diff --git a/ChangeLog.txt b/ChangeLog.txt index 0e9973d5..048dfdc5 100755 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,6 +1,14 @@ ChangeLog for jsrsasign +CSRUtil class enhancement +* Changes from 10.5.25 to 10.5.26 (2022-Jul-14) + - src/asn1csr.js + - CSRUtil.verifySignature method added + - CSRUtil.getParam enhanced to support optional argument flagTBS + - test/qunit-do-asn1csr.html + - update some test cases for above + CVE-2022-25898 Security fix in JWS and JWT validation * Changes from 10.5.24 to 10.5.25 (2022-Jun-23) - src/jws.js diff --git a/README.md b/README.md index d53f8f3c..2fc229d4 100755 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ HIGHLIGHTS - no dependency to other library - no dependency to [W3C Web Cryptography API](https://www.w3.org/TR/WebCryptoAPI/) nor [OpenSSL](https://www.openssl.org/) - no dependency on newer ECMAScirpt function. So old browsers also supported. -- very popular crypto library with [0.6M+ npm downloads/month](https://npm-stat.com/charts.html?package=jsrsasign&from=2016-05-01&to=2022-06-20) +- very popular crypto library with [0.6M+ npm downloads/month](https://npm-stat.com/charts.html?package=jsrsasign&from=2016-05-01&to=2022-07-07) INSTALL ------- diff --git a/api/files.html b/api/files.html index 43075a73..545d93c3 100644 --- a/api/files.html +++ b/api/files.html @@ -586,7 +586,7 @@

asn1csr-1.0.js

Version:
-
jsrsasign 10.5.16 asn1csr 2.0.5 (2022-Apr-08)
+
jsrsasign 10.5.26 asn1csr 2.0.6 (2022-Jul-14)
diff --git a/api/symbols/KJUR.asn1.csr.CSRUtil.html b/api/symbols/KJUR.asn1.csr.CSRUtil.html index 984b6c13..91af0d7e 100644 --- a/api/symbols/KJUR.asn1.csr.CSRUtil.html +++ b/api/symbols/KJUR.asn1.csr.CSRUtil.html @@ -584,7 +584,7 @@

<static>   -
KJUR.asn1.csr.CSRUtil.getParam(sPEM) +
KJUR.asn1.csr.CSRUtil.getParam(sPEM, flagTBS)
get field values from CSR/PKCS#10 PEM string
This method parses PEM CSR/PKCS#1 string and retrieves @@ -602,6 +602,17 @@

+ + <static>   + +
KJUR.asn1.csr.CSRUtil.verifySignature(csr) +
+
verify self-signed CSR/PKCS#10 signature
+This method verifies self-signed signature of CSR/PKCS#10 +with its public key which is concluded in the CSR.
+ + + @@ -661,7 +672,7 @@

<static> {Array} - KJUR.asn1.csr.CSRUtil.getParam(sPEM) + KJUR.asn1.csr.CSRUtil.getParam(sPEM, flagTBS)
@@ -676,6 +687,7 @@

  • {Array}extreq - array of extensionRequest parameters
  • {String}sigalg - name of signature algorithm field
  • {String}sighex - hexadecimal string of signature value
    • +
  • {String}tbs - a hexadecimal string of CertificationRequestInfo as to be signed(OPTION)
    • Returned JSON object can be passed to KJUR.asn1.csr.CertificationRequest class constructor. @@ -683,6 +695,9 @@

    CAUTION: Returned JSON value format have been changed without backward compatibility since jsrsasign 9.0.0 asn1csr 2.0.0. +
    +NOTE: +The "flagTBS" supported since jsrsasign 10.5.26.

    @@ -697,7 +712,10 @@

    extreq: [{extname:"subjectAltName",array:[{dns:"example.com"}]}] sigalg: "SHA256withRSA", sighex: "1ab3df.." -} +} + +KJUR.asn1.csr.CSRUtil.getParam("-----BEGIN CERTIFICATE REQUEST...", true) → +result will also have a member "tbs" in the object. @@ -706,11 +724,17 @@

    Parameters:
    - {String} sPEM + {string} sPEM
    PEM string of CSR/PKCS#10
    +
    + {boolean} flagTBS + +
    +
    result object also concludes CertificationRequestInfo (OPTION, DEFAULT=false)
    + @@ -737,6 +761,8 @@

    KJUR.asn1.csr.CertificationRequest
    +
    KJUR.asn1.csr.CertificationRequestInfo
    +
    KJUR.asn1.x509.X500Name
    X509#getExtParamArray
    @@ -836,6 +862,75 @@

    +
    + + +
    <static> + + {boolean} + KJUR.asn1.csr.CSRUtil.verifySignature(csr) + +
    +
    + verify self-signed CSR/PKCS#10 signature
    +This method verifies self-signed signature of CSR/PKCS#10 +with its public key which is concluded in the CSR. + + +
    + + + + 
    KJUR.asn1.csr.CSRUtil.verifySignatrue("-----BEGIN CERTIFICATE REQUEST...") → true or false
+
+p = KJUR.asn1.csr.CSRUtil.getParam("-----BEGIN CERTIFICATE REQUEST-----", true); // with tbs
+KJUR.asn1.csr.CSRUtil.verifySignatrue(p) → true or false
    + + + + +
    +
    Parameters:
    + +
    + {object} csr + +
    +
    PEM CSR string or parsed JSON object of CSR
    + +
    + + + +
    +
    Since:
    +
    jsrsasign 10.5.26 asn1csr 2.0.6
    +
    + + + + +
    +
    Returns:
    + +
    {boolean} true if self-signed signature is valid otherwise false
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.csr.CertificationRequest
    + +
    KJUR.asn1.csr.CertificationRequestInfo
    + +
    KJUR.asn1.csr.CSRUtil#getParam
    + +
    + + diff --git a/api/symbols/src/asn1csr-1.0.js.html b/api/symbols/src/asn1csr-1.0.js.html index b0d5deef..3cd04509 100644 --- a/api/symbols/src/asn1csr-1.0.js.html +++ b/api/symbols/src/asn1csr-1.0.js.html @@ -5,12 +5,12 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
      1 /* asn1csr-2.0.5.js (c) 2015-2022 Kenji Urushima | kjur.github.io/jsrsasign/license
+	
      1 /* asn1csr-2.0.6.js (c) 2015-2022 Kenji Urushima | kjur.github.io/jsrsasign/license
   2  */
   3 /*
   4  * asn1csr.js - ASN.1 DER encoder classes for PKCS#10 CSR
   5  *
-  6  * Copyright (c) 2015-2020 Kenji Urushima (kenji.urushima@gmail.com)
+  6  * Copyright (c) 2015-2022 Kenji Urushima (kenji.urushima@gmail.com)
   7  *
   8  * This software is licensed under the terms of the MIT License.
   9  * https://kjur.github.io/jsrsasign/license
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1csr-1.0.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 10.5.16 asn1csr 2.0.5 (2022-Apr-08)
+ 19  * @version jsrsasign 10.5.26 asn1csr 2.0.6 (2022-Jul-14)
  20  * @since jsrsasign 4.9.0
  21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -390,104 +390,164 @@
 383  * @name getParam
 384  * @memberOf KJUR.asn1.csr.CSRUtil
 385  * @function
-386  * @param {String} sPEM PEM string of CSR/PKCS#10
-387  * @returns {Array} JSON object with parsed parameters such as name or public key
-388  * @since jsrsasign 9.0.0 asn1csr 2.0.0
-389  * @see KJUR.asn1.csr.CertificationRequest
-390  * @see KJUR.asn1.x509.X500Name
-391  * @see X509#getExtParamArray
-392  * @description
-393  * This method parses PEM CSR/PKCS#1 string and retrieves
-394  * fields such as subject name and public key. 
-395  * Following parameters are available in the
-396  * resulted JSON object.
-397  * <ul>
-398  * <li>{X500Name}subject - subject name parameters </li>
-399  * <li>{String}sbjpubkey - PEM string of subject public key</li>
-400  * <li>{Array}extreq - array of extensionRequest parameters</li>
-401  * <li>{String}sigalg - name of signature algorithm field</li>
-402  * <li>{String}sighex - hexadecimal string of signature value</li>
-403  * </ul>
-404  * Returned JSON object can be passed to 
-405  * {@link KJUR.asn1.csr.CertificationRequest} class constructor.
-406  * <br/>
-407  * CAUTION: 
-408  * Returned JSON value format have been changed without 
-409  * backward compatibility since jsrsasign 9.0.0 asn1csr 2.0.0.
