diff --git a/ChangeLog.txt b/ChangeLog.txt index cdee7108..75944580 100755 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,6 +1,31 @@ ChangeLog for jsrsasign +* Changes from 7.2.0 to 7.2.1 (2017-Jun-04) + - base64x 1.1.11 to 1.1.12 + - function hextopem, pemtohex added + - asn1hex 1.1.11 to 1.1.12 + - make ASN1HEX.pemToHex deprecated + - asn1 1.0.12 to 1.0.13 + - make KJUR.asn1.ASN1Util.getPEMStringFromHex deprecated + - rsapem 1.2.1 to 1.2.2 + - make RSAKey.pemToBase64 deprecated + - x509 1.1.14 to 1.1.15 + - make X509.pemToBase64 deprecated + - further refactoring. reducing min.js size by refactoring + - asn1 1.0.12 to 1.0.13 + - asn1cades 1.0.2 to 1.0.3 + - asn1cms 1.0.3 to 1.0.4 + - asn1csr 1.0.4 to 1.0.5 + - asn1ocsp 1.0.2 to 1.0.3 + - asn1tsp 1.0.2 to 1.0.3 + - asn1x509 1.0.23 to 1.0.24 + - jws 3.3.6 to 3.3.7 + - jwsjs 2.1.0 to 2.1.1 + - keyutil 1.1.1 to 1.1.2 + - pkcs5pkey 1.1.1 to 1.1.2 + - x509 1.1.14 to 1.1.15 + * Changes from 7.1.4 to 7.2.0 (2017-May-21) - major refactoring before reducing file size - major refactoring for ASN1HEX diff --git a/Makefile b/Makefile index 96333420..d68cd2a8 100644 --- a/Makefile +++ b/Makefile @@ -1,15 +1,30 @@ -all: join-main +.PHONY: all -join-minify: *min.js ext/*min.js npm/lib/header.js npm/lib/footer.js - cat *min.js $(shell find ext/ -name "*min.js") | sed "s/\/*! /\n\/*! /g" > jsrsasign-4.9.0-mdcone-all-min.js - cp jsrsasign-4.9.0-mdcone-all-min.js jsrsasign-latest-all-min.js +FILES_MIN = \ + min/asn1-1.0.min.js \ + min/asn1hex-1.1.min.js \ + min/asn1x509-1.0.min.js \ + min/asn1cms-1.0.min.js \ + min/asn1tsp-1.0.min.js \ + min/asn1cades-1.0.min.js \ + min/asn1csr-1.0.min.js \ + min/asn1ocsp-1.0.min.js \ + min/base64x-1.1.min.js \ + min/crypto-1.1.min.js \ + min/ecdsa-modified-1.0.min.js \ + min/ecparam-1.0.min.js \ + min/dsa-2.0.min.js \ + min/pkcs5pkey-1.0.min.js \ + min/keyutil-1.0.min.js \ + min/rsapem-1.1.min.js \ + min/rsasign-1.2.min.js \ + min/x509-1.1.min.js \ + min/jws-3.3.min.js \ + min/jwsjs-2.0.min.js -#min-js: *.js -# for i in `ls *.js | grep -v "min.js"` ; do java -jar ~/src/yuicompressor/build/yuicompressor-2.4.8.jar $i -o `echo $i | sed 's/.js/-min.js/g'` ; done +all-min: $(FILES_MIN) + @echo "all min converted." + +min/%.min.js: src/%.js + yuicmp $^ -o $@ -join-main: join-minify - cat \ - npm/lib/header.js \ - jsrsasign-latest-all-min.js \ - npm/lib/footer.js \ - > npm/lib/jsrsasign.js diff --git a/api/files.html b/api/files.html index 88a25fb0..bb959a5f 100644 --- a/api/files.html +++ b/api/files.html @@ -443,7 +443,7 @@

asn1-1.0.js

Version:
-
asn1 1.0.12 (2016-Nov-19)
+
asn1 1.0.13 (2017-Jun-02)
@@ -462,7 +462,7 @@

asn1cades-1.0.js

Version:
-
jsrsasign 7.2.0 asn1cades 1.0.2 (2017-May-12)
+
jsrsasign 7.2.1 asn1cades 1.0.3 (2017-Jun-03)
@@ -481,7 +481,7 @@

asn1cms-1.0.js

Version:
-
1.0.3 (2017-Jan-14)
+
1.0.4 (2017-May-30)
@@ -500,7 +500,7 @@

asn1csr-1.0.js

Version:
-
jsrsasign 7.2.0 asn1csr 1.0.4 (2017-May-21)
+
jsrsasign 7.2.1 asn1csr 1.0.5 (2017-Jun-03)
@@ -519,7 +519,7 @@

asn1hex-1.1.js

Version:
-
asn1hex 1.1.11 (2017-May-11)
+
asn1hex 1.1.12 (2017-Jun-03)
@@ -538,7 +538,7 @@

asn1ocsp-1.0.js

Version:
-
jsrsasign 7.2.0 asn1ocsp 1.0.2 (2017-May-12)
+
jsrsasign 7.2.1 asn1ocsp 1.0.3 (2017-Jun-03)
@@ -557,7 +557,7 @@

asn1tsp-1.0.js

Version:
-
jsrsasign 7.2.0 asn1tsp 1.0.2 (2017-May-12)
+
jsrsasign 7.2.1 asn1tsp 1.0.3 (2017-Jun-03)
@@ -576,7 +576,7 @@

asn1x509-1.0.js

Version:
-
1.0.23 (2017-Apr-30)
+
1.0.24 (2017-May-28)
@@ -595,7 +595,7 @@

base64x-1.1.js

Version:
-
jsrsasign 7.2.0 base64x 1.1.11 (2017-May-20)
+
jsrsasign 7.2.1 base64x 1.1.12 (2017-Jun-03)
@@ -690,7 +690,7 @@

jws-3.3.js

Version:
-
3.3.6 (2017-Apr-15)
+
jsrsasign 7.2.1 jws 3.3.7 (2017-Jun-03)
@@ -709,7 +709,7 @@

jwsjs-2.0.js

Version:
-
2.1.0 (2016 Sep 6)
+
jsrsasign 7.2.1 jwsjs 2.1.1 (2017-Jun-03)
@@ -728,7 +728,7 @@

keyutil-1.0.js

Version:
-
jsrsasign 7.2.0 keyutil 1.1.1 (2017-May-21)
+
jsrsasign 7.2.1 keyutil 1.1.2 (2017-Jun-03)
@@ -766,7 +766,7 @@

pkcs5pkey-1.0.js (DEPRECATED)Version: -
jsrsasign 7.2.0 pkcs5pkey 1.1.1 (2017-May-12)
+
jsrsasign 7.2.1 pkcs5pkey 1.1.2 (2017-Jun-03)
@@ -785,7 +785,7 @@

rsapem-1.1.js

Version:
-
jsrsasign 7.2.0 rsapem 1.2.1 (2017-May-12)
+
jsrsasign 7.2.1 rsapem 1.2.2 (2017-Jun-03)
@@ -823,7 +823,7 @@

x509-1.1.js

Version:
-
jsrsasign 7.2.0 x509 1.1.14 (2017-May-12)
+
jsrsasign 7.2.1 x509 1.1.15 (2017-Jun-03)
diff --git a/api/symbols/ASN1HEX.html b/api/symbols/ASN1HEX.html index 4b8b28ce..fac5c4b9 100644 --- a/api/symbols/ASN1HEX.html +++ b/api/symbols/ASN1HEX.html @@ -770,7 +770,7 @@

ASN1HEX.pemToHex(s, sHead)
-
get hexacedimal string from PEM format data
+
(DEPRECATED) get hexacedimal string from PEM format data
This static method gets a hexacedimal string of contents from PEM format data.
@@ -933,7 +933,7 @@

INTEGER 01 INTEGER 02 // 5) ASN.1 DUMP FOR X.509 CERTIFICATE -ASN1HEX.dump(ASN1HEX.pemToHex(certPEM)) +ASN1HEX.dump(pemtohex(certPEM)) ↓ SEQUENCE SEQUENCE @@ -2625,7 +2625,7 @@

- get hexacedimal string from PEM format data
+ (DEPRECATED) get hexacedimal string from PEM format data
This static method gets a hexacedimal string of contents from PEM format data. You can explicitly specify PEM header by sHead argument. @@ -2665,6 +2665,13 @@

+
+
Deprecated:
+
+ since jsrsasign 7.2.1 asn1hex 1.1.12. Please move to pemtohex +
+
+
Since:
diff --git a/api/symbols/KJUR.asn1.x509.X509Util.html b/api/symbols/KJUR.asn1.x509.X509Util.html index ab57b719..261fe2af 100644 --- a/api/symbols/KJUR.asn1.x509.X509Util.html +++ b/api/symbols/KJUR.asn1.x509.X509Util.html @@ -470,7 +470,7 @@

-
X.509 certificate and CRL utilities class
+
X.509 certificate and CRL utilities class
@@ -536,7 +536,7 @@

- X.509 certificate and CRL utilities class + X.509 certificate and CRL utilities class
@@ -545,6 +545,13 @@

+
+
Deprecated:
+
+ jsrsasign 7.2.1 asn1x509 1.0.24 +
+
+ @@ -596,6 +603,13 @@

+
+
Deprecated:
+
+ jsrsasign 7.2.1 asn1x509 1.0.24 use KEYUTIL.getPEM +
+
+ diff --git a/api/symbols/RSAKey.html b/api/symbols/RSAKey.html index 0f078530..43e2e539 100644 --- a/api/symbols/RSAKey.html +++ b/api/symbols/RSAKey.html @@ -841,6 +841,13 @@

