From 780431692d0897d0f21e75bc9fbbdf23d4d79c5c Mon Sep 17 00:00:00 2001 From: Kenji Urushima Date: Wed, 14 Oct 2020 09:53:28 +0900 Subject: [PATCH] 10.0.2 release --- ChangeLog.txt | 5 + api/files.html | 2 +- .../KJUR.asn1.x509.AdobeTimeStamp.html | 685 +++++++++++ api/symbols/src/x509-1.1.js.html | 6 +- bower.json | 2 +- jsrsasign-all-min.js | 4 +- jsrsasign-jwths-min.js | 2 +- jsrsasign-rsa-min.js | 2 +- min/jws-3.2.min.js | 3 + min/pkcs5pkey-1.0.min.js | 1 + min/x509-1.1.min.js | 2 +- npm/lib/jsrsasign-all-min.js | 4 +- npm/lib/jsrsasign-jwths-min.js | 2 +- npm/lib/jsrsasign-rsa-min.js | 2 +- npm/lib/jsrsasign.js | 4 +- npm/package.json | 2 +- src/pkcs5pkey-1.0.js | 1091 +++++++++++++++++ src/x509-1.1.js | 6 +- test/qunit-do-pkcs5-eprv.html | 164 +++ test/qunit-do-pkcs5-pub.html | 143 +++ test/qunit-do-pkcs5.html | 280 +++++ 21 files changed, 2392 insertions(+), 20 deletions(-) create mode 100644 api/symbols/KJUR.asn1.x509.AdobeTimeStamp.html create mode 100755 min/jws-3.2.min.js create mode 100755 min/pkcs5pkey-1.0.min.js create mode 100755 src/pkcs5pkey-1.0.js create mode 100755 test/qunit-do-pkcs5-eprv.html create mode 100755 test/qunit-do-pkcs5-pub.html create mode 100755 test/qunit-do-pkcs5.html diff --git a/ChangeLog.txt b/ChangeLog.txt index 45d1cdf0..62079529 100755 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,6 +1,11 @@ ChangeLog for jsrsasign +AdobeTimeStamp X.509v3 extension parser bugfix +* Changes from 10.0.1 to 10.0.2 (2020-Oct-14) + - src/x509.js + - X509.getExtAdobeTimeStamp method bugfix + AdobeTimeStamp X.509v3 certificate extension added * Changes from 10.0.0 to 10.0.1 (2020-Oct-13) - src/asn1x509.js diff --git a/api/files.html b/api/files.html index 9724605b..a132b630 100644 --- a/api/files.html +++ b/api/files.html @@ -878,7 +878,7 @@

x509-1.1.js

Version:
-
jsrsasign 10.0.1 x509 2.0.5 (2020-Oct-11)
+
jsrsasign 10.0.1 x509 2.0.6 (2020-Oct-14)
diff --git a/api/symbols/KJUR.asn1.x509.AdobeTimeStamp.html b/api/symbols/KJUR.asn1.x509.AdobeTimeStamp.html new file mode 100644 index 00000000..9805f0dc --- /dev/null +++ b/api/symbols/KJUR.asn1.x509.AdobeTimeStamp.html @@ -0,0 +1,685 @@ + + + + + + + jsrsasign JavaScript API Reference - KJUR.asn1.x509.AdobeTimeStamp + + + + + + + + + + + + +
+ +
Class Index +| File Index
+
+

Classes

+ +
+ +
+ +
+ +

+ + Class KJUR.asn1.x509.AdobeTimeStamp +

+ + +

+ +
Extends + KJUR.asn1.x509.Extension.
+ + + AdobeTimeStamp X.509v3 extension ASN.1 encoder class + + +
Defined in: asn1x509-1.0.js. + +

+ + + + + + + + + + + + + + + + + +
Class Summary
Constructor AttributesConstructor Name and Description
  + +
AdobeTimeStamp X.509v3 extension ASN.1 encoder class
+This class represents +AdobeTimeStamp X.509v3 extension value defined in + +Adobe site as JSON object.
+
+ + + + + + + + +
+
Fields borrowed from class KJUR.asn1.ASN1Object:
hL, hT, hTLV, hV, isModified, params
+
+ + + + + + + + + +
+
Methods borrowed from class KJUR.asn1.ASN1Object:
getEncodedHex, getLengthHexFromValue, getValueHex
+
+ + + + + + + +
+
+ Class Detail +
+ +
+ KJUR.asn1.x509.AdobeTimeStamp(params) +
+ +
+ AdobeTimeStamp X.509v3 extension ASN.1 encoder class
+This class represents +AdobeTimeStamp X.509v3 extension value defined in + +Adobe site as JSON object. +
+adbe- OBJECT IDENTIFIER ::=  { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 }
+ ::= SEQUENCE {
+    version INTEGER  { v1(1) }, -- extension version
+    location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier)
+    requiresAuth        boolean (default false), OPTIONAL }
+
+Constructor of this class may have following parameters: +
    +
  • {String}uri - RFC 3161 time stamp service URL
  • +
  • {Boolean}reqauth - authentication required or not
  • +
+ + +
+ + + +
new KJUR.asn1.x509.AdobeTimesStamp({
+  uri: "http://tsa.example.com/",
+  reqauth: true
+}
+ + + + + +
+
Parameters:
+ +
+ {Array} params + +
+
JSON object for AdobeTimeStamp extension parameter
+ +
+ + + +
+
Since:
+
jsrsasign 10.0.1 asn1x509 2.1.4
+
+ + + + + +
+
See:
+ +
KJUR.asn1.x509.Extensions
+ +
X509#getExtAdobeTimeStamp
+ +
+ + +
+ + + + + + + + + + + +
+
+ + + +
+ © 2012-2020 Kenji Urushima, All rights reserved
+ + Documentation generated by JsDoc Toolkit 2.4.0 +
+ + diff --git a/api/symbols/src/x509-1.1.js.html b/api/symbols/src/x509-1.1.js.html index a245d32c..44260173 100644 --- a/api/symbols/src/x509-1.1.js.html +++ b/api/symbols/src/x509-1.1.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
  1 /* x509-2.0.5.js (c) 2012-2020 Kenji Urushima | kjur.github.io/jsrsasign/license
+	
  1 /* x509-2.0.6.js (c) 2012-2020 Kenji Urushima | kjur.github.io/jsrsasign/license
   2  */
   3 /*
   4  * x509.js - X509 class to read subject public key from certificate.
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name x509-1.1.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 10.0.1 x509 2.0.5 (2020-Oct-11)
+ 19  * @version jsrsasign 10.0.1 x509 2.0.6 (2020-Oct-14)
  20  * @since jsrsasign 1.x.x
  21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -1991,7 +1991,7 @@
 1984 	var a = _getChildIdx(hExtV, 0);
 1985 	if (a.length > 1) {
 1986 	    var hGN = _getTLV(hExtV, a[1])
-1987 	    var gnParam = this.getGeneraName(hGN);
+1987 	    var gnParam = this.getGeneralName(hGN);
 1988 	    if (gnParam.uri != undefined) {
 1989 		result.uri = gnParam.uri;
 1990 	    }
diff --git a/bower.json b/bower.json
index 53759738..bbf10cac 100644
--- a/bower.json
+++ b/bower.json
@@ -1,6 +1,6 @@
 {
   "name": "kjur-jsrsasign",
-  "version": "10.0.1",
+  "version": "10.0.2",
   "main": "jsrsasign-all-min.js",
   "description": "The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES, JWS and JWT in pure JavaScript.",
   "license": "MIT",
diff --git a/jsrsasign-all-min.js b/jsrsasign-all-min.js
index a3f2f5da..e529d96f 100644
--- a/jsrsasign-all-min.js
+++ b/jsrsasign-all-min.js
@@ -1,5 +1,5 @@
 /*
- * jsrsasign(all) 10.0.1 (2020-10-14) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
+ * jsrsasign(all) 10.0.2 (2020-10-14) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
  */
 
 /*!
@@ -241,7 +241,7 @@ if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||
 var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(v){var w={};var q=v.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(q){w.cipher=q[1];w.ivsalt=q[2]}var p=v.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(p){w.type=p[1]}var u=-1;var x=0;if(v.indexOf("\r\n\r\n")!=-1){u=v.indexOf("\r\n\r\n");x=2}if(v.indexOf("\n\n")!=-1){u=v.indexOf("\n\n");x=1}var t=v.indexOf("-----END");if(u!=-1&&t!=-1){var r=v.substring(u+x*2,t-x);r=r.replace(/\s+/g,"");w.data=r}return w};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+A.length}if(w(y,A[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=z(y,A[1]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=z(y,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length}if(w(y,s[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=z(y,s[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=u(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=u(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=t(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var w=r[0];if(t.substr(w,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=u(t,w);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(t.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw"unsupported PKCS#1/5 hexadecimal key"}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+f}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var G=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return G}function B(G){var s=l({seq:[{"int":1},{octstr:{hex:G.prvKeyHex}},{tag:["a0",true,{oid:{name:G.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+G.pubKeyHex}}]}]});return s}function x(s){var G=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return G}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.getEncodedHex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.getEncodedHex();var h=B(b);var t=h.getEncodedHex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(G,s){var I=c(G,s);var H=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:I.pbkdf2Salt}},{"int":I.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:I.encryptionSchemeIV}}]}]}]},{octstr:{hex:I.ciphertext}}]});return H.getEncodedHex()};var c=function(N,O){var H=100;var M=CryptoJS.lib.WordArray.random(8);var L="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var I=CryptoJS.PBKDF2(O,M,{keySize:192/32,iterations:H});var J=CryptoJS.enc.Hex.parse(N);var K=CryptoJS.TripleDES.encrypt(J,I,{iv:s})+"";var G={};G.ciphertext=K;G.pbkdf2Salt=CryptoJS.enc.Hex.stringify(M);G.pbkdf2Iter=H;G.encryptionSchemeAlg=L;G.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return G};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var g=new l({seq:[{"int":1},{octstr:{hex:b.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]}]});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var e=f(g,0);if(e.length<1){throw"malformed CSR(code:002)"}if(g.substr(e[0],2)!="30"){throw"malformed CSR(code:003)"}var a=f(g,e[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWKFromKey=function(d){var b={};if(d instanceof RSAKey&&d.isPrivate){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));b.d=hextob64u(d.d.toString(16));b.p=hextob64u(d.p.toString(16));b.q=hextob64u(d.q.toString(16));b.dp=hextob64u(d.dmp1.toString(16));b.dq=hextob64u(d.dmq1.toString(16));b.qi=hextob64u(d.coeff.toString(16));return b}else{if(d instanceof RSAKey&&d.isPublic){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPrivate){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);b.d=hextob64u(d.prvKeyHex);return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPublic){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);return b}}}}throw"not supported key object"};
 RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)};
 var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q1){var z=b(v,u[1]);var t=this.getGeneraName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null,"  ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null,"  ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}};
diff --git a/jsrsasign-jwths-min.js b/jsrsasign-jwths-min.js
index 240cbb65..a98feee2 100644
--- a/jsrsasign-jwths-min.js
+++ b/jsrsasign-jwths-min.js
@@ -1,5 +1,5 @@
 /*
- * jsrsasign(jwths) 10.0.1 (2020-10-14) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
+ * jsrsasign(jwths) 10.0.2 (2020-10-14) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
  */
 
 /*!
diff --git a/jsrsasign-rsa-min.js b/jsrsasign-rsa-min.js
index b330ecc7..16a5e1ed 100644
--- a/jsrsasign-rsa-min.js
+++ b/jsrsasign-rsa-min.js
@@ -1,5 +1,5 @@
 /*
- * jsrsasign(rsa) 10.0.1 (2020-10-14) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
+ * jsrsasign(rsa) 10.0.2 (2020-10-14) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
  */
 