-410  *
-411  * @example
-412  * KJUR.asn1.csr.CSRUtil.getParam("-----BEGIN CERTIFICATE REQUEST...") →
-413  * {
-414  *   subject: { array:[[{type:"C",value:"JP",ds:"prn"}],...],
-415  *              str: "/C=JP/O=Test"},
-416  *   sbjpubkey: "-----BEGIN PUBLIC KEY...",
-417  *   extreq: [{extname:"subjectAltName",array:[{dns:"example.com"}]}]
-418  *   sigalg: "SHA256withRSA",
-419  *   sighex: "1ab3df.."
-420  * }
-421  */
-422 KJUR.asn1.csr.CSRUtil.getParam = function(sPEM) {
-423     var _ASN1HEX = ASN1HEX,
-424 	_getV = _ASN1HEX.getV,
-425 	_getIdxbyList = _ASN1HEX.getIdxbyList,
-426 	_getTLVbyList = _ASN1HEX.getTLVbyList,
-427 	_getTLVbyListEx = _ASN1HEX.getTLVbyListEx,
-428 	_getVbyListEx = _ASN1HEX.getVbyListEx;
-429 
-430     /*
-431      * get a hexadecimal string of sequence of extension request attribute value
-432      * @param {String} h hexadecimal string of whole CSR
-433      * @return {String} hexadecimal string of SEQUENCE of extension request attribute value
-434      */
-435     var _getExtReqSeqHex = function(h) {
-436 	var idx1 = _getIdxbyList(h, 0, [0, 3, 0, 0], "06"); // extreq attr OID idx
-437 	if (_getV(h, idx1) != "2a864886f70d01090e") {
-438 	    return null;
-439 	}
-440 
-441 	return _getTLVbyList(h, 0, [0, 3, 0, 1, 0], "30"); // ext seq idx
-442     };
-443 
-444     var result = {};
-445 
-446     if (sPEM.indexOf("-----BEGIN CERTIFICATE REQUEST") == -1)
-447 	throw new Error("argument is not PEM file");
-448 
-449     var hex = pemtohex(sPEM, "CERTIFICATE REQUEST");
-450 
-451     try {
-452 	var hSubject = _getTLVbyListEx(hex, 0, [0, 1]);
-453 	if (hSubject == "3000") {
-454 	    result.subject = {};
-455 	} else {
-456 	    var x = new X509();
-457 	    result.subject = x.getX500Name(hSubject);
-458 	}
-459     } catch (ex) {};
-460 
-461     var hPubKey = _getTLVbyListEx(hex, 0, [0, 2]);
-462     var pubkeyobj = KEYUTIL.getKey(hPubKey, null, "pkcs8pub");
-463     result.sbjpubkey = KEYUTIL.getPEM(pubkeyobj, "PKCS8PUB");
-464 
-465     var hExtReqSeq = _getExtReqSeqHex(hex);
-466     var x = new X509();
-467     if (hExtReqSeq != null) {
-468 	result.extreq = x.getExtParamArray(hExtReqSeq);
-469     }
-470 
-471     try {
-472 	var hSigAlg = _getTLVbyListEx(hex, 0, [1], "30");
-473 	var x = new X509();
-474 	result.sigalg = x.getAlgorithmIdentifierName(hSigAlg);
-475     } catch (ex) {};
-476 
-477     try {
-478 	var hSig = _getVbyListEx(hex, 0, [2]);
-479 	result.sighex = hSig;
-480     } catch (ex) {};
-481 
-482     return result;
-483 };
-484 
-485 
-486 
    
\ No newline at end of file
+386  * @param {string} sPEM PEM string of CSR/PKCS#10
+387  * @param {boolean} flagTBS result object also concludes CertificationRequestInfo (OPTION, DEFAULT=false)
+388  * @returns {Array} JSON object with parsed parameters such as name or public key
+389  * @since jsrsasign 9.0.0 asn1csr 2.0.0
+390  * @see KJUR.asn1.csr.CertificationRequest
+391  * @see KJUR.asn1.csr.CertificationRequestInfo
+392  * @see KJUR.asn1.x509.X500Name
+393  * @see X509#getExtParamArray
+394  * @description
+395  * This method parses PEM CSR/PKCS#1 string and retrieves
+396  * fields such as subject name and public key. 
+397  * Following parameters are available in the
+398  * resulted JSON object.
+399  * <ul>
+400  * <li>{X500Name}subject - subject name parameters </li>
+401  * <li>{String}sbjpubkey - PEM string of subject public key</li>
+402  * <li>{Array}extreq - array of extensionRequest parameters</li>
+403  * <li>{String}sigalg - name of signature algorithm field</li>
+404  * <li>{String}sighex - hexadecimal string of signature value</li>
+405  * <li>{String}tbs - a hexadecimal string of CertificationRequestInfo as to be signed(OPTION)</li>
+406  * </ul>
+407  * Returned JSON object can be passed to 
+408  * {@link KJUR.asn1.csr.CertificationRequest} class constructor.
+409  * <br/>
+410  * CAUTION: 
+411  * Returned JSON value format have been changed without 
+412  * backward compatibility since jsrsasign 9.0.0 asn1csr 2.0.0.
+413  * <br/>
+414  * NOTE:
+415  * The "flagTBS" supported since jsrsasign 10.5.26.
+416  *
+417  * @example
+418  * KJUR.asn1.csr.CSRUtil.getParam("-----BEGIN CERTIFICATE REQUEST...") →
+419  * {
+420  *   subject: { array:[[{type:"C",value:"JP",ds:"prn"}],...],
+421  *              str: "/C=JP/O=Test"},
+422  *   sbjpubkey: "-----BEGIN PUBLIC KEY...",
+423  *   extreq: [{extname:"subjectAltName",array:[{dns:"example.com"}]}]
+424  *   sigalg: "SHA256withRSA",
+425  *   sighex: "1ab3df.."
+426  * }
+427  *
+428  * KJUR.asn1.csr.CSRUtil.getParam("-----BEGIN CERTIFICATE REQUEST...", true) →
+429  * result will also have a member "tbs" in the object.
+430  */    
+431 KJUR.asn1.csr.CSRUtil.getParam = function(sPEM, flagTBS) {
+432     var _ASN1HEX = ASN1HEX,
+433 	_getV = _ASN1HEX.getV,
+434 	_getIdxbyList = _ASN1HEX.getIdxbyList,
+435 	_getTLVbyList = _ASN1HEX.getTLVbyList,
+436 	_getTLVbyListEx = _ASN1HEX.getTLVbyListEx,
+437 	_getVbyListEx = _ASN1HEX.getVbyListEx;
+438 
+439     /*
+440      * get a hexadecimal string of sequence of extension request attribute value
+441      * @param {String} h hexadecimal string of whole CSR
+442      * @return {String} hexadecimal string of SEQUENCE of extension request attribute value
+443      */
+444     var _getExtReqSeqHex = function(h) {
+445 	var idx1 = _getIdxbyList(h, 0, [0, 3, 0, 0], "06"); // extreq attr OID idx
+446 	if (_getV(h, idx1) != "2a864886f70d01090e") {
+447 	    return null;
+448 	}
+449 
+450 	return _getTLVbyList(h, 0, [0, 3, 0, 1, 0], "30"); // ext seq idx
+451     };
+452 
+453     var result = {};
+454 
+455     if (sPEM.indexOf("-----BEGIN CERTIFICATE REQUEST") == -1)
+456 	throw new Error("argument is not PEM file");
+457 
+458     var hex = pemtohex(sPEM, "CERTIFICATE REQUEST");
+459 
+460     if (flagTBS) {
+461 	result.tbs = _getTLVbyList(hex, 0, [0]);
+462     }
+463 
+464     try {
+465 	var hSubject = _getTLVbyListEx(hex, 0, [0, 1]);
+466 	if (hSubject == "3000") {
+467 	    result.subject = {};
+468 	} else {
+469 	    var x = new X509();
+470 	    result.subject = x.getX500Name(hSubject);
+471 	}
+472     } catch (ex) {};
+473 
+474     var hPubKey = _getTLVbyListEx(hex, 0, [0, 2]);
+475     var pubkeyobj = KEYUTIL.getKey(hPubKey, null, "pkcs8pub");
+476     result.sbjpubkey = KEYUTIL.getPEM(pubkeyobj, "PKCS8PUB");
+477 
+478     var hExtReqSeq = _getExtReqSeqHex(hex);
+479     var x = new X509();
+480     if (hExtReqSeq != null) {
+481 	result.extreq = x.getExtParamArray(hExtReqSeq);
+482     }
+483 
+484     try {
+485 	var hSigAlg = _getTLVbyListEx(hex, 0, [1], "30");
+486 	var x = new X509();
+487 	result.sigalg = x.getAlgorithmIdentifierName(hSigAlg);
+488     } catch (ex) {};
+489 
+490     try {
+491 	var hSig = _getVbyListEx(hex, 0, [2]);
+492 	result.sighex = hSig;
+493     } catch (ex) {};
+494 
+495     return result;
+496 };
+497 
+498 /**
+499  * verify self-signed CSR/PKCS#10 signature<br/>
+500  * @name verifySignature
+501  * @memberOf KJUR.asn1.csr.CSRUtil
+502  * @function
+503  * @param {object} csr PEM CSR string or parsed JSON object of CSR
+504  * @returns {boolean} true if self-signed signature is valid otherwise false
+505  * @since jsrsasign 10.5.26 asn1csr 2.0.6
+506  * @see KJUR.asn1.csr.CertificationRequest
+507  * @see KJUR.asn1.csr.CertificationRequestInfo
+508  * @see KJUR.asn1.csr.CSRUtil#getParam
+509  * @description
+510  * This method verifies self-signed signature of CSR/PKCS#10
+511  * with its public key which is concluded in the CSR.