+
+
Deprecated:
+
+ jsrsasign 7.2.1 rsapem 1.1.2 +
+
+ diff --git a/api/symbols/X509.html b/api/symbols/X509.html index 1a16ab79..d7feee88 100644 --- a/api/symbols/X509.html +++ b/api/symbols/X509.html @@ -1148,7 +1148,7 @@

X509.pemToBase64(sCertPEM)
-
get Base64 string from PEM certificate string
+
(DEPRECATED) get Base64 string from PEM certificate string
@@ -4099,7 +4099,7 @@

-
hCert = ASN1HEX.pemToHex(certGithubPEM);
+					
hCert = pemtohex(certGithubPEM);
 a = X509.getV3ExtInfoListOfCertHex(hCert);
 // Then a will be an array of like following:
 [{posTLV: 1952, oid: "2.5.29.35", critical: false, posV: 1968},
@@ -4497,7 +4497,7 @@ 

- get Base64 string from PEM certificate string + (DEPRECATED) get Base64 string from PEM certificate string
@@ -4521,6 +4521,13 @@

+
+
Deprecated:
+
+ jsrsasign 7.2.1 x509 1.1.15 +
+
+ @@ -4698,7 +4705,7 @@

pubKey = KEYUTIL.getKey(pemPublicKey); // or certificate
-hCert = ASN1HEX.pemToHex(pemCert);
+hCert = pemtohex(pemCert);
 isValid = X509.verifySignature(hCert, pubKey);
diff --git a/api/symbols/global__.html b/api/symbols/global__.html index bb2412a5..acc774f3 100644 --- a/api/symbols/global__.html +++ b/api/symbols/global__.html @@ -540,9 +540,9 @@

  -
b64utoutf8(s) + -
+
convert a Base64URL encoded string to a UTF-8 encoded string including CJK or Latin.
@@ -624,6 +624,17 @@

+ +   + +
hextopem(dataHex, pemHeader) +
+
get PEM string from hexadecimal data and header string +This function converts a hexadecimal string to a PEM string with +a specified header.
+ + +   @@ -691,6 +702,17 @@

+ +   + +
pemtohex(s, sHead) +
+
get hexacedimal string from PEM format data
+This static method gets a hexacedimal string of contents +from PEM format data.
+ + +   @@ -816,9 +838,9 @@

  -
utf8tob64u(s) + -
+
convert a UTF-8 encoded string including CJK or Latin to a Base64URL encoded string.
@@ -1252,12 +1274,12 @@

- + {String} b64utoutf8(s)
- + convert a Base64URL encoded string to a UTF-8 encoded string including CJK or Latin.

Defined in: base64x-1.1.js. @@ -1272,18 +1294,31 @@

Parameters:
- s + {String} s
-
+
Base64URL encoded string
+
+
Since:
+
1.1
+
+ +
+
Returns:
+ +
{String} UTF-8 encoded string
+ +
+ +
@@ -1742,6 +1777,73 @@

+
+ + +
+ + {String} + hextopem(dataHex, pemHeader) + +
+
+ get PEM string from hexadecimal data and header string +This function converts a hexadecimal string to a PEM string with +a specified header. Its line break will be CRLF("\r\n"). + +
+ Defined in: base64x-1.1.js. + + +
+ + + +
hextopem('616161', 'RSA PRIVATE KEY') →
+-----BEGIN PRIVATE KEY-----
+YWFh
+-----END PRIVATE KEY-----
+ + + + +
+
Parameters:
+ +
+ {String} dataHex + +
+
hexadecimal string of PEM body
+ +
+ {String} pemHeader + +
+
PEM header string (ex. 'RSA PRIVATE KEY')
+ +
+ + + +
+
Since:
+
jsrasign 7.2.1 base64x 1.1.12
+
+ + + + +
+
Returns:
+ +
{String} PEM formatted string of input data
+ +
+ + + +
@@ -2136,6 +2238,78 @@

+
+ + +
+ + {String} + pemtohex(s, sHead) + +
+
+ get hexacedimal string from PEM format data
+This static method gets a hexacedimal string of contents +from PEM format data. You can explicitly specify PEM header +by sHead argument. +Any space characters such as white space or new line +will be omitted.
+NOTE: Now KEYUTIL.getHexFromPEM and X509.pemToHex +have been deprecated since jsrsasign 7.2.1. +Please use this method instead. + +
+ Defined in: base64x-1.1.js. + + +
+ + + +
pemtohex("-----BEGIN PUBLIC KEY...") → "3082..."
+pemtohex("-----BEGIN CERTIFICATE...", "CERTIFICATE") → "3082..."
+pemtohex(" \r\n-----BEGIN DSA PRIVATE KEY...") → "3082..."
+ + + + +
+
Parameters:
+ +
+ {String} s + +
+
PEM formatted string
+ +
+ {String} sHead + +
+
PEM header string without BEGIN/END(OPTION)
+ +
+ + + +
+
Since:
+
jsrsasign 7.2.1 base64x 1.1.12
+
+ + + + +
+
Returns:
+ +
{String} hexadecimal string data of PEM contents
+ +
+ + + +
@@ -2786,12 +2960,12 @@

- + {String} utf8tob64u(s)
- + convert a UTF-8 encoded string including CJK or Latin to a Base64URL encoded string.