 /*!
diff --git a/min/jws-3.2.min.js b/min/jws-3.2.min.js
new file mode 100755
index 00000000..684c7115
--- /dev/null
+++ b/min/jws-3.2.min.js
@@ -0,0 +1,3 @@
+/*! jws-3.2.4 (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license
+ */
+if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.jws=="undefined"||!KJUR.jws){KJUR.jws={}}KJUR.jws.JWS=function(){var i=KJUR.jws.JWS;this.parseJWS=function(o,q){if((this.parsedJWS!==undefined)&&(q||(this.parsedJWS.sigvalH!==undefined))){return}if(o.match(/^([^.]+)\.([^.]+)\.([^.]+)$/)==null){throw"JWS signature is not a form of 'Head.Payload.SigValue'."}var r=RegExp.$1;var m=RegExp.$2;var s=RegExp.$3;var u=r+"."+m;this.parsedJWS={};this.parsedJWS.headB64U=r;this.parsedJWS.payloadB64U=m;this.parsedJWS.sigvalB64U=s;this.parsedJWS.si=u;if(!q){var p=b64utohex(s);var n=parseBigInt(p,16);this.parsedJWS.sigvalH=p;this.parsedJWS.sigvalBI=n}var l=b64utoutf8(r);var t=b64utoutf8(m);this.parsedJWS.headS=l;this.parsedJWS.payloadS=t;if(!i.isSafeJSONString(l,this.parsedJWS,"headP")){throw"malformed JSON string for JWS Head: "+l}};function b(m,l){return utf8tob64u(m)+"."+utf8tob64u(l)}function f(n,m){var l=function(o){return KJUR.crypto.Util.hashString(o,m)};if(l==null){throw"hash function not defined in jsrsasign: "+m}return l(n)}function h(r,o,l,p,n){var q=b(r,o);var m=parseBigInt(l,16);return _rsasign_verifySignatureWithArgs(q,m,p,n)}this.verifyJWSByNE=function(n,m,l){this.parseJWS(n);return _rsasign_verifySignatureWithArgs(this.parsedJWS.si,this.parsedJWS.sigvalBI,m,l)};this.verifyJWSByKey=function(o,n){this.parseJWS(o);var l=c(this.parsedJWS.headP);var m=this.parsedJWS.headP.alg.substr(0,2)=="PS";if(n.hashAndVerify){return n.hashAndVerify(l,new Buffer(this.parsedJWS.si,"utf8").toString("base64"),b64utob64(this.parsedJWS.sigvalB64U),"base64",m)}else{if(m){return n.verifyStringPSS(this.parsedJWS.si,this.parsedJWS.sigvalH,l)}else{return n.verifyString(this.parsedJWS.si,this.parsedJWS.sigvalH)}}};this.verifyJWSByPemX509Cert=function(n,l){this.parseJWS(n);var m=new X509();m.readCertPEM(l);return m.subjectPublicKeyRSA.verifyString(this.parsedJWS.si,this.parsedJWS.sigvalH)};function c(m){var n=m.alg;var l="";if(n!="RS256"&&n!="RS512"&&n!="PS256"&&n!="PS512"){throw"JWS signature algorithm not supported: "+n}if(n.substr(2)=="256"){l="sha256"}if(n.substr(2)=="512"){l="sha512"}return l}function e(l){return c(jsonParse(l))}function k(l,q,t,n,r,s){var o=new RSAKey();o.setPrivate(n,r,s);var m=e(l);var p=o.signString(t,m);return p}function j(r,q,p,o,n){var l=null;if(typeof n=="undefined"){l=e(r)}else{l=c(n)}var m=n.alg.substr(0,2)=="PS";if(o.hashAndSign){return b64tob64u(o.hashAndSign(l,p,"binary","base64",m))}else{if(m){return hextob64u(o.signStringPSS(p,l))}else{return hextob64u(o.signString(p,l))}}}function g(q,n,p,m,o){var l=b(q,n);return k(q,n,l,p,m,o)}this.generateJWSByNED=function(s,o,r,n,q){if(!i.isSafeJSONString(s)){throw"JWS Head is not safe JSON string: "+s}var m=b(s,o);var p=k(s,o,m,r,n,q);var l=hextob64u(p);this.parsedJWS={};this.parsedJWS.headB64U=m.split(".")[0];this.parsedJWS.payloadB64U=m.split(".")[1];this.parsedJWS.sigvalB64U=l;return m+"."+l};this.generateJWSByKey=function(q,o,l){var p={};if(!i.isSafeJSONString(q,p,"headP")){throw"JWS Head is not safe JSON string: "+q}var n=b(q,o);var m=j(q,o,n,l,p.headP);this.parsedJWS={};this.parsedJWS.headB64U=n.split(".")[0];this.parsedJWS.payloadB64U=n.split(".")[1];this.parsedJWS.sigvalB64U=m;return n+"."+m};function d(r,q,p,m){var o=new RSAKey();o.readPrivateKeyFromPEMString(m);var l=e(r);var n=o.signString(p,l);return n}this.generateJWSByP1PrvKey=function(q,o,l){if(!i.isSafeJSONString(q)){throw"JWS Head is not safe JSON string: "+q}var n=b(q,o);var p=d(q,o,n,l);var m=hextob64u(p);this.parsedJWS={};this.parsedJWS.headB64U=n.split(".")[0];this.parsedJWS.payloadB64U=n.split(".")[1];this.parsedJWS.sigvalB64U=m;return n+"."+m}};KJUR.jws.JWS.sign=function(b,p,i,l,k){var j=KJUR.jws.JWS;if(!j.isSafeJSONString(p)){throw"JWS Head is not safe JSON string: "+p}var e=j.readSafeJSONString(p);if((b==""||b==null)&&e.alg!==undefined){b=e.alg}if((b!=""&&b!=null)&&e.alg===undefined){e.alg=b;p=JSON.stringify(e)}var d=null;if(j.jwsalg2sigalg[b]===undefined){throw"unsupported alg name: "+b}else{d=j.jwsalg2sigalg[b]}var c=utf8tob64u(p);var g=utf8tob64u(i);var n=c+"."+g;var m="";if(d.substr(0,4)=="Hmac"){if(l===undefined){throw"hexadecimal key shall be specified for HMAC"}var h=new KJUR.crypto.Mac({alg:d,pass:hextorstr(l)});h.updateString(n);m=h.doFinal()}else{if(d.indexOf("withECDSA")!=-1){var o=new KJUR.crypto.Signature({alg:d});o.init(l,k);o.updateString(n);hASN1Sig=o.sign();m=KJUR.crypto.ECDSA.asn1SigToConcatSig(hASN1Sig)}else{if(d!="none"){var o=new KJUR.crypto.Signature({alg:d});o.init(l,k);o.updateString(n);m=o.sign()}}}var f=hextob64u(m);return n+"."+f};KJUR.jws.JWS.verify=function(o,s,j){var l=KJUR.jws.JWS;var p=o.split(".");var d=p[0];var k=p[1];var b=d+"."+k;var q=b64utohex(p[2]);var i=l.readSafeJSONString(b64utoutf8(p[0]));var h=null;var r=null;if(i.alg===undefined){throw"algorithm not specified in header"}else{h=i.alg;r=h.substr(0,2)}if(j!=null&&Object.prototype.toString.call(j)==="[object Array]"&&j.length>0){var c=":"+j.join(":")+":";if(c.indexOf(":"+h+":")==-1){throw"algorithm '"+h+"' not accepted in the list"}}if(h!="none"&&s===null){throw"key shall be specified to verify."}if(r=="HS"){if(typeof s!="string"&&s.length!=0&&s.length%2!=0&&!s.match(/^[0-9A-Fa-f]+/)){throw"key shall be a hexadecimal str for HS* algs"}}if(typeof s=="string"&&s.indexOf("-----BEGIN ")!=-1){s=KEYUTIL.getKey(s)}if(r=="RS"||r=="PS"){if(!(s instanceof RSAKey)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(r=="ES"){if(!(s instanceof KJUR.crypto.ECDSA)){throw"key shall be a ECDSA obj for ES* algs"}}if(h=="none"){}var m=null;if(l.jwsalg2sigalg[i.alg]===undefined){throw"unsupported alg name: "+h}else{m=l.jwsalg2sigalg[h]}if(m=="none"){throw"not supported"}else{if(m.substr(0,4)=="Hmac"){if(s===undefined){throw"hexadecimal key shall be specified for HMAC"}var g=new KJUR.crypto.Mac({alg:m,pass:hextorstr(s)});g.updateString(b);hSig2=g.doFinal();return q==hSig2}else{if(m.indexOf("withECDSA")!=-1){var f=null;try{f=KJUR.crypto.ECDSA.concatSigToASN1Sig(q)}catch(n){return false}var e=new KJUR.crypto.Signature({alg:m});e.init(s);e.updateString(b);return e.verify(f)}else{var e=new KJUR.crypto.Signature({alg:m});e.init(s);e.updateString(b);return e.verify(q)}}}};KJUR.jws.JWS.verifyJWT=function(d,j,l){var h=KJUR.jws.JWS;var i=d.split(".");var c=i[0];var g=i[1];var m=c+"."+g;var k=b64utohex(i[2]);var f=h.readSafeJSONString(b64utoutf8(c));var e=h.readSafeJSONString(b64utoutf8(g));if(f.alg===undefined){return false}if(l.alg===undefined){throw"acceptField.alg shall be specified"}if(!h.inArray(f.alg,l.alg)){return false}if(e.iss!==undefined&&typeof l.iss==="object"){if(!h.inArray(e.iss,l.iss)){return false}}if(e.sub!==undefined&&typeof l.sub==="object"){if(!h.inArray(e.sub,l.sub)){return false}}if(e.aud!==undefined&&typeof l.aud==="object"){if(typeof e.aud=="string"){if(!h.inArray(e.aud,l.aud)){return false}}else{if(typeof e.aud=="object"){if(!h.includedArray(e.aud,l.aud)){return false}}}}var b=KJUR.jws.IntDate.getNow();if(l.verifyAt!==undefined&&typeof l.verifyAt=="number"){b=l.verifyAt}if(e.exp!==undefined&&typeof e.exp=="number"){if(e.exp=s*2){break}}var x={};x.keyhex=v.substr(0,g[o]["keylen"]*2);x.ivhex=v.substr(g[o]["keylen"]*2,g[o]["ivlen"]*2);return x};var a=function(n,t,p,u){var q=CryptoJS.enc.Base64.parse(n);var o=CryptoJS.enc.Hex.stringify(q);var s=g[t]["proc"];var r=s(o,p,u);return r};var f=function(n,q,o,s){var p=g[q]["eproc"];var r=p(n,o,s);return r};return{version:"1.0.5",getHexFromPEM:function(n,o){return pemtohex(n,o)},getDecryptedKeyHexByKeyIV:function(o,r,q,p){var n=b(r);return n(o,q,p)},parsePKCS5PEM:function(n){return l(n)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(o,n,p){return h(o,n,p)},decryptKeyB64:function(n,p,o,q){return a(n,p,o,q)},getDecryptedKeyHex:function(w,v){var o=l(w);var r=o.type;var p=o.cipher;var n=o.ivsalt;var q=o.data;var u=h(p,v,n);var t=u.keyhex;var s=a(q,p,t,n);return s},getRSAKeyFromEncryptedPKCS5PEM:function(p,o){var q=this.getDecryptedKeyHex(p,o);var n=new RSAKey();n.readPrivateKeyFromASN1HexString(q);return n},getEncryptedPKCS5PEMFromPrvKeyHex:function(q,x,r,p){if(typeof r=="undefined"||r==null){r="AES-256-CBC"}if(typeof g[r]=="undefined"){throw"PKCS5PKEY unsupported algorithm: "+r}if(typeof p=="undefined"||p==null){var t=g[r]["ivlen"];var s=k(t);p=s.toUpperCase()}var w=h(r,x,p);var v=w.keyhex;var u=f(q,r,v,p);var o=u.replace(/(.{64})/g,"$1\r\n");var n="-----BEGIN RSA PRIVATE KEY-----\r\n";n+="Proc-Type: 4,ENCRYPTED\r\n";n+="DEK-Info: "+r+","+p+"\r\n";n+="\r\n";n+=o;n+="\r\n-----END RSA PRIVATE KEY-----\r\n";return n},getEncryptedPKCS5PEMFromRSAKey:function(C,D,o,s){var A=new KJUR.asn1.DERInteger({"int":0});var v=new KJUR.asn1.DERInteger({bigint:C.n});var z=new KJUR.asn1.DERInteger({"int":C.e});var B=new KJUR.asn1.DERInteger({bigint:C.d});var t=new KJUR.asn1.DERInteger({bigint:C.p});var r=new KJUR.asn1.DERInteger({bigint:C.q});var y=new KJUR.asn1.DERInteger({bigint:C.dmp1});var u=new KJUR.asn1.DERInteger({bigint:C.dmq1});var x=new KJUR.asn1.DERInteger({bigint:C.coeff});var E=new KJUR.asn1.DERSequence({array:[A,v,z,B,t,r,y,u,x]});var w=E.getEncodedHex();return this.getEncryptedPKCS5PEMFromPrvKeyHex(w,D,o,s)},newEncryptedPKCS5PEM:function(n,o,r,s){if(typeof o=="undefined"||o==null){o=1024}if(typeof r=="undefined"||r==null){r="10001"}var p=new RSAKey();p.generate(o,r);var q=null;if(typeof s=="undefined"||s==null){q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n)}else{q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n,s)}return q},getRSAKeyFromPlainPKCS8PEM:function(p){if(p.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var o=pemtohex(p,"PRIVATE KEY");var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getRSAKeyFromPlainPKCS8Hex:function(o){var n=new RSAKey();n.readPKCS8PrvKeyHex(o);return n},parseHexOfEncryptedPKCS8:function(w){var z=ASN1HEX;var x=z.getChildIdx;var u=z.getV;var r={};var p=x(w,0);if(p.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+p.length}r.ciphertext=u(w,p[1]);var y=x(w,p[0]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+y.length}if(u(w,y[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var n=x(w,y[1]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+n.length}var o=x(w,n[1]);if(o.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+o.length}if(u(w,o[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}r.encryptionSchemeAlg="TripleDES";r.encryptionSchemeIV=u(w,o[1]);var q=x(w,n[0]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+q.length}if(u(w,q[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var v=x(w,q[1]);if(v.