+512  *
+513  * @example
+514  * KJUR.asn1.csr.CSRUtil.verifySignatrue("-----BEGIN CERTIFICATE REQUEST...") → true or false
+515  * 
+516  * p = KJUR.asn1.csr.CSRUtil.getParam("-----BEGIN CERTIFICATE REQUEST-----", true); // with tbs
+517  * KJUR.asn1.csr.CSRUtil.verifySignatrue(p) → true or false
+518  */
+519 KJUR.asn1.csr.CSRUtil.verifySignature = function(csr) {
+520     try {
+521 	var pCSR = null;
+522 	if (typeof csr == "string" &&
+523 	    csr.indexOf("-----BEGIN CERTIFICATE REQUEST") != -1) {
+524 	    pCSR = KJUR.asn1.csr.CSRUtil.getParam(csr, true);
+525 	} else if (typeof csr == "object" &&
+526 		   csr.sbjpubkey != undefined &&
+527 		   csr.sigalg != undefined &&
+528 		   csr.sighex != undefined &&
+529 		   csr.tbs != undefined) {
+530 	    pCSR = csr;
+531 	}
+532 	if (pCSR == null) return false;
+533 
+534 	// verify self-signed signature
+535 	var sig = new KJUR.crypto.Signature({alg: pCSR.sigalg});
+536 	sig.init(pCSR.sbjpubkey);
+537 	sig.updateHex(pCSR.tbs);
+538 	return sig.verify(pCSR.sighex);
+539     } catch(ex) {
+540 	alert(ex);
+541 	return false;
+542     }
+543 };
+544 
+545 
+546
    \ No newline at end of file diff --git a/bower.json b/bower.json index e24e04d2..634089e2 100644 --- a/bower.json +++ b/bower.json @@ -1,6 +1,6 @@ { "name": "kjur-jsrsasign", - "version": "10.5.25", + "version": "10.5.26", "main": "jsrsasign-all-min.js", "description": "The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES, JWS and JWT in pure JavaScript.", "license": "MIT", diff --git a/jsrsasign-all-min.js b/jsrsasign-all-min.js index d2f72880..3fff1ae9 100644 --- a/jsrsasign-all-min.js +++ b/jsrsasign-all-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(all) 10.5.25 (2022-06-24) (c) 2010-2022 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(all) 10.5.26 (2022-07-14) (c) 2010-2022 Kenji Urushima | kjur.github.io/jsrsasign/license */ /*! CryptoJS v3.1.2 core-fix.js @@ -223,7 +223,7 @@ if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!K if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}if(typeof KJUR.asn1.cms=="undefined"||!KJUR.asn1.cms){KJUR.asn1.cms={}}KJUR.asn1.cms.Attribute=function(f){var e=Error,d=KJUR,c=d.asn1,b=c.DERSequence,a=c.DERSet,g=c.DERObjectIdentifier;this.params=null;this.typeOid=null;this.setByParam=function(h){this.params=h};this.getValueArray=function(){throw new e("not yet implemented abstract")};this.tohex=function(){var j=new g({oid:this.typeOid});var h=new a({array:this.getValueArray()});var i=new b({array:[j,h]});return i.tohex()};this.getEncodedHex=function(){return this.tohex()}};extendClass(KJUR.asn1.cms.Attribute,KJUR.asn1.ASN1Object);KJUR.asn1.cms.ContentType=function(c){var b=KJUR,a=b.asn1;a.cms.ContentType.superclass.constructor.call(this);this.typeOid="1.2.840.113549.1.9.3";this.getValueArray=function(){var d=new a.DERObjectIdentifier(this.params.type);return[d]};if(c!=undefined){this.setByParam(c)}};extendClass(KJUR.asn1.cms.ContentType,KJUR.asn1.cms.Attribute);KJUR.asn1.cms.MessageDigest=function(e){var b=KJUR,a=b.asn1,c=a.DEROctetString,d=a.cms;d.MessageDigest.superclass.constructor.call(this);this.typeOid="1.2.840.113549.1.9.4";this.getValueArray=function(){var f=new c(this.params);return[f]};if(e!=undefined){this.setByParam(e)}};extendClass(KJUR.asn1.cms.MessageDigest,KJUR.asn1.cms.Attribute);KJUR.asn1.cms.SigningTime=function(c){var b=KJUR,a=b.asn1;a.cms.SigningTime.superclass.constructor.call(this);this.typeOid="1.2.840.113549.1.9.5";this.getValueArray=function(){var d=new a.x509.Time(this.params);return[d]};if(c!=undefined){this.setByParam(c)}};extendClass(KJUR.asn1.cms.SigningTime,KJUR.asn1.cms.Attribute);KJUR.asn1.cms.SigningCertificate=function(h){var e=Error,d=KJUR,c=d.asn1,b=c.DERSequence,g=c.cms,a=g.ESSCertID,f=d.crypto;g.SigningCertificate.superclass.constructor.call(this);this.typeOid="1.2.840.113549.1.9.16.2.12";this.getValueArray=function(){if(this.params==null||this.params==undefined||this.params.array==undefined){throw new e("parameter 'array' not specified")}var o=this.params.array;var k=[];for(var l=0;l0){var m=b(n.valhex,q[0]);var p=j(m,0);var t=[];for(var o=0;o1){var r=b(n.valhex,q[1]);n.polhex=r}delete n.valhex};this.setSignaturePolicyIdentifier=function(s){var q=j(s.valhex,0);if(q.length>0){var r=l.getOID(s.valhex,q[0]);s.oid=r}if(q.length>1){var m=new a();var t=j(s.valhex,q[1]);var p=b(s.valhex,t[0]);var o=m.getAlgorithmIdentifierName(p);s.alg=o;var n=i(s.valhex,t[1]);s.hash=n}delete s.valhex};this.setSigningCertificateV2=function(o){var s=j(o.valhex,0);if(s.length>0){var n=b(o.valhex,s[0]);var r=j(n,0);var u=[];for(var q=0;q1){var t=b(o.valhex,s[1]);o.polhex=t}delete o.valhex};this.getESSCertID=function(o){var p={};var n=j(o,0);if(n.length>0){var q=i(o,n[0]);p.hash=q}if(n.length>1){var m=b(o,n[1]);var r=this.getIssuerSerial(m);if(r.serial!=undefined){p.serial=r.serial}if(r.issuer!=undefined){p.issuer=r.issuer}}return p};this.getESSCertIDv2=function(q){var s={};var p=j(q,0);if(p.length<1||3r+1){var m=b(q,p[r+1]);var t=this.getIssuerSerial(m);s.issuer=t.issuer;s.serial=t.serial}return s};this.getIssuerSerial=function(q){var r={};var n=j(q,0);var m=b(q,n[0]);var p=h.getGeneralNames(m);var o=p[0].dn;r.issuer=o;var s=i(q,n[1]);r.serial={hex:s};return r};this.getCertificateSet=function(p){var n=j(p,0);var m=[];for(var o=0;o=0;j--){l+=k[j]}return l}else{if(typeof n=="string"&&a[n]!=undefined){return namearraytobinstr([n],a)}else{if(typeof n=="object"&&n.length!=undefined){return namearraytobinstr(n,a)}else{throw new f("wrong params")}}}return};this.tohex=function(){var j=this.params;var i=this.getBinValue();return(new g({bin:i})).tohex()};this.getEncodedHex=function(){return this.tohex()};if(h!