Defined in: base64x-1.1.js. @@ -2806,16 +2980,29 @@

Parameters:
- s + {String} s
-
+
UTF-8 encoded string
+
+
Since:
+
1.1
+
+ + + +
+
Returns:
+ +
{String} Base64URL encoded string
+ +
diff --git a/api/symbols/src/asn1-1.0.js.html b/api/symbols/src/asn1-1.0.js.html index 6839d488..cf4b5b9d 100644 --- a/api/symbols/src/asn1-1.0.js.html +++ b/api/symbols/src/asn1-1.0.js.html @@ -5,12 +5,12 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
  1 /*! asn1-1.0.12.js (c) 2013-2016 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* asn1-1.0.13.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * asn1.js - ASN.1 DER encoder classes
   5  *
-  6  * Copyright (c) 2013-2016 Kenji Urushima (kenji.urushima@gmail.com)
+  6  * Copyright (c) 2013-2017 Kenji Urushima (kenji.urushima@gmail.com)
   7  *
   8  * This software is licensed under the terms of the MIT License.
   9  * http://kjur.github.com/jsrsasign/license
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1-1.0.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version asn1 1.0.12 (2016-Nov-19)
+ 19  * @version asn1 1.0.13 (2017-Jun-02)
  20  * @since jsrsasign 2.1
  21  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -157,1483 +157,1500 @@
 150      * -----END PRIVATE KEY-----
 151      */
 152     this.getPEMStringFromHex = function(dataHex, pemHeader) {
-153         var dataB64 = hextob64(dataHex);
-154         var pemBody = dataB64.replace(/(.{64})/g, "$1\r\n");
-155         pemBody = pemBody.replace(/\r\n$/, '');
-156         return "-----BEGIN " + pemHeader + "-----\r\n" + 
-157             pemBody + 
-158             "\r\n-----END " + pemHeader + "-----\r\n";
-159     };
-160 
-161     /**
-162      * generate ASN1Object specifed by JSON parameters
-163      * @name newObject
-164      * @memberOf KJUR.asn1.ASN1Util
-165      * @function
-166      * @param {Array} param JSON parameter to generate ASN1Object
-167      * @return {KJUR.asn1.ASN1Object} generated object
-168      * @since asn1 1.0.3
-169      * @description
-170      * generate any ASN1Object specified by JSON param
-171      * including ASN.1 primitive or structured.
-172      * Generally 'param' can be described as follows:
-173      * <blockquote>
-174      * {TYPE-OF-ASNOBJ: ASN1OBJ-PARAMETER}
-175      * </blockquote>
-176      * 'TYPE-OF-ASN1OBJ' can be one of following symbols:
-177      * <ul>
-178      * <li>'bool' - DERBoolean</li>
-179      * <li>'int' - DERInteger</li>
-180      * <li>'bitstr' - DERBitString</li>
-181      * <li>'octstr' - DEROctetString</li>
-182      * <li>'null' - DERNull</li>
-183      * <li>'oid' - DERObjectIdentifier</li>
-184      * <li>'enum' - DEREnumerated</li>
-185      * <li>'utf8str' - DERUTF8String</li>
-186      * <li>'numstr' - DERNumericString</li>
-187      * <li>'prnstr' - DERPrintableString</li>
-188      * <li>'telstr' - DERTeletexString</li>
-189      * <li>'ia5str' - DERIA5String</li>
-190      * <li>'utctime' - DERUTCTime</li>
-191      * <li>'gentime' - DERGeneralizedTime</li>
-192      * <li>'seq' - DERSequence</li>
-193      * <li>'set' - DERSet</li>
-194      * <li>'tag' - DERTaggedObject</li>
-195      * </ul>
-196      * @example
-197      * newObject({'prnstr': 'aaa'});
-198      * newObject({'seq': [{'int': 3}, {'prnstr': 'aaa'}]})
-199      * // ASN.1 Tagged Object
-200      * newObject({'tag': {'tag': 'a1', 
-201      *                    'explicit': true,
-202      *                    'obj': {'seq': [{'int': 3}, {'prnstr': 'aaa'}]}}});
-203      * // more simple representation of ASN.1 Tagged Object
-204      * newObject({'tag': ['a1',
-205      *                    true,
-206      *                    {'seq': [
-207      *                      {'int': 3}, 
-208      *                      {'prnstr': 'aaa'}]}
-209      *                   ]});
-210      */
-211     this.newObject = function(param) {
-212         var ns1 = KJUR.asn1;
-213         var keys = Object.keys(param);
-214         if (keys.length != 1)
-215             throw "key of param shall be only one.";
-216         var key = keys[0];
-217 
-218         if (":bool:int:bitstr:octstr:null:oid:enum:utf8str:numstr:prnstr:telstr:ia5str:utctime:gentime:seq:set:tag:".indexOf(":" + key + ":") == -1)
-219             throw "undefined key: " + key;
-220 
-221         if (key == "bool")    return new ns1.DERBoolean(param[key]);
-222         if (key == "int")     return new ns1.DERInteger(param[key]);
-223         if (key == "bitstr")  return new ns1.DERBitString(param[key]);
-224         if (key == "octstr")  return new ns1.DEROctetString(param[key]);
-225         if (key == "null")    return new ns1.DERNull(param[key]);
-226         if (key == "oid")     return new ns1.DERObjectIdentifier(param[key]);
-227         if (key == "enum")    return new ns1.DEREnumerated(param[key]);
-228         if (key == "utf8str") return new ns1.DERUTF8String(param[key]);
-229         if (key == "numstr")  return new ns1.DERNumericString(param[key]);
-230         if (key == "prnstr")  return new ns1.DERPrintableString(param[key]);
-231         if (key == "telstr")  return new ns1.DERTeletexString(param[key]);
-232         if (key == "ia5str")  return new ns1.DERIA5String(param[key]);
-233         if (key == "utctime") return new ns1.DERUTCTime(param[key]);
-234         if (key == "gentime") return new ns1.DERGeneralizedTime(param[key]);
+153 	return hextopem(dataHex, pemHeader);
+154     };
+155 
+156     /**
+157      * generate ASN1Object specifed by JSON parameters
+158      * @name newObject
+159      * @memberOf KJUR.asn1.ASN1Util
+160      * @function
+161      * @param {Array} param JSON parameter to generate ASN1Object
+162      * @return {KJUR.asn1.ASN1Object} generated object
+163      * @since asn1 1.0.3
+164      * @description
+165      * generate any ASN1Object specified by JSON param
+166      * including ASN.1 primitive or structured.
+167      * Generally 'param' can be described as follows:
+168      * <blockquote>
+169      * {TYPE-OF-ASNOBJ: ASN1OBJ-PARAMETER}
+170      * </blockquote>
+171      * 'TYPE-OF-ASN1OBJ' can be one of following symbols:
+172      * <ul>
+173      * <li>'bool' - DERBoolean</li>
+174      * <li>'int' - DERInteger</li>
+175      * <li>'bitstr' - DERBitString</li>
+176      * <li>'octstr' - DEROctetString</li>
+177      * <li>'null' - DERNull</li>
+178      * <li>'oid' - DERObjectIdentifier</li>
+179      * <li>'enum' - DEREnumerated</li>
+180      * <li>'utf8str' - DERUTF8String</li>
+181      * <li>'numstr' - DERNumericString</li>
+182      * <li>'prnstr' - DERPrintableString</li>
+183      * <li>'telstr' - DERTeletexString</li>
+184      * <li>'ia5str' - DERIA5String</li>
+185      * <li>'utctime' - DERUTCTime</li>
+186      * <li>'gentime' - DERGeneralizedTime</li>
+187      * <li>'seq' - DERSequence</li>
+188      * <li>'set' - DERSet</li>
+189      * <li>'tag' - DERTaggedObject</li>
+190      * </ul>
+191      * @example
+192      * newObject({'prnstr': 'aaa'});
+193      * newObject({'seq': [{'int': 3}, {'prnstr': 'aaa'}]})
+194      * // ASN.1 Tagged Object
+195      * newObject({'tag': {'tag': 'a1', 
+196      *                    'explicit': true,
+197      *                    'obj': {'seq': [{'int': 3}, {'prnstr': 'aaa'}]}}});
+198      * // more simple representation of ASN.1 Tagged Object
+199      * newObject({'tag': ['a1',
+200      *                    true,
+201      *                    {'seq': [
+202      *                      {'int': 3}, 
+203      *                      {'prnstr': 'aaa'}]}
+204      *                   ]});
+205      */
+206     this.newObject = function(param) {
+207 	var _KJUR = KJUR,
+208 	    _KJUR_asn1 = _KJUR.asn1,
+209 	    _DERBoolean = _KJUR_asn1.DERBoolean,
+210 	    _DERInteger = _KJUR_asn1.DERInteger,
+211 	    _DERBitString = _KJUR_asn1.DERBitString,
+212 	    _DEROctetString = _KJUR_asn1.DEROctetString,
+213 	    _DERNull = _KJUR_asn1.DERNull,
+214 	    _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
+215 	    _DEREnumerated = _KJUR_asn1.DEREnumerated,
+216 	    _DERUTF8String = _KJUR_asn1.DERUTF8String,
+217 	    _DERNumericString = _KJUR_asn1.DERNumericString,
+218 	    _DERPrintableString = _KJUR_asn1.DERPrintableString,
+219 	    _DERTeletexString = _KJUR_asn1.DERTeletexString,
+220 	    _DERIA5String = _KJUR_asn1.DERIA5String,
+221 	    _DERUTCTime = _KJUR_asn1.DERUTCTime,
+222 	    _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime,
+223 	    _DERSequence = _KJUR_asn1.DERSequence,
+224 	    _DERSet = _KJUR_asn1.DERSet,
+225 	    _DERTaggedObject = _KJUR_asn1.DERTaggedObject,
+226 	    _newObject = _KJUR_asn1.ASN1Util.newObject;
+227 
+228         var keys = Object.keys(param);
+229         if (keys.length != 1)
+230             throw "key of param shall be only one.";
+231         var key = keys[0];
+232 
+233         if (":bool:int:bitstr:octstr:null:oid:enum:utf8str:numstr:prnstr:telstr:ia5str:utctime:gentime:seq:set:tag:".indexOf(":" + key + ":") == -1)
+234             throw "undefined key: " + key;
 235 
-236         if (key == "seq") {
-237             var paramList = param[key];
-238             var a = [];
-239             for (var i = 0; i < paramList.length; i++) {
-240                 var asn1Obj = ns1.ASN1Util.newObject(paramList[i]);
-241                 a.push(asn1Obj);
-242             }
-243             return new ns1.DERSequence({'array': a});
-244         }
-245 
-246         if (key == "set") {
-247             var paramList = param[key];
-248             var a = [];
-249             for (var i = 0; i < paramList.length; i++) {
-250                 var asn1Obj = ns1.ASN1Util.newObject(paramList[i]);
-251                 a.push(asn1Obj);
-252             }
-253             return new ns1.DERSet({'array': a});
-254         }
-255 
-256         if (key == "tag") {
-257             var tagParam = param[key];
-258             if (Object.prototype.toString.call(tagParam) === '[object Array]' &&
-259                 tagParam.length == 3) {
-260                 var obj = ns1.ASN1Util.newObject(tagParam[2]);
-261                 return new ns1.DERTaggedObject({tag: tagParam[0], explicit: tagParam[1], obj: obj});