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+v.length}r.pbkdf2Salt=u(w,v[0]);var s=u(w,v[1]);try{r.pbkdf2Iter=parseInt(s,16)}catch(t){throw"malformed format pbkdf2Iter: "+s}return r},getPBKDF2KeyHexFromParam:function(s,n){var r=CryptoJS.enc.Hex.parse(s.pbkdf2Salt);var o=s.pbkdf2Iter;var q=CryptoJS.PBKDF2(n,r,{keySize:192/32,iterations:o});var p=CryptoJS.enc.Hex.stringify(q);return p},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(v,w){var p=pemtohex(v,"ENCRYPTED PRIVATE KEY");var n=this.parseHexOfEncryptedPKCS8(p);var s=PKCS5PKEY.getPBKDF2KeyHexFromParam(n,w);var t={};t.ciphertext=CryptoJS.enc.Hex.parse(n.ciphertext);var r=CryptoJS.enc.Hex.parse(s);var q=CryptoJS.enc.Hex.parse(n.encryptionSchemeIV);var u=CryptoJS.TripleDES.decrypt(t,r,{iv:q});var o=CryptoJS.enc.Hex.stringify(u);return o},getRSAKeyFromEncryptedPKCS8PEM:function(q,p){var o=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,p);var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getKeyFromEncryptedPKCS8PEM:function(q,o){var n=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,o);var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},parsePlainPrivatePKCS8Hex:function(q){var t=ASN1HEX;var s=t.getChildIdx;var r=t.getV;var o={};o.algparam=null;if(q.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var p=s(q,0);if(p.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(q.substr(p[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var n=s(q,p[1]);if(n.length!=2){throw"malformed PKCS8 private key(code:004)"}if(q.substr(n[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}o.algoid=r(q,n[0]);if(q.substr(n[1],2)=="06"){o.algparam=r(q,n[1])}if(q.substr(p[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}o.keyidx=t.getVidx(q,p[2]);return o},getKeyFromPlainPrivatePKCS8PEM:function(o){var n=pemtohex(o,"PRIVATE KEY");var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},getKeyFromPlainPrivatePKCS8Hex:function(n){var o=this.parsePlainPrivatePKCS8Hex(n);var p;if(o.algoid=="2a864886f70d010101"){p=new RSAKey()}else{if(o.algoid=="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(o.algoid=="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}p.readPKCS8PrvKeyHex(n);return p},getRSAKeyFromPublicPKCS8PEM:function(o){var p=pemtohex(o,"PUBLIC KEY");var n=this.getRSAKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8PEM:function(o){var p=pemtohex(o,"PUBLIC KEY");var n=this.getKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8Hex:function(o){var n;var p=ASN1HEX.getVbyList(o,0,[0,0],"06");if(p==="2a864886f70d010101"){n=new RSAKey()}else{if(p==="2a8648ce380401"){n=new KJUR.crypto.DSA()}else{if(p==="2a8648ce3d0201"){n=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}n.readPKCS8PubKeyHex(o);return n},parsePublicRawRSAKeyHex:function(p){var s=ASN1HEX;var r=s.getChildIdx;var q=s.getV;var n={};if(p.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var o=r(p,0);if(o.length!=2){throw"malformed RSA key(code:002)"}if(p.substr(o[0],2)!="02"){throw"malformed RSA key(code:003)"}n.n=q(p,o[0]);if(p.substr(o[1],2)!="02"){throw"malformed RSA key(code:004)"}n.e=q(p,o[1]);return n},parsePrivateRawRSAKeyHexAtObj:function(o,t){var s=ASN1HEX;var r=s.getChildIdx;var p=s.getV;var q=s.getIdxbyList(o,0,[2,0]);var n=r(o,q);if(n.length!==9){throw"malformed PKCS#8 plain RSA private key"}t.key={};t.key.n=p(o,n[1]);t.key.e=p(o,n[2]);t.key.d=p(o,n[3]);t.key.p=p(o,n[4]);t.key.q=p(o,n[5]);t.key.dp=p(o,n[6]);t.key.dq=p(o,n[7]);t.key.co=p(o,n[8])},parsePrivateRawECKeyHexAtObj:function(n,q){var o=q.keyidx;var p=new KJUR.crypto.ECDSA();p.readPKCS8PrvKeyHex(n);q.key=p.prvKeyHex;q.pubkey=p.pubKeyHex},parsePublicPKCS8Hex:function(r){var t=ASN1HEX;var s=t.getChildIdx;var q=t.getV;var o={};o.algparam=null;var p=s(r,0);if(p.length!=2){throw"outer DERSequence shall have 2 elements: "+p.length}var u=p[0];if(r.substr(u,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var n=s(r,u);if(n.length!=2){throw"malformed PKCS8 public key(code:002)"}if(r.substr(n[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}o.algoid=q(r,n[0]);if(r.substr(n[1],2)=="06"){o.algparam=q(r,n[1])}else{if(r.substr(n[1],2)=="30"){o.algparam={};o.algparam.p=t.getVbyList(r,n[1],[0],"02");o.algparam.q=t.getVbyList(r,n[1],[1],"02");o.algparam.g=t.getVbyList(r,n[1],[2],"02")}}if(r.substr(p[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}o.key=q(r,p[1]).substr(2);return o},getRSAKeyFromPublicPKCS8Hex:function(n){var o=new RSAKey();o.readPKCS8PubKeyHex(n);return o},}}();
\ No newline at end of file
diff --git a/min/x509-1.1.min.js b/min/x509-1.1.min.js
index fe836a08..daba5d11 100644
--- a/min/x509-1.1.min.js
+++ b/min/x509-1.1.min.js
@@ -1 +1 @@
-function X509(q){var j=ASN1HEX,n=j.getChildIdx,g=j.getV,b=j.getTLV,c=j.getVbyList,k=j.getVbyListEx,a=j.getTLVbyList,l=j.getTLVbyListEx,h=j.getIdxbyList,e=j.getIdxbyListEx,i=j.getVidx,p=j.oidname,m=j.hextooidstr,d=X509,r=pemtohex,f;try{f=KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV}catch(o){}this.HEX2STAG={"0c":"utf8","13":"prn","16":"ia5","1a":"vis","1e":"bmp"};this.hex=null;this.version=0;this.foffset=0;this.aExtInfo=null;this.getVersion=function(){if(this.hex===null||this.version!==0){return this.version}if(a(this.hex,0,[0,0])!=="a003020102"){this.version=1;this.foffset=-1;return 1}this.version=3;return 3};this.getSerialNumberHex=function(){return k(this.hex,0,[0,0],"02")};this.getSignatureAlgorithmField=function(){var s=l(this.hex,0,[0,1]);return this.getAlgorithmIdentifierName(s)};this.getAlgorithmIdentifierName=function(s){for(var t in f){if(s===f[t]){return t}}return p(k(s,0,[0],"06"))};this.getIssuer=function(){var s={};s.array=this.getX500Name(this.getIssuerHex());s.str=this.getIssuerString();return s};this.getIssuerHex=function(){return a(this.hex,0,[0,3+this.foffset],"30")};this.getIssuerString=function(){return d.hex2dn(this.getIssuerHex())};this.getSubject=function(){var s={};s.array=this.getX500Name(this.getSubjectHex());s.str=this.getSubjectString();return s};this.getSubjectHex=function(){return a(this.hex,0,[0,5+this.foffset],"30")};this.getSubjectString=function(){return d.hex2dn(this.getSubjectHex())};this.getNotBefore=function(){var t=c(this.hex,0,[0,4+this.foffset,0]);t=t.replace(/(..)/g,"%$1");t=decodeURIComponent(t);return t};this.getNotAfter=function(){var t=c(this.hex,0,[0,4+this.foffset,1]);t=t.replace(/(..)/g,"%$1");t=decodeURIComponent(t);return t};this.getPublicKeyHex=function(){return j.getTLVbyList(this.hex,0,[0,6+this.foffset],"30")};this.getPublicKeyIdx=function(){return h(this.hex,0,[0,6+this.foffset],"30")};this.getPublicKeyContentIdx=function(){var s=this.getPublicKeyIdx();return h(this.hex,s,[1,0],"30")};this.getPublicKey=function(){return KEYUTIL.getKey(this.getPublicKeyHex(),null,"pkcs8pub")};this.getSignatureAlgorithmName=function(){var s=a(this.hex,0,[1],"30");return this.getAlgorithmIdentifierName(s)};this.getSignatureValueHex=function(){return c(this.hex,0,[2],"03",true)};this.verifySignature=function(u){var v=this.getSignatureAlgorithmField();var s=this.getSignatureValueHex();var t=a(this.hex,0,[0],"30");var w=new KJUR.crypto.Signature({alg:v});w.init(u);w.updateHex(t);return w.verify(s)};this.parseExt=function(B){var u,s,w;if(B===undefined){w=this.hex;if(this.version!==3){return -1}u=h(w,0,[0,7,0],"30");s=n(w,u)}else{w=pemtohex(B);var x=h(w,0,[0,3,0,0],"06");if(g(w,x)!="2a864886f70d01090e"){this.aExtInfo=new Array();return}u=h(w,0,[0,3,0,1,0],"30");s=n(w,u);this.hex=w}this.aExtInfo=new Array();for(var v=0;v1){var z=b(v,u[1]);var t=this.getGeneraName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+A.length}if(w(y,A[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=z(y,A[1]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=z(y,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length}if(w(y,s[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=z(y,s[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=u(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=u(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=t(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var w=r[0];if(t.substr(w,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=u(t,w);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(t.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw"unsupported PKCS#1/5 hexadecimal key"}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+f}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var G=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return G}function B(G){var s=l({seq:[{"int":1},{octstr:{hex:G.prvKeyHex}},{tag:["a0",true,{oid:{name:G.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+G.pubKeyHex}}]}]});return s}function x(s){var G=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return G}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.getEncodedHex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.getEncodedHex();var h=B(b);var t=h.getEncodedHex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(G,s){var I=c(G,s);var H=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:I.pbkdf2Salt}},{"int":I.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:I.encryptionSchemeIV}}]}]}]},{octstr:{hex:I.ciphertext}}]});return H.getEncodedHex()};var c=function(N,O){var H=100;var M=CryptoJS.lib.WordArray.random(8);var L="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var I=CryptoJS.PBKDF2(O,M,{keySize:192/32,iterations:H});var J=CryptoJS.enc.Hex.parse(N);var K=CryptoJS.TripleDES.encrypt(J,I,{iv:s})+"";var G={};G.ciphertext=K;G.pbkdf2Salt=CryptoJS.enc.Hex.stringify(M);G.pbkdf2Iter=H;G.encryptionSchemeAlg=L;G.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return G};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var g=new l({seq:[{"int":1},{octstr:{hex:b.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]}]});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var e=f(g,0);if(e.length<1){throw"malformed CSR(code:002)"}if(g.substr(e[0],2)!="30"){throw"malformed CSR(code:003)"}var a=f(g,e[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWKFromKey=function(d){var b={};if(d instanceof RSAKey&&d.isPrivate){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));b.d=hextob64u(d.d.toString(16));b.p=hextob64u(d.p.toString(16));b.q=hextob64u(d.q.toString(16));b.dp=hextob64u(d.dmp1.toString(16));b.dq=hextob64u(d.dmq1.toString(16));b.qi=hextob64u(d.coeff.toString(16));return b}else{if(d instanceof RSAKey&&d.isPublic){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPrivate){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);b.d=hextob64u(d.prvKeyHex);return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPublic){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);return b}}}}throw"not supported key object"};
 RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)};
 var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q1){var z=b(v,u[1]);var t=this.getGeneraName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null,"  ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null,"  ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}};
diff --git a/npm/lib/jsrsasign-jwths-min.js b/npm/lib/jsrsasign-jwths-min.js
index 240cbb65..a98feee2 100644
--- a/npm/lib/jsrsasign-jwths-min.js
+++ b/npm/lib/jsrsasign-jwths-min.js
@@ -1,5 +1,5 @@
 /*
- * jsrsasign(jwths) 10.0.1 (2020-10-14) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
+ * jsrsasign(jwths) 10.0.2 (2020-10-14) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
  */
 