=undefined){this.setByParam(h)}};extendClass(KJUR.asn1.tsp.PKIFailureInfo,KJUR.asn1.ASN1Object);KJUR.asn1.tsp.AbstractTSAAdapter=function(a){this.getTSTHex=function(c,b){throw"not implemented yet"}};KJUR.asn1.tsp.SimpleTSAAdapter=function(e){var d=KJUR,c=d.asn1,a=c.tsp,b=d.crypto.Util.hashHex;a.SimpleTSAAdapter.superclass.constructor.call(this);this.params=null;this.serial=0;this.getTSTHex=function(g,f){var i=b(g,f);this.params.econtent.content.messageImprint={alg:f,hash:i};this.params.econtent.content.serial={"int":this.serial++};var h=Math.floor(Math.random()*1000000000);this.params.econtent.content.nonce={"int":h};var j=new a.TimeStampToken(this.params);return j.getContentInfoEncodedHex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.tsp.SimpleTSAAdapter,KJUR.asn1.tsp.AbstractTSAAdapter);KJUR.asn1.tsp.FixedTSAAdapter=function(e){var d=KJUR,c=d.asn1,a=c.tsp,b=d.crypto.Util.hashHex;a.FixedTSAAdapter.superclass.constructor.call(this);this.params=null;this.getTSTHex=function(g,f){var h=b(g,f);this.params.econtent.content.messageImprint={alg:f,hash:h};var i=new a.TimeStampToken(this.params);return i.getContentInfoEncodedHex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.tsp.FixedTSAAdapter,KJUR.asn1.tsp.AbstractTSAAdapter);KJUR.asn1.tsp.TSPUtil=new function(){};KJUR.asn1.tsp.TSPUtil.newTimeStampToken=function(a){return new KJUR.asn1.tsp.TimeStampToken(a)};KJUR.asn1.tsp.TSPUtil.parseTimeStampReq=function(a){var b=new KJUR.asn1.tsp.TSPParser();return b.getTimeStampReq(a)};KJUR.asn1.tsp.TSPUtil.parseMessageImprint=function(a){var b=new KJUR.asn1.tsp.TSPParser();return b.getMessageImprint(a)};KJUR.asn1.tsp.TSPParser=function(){var e=Error,a=X509,f=new a(),k=ASN1HEX,g=k.getV,b=k.getTLV,d=k.getIdxbyList,c=k.getTLVbyListEx,i=k.getChildIdx;var j=["granted","grantedWithMods","rejection","waiting","revocationWarning","revocationNotification"];var h={0:"badAlg",2:"badRequest",5:"badDataFormat",14:"timeNotAvailable",15:"unacceptedPolicy",16:"unacceptedExtension",17:"addInfoNotAvailable",25:"systemFailure"};this.getResponse=function(n){var l=i(n,0);if(l.length==1){return this.getPKIStatusInfo(b(n,l[0]))}else{if(l.length>1){var o=this.getPKIStatusInfo(b(n,l[0]));var m=b(n,l[1]);var p=this.getToken(m);p.statusinfo=o;return p}}};this.getToken=function(m){var l=new KJUR.asn1.cms.CMSParser;var n=l.getCMSSignedData(m);this.setTSTInfo(n);return n};this.setTSTInfo=function(l){var o=l.econtent;if(o.type=="tstinfo"){var n=o.content.hex;var m=this.getTSTInfo(n);o.content=m}};this.getTSTInfo=function(r){var x={};var s=i(r,0);var p=g(r,s[1]);x.policy=hextooid(p);var o=b(r,s[2]);x.messageImprint=this.getMessageImprint(o);var u=g(r,s[3]);x.serial={hex:u};var y=g(r,s[4]);x.genTime={str:hextoutf8(y)};var q=0;if(s.length>5&&r.substr(s[5],2)=="30"){var v=b(r,s[5]);x.accuracy=this.getAccuracy(v);q++}if(s.length>5+q&&r.substr(s[5+q],2)=="01"){var z=g(r,s[5+q]);if(z=="ff"){x.ordering=true}q++}if(s.length>5+q&&r.substr(s[5+q],2)=="02"){var n=g(r,s[5+q]);x.nonce={hex:n};q++}if(s.length>5+q&&r.substr(s[5+q],2)=="a0"){var m=b(r,s[5+q]);m="30"+m.substr(2);pGeneralNames=f.getGeneralNames(m);var t=pGeneralNames[0].dn;x.tsa=t;q++}if(s.length>5+q&&r.substr(s[5+q],2)=="a1"){var l=b(r,s[5+q]);l="30"+l.substr(2);var w=f.getExtParamArray(l);x.ext=w;q++}return x};this.getAccuracy=function(q){var r={};var o=i(q,0);for(var p=0;p1&&o.substr(r[1],2)=="30"){var m=b(o,r[1]);t.statusstr=this.getPKIFreeText(m);n++}if(r.length>n&&o.substr(r[1+n],2)=="03"){var q=b(o,r[1+n]);t.failinfo=this.getPKIFailureInfo(q)}return t};this.getPKIFreeText=function(n){var o=[];var l=i(n,0);for(var m=0;m>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function extendClass(c,a){var b=function(){};b.prototype=a.prototype;c.prototype=new b();c.prototype.constructor=c;c.superclass=a.prototype;if(a.prototype.constructor==Object.prototype.constructor){a.prototype.constructor=a}}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.Util=new function(){this.DIGESTINFOHEAD={sha1:"3021300906052b0e03021a05000414",sha224:"302d300d06096086480165030402040500041c",sha256:"3031300d060960864801650304020105000420",sha384:"3041300d060960864801650304020205000430",sha512:"3051300d060960864801650304020305000440",md2:"3020300c06082a864886f70d020205000410",md5:"3020300c06082a864886f70d020505000410",ripemd160:"3021300906052b2403020105000414",};this.DEFAULTPROVIDER={md5:"cryptojs",sha1:"cryptojs",sha224:"cryptojs",sha256:"cryptojs",sha384:"cryptojs",sha512:"cryptojs",ripemd160:"cryptojs",hmacmd5:"cryptojs",hmacsha1:"cryptojs",hmacsha224:"cryptojs",hmacsha256:"cryptojs",hmacsha384:"cryptojs",hmacsha512:"cryptojs",hmacripemd160:"cryptojs",MD5withRSA:"cryptojs/jsrsa",SHA1withRSA:"cryptojs/jsrsa",SHA224withRSA:"cryptojs/jsrsa",SHA256withRSA:"cryptojs/jsrsa",SHA384withRSA:"cryptojs/jsrsa",SHA512withRSA:"cryptojs/jsrsa",RIPEMD160withRSA:"cryptojs/jsrsa",MD5withECDSA:"cryptojs/jsrsa",SHA1withECDSA:"cryptojs/jsrsa",SHA224withECDSA:"cryptojs/jsrsa",SHA256withECDSA:"cryptojs/jsrsa",SHA384withECDSA:"cryptojs/jsrsa",SHA512withECDSA:"cryptojs/jsrsa",RIPEMD160withECDSA:"cryptojs/jsrsa",SHA1withDSA:"cryptojs/jsrsa",SHA224withDSA:"cryptojs/jsrsa",SHA256withDSA:"cryptojs/jsrsa",MD5withRSAandMGF1:"cryptojs/jsrsa",SHAwithRSAandMGF1:"cryptojs/jsrsa",SHA1withRSAandMGF1:"cryptojs/jsrsa",SHA224withRSAandMGF1:"cryptojs/jsrsa",SHA256withRSAandMGF1:"cryptojs/jsrsa",SHA384withRSAandMGF1:"cryptojs/jsrsa",SHA512withRSAandMGF1:"cryptojs/jsrsa",RIPEMD160withRSAandMGF1:"cryptojs/jsrsa",};this.CRYPTOJSMESSAGEDIGESTNAME={md5:CryptoJS.algo.MD5,sha1:CryptoJS.algo.SHA1,sha224:CryptoJS.algo.SHA224,sha256:CryptoJS.algo.SHA256,sha384:CryptoJS.algo.SHA384,sha512:CryptoJS.algo.SHA512,ripemd160:CryptoJS.algo.RIPEMD160};this.getDigestInfoHex=function(a,b){if(typeof this.DIGESTINFOHEAD[b]=="undefined"){throw"alg not supported in Util.DIGESTINFOHEAD: "+b}return this.DIGESTINFOHEAD[b]+a};this.getPaddedDigestInfoHex=function(h,a,j){var c=this.getDigestInfoHex(h,a);var d=j/4;if(c.length+22>d){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f0){var m=b(n.valhex,q[0]);var p=j(m,0);var t=[];for(var o=0;o1){var r=b(n.valhex,q[1]);n.polhex=r}delete n.valhex};this.setSignaturePolicyIdentifier=function(s){var q=j(s.valhex,0);if(q.length>0){var r=l.getOID(s.valhex,q[0]);s.oid=r}if(q.length>1){var m=new a();var t=j(s.valhex,q[1]);var p=b(s.valhex,t[0]);var o=m.getAlgorithmIdentifierName(p);s.alg=o;var n=i(s.valhex,t[1]);s.hash=n}delete s.valhex};this.setSigningCertificateV2=function(o){var s=j(o.valhex,0);if(s.length>0){var n=b(o.valhex,s[0]);var r=j(n,0);var u=[];for(var q=0;q1){var t=b(o.valhex,s[1]);o.polhex=t}delete o.valhex};this.getESSCertID=function(o){var p={};var n=j(o,0);if(n.length>0){var q=i(o,n[0]);p.hash=q}if(n.length>1){var m=b(o,n[1]);var r=this.getIssuerSerial(m);if(r.serial!