-262             } else {
-263                 var newParam = {};
-264                 if (tagParam.explicit !== undefined)
-265                     newParam.explicit = tagParam.explicit;
-266                 if (tagParam.tag !== undefined)
-267                     newParam.tag = tagParam.tag;
-268                 if (tagParam.obj === undefined)
-269                     throw "obj shall be specified for 'tag'.";
-270                 newParam.obj = ns1.ASN1Util.newObject(tagParam.obj);
-271                 return new ns1.DERTaggedObject(newParam);
-272             }
-273         }
-274     };
-275 
-276     /**
-277      * get encoded hexadecimal string of ASN1Object specifed by JSON parameters
-278      * @name jsonToASN1HEX
-279      * @memberOf KJUR.asn1.ASN1Util
-280      * @function
-281      * @param {Array} param JSON parameter to generate ASN1Object
-282      * @return hexadecimal string of ASN1Object
-283      * @since asn1 1.0.4
-284      * @description
-285      * As for ASN.1 object representation of JSON object,
-286      * please see {@link newObject}.
-287      * @example
-288      * jsonToASN1HEX({'prnstr': 'aaa'}); 
-289      */
-290     this.jsonToASN1HEX = function(param) {
-291         var asn1Obj = this.newObject(param);
-292         return asn1Obj.getEncodedHex();
-293     };
-294 };
-295 
-296 /**
-297  * get dot noted oid number string from hexadecimal value of OID
-298  * @name oidHexToInt
-299  * @memberOf KJUR.asn1.ASN1Util
-300  * @function
-301  * @param {String} hex hexadecimal value of object identifier
-302  * @return {String} dot noted string of object identifier
-303  * @since jsrsasign 4.8.3 asn1 1.0.7
-304  * @description
-305  * This static method converts from hexadecimal string representation of 
-306  * ASN.1 value of object identifier to oid number string.
-307  * @example
-308  * KJUR.asn1.ASN1Util.oidHexToInt('550406') → "2.5.4.6"
-309  */
-310 KJUR.asn1.ASN1Util.oidHexToInt = function(hex) {
-311     var s = "";
-312     var i01 = parseInt(hex.substr(0, 2), 16);
-313     var i0 = Math.floor(i01 / 40);
-314     var i1 = i01 % 40;
-315     var s = i0 + "." + i1;
-316 
-317     var binbuf = "";
-318     for (var i = 2; i < hex.length; i += 2) {
-319 	var value = parseInt(hex.substr(i, 2), 16);
-320         var bin = ("00000000" + value.toString(2)).slice(- 8);
-321 	binbuf = binbuf + bin.substr(1, 7);
-322 	if (bin.substr(0, 1) == "0") {
-323 	    var bi = new BigInteger(binbuf, 2);
-324 	    s = s + "." + bi.toString(10);
-325 	    binbuf = "";
-326 	}
-327     };
-328 
-329     return s;
-330 };
-331 
-332 /**
-333  * get hexadecimal value of object identifier from dot noted oid value
-334  * @name oidIntToHex
-335  * @memberOf KJUR.asn1.ASN1Util
-336  * @function
-337  * @param {String} oidString dot noted string of object identifier
-338  * @return {String} hexadecimal value of object identifier
-339  * @since jsrsasign 4.8.3 asn1 1.0.7
-340  * @description
-341  * This static method converts from object identifier value string.
-342  * to hexadecimal string representation of it.
-343  * @example
-344  * KJUR.asn1.ASN1Util.oidIntToHex("2.5.4.6") → "550406"
-345  */
-346 KJUR.asn1.ASN1Util.oidIntToHex = function(oidString) {
-347     var itox = function(i) {
-348         var h = i.toString(16);
-349         if (h.length == 1) h = '0' + h;
-350         return h;
-351     };
-352 
-353     var roidtox = function(roid) {
-354         var h = '';
-355         var bi = new BigInteger(roid, 10);
-356         var b = bi.toString(2);
-357         var padLen = 7 - b.length % 7;
-358         if (padLen == 7) padLen = 0;
-359         var bPad = '';
-360         for (var i = 0; i < padLen; i++) bPad += '0';
-361         b = bPad + b;
-362         for (var i = 0; i < b.length - 1; i += 7) {
-363             var b8 = b.substr(i, 7);
-364             if (i != b.length - 7) b8 = '1' + b8;
-365             h += itox(parseInt(b8, 2));
-366         }
+236         if (key == "bool")    return new _DERBoolean(param[key]);
+237         if (key == "int")     return new _DERInteger(param[key]);
+238         if (key == "bitstr")  return new _DERBitString(param[key]);
+239         if (key == "octstr")  return new _DEROctetString(param[key]);
+240         if (key == "null")    return new _DERNull(param[key]);
+241         if (key == "oid")     return new _DERObjectIdentifier(param[key]);
+242         if (key == "enum")    return new _DEREnumerated(param[key]);
+243         if (key == "utf8str") return new _DERUTF8String(param[key]);
+244         if (key == "numstr")  return new _DERNumericString(param[key]);
+245         if (key == "prnstr")  return new _DERPrintableString(param[key]);
+246         if (key == "telstr")  return new _DERTeletexString(param[key]);
+247         if (key == "ia5str")  return new _DERIA5String(param[key]);
+248         if (key == "utctime") return new _DERUTCTime(param[key]);
+249         if (key == "gentime") return new _DERGeneralizedTime(param[key]);
+250 
+251         if (key == "seq") {
+252             var paramList = param[key];
+253             var a = [];
+254             for (var i = 0; i < paramList.length; i++) {
+255                 var asn1Obj = _newObject(paramList[i]);
+256                 a.push(asn1Obj);
+257             }
+258             return new _DERSequence({'array': a});
+259         }
+260 
+261         if (key == "set") {
+262             var paramList = param[key];
+263             var a = [];
+264             for (var i = 0; i < paramList.length; i++) {
+265                 var asn1Obj = _newObject(paramList[i]);
+266                 a.push(asn1Obj);
+267             }
+268             return new _DERSet({'array': a});
+269         }
+270 
+271         if (key == "tag") {
+272             var tagParam = param[key];
+273             if (Object.prototype.toString.call(tagParam) === '[object Array]' &&
+274                 tagParam.length == 3) {
+275                 var obj = _newObject(tagParam[2]);
+276                 return new _DERTaggedObject({tag: tagParam[0],
+277 					     explicit: tagParam[1],
+278 					     obj: obj});
+279             } else {
+280                 var newParam = {};
+281                 if (tagParam.explicit !== undefined)
+282                     newParam.explicit = tagParam.explicit;
+283                 if (tagParam.tag !== undefined)
+284                     newParam.tag = tagParam.tag;
+285                 if (tagParam.obj === undefined)
+286                     throw "obj shall be specified for 'tag'.";
+287                 newParam.obj = _newObject(tagParam.obj);
+288                 return new _DERTaggedObject(newParam);
+289             }
+290         }
+291     };
+292 
+293     /**
+294      * get encoded hexadecimal string of ASN1Object specifed by JSON parameters
+295      * @name jsonToASN1HEX
+296      * @memberOf KJUR.asn1.ASN1Util
+297      * @function
+298      * @param {Array} param JSON parameter to generate ASN1Object
+299      * @return hexadecimal string of ASN1Object
+300      * @since asn1 1.0.4
+301      * @description
+302      * As for ASN.1 object representation of JSON object,
+303      * please see {@link newObject}.
+304      * @example
+305      * jsonToASN1HEX({'prnstr': 'aaa'}); 
+306      */
+307     this.jsonToASN1HEX = function(param) {
+308         var asn1Obj = this.newObject(param);
+309         return asn1Obj.getEncodedHex();
+310     };
+311 };
+312 
+313 /**
+314  * get dot noted oid number string from hexadecimal value of OID
+315  * @name oidHexToInt
+316  * @memberOf KJUR.asn1.ASN1Util
+317  * @function
+318  * @param {String} hex hexadecimal value of object identifier
+319  * @return {String} dot noted string of object identifier
+320  * @since jsrsasign 4.8.3 asn1 1.0.7
+321  * @description
+322  * This static method converts from hexadecimal string representation of 
+323  * ASN.1 value of object identifier to oid number string.
+324  * @example
+325  * KJUR.asn1.ASN1Util.oidHexToInt('550406') → "2.5.4.6"
+326  */
+327 KJUR.asn1.ASN1Util.oidHexToInt = function(hex) {
+328     var s = "";
+329     var i01 = parseInt(hex.substr(0, 2), 16);
+330     var i0 = Math.floor(i01 / 40);
+331     var i1 = i01 % 40;
+332     var s = i0 + "." + i1;
+333 
+334     var binbuf = "";
+335     for (var i = 2; i < hex.length; i += 2) {
+336 	var value = parseInt(hex.substr(i, 2), 16);
+337         var bin = ("00000000" + value.toString(2)).slice(- 8);
+338 	binbuf = binbuf + bin.substr(1, 7);
+339 	if (bin.substr(0, 1) == "0") {
+340 	    var bi = new BigInteger(binbuf, 2);
+341 	    s = s + "." + bi.toString(10);
+342 	    binbuf = "";
+343 	}
+344     };
+345 
+346     return s;
+347 };
+348 
+349 /**
+350  * get hexadecimal value of object identifier from dot noted oid value
+351  * @name oidIntToHex
+352  * @memberOf KJUR.asn1.ASN1Util
+353  * @function
+354  * @param {String} oidString dot noted string of object identifier
+355  * @return {String} hexadecimal value of object identifier
+356  * @since jsrsasign 4.8.3 asn1 1.0.7
+357  * @description
+358  * This static method converts from object identifier value string.
+359  * to hexadecimal string representation of it.
+360  * @example
+361  * KJUR.asn1.ASN1Util.oidIntToHex("2.5.4.6") → "550406"
+362  */
+363 KJUR.asn1.ASN1Util.oidIntToHex = function(oidString) {
+364     var itox = function(i) {
+365         var h = i.toString(16);
+366         if (h.length == 1) h = '0' + h;
 367         return h;
 368     };
-369     
-370     if (! oidString.match(/^[0-9.]+$/)) {
-371         throw "malformed oid string: " + oidString;
-372     }
-373     var h = '';
-374     var a = oidString.split('.');
-375     var i0 = parseInt(a[0]) * 40 + parseInt(a[1]);
-376     h += itox(i0);
-377     a.splice(0, 2);
-378     for (var i = 0; i < a.length; i++) {
-379         h += roidtox(a[i]);
-380     }
-381     return h;
-382 };
-383 
-384 
-385 // ********************************************************************
-386 //  Abstract ASN.1 Classes
-387 // ********************************************************************