 /*!
diff --git a/npm/lib/jsrsasign-rsa-min.js b/npm/lib/jsrsasign-rsa-min.js
index b330ecc7..16a5e1ed 100644
--- a/npm/lib/jsrsasign-rsa-min.js
+++ b/npm/lib/jsrsasign-rsa-min.js
@@ -1,5 +1,5 @@
 /*
- * jsrsasign(rsa) 10.0.1 (2020-10-14) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
+ * jsrsasign(rsa) 10.0.2 (2020-10-14) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
  */
 
 /*!
diff --git a/npm/lib/jsrsasign.js b/npm/lib/jsrsasign.js
index beb9ffde..6bd81309 100755
--- a/npm/lib/jsrsasign.js
+++ b/npm/lib/jsrsasign.js
@@ -4,7 +4,7 @@ navigator.userAgent = false;
 
 var window = {};
 /*
- * jsrsasign(all) 10.0.1 (2020-10-14) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
+ * jsrsasign(all) 10.0.2 (2020-10-14) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
  */
 
 /*!
@@ -246,7 +246,7 @@ if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||
 var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(v){var w={};var q=v.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(q){w.cipher=q[1];w.ivsalt=q[2]}var p=v.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(p){w.type=p[1]}var u=-1;var x=0;if(v.indexOf("\r\n\r\n")!=-1){u=v.indexOf("\r\n\r\n");x=2}if(v.indexOf("\n\n")!=-1){u=v.indexOf("\n\n");x=1}var t=v.indexOf("-----END");if(u!=-1&&t!=-1){var r=v.substring(u+x*2,t-x);r=r.replace(/\s+/g,"");w.data=r}return w};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+A.length}if(w(y,A[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=z(y,A[1]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=z(y,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length}if(w(y,s[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=z(y,s[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=u(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=u(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=t(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var w=r[0];if(t.substr(w,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=u(t,w);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(t.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw"unsupported PKCS#1/5 hexadecimal key"}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+f}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var G=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return G}function B(G){var s=l({seq:[{"int":1},{octstr:{hex:G.prvKeyHex}},{tag:["a0",true,{oid:{name:G.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+G.pubKeyHex}}]}]});return s}function x(s){var G=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return G}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.getEncodedHex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.getEncodedHex();var h=B(b);var t=h.getEncodedHex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(G,s){var I=c(G,s);var H=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:I.pbkdf2Salt}},{"int":I.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:I.encryptionSchemeIV}}]}]}]},{octstr:{hex:I.ciphertext}}]});return H.getEncodedHex()};var c=function(N,O){var H=100;var M=CryptoJS.lib.WordArray.random(8);var L="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var I=CryptoJS.PBKDF2(O,M,{keySize:192/32,iterations:H});var J=CryptoJS.enc.Hex.parse(N);var K=CryptoJS.TripleDES.encrypt(J,I,{iv:s})+"";var G={};G.ciphertext=K;G.pbkdf2Salt=CryptoJS.enc.Hex.stringify(M);G.pbkdf2Iter=H;G.encryptionSchemeAlg=L;G.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return G};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var g=new l({seq:[{"int":1},{octstr:{hex:b.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]}]});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var e=f(g,0);if(e.length<1){throw"malformed CSR(code:002)"}if(g.substr(e[0],2)!="30"){throw"malformed CSR(code:003)"}var a=f(g,e[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWKFromKey=function(d){var b={};if(d instanceof RSAKey&&d.isPrivate){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));b.d=hextob64u(d.d.toString(16));b.p=hextob64u(d.p.toString(16));b.q=hextob64u(d.q.toString(16));b.dp=hextob64u(d.dmp1.toString(16));b.dq=hextob64u(d.dmq1.toString(16));b.qi=hextob64u(d.coeff.toString(16));return b}else{if(d instanceof RSAKey&&d.isPublic){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPrivate){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);b.d=hextob64u(d.prvKeyHex);return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPublic){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);return b}}}}throw"not supported key object"};
 RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)};
 var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q1){var z=b(v,u[1]);var t=this.getGeneraName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null,"  ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null,"  ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}};
diff --git a/npm/package.json b/npm/package.json
index 3889adfb..b74b2388 100755
--- a/npm/package.json
+++ b/npm/package.json
@@ -1,6 +1,6 @@
 {
   "name": "jsrsasign",
-  "version": "10.0.1",
+  "version": "10.0.2",
   "description": "opensource free pure JavaScript cryptographic library supports RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp and CAdES and JSON Web Signature(JWS)/Token(JWT)/Key(JWK).",
   "main": "lib/jsrsasign.js",
   "scripts": {
diff --git a/src/pkcs5pkey-1.0.js b/src/pkcs5pkey-1.0.js
new file mode 100755
index 00000000..8f113ac3
--- /dev/null
+++ b/src/pkcs5pkey-1.0.js
@@ -0,0 +1,1091 @@
+/* pkcs5pkey-1.1.2.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
+ */
+/*
+ * pkcs5pkey.js - reading passcode protected PKCS#5 PEM formatted RSA private key
+ *
+ * Copyright (c) 2013-2017 Kenji Urushima (kenji.urushima@gmail.com)
+ *
+ * This software is licensed under the terms of the MIT License.
+ * https://kjur.github.io/jsrsasign/license
+ *
+ * The above copyright and license notice shall be 
+ * included in all copies or substantial portions of the Software.
+ */
+/**
+ * @fileOverview
+ * @name pkcs5pkey-1.0.js (DEPRECATED)
+ * @author Kenji Urushima kenji.urushima@gmail.com
+ * @version jsrsasign 7.2.1 pkcs5pkey 1.1.2 (2017-Jun-03)
+ * @since jsrsasign 2.0.0
+ * @license MIT License
+ */
+
+/**
+ * @name PKCS5PKEY
+ * @class (DEPRECATED) class for PKCS#5 and PKCS#8 private key 
+ * @deprecated Since jsrsasign 4.1.3. Please use KEYUTIL class.
+ * @description 
+ * 
+ * {@link PKCS5PKEY} class has following features: + *
    + *
  • read and parse PEM formatted encrypted PKCS#5 private key + *
  • generate PEM formatted encrypted PKCS#5 private key + *
  • read and parse PEM formatted plain PKCS#8 private key + *
  • read and parse PEM formatted encrypted PKCS#8 private key by PBKDF2/HmacSHA1/3DES + *
+ * Currently supports only RSA private key and + * following symmetric key algorithms to protect private key. + *
    + *
  • DES-EDE3-CBC
  • + *
  • AES-256-CBC
  • + *
  • AES-192-CBC
  • + *
  • AES-128-CBC
  • + *
+ * + *
METHOD SUMMARY
+ *
+ *
PKCS8 PRIVATE KEY METHODS
+ *
    + *
  • {@link PKCS5PKEY.getRSAKeyFromPlainPKCS8PEM} - convert plain PKCS8 PEM to RSAKey object
  • + *
  • {@link PKCS5PKEY.getRSAKeyFromPlainPKCS8Hex} - convert plain PKCS8 hexadecimal data to RSAKey object
  • + *
  • {@link PKCS5PKEY.getRSAKeyFromEncryptedPKCS8PEM} - convert encrypted PKCS8 PEM to RSAKey object
  • + *
  • {@link PKCS5PKEY.getPlainPKCS8HexFromEncryptedPKCS8PEM} - convert encrypted PKCS8 PEM to plain PKCS8 Hex
  • + *
+ *
PKCS5 PRIVATE KEY METHODS
+ *
    + *
  • {@link PKCS5PKEY.getRSAKeyFromEncryptedPKCS5PEM} - convert encrypted PKCS5 PEM to RSAKey object
  • + *
  • {@link PKCS5PKEY.getEncryptedPKCS5PEMFromRSAKey} - convert RSAKey object to encryped PKCS5 PEM
  • + *
  • {@link PKCS5PKEY.newEncryptedPKCS5PEM} - generate RSAKey and its encrypted PKCS5 PEM
  • + *
+ *
PKCS8 PUBLIC KEY METHODS
+ *
    + *
  • {@link PKCS5PKEY.getKeyFromPublicPKCS8PEM} - convert encrypted PKCS8 PEM to RSAKey/ECDSA object
  • + *
  • {@link PKCS5PKEY.getKeyFromPublicPKCS8Hex} - convert encrypted PKCS8 Hex to RSAKey/ECDSA object
  • + *
  • {@link PKCS5PKEY.getRSAKeyFromPublicPKCS8PEM} - convert encrypted PKCS8 PEM to RSAKey object
  • + *
  • {@link PKCS5PKEY.getRSAKeyFromPublicPKCS8Hex} - convert encrypted PKCS8 Hex to RSAKey object
  • + *
+ *
UTITILIY METHODS
+ *
    + *
  • {@link PKCS5PKEY.getHexFromPEM} - convert PEM string to hexadecimal data (DEPRECATED)
  • + *
  • {@link PKCS5PKEY.getDecryptedKeyHexByKeyIV} - decrypt key by sharedKey and IV
  • + *
+ *
