.1 x509 1.1.17. Please move to X509#getExtSubjectAltName2 +
+
+
Since:
@@ -1599,6 +1617,66 @@

+
+ + +
+ + {Object} + getExtSubjectAltName2() + +
+
+ get subjectAltName value as array of string in the certificate +This method will get subject alt name extension value +as array of type and name. +If there is this in the certificate, it returns undefined; +Type of GeneralName will be shown as following: +
    +
  • "MAIL" - [1]rfc822Name
  • +
  • "DNS" - [2]dNSName
  • +
  • "DN" - [4]directoryName
  • +
  • "URI" - [6]uniformResourceIdentifier
  • +
  • "IP" - [7]iPAddress
  • +
+ + +
+ + + +
x = new X509();
+x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+x.getExtSubjectAltName2() →
+[["DNS",  "example.com"],
+ ["DNS",  "example.org"],
+ ["MAIL", "foo@example.com"],
+ ["IP",   "192.168.1.1"],
+ ["DN",   "/C=US/O=TEST1"]]
+ + + + + + +
+
Since:
+
jsrsasign 8.0.1 x509 1.1.17
+
+

+ + + +
+
Returns:
+ +
{Object} array of alt name array
+ +
+ + + +
diff --git a/api/symbols/src/x509-1.1.js.html b/api/symbols/src/x509-1.1.js.html index f839f1d0..62b71326 100644 --- a/api/symbols/src/x509-1.1.js.html +++ b/api/symbols/src/x509-1.1.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
  1 /* x509-1.1.16.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* x509-1.1.17.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * x509.js - X509 class to read subject public key from certificate.
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name x509-1.1.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 7.2.1 x509 1.1.16 (2017-Jun-23)
+ 19  * @version jsrsasign 8.0.1 x509 1.1.17 (2017-Jun-30)
  20  * @since jsrsasign 1.x.x
  21  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -678,513 +678,589 @@
 671     };
 672 
 673     /**
-674      * get subjectAltName value as array of string in the certificate
+674      * (DEPRECATED) get subjectAltName value as array of string in the certificate
 675      * @name getExtSubjectAltName
 676      * @memberOf X509#
 677      * @function
 678      * @return {Object} array of alt names
 679      * @since jsrsasign 7.2.0 x509 1.1.14
-680      * @description
-681      * This method will get subject alt name extension value
-682      * as array of name.
-683      * If there is this in the certificate, it returns undefined;
-684      * <br>
-685      * NOTE: Currently this method supports only dNSName so that
-686      * other name type such like iPAddress or generalName will not be returned.
-687      * @example
-688      * x = new X509();
-689      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-690      * x.getExtSubjectAltName(hCert) → ["example.com", "example.org"]
-691      */
-692     this.getExtSubjectAltName = function() {
-693 	var info = this.getExtInfo("subjectAltName");
-694 	if (info === undefined) return info;
-695 
-696 	var result = new Array();
-697 	var h = _getTLV(this.hex, info.vidx);
-698 
-699 	var a = _getChildIdx(h, 0);
-700 	for (var i = 0; i < a.length; i++) {
-701 	    if (h.substr(a[i], 2) === "82") {
-702 		var fqdn = hextoutf8(_getV(h, a[i]));
-703 		result.push(fqdn);
-704 	    }
-705 	}
-706 	return result;
-707     };
-708 
-709     /**
-710      * get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate
-711      * @name getExtCRLDistributionPointsURI
-712      * @memberOf X509#
-713      * @function
-714      * @return {Object} array of fullName URIs of CDP of the certificate
-715      * @since jsrsasign 7.2.0 x509 1.1.14
-716      * @description
-717      * This method will get all fullName URIs of cRLDistributionPoints extension
-718      * in the certificate as array of URI string.
-719      * If there is this in the certificate, it returns undefined;
-720      * <br>
-721      * NOTE: Currently this method supports only fullName URI so that
-722      * other parameters will not be returned.
-723      * @example
-724      * x = new X509();
-725      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-726      * x.getExtCRLDistributionPointsURI() →
-727      * ["http://example.com/aaa.crl", "http://example.org/aaa.crl"]
-728      */
-729     this.getExtCRLDistributionPointsURI = function() {
-730 	var info = this.getExtInfo("cRLDistributionPoints");
-731 	if (info === undefined) return info;
-732 
-733 	var result = new Array();
-734 	var a = _getChildIdx(this.hex, info.vidx);
-735 	for (var i = 0; i < a.length; i++) {
-736 	    var hURI = _getVbyList(this.hex, a[i], [0, 0, 0], "86");
-737 	    var uri = hextoutf8(hURI);
-738 	    result.push(uri);
-739 	}
-740 
-741 	return result;
-742     };
-743 
-744     /**
-745      * get AuthorityInfoAccess extension value in the certificate as associative array
-746      * @name getExtAIAInfo
-747      * @memberOf X509#
-748      * @function
-749      * @return {Object} associative array of AIA extension properties
-750      * @since jsrsasign 7.2.0 x509 1.1.14
-751      * @description
-752      * This method will get authority info access value
-753      * as associate array which has following properties:
-754      * <ul>
-755      * <li>ocsp - array of string for OCSP responder URL</li>
-756      * <li>caissuer - array of string for caIssuer value (i.e. CA certificates URL)</li>
-757      * </ul>
-758      * If there is this in the certificate, it returns undefined;
-759      * @example
-760      * x = new X509();
-761      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-762      * x.getExtAIAInfo(hCert) → 
-763      * { ocsp:     ["http://ocsp.foo.com"],
-764      *   caissuer: ["http://rep.foo.com/aaa.p8m"] }
-765      */
-766     this.getExtAIAInfo = function() {
-767 	var info = this.getExtInfo("authorityInfoAccess");
-768 	if (info === undefined) return info;
-769 
-770 	var result = { ocsp: [], caissuer: [] };
-771 	var a = _getChildIdx(this.hex, info.vidx);
-772 	for (var i = 0; i < a.length; i++) {
-773 	    var hOID = _getVbyList(this.hex, a[i], [0], "06");
-774 	    var hName = _getVbyList(this.hex, a[i], [1], "86");
-775 	    if (hOID === "2b06010505073001") {
-776 		result.ocsp.push(hextoutf8(hName));
-777 	    }
-778 	    if (hOID === "2b06010505073002") {
-779 		result.caissuer.push(hextoutf8(hName));
-780 	    }
-781 	}
-782 
-783 	return result;
-784     };
-785 
-786     /**
-787      * get CertificatePolicies extension value in the certificate as array
-788      * @name getExtCertificatePolicies
-789      * @memberOf X509#
-790      * @function
-791      * @return {Object} array of PolicyInformation JSON object
-792      * @since jsrsasign 7.2.0 x509 1.1.14
-793      * @description
-794      * This method will get certificate policies value
-795      * as an array of JSON object which has following properties:
-796      * <ul>
-797      * <li>id - </li>
-798      * <li>cps - URI of certification practice statement</li>
-799      * <li>unotice - string of UserNotice explicitText</li>
-800      * </ul>
-801      * If there is this extension in the certificate,
-802      * it returns undefined;
-803      * @example
-804      * x = new X509();
-805      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-806      * x.getExtCertificatePolicies → 
-807      * [{ id: 1.2.3.4,
-808      *    cps: "http://example.com/cps",
-809      *    unotice: "explicit text" }]
-810      */
-811     this.getExtCertificatePolicies = function() {
-812 	var info = this.getExtInfo("certificatePolicies");
-813 	if (info === undefined) return info;
-814 	
-815 	var hExt = _getTLV(this.hex, info.vidx);
-816 	var result = [];
-817 
-818 	var a = _getChildIdx(hExt, 0);
-819 	for (var i = 0; i < a.length; i++) {
-820 	    var policyInfo = {};
-821 	    var a1 = _getChildIdx(hExt, a[i]);
-822 
-823 	    policyInfo.id = _oidname(_getV(hExt, a1[0]));
-824 
-825 	    if (a1.length === 2) {
-826 		var a2 = _getChildIdx(hExt, a1[1]);
-827 
-828 		for (var j = 0; j < a2.length; j++) {
-829 		    var hQualifierId = _getVbyList(hExt, a2[j], [0], "06");
-830 
-831 		    if (hQualifierId === "2b06010505070201") { // cps
-832 			policyInfo.cps = hextoutf8(_getVbyList(hExt, a2[j], [1]));
-833 		    } else if (hQualifierId === "2b06010505070202") { // unotice
-834 			policyInfo.unotice =
-835 			    hextoutf8(_getVbyList(hExt, a2[j], [1, 0]));
-836 		    }
-837 		}
-838 	    }
-839 
-840 	    result.push(policyInfo);
-841 	}
-842 
-843 	return result;
-844     }
-845 
-846     // ===== read certificate =====================================
-847     /**
-848      * read PEM formatted X.509 certificate from string.<br/>
-849      * @name readCertPEM
-850      * @memberOf X509#
-851      * @function
-852      * @param {String} sCertPEM string for PEM formatted X.509 certificate
-853      * @example
-854      * x = new X509();
-855      * x.readCertPEM(sCertPEM); // read certificate
-856      */
-857     this.readCertPEM = function(sCertPEM) {
-858         this.readCertHex(_pemtohex(sCertPEM));
-859     };
-860 
-861     /**
-862      * read a hexadecimal string of X.509 certificate<br/>
-863      * @name readCertHex
-864      * @memberOf X509#
-865      * @function
-866      * @param {String} sCertHex hexadecimal string of X.509 certificate
-867      * @since jsrsasign 7.1.4 x509 1.1.13
-868      * @description
-869      * NOTE: {@link X509#parseExt} will called internally since jsrsasign 7.2.0.