=undefined){p.serial=r.serial}if(r.issuer!=undefined){p.issuer=r.issuer}}return p};this.getESSCertIDv2=function(q){var s={};var p=j(q,0);if(p.length<1||3r+1){var m=b(q,p[r+1]);var t=this.getIssuerSerial(m);s.issuer=t.issuer;s.serial=t.serial}return s};this.getIssuerSerial=function(q){var r={};var n=j(q,0);var m=b(q,n[0]);var p=h.getGeneralNames(m);var o=p[0].dn;r.issuer=o;var s=i(q,n[1]);r.serial={hex:s};return r};this.getCertificateSet=function(p){var n=j(p,0);var m=[];for(var o=0;o=0;j--){l+=k[j]}return l}else{if(typeof n=="string"&&a[n]!=undefined){return namearraytobinstr([n],a)}else{if(typeof n=="object"&&n.length!=undefined){return namearraytobinstr(n,a)}else{throw new f("wrong params")}}}return};this.tohex=function(){var j=this.params;var i=this.getBinValue();return(new g({bin:i})).tohex()};this.getEncodedHex=function(){return this.tohex()};if(h!=undefined){this.setByParam(h)}};extendClass(KJUR.asn1.tsp.PKIFailureInfo,KJUR.asn1.ASN1Object);KJUR.asn1.tsp.AbstractTSAAdapter=function(a){this.getTSTHex=function(c,b){throw"not implemented yet"}};KJUR.asn1.tsp.SimpleTSAAdapter=function(e){var d=KJUR,c=d.asn1,a=c.tsp,b=d.crypto.Util.hashHex;a.SimpleTSAAdapter.superclass.constructor.call(this);this.params=null;this.serial=0;this.getTSTHex=function(g,f){var i=b(g,f);this.params.econtent.content.messageImprint={alg:f,hash:i};this.params.econtent.content.serial={"int":this.serial++};var h=Math.floor(Math.random()*1000000000);this.params.econtent.content.nonce={"int":h};var j=new a.TimeStampToken(this.params);return j.getContentInfoEncodedHex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.tsp.SimpleTSAAdapter,KJUR.asn1.tsp.AbstractTSAAdapter);KJUR.asn1.tsp.FixedTSAAdapter=function(e){var d=KJUR,c=d.asn1,a=c.tsp,b=d.crypto.Util.hashHex;a.FixedTSAAdapter.superclass.constructor.call(this);this.params=null;this.getTSTHex=function(g,f){var h=b(g,f);this.params.econtent.content.messageImprint={alg:f,hash:h};var i=new a.TimeStampToken(this.params);return i.getContentInfoEncodedHex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.tsp.FixedTSAAdapter,KJUR.asn1.tsp.AbstractTSAAdapter);KJUR.asn1.tsp.TSPUtil=new function(){};KJUR.asn1.tsp.TSPUtil.newTimeStampToken=function(a){return new KJUR.asn1.tsp.TimeStampToken(a)};KJUR.asn1.tsp.TSPUtil.parseTimeStampReq=function(a){var b=new KJUR.asn1.tsp.TSPParser();return b.getTimeStampReq(a)};KJUR.asn1.tsp.TSPUtil.parseMessageImprint=function(a){var b=new KJUR.asn1.tsp.TSPParser();return b.getMessageImprint(a)};KJUR.asn1.tsp.TSPParser=function(){var e=Error,a=X509,f=new a(),k=ASN1HEX,g=k.getV,b=k.getTLV,d=k.getIdxbyList,c=k.getTLVbyListEx,i=k.getChildIdx;var j=["granted","grantedWithMods","rejection","waiting","revocationWarning","revocationNotification"];var h={0:"badAlg",2:"badRequest",5:"badDataFormat",14:"timeNotAvailable",15:"unacceptedPolicy",16:"unacceptedExtension",17:"addInfoNotAvailable",25:"systemFailure"};this.getResponse=function(n){var l=i(n,0);if(l.length==1){return this.getPKIStatusInfo(b(n,l[0]))}else{if(l.length>1){var o=this.getPKIStatusInfo(b(n,l[0]));var m=b(n,l[1]);var p=this.getToken(m);p.statusinfo=o;return p}}};this.getToken=function(m){var l=new KJUR.asn1.cms.CMSParser;var n=l.getCMSSignedData(m);this.setTSTInfo(n);return n};this.setTSTInfo=function(l){var o=l.econtent;if(o.type=="tstinfo"){var n=o.content.hex;var m=this.getTSTInfo(n);o.content=m}};this.getTSTInfo=function(r){var x={};var s=i(r,0);var p=g(r,s[1]);x.policy=hextooid(p);var o=b(r,s[2]);x.messageImprint=this.getMessageImprint(o);var u=g(r,s[3]);x.serial={hex:u};var y=g(r,s[4]);x.genTime={str:hextoutf8(y)};var q=0;if(s.length>5&&r.substr(s[5],2)=="30"){var v=b(r,s[5]);x.accuracy=this.getAccuracy(v);q++}if(s.length>5+q&&r.substr(s[5+q],2)=="01"){var z=g(r,s[5+q]);if(z=="ff"){x.ordering=true}q++}if(s.length>5+q&&r.substr(s[5+q],2)=="02"){var n=g(r,s[5+q]);x.nonce={hex:n};q++}if(s.length>5+q&&r.substr(s[5+q],2)=="a0"){var m=b(r,s[5+q]);m="30"+m.substr(2);pGeneralNames=f.getGeneralNames(m);var t=pGeneralNames[0].dn;x.tsa=t;q++}if(s.length>5+q&&r.substr(s[5+q],2)=="a1"){var l=b(r,s[5+q]);l="30"+l.substr(2);var w=f.getExtParamArray(l);x.ext=w;q++}return x};this.getAccuracy=function(q){var r={};var o=i(q,0);for(var p=0;p1&&o.substr(r[1],2)=="30"){var m=b(o,r[1]);t.statusstr=this.getPKIFreeText(m);n++}if(r.length>n&&o.substr(r[1+n],2)=="03"){var q=b(o,r[1+n]);t.failinfo=this.getPKIFailureInfo(q)}return t};this.getPKIFreeText=function(n){var o=[];var l=i(n,0);for(var m=0;m>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function extendClass(c,a){var b=function(){};b.prototype=a.prototype;c.prototype=new b();c.prototype.constructor=c;c.superclass=a.prototype;if(a.prototype.constructor==Object.prototype.constructor){a.prototype.constructor=a}}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.Util=new function(){this.DIGESTINFOHEAD={sha1:"3021300906052b0e03021a05000414",sha224:"302d300d06096086480165030402040500041c",sha256:"3031300d060960864801650304020105000420",sha384:"3041300d060960864801650304020205000430",sha512:"3051300d060960864801650304020305000440",md2:"3020300c06082a864886f70d020205000410",md5:"3020300c06082a864886f70d020505000410",ripemd160:"3021300906052b2403020105000414",};this.DEFAULTPROVIDER={md5:"cryptojs",sha1:"cryptojs",sha224:"cryptojs",sha256:"cryptojs",sha384:"cryptojs",sha512:"cryptojs",ripemd160:"cryptojs",hmacmd5:"cryptojs",hmacsha1:"cryptojs",hmacsha224:"cryptojs",hmacsha256:"cryptojs",hmacsha384:"cryptojs",hmacsha512:"cryptojs",hmacripemd160:"cryptojs",MD5withRSA:"cryptojs/jsrsa",SHA1withRSA:"cryptojs/jsrsa",SHA224withRSA:"cryptojs/jsrsa",SHA256withRSA:"cryptojs/jsrsa",SHA384withRSA:"cryptojs/jsrsa",SHA512withRSA:"cryptojs/jsrsa",RIPEMD160withRSA:"cryptojs/jsrsa",MD5withECDSA:"cryptojs/jsrsa",SHA1withECDSA:"cryptojs/jsrsa",SHA224withECDSA:"cryptojs/jsrsa",SHA256withECDSA:"cryptojs/jsrsa",SHA384withECDSA:"cryptojs/jsrsa",SHA512withECDSA:"cryptojs/jsrsa",RIPEMD160withECDSA:"cryptojs/jsrsa",SHA1withDSA:"cryptojs/jsrsa",SHA224withDSA:"cryptojs/jsrsa",SHA256withDSA:"cryptojs/jsrsa",MD5withRSAandMGF1:"cryptojs/jsrsa",SHAwithRSAandMGF1:"cryptojs/jsrsa",SHA1withRSAandMGF1:"cryptojs/jsrsa",SHA224withRSAandMGF1:"cryptojs/jsrsa",SHA256withRSAandMGF1:"cryptojs/jsrsa",SHA384withRSAandMGF1:"cryptojs/jsrsa",SHA512withRSAandMGF1:"cryptojs/jsrsa",RIPEMD160withRSAandMGF1:"cryptojs/jsrsa",};this.CRYPTOJSMESSAGEDIGESTNAME={md5:CryptoJS.algo.MD5,sha1:CryptoJS.algo.SHA1,sha224:CryptoJS.algo.SHA224,sha256:CryptoJS.algo.SHA256,sha384:CryptoJS.algo.SHA384,sha512:CryptoJS.algo.SHA512,ripemd160:CryptoJS.algo.RIPEMD160};this.getDigestInfoHex=function(a,b){if(typeof