+ * + * @example + * Here is an example of PEM formatted encrypted PKCS#5 private key. + * -----BEGIN RSA PRIVATE KEY----- + * Proc-Type: 4,ENCRYPTED + * DEK-Info: AES-256-CBC,40555967F759530864FE022E257DE34E + * + * jV7uXajRw4cccDaliagcqiLOiQEUCe19l761pXRxzgQP+DH4rCi12T4puTdZyy6l + * ...(snip)... + * qxLS+BASmyGm4DME6m+kltZ12LXwPgNU6+d+XQ4NXSA= + *-----END RSA PRIVATE KEY----- + */ +var PKCS5PKEY = function() { + // ***************************************************************** + // *** PRIVATE PROPERTIES AND METHODS ******************************* + // ***************************************************************** + // shared key decryption ------------------------------------------ + var decryptAES = function(dataHex, keyHex, ivHex) { + return decryptGeneral(CryptoJS.AES, dataHex, keyHex, ivHex); + }; + + var decrypt3DES = function(dataHex, keyHex, ivHex) { + return decryptGeneral(CryptoJS.TripleDES, dataHex, keyHex, ivHex); + }; + + var decryptGeneral = function(f, dataHex, keyHex, ivHex) { + var data = CryptoJS.enc.Hex.parse(dataHex); + var key = CryptoJS.enc.Hex.parse(keyHex); + var iv = CryptoJS.enc.Hex.parse(ivHex); + var encrypted = {}; + encrypted.key = key; + encrypted.iv = iv; + encrypted.ciphertext = data; + var decrypted = f.decrypt(encrypted, key, { iv: iv }); + return CryptoJS.enc.Hex.stringify(decrypted); + }; + + // shared key decryption ------------------------------------------ + var encryptAES = function(dataHex, keyHex, ivHex) { + return encryptGeneral(CryptoJS.AES, dataHex, keyHex, ivHex); + }; + + var encrypt3DES = function(dataHex, keyHex, ivHex) { + return encryptGeneral(CryptoJS.TripleDES, dataHex, keyHex, ivHex); + }; + + var encryptGeneral = function(f, dataHex, keyHex, ivHex) { + var data = CryptoJS.enc.Hex.parse(dataHex); + var key = CryptoJS.enc.Hex.parse(keyHex); + var iv = CryptoJS.enc.Hex.parse(ivHex); + var msg = {}; + var encryptedHex = f.encrypt(data, key, { iv: iv }); + var encryptedWA = CryptoJS.enc.Hex.parse(encryptedHex.toString()); + var encryptedB64 = CryptoJS.enc.Base64.stringify(encryptedWA); + return encryptedB64; + }; + + // other methods and properties ---------------------------------------- + var ALGLIST = { + 'AES-256-CBC': { 'proc': decryptAES, 'eproc': encryptAES, keylen: 32, ivlen: 16 }, + 'AES-192-CBC': { 'proc': decryptAES, 'eproc': encryptAES, keylen: 24, ivlen: 16 }, + 'AES-128-CBC': { 'proc': decryptAES, 'eproc': encryptAES, keylen: 16, ivlen: 16 }, + 'DES-EDE3-CBC': { 'proc': decrypt3DES, 'eproc': encrypt3DES, keylen: 24, ivlen: 8 } + }; + + var getFuncByName = function(algName) { + return ALGLIST[algName]['proc']; + }; + + var _generateIvSaltHex = function(numBytes) { + var wa = CryptoJS.lib.WordArray.random(numBytes); + var hex = CryptoJS.enc.Hex.stringify(wa); + return hex; + }; + + var _parsePKCS5PEM = function(sPKCS5PEM) { + var info = {}; + var matchResult1 = sPKCS5PEM.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)", "m")); + if (matchResult1) { + info.cipher = matchResult1[1]; + info.ivsalt = matchResult1[2]; + } + var matchResult2 = sPKCS5PEM.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----")); + if (matchResult2) { + info.type = matchResult2[1]; + } + var i1 = -1; + var lenNEWLINE = 0; + if (sPKCS5PEM.indexOf("\r\n\r\n") != -1) { + i1 = sPKCS5PEM.indexOf("\r\n\r\n"); + lenNEWLINE = 2; + } + if (sPKCS5PEM.indexOf("\n\n") != -1) { + i1 = sPKCS5PEM.indexOf("\n\n"); + lenNEWLINE = 1; + } + var i2 = sPKCS5PEM.indexOf("-----END"); + if (i1 != -1 && i2 != -1) { + var s = sPKCS5PEM.substring(i1 + lenNEWLINE * 2, i2 - lenNEWLINE); + s = s.replace(/\s+/g, ''); + info.data = s; + } + return info; + }; + + var _getKeyAndUnusedIvByPasscodeAndIvsalt = function(algName, passcode, ivsaltHex) { + //alert("ivsaltHex(2) = " + ivsaltHex); + var saltHex = ivsaltHex.substring(0, 16); + //alert("salt = " + saltHex); + + var salt = CryptoJS.enc.Hex.parse(saltHex); + var data = CryptoJS.enc.Utf8.parse(passcode); + //alert("salt = " + salt); + //alert("data = " + data); + + var nRequiredBytes = ALGLIST[algName]['keylen'] + ALGLIST[algName]['ivlen']; + var hHexValueJoined = ''; + var hLastValue = null; + //alert("nRequiredBytes = " + nRequiredBytes); + for (;;) { + var h = CryptoJS.algo.MD5.create(); + if (hLastValue != null) { + h.update(hLastValue); + } + h.update(data); + h.update(salt); + hLastValue = h.finalize(); + hHexValueJoined = hHexValueJoined + CryptoJS.enc.Hex.stringify(hLastValue); + //alert("joined = " + hHexValueJoined); + if (hHexValueJoined.length >= nRequiredBytes * 2) { + break; + } + } + var result = {}; + result.keyhex = hHexValueJoined.substr(0, ALGLIST[algName]['keylen'] * 2); + result.ivhex = hHexValueJoined.substr(ALGLIST[algName]['keylen'] * 2, ALGLIST[algName]['ivlen'] * 2); + return result; + }; + + /* + * @param {String} privateKeyB64 base64 string of encrypted private key + * @param {String} sharedKeyAlgName algorithm name of shared key encryption + * @param {String} sharedKeyHex hexadecimal string of shared key to encrypt + * @param {String} ivsaltHex hexadecimal string of IV and salt + * @param {String} hexadecimal string of decrypted private key + */ + var _decryptKeyB64 = function(privateKeyB64, sharedKeyAlgName, sharedKeyHex, ivsaltHex) { + var privateKeyWA = CryptoJS.enc.Base64.parse(privateKeyB64); + var privateKeyHex = CryptoJS.enc.Hex.stringify(privateKeyWA); + var f = ALGLIST[sharedKeyAlgName]['proc']; + var decryptedKeyHex = f(privateKeyHex, sharedKeyHex, ivsaltHex); + return decryptedKeyHex; + }; + + /* + * @param {String} privateKeyHex hexadecimal string of private key + * @param {String} sharedKeyAlgName algorithm name of shared key encryption + * @param {String} sharedKeyHex hexadecimal string of shared key to encrypt + * @param {String} ivsaltHex hexadecimal string of IV and salt + * @param {String} base64 string of encrypted private key + */ + var _encryptKeyHex = function(privateKeyHex, sharedKeyAlgName, sharedKeyHex, ivsaltHex) { + var f = ALGLIST[sharedKeyAlgName]['eproc']; + var encryptedKeyB64 = f(privateKeyHex, sharedKeyHex, ivsaltHex); + return encryptedKeyB64; + }; + + // ***************************************************************** + // *** PUBLIC PROPERTIES AND METHODS ******************************* + // ***************************************************************** + return { + // -- UTILITY METHODS ------------------------------------------ + /** + * decrypt private key by shared key + * @name version + * @memberOf PKCS5PKEY + * @property {String} version + * @description version string of PKCS5PKEY class + */ + version: "1.0.5", + + /** + * (DEPRECATED) get hexacedimal string of PEM format + * @name getHexFromPEM + * @memberOf PKCS5PKEY + * @function + * @param {String} sPEM PEM formatted string + * @param {String} sHead PEM header string without BEGIN/END + * @return {String} hexadecimal string data of PEM contents + * @since pkcs5pkey 1.0.5 + * @deprecated from pkcs5pkey 1.1.0 jsrsasign 7.1.0. please move to {@link ASN1HEX.pemToHex} + */ + getHexFromPEM: function(sPEM, sHead) { + return pemtohex(sPEM, sHead); + }, + + /** + * decrypt private key by shared key + * @name getDecryptedKeyHexByKeyIV + * @memberOf PKCS5PKEY + * @function + * @param {String} encryptedKeyHex hexadecimal string of encrypted private key + * @param {String} algName name of symmetric key algorithm (ex. 'DES-EBE3-CBC') + * @param {String} sharedKeyHex hexadecimal string of symmetric key + * @param {String} ivHex hexadecimal string of initial vector(IV). + * @return {String} hexadecimal string of decrypted privated key + */ + getDecryptedKeyHexByKeyIV: function(encryptedKeyHex, algName, sharedKeyHex, ivHex) { + var f1 = getFuncByName(algName); + return f1(encryptedKeyHex, sharedKeyHex, ivHex); + }, + + /** + * parse PEM formatted passcode protected PKCS#5 private key + * @name parsePKCS5PEM + * @memberOf PKCS5PKEY + * @function + * @param {String} sPKCS5PEM PEM formatted protected passcode protected PKCS#5 private key + * @return {Hash} hash of key information + * @description + * Resulted hash has following attributes. + *
    + *
  • cipher - symmetric key algorithm name (ex. 'DES-EBE3-CBC', 'AES-256-CBC')
  • + *
  • ivsalt - IV used for decrypt. Its heading 8 bytes will be used for passcode salt.
  • + *
  • type - asymmetric key algorithm name of private key described in PEM header.
  • + *
  • data - base64 encoded encrypted private key.
  • + *
+ * + */ + parsePKCS5PEM: function(sPKCS5PEM) { + return _parsePKCS5PEM(sPKCS5PEM); + }, + + /** + * the same function as OpenSSL EVP_BytsToKey to generate shared key and IV + * @name getKeyAndUnusedIvByPasscodeAndIvsalt + * @memberOf PKCS5PKEY + * @function + * @param {String} algName name of symmetric key algorithm (ex. 'DES-EBE3-CBC') + * @param {String} passcode passcode to decrypt private key (ex. 'password') + * @param {String} ivsaltHex hexadecimal string of IV. heading 8 bytes will be used for passcode salt + * @return {Hash} hash of key and unused IV (ex. {keyhex:2fe3..., ivhex:3fad..}) + */ + getKeyAndUnusedIvByPasscodeAndIvsalt: function(algName, passcode, ivsaltHex) { + return _getKeyAndUnusedIvByPasscodeAndIvsalt(algName, passcode, ivsaltHex); + }, + + decryptKeyB64: function(privateKeyB64, sharedKeyAlgName, sharedKeyHex, ivsaltHex) { + return _decryptKeyB64(privateKeyB64, sharedKeyAlgName, sharedKeyHex, ivsaltHex); + }, + + /** + * decrypt PEM formatted protected PKCS#5 private key with passcode + * @name getDecryptedKeyHex + * @memberOf PKCS5PKEY + * @function + * @param {String} sEncryptedPEM PEM formatted protected passcode protected PKCS#5 private key + * @param {String} passcode passcode to decrypt private key (ex. 'password') + * @return {String} hexadecimal string of decrypted RSA priavte key + */ + getDecryptedKeyHex: function(sEncryptedPEM, passcode) { + // 1. parse pem + var info = _parsePKCS5PEM(sEncryptedPEM); + var publicKeyAlgName = info.type; + var sharedKeyAlgName = info.cipher; + var ivsaltHex = info.ivsalt; + var privateKeyB64 = info.data; + //alert("ivsaltHex = " + ivsaltHex); + + // 2. generate shared key + var sharedKeyInfo = _getKeyAndUnusedIvByPasscodeAndIvsalt(sharedKeyAlgName, passcode, ivsaltHex); + var sharedKeyHex = sharedKeyInfo.keyhex; + //alert("sharedKeyHex = " + sharedKeyHex); + + // 3. decrypt private key + var decryptedKey = _decryptKeyB64(privateKeyB64, sharedKeyAlgName, sharedKeyHex, ivsaltHex); + return decryptedKey; + }, + + /** + * read PEM formatted encrypted PKCS#5 private key and returns RSAKey object + * @name getRSAKeyFromEncryptedPKCS5PEM + * @memberOf PKCS5PKEY + * @function + * @param {String} sEncryptedP5PEM PEM formatted encrypted PKCS#5 private key + * @param {String} passcode passcode to decrypt private key + * @return {RSAKey} loaded RSAKey object of RSA private key + * @since pkcs5pkey 1.0.2 + */ + getRSAKeyFromEncryptedPKCS5PEM: function(sEncryptedP5PEM, passcode) { + var hPKey = this.getDecryptedKeyHex(sEncryptedP5PEM, passcode); + var rsaKey = new RSAKey(); + rsaKey.readPrivateKeyFromASN1HexString(hPKey); + return rsaKey; + }, + + /** + * get PEM formatted encrypted PKCS#5 private key from hexadecimal string of plain private key + * @name getEncryptedPKCS5PEMFromPrvKeyHex + * @memberOf PKCS5PKEY + * @function + * @param {String} hPrvKey hexadecimal string of plain private key + * @param {String} passcode pass code to protect private key (ex. password) + * @param {String} sharedKeyAlgName algorithm name to protect private key (ex. AES-256-CBC) + * @param {String} ivsaltHex hexadecimal string of IV and salt + * @return {String} string of PEM formatted encrypted PKCS#5 private key + * @since pkcs5pkey 1.0.2 + * @description + *