-388 
-389 // ********************************************************************
-390 
-391 /**
-392  * base class for ASN.1 DER encoder object
-393  * @name KJUR.asn1.ASN1Object
-394  * @class base class for ASN.1 DER encoder object
-395  * @property {Boolean} isModified flag whether internal data was changed
-396  * @property {String} hTLV hexadecimal string of ASN.1 TLV
-397  * @property {String} hT hexadecimal string of ASN.1 TLV tag(T)
-398  * @property {String} hL hexadecimal string of ASN.1 TLV length(L)
-399  * @property {String} hV hexadecimal string of ASN.1 TLV value(V)
-400  * @description
-401  */
-402 KJUR.asn1.ASN1Object = function() {
-403     var isModified = true;
-404     var hTLV = null;
-405     var hT = '00';
-406     var hL = '00';
-407     var hV = '';
-408 
-409     /**
-410      * get hexadecimal ASN.1 TLV length(L) bytes from TLV value(V)
-411      * @name getLengthHexFromValue
-412      * @memberOf KJUR.asn1.ASN1Object#
-413      * @function
-414      * @return {String} hexadecimal string of ASN.1 TLV length(L)
-415      */
-416     this.getLengthHexFromValue = function() {
-417         if (typeof this.hV == "undefined" || this.hV == null) {
-418             throw "this.hV is null or undefined.";
-419         }
-420         if (this.hV.length % 2 == 1) {
-421             throw "value hex must be even length: n=" + hV.length + ",v=" + this.hV;
-422         }
-423         var n = this.hV.length / 2;
-424         var hN = n.toString(16);
-425         if (hN.length % 2 == 1) {
-426             hN = "0" + hN;
-427         }
-428         if (n < 128) {
-429             return hN;
-430         } else {
-431             var hNlen = hN.length / 2;
-432             if (hNlen > 15) {
-433                 throw "ASN.1 length too long to represent by 8x: n = " + n.toString(16);
-434             }
-435             var head = 128 + hNlen;
-436             return head.toString(16) + hN;
-437         }
-438     };
-439 
-440     /**
-441      * get hexadecimal string of ASN.1 TLV bytes
-442      * @name getEncodedHex
-443      * @memberOf KJUR.asn1.ASN1Object#
-444      * @function
-445      * @return {String} hexadecimal string of ASN.1 TLV
-446      */
-447     this.getEncodedHex = function() {
-448         if (this.hTLV == null || this.isModified) {
-449             this.hV = this.getFreshValueHex();
-450             this.hL = this.getLengthHexFromValue();
-451             this.hTLV = this.hT + this.hL + this.hV;
-452             this.isModified = false;
-453             //alert("first time: " + this.hTLV);
+369 
+370     var roidtox = function(roid) {
+371         var h = '';
+372         var bi = new BigInteger(roid, 10);
+373         var b = bi.toString(2);
+374         var padLen = 7 - b.length % 7;
+375         if (padLen == 7) padLen = 0;
+376         var bPad = '';
+377         for (var i = 0; i < padLen; i++) bPad += '0';
+378         b = bPad + b;
+379         for (var i = 0; i < b.length - 1; i += 7) {
+380             var b8 = b.substr(i, 7);
+381             if (i != b.length - 7) b8 = '1' + b8;
+382             h += itox(parseInt(b8, 2));
+383         }
+384         return h;
+385     };
+386     
+387     if (! oidString.match(/^[0-9.]+$/)) {
+388         throw "malformed oid string: " + oidString;
+389     }
+390     var h = '';
+391     var a = oidString.split('.');
+392     var i0 = parseInt(a[0]) * 40 + parseInt(a[1]);
+393     h += itox(i0);
+394     a.splice(0, 2);
+395     for (var i = 0; i < a.length; i++) {
+396         h += roidtox(a[i]);
+397     }
+398     return h;
+399 };
+400 
+401 
+402 // ********************************************************************
+403 //  Abstract ASN.1 Classes
+404 // ********************************************************************
+405 
+406 // ********************************************************************
+407 
+408 /**
+409  * base class for ASN.1 DER encoder object
+410  * @name KJUR.asn1.ASN1Object
+411  * @class base class for ASN.1 DER encoder object
+412  * @property {Boolean} isModified flag whether internal data was changed
+413  * @property {String} hTLV hexadecimal string of ASN.1 TLV
+414  * @property {String} hT hexadecimal string of ASN.1 TLV tag(T)
+415  * @property {String} hL hexadecimal string of ASN.1 TLV length(L)
+416  * @property {String} hV hexadecimal string of ASN.1 TLV value(V)
+417  * @description
+418  */
+419 KJUR.asn1.ASN1Object = function() {
+420     var isModified = true;
+421     var hTLV = null;
+422     var hT = '00';
+423     var hL = '00';
+424     var hV = '';
+425 
+426     /**
+427      * get hexadecimal ASN.1 TLV length(L) bytes from TLV value(V)
+428      * @name getLengthHexFromValue
+429      * @memberOf KJUR.asn1.ASN1Object#
+430      * @function
+431      * @return {String} hexadecimal string of ASN.1 TLV length(L)
+432      */
+433     this.getLengthHexFromValue = function() {
+434         if (typeof this.hV == "undefined" || this.hV == null) {
+435             throw "this.hV is null or undefined.";
+436         }
+437         if (this.hV.length % 2 == 1) {
+438             throw "value hex must be even length: n=" + hV.length + ",v=" + this.hV;
+439         }
+440         var n = this.hV.length / 2;
+441         var hN = n.toString(16);
+442         if (hN.length % 2 == 1) {
+443             hN = "0" + hN;
+444         }
+445         if (n < 128) {
+446             return hN;
+447         } else {
+448             var hNlen = hN.length / 2;
+449             if (hNlen > 15) {
+450                 throw "ASN.1 length too long to represent by 8x: n = " + n.toString(16);
+451             }
+452             var head = 128 + hNlen;
+453             return head.toString(16) + hN;
 454         }
-455         return this.hTLV;
-456     };
-457 
-458     /**
-459      * get hexadecimal string of ASN.1 TLV value(V) bytes
-460      * @name getValueHex
-461      * @memberOf KJUR.asn1.ASN1Object#
-462      * @function
-463      * @return {String} hexadecimal string of ASN.1 TLV value(V) bytes
-464      */
-465     this.getValueHex = function() {
-466         this.getEncodedHex();
-467         return this.hV;
-468     }
-469 
-470     this.getFreshValueHex = function() {
-471         return '';
-472     };
-473 };
+455     };
+456 
+457     /**
+458      * get hexadecimal string of ASN.1 TLV bytes
+459      * @name getEncodedHex
+460      * @memberOf KJUR.asn1.ASN1Object#
+461      * @function
+462      * @return {String} hexadecimal string of ASN.1 TLV
+463      */
+464     this.getEncodedHex = function() {
+465         if (this.hTLV == null || this.isModified) {
+466             this.hV = this.getFreshValueHex();
+467             this.hL = this.getLengthHexFromValue();
+468             this.hTLV = this.hT + this.hL + this.hV;
+469             this.isModified = false;
+470             //alert("first time: " + this.hTLV);
+471         }
+472         return this.hTLV;
+473     };
 474 
-475 // == BEGIN DERAbstractString ================================================
-476 /**
-477  * base class for ASN.1 DER string classes
-478  * @name KJUR.asn1.DERAbstractString
-479  * @class base class for ASN.1 DER string classes
-480  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-481  * @property {String} s internal string of value
-482  * @extends KJUR.asn1.ASN1Object
-483  * @description
-484  * <br/>
-485  * As for argument 'params' for constructor, you can specify one of
-486  * following properties:
-487  * <ul>
-488  * <li>str - specify initial ASN.1 value(V) by a string</li>
-489  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
-490  * </ul>
-491  * NOTE: 'params' can be omitted.
-492  */
-493 KJUR.asn1.DERAbstractString = function(params) {
-494     KJUR.asn1.DERAbstractString.superclass.constructor.call(this);
-495     var s = null;
-496     var hV = null;
-497 
-498     /**
-499      * get string value of this string object
-500      * @name getString
-501      * @memberOf KJUR.asn1.DERAbstractString#
-502      * @function
-503      * @return {String} string value of this string object
-504      */
-505     this.getString = function() {
-506         return this.s;
-507     };
-508 
-509     /**
-510      * set value by a string
-511      * @name setString
-512      * @memberOf KJUR.asn1.DERAbstractString#
-513      * @function
-514      * @param {String} newS value by a string to set
-515      */
-516     this.setString = function(newS) {
-517         this.hTLV = null;
-518         this.isModified = true;
-519         this.s = newS;
-520         this.hV = stohex(this.s);
-521     };
-522 
-523     /**
-524      * set value by a hexadecimal string
-525      * @name setStringHex
-526      * @memberOf KJUR.asn1.DERAbstractString#
-527      * @function
-528      * @param {String} newHexString value by a hexadecimal string to set
-529      */
-530     this.setStringHex = function(newHexString) {
-531         this.hTLV = null;
-532         this.isModified = true;
-533         this.s = null;
-534         this.hV = newHexString;
-535     };
-536 
-537     this.getFreshValueHex = function() {
-538         return this.hV;
-539     };
-540 
-541     if (typeof params != "undefined") {
-542         if (typeof params == "string") {
-543             this.setString(params);
-544         } else if (typeof params['str'] != "undefined") {
-545             this.setString(params['str']);
-546         } else if (typeof params['hex'] != "undefined") {
-547             this.setStringHex(params['hex']);
-548         }
-549     }
-550 };
-551 YAHOO.lang.extend(KJUR.asn1.DERAbstractString, KJUR.asn1.ASN1Object);
-552 // == END   DERAbstractString ================================================
+475     /**
+476      * get hexadecimal string of ASN.1 TLV value(V) bytes
+477      * @name getValueHex
+478      * @memberOf KJUR.asn1.ASN1Object#
+479      * @function
+480      * @return {String} hexadecimal string of ASN.1 TLV value(V) bytes
+481      */
+482     this.getValueHex = function() {
+483         this.getEncodedHex();
+484         return this.hV;
+485     }
+486 
+487     this.getFreshValueHex = function() {