-870      * @example
-871      * x = new X509();
-872      * x.readCertHex("3082..."); // read certificate
-873      */
-874     this.readCertHex = function(sCertHex) {
-875         this.hex = sCertHex;
-876 	this.getVersion(); // set version parameter
-877 
-878 	try {
-879 	    _getIdxbyList(this.hex, 0, [0, 7], "a3"); // has [3] v3ext
-880 	    this.parseExt();
-881 	} catch(ex) {};
-882     };
-883 
-884     /**
-885      * get certificate information as string.<br/>
-886      * @name getInfo
-887      * @memberOf X509#
-888      * @function
-889      * @return {String} certificate information string
-890      * @since jsrsasign 5.0.10 x509 1.1.8
-891      * @example
-892      * x = new X509();
-893      * x.readCertPEM(certPEM);
-894      * console.log(x.getInfo());
-895      * // this shows as following
-896      * Basic Fields
-897      *   serial number: 02ac5c266a0b409b8f0b79f2ae462577
-898      *   signature algorithm: SHA1withRSA
-899      *   issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-900      *   notBefore: 061110000000Z
-901      *   notAfter: 311110000000Z
-902      *   subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-903      *   subject public key info:
-904      *     key algorithm: RSA
-905      *     n=c6cce573e6fbd4bb...
-906      *     e=10001
-907      * X509v3 Extensions:
-908      *   keyUsage CRITICAL:
-909      *     digitalSignature,keyCertSign,cRLSign
-910      *   basicConstraints CRITICAL:
-911      *     cA=true
-912      *   subjectKeyIdentifier :
-913      *     b13ec36903f8bf4701d498261a0802ef63642bc3
-914      *   authorityKeyIdentifier :
-915      *     kid=b13ec36903f8bf4701d498261a0802ef63642bc3
-916      * signature algorithm: SHA1withRSA
-917      * signature: 1c1a0697dcd79c9f...
-918      */
-919     this.getInfo = function() {
-920 	var _X509 = X509;
-921 	var s, pubkey, aExt;
-922 	s  = "Basic Fields\n";
-923         s += "  serial number: " + this.getSerialNumberHex() + "\n";
-924 	s += "  signature algorithm: " + this.getSignatureAlgorithmField() + "\n";
-925 	s += "  issuer: " + this.getIssuerString() + "\n";
-926 	s += "  notBefore: " + this.getNotBefore() + "\n";
-927 	s += "  notAfter: " + this.getNotAfter() + "\n";
-928 	s += "  subject: " + this.getSubjectString() + "\n";
-929 	s += "  subject public key info: " + "\n";
-930 
-931 	// subject public key info
-932 	pubkey = this.getPublicKey();
-933 	s += "    key algorithm: " + pubkey.type + "\n";
-934 
-935 	if (pubkey.type === "RSA") {
-936 	    s += "    n=" + hextoposhex(pubkey.n.toString(16)).substr(0, 16) + "...\n";
-937 	    s += "    e=" + hextoposhex(pubkey.e.toString(16)) + "\n";
-938 	}
-939 
-940         s += "X509v3 Extensions:\n";
-941 
-942         aExt = this.aExtInfo;
-943         for (var i = 0; i < aExt.length; i++) {
-944 	    var info = aExt[i];
+680      * @deprecated since jsrsasign 8.0.1 x509 1.1.17. Please move to {@link X509#getExtSubjectAltName2}
+681      * @description
+682      * This method will get subject alt name extension value
+683      * as array of name.
+684      * If there is this in the certificate, it returns undefined;
+685      * <br>
+686      * NOTE: Currently this method supports only dNSName so that
+687      * other name type such like iPAddress or generalName will not be returned.
+688      * @example
+689      * x = new X509();
+690      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+691      * x.getExtSubjectAltName() → ["example.com", "example.org"]
+692      */
+693     this.getExtSubjectAltName = function() {
+694 	var a = this.getExtSubjectAltName2();
+695 	var result = new Array();
+696 
+697 	for (var i = 0; i < a.length; i++) {
+698 	    if (a[i][0] === "DNS") result.push(a[i][1]);
+699 	}
+700 	return result;
+701     };
+702 
+703     /**
+704      * get subjectAltName value as array of string in the certificate
+705      * @name getExtSubjectAltName2
+706      * @memberOf X509#
+707      * @function
+708      * @return {Object} array of alt name array
+709      * @since jsrsasign 8.0.1 x509 1.1.17
+710      * @description
+711      * This method will get subject alt name extension value
+712      * as array of type and name.
+713      * If there is this in the certificate, it returns undefined;
+714      * Type of GeneralName will be shown as following:
+715      * <ul>
+716      * <li>"MAIL" - [1]rfc822Name</li>
+717      * <li>"DNS"  - [2]dNSName</li>
+718      * <li>"DN"   - [4]directoryName</li>
+719      * <li>"URI"  - [6]uniformResourceIdentifier</li>
+720      * <li>"IP"   - [7]iPAddress</li>
+721      * </ul>
+722      * @example
+723      * x = new X509();
+724      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+725      * x.getExtSubjectAltName2() →
+726      * [["DNS",  "example.com"],
+727      *  ["DNS",  "example.org"],
+728      *  ["MAIL", "foo@example.com"],
+729      *  ["IP",   "192.168.1.1"],
+730      *  ["DN",   "/C=US/O=TEST1"]]
+731      */
+732     this.getExtSubjectAltName2 = function() {
+733 	var gnValueHex, gnValueStr, gnTag;
+734 	var info = this.getExtInfo("subjectAltName");
+735 	if (info === undefined) return info;
+736 
+737 	var result = new Array();
+738 	var h = _getTLV(this.hex, info.vidx);
+739 
+740 	var a = _getChildIdx(h, 0);
+741 	for (var i = 0; i < a.length; i++) {
+742 	    gnTag = h.substr(a[i], 2);
+743 	    gnValueHex = _getV(h, a[i]);
+744 	    
+745 	    if (gnTag === "81") { // rfc822Name [1]
+746 		gnValueStr = hextoutf8(gnValueHex);
+747 		result.push(["MAIL", gnValueStr]);
+748 	    }
+749 	    if (gnTag === "82") { // dNSName [2]
+750 		gnValueStr = hextoutf8(gnValueHex);
+751 		result.push(["DNS", gnValueStr]);
+752 	    }
+753 	    if (gnTag === "84") { // directoryName [4]
+754 		gnValueStr = X509.hex2dn(gnValueHex, 0);
+755 		result.push(["DN", gnValueStr]);
+756 	    }
+757 	    if (gnTag === "86") { // uniformResourceIdentifier [6]
+758 		gnValueStr = hextoutf8(gnValueHex);
+759 		result.push(["URI", gnValueStr]);
+760 	    }
+761 	    if (gnTag === "87") { // iPAddress [7]
+762 		try {
+763 		    gnValueStr = 
+764 			parseInt(gnValueStr.substr(0, 2), 16) + "." +
+765 			parseInt(gnValueStr.substr(2, 2), 16) + "." +
+766 			parseInt(gnValueStr.substr(4, 2), 16) + "." +
+767 			parseInt(gnValueStr.substr(6, 2), 16);
+768 		    result.push(["IP", gnValueStr]);
+769 		} catch (ex) {};
+770 	    }
+771 	}
+772 	return result;
+773     };
+774 
+775     /**
+776      * get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate
+777      * @name getExtCRLDistributionPointsURI
+778      * @memberOf X509#
+779      * @function
+780      * @return {Object} array of fullName URIs of CDP of the certificate
+781      * @since jsrsasign 7.2.0 x509 1.1.14
+782      * @description
+783      * This method will get all fullName URIs of cRLDistributionPoints extension
+784      * in the certificate as array of URI string.
+785      * If there is this in the certificate, it returns undefined;
+786      * <br>
+787      * NOTE: Currently this method supports only fullName URI so that
+788      * other parameters will not be returned.