+ * generate PEM formatted encrypted PKCS#5 private key by hexadecimal string encoded + * ASN.1 object of plain RSA private key. + * Following arguments can be omitted. + *
    + *
  • alg - AES-256-CBC will be used if omitted.
  • + *
  • ivsaltHex - automatically generate IV and salt which length depends on algorithm
  • + *
+ * @example + * var pem = + * PKCS5PKEY.getEncryptedPKCS5PEMFromPrvKeyHex(plainKeyHex, "password"); + * var pem2 = + * PKCS5PKEY.getEncryptedPKCS5PEMFromPrvKeyHex(plainKeyHex, "password", "AES-128-CBC"); + * var pem3 = + * PKCS5PKEY.getEncryptedPKCS5PEMFromPrvKeyHex(plainKeyHex, "password", "AES-128-CBC", "1f3d02..."); + */ + getEncryptedPKCS5PEMFromPrvKeyHex: function(hPrvKey, passcode, sharedKeyAlgName, ivsaltHex) { + // 1. set sharedKeyAlgName if undefined (default AES-256-CBC) + if (typeof sharedKeyAlgName == "undefined" || sharedKeyAlgName == null) { + sharedKeyAlgName = "AES-256-CBC"; + } + if (typeof ALGLIST[sharedKeyAlgName] == "undefined") + throw "PKCS5PKEY unsupported algorithm: " + sharedKeyAlgName; + + // 2. set ivsaltHex if undefined + if (typeof ivsaltHex == "undefined" || ivsaltHex == null) { + var ivlen = ALGLIST[sharedKeyAlgName]['ivlen']; + var randIV = _generateIvSaltHex(ivlen); + ivsaltHex = randIV.toUpperCase(); + } + + // 3. get shared key + //alert("ivsalthex=" + ivsaltHex); + var sharedKeyInfo = _getKeyAndUnusedIvByPasscodeAndIvsalt(sharedKeyAlgName, passcode, ivsaltHex); + var sharedKeyHex = sharedKeyInfo.keyhex; + // alert("sharedKeyHex = " + sharedKeyHex); + + // 3. get encrypted Key in Base64 + var encryptedKeyB64 = _encryptKeyHex(hPrvKey, sharedKeyAlgName, sharedKeyHex, ivsaltHex); + + var pemBody = encryptedKeyB64.replace(/(.{64})/g, "$1\r\n"); + var sPEM = "-----BEGIN RSA PRIVATE KEY-----\r\n"; + sPEM += "Proc-Type: 4,ENCRYPTED\r\n"; + sPEM += "DEK-Info: " + sharedKeyAlgName + "," + ivsaltHex + "\r\n"; + sPEM += "\r\n"; + sPEM += pemBody; + sPEM += "\r\n-----END RSA PRIVATE KEY-----\r\n"; + + return sPEM; + }, + + /** + * get PEM formatted encrypted PKCS#5 private key from RSAKey object of private key + * @name getEncryptedPKCS5PEMFromRSAKey + * @memberOf PKCS5PKEY + * @function + * @param {RSAKey} pKey RSAKey object of private key + * @param {String} passcode pass code to protect private key (ex. password) + * @param {String} alg algorithm name to protect private key (default AES-256-CBC) + * @param {String} ivsaltHex hexadecimal string of IV and salt (default generated random IV) + * @return {String} string of PEM formatted encrypted PKCS#5 private key + * @since pkcs5pkey 1.0.2 + * @description + *
+ * generate PEM formatted encrypted PKCS#5 private key by + * {@link RSAKey} object of RSA private key and passcode. + * Following argument can be omitted. + *
    + *
  • alg - AES-256-CBC will be used if omitted.
  • + *
  • ivsaltHex - automatically generate IV and salt which length depends on algorithm
  • + *
+ * @example + * var pkey = new RSAKey(); + * pkey.generate(1024, '10001'); // generate 1024bit RSA private key with public exponent 'x010001' + * var pem = PKCS5PKEY.getEncryptedPKCS5PEMFromRSAKey(pkey, "password"); + */ + getEncryptedPKCS5PEMFromRSAKey: function(pKey, passcode, alg, ivsaltHex) { + var version = new KJUR.asn1.DERInteger({'int': 0}); + var n = new KJUR.asn1.DERInteger({'bigint': pKey.n}); + var e = new KJUR.asn1.DERInteger({'int': pKey.e}); + var d = new KJUR.asn1.DERInteger({'bigint': pKey.d}); + var p = new KJUR.asn1.DERInteger({'bigint': pKey.p}); + var q = new KJUR.asn1.DERInteger({'bigint': pKey.q}); + var dmp1 = new KJUR.asn1.DERInteger({'bigint': pKey.dmp1}); + var dmq1 = new KJUR.asn1.DERInteger({'bigint': pKey.dmq1}); + var coeff = new KJUR.asn1.DERInteger({'bigint': pKey.coeff}); + var seq = new KJUR.asn1.DERSequence({'array': [version, n, e, d, p, q, dmp1, dmq1, coeff]}); + var hex = seq.getEncodedHex(); + return this.getEncryptedPKCS5PEMFromPrvKeyHex(hex, passcode, alg, ivsaltHex); + }, + + /** + * generate RSAKey and PEM formatted encrypted PKCS#5 private key + * @name newEncryptedPKCS5PEM + * @memberOf PKCS5PKEY + * @function + * @param {String} passcode pass code to protect private key (ex. password) + * @param {Integer} keyLen key bit length of RSA key to be generated. (default 1024) + * @param {String} hPublicExponent hexadecimal string of public exponent (default 10001) + * @param {String} alg shared key algorithm to encrypt private key (default AES-256-CBC) + * @return {String} string of PEM formatted encrypted PKCS#5 private key + * @since pkcs5pkey 1.0.2 + * @example + * var pem1 = PKCS5PKEY.newEncryptedPKCS5PEM("password"); // RSA1024bit/10001/AES-256-CBC + * var pem2 = PKCS5PKEY.newEncryptedPKCS5PEM("password", 512); // RSA 512bit/10001/AES-256-CBC + * var pem3 = PKCS5PKEY.newEncryptedPKCS5PEM("password", 512, '3'); // RSA 512bit/ 3/AES-256-CBC + */ + newEncryptedPKCS5PEM: function(passcode, keyLen, hPublicExponent, alg) { + if (typeof keyLen == "undefined" || keyLen == null) { + keyLen = 1024; + } + if (typeof hPublicExponent == "undefined" || hPublicExponent == null) { + hPublicExponent = '10001'; + } + var pKey = new RSAKey(); + pKey.generate(keyLen, hPublicExponent); + var pem = null; + if (typeof alg == "undefined" || alg == null) { + pem = this.getEncryptedPKCS5PEMFromRSAKey(pkey, passcode); + } else { + pem = this.getEncryptedPKCS5PEMFromRSAKey(pkey, passcode, alg); + } + return pem; + }, + + // === PKCS8 =============================================================== + + /** + * read PEM formatted unencrypted PKCS#8 private key and returns RSAKey object + * @name getRSAKeyFromPlainPKCS8PEM + * @memberOf PKCS5PKEY + * @function + * @param {String} pkcs8PEM PEM formatted unencrypted PKCS#8 private key + * @return {RSAKey} loaded RSAKey object of RSA private key + * @since pkcs5pkey 1.0.1 + */ + getRSAKeyFromPlainPKCS8PEM: function(pkcs8PEM) { + if (pkcs8PEM.match(/ENCRYPTED/)) + throw "pem shall be not ENCRYPTED"; + var prvKeyHex = pemtohex(pkcs8PEM, "PRIVATE KEY"); + var rsaKey = this.getRSAKeyFromPlainPKCS8Hex(prvKeyHex); + return rsaKey; + }, + + /** + * provide hexadecimal string of unencrypted PKCS#8 private key and returns RSAKey object + * @name getRSAKeyFromPlainPKCS8Hex + * @memberOf PKCS5PKEY + * @function + * @param {String} prvKeyHex hexadecimal string of unencrypted PKCS#8 private key + * @return {RSAKey} loaded RSAKey object of RSA private key + * @since pkcs5pkey 1.0.3 + */ + getRSAKeyFromPlainPKCS8Hex: function(prvKeyHex) { + var rsaKey = new RSAKey(); + rsaKey.readPKCS8PrvKeyHex(prvKeyHex); + return rsaKey; + }, + + /** + * generate PBKDF2 key hexstring with specified passcode and information + * @name parseHexOfEncryptedPKCS8 + * @memberOf PKCS5PKEY + * @function + * @param {String} sHEX passcode to decrypto private key + * @return {Array} info associative array of PKCS#8 parameters + * @since pkcs5pkey 1.0.3 + * @description + * The associative array which is returned by this method has following properties: + *
    + *
  • info.pbkdf2Salt - hexadecimal string of PBKDF2 salt
  • + *
  • info.pkbdf2Iter - iteration count
  • + *
  • info.ciphertext - hexadecimal string of encrypted private key
  • + *
  • info.encryptionSchemeAlg - encryption algorithm name (currently TripleDES only)
  • + *
  • info.encryptionSchemeIV - initial vector for encryption algorithm
  • + *
+ * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES. + *
    + *
  • keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1
  • + *
  • encryptionScheme = des-EDE3-CBC(i.e. TripleDES
  • + *