this.DIGESTINFOHEAD[b]=="undefined"){throw"alg not supported in Util.DIGESTINFOHEAD: "+b}return this.DIGESTINFOHEAD[b]+a};this.getPaddedDigestInfoHex=function(h,a,j){var c=this.getDigestInfoHex(h,a);var d=j/4;if(c.length+22>d){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f0){var m=b(n.valhex,q[0]);var p=j(m,0);var t=[];for(var o=0;o1){var r=b(n.valhex,q[1]);n.polhex=r}delete n.valhex};this.setSignaturePolicyIdentifier=function(s){var q=j(s.valhex,0);if(q.length>0){var r=l.getOID(s.valhex,q[0]);s.oid=r}if(q.length>1){var m=new a();var t=j(s.valhex,q[1]);var p=b(s.valhex,t[0]);var o=m.getAlgorithmIdentifierName(p);s.alg=o;var n=i(s.valhex,t[1]);s.hash=n}delete s.valhex};this.setSigningCertificateV2=function(o){var s=j(o.valhex,0);if(s.length>0){var n=b(o.valhex,s[0]);var r=j(n,0);var u=[];for(var q=0;q1){var t=b(o.valhex,s[1]);o.polhex=t}delete o.valhex};this.getESSCertID=function(o){var p={};var n=j(o,0);if(n.length>0){var q=i(o,n[0]);p.hash=q}if(n.length>1){var m=b(o,n[1]);var r=this.getIssuerSerial(m);if(r.serial!=undefined){p.serial=r.serial}if(r.issuer!=undefined){p.issuer=r.issuer}}return p};this.getESSCertIDv2=function(q){var s={};var p=j(q,0);if(p.length<1||3r+1){var m=b(q,p[r+1]);var t=this.getIssuerSerial(m);s.issuer=t.issuer;s.serial=t.serial}return s};this.getIssuerSerial=function(q){var r={};var n=j(q,0);var m=b(q,n[0]);var p=h.getGeneralNames(m);var o=p[0].dn;r.issuer=o;var s=i(q,n[1]);r.serial={hex:s};return r};this.getCertificateSet=function(p){var n=j(p,0);var m=[];for(var o=0;o=0;j--){l+=k[j]}return l}else{if(typeof n=="string"&&a[n]!=undefined){return namearraytobinstr([n],a)}else{if(typeof n=="object"&&n.length!=undefined){return namearraytobinstr(n,a)}else{throw new f("wrong params")}}}return};this.tohex=function(){var j=this.params;var i=this.getBinValue();return(new g({bin:i})).tohex()};this.getEncodedHex=function(){return this.tohex()};if(h!=undefined){this.setByParam(h)}};extendClass(KJUR.asn1.tsp.PKIFailureInfo,KJUR.asn1.ASN1Object);KJUR.asn1.tsp.AbstractTSAAdapter=function(a){this.getTSTHex=function(c,b){throw"not implemented yet"}};KJUR.asn1.tsp.SimpleTSAAdapter=function(e){var d=KJUR,c=d.asn1,a=c.tsp,b=d.crypto.Util.hashHex;a.SimpleTSAAdapter.superclass.constructor.call(this);this.params=null;this.serial=0;this.getTSTHex=function(g,f){var i=b(g,f);this.params.econtent.content.messageImprint={alg:f,hash:i};this.params.econtent.content.serial={"int":this.serial++};var h=Math.floor(Math.random()*1000000000);this.params.econtent.content.nonce={"int":h};var j=new a.TimeStampToken(this.params);return j.getContentInfoEncodedHex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.tsp.SimpleTSAAdapter,KJUR.asn1.tsp.AbstractTSAAdapter);KJUR.asn1.tsp.FixedTSAAdapter=function(e){var d=KJUR,c=d.asn1,a=c.tsp,b=d.crypto.Util.hashHex;a.FixedTSAAdapter.superclass.constructor.call(this);this.params=null;this.getTSTHex=function(g,f){var h=b(g,f);this.params.econtent.content.messageImprint={alg:f,hash:h};var i=new a.TimeStampToken(this.params);return i.getContentInfoEncodedHex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.tsp.FixedTSAAdapter,KJUR.asn1.tsp.AbstractTSAAdapter);KJUR.asn1.tsp.TSPUtil=new function(){};KJUR.asn1.tsp.TSPUtil.newTimeStampToken=function(a){return new KJUR.asn1.tsp.TimeStampToken(a)};KJUR.asn1.tsp.TSPUtil.parseTimeStampReq=function(a){var b=new KJUR.asn1.tsp.TSPParser();return b.getTimeStampReq(a)};KJUR.asn1.tsp.TSPUtil.parseMessageImprint=function(a){var b=new KJUR.asn1.tsp.TSPParser();return b.getMessageImprint(a)};KJUR.asn1.tsp.TSPParser=function(){var e=Error,a=X509,f=new a(),k=ASN1HEX,g=k.getV,b=k.getTLV,d=k.getIdxbyList,c=k.getTLVbyListEx,i=k.getChildIdx;var j=["granted","grantedWithMods","rejection","waiting","revocationWarning","revocationNotification"];var h={0:"badAlg",2:"badRequest",5:"badDataFormat",14:"timeNotAvailable",15:"unacceptedPolicy",16:"unacceptedExtension",17:"addInfoNotAvailable",25:"systemFailure"};this.getResponse=function(n){var l=i(n,0);if(l.length==1){return this.getPKIStatusInfo(b(n,l[0]))}else{if(l.length>1){var o=this.getPKIStatusInfo(b(n,l[0]));var m=b(n,l[1]);var p=this.getToken(m);p.statusinfo=o;return p}}};this.getToken=function(m){var l=new KJUR.asn1.cms.CMSParser;var n=l.getCMSSignedData(m);this.setTSTInfo(n);return n};this.setTSTInfo=function(l){var o=l.econtent;if(o.type=="tstinfo"){var n=o.content.hex;var m=this.getTSTInfo(n);o.content=m}};this.getTSTInfo=function(r){var x={};var s=i(r,0);var p=g(r,s[1]);x.policy=hextooid(p);var o=b(r,s[2]);x.messageImprint=this.getMessageImprint(o);var u=g(r,s[3]);x.serial={hex:u};var y=g(r,s[4]);x.genTime={str:hextoutf8(y)};var q=0;if(s.length>5&&r.substr(s[5],2)=="30"){var v=b(r,s[5]);x.accuracy=this.getAccuracy(v);q++}if(s.length>5+q&&r.substr(s[5+q],2)=="01"){var z=g(r,s[5+q]);if(z=="ff"){x.ordering=true}q++}if(s.length>5+q&&r.substr(s[5+q],2)=="02"){var n=g(r,s[5+q]);x.nonce={hex:n};q++}if(s.length>5+q&&r.substr(s[5+q],2)=="a0"){var m=b(r,s[5+q]);m="30"+m.substr(2);pGeneralNames=f.getGeneralNames(m);var t=pGeneralNames[0].dn;x.tsa=t;q++}if(s.length>5+q&&r.substr(s[5+q],2)=="a1"){var l=b(r,s[5+q]);l="30"+l.substr(2);var w=f.getExtParamArray(l);x.ext=w;q++}return x};this.getAccuracy=function(q){var r={};var o=i(q,0);for(var p=0;p1&&o.substr(r[1],2)=="30"){var m=b(o,r[1]);t.statusstr=this.getPKIFreeText(m);n++}if(r.length>n&&o.substr(r[1+n],2)=="03"){var