+789      * @example
+790      * x = new X509();
+791      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+792      * x.getExtCRLDistributionPointsURI() →
+793      * ["http://example.com/aaa.crl", "http://example.org/aaa.crl"]
+794      */
+795     this.getExtCRLDistributionPointsURI = function() {
+796 	var info = this.getExtInfo("cRLDistributionPoints");
+797 	if (info === undefined) return info;
+798 
+799 	var result = new Array();
+800 	var a = _getChildIdx(this.hex, info.vidx);
+801 	for (var i = 0; i < a.length; i++) {
+802 	    try {
+803 		var hURI = _getVbyList(this.hex, a[i], [0, 0, 0], "86");
+804 		var uri = hextoutf8(hURI);
+805 		result.push(uri);
+806 	    } catch(ex) {};
+807 	}
+808 
+809 	return result;
+810     };
+811 
+812     /**
+813      * get AuthorityInfoAccess extension value in the certificate as associative array
+814      * @name getExtAIAInfo
+815      * @memberOf X509#
+816      * @function
+817      * @return {Object} associative array of AIA extension properties
+818      * @since jsrsasign 7.2.0 x509 1.1.14
+819      * @description
+820      * This method will get authority info access value
+821      * as associate array which has following properties:
+822      * <ul>
+823      * <li>ocsp - array of string for OCSP responder URL</li>
+824      * <li>caissuer - array of string for caIssuer value (i.e. CA certificates URL)</li>
+825      * </ul>
+826      * If there is this in the certificate, it returns undefined;
+827      * @example
+828      * x = new X509();
+829      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+830      * x.getExtAIAInfo(hCert) → 
+831      * { ocsp:     ["http://ocsp.foo.com"],
+832      *   caissuer: ["http://rep.foo.com/aaa.p8m"] }
+833      */
+834     this.getExtAIAInfo = function() {
+835 	var info = this.getExtInfo("authorityInfoAccess");
+836 	if (info === undefined) return info;
+837 
+838 	var result = { ocsp: [], caissuer: [] };
+839 	var a = _getChildIdx(this.hex, info.vidx);
+840 	for (var i = 0; i < a.length; i++) {
+841 	    var hOID = _getVbyList(this.hex, a[i], [0], "06");
+842 	    var hName = _getVbyList(this.hex, a[i], [1], "86");
+843 	    if (hOID === "2b06010505073001") {
+844 		result.ocsp.push(hextoutf8(hName));
+845 	    }
+846 	    if (hOID === "2b06010505073002") {
+847 		result.caissuer.push(hextoutf8(hName));
+848 	    }
+849 	}
+850 
+851 	return result;
+852     };
+853 
+854     /**
+855      * get CertificatePolicies extension value in the certificate as array
+856      * @name getExtCertificatePolicies
+857      * @memberOf X509#
+858      * @function
+859      * @return {Object} array of PolicyInformation JSON object
+860      * @since jsrsasign 7.2.0 x509 1.1.14
+861      * @description
+862      * This method will get certificate policies value
+863      * as an array of JSON object which has following properties:
+864      * <ul>
+865      * <li>id - </li>
+866      * <li>cps - URI of certification practice statement</li>
+867      * <li>unotice - string of UserNotice explicitText</li>
+868      * </ul>
+869      * If there is this extension in the certificate,
+870      * it returns undefined;
+871      * @example
+872      * x = new X509();
+873      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+874      * x.getExtCertificatePolicies → 
+875      * [{ id: 1.2.3.4,
+876      *    cps: "http://example.com/cps",
+877      *    unotice: "explicit text" }]
+878      */
+879     this.getExtCertificatePolicies = function() {
+880 	var info = this.getExtInfo("certificatePolicies");
+881 	if (info === undefined) return info;
+882 	
+883 	var hExt = _getTLV(this.hex, info.vidx);
+884 	var result = [];
+885 
+886 	var a = _getChildIdx(hExt, 0);
+887 	for (var i = 0; i < a.length; i++) {
+888 	    var policyInfo = {};
+889 	    var a1 = _getChildIdx(hExt, a[i]);
+890 
+891 	    policyInfo.id = _oidname(_getV(hExt, a1[0]));
+892 
+893 	    if (a1.length === 2) {
+894 		var a2 = _getChildIdx(hExt, a1[1]);
+895 
+896 		for (var j = 0; j < a2.length; j++) {
+897 		    var hQualifierId = _getVbyList(hExt, a2[j], [0], "06");
+898 
+899 		    if (hQualifierId === "2b06010505070201") { // cps
+900 			policyInfo.cps = hextoutf8(_getVbyList(hExt, a2[j], [1]));
+901 		    } else if (hQualifierId === "2b06010505070202") { // unotice
+902 			policyInfo.unotice =
+903 			    hextoutf8(_getVbyList(hExt, a2[j], [1, 0]));
+904 		    }
+905 		}
+906 	    }
+907 
+908 	    result.push(policyInfo);
+909 	}
+910 
+911 	return result;
+912     }
+913 
+914     // ===== read certificate =====================================
+915     /**
+916      * read PEM formatted X.509 certificate from string.<br/>
+917      * @name readCertPEM
+918      * @memberOf X509#
+919      * @function
+920      * @param {String} sCertPEM string for PEM formatted X.509 certificate
+921      * @example
+922      * x = new X509();
+923      * x.readCertPEM(sCertPEM); // read certificate
+924      */
+925     this.readCertPEM = function(sCertPEM) {
+926         this.readCertHex(_pemtohex(sCertPEM));
+927     };
+928 
+929     /**
+930      * read a hexadecimal string of X.509 certificate<br/>
+931      * @name readCertHex
+932      * @memberOf X509#
+933      * @function
+934      * @param {String} sCertHex hexadecimal string of X.509 certificate
+935      * @since jsrsasign 7.1.4 x509 1.1.13
+936      * @description
+937      * NOTE: {@link X509#parseExt} will called internally since jsrsasign 7.2.0.
+938      * @example
+939      * x = new X509();
+940      * x.readCertHex("3082..."); // read certificate
+941      */
+942     this.readCertHex = function(sCertHex) {
+943         this.hex = sCertHex;
+944 	this.getVersion(); // set version parameter
 945 
-946 	    // show extension name and critical flag
-947 	    var extName = KJUR.asn1.x509.OID.oid2name(info["oid"]);
-948 	    if (extName === '') extName = info["oid"];
-949 
-950 	    var critical = '';
-951 	    if (info["critical"] === true) critical = "CRITICAL";
-952 
-953 	    s += "  " + extName + " " + critical + ":\n";
-954 
-955 	    // show extension value if supported
-956 	    if (extName === "basicConstraints") {
-957 		var bc = this.getExtBasicConstraints();
-958 		if (bc.cA === undefined) {
-959 		    s += "    {}\n";
-960 		} else {
-961 		    s += "    cA=true";
-962 		    if (bc.pathLen !== undefined)
-963 			s += ", pathLen=" + bc.pathLen;
-964 		    s += "\n";
-965 		}
-966 	    } else if (extName === "keyUsage") {
-967 		s += "    " + this.getExtKeyUsageString() + "\n";
-968 	    } else if (extName === "subjectKeyIdentifier") {
-969 		s += "    " + this.getExtSubjectKeyIdentifier() + "\n";
-970 	    } else if (extName === "authorityKeyIdentifier") {
-971 		var akid = this.getExtAuthorityKeyIdentifier();
-972 		if (akid.kid !== undefined)
-973 		    s += "    kid=" + akid.kid + "\n";
-974 	    } else if (extName === "extKeyUsage") {
-975 		var eku = this.getExtExtKeyUsageName();
-976 		s += "    " + eku.join(", ") + "\n";
-977 	    } else if (extName === "subjectAltName") {
-978 		var san = this.getExtSubjectAltName();
-979 		s += "    " + san.join(", ") + "\n";
-980 	    } else if (extName === "cRLDistributionPoints") {
-981 		var cdp = this.getExtCRLDistributionPointsURI();
-982 		s += "    " + cdp + "\n";
-983 	    } else if (extName === "authorityInfoAccess") {
-984 		var aia = this.getExtAIAInfo();
-985 		if (aia.ocsp !== undefined)
-986 		    s += "    ocsp: " + aia.ocsp.join(",") + "\n";
-987 		if (aia.caissuer !== undefined)
-988 		    s += "    caissuer: " + aia.caissuer.join(",") + "\n";
-989 	    }
-990         }
-991 
-992 	s += "signature algorithm: " + this.getSignatureAlgorithmName() + "\n";
-993 	s += "signature: " + this.getSignatureValueHex().substr(0, 16) + "...\n";
-994 	return s;
-995     };
-996 };
-997 
-998 /**
-999  * get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name<br/>
-1000  * @name hex2dn
-1001  * @memberOf X509
-1002  * @function
-1003  * @param {String} hex hexadecimal string of ASN.1 DER distinguished name
-1004  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-1005  * @return {String} OpenSSL online format distinguished name
-1006  * @description
-1007  * This static method converts from a hexadecimal string of 
-1008  * distinguished name (DN)
-1009  * specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
-1010  * @example
-1011  * X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1
-1012  */
-1013 X509.hex2dn = function(hex, idx) {
-1014     if (idx === undefined) idx = 0;
-1015     if (hex.substr(idx, 2) !== "30") throw "malformed DN";
-1016 
-1017     var a = new Array();
-1018 
-1019     var aIdx = ASN1HEX.getChildIdx(hex, idx);
-1020     for (var i = 0; i < aIdx.length; i++) {
-1021 	a.push(X509.hex2rdn(hex, aIdx[i]));
-1022     }
-1023 
-1024     a = a.map(function(s) { return s.replace("/", "\\/"); });
-1025     return "/" + a.join("/");
-1026 };
-1027 
-1028 /**
-1029  * get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN<br/>
-1030  * @name hex2rdn
-1031  * @memberOf X509
-1032  * @function
-1033  * @param {String} hex hexadecimal string of ASN.1 DER concludes relative distinguished name
-1034  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-1035  * @return {String} OpenSSL online format relative distinguished name
-1036  * @description
-1037  * This static method converts from a hexadecimal string of 
-1038  * relative distinguished name (RDN)
-1039  * specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).<br/>
-1040  * NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
-1041  * @example
-1042  * X509.hex2rdn("310a3008060355040a0c0161") → O=a
-1043  * X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b
-1044  */
-1045 X509.hex2rdn = function(hex, idx) {
-1046     if (idx === undefined) idx = 0;
-1047     if (hex.substr(idx, 2) !== "31") throw "malformed RDN";
-1048 
-1049     var a = new Array();
-1050 
-1051     var aIdx = ASN1HEX.getChildIdx(hex, idx);
-1052     for (var i = 0; i < aIdx.length; i++) {
-1053 	a.push(X509.hex2attrTypeValue(hex, aIdx[i]));
-1054     }
-1055 
-1056     a = a.map(function(s) { return s.replace("+", "\\+"); });
-1057     return a.join("+");
-1058 };
-1059 
-1060 /**
-1061  * get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue<br/>
-1062  * @name hex2attrTypeValue
-1063  * @memberOf X509
-1064  * @function
-1065  * @param {String} hex hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue
-1066  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-1067  * @return {String} string representation of AttributeTypeAndValue (ex. C=US)
-1068  * @description
-1069  * This static method converts from a hexadecimal string of AttributeTypeAndValue
-1070  * specified by 'hex' and 'idx' to LDAP string representation (ex. C=US).
-1071  * @example
-1072  * X509.hex2attrTypeValue("3008060355040a0c0161") → O=a
-1073  * X509.hex2attrTypeValue("300806035504060c0161") → C=a
-1074  * X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a
-1075  */
-1076 X509.hex2attrTypeValue = function(hex, idx) {
-1077     var _ASN1HEX = ASN1HEX;
-1078     var _getV = _ASN1HEX.getV;
-1079 
-1080     if (idx === undefined) idx = 0;
-1081     if (hex.substr(idx, 2) !== "30") throw "malformed attribute type and value";
-1082 
-1083     var aIdx = _ASN1HEX.getChildIdx(hex, idx);
-1084     if (aIdx.length !== 2 || hex.substr(aIdx[0], 2) !== "06")
-1085 	"malformed attribute type and value";
-1086 
-1087     var oidHex = _getV(hex, aIdx[0]);
-1088     var oidInt = KJUR.asn1.ASN1Util.oidHexToInt(oidHex);
-1089     var atype = KJUR.asn1.x509.OID.oid2atype(oidInt);
-1090 
-1091     var hV = _getV(hex, aIdx[1]);
-1092     var rawV = hextorstr(hV);
-1093 
-1094     return atype + "=" + rawV;
-1095 };
-1096 
-1097 /**
-1098  * get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string<br/>
-1099  * @name getPublicKeyFromCertHex
-1100  * @memberOf X509
-1101  * @function
-1102  * @param {String} h hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key
-1103  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
-1104  * @since jsrasign 7.1.0 x509 1.1.11
-1105  */
-1106 X509.getPublicKeyFromCertHex = function(h) {
-1107     var x = new X509();
-1108     x.readCertHex(h);
-1109     return x.getPublicKey();
-1110 };
-1111 
-1112 /**
-1113  * get RSA/DSA/ECDSA public key object from PEM certificate string
-1114  * @name getPublicKeyFromCertPEM
-1115  * @memberOf X509
-1116  * @function
-1117  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
-1118  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
-1119  * @since x509 1.1.1
-1120  * @description
-1121  * NOTE: DSA is also supported since x509 1.1.2.