+ * @example + * // to convert plain PKCS#5 private key to encrypted PKCS#8 private + * // key with PBKDF2 with TripleDES + * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem + */ + parseHexOfEncryptedPKCS8: function(sHEX) { + var _ASN1HEX = ASN1HEX; + var _getChildIdx = _ASN1HEX.getChildIdx; + var _getV = _ASN1HEX.getV; + var info = {}; + + var a0 = _getChildIdx(sHEX, 0); + if (a0.length != 2) + throw "malformed format: SEQUENCE(0).items != 2: " + a0.length; + + // 1. ciphertext + info.ciphertext = _getV(sHEX, a0[1]); + + // 2. pkcs5PBES2 + var a0_0 = _getChildIdx(sHEX, a0[0]); + if (a0_0.length != 2) + throw "malformed format: SEQUENCE(0.0).items != 2: " + a0_0.length; + + // 2.1 check if pkcs5PBES2(1 2 840 113549 1 5 13) + if (_getV(sHEX, a0_0[0]) != "2a864886f70d01050d") + throw "this only supports pkcs5PBES2"; + + // 2.2 pkcs5PBES2 param + var a0_0_1 = _getChildIdx(sHEX, a0_0[1]); + if (a0_0.length != 2) + throw "malformed format: SEQUENCE(0.0.1).items != 2: " + a0_0_1.length; + + // 2.2.1 encryptionScheme + var a0_0_1_1 = _getChildIdx(sHEX, a0_0_1[1]); + if (a0_0_1_1.length != 2) + throw "malformed format: SEQUENCE(0.0.1.1).items != 2: " + a0_0_1_1.length; + if (_getV(sHEX, a0_0_1_1[0]) != "2a864886f70d0307") + throw "this only supports TripleDES"; + info.encryptionSchemeAlg = "TripleDES"; + + // 2.2.1.1 IV of encryptionScheme + info.encryptionSchemeIV = _getV(sHEX, a0_0_1_1[1]); + + // 2.2.2 keyDerivationFunc + var a0_0_1_0 = _getChildIdx(sHEX, a0_0_1[0]); + if (a0_0_1_0.length != 2) + throw "malformed format: SEQUENCE(0.0.1.0).items != 2: " + a0_0_1_0.length; + if (_getV(sHEX, a0_0_1_0[0]) != "2a864886f70d01050c") + throw "this only supports pkcs5PBKDF2"; + + // 2.2.2.1 pkcs5PBKDF2 param + var a0_0_1_0_1 = _getChildIdx(sHEX, a0_0_1_0[1]); + if (a0_0_1_0_1.length < 2) + throw "malformed format: SEQUENCE(0.0.1.0.1).items < 2: " + a0_0_1_0_1.length; + + // 2.2.2.1.1 PBKDF2 salt + info.pbkdf2Salt = _getV(sHEX, a0_0_1_0_1[0]); + + // 2.2.2.1.2 PBKDF2 iter + var iterNumHex = _getV(sHEX, a0_0_1_0_1[1]); + try { + info.pbkdf2Iter = parseInt(iterNumHex, 16); + } catch(ex) { + throw "malformed format pbkdf2Iter: " + iterNumHex; + } + + return info; + }, + + /** + * generate PBKDF2 key hexstring with specified passcode and information + * @name getPBKDF2KeyHexFromParam + * @memberOf PKCS5PKEY + * @function + * @param {Array} info result of {@link parseHexOfEncryptedPKCS8} which has preference of PKCS#8 file + * @param {String} passcode passcode to decrypto private key + * @return {String} hexadecimal string of PBKDF2 key + * @since pkcs5pkey 1.0.3 + * @description + * As for info, this uses following properties: + *
    + *
  • info.pbkdf2Salt - hexadecimal string of PBKDF2 salt
  • + *
  • info.pkbdf2Iter - iteration count
  • + *
+ * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES. + *
    + *
  • keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1
  • + *
  • encryptionScheme = des-EDE3-CBC(i.e. TripleDES
  • + *
+ * @example + * // to convert plain PKCS#5 private key to encrypted PKCS#8 private + * // key with PBKDF2 with TripleDES + * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem + */ + getPBKDF2KeyHexFromParam: function(info, passcode) { + var pbkdf2SaltWS = CryptoJS.enc.Hex.parse(info.pbkdf2Salt); + var pbkdf2Iter = info.pbkdf2Iter; + var pbkdf2KeyWS = CryptoJS.PBKDF2(passcode, + pbkdf2SaltWS, + { keySize: 192/32, iterations: pbkdf2Iter }); + var pbkdf2KeyHex = CryptoJS.enc.Hex.stringify(pbkdf2KeyWS); + return pbkdf2KeyHex; + }, + + /** + * read PEM formatted encrypted PKCS#8 private key and returns hexadecimal string of plain PKCS#8 private key + * @name getPlainPKCS8HexFromEncryptedPKCS8PEM + * @memberOf PKCS5PKEY + * @function + * @param {String} pkcs8PEM PEM formatted encrypted PKCS#8 private key + * @param {String} passcode passcode to decrypto private key + * @return {String} hexadecimal string of plain PKCS#8 private key + * @since pkcs5pkey 1.0.3 + * @description + * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES. + *
    + *
  • keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1
  • + *
  • encryptionScheme = des-EDE3-CBC(i.e. TripleDES
  • + *
+ * @example + * // to convert plain PKCS#5 private key to encrypted PKCS#8 private + * // key with PBKDF2 with TripleDES + * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem + */ + getPlainPKCS8HexFromEncryptedPKCS8PEM: function(pkcs8PEM, passcode) { + // 1. derHex - PKCS#8 private key encrypted by PBKDF2 + var derHex = pemtohex(pkcs8PEM, "ENCRYPTED PRIVATE KEY"); + // 2. info - PKCS#5 PBES info + var info = this.parseHexOfEncryptedPKCS8(derHex); + // 3. hKey - PBKDF2 key + var pbkdf2KeyHex = PKCS5PKEY.getPBKDF2KeyHexFromParam(info, passcode); + // 4. decrypt ciphertext by PBKDF2 key + var encrypted = {}; + encrypted.ciphertext = CryptoJS.enc.Hex.parse(info.ciphertext); + var pbkdf2KeyWS = CryptoJS.enc.Hex.parse(pbkdf2KeyHex); + var des3IVWS = CryptoJS.enc.Hex.parse(info.encryptionSchemeIV); + var decWS = CryptoJS.TripleDES.decrypt(encrypted, pbkdf2KeyWS, { iv: des3IVWS }); + var decHex = CryptoJS.enc.Hex.stringify(decWS); + return decHex; + }, + + /** + * read PEM formatted encrypted PKCS#8 private key and returns RSAKey object + * @name getRSAKeyFromEncryptedPKCS8PEM + * @memberOf PKCS5PKEY + * @function + * @param {String} pkcs8PEM PEM formatted encrypted PKCS#8 private key + * @param {String} passcode passcode to decrypto private key + * @return {RSAKey} loaded RSAKey object of RSA private key + * @since pkcs5pkey 1.0.3 + * @description + * Currently, this method only supports PKCS#5v2.0 with PBES2/PBDKF2 of HmacSHA1 and TripleDES. + *
    + *
  • keyDerivationFunc = pkcs5PBKDF2 with HmacSHA1
  • + *
  • encryptionScheme = des-EDE3-CBC(i.e. TripleDES
  • + *
+ * @example + * // to convert plain PKCS#5 private key to encrypted PKCS#8 private + * // key with PBKDF2 with TripleDES + * % openssl pkcs8 -in plain_p5.pem -topk8 -v2 -des3 -out encrypted_p8.pem + */ + getRSAKeyFromEncryptedPKCS8PEM: function(pkcs8PEM, passcode) { + var prvKeyHex = this.getPlainPKCS8HexFromEncryptedPKCS8PEM(pkcs8PEM, passcode); + var rsaKey = this.getRSAKeyFromPlainPKCS8Hex(prvKeyHex); + return rsaKey; + }, + + /** + * get RSAKey/ECDSA private key object from encrypted PEM PKCS#8 private key + * @name getKeyFromEncryptedPKCS8PEM + * @memberOf PKCS5PKEY + * @function + * @param {String} pkcs8PEM string of PEM formatted PKCS#8 private key + * @param {String} passcode passcode string to decrypt key + * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object + * @since pkcs5pkey 1.0.5 + */ + getKeyFromEncryptedPKCS8PEM: function(pkcs8PEM, passcode) { + var prvKeyHex = this.getPlainPKCS8HexFromEncryptedPKCS8PEM(pkcs8PEM, passcode); + var key = this.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex); + return key; + }, + + /** + * parse hexadecimal string of plain PKCS#8 private key + * @name parsePlainPrivatePKCS8Hex + * @memberOf PKCS5PKEY + * @function + * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 plain private key + * @return {Array} associative array of parsed key + * @since pkcs5pkey 1.0.5 + * @description + * Resulted associative array has following properties: + *
    + *
  • algoid - hexadecimal string of OID of asymmetric key algorithm
  • + *
  • algparam - hexadecimal string of OID of ECC curve name or null
  • + *
  • keyidx - string starting index of key in pkcs8PrvHex
  • + *
+ */ + parsePlainPrivatePKCS8Hex: function(pkcs8PrvHex) { + var _ASN1HEX = ASN1HEX; + var _getChildIdx = _ASN1HEX.getChildIdx; + var _getV = _ASN1HEX.getV; + var result = {}; + result.algparam = null; + + // 1. sequence + if (pkcs8PrvHex.substr(0, 2) != "30") + throw "malformed plain PKCS8 private key(code:001)"; // not sequence + + var a1 = _getChildIdx(pkcs8PrvHex, 0); + if (a1.length != 3) + throw "malformed plain PKCS8 private key(code:002)"; + + // 2. AlgID + if (pkcs8PrvHex.substr(a1[1], 2) != "30") + throw "malformed PKCS8 private key(code:003)"; // AlgId not sequence + + var a2 = _getChildIdx(pkcs8PrvHex, a1[1]); + if (a2.length != 2) + throw "malformed PKCS8 private key(code:004)"; // AlgId not have two elements + + // 2.1. AlgID OID + if (pkcs8PrvHex.substr(a2[0], 2) != "06") + throw "malformed PKCS8 private key(code:005)"; // AlgId.oid is not OID + + result.algoid = _getV(pkcs8PrvHex, a2[0]); + + // 2.2. AlgID param + if (pkcs8PrvHex.substr(a2[1], 2) == "06") { + result.algparam = _getV(pkcs8PrvHex, a2[1]); + } + + // 3. Key index + if (pkcs8PrvHex.substr(a1[2], 2) != "04") + throw "malformed PKCS8 private key(code:006)"; // not octet string + + result.keyidx = _ASN1HEX.getVidx(pkcs8PrvHex, a1[2]); + + return result; + }, + + /** + * get RSAKey/ECDSA private key object from PEM plain PEM PKCS#8 private key + * @name getKeyFromPlainPrivatePKCS8PEM + * @memberOf PKCS5PKEY + * @function + * @param {String} prvKeyPEM string of plain PEM formatted PKCS#8 private key + * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object + * @since pkcs5pkey 1.0.5 + */ + getKeyFromPlainPrivatePKCS8PEM: function(prvKeyPEM) { + var prvKeyHex = pemtohex(prvKeyPEM, "PRIVATE KEY"); + var key = this.