+488         return '';
+489     };
+490 };
+491 
+492 // == BEGIN DERAbstractString ================================================
+493 /**
+494  * base class for ASN.1 DER string classes
+495  * @name KJUR.asn1.DERAbstractString
+496  * @class base class for ASN.1 DER string classes
+497  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+498  * @property {String} s internal string of value
+499  * @extends KJUR.asn1.ASN1Object
+500  * @description
+501  * <br/>
+502  * As for argument 'params' for constructor, you can specify one of
+503  * following properties:
+504  * <ul>
+505  * <li>str - specify initial ASN.1 value(V) by a string</li>
+506  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
+507  * </ul>
+508  * NOTE: 'params' can be omitted.
+509  */
+510 KJUR.asn1.DERAbstractString = function(params) {
+511     KJUR.asn1.DERAbstractString.superclass.constructor.call(this);
+512     var s = null;
+513     var hV = null;
+514 
+515     /**
+516      * get string value of this string object
+517      * @name getString
+518      * @memberOf KJUR.asn1.DERAbstractString#
+519      * @function
+520      * @return {String} string value of this string object
+521      */
+522     this.getString = function() {
+523         return this.s;
+524     };
+525 
+526     /**
+527      * set value by a string
+528      * @name setString
+529      * @memberOf KJUR.asn1.DERAbstractString#
+530      * @function
+531      * @param {String} newS value by a string to set
+532      */
+533     this.setString = function(newS) {
+534         this.hTLV = null;
+535         this.isModified = true;
+536         this.s = newS;
+537         this.hV = stohex(this.s);
+538     };
+539 
+540     /**
+541      * set value by a hexadecimal string
+542      * @name setStringHex
+543      * @memberOf KJUR.asn1.DERAbstractString#
+544      * @function
+545      * @param {String} newHexString value by a hexadecimal string to set
+546      */
+547     this.setStringHex = function(newHexString) {
+548         this.hTLV = null;
+549         this.isModified = true;
+550         this.s = null;
+551         this.hV = newHexString;
+552     };
 553 
-554 // == BEGIN DERAbstractTime ==================================================
-555 /**
-556  * base class for ASN.1 DER Generalized/UTCTime class
-557  * @name KJUR.asn1.DERAbstractTime
-558  * @class base class for ASN.1 DER Generalized/UTCTime class
-559  * @param {Array} params associative array of parameters (ex. {'str': '130430235959Z'})
-560  * @extends KJUR.asn1.ASN1Object
-561  * @description
-562  * @see KJUR.asn1.ASN1Object - superclass
-563  */
-564 KJUR.asn1.DERAbstractTime = function(params) {
-565     KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);
-566     var s = null;
-567     var date = null;
-568 
-569     // --- PRIVATE METHODS --------------------
-570     this.localDateToUTC = function(d) {
-571         utc = d.getTime() + (d.getTimezoneOffset() * 60000);
-572         var utcDate = new Date(utc);
-573         return utcDate;
-574     };
-575 
-576     /*
-577      * format date string by Data object
-578      * @name formatDate
-579      * @memberOf KJUR.asn1.AbstractTime;
-580      * @param {Date} dateObject 
-581      * @param {string} type 'utc' or 'gen'
-582      * @param {boolean} withMillis flag for with millisections or not
-583      * @description
-584      * 'withMillis' flag is supported from asn1 1.0.6.
-585      */
-586     this.formatDate = function(dateObject, type, withMillis) {
-587         var pad = this.zeroPadding;
-588         var d = this.localDateToUTC(dateObject);
-589         var year = String(d.getFullYear());
-590         if (type == 'utc') year = year.substr(2, 2);
-591         var month = pad(String(d.getMonth() + 1), 2);
-592         var day = pad(String(d.getDate()), 2);
-593         var hour = pad(String(d.getHours()), 2);
-594         var min = pad(String(d.getMinutes()), 2);
-595         var sec = pad(String(d.getSeconds()), 2);
-596         var s = year + month + day + hour + min + sec;
-597         if (withMillis === true) {
-598             var millis = d.getMilliseconds();
-599             if (millis != 0) {
-600                 var sMillis = pad(String(millis), 3);
-601                 sMillis = sMillis.replace(/[0]+$/, "");
-602                 s = s + "." + sMillis;
-603             }
-604         }
-605         return s + "Z";
-606     };
-607 
-608     this.zeroPadding = function(s, len) {
-609         if (s.length >= len) return s;
-610         return new Array(len - s.length + 1).join('0') + s;
-611     };
-612 
-613     // --- PUBLIC METHODS --------------------
-614     /**
-615      * get string value of this string object
-616      * @name getString
-617      * @memberOf KJUR.asn1.DERAbstractTime#
-618      * @function
-619      * @return {String} string value of this time object
-620      */
-621     this.getString = function() {
-622         return this.s;
+554     this.getFreshValueHex = function() {
+555         return this.hV;
+556     };
+557 
+558     if (typeof params != "undefined") {
+559         if (typeof params == "string") {
+560             this.setString(params);
+561         } else if (typeof params['str'] != "undefined") {
+562             this.setString(params['str']);
+563         } else if (typeof params['hex'] != "undefined") {
+564             this.setStringHex(params['hex']);
+565         }
+566     }
+567 };
+568 YAHOO.lang.extend(KJUR.asn1.DERAbstractString, KJUR.asn1.ASN1Object);
+569 // == END   DERAbstractString ================================================
+570 
+571 // == BEGIN DERAbstractTime ==================================================
+572 /**
+573  * base class for ASN.1 DER Generalized/UTCTime class
+574  * @name KJUR.asn1.DERAbstractTime
+575  * @class base class for ASN.1 DER Generalized/UTCTime class
+576  * @param {Array} params associative array of parameters (ex. {'str': '130430235959Z'})
+577  * @extends KJUR.asn1.ASN1Object
+578  * @description
+579  * @see KJUR.asn1.ASN1Object - superclass
+580  */
+581 KJUR.asn1.DERAbstractTime = function(params) {
+582     KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);
+583     var s = null;
+584     var date = null;
+585 
+586     // --- PRIVATE METHODS --------------------
+587     this.localDateToUTC = function(d) {
+588         utc = d.getTime() + (d.getTimezoneOffset() * 60000);
+589         var utcDate = new Date(utc);
+590         return utcDate;
+591     };
+592 
+593     /*
+594      * format date string by Data object
+595      * @name formatDate
+596      * @memberOf KJUR.asn1.AbstractTime;
+597      * @param {Date} dateObject 
+598      * @param {string} type 'utc' or 'gen'
+599      * @param {boolean} withMillis flag for with millisections or not
+600      * @description
+601      * 'withMillis' flag is supported from asn1 1.0.6.
+602      */
+603     this.formatDate = function(dateObject, type, withMillis) {
+604         var pad = this.zeroPadding;
+605         var d = this.localDateToUTC(dateObject);
+606         var year = String(d.getFullYear());
+607         if (type == 'utc') year = year.substr(2, 2);
+608         var month = pad(String(d.getMonth() + 1), 2);
+609         var day = pad(String(d.getDate()), 2);
+610         var hour = pad(String(d.getHours()), 2);
+611         var min = pad(String(d.getMinutes()), 2);
+612         var sec = pad(String(d.getSeconds()), 2);
+613         var s = year + month + day + hour + min + sec;
+614         if (withMillis === true) {
+615             var millis = d.getMilliseconds();
+616             if (millis != 0) {
+617                 var sMillis = pad(String(millis), 3);
+618                 sMillis = sMillis.replace(/[0]+$/, "");
+619                 s = s + "." + sMillis;
+620             }
+621         }
+622         return s + "Z";
 623     };
 624 
-625     /**
-626      * set value by a string
-627      * @name setString
-628      * @memberOf KJUR.asn1.DERAbstractTime#
-629      * @function
-630      * @param {String} newS value by a string to set such like "130430235959Z"
-631      */
-632     this.setString = function(newS) {
-633         this.hTLV = null;
-634         this.isModified = true;
-635         this.s = newS;
-636         this.hV = stohex(newS);
-637     };
-638 
-639     /**
-640      * set value by a Date object
-641      * @name setByDateValue
-642      * @memberOf KJUR.asn1.DERAbstractTime#
-643      * @function
-644      * @param {Integer} year year of date (ex. 2013)
-645      * @param {Integer} month month of date between 1 and 12 (ex. 12)
-646      * @param {Integer} day day of month
-647      * @param {Integer} hour hours of date
-648      * @param {Integer} min minutes of date
-649      * @param {Integer} sec seconds of date
-650      */
-651     this.setByDateValue = function(year, month, day, hour, min, sec) {
-652         var dateObject = new Date(Date.UTC(year, month - 1, day, hour, min, sec, 0));
-653         this.setByDate(dateObject);
+625     this.zeroPadding = function(s, len) {
+626         if (s.length >= len) return s;
+627         return new Array(len - s.length + 1).join('0') + s;
+628     };
+629 
+630     // --- PUBLIC METHODS --------------------
+631     /**
+632      * get string value of this string object
+633      * @name getString
+634      * @memberOf KJUR.asn1.DERAbstractTime#
+635      * @function
+636      * @return {String} string value of this time object
+637      */
+638     this.getString = function() {
+639         return this.s;
+640     };
+641 
+642     /**
+643      * set value by a string
+644      * @name setString
+645      * @memberOf KJUR.asn1.DERAbstractTime#
+646      * @function
+647      * @param {String} newS value by a string to set such like "130430235959Z"
+648      */
+649     this.setString = function(newS) {
+650         this.hTLV = null;
+651         this.isModified = true;
+652         this.s = newS;
+653         this.hV = stohex(newS);
 654     };
 655 
-656     this.getFreshValueHex = function() {
-657         return this.hV;
-658     };
-659 };
-660 YAHOO.lang.extend(KJUR.asn1.DERAbstractTime, KJUR.asn1.ASN1Object);