-1122  */
-1123 X509.getPublicKeyFromCertPEM = function(sCertPEM) {
-1124     var x = new X509();
-1125     x.readCertPEM(sCertPEM);
-1126     return x.getPublicKey();
-1127 };
-1128 
-1129 /**
-1130  * get public key information from PEM certificate
-1131  * @name getPublicKeyInfoPropOfCertPEM
-1132  * @memberOf X509
-1133  * @function
-1134  * @param {String} sCertPEM string of PEM formatted certificate
-1135  * @return {Hash} hash of information for public key
-1136  * @since x509 1.1.1
-1137  * @description
-1138  * Resulted associative array has following properties:<br/>
-1139  * <ul>
-1140  * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
-1141  * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
-1142  * <li>keyhex - hexadecimal string of key in the certificate</li>
-1143  * </ul>
-1144  * NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
-1145  */
-1146 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) {
-1147     var _ASN1HEX = ASN1HEX;
-1148     var _getVbyList = _ASN1HEX.getVbyList;
-1149 
-1150     var result = {};
-1151     var x, hSPKI, pubkey;
-1152     result.algparam = null;
-1153 
-1154     x = new X509();
-1155     x.readCertPEM(sCertPEM);
-1156 
-1157     hSPKI = x.getPublicKeyHex();
-1158     result.keyhex = _getVbyList(hSPKI, 0, [1], "03").substr(2);
-1159     result.algoid = _getVbyList(hSPKI, 0, [0, 0], "06");
-1160 
-1161     if (result.algoid === "2a8648ce3d0201") { // ecPublicKey
-1162 	result.algparam = _getVbyList(hSPKI, 0, [0, 1], "06");
-1163     };
-1164 
-1165     return result;
-1166 };
-1167 
-1168 /* ======================================================================
-1169  *   Specific V3 Extensions
-1170  * ====================================================================== */
-1171 
-1172 X509.KEYUSAGE_NAME = [
-1173     "digitalSignature",
-1174     "nonRepudiation",
-1175     "keyEncipherment",
-1176     "dataEncipherment",
-1177     "keyAgreement",
-1178     "keyCertSign",
-1179     "cRLSign",
-1180     "encipherOnly",
-1181     "decipherOnly"
-1182 ];
-1183 
\ No newline at end of file +946
try { +947 _getIdxbyList(this.hex, 0, [0, 7], "a3"); // has [3] v3ext +948 this.parseExt(); +949 } catch(ex) {}; +950 }; +951 +952 /** +953 * get certificate information as string.<br/> +954 * @name getInfo +955 * @memberOf X509# +956 * @function +957 * @return {String} certificate information string +958 * @since jsrsasign 5.0.10 x509 1.1.8 +959 * @example +960 * x = new X509(); +961 * x.readCertPEM(certPEM); +962 * console.log(x.getInfo()); +963 * // this shows as following +964 * Basic Fields +965 * serial number: 02ac5c266a0b409b8f0b79f2ae462577 +966 * signature algorithm: SHA1withRSA +967 * issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA +968 * notBefore: 061110000000Z +969 * notAfter: 311110000000Z +970 * subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA +971 * subject public key info: +972 * key algorithm: RSA +973 * n=c6cce573e6fbd4bb... +974 * e=10001 +975 * X509v3 Extensions: +976 * keyUsage CRITICAL: +977 * digitalSignature,keyCertSign,cRLSign +978 * basicConstraints CRITICAL: +979 * cA=true +980 * subjectKeyIdentifier : +981 * b13ec36903f8bf4701d498261a0802ef63642bc3 +982 * authorityKeyIdentifier : +983 * kid=b13ec36903f8bf4701d498261a0802ef63642bc3 +984 * signature algorithm: SHA1withRSA +985 * signature: 1c1a0697dcd79c9f... +986 */ +987 this.getInfo = function() { +988 var _X509 = X509; +989 var s, pubkey, aExt; +990 s = "Basic Fields\n"; +991 s += " serial number: " + this.getSerialNumberHex() + "\n"; +992 s += " signature algorithm: " + this.getSignatureAlgorithmField() + "\n"; +993 s += " issuer: " + this.getIssuerString() + "\n"; +994 s += " notBefore: " + this.getNotBefore() + "\n"; +995 s += " notAfter: " + this.getNotAfter() + "\n"; +996 s += " subject: " + this.getSubjectString() + "\n"; +997 s += " subject public key info: " + "\n"; +998 +999 // subject public key info +1000 pubkey = this.getPublicKey(); +1001 s += " key algorithm: " + pubkey.type + "\n"; +1002 +1003 if (pubkey.type === "RSA") { +1004 s += " n=" + hextoposhex(pubkey.n.toString(16)).substr(0, 16) + "...\n"; +1005 s += " e=" + hextoposhex(pubkey.e.toString(16)) + "\n"; +1006 } +1007 +1008 s += "X509v3 Extensions:\n"; +1009 +1010 aExt = this.aExtInfo; +1011 for (var i = 0; i < aExt.length; i++) { +1012 var info = aExt[i]; +1013 +1014 // show extension name and critical flag +1015 var extName = KJUR.asn1.x509.OID.oid2name(info["oid"]); +1016 if (extName === '') extName = info["oid"]; +1017 +1018 var critical = ''; +1019 if (info["critical"] === true) critical = "CRITICAL"; +1020 +1021 s += " " + extName + " " + critical + ":\n"; +1022 +1023 // show extension value if supported +1024 if (extName === "basicConstraints") { +1025 var bc = this.getExtBasicConstraints(); +1026 if (bc.cA === undefined) { +1027 s += " {}\n"; +1028 } else { +1029 s += " cA=true"; +1030 if (bc.pathLen !== undefined) +1031 s += ", pathLen=" + bc.pathLen; +1032 s += "\n"; +1033 } +1034 } else if (extName === "keyUsage") { +1035 s += " " + this.getExtKeyUsageString() + "\n"; +1036 } else if (extName === "subjectKeyIdentifier") { +1037 s += " " + this.getExtSubjectKeyIdentifier() + "\n"; +1038 } else if (extName === "authorityKeyIdentifier") { +1039 var akid = this.getExtAuthorityKeyIdentifier(); +1040 if (akid.kid !== undefined) +1041 s += " kid=" + akid.kid + "\n"; +1042 } else if (extName === "extKeyUsage") { +1043 var eku = this.getExtExtKeyUsageName(); +1044 s += " " + eku.join(", ") + "\n"; +1045 } else if (extName === "subjectAltName") { +1046 var san = this.getExtSubjectAltName2(); +1047 s += " " + san + "\n"; +1048 } else if (extName === "cRLDistributionPoints") { +1049 var cdp = this.getExtCRLDistributionPointsURI(); +1050 s += " " + cdp + "\n"; +1051 } else if (extName === "authorityInfoAccess") { +1052 var aia = this.getExtAIAInfo(); +1053 if (aia.ocsp !== undefined) +1054 s += " ocsp: " + aia.ocsp.join(",") + "\n"; +1055 if (aia.caissuer !== undefined) +1056 s += " caissuer: " + aia.caissuer.join(",") + "\n"; +1057 } else if (extName === "certificatePolicies") { +1058 var aCP = this.getExtCertificatePolicies(); +1059 for (var j = 0; j < aCP.length; j++) { +1060 if (aCP[j].id !== undefined) +1061 s += " policy oid: " + aCP[j].id + "\n"; +1062 if (aCP[j].cps !== undefined) +1063 s += " cps: " + aCP[j].cps + "\n"; +1064 } +1065 } +1066 } +1067 +1068 s += "signature algorithm: " + this.getSignatureAlgorithmName() + "\n"; +1069 s += "signature: " + this.getSignatureValueHex().substr(0, 16) + "...\n"; +1070 return s; +1071 }; +1072 }; +1073 +1074 /** +1075 * get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name<br/> +1076 * @name hex2dn +1077 * @memberOf X509 +1078 * @function +1079 * @param {String} hex hexadecimal string of ASN.1 DER distinguished name +1080 * @param {Integer} idx index of hexadecimal string (DEFAULT=0) +1081 * @return {String} OpenSSL online format distinguished name +1082 * @description +1083 * This static method converts from a hexadecimal string of +1084 * distinguished name (DN) +1085 * specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a). +1086 * @example +1087 * X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1 +1088 */ +1089 X509.hex2dn = function(hex, idx) { +1090 if (idx === undefined) idx = 0; +1091 if (hex.substr(idx, 2) !== "30") throw "malformed DN"; +1092 +1093 var a = new Array(); +1094 +1095 var aIdx = ASN1HEX.getChildIdx(hex, idx); +1096 for (var i = 0; i < aIdx.length; i++) { +1097 a.push(X509.hex2rdn(hex, aIdx[i])); +1098 } +1099 +1100 a = a.map(function(s) { return s.replace("/", "\\/"); }); +1101 return "/" + a.join("/"); +1102 }; +1103 +1104 /** +1105 * get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN<br/> +1106 * @name hex2rdn +1107 * @memberOf X509 +1108 * @function +1109 * @param {String} hex hexadecimal string of ASN.1 DER concludes relative distinguished name +1110 * @param {Integer} idx index of hexadecimal string (DEFAULT=0) +1111 * @return {String} OpenSSL online format relative distinguished name +1112 * @description +1113 * This static method converts from a hexadecimal string of +1114 * relative distinguished name (RDN) +1115 * specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).<br/> +1116 * NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10. +1117 * @example +1118 * X509.hex2rdn("310a3008060355040a0c0161") → O=a +1119 * X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b +1120 */ +1121 X509.hex2rdn = function(hex, idx) { +1122 if (idx === undefined) idx = 0; +1123 if (hex.substr(idx, 2) !