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex); + return key; + }, + + /** + * get RSAKey/ECDSA private key object from HEX plain PEM PKCS#8 private key + * @name getKeyFromPlainPrivatePKCS8Hex + * @memberOf PKCS5PKEY + * @function + * @param {String} prvKeyHex hexadecimal string of plain PKCS#8 private key + * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object + * @since pkcs5pkey 1.0.5 + */ + getKeyFromPlainPrivatePKCS8Hex: function(prvKeyHex) { + var p8 = this.parsePlainPrivatePKCS8Hex(prvKeyHex); + var key; + + if (p8.algoid == "2a864886f70d010101") { // RSA + key = new RSAKey(); + } else if (p8.algoid == "2a8648ce380401") { // DSA + key = new KJUR.crypto.DSA(); + } else if (p8.algoid == "2a8648ce3d0201") { // ECC + key = new KJUR.crypto.ECDSA(); + } else { + throw "unsupported private key algorithm"; + } + + key.readPKCS8PrvKeyHex(prvKeyHex); + return key; + }, + + // === PKCS8 RSA Public Key ================================================ + /** + * read PEM formatted PKCS#8 public key and returns RSAKey object + * @name getRSAKeyFromPublicPKCS8PEM + * @memberOf PKCS5PKEY + * @function + * @param {String} pkcs8PubPEM PEM formatted PKCS#8 public key + * @return {RSAKey} loaded RSAKey object of RSA public key + * @since pkcs5pkey 1.0.4 + */ + getRSAKeyFromPublicPKCS8PEM: function(pkcs8PubPEM) { + var pubKeyHex = pemtohex(pkcs8PubPEM, "PUBLIC KEY"); + var rsaKey = this.getRSAKeyFromPublicPKCS8Hex(pubKeyHex); + return rsaKey; + }, + + /** + * get RSAKey/ECDSA public key object from PEM PKCS#8 public key + * @name getKeyFromPublicPKCS8PEM + * @memberOf PKCS5PKEY + * @function + * @param {String} pkcs8PubPEM string of PEM formatted PKCS#8 public key + * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object + * @since pkcs5pkey 1.0.5 + */ + getKeyFromPublicPKCS8PEM: function(pkcs8PubPEM) { + var pubKeyHex = pemtohex(pkcs8PubPEM, "PUBLIC KEY"); + var key = this.getKeyFromPublicPKCS8Hex(pubKeyHex); + return key; + }, + + /** + * get RSAKey/ECDSA public key object from hexadecimal string of PKCS#8 public key + * @name getKeyFromPublicPKCS8Hex + * @memberOf PKCS5PKEY + * @function + * @param {String} h hexadecimal string of PKCS#8 public key + * @return {Object} RSAKey or KJUR.crypto.ECDSA private key object + * @since pkcs5pkey 1.0.5 + */ + getKeyFromPublicPKCS8Hex: function(h) { + var key; + var hOID = ASN1HEX.getVbyList(h, 0, [0, 0], "06"); + + if (hOID === "2a864886f70d010101") { // oid=RSA + key = new RSAKey(); + } else if (hOID === "2a8648ce380401") { // oid=DSA + key = new KJUR.crypto.DSA(); + } else if (hOID === "2a8648ce3d0201") { // oid=ECPUB + key = new KJUR.crypto.ECDSA(); + } else { + throw "unsupported PKCS#8 public key hex"; + } + key.readPKCS8PubKeyHex(h); + return key; + }, + + /** + * parse hexadecimal string of plain PKCS#8 private key + * @name parsePublicRawRSAKeyHex + * @memberOf PKCS5PKEY + * @function + * @param {String} pubRawRSAHex hexadecimal string of ASN.1 encoded PKCS#8 public key + * @return {Array} associative array of parsed key + * @since pkcs5pkey 1.0.5 + * @description + * Resulted associative array has following properties: + *
    + *
  • n - hexadecimal string of public key + *
  • e - hexadecimal string of public exponent + *
+ */ + parsePublicRawRSAKeyHex: function(pubRawRSAHex) { + var _ASN1HEX = ASN1HEX; + var _getChildIdx = _ASN1HEX.getChildIdx; + var _getV = _ASN1HEX.getV; + var result = {}; + + // 1. Sequence + if (pubRawRSAHex.substr(0, 2) != "30") + throw "malformed RSA key(code:001)"; // not sequence + + var a1 = _getChildIdx(pubRawRSAHex, 0); + if (a1.length != 2) + throw "malformed RSA key(code:002)"; // not 2 items in seq + + // 2. public key "N" + if (pubRawRSAHex.substr(a1[0], 2) != "02") + throw "malformed RSA key(code:003)"; // 1st item is not integer + + result.n = _getV(pubRawRSAHex, a1[0]); + + // 3. public key "E" + if (pubRawRSAHex.substr(a1[1], 2) != "02") + throw "malformed RSA key(code:004)"; // 2nd item is not integer + + result.e = _getV(pubRawRSAHex, a1[1]); + + return result; + }, + + /** + * parse hexadecimal string of RSA private key + * @name parsePrivateRawRSAKeyHexAtObj + * @memberOf PKCS5PKEY + * @function + * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 private key concluding RSA private key + * @return {Array} info associative array to add parsed RSA private key information + * @since pkcs5pkey 1.0.5 + * @description + * Following properties are added to associative array 'info' + *
    + *
  • n - hexadecimal string of public key + *
  • e - hexadecimal string of public exponent + *
  • d - hexadecimal string of private key + *
  • p - hexadecimal string + *
  • q - hexadecimal string + *
  • dp - hexadecimal string + *
  • dq - hexadecimal string + *
  • co - hexadecimal string + *
+ */ + parsePrivateRawRSAKeyHexAtObj: function(pkcs8PrvHex, info) { + var _ASN1HEX = ASN1HEX; + var _getChildIdx = _ASN1HEX.getChildIdx; + var _getV = _ASN1HEX.getV; + + var idxSeq = _ASN1HEX.getIdxbyList(pkcs8PrvHex, 0, [2, 0]); + var a = _getChildIdx(pkcs8PrvHex, idxSeq); + + if (a.length !== 9) throw "malformed PKCS#8 plain RSA private key"; + + // 2. RSA key + info.key = {}; + info.key.n = _getV(pkcs8PrvHex, a[1]); + info.key.e = _getV(pkcs8PrvHex, a[2]); + info.key.d = _getV(pkcs8PrvHex, a[3]); + info.key.p = _getV(pkcs8PrvHex, a[4]); + info.key.q = _getV(pkcs8PrvHex, a[5]); + info.key.dp = _getV(pkcs8PrvHex, a[6]); + info.key.dq = _getV(pkcs8PrvHex, a[7]); + info.key.co = _getV(pkcs8PrvHex, a[8]); + }, + + /** + * parse hexadecimal string of ECC private key + * @name parsePrivateRawECKeyHexAtObj + * @memberOf PKCS5PKEY + * @function + * @param {String} pkcs8PrvHex hexadecimal string of PKCS#8 private key concluding EC private key + * @return {Array} info associative array to add parsed ECC private key information + * @since pkcs5pkey 1.0.5 + * @description + * Following properties are added to associative array 'info' + *
    + *
  • key - hexadecimal string of ECC private key + *
+ */ + parsePrivateRawECKeyHexAtObj: function(pkcs8PrvHex, info) { + var keyIdx = info.keyidx; + + var ec = new KJUR.crypto.ECDSA(); + ec.readPKCS8PrvKeyHex(pkcs8PrvHex); + + info.key = ec.prvKeyHex; + info.pubkey = ec.pubKeyHex; + }, + + /** + * parse hexadecimal string of PKCS#8 public key + * @name parsePublicPKCS8Hex + * @memberOf PKCS5PKEY + * @function + * @param {String} pkcs8PubHex hexadecimal string of PKCS#8 public key + * @return {Hash} hash of key information + * @description + * Resulted hash has following attributes. + *
    + *
  • algoid - hexadecimal string of OID of asymmetric key algorithm
  • + *
  • algparam - hexadecimal string of OID of ECC curve name or null
  • + *
  • key - hexadecimal string of public key
  • + *
+ */ + parsePublicPKCS8Hex: function(pkcs8PubHex) { + var _ASN1HEX = ASN1HEX; + var _getChildIdx = _ASN1HEX.getChildIdx; + var _getV = _ASN1HEX.getV; + var result = {}; + result.algparam = null; + + // 1. AlgID and Key bit string + var a1 = _getChildIdx(pkcs8PubHex, 0); + if (a1.length != 2) + throw "outer DERSequence shall have 2 elements: " + a1.length; + + // 2. AlgID + var idxAlgIdTLV = a1[0]; + if (pkcs8PubHex.substr(idxAlgIdTLV, 2) != "30") + throw "malformed PKCS8 public key(code:001)"; // AlgId not sequence + + var a2 = _getChildIdx(pkcs8PubHex, idxAlgIdTLV); + if (a2.length != 2) + throw "malformed PKCS8 public key(code:002)"; // AlgId not have two elements + + // 2.1. AlgID OID + if (pkcs8PubHex.substr(a2[0], 2) != "06") + throw "malformed PKCS8 public key(code:003)"; // AlgId.oid is not OID + + result.algoid = _getV(pkcs8PubHex, a2[0]); + + // 2.2. AlgID param + if (pkcs8PubHex.substr(a2[1], 2) == "06") { // OID for EC + result.algparam = _getV(pkcs8PubHex, a2[1]); + } else if (pkcs8PubHex.substr(a2[1], 2) == "30") { // SEQ for DSA + result.algparam = {}; + result.algparam.p = _ASN1HEX.getVbyList(pkcs8PubHex, a2[1], [0], "02"); + result.algparam.q = _ASN1HEX.getVbyList(pkcs8PubHex, a2[1], [1], "02"); + result.algparam.g = _ASN1HEX.getVbyList(pkcs8PubHex, a2[1], [2], "02"); + } + + // 3. Key + if (pkcs8PubHex.substr(a1[1], 2) != "03") + throw "malformed PKCS8 public key(code:004)"; // Key is not bit string + + result.key = _getV(pkcs8PubHex, a1[1]).substr(2); + + // 4. return result assoc array + return result; + }, + + /** + * provide hexadecimal string of unencrypted PKCS#8 private key and returns RSAKey object + * @name getRSAKeyFromPublicPKCS8Hex + * @memberOf PKCS5PKEY + * @function + * @param {String} pkcs8PubHex hexadecimal string of unencrypted PKCS#8 public key + * @return {RSAKey} loaded RSAKey object of RSA public key + * @since pkcs5pkey 1.0.4 + */ + getRSAKeyFromPublicPKCS8Hex: function(pkcs8PubHex) { + var key = new RSAKey(); + key.readPKCS8PubKeyHex(pkcs8PubHex); + return key; + }, + }; +}(); diff --git a/src/x509-1.1.js b/src/x509-1.1.js index b9711c90..bf327b18 100644 --- a/src/x509-1.1.js +++ b/src/x509-1.1.js @@ -1,4 +1,4 @@ -/* x509-2.0.5.js (c) 2012-2020 Kenji Urushima | kjur.github.io/jsrsasign/license +/* x509-2.0.6.js (c) 2012-2020 Kenji Urushima | kjur.github.io/jsrsasign/license */ /* * x509.js - X509 class to read subject public key from certificate. @@ -16,7 +16,7 @@ * @fileOverview * @name x509-1.1.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 10.0.1 x509 2.0.5 (2020-Oct-11) + * @version jsrsasign 10.0.1 x509 2.0.6 (2020-Oct-14) * @since jsrsasign 1.x.x * @license MIT License */ @@ -1984,7 +1984,7 @@ function X509(params) { var a = _getChildIdx(hExtV, 0); if (a.length > 1) { var hGN = _getTLV(hExtV, a[1]) - var gnParam = this.getGeneraName(hGN); + var gnParam = this.getGeneralName(hGN); if (gnParam.uri != undefined) { result.uri = gnParam.uri; } diff --git a/test/qunit-do-pkcs5-eprv.html b/test/qunit-do-pkcs5-eprv.html new file mode 100755 index 00000000..ebaae493 --- /dev/null +++ b/test/qunit-do-pkcs5-eprv.html @@ -0,0 +1,164 @@ + + + +QUnit test for encrypted PKCS8 private key loading of 'pkcs5pkey.js' + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
test markup
+ + + diff --git a/test/qunit-do-pkcs5-pub.html b/test/qunit-do-pkcs5-pub.html new file mode 100755 index 00000000..0c15c509 --- /dev/null +++ b/test/qunit-do-pkcs5-pub.html @@ -0,0 +1,143 @@ + + + +QUnit for PKCS5 RSA key reader 'pkcs5pkey.js' for RSA public key + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
test markup
+TOP | +TEST INDEX | +pkcs5-eprv | +pkcs5-pub | + + + + diff --git a/test/qunit-do-pkcs5.html b/test/qunit-do-pkcs5.html new file mode 100755 index 00000000..860c2325 --- /dev/null +++ b/test/qunit-do-pkcs5.html @@ -0,0 +1,280 @@ + + + +QUnit for PKCS5 private key reader 'pkcs5pkey.js' + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
test markup
+TOP | +TEST INDEX | +pkcs5-eprv | +pkcs5-pub | + + + +