-661 // == END   DERAbstractTime ==================================================
-662 
-663 // == BEGIN DERAbstractStructured ============================================
-664 /**
-665  * base class for ASN.1 DER structured class
-666  * @name KJUR.asn1.DERAbstractStructured
-667  * @class base class for ASN.1 DER structured class
-668  * @property {Array} asn1Array internal array of ASN1Object
-669  * @extends KJUR.asn1.ASN1Object
-670  * @description
-671  * @see KJUR.asn1.ASN1Object - superclass
-672  */
-673 KJUR.asn1.DERAbstractStructured = function(params) {
-674     KJUR.asn1.DERAbstractString.superclass.constructor.call(this);
-675     var asn1Array = null;
-676 
-677     /**
-678      * set value by array of ASN1Object
-679      * @name setByASN1ObjectArray
-680      * @memberOf KJUR.asn1.DERAbstractStructured#
-681      * @function
-682      * @param {array} asn1ObjectArray array of ASN1Object to set
-683      */
-684     this.setByASN1ObjectArray = function(asn1ObjectArray) {
-685         this.hTLV = null;
-686         this.isModified = true;
-687         this.asn1Array = asn1ObjectArray;
-688     };
-689 
-690     /**
-691      * append an ASN1Object to internal array
-692      * @name appendASN1Object
-693      * @memberOf KJUR.asn1.DERAbstractStructured#
-694      * @function
-695      * @param {ASN1Object} asn1Object to add
-696      */
-697     this.appendASN1Object = function(asn1Object) {
-698         this.hTLV = null;
-699         this.isModified = true;
-700         this.asn1Array.push(asn1Object);
-701     };
-702 
-703     this.asn1Array = new Array();
-704     if (typeof params != "undefined") {
-705         if (typeof params['array'] != "undefined") {
-706             this.asn1Array = params['array'];
-707         }
-708     }
-709 };
-710 YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured, KJUR.asn1.ASN1Object);
-711 
-712 
-713 // ********************************************************************
-714 //  ASN.1 Object Classes
-715 // ********************************************************************
-716 
-717 // ********************************************************************
-718 /**
-719  * class for ASN.1 DER Boolean
-720  * @name KJUR.asn1.DERBoolean
-721  * @class class for ASN.1 DER Boolean
-722  * @extends KJUR.asn1.ASN1Object
-723  * @description
-724  * @see KJUR.asn1.ASN1Object - superclass
-725  */
-726 KJUR.asn1.DERBoolean = function() {
-727     KJUR.asn1.DERBoolean.superclass.constructor.call(this);
-728     this.hT = "01";
-729     this.hTLV = "0101ff";
-730 };
-731 YAHOO.lang.extend(KJUR.asn1.DERBoolean, KJUR.asn1.ASN1Object);
-732 
-733 // ********************************************************************
-734 /**
-735  * class for ASN.1 DER Integer
-736  * @name KJUR.asn1.DERInteger
-737  * @class class for ASN.1 DER Integer
-738  * @extends KJUR.asn1.ASN1Object
-739  * @description
-740  * <br/>
-741  * As for argument 'params' for constructor, you can specify one of
-742  * following properties:
-743  * <ul>
-744  * <li>int - specify initial ASN.1 value(V) by integer value</li>
-745  * <li>bigint - specify initial ASN.1 value(V) by BigInteger object</li>
-746  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
-747  * </ul>
-748  * NOTE: 'params' can be omitted.
-749  */
-750 KJUR.asn1.DERInteger = function(params) {
-751     KJUR.asn1.DERInteger.superclass.constructor.call(this);
-752     this.hT = "02";
-753 
-754     /**
-755      * set value by Tom Wu's BigInteger object
-756      * @name setByBigInteger
-757      * @memberOf KJUR.asn1.DERInteger#
-758      * @function
-759      * @param {BigInteger} bigIntegerValue to set
-760      */
-761     this.setByBigInteger = function(bigIntegerValue) {
-762         this.hTLV = null;
-763         this.isModified = true;
-764         this.hV = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(bigIntegerValue);
-765     };
-766 
-767     /**
-768      * set value by integer value
-769      * @name setByInteger
-770      * @memberOf KJUR.asn1.DERInteger
-771      * @function
-772      * @param {Integer} integer value to set
-773      */
-774     this.setByInteger = function(intValue) {
-775         var bi = new BigInteger(String(intValue), 10);
-776         this.setByBigInteger(bi);
-777     };
-778 
-779     /**
-780      * set value by integer value
-781      * @name setValueHex
-782      * @memberOf KJUR.asn1.DERInteger#
-783      * @function
-784      * @param {String} hexadecimal string of integer value
-785      * @description
-786      * <br/>
-787      * NOTE: Value shall be represented by minimum octet length of
-788      * two's complement representation.
-789      * @example
-790      * new KJUR.asn1.DERInteger(123);
-791      * new KJUR.asn1.DERInteger({'int': 123});
-792      * new KJUR.asn1.DERInteger({'hex': '1fad'});
-793      */
-794     this.setValueHex = function(newHexString) {
-795         this.hV = newHexString;
-796     };
-797 
-798     this.getFreshValueHex = function() {
-799         return this.hV;
-800     };
-801 
-802     if (typeof params != "undefined") {
-803         if (typeof params['bigint'] != "undefined") {
-804             this.setByBigInteger(params['bigint']);
-805         } else if (typeof params['int'] != "undefined") {
-806             this.setByInteger(params['int']);
-807         } else if (typeof params == "number") {
-808             this.setByInteger(params);
-809         } else if (typeof params['hex'] != "undefined") {
-810             this.setValueHex(params['hex']);
-811         }
-812     }
-813 };
-814 YAHOO.lang.extend(KJUR.asn1.DERInteger, KJUR.asn1.ASN1Object);
-815 
-816 // ********************************************************************
-817 /**
-818  * class for ASN.1 DER encoded BitString primitive
-819  * @name KJUR.asn1.DERBitString
-820  * @class class for ASN.1 DER encoded BitString primitive
-821  * @extends KJUR.asn1.ASN1Object
-822  * @description 
-823  * <br/>
-824  * As for argument 'params' for constructor, you can specify one of
-825  * following properties:
-826  * <ul>
-827  * <li>bin - specify binary string (ex. '10111')</li>
-828  * <li>array - specify array of boolean (ex. [true,false,true,true])</li>
-829  * <li>hex - specify hexadecimal string of ASN.1 value(V) including unused bits</li>
-830  * <li>obj - specify {@link KJUR.asn1.ASN1Util.newObject} 
-831  * argument for "BitString encapsulates" structure.</li>
-832  * </ul>
-833  * NOTE1: 'params' can be omitted.<br/>
-834  * NOTE2: 'obj' parameter have been supported since
-835  * asn1 1.0.11, jsrsasign 6.1.1 (2016-Sep-25).<br/>
-836  * @example
-837  * // default constructor
-838  * o = new KJUR.asn1.DERBitString();
-839  * // initialize with binary string
-840  * o = new KJUR.asn1.DERBitString({bin: "1011"});
-841  * // initialize with boolean array
-842  * o = new KJUR.asn1.DERBitString({array: [true,false,true,true]});
-843  * // initialize with hexadecimal string (04 is unused bits)
-844  * o = new KJUR.asn1.DEROctetString({hex: "04bac0"});
-845  * // initialize with ASN1Util.newObject argument for encapsulated
-846  * o = new KJUR.asn1.DERBitString({obj: {seq: [{int: 3}, {prnstr: 'aaa'}]}});
-847  * // above generates a ASN.1 data like this:
-848  * // BIT STRING, encapsulates {
-849  * //   SEQUENCE {
-850  * //     INTEGER 3
-851  * //     PrintableString 'aaa'
-852  * //     }
-853  * //   } 
-854  */
-855 KJUR.asn1.DERBitString = function(params) {
-856     if (params !== undefined && typeof params.obj !== "undefined") {
-857 	var o = KJUR.asn1.ASN1Util.newObject(params.obj);
-858 	params.hex = "00" + o.getEncodedHex();
-859     }
-860     KJUR.asn1.DERBitString.superclass.constructor.call(this);
-861     this.hT = "03";
-862 
-863     /**
-864      * set ASN.1 value(V) by a hexadecimal string including unused bits
-865      * @name setHexValueIncludingUnusedBits
-866      * @memberOf KJUR.asn1.DERBitString#
-867      * @function
-868      * @param {String} newHexStringIncludingUnusedBits
-869      */
-870     this.setHexValueIncludingUnusedBits = function(newHexStringIncludingUnusedBits) {
-871         this.hTLV = null;
-872         this.isModified = true;
-873         this.hV = newHexStringIncludingUnusedBits;
-874     };
-875 
-876     /**
-877      * set ASN.1 value(V) by unused bit and hexadecimal string of value
-878      * @name setUnusedBitsAndHexValue
-879      * @memberOf KJUR.asn1.DERBitString#
-880      * @function
-881      * @param {Integer} unusedBits
-882      * @param {String} hValue
-883      */
-884     this.setUnusedBitsAndHexValue = function(unusedBits, hValue) {
-885         if (unusedBits < 0 || 7 < unusedBits) {
-886             throw "unused bits shall be from 0 to 7: u = " + unusedBits;
-887         }
-888         var hUnusedBits = "0" + unusedBits;
-889         this.hTLV = null;
-890         this.isModified = true;
-891         this.hV = hUnusedBits + hValue;
-892     };
-893 
-894     /**
-895      * set ASN.1 DER BitString by binary string<br/>
-896      * @name setByBinaryString
-897      * @memberOf KJUR.asn1.DERBitString#
-898      * @function
-899      * @param {String} binaryString binary value string (i.e. '10111')
-900      * @description
-901      * Its unused bits will be calculated automatically by length of 
-902      * 'binaryValue'. <br/>
-903      * NOTE: Trailing zeros '0' will be ignored.
-904      * @example
-905      * o = new KJUR.asn1.DERBitString();
-906      * o.setByBooleanArray("01011");
-907      */
-908     this.setByBinaryString = function(binaryString) {
-909         binaryString = binaryString.replace(/0+$/, '');
-910         var unusedBits = 8 - binaryString.length % 8;
-911         if (unusedBits == 8) unusedBits = 0;
-912         for (var i = 0; i <= unusedBits; i++) {
-913             binaryString += '0';
-914         }
-915         var h = '';
-916         for (var i = 0; i < binaryString.length - 1; i += 8) {
-917             var b = binaryString.substr(i, 8);
-918             var x = parseInt(b, 2).toString(16);
-919             if (x.length == 1) x = '0' + x;
-920             h += x;  