== "31") throw "malformed RDN"; +1124 +1125 var a = new Array(); +1126 +1127 var aIdx = ASN1HEX.getChildIdx(hex, idx); +1128 for (var i = 0; i < aIdx.length; i++) { +1129 a.push(X509.hex2attrTypeValue(hex, aIdx[i])); +1130 } +1131 +1132 a = a.map(function(s) { return s.replace("+", "\\+"); }); +1133 return a.join("+"); +1134 }; +1135 +1136 /** +1137 * get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue<br/> +1138 * @name hex2attrTypeValue +1139 * @memberOf X509 +1140 * @function +1141 * @param {String} hex hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue +1142 * @param {Integer} idx index of hexadecimal string (DEFAULT=0) +1143 * @return {String} string representation of AttributeTypeAndValue (ex. C=US) +1144 * @description +1145 * This static method converts from a hexadecimal string of AttributeTypeAndValue +1146 * specified by 'hex' and 'idx' to LDAP string representation (ex. C=US). +1147 * @example +1148 * X509.hex2attrTypeValue("3008060355040a0c0161") → O=a +1149 * X509.hex2attrTypeValue("300806035504060c0161") → C=a +1150 * X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a +1151 */ +1152 X509.hex2attrTypeValue = function(hex, idx) { +1153 var _ASN1HEX = ASN1HEX; +1154 var _getV = _ASN1HEX.getV; +1155 +1156 if (idx === undefined) idx = 0; +1157 if (hex.substr(idx, 2) !== "30") throw "malformed attribute type and value"; +1158 +1159 var aIdx = _ASN1HEX.getChildIdx(hex, idx); +1160 if (aIdx.length !== 2 || hex.substr(aIdx[0], 2) !== "06") +1161 "malformed attribute type and value"; +1162 +1163 var oidHex = _getV(hex, aIdx[0]); +1164 var oidInt = KJUR.asn1.ASN1Util.oidHexToInt(oidHex); +1165 var atype = KJUR.asn1.x509.OID.oid2atype(oidInt); +1166 +1167 var hV = _getV(hex, aIdx[1]); +1168 var rawV = hextorstr(hV); +1169 +1170 return atype + "=" + rawV; +1171 }; +1172 +1173 /** +1174 * get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string<br/> +1175 * @name getPublicKeyFromCertHex +1176 * @memberOf X509 +1177 * @function +1178 * @param {String} h hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key +1179 * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key +1180 * @since jsrasign 7.1.0 x509 1.1.11 +1181 */ +1182 X509.getPublicKeyFromCertHex = function(h) { +1183 var x = new X509(); +1184 x.readCertHex(h); +1185 return x.getPublicKey(); +1186 }; +1187 +1188 /** +1189 * get RSA/DSA/ECDSA public key object from PEM certificate string +1190 * @name getPublicKeyFromCertPEM +1191 * @memberOf X509 +1192 * @function +1193 * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate +1194 * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key +1195 * @since x509 1.1.1 +1196 * @description +1197 * NOTE: DSA is also supported since x509 1.1.2. +1198 */ +1199 X509.getPublicKeyFromCertPEM = function(sCertPEM) { +1200 var x = new X509(); +1201 x.readCertPEM(sCertPEM); +1202 return x.getPublicKey(); +1203 }; +1204 +1205 /** +1206 * get public key information from PEM certificate +1207 * @name getPublicKeyInfoPropOfCertPEM +1208 * @memberOf X509 +1209 * @function +1210 * @param {String} sCertPEM string of PEM formatted certificate +1211 * @return {Hash} hash of information for public key +1212 * @since x509 1.1.1 +1213 * @description +1214 * Resulted associative array has following properties:<br/> +1215 * <ul> +1216 * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li> +1217 * <li>algparam - hexadecimal string of OID of ECC curve name or null</li> +1218 * <li>keyhex - hexadecimal string of key in the certificate</li> +1219 * </ul> +1220 * NOTE: X509v1 certificate is also supported since x509.js 1.1.9. +1221 */ +1222 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) { +1223 var _ASN1HEX = ASN1HEX; +1224 var _getVbyList = _ASN1HEX.getVbyList; +1225 +1226 var result = {}; +1227 var x, hSPKI, pubkey; +1228 result.algparam = null; +1229 +1230 x = new X509(); +1231 x.readCertPEM(sCertPEM); +1232 +1233 hSPKI = x.getPublicKeyHex(); +1234 result.keyhex = _getVbyList(hSPKI, 0, [1], "03").substr(2); +1235 result.algoid = _getVbyList(hSPKI, 0, [0, 0], "06"); +1236 +1237 if (result.algoid === "2a8648ce3d0201") { // ecPublicKey +1238 result.algparam = _getVbyList(hSPKI, 0, [0, 1], "06"); +1239 }; +1240 +1241 return result; +1242 }; +1243 +1244 /* ====================================================================== +1245 * Specific V3 Extensions +1246 * ====================================================================== */ +1247 +1248 X509.KEYUSAGE_NAME = [ +1249 "digitalSignature", +1250 "nonRepudiation", +1251 "keyEncipherment", +1252 "dataEncipherment", +1253 "keyAgreement", +1254 "keyCertSign", +1255 "cRLSign", +1256 "encipherOnly", +1257 "decipherOnly" +1258 ]; +1259
\ No newline at end of file diff --git a/bower.json b/bower.json index 97cfc29c..95149a0c 100644 --- a/bower.json +++ b/bower.json @@ -1,6 +1,6 @@ { "name": "kjur-jsrsasign", - "version": "8.0.0", + "version": "8.0.1", "main": "jsrsasign-all-min.js", "description": "The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES, JWS and JWT in pure JavaScript.", "license": "MIT", diff --git a/jsrsasign-all-min.js b/jsrsasign-all-min.js index 15718004..7949406b 100644 --- a/jsrsasign-all-min.js +++ b/jsrsasign-all-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(all) 8.0.0 (2017-06-29) (c) 2010-2017 Kenji Urushima | kjur.github.com/jsrsasign/license + * jsrsasign(all) 8.0.1 (2017-07-01) (c) 2010-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /*! @@ -241,6 +241,6 @@ if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"|| var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(v){var w={};var q=v.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(q){w.cipher=q[1];w.ivsalt=q[2]}var p=v.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(p){w.type=p[1]}var u=-1;var x=0;if(v.indexOf("\r\n\r\n")!=-1){u=v.indexOf("\r\n\r\n");x=2}if(v.indexOf("\n\n")!=-1){u=v.indexOf("\n\n");x=1}var t=v.indexOf("-----END");if(u!=-1&&t!=-1){var r=v.substring(u+x*2,t-x);r=r.replace(/\s+/g,"");w.data=r}return w};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+A.length}if(w(y,A[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=z(y,A[1]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=z(y,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length}if(w(y,s[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=z(y,s[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=u(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=u(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=t(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var w=r[0];if(t.substr(w,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=u(t,w);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(t.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw"unsupported PKCS#1/5 hexadecimal key"}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+f}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw"not supported argument"};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var G=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return G}function B(G){var s=l({seq:[{"int":1},{octstr:{hex:G.prvKeyHex}},{tag:["a0",true,{oid:{name:G.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+G.pubKeyHex}}]}]});return s}function x(s){var G=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return G}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.getEncodedHex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.getEncodedHex();var h=B(b);var t=h.getEncodedHex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(G,s){var I=c(G,s);var H=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:I.pbkdf2Salt}},{"int":I.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:I.encryptionSchemeIV}}]}]}]},{octstr:{hex:I.ciphertext}}]});return H.getEncodedHex()};var c=function(N,O){var H=100;var M=CryptoJS.lib.WordArray.random(8);var L="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var I=CryptoJS.PBKDF2(O,M,{keySize:192/32,iterations:H});var J=CryptoJS.enc.Hex.parse(N);var K=CryptoJS.TripleDES.encrypt(J,I,{iv:s})+"";var G={};G.ciphertext=K;G.pbkdf2Salt=CryptoJS.enc.Hex.stringify(M);G.pbkdf2Iter=H;G.encryptionSchemeAlg=L;G.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return G};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var g=new l({seq:[{"int":1},{octstr:{hex:b.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]}]});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw"unsupported object nor format"};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var e=f(g,0);if(e.length<1){throw"malformed CSR(code:002)"}if(g.substr(e[0],2)!="30"){throw"malformed CSR(code:003)"}var a=f(g,e[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getJWKFromKey=function(d){var b={};if(d instanceof RSAKey&&d.isPrivate){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));b.d=hextob64u(d.d.toString(16));b.p=hextob64u(d.p.toString(16));b.q=hextob64u(d.q.toString(16));b.dp=hextob64u(d.dmp1.toString(16));b.dq=hextob64u(d.dmq1.toString(16));b.qi=hextob64u(d.coeff.toString(16));return b}else{if(d instanceof RSAKey&&d.isPublic){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPrivate){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);b.d=hextob64u(d.prvKeyHex);return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPublic){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);return b}}}}throw"not supported key object"}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,j,l,b,a,f,d,k;var m=ASN1HEX;var g=m.getVbyList;if(m.isASN1HEX(e)===false){throw"not ASN.1 hex string"}try{c=g(e,0,[2,0,1],"02");j=g(e,0,[2,0,2],"02");l=g(e,0,[2,0,3],"02");b=g(e,0,[2,0,4],"02");a=g(e,0,[2,0,5],"02");f=g(e,0,[2,0,6],"02");d=g(e,0,[2,0,7],"02");k=g(e,0,[2,0,8],"02")}catch(i){throw"malformed PKCS#8 plain RSA private key"}this.setPrivateEx(c,j,l,b,a,f,d,k)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw"keyHex is not ASN.1 hex string"}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw"wrong hex for PKCS#5 public key"}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw"not ASN.1 hex string"}if(c.getTLVbyList(b,0,[0,0])!=="06092a864886f70d010101"){throw"not PKCS8 RSA public key"}var a=c.getTLVbyList(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("");_RE_HEXDECONLY.compile("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw"invalid salt length"}}}if(c<(g+k+2)){throw"data too long"}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){a=a.replace(_RE_HEXDECONLY,"");a=a.replace(/[ \n]+/g,"");var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){var k=new BigInteger(s,16);if(k.bitLength()>this.n.bitLength()){return false}var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw"invalid salt length"}}}if(m<(h+c+2)){throw"data too long"}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw"bits beyond keysize not zero"}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.signatures=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/jsrsasign-jwths-min.js b/jsrsasign-jwths-min.js index aaa7ba5b..9a8bea98 100644 --- a/jsrsasign-jwths-min.js +++ b/jsrsasign-jwths-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(jwths) 8.0.0 (2017-06-29) (c) 2010-2017 Kenji Urushima | kjur.github.com/jsrsasign/license + * jsrsasign(jwths) 8.0.1 (2017-07-01) (c) 2010-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /*! diff --git a/jsrsasign-rsa-min.js b/jsrsasign-rsa-min.js index 0c365b03..eea81dff 100644 --- a/jsrsasign-rsa-min.js +++ b/jsrsasign-rsa-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(rsa) 8.0.0 (2017-06-29) (c) 2010-2017 Kenji Urushima | kjur.github.com/jsrsasign/license + * jsrsasign(rsa) 8.0.1 (2017-07-01) (c) 2010-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /*! diff --git a/min/x509-1.1.min.js b/min/x509-1.1.min.js index a478945b..5fcadd14 100644 --- a/min/x509-1.1.min.js +++ b/min/x509-1.1.min.js @@ -1 +1 @@ -function X509(){var k=ASN1HEX,j=k.getChildIdx,h=k.getV,b=k.getTLV,f=k.getVbyList,c=k.getTLVbyList,g=k.getIdxbyList,d=k.getVidx,i=k.oidname,a=X509,e=pemtohex;this.hex=null;this.version=0;this.foffset=0;this.aExtInfo=null;this.getVersion=function(){if(this.hex===null||this.version!==0){return this.version}if(c(this.hex,0,[0,0])!=="a003020102"){this.version=1;this.foffset=-1;return 1}this.version=3;return 3};this.getSerialNumberHex=function(){return f(this.hex,0,[0,1+this.foffset],"02")};this.getSignatureAlgorithmField=function(){return i(f(this.hex,0,[0,2+this.foffset,0],"06"))};this.getIssuerHex=function(){return c(this.hex,0,[0,3+this.foffset],"30")};this.getIssuerString=function(){return a.hex2dn(this.getIssuerHex())};this.getSubjectHex=function(){return c(this.hex,0,[0,5+this.foffset],"30")};this.getSubjectString=function(){return a.hex2dn(this.getSubjectHex())};this.getNotBefore=function(){var l=f(this.hex,0,[0,4+this.foffset,0]);l=l.replace(/(..)/g,"%$1");l=decodeURIComponent(l);return l};this.getNotAfter=function(){var l=f(this.hex,0,[0,4+this.foffset,1]);l=l.replace(/(..)/g,"%$1");l=decodeURIComponent(l);return l};this.getPublicKeyHex=function(){return k.getTLVbyList(this.hex,0,[0,6+this.foffset],"30")};this.getPublicKeyIdx=function(){return g(this.hex,0,[0,6+this.foffset],"30")};this.getPublicKeyContentIdx=function(){var l=this.getPublicKeyIdx();return g(this.hex,l,[1,0],"30")};this.getPublicKey=function(){return KEYUTIL.getKey(this.getPublicKeyHex(),null,"pkcs8pub")};this.getSignatureAlgorithmName=function(){return i(f(this.hex,0,[1,0],"06"))};this.getSignatureValueHex=function(){return f(this.hex,0,[2],"03",true)};this.verifySignature=function(n){var o=this.getSignatureAlgorithmName();var l=this.getSignatureValueHex();var m=c(this.hex,0,[0],"30");var p=new KJUR.crypto.Signature({alg:o});p.init(n);p.updateHex(m);return p.verify(l)};this.parseExt=function(){if(this.version!==3){return -1}var p=g(this.hex,0,[0,7,0],"30");var m=j(this.hex,p);this.aExtInfo=new Array();for(var n=0;n=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+A.length}if(w(y,A[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=z(y,A[1]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=z(y,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length}if(w(y,s[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=z(y,s[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=u(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=u(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=t(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var w=r[0];if(t.substr(w,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=u(t,w);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(t.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw"unsupported PKCS#1/5 hexadecimal key"}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+f}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw"not supported argument"};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var G=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return G}function B(G){var s=l({seq:[{"int":1},{octstr:{hex:G.prvKeyHex}},{tag:["a0",true,{oid:{name:G.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+G.pubKeyHex}}]}]});return s}function x(s){var G=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return G}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.getEncodedHex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.getEncodedHex();var h=B(b);var t=h.getEncodedHex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(G,s){var I=c(G,s);var H=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:I.pbkdf2Salt}},{"int":I.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:I.encryptionSchemeIV}}]}]}]},{octstr:{hex:I.ciphertext}}]});return H.getEncodedHex()};var c=function(N,O){var H=100;var M=CryptoJS.lib.WordArray.random(8);var L="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var I=CryptoJS.PBKDF2(O,M,{keySize:192/32,iterations:H});var J=CryptoJS.enc.Hex.parse(N);var K=CryptoJS.TripleDES.encrypt(J,I,{iv:s})+"";var G={};G.ciphertext=K;G.pbkdf2Salt=CryptoJS.enc.Hex.stringify(M);G.pbkdf2Iter=H;G.encryptionSchemeAlg=L;G.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return G};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var g=new l({seq:[{"int":1},{octstr:{hex:b.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]}]});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw"unsupported object nor format"};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var e=f(g,0);if(e.length<1){throw"malformed CSR(code:002)"}if(g.substr(e[0],2)!="30"){throw"malformed CSR(code:003)"}var a=f(g,e[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getJWKFromKey=function(d){var b={};if(d instanceof RSAKey&&d.isPrivate){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));b.d=hextob64u(d.d.toString(16));b.p=hextob64u(d.p.toString(16));b.q=hextob64u(d.q.toString(16));b.dp=hextob64u(d.dmp1.toString(16));b.dq=hextob64u(d.dmq1.toString(16));b.qi=hextob64u(d.coeff.toString(16));return b}else{if(d instanceof RSAKey&&d.isPublic){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPrivate){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);b.d=hextob64u(d.prvKeyHex);return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPublic){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);return b}}}}throw"not supported key object"}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,j,l,b,a,f,d,k;var m=ASN1HEX;var g=m.getVbyList;if(m.isASN1HEX(e)===false){throw"not ASN.1 hex string"}try{c=g(e,0,[2,0,1],"02");j=g(e,0,[2,0,2],"02");l=g(e,0,[2,0,3],"02");b=g(e,0,[2,0,4],"02");a=g(e,0,[2,0,5],"02");f=g(e,0,[2,0,6],"02");d=g(e,0,[2,0,7],"02");k=g(e,0,[2,0,8],"02")}catch(i){throw"malformed PKCS#8 plain RSA private key"}this.setPrivateEx(c,j,l,b,a,f,d,k)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw"keyHex is not ASN.1 hex string"}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw"wrong hex for PKCS#5 public key"}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw"not ASN.1 hex string"}if(c.getTLVbyList(b,0,[0,0])!=="06092a864886f70d010101"){throw"not PKCS8 RSA public key"}var a=c.getTLVbyList(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("");_RE_HEXDECONLY.compile("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw"invalid salt length"}}}if(c<(g+k+2)){throw"data too long"}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){a=a.replace(_RE_HEXDECONLY,"");a=a.replace(/[ \n]+/g,"");var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){var k=new BigInteger(s,16);if(k.bitLength()>this.n.bitLength()){return false}var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw"invalid salt length"}}}if(m<(h+c+2)){throw"data too long"}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw"bits beyond keysize not zero"}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.signatures=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; exports.SecureRandom = SecureRandom; diff --git a/npm/package.json b/npm/package.json index 80ab8fc6..5f103d89 100755 --- a/npm/package.json +++ b/npm/package.json @@ -1,6 +1,6 @@ { "name": "jsrsasign", - "version": "8.0.0", + "version": "8.0.1", "description": "opensource free pure JavaScript cryptographic library supports RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp and CAdES and JSON Web Signature(JWS)/Token(JWT)/Key(JWK).", "main": "lib/jsrsasign.js", "scripts": { diff --git a/src/x509-1.1.js b/src/x509-1.1.js index 3bd668c4..45a8c0f5 100644 --- a/src/x509-1.1.js +++ b/src/x509-1.1.js @@ -1,4 +1,4 @@ -/* x509-1.1.16.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license +/* x509-1.1.17.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * x509.js - X509 class to read subject public key from certificate. @@ -16,7 +16,7 @@ * @fileOverview * @name x509-1.1.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 7.2.1 x509 1.1.16 (2017-Jun-23) + * @version jsrsasign 8.0.1 x509 1.1.17 (2017-Jun-30) * @since jsrsasign 1.x.x * @license MIT License */ @@ -671,12 +671,13 @@ function X509() { }; /** - * get subjectAltName value as array of string in the certificate + * (DEPRECATED) get subjectAltName value as array of string in the certificate * @name getExtSubjectAltName * @memberOf X509# * @function * @return {Object} array of alt names * @since jsrsasign 7.2.0 x509 1.1.14 + * @deprecated since jsrsasign 8.0.1 x509 1.1.17. Please move to {@link X509#getExtSubjectAltName2} * @description * This method will get subject alt name extension value * as array of name. @@ -687,9 +688,49 @@ function X509() { * @example * x = new X509(); * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. - * x.getExtSubjectAltName(hCert) → ["example.com", "example.org"] + * x.getExtSubjectAltName() → ["example.com", "example.org"] */ this.getExtSubjectAltName = function() { + var a = this.getExtSubjectAltName2(); + var result = new Array(); + + for (var i = 0; i < a.length; i++) { + if (a[i][0] === "DNS") result.push(a[i][1]); + } + return result; + }; + + /** + * get subjectAltName value as array of string in the certificate + * @name getExtSubjectAltName2 + * @memberOf X509# + * @function + * @return {Object} array of alt name array + * @since jsrsasign 8.0.1 x509 1.1.17 + * @description + * This method will get subject alt name extension value + * as array of type and name. + * If there is this in the certificate, it returns undefined; + * Type of GeneralName will be shown as following: + *
    + *
  • "MAIL" - [1]rfc822Name
  • + *
  • "DNS" - [2]dNSName
  • + *
  • "DN" - [4]directoryName
  • + *
  • "URI" - [6]uniformResourceIdentifier
  • + *
  • "IP" - [7]iPAddress
  • + *
+ * @example + * x = new X509(); + * x.readCertPEM(sCertPEM); // parseExt() will also be called internally. + * x.getExtSubjectAltName2() → + * [["DNS", "example.com"], + * ["DNS", "example.org"], + * ["MAIL", "foo@example.com"], + * ["IP", "192.168.1.1"], + * ["DN", "/C=US/O=TEST1"]] + */ + this.getExtSubjectAltName2 = function() { + var gnValueHex, gnValueStr, gnTag; var info = this.getExtInfo("subjectAltName"); if (info === undefined) return info; @@ -698,9 +739,34 @@ function X509() { var a = _getChildIdx(h, 0); for (var i = 0; i < a.length; i++) { - if (h.substr(a[i], 2) === "82") { - var fqdn = hextoutf8(_getV(h, a[i])); - result.push(fqdn); + gnTag = h.substr(a[i], 2); + gnValueHex = _getV(h, a[i]); + + if (gnTag === "81") { // rfc822Name [1] + gnValueStr = hextoutf8(gnValueHex); + result.push(["MAIL", gnValueStr]); + } + if (gnTag === "82") { // dNSName [2] + gnValueStr = hextoutf8(gnValueHex); + result.push(["DNS", gnValueStr]); + } + if (gnTag === "84") { // directoryName [4] + gnValueStr = X509.hex2dn(gnValueHex, 0); + result.push(["DN", gnValueStr]); + } + if (gnTag === "86") { // uniformResourceIdentifier [6] + gnValueStr = hextoutf8(gnValueHex); + result.push(["URI", gnValueStr]); + } + if (gnTag === "87") { // iPAddress [7] + try { + gnValueStr = + parseInt(gnValueStr.substr(0, 2), 16) + "." + + parseInt(gnValueStr.substr(2, 2), 16) + "." + + parseInt(gnValueStr.substr(4, 2), 16) + "." + + parseInt(gnValueStr.substr(6, 2), 16); + result.push(["IP", gnValueStr]); + } catch (ex) {}; } } return result; @@ -733,9 +799,11 @@ function X509() { var result = new Array(); var a = _getChildIdx(this.hex, info.vidx); for (var i = 0; i < a.length; i++) { - var hURI = _getVbyList(this.hex, a[i], [0, 0, 0], "86"); - var uri = hextoutf8(hURI); - result.push(uri); + try { + var hURI = _getVbyList(this.hex, a[i], [0, 0, 0], "86"); + var uri = hextoutf8(hURI); + result.push(uri); + } catch(ex) {}; } return result; @@ -975,8 +1043,8 @@ function X509() { var eku = this.getExtExtKeyUsageName(); s += " " + eku.join(", ") + "\n"; } else if (extName === "subjectAltName") { - var san = this.getExtSubjectAltName(); - s += " " + san.join(", ") + "\n"; + var san = this.getExtSubjectAltName2(); + s += " " + san + "\n"; } else if (extName === "cRLDistributionPoints") { var cdp = this.getExtCRLDistributionPointsURI(); s += " " + cdp + "\n"; @@ -986,6 +1054,14 @@ function X509() { s += " ocsp: " + aia.ocsp.join(",") + "\n"; if (aia.caissuer !== undefined) s += " caissuer: " + aia.caissuer.join(",") + "\n"; + } else if (extName === "certificatePolicies") { + var aCP = this.getExtCertificatePolicies(); + for (var j = 0; j < aCP.length; j++) { + if (aCP[j].id !== undefined) + s += " policy oid: " + aCP[j].id + "\n"; + if (aCP[j].cps !== undefined) + s += " cps: " + aCP[j].cps + "\n"; + } } } diff --git a/test/qunit-do-x509-ext.html b/test/qunit-do-x509-ext.html index efaf23c7..9dc11695 100755 --- a/test/qunit-do-x509-ext.html +++ b/test/qunit-do-x509-ext.html @@ -141,6 +141,46 @@ -----END CERTIFICATE----- */}).toString().match(/\/\*([^]*)\*\//)[1]; +// _test/0cert_sites/danmarksapotuser1.cer +var danmarksUser1PEM = (function() {/* +-----BEGIN CERTIFICATE----- +MIIGYDCCBUigAwIBAgIEU7s4dDANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJE +SzESMBAGA1UECgwJVFJVU1QyNDA4MR0wGwYDVQQDDBRUUlVTVDI0MDggT0NFUyBD +QSBJSTAeFw0xNTEyMzAxMjE4MDNaFw0xODEyMzAxMjE2NTBaMIGeMQswCQYDVQQG +EwJESzEyMDAGA1UECgwpRGFubWFya3MgQXBvdGVrZXJmb3JlbmluZyAvLyBDVlI6 +MjAxMjQ1MTIxWzAgBgNVBAUTGUNWUjoyMDEyNDUxMi1VSUQ6NjQyOTA2OTgwNwYD +VQQDDDBEYW5tYXJrcyBBcG90ZWtlcmZvcmVuaW5nIC0gRGFubWFya3MgQXBvdGVr +ZXJmb3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQNL1iA9kO241w +eNpuTm/OoU5i9kOpp+/Vi6OmY14aYEIpgDEWr6nfeGugrsFyR2crOxr7iRhngUyk +UnSsfSqPkhhGiXdcPtEplSubCzP08zf/0PyIyyV5LoBEZr60M7LmahPuQojb09sK +dCTEDMk46LCeISEQGI/ZggALH1SRSQiodctQvVN98okuaJDobgbTi/P2sMu3OK/J +SbQrI2kn5d4ShUlWIBkZqsRUBNRmrvfBQzZpv2+mkDMFGouYzSkYccPivzQCx8BV +9e2QdrB6KVnT6m/l5ND0d3qY41h0i/CffnjofQmoaQ1a3xO82+A6EF+Dl3QF5Wcm +fR2Z2C6rAgMBAAGjggMBMIIC/TAOBgNVHQ8BAf8EBAMCA7gwgYkGCCsGAQUFBwEB +BH0wezA1BggrBgEFBQcwAYYpaHR0cDovL29jc3AuaWNhMDIudHJ1c3QyNDA4LmNv +bS9yZXNwb25kZXIwQgYIKwYBBQUHMAKGNmh0dHA6Ly92LmFpYS5pY2EwMi50cnVz +dDI0MDguY29tL29jZXMtaXNzdWluZzAyLWNhLmNlcjCCAUMGA1UdIASCATowggE2 +MIIBMgYKKoFQgSkBAQEDBDCCASIwLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1 +c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHuBggrBgEFBQcCAjCB4TAQFglUUlVTVDI0 +MDgwAwIBARqBzEZvciBhbnZlbmRlbHNlIGFmIGNlcnRpZmlrYXRldCBn5mxkZXIg +T0NFUyB2aWxr5XIsIENQUyBvZyBPQ0VTIENQLCBkZXIga2FuIGhlbnRlcyBmcmEg +d3d3LnRydXN0MjQwOC5jb20vcmVwb3NpdG9yeS4gQmVt5nJrLCBhdCBUUlVTVDI0 +MDggZWZ0ZXIgdmlsa+VyZW5lIGhhciBldCBiZWdy5m5zZXQgYW5zdmFyIGlmdC4g +cHJvZmVzc2lvbmVsbGUgcGFydGVyLjAzBgNVHREELDAqgShhcG90ZWtlcmZvcmVu +aW5nZW5AYXBvdGVrZXJmb3JlbmluZ2VuLmRrMIGXBgNVHR8EgY8wgYwwLqAsoCqG +KGh0dHA6Ly9jcmwuaWNhMDIudHJ1c3QyNDA4LmNvbS9pY2EwMi5jcmwwWqBYoFak +VDBSMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MR0wGwYDVQQDDBRU +UlVTVDI0MDggT0NFUyBDQSBJSTEQMA4GA1UEAwwHQ1JMMzExNzAfBgNVHSMEGDAW +gBSZj7oNia4hGkJ6Cq4aTE4i/xDrjDAdBgNVHQ4EFgQUc/W+LbQMXATob80qxnVN +E5DeDagwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAWgMjuLxT1GtEfWxR +6Giqj2wUZxn0EecPWrWotL5Rvl5kNDXajcnsdAzEBS+0ZCXP1i/to+tupkQOs/o0 +cO759nBIY0O8ZbOvzsKBeLxWdQp2EuLZKDBwLpN49i8yzSJYWd7/KfH15DcNICvD +wHPL6SBjwokCuz5dTFVdjXybOrIihRg8zRKZ4Utm1NV2Rfoh4C9D50uIMgcaIJ2W +rhD4uIUbomqy9Ex0qUmTAV6eZh5ynCjlVYie3UqeJ+UoVfpsNMFNRJdoeKsn6g1W +U2rgoKzYAzliiC89n3hrNbm7rcBLgDFfWsHUtO1w2PDfRAqJcHWoTQiIQNUCPTa8 +B9LZ8g== +*/}).toString().match(/\/\*([^]*)\*\//)[1]; + // _gitpg/jsrsasign/test/eckey/k1.self.cer var k1CertPEM = "" + "-----BEGIN CERTIFICATE-----\n" + @@ -285,7 +325,7 @@ deepEqual(x.getExtSubjectAltName(), ["github.com", "www.github.com"], "for GitHub.com site"); }); -test("getExtCRLDistributionPointsURI", function() { +test("getExtCRLDistributionPointsURI github", function() { var x = new X509(); x.readCertPEM(certGithubPEM); deepEqual(x.getExtCRLDistributionPointsURI(), @@ -294,6 +334,14 @@ "for GitHub.com site"); }); +test("getExtCRLDistributionPointsURI danmarks", function() { + var x = new X509(); + x.readCertPEM(danmarksUser1PEM); + deepEqual(x.getExtCRLDistributionPointsURI(), + ["http://crl.ica02.trust2408.com/ica02.crl"], + "for Danmarks Apotekerforening User cert"); +}); + test("getExtAIAInfo", function() { var x = new X509(); x.readCertPEM(certGithubPEM); @@ -474,6 +522,6 @@

-

© 2015-2016 Kenji Urushima

+

© 2015-2017 Kenji Urushima

diff --git a/test/qunit-do-x509-getinfo.html b/test/qunit-do-x509-getinfo.html index a35edf7c..002b9c35 100644 --- a/test/qunit-do-x509-getinfo.html +++ b/test/qunit-do-x509-getinfo.html @@ -145,6 +145,46 @@ -----END CERTIFICATE----- */}).toString().match(/\/\*([^]*)\*\//)[1]; +// _test/0cert_sites/danmarksapotuser1.cer +var danmarksUser1PEM = (function() {/* +-----BEGIN CERTIFICATE----- +MIIGYDCCBUigAwIBAgIEU7s4dDANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJE +SzESMBAGA1UECgwJVFJVU1QyNDA4MR0wGwYDVQQDDBRUUlVTVDI0MDggT0NFUyBD +QSBJSTAeFw0xNTEyMzAxMjE4MDNaFw0xODEyMzAxMjE2NTBaMIGeMQswCQYDVQQG +EwJESzEyMDAGA1UECgwpRGFubWFya3MgQXBvdGVrZXJmb3JlbmluZyAvLyBDVlI6 +MjAxMjQ1MTIxWzAgBgNVBAUTGUNWUjoyMDEyNDUxMi1VSUQ6NjQyOTA2OTgwNwYD +VQQDDDBEYW5tYXJrcyBBcG90ZWtlcmZvcmVuaW5nIC0gRGFubWFya3MgQXBvdGVr +ZXJmb3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQNL1iA9kO241w +eNpuTm/OoU5i9kOpp+/Vi6OmY14aYEIpgDEWr6nfeGugrsFyR2crOxr7iRhngUyk +UnSsfSqPkhhGiXdcPtEplSubCzP08zf/0PyIyyV5LoBEZr60M7LmahPuQojb09sK +dCTEDMk46LCeISEQGI/ZggALH1SRSQiodctQvVN98okuaJDobgbTi/P2sMu3OK/J +SbQrI2kn5d4ShUlWIBkZqsRUBNRmrvfBQzZpv2+mkDMFGouYzSkYccPivzQCx8BV +9e2QdrB6KVnT6m/l5ND0d3qY41h0i/CffnjofQmoaQ1a3xO82+A6EF+Dl3QF5Wcm +fR2Z2C6rAgMBAAGjggMBMIIC/TAOBgNVHQ8BAf8EBAMCA7gwgYkGCCsGAQUFBwEB +BH0wezA1BggrBgEFBQcwAYYpaHR0cDovL29jc3AuaWNhMDIudHJ1c3QyNDA4LmNv +bS9yZXNwb25kZXIwQgYIKwYBBQUHMAKGNmh0dHA6Ly92LmFpYS5pY2EwMi50cnVz +dDI0MDguY29tL29jZXMtaXNzdWluZzAyLWNhLmNlcjCCAUMGA1UdIASCATowggE2 +MIIBMgYKKoFQgSkBAQEDBDCCASIwLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cudHJ1 +c3QyNDA4LmNvbS9yZXBvc2l0b3J5MIHuBggrBgEFBQcCAjCB4TAQFglUUlVTVDI0 +MDgwAwIBARqBzEZvciBhbnZlbmRlbHNlIGFmIGNlcnRpZmlrYXRldCBn5mxkZXIg +T0NFUyB2aWxr5XIsIENQUyBvZyBPQ0VTIENQLCBkZXIga2FuIGhlbnRlcyBmcmEg +d3d3LnRydXN0MjQwOC5jb20vcmVwb3NpdG9yeS4gQmVt5nJrLCBhdCBUUlVTVDI0 +MDggZWZ0ZXIgdmlsa+VyZW5lIGhhciBldCBiZWdy5m5zZXQgYW5zdmFyIGlmdC4g +cHJvZmVzc2lvbmVsbGUgcGFydGVyLjAzBgNVHREELDAqgShhcG90ZWtlcmZvcmVu +aW5nZW5AYXBvdGVrZXJmb3JlbmluZ2VuLmRrMIGXBgNVHR8EgY8wgYwwLqAsoCqG +KGh0dHA6Ly9jcmwuaWNhMDIudHJ1c3QyNDA4LmNvbS9pY2EwMi5jcmwwWqBYoFak +VDBSMQswCQYDVQQGEwJESzESMBAGA1UECgwJVFJVU1QyNDA4MR0wGwYDVQQDDBRU +UlVTVDI0MDggT0NFUyBDQSBJSTEQMA4GA1UEAwwHQ1JMMzExNzAfBgNVHSMEGDAW +gBSZj7oNia4hGkJ6Cq4aTE4i/xDrjDAdBgNVHQ4EFgQUc/W+LbQMXATob80qxnVN +E5DeDagwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAWgMjuLxT1GtEfWxR +6Giqj2wUZxn0EecPWrWotL5Rvl5kNDXajcnsdAzEBS+0ZCXP1i/to+tupkQOs/o0 +cO759nBIY0O8ZbOvzsKBeLxWdQp2EuLZKDBwLpN49i8yzSJYWd7/KfH15DcNICvD +wHPL6SBjwokCuz5dTFVdjXybOrIihRg8zRKZ4Utm1NV2Rfoh4C9D50uIMgcaIJ2W +rhD4uIUbomqy9Ex0qUmTAV6eZh5ynCjlVYie3UqeJ+UoVfpsNMFNRJdoeKsn6g1W +U2rgoKzYAzliiC89n3hrNbm7rcBLgDFfWsHUtO1w2PDfRAqJcHWoTQiIQNUCPTa8 +B9LZ8g== +*/}).toString().match(/\/\*([^]*)\*\//)[1]; + // _test/0cert/digicertevroot.cer var certDigicertOUT = (function() {/*Basic Fields serial number: 02ac5c266a0b409b8f0b79f2ae462577 @@ -197,8 +237,11 @@ ocsp: http://ocsp.int-x3.letsencrypt.org/ caissuer: http://cert.int-x3.letsencrypt.org/ subjectAltName : - https.cio.gov, pulse.cio.gov, staging.pulse.cio.gov + DNS,https.cio.gov,DNS,pulse.cio.gov,DNS,staging.pulse.cio.gov certificatePolicies : + policy oid: 2.23.140.1.2.1 + policy oid: 1.3.6.1.4.1.44947.1.1.1 + cps: http://cps.letsencrypt.org signature algorithm: SHA256withRSA signature: 0b76f2c64e9cf6fd... */}).toString().match(/\/\*([^]*)\*\//)[1]; @@ -221,7 +264,7 @@ subjectKeyIdentifier : 6a43907d3b98147252953aaa280a43f8517ed3a6 subjectAltName : - github.com, www.github.com + DNS,github.com,DNS,www.github.com keyUsage CRITICAL: digitalSignature,keyEncipherment extKeyUsage : @@ -229,6 +272,8 @@ cRLDistributionPoints : http://crl3.digicert.com/sha2-ev-server-g1.crl,http://crl4.digicert.com/sha2-ev-server-g1.crl certificatePolicies : + policy oid: 2.16.840.1.114412.2.1 + cps: https://www.digicert.com/CPS authorityInfoAccess : ocsp: http://ocsp.digicert.com caissuer: http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt @@ -238,6 +283,41 @@ signature: 6fe76dcb82f3ef90... */}).toString().match(/\/\*([^]*)\*\//)[1]; +// _test/0cert/github.com.cer +var danmarksUser1OUT = (function() {/*Basic Fields + serial number: 53bb3874 + signature algorithm: SHA256withRSA + issuer: /C=DK/O=TRUST2408/CN=TRUST2408 OCES CA II + notBefore: 151230121803Z + notAfter: 181230121650Z + subject: /C=DK/O=Danmarks Apotekerforening \// CVR:20124512/serialNumber=CVR:20124512-UID:64290698+CN=Danmarks Apotekerforening - Danmarks Apotekerfor + subject public key info: + key algorithm: RSA + n=00d034bd6203d90e... + e=010001 +X509v3 Extensions: + keyUsage CRITICAL: + digitalSignature,keyEncipherment,dataEncipherment,keyAgreement + authorityInfoAccess : + ocsp: http://ocsp.ica02.trust2408.com/responder + caissuer: http://v.aia.ica02.trust2408.com/oces-issuing02-ca.cer + certificatePolicies : + policy oid: 1.2.208.169.1.1.1.3.4 + cps: http://www.trust2408.com/repository + subjectAltName : + MAIL,apotekerforeningen@apotekerforeningen.dk + cRLDistributionPoints : + http://crl.ica02.trust2408.com/ica02.crl + authorityKeyIdentifier : + kid=998fba0d89ae211a427a0aae1a4c4e22ff10eb8c + subjectKeyIdentifier : + 73f5be2db40c5c04e86fcd2ac6754d1390de0da8 + basicConstraints : + {} +signature algorithm: SHA256withRSA +signature: 5a0323b8bc53d46b... +*/}).toString().match(/\/\*([^]*)\*\//)[1]; + test("X509.getInfo() DigiCert EV Root", function() { var c = new X509(); c.readCertPEM(certDigicertPEM); @@ -257,6 +337,12 @@ equal(c.getInfo(), certGithubOUT, certGithubOUT); }); +test("X509.getInfo() danmarks user cert", function() { + var c = new X509(); + c.readCertPEM(danmarksUser1PEM); + equal(c.getInfo(), danmarksUser1OUT, danmarksUser1OUT); +}); + }); diff --git a/tool/tool_certview.html b/tool/tool_certview.html index af92b710..0e044900 100755 --- a/tool/tool_certview.html +++ b/tool/tool_certview.html @@ -9,6 +9,7 @@ Online Certificate Viewer + @@ -66,7 +67,8 @@

(Step1) Fill PEM formatted X.509 certificate

2ninrEpfA4v2V1p3LOH+layZLDMJHkNCq8eoU1MbJi07cHxLWtlwliNOiRboaiYl 1wtWR7ZY4HZCPeyb0tanf58rBQAXElaCF3fmfHrlpxoJBsQP1NbFrBs2haOIEZ4E K3V9/Bpi ------END CERTIFICATE----- +-----END CERTIFICATE----- +

(Step2) Press "View" button

@@ -80,8 +82,12 @@

Certificate Fields

To Subject: + + + SHA1 Thumb Print: +