q=b(o,r[1+n]);t.failinfo=this.getPKIFailureInfo(q)}return t};this.getPKIFreeText=function(n){var o=[];var l=i(n,0);for(var m=0;m>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function extendClass(c,a){var b=function(){};b.prototype=a.prototype;c.prototype=new b();c.prototype.constructor=c;c.superclass=a.prototype;if(a.prototype.constructor==Object.prototype.constructor){a.prototype.constructor=a}}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.Util=new function(){this.DIGESTINFOHEAD={sha1:"3021300906052b0e03021a05000414",sha224:"302d300d06096086480165030402040500041c",sha256:"3031300d060960864801650304020105000420",sha384:"3041300d060960864801650304020205000430",sha512:"3051300d060960864801650304020305000440",md2:"3020300c06082a864886f70d020205000410",md5:"3020300c06082a864886f70d020505000410",ripemd160:"3021300906052b2403020105000414",};this.DEFAULTPROVIDER={md5:"cryptojs",sha1:"cryptojs",sha224:"cryptojs",sha256:"cryptojs",sha384:"cryptojs",sha512:"cryptojs",ripemd160:"cryptojs",hmacmd5:"cryptojs",hmacsha1:"cryptojs",hmacsha224:"cryptojs",hmacsha256:"cryptojs",hmacsha384:"cryptojs",hmacsha512:"cryptojs",hmacripemd160:"cryptojs",MD5withRSA:"cryptojs/jsrsa",SHA1withRSA:"cryptojs/jsrsa",SHA224withRSA:"cryptojs/jsrsa",SHA256withRSA:"cryptojs/jsrsa",SHA384withRSA:"cryptojs/jsrsa",SHA512withRSA:"cryptojs/jsrsa",RIPEMD160withRSA:"cryptojs/jsrsa",MD5withECDSA:"cryptojs/jsrsa",SHA1withECDSA:"cryptojs/jsrsa",SHA224withECDSA:"cryptojs/jsrsa",SHA256withECDSA:"cryptojs/jsrsa",SHA384withECDSA:"cryptojs/jsrsa",SHA512withECDSA:"cryptojs/jsrsa",RIPEMD160withECDSA:"cryptojs/jsrsa",SHA1withDSA:"cryptojs/jsrsa",SHA224withDSA:"cryptojs/jsrsa",SHA256withDSA:"cryptojs/jsrsa",MD5withRSAandMGF1:"cryptojs/jsrsa",SHAwithRSAandMGF1:"cryptojs/jsrsa",SHA1withRSAandMGF1:"cryptojs/jsrsa",SHA224withRSAandMGF1:"cryptojs/jsrsa",SHA256withRSAandMGF1:"cryptojs/jsrsa",SHA384withRSAandMGF1:"cryptojs/jsrsa",SHA512withRSAandMGF1:"cryptojs/jsrsa",RIPEMD160withRSAandMGF1:"cryptojs/jsrsa",};this.CRYPTOJSMESSAGEDIGESTNAME={md5:CryptoJS.algo.MD5,sha1:CryptoJS.algo.SHA1,sha224:CryptoJS.algo.SHA224,sha256:CryptoJS.algo.SHA256,sha384:CryptoJS.algo.SHA384,sha512:CryptoJS.algo.SHA512,ripemd160:CryptoJS.algo.RIPEMD160};this.getDigestInfoHex=function(a,b){if(typeof this.DIGESTINFOHEAD[b]=="undefined"){throw"alg not supported in Util.DIGESTINFOHEAD: "+b}return this.DIGESTINFOHEAD[b]+a};this.getPaddedDigestInfoHex=function(h,a,j){var c=this.getDigestInfoHex(h,a);var d=j/4;if(c.length+22>d){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;fMIT License */ @@ -383,10 +383,12 @@ KJUR.asn1.csr.CSRUtil.newCSRPEM = function(param) { * @name getParam * @memberOf KJUR.asn1.csr.CSRUtil * @function - * @param {String} sPEM PEM string of CSR/PKCS#10 + * @param {string} sPEM PEM string of CSR/PKCS#10 + * @param {boolean} flagTBS result object also concludes CertificationRequestInfo (OPTION, DEFAULT=false) * @returns {Array} JSON object with parsed parameters such as name or public key * @since jsrsasign 9.0.0 asn1csr 2.0.0 * @see KJUR.asn1.csr.CertificationRequest + * @see KJUR.asn1.csr.CertificationRequestInfo * @see KJUR.asn1.x509.X500Name * @see X509#getExtParamArray * @description @@ -400,6 +402,7 @@ KJUR.asn1.csr.CSRUtil.newCSRPEM = function(param) { *
  • {Array}extreq - array of extensionRequest parameters
    • *
  • {String}sigalg - name of signature algorithm field
    • *
  • {String}sighex - hexadecimal string of signature value
    • + *
  • {String}tbs - a hexadecimal string of CertificationRequestInfo as to be signed(OPTION)
    • * * Returned JSON object can be passed to * {@link KJUR.asn1.csr.CertificationRequest} class constructor. @@ -407,6 +410,9 @@ KJUR.asn1.csr.CSRUtil.newCSRPEM = function(param) { * CAUTION: * Returned JSON value format have been changed without * backward compatibility since jsrsasign 9.0.0 asn1csr 2.0.0. + *
    + * NOTE: + * The "flagTBS" supported since jsrsasign 10.5.26. * * @example * KJUR.asn1.csr.CSRUtil.getParam("-----BEGIN CERTIFICATE REQUEST...") → @@ -418,8 +424,11 @@ KJUR.asn1.csr.CSRUtil.newCSRPEM = function(param) { * sigalg: "SHA256withRSA", * sighex: "1ab3df.." * } + * + * KJUR.asn1.csr.CSRUtil.getParam("-----BEGIN CERTIFICATE REQUEST...", true) → + * result will also have a member "tbs" in the object. */ -KJUR.asn1.csr.CSRUtil.getParam = function(sPEM) { +KJUR.asn1.csr.CSRUtil.getParam = function(sPEM, flagTBS) { var _ASN1HEX = ASN1HEX, _getV = _ASN1HEX.getV, _getIdxbyList = _ASN1HEX.getIdxbyList, @@ -448,6 +457,10 @@ KJUR.asn1.csr.CSRUtil.getParam = function(sPEM) { var hex = pemtohex(sPEM, "CERTIFICATE REQUEST"); + if (flagTBS) { + result.tbs = _getTLVbyList(hex, 0, [0]); + } + try { var hSubject = _getTLVbyListEx(hex, 0, [0, 1]); if (hSubject == "3000") { @@ -482,4 +495,51 @@ KJUR.asn1.csr.CSRUtil.getParam = function(sPEM) { return result; }; +/** + * verify self-signed CSR/PKCS#10 signature
    + * @name verifySignature + * @memberOf KJUR.asn1.csr.CSRUtil + * @function + * @param {object} csr PEM CSR string or parsed JSON object of CSR + * @returns {boolean} true if self-signed signature is valid otherwise false + * @since jsrsasign 10.5.26 asn1csr 2.0.6 + * @see KJUR.asn1.csr.CertificationRequest + * @see KJUR.asn1.csr.CertificationRequestInfo + * @see KJUR.asn1.csr.CSRUtil#getParam + * @description + * This method verifies self-signed signature of CSR/PKCS#10 + * with its public key which is concluded in the CSR. + * + * @example + * KJUR.asn1.csr.CSRUtil.verifySignatrue("-----BEGIN CERTIFICATE REQUEST...") → true or false + * + * p = KJUR.asn1.csr.CSRUtil.getParam("-----BEGIN CERTIFICATE REQUEST-----", true); // with tbs + * KJUR.asn1.csr.CSRUtil.verifySignatrue(p) → true or false + */ +KJUR.asn1.csr.CSRUtil.verifySignature = function(csr) { + try { + var pCSR = null; + if (typeof csr == "string" && + csr.indexOf("-----BEGIN CERTIFICATE REQUEST") != -1) { + pCSR = KJUR.asn1.csr.CSRUtil.getParam(csr, true); + } else if (typeof csr == "object" && + csr.sbjpubkey != undefined && + csr.sigalg != undefined && + csr.sighex != undefined && + csr.tbs != undefined) { + pCSR = csr; + } + if (pCSR == null) return false; + + // verify self-signed signature + var sig = new KJUR.crypto.Signature({alg: pCSR.sigalg}); + sig.init(pCSR.sbjpubkey); + sig.updateHex(pCSR.tbs); + return sig.verify(pCSR.sighex); + } catch(ex) { + alert(ex); + return false; + } +}; + diff --git a/test/qunit-do-asn1csr.html b/test/qunit-do-asn1csr.html index a6aa04e8..7872088d 100755 --- a/test/qunit-do-asn1csr.html +++ b/test/qunit-do-asn1csr.html @@ -439,45 +439,67 @@ equal(pem, csrextpem, "CSR PEM keyusage, basicconstraints"); }); -test("(14) CSRUtil.getParam key2.csr", function() { +test("CSRUtil.getParam(key2.csr) without tbs", function() { var p = KJUR.asn1.csr.CSRUtil.getParam(key2csrpem); - -deepEqual(p.subject, { -array:[ - [{ds:'prn',type:'C',value:'US'}], - [{ds:'utf8',type:'O',value:'Test'}], - [{ds:'utf8',type:'CN',value:'example.com'}] -], -str:"/C=US/O=Test/CN=example.com" -}, -"subject"); - -equal(p.sbjpubkey.replace(/\s+/g,''), - key2pub.replace(/\s+/g,''), - "sbjpubkey"); - -equal(p.sigalg, "SHA256withRSA", "sigalg"); +var pExpect = { + subject: { + array: [ + [{type: "C", value: "US", ds: "prn"}], + [{type: "O", value: "Test", ds: "utf8"}], + [{type: "CN", value: "example.com", ds: "utf8"}] + ], + str: "/C=US/O=Test/CN=example.com" + }, + sbjpubkey: key2pub.substr(1).replace(/\n/g, "\r\n"), + sigalg: "SHA256withRSA", + sighex: "60f76944264ee26ca31814e560048427a1596c976906c62d1147bcd01b3d8adafaae7bd01e682732a3da6e56c3f0da4908dad2e6ec1a399cc41dbfe4b240ed3c318301fb9f4a1510f396a5cab91cecb69893afb523bd5641994273994ec181f55e5edec3fbaad4274152c499c294464abaf0c1563d04d8ddc5efdd123b3d992132c82979189b232589cd2bca77cdfc59bade2129542d95100b274d529d97d27ca53105c3847def151ecfac8d12e398192ff33a827d5b5bb042b2276b3d8e31915e5a2788a929a45f1dd29d4cdf472c899ffe9692aa8dab958644e00705bd1b187df5c3394bb180ad742c03058b5e8e38a1257877787b01fd120c93edd8de6668" +}; +deepEqual(p, pExpect, "key2.csr all members without tbs"); }); -test("(15) CSRUtil.getParam certbot1.csr.pem (with san, no sbjname)", function() { +test("CSRUtil.getParam(certbot1.csr.pem) (with san, no sbjname)", function() { var p = KJUR.asn1.csr.CSRUtil.getParam(csrcertbot1); -equal(p != undefined, true, "p"); +var pExpect = { + subject: {}, + sbjpubkey: certbot1PUBPEM.substr(1).replace(/\n/g, "\r\n"), + extreq: [ + { extname: "subjectAltName", + array: [{dns: "nodejs.rz-bsd.my.corp"}]} + ], + sigalg: "SHA256withRSA", + sighex: "748ac811239ec2d860accd974b768b808e92195daf16d42dc58ce1dc77a450efb15dfa1db67e7eb7804301510937005ceae2dd9bf0978e1f5c636788234c45c7e3084e87de6047e2c3bd598ade48481c12cc542c89814114353649a1a32eeda761a5b257b5a887a67cbadec42f87742d121edaaccc7c11a0e1f0c298050e624f296f374492ff241c52f692e2416ce4225313f60615ea5a59d0563e51380b9a09f79ea59ee65244796e80a1d4cd60ff57fb5260b0c9990549eec3cd24cd4969377bf5c0ea71bb6a302aa183418a1f83a66eb4be66ef7d8a8c7e23b31bb2ef7e178ad98e29decf5968a10e617c9fba140b711351c8dbfc7860319166d0eac1c15e" +}; +deepEqual(p, pExpect, "certbot1.csr all members without tbs"); +}); -deepEqual(p.subject, {}, "subject"); +test("CSRUtil.getParam(key2csr, flagTBS=true)", function() { +var p = KJUR.asn1.csr.CSRUtil.getParam(key2csrpem, true); +var pExpect = { + subject: { + array: [ + [{type: "C", value: "US", ds: "prn"}], + [{type: "O", value: "Test", ds: "utf8"}], + [{type: "CN", value: "example.com", ds: "utf8"}] + ], + str: "/C=US/O=Test/CN=example.com" + }, + sbjpubkey: key2pub.substr(1).replace(/\n/g, "\r\n"), + sigalg: "SHA256withRSA", + sighex: "60f76944264ee26ca31814e560048427a1596c976906c62d1147bcd01b3d8adafaae7bd01e682732a3da6e56c3f0da4908dad2e6ec1a399cc41dbfe4b240ed3c318301fb9f4a1510f396a5cab91cecb69893afb523bd5641994273994ec181f55e5edec3fbaad4274152c499c294464abaf0c1563d04d8ddc5efdd123b3d992132c82979189b232589cd2bca77cdfc59bade2129542d95100b274d529d97d27ca53105c3847def151ecfac8d12e398192ff33a827d5b5bb042b2276b3d8e31915e5a2788a929a45f1dd29d4cdf472c899ffe9692aa8dab958644e00705bd1b187df5c3394bb180ad742c03058b5e8e38a1257877787b01fd120c93edd8de6668", + tbs: "3082015f0201003032310b3009060355040613025553310d300b060355040a0c04546573743114301206035504030c0b6578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100e7fd901cc041be2aeb8ae7218a9479d3645ade837f8ddb97948162d1e5a941e9b64b422b2b0822057f7e84d9e386a321397a7893fe88b82387e8f211a494a417537fb6eef2a734d5c274fc2d0a1fe5d69142d78714f537c3731e95db84e6718f8c997c8dc577ea3b6fb7b9e79198c9bd93e5b902cd02de9acc8bc8df5050a8d203d71dd12034f155ae80f79dae9ddb68ebaf6c52e39c8d4085c70602937bb99bcf51a5aca8c8010adebaba5db485faca62ad62c7783174779f21306bdbc08f183e7a7b74d44f534f1683d414244f252447ccc805ce61ad9e29193d9aa07b8e41180c78aa34fce3b26dc24f46a69fc7b607e7505188127b74678f9f13a2222bc50203010001a000" +}; +deepEqual(p, pExpect, "key2.csr all members including tbs"); +}); -equal(p.sbjpubkey.replace(/\s+/g,''), - certbot1PUBPEM.replace(/\s+/g,''), - "sbjpubkey"); +test("CSRUtil.verifySignature(key2csrpem)", function() { +equal(KJUR.asn1.csr.CSRUtil.verifySignature(key2csrpem), true, "valid key2csr pem"); -deepEqual(p.extreq, -[{extname: "subjectAltName", - array: [{dns:"nodejs.rz-bsd.my.corp"}] - } -], -"extreq=" + JSON.stringify(p.extreq)); +var pCSR = KJUR.asn1.csr.CSRUtil.getParam(key2csrpem, true); +equal(KJUR.asn1.csr.CSRUtil.verifySignature(pCSR), true, "valid key2csr obj"); -equal(p.sigalg, "SHA256withRSA", "sigalg=" + p.sigalg); -equal(p.sighex, "748ac811239ec2d860accd974b768b808e92195daf16d42dc58ce1dc77a450efb15dfa1db67e7eb7804301510937005ceae2dd9bf0978e1f5c636788234c45c7e3084e87de6047e2c3bd598ade48481c12cc542c89814114353649a1a32eeda761a5b257b5a887a67cbadec42f87742d121edaaccc7c11a0e1f0c298050e624f296f374492ff241c52f692e2416ce4225313f60615ea5a59d0563e51380b9a09f79ea59ee65244796e80a1d4cd60ff57fb5260b0c9990549eec3cd24cd4969377bf5c0ea71bb6a302aa183418a1f83a66eb4be66ef7d8a8c7e23b31bb2ef7e178ad98e29decf5968a10e617c9fba140b711351c8dbfc7860319166d0eac1c15e", "sighex=" + p.sighex); +var pCSR2 = KJUR.asn1.csr.CSRUtil.getParam(key2csrpem, true); +pCSR2.sighex = pCSR2.sighex.substr(2) + "ab"; // forge signature +equal(KJUR.asn1.csr.CSRUtil.verifySignature(pCSR2), false, "invalid forged key2csr obj"); }); });