-921         }
-922         this.hTLV = null;
-923         this.isModified = true;
-924         this.hV = '0' + unusedBits + h;
-925     };
-926 
-927     /**
-928      * set ASN.1 TLV value(V) by an array of boolean<br/>
-929      * @name setByBooleanArray
-930      * @memberOf KJUR.asn1.DERBitString#
-931      * @function
-932      * @param {array} booleanArray array of boolean (ex. [true, false, true])
-933      * @description
-934      * NOTE: Trailing falses will be ignored in the ASN.1 DER Object.
-935      * @example
-936      * o = new KJUR.asn1.DERBitString();
-937      * o.setByBooleanArray([false, true, false, true, true]);
-938      */
-939     this.setByBooleanArray = function(booleanArray) {
-940         var s = '';
-941         for (var i = 0; i < booleanArray.length; i++) {
-942             if (booleanArray[i] == true) {
-943                 s += '1';
-944             } else {
-945                 s += '0';
-946             }
-947         }
-948         this.setByBinaryString(s);
-949     };
-950 
-951     /**
-952      * generate an array of falses with specified length<br/>
-953      * @name newFalseArray
-954      * @memberOf KJUR.asn1.DERBitString
-955      * @function
-956      * @param {Integer} nLength length of array to generate
-957      * @return {array} array of boolean falses
-958      * @description
-959      * This static method may be useful to initialize boolean array.
-960      * @example
-961      * o = new KJUR.asn1.DERBitString();
-962      * o.newFalseArray(3) → [false, false, false]
-963      */
-964     this.newFalseArray = function(nLength) {
-965         var a = new Array(nLength);
-966         for (var i = 0; i < nLength; i++) {
-967             a[i] = false;
-968         }
-969         return a;
-970     };
-971 
-972     this.getFreshValueHex = function() {
-973         return this.hV;
-974     };
-975 
-976     if (typeof params != "undefined") {
-977         if (typeof params == "string" && params.toLowerCase().match(/^[0-9a-f]+$/)) {
-978             this.setHexValueIncludingUnusedBits(params);
-979         } else if (typeof params['hex'] != "undefined") {
-980             this.setHexValueIncludingUnusedBits(params['hex']);
-981         } else if (typeof params['bin'] != "undefined") {
-982             this.setByBinaryString(params['bin']);
-983         } else if (typeof params['array'] != "undefined") {
-984             this.setByBooleanArray(params['array']);
+656     /**
+657      * set value by a Date object
+658      * @name setByDateValue
+659      * @memberOf KJUR.asn1.DERAbstractTime#
+660      * @function
+661      * @param {Integer} year year of date (ex. 2013)
+662      * @param {Integer} month month of date between 1 and 12 (ex. 12)
+663      * @param {Integer} day day of month
+664      * @param {Integer} hour hours of date
+665      * @param {Integer} min minutes of date
+666      * @param {Integer} sec seconds of date
+667      */
+668     this.setByDateValue = function(year, month, day, hour, min, sec) {
+669         var dateObject = new Date(Date.UTC(year, month - 1, day, hour, min, sec, 0));
+670         this.setByDate(dateObject);
+671     };
+672 
+673     this.getFreshValueHex = function() {
+674         return this.hV;
+675     };
+676 };
+677 YAHOO.lang.extend(KJUR.asn1.DERAbstractTime, KJUR.asn1.ASN1Object);
+678 // == END   DERAbstractTime ==================================================
+679 
+680 // == BEGIN DERAbstractStructured ============================================
+681 /**
+682  * base class for ASN.1 DER structured class
+683  * @name KJUR.asn1.DERAbstractStructured
+684  * @class base class for ASN.1 DER structured class
+685  * @property {Array} asn1Array internal array of ASN1Object
+686  * @extends KJUR.asn1.ASN1Object
+687  * @description
+688  * @see KJUR.asn1.ASN1Object - superclass
+689  */
+690 KJUR.asn1.DERAbstractStructured = function(params) {
+691     KJUR.asn1.DERAbstractString.superclass.constructor.call(this);
+692     var asn1Array = null;
+693 
+694     /**
+695      * set value by array of ASN1Object
+696      * @name setByASN1ObjectArray
+697      * @memberOf KJUR.asn1.DERAbstractStructured#
+698      * @function
+699      * @param {array} asn1ObjectArray array of ASN1Object to set
+700      */
+701     this.setByASN1ObjectArray = function(asn1ObjectArray) {
+702         this.hTLV = null;
+703         this.isModified = true;
+704         this.asn1Array = asn1ObjectArray;
+705     };
+706 
+707     /**
+708      * append an ASN1Object to internal array
+709      * @name appendASN1Object
+710      * @memberOf KJUR.asn1.DERAbstractStructured#
+711      * @function
+712      * @param {ASN1Object} asn1Object to add
+713      */
+714     this.appendASN1Object = function(asn1Object) {
+715         this.hTLV = null;
+716         this.isModified = true;
+717         this.asn1Array.push(asn1Object);
+718     };
+719 
+720     this.asn1Array = new Array();
+721     if (typeof params != "undefined") {
+722         if (typeof params['array'] != "undefined") {
+723             this.asn1Array = params['array'];
+724         }
+725     }
+726 };
+727 YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured, KJUR.asn1.ASN1Object);
+728 
+729 
+730 // ********************************************************************
+731 //  ASN.1 Object Classes
+732 // ********************************************************************
+733 
+734 // ********************************************************************
+735 /**
+736  * class for ASN.1 DER Boolean
+737  * @name KJUR.asn1.DERBoolean
+738  * @class class for ASN.1 DER Boolean
+739  * @extends KJUR.asn1.ASN1Object
+740  * @description
+741  * @see KJUR.asn1.ASN1Object - superclass
+742  */
+743 KJUR.asn1.DERBoolean = function() {
+744     KJUR.asn1.DERBoolean.superclass.constructor.call(this);
+745     this.hT = "01";
+746     this.hTLV = "0101ff";
+747 };
+748 YAHOO.lang.extend(KJUR.asn1.DERBoolean, KJUR.asn1.ASN1Object);
+749 
+750 // ********************************************************************
+751 /**
+752  * class for ASN.1 DER Integer
+753  * @name KJUR.asn1.DERInteger
+754  * @class class for ASN.1 DER Integer
+755  * @extends KJUR.asn1.ASN1Object
+756  * @description
+757  * <br/>
+758  * As for argument 'params' for constructor, you can specify one of
+759  * following properties:
+760  * <ul>
+761  * <li>int - specify initial ASN.1 value(V) by integer value</li>
+762  * <li>bigint - specify initial ASN.1 value(V) by BigInteger object</li>
+763  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
+764  * </ul>
+765  * NOTE: 'params' can be omitted.
+766  */
+767 KJUR.asn1.DERInteger = function(params) {
+768     KJUR.asn1.DERInteger.superclass.constructor.call(this);
+769     this.hT = "02";
+770 
+771     /**
+772      * set value by Tom Wu's BigInteger object
+773      * @name setByBigInteger
+774      * @memberOf KJUR.asn1.DERInteger#
+775      * @function
+776      * @param {BigInteger} bigIntegerValue to set
+777      */
+778     this.setByBigInteger = function(bigIntegerValue) {
+779         this.hTLV = null;
+780         this.isModified = true;
+781         this.hV = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(bigIntegerValue);
+782     };
+783 
+784     /**
+785      * set value by integer value
+786      * @name setByInteger
+787      * @memberOf KJUR.asn1.DERInteger
+788      * @function
+789      * @param {Integer} integer value to set
+790      */
+791     this.setByInteger = function(intValue) {
+792         var bi = new BigInteger(String(intValue), 10);
+793         this.setByBigInteger(bi);
+794     };
+795 
+796     /**
+797      * set value by integer value
+798      * @name setValueHex
+799      * @memberOf KJUR.asn1.DERInteger#
+800      * @function
+801      * @param {String} hexadecimal string of integer value
+802      * @description
+803      * <br/>
+804      * NOTE: Value shall be represented by minimum octet length of
+805      * two's complement representation.
+806      * @example
+807      * new KJUR.asn1.DERInteger(123);
+808      * new KJUR.asn1.DERInteger({'int': 123});
+809      * new KJUR.asn1.DERInteger({'hex': '1fad'});
+810      */
+811     this.setValueHex = function(newHexString) {
+812         this.hV = newHexString;
+813     };
+814 
+815     this.getFreshValueHex = function() {
+816         return this.hV;
+817     };
+818 
+819     if (typeof params != "undefined") {
+820         if (typeof params['bigint'] != "undefined") {
+821             this.setByBigInteger(params['bigint']);
+822         } else if (typeof params['int'] != "undefined") {
+823             this.setByInteger(params['int']);
+824         } else if (typeof params == "number") {
+825             this.setByInteger(params);
+826         } else if (typeof params['hex'] != "undefined") {
+827             this.setValueHex(params['hex']);
+828         }
+829     }
+830 };
+831 YAHOO.lang.extend(KJUR.asn1.DERInteger, KJUR.asn1.ASN1Object);
+832 
+833 // ********************************************************************
+834 /**
+835  * class for ASN.1 DER encoded BitString primitive
+836  * @name KJUR.asn1.DERBitString
+837  * @class class for ASN.1 DER encoded BitString primitive
+838  * @extends KJUR.asn1.ASN1Object
+839  * @description 
+840  * <br/>
+841  * As for argument 'params' for constructor, you can specify one of
+842  * following properties:
+843  * <ul>
+844  * <li>bin - specify binary string (ex. '10111')</li>
+845  * <li>array - specify array of boolean (ex. [true,false,true,true])</li>
+846  * <li>hex - specify hexadecimal string of ASN.1 value(V) including unused bits</li>
+847  * <li>obj - specify {@link KJUR.asn1.ASN1Util.newObject} 
+848  * argument for "BitString encapsulates" structure.</li>
+849  * </ul>
+850  * NOTE1: 'params' can be omitted.<br/>
+851  * NOTE2: 'obj' parameter have been supported since
+852  * asn1 1.0.11, jsrsasign 6.1.1 (2016-Sep-25).<br/>
+853  * @example
+854  * // default constructor
+855  * o = new KJUR.asn1.DERBitString();
+856  * // initialize with binary string
+857  * o = new KJUR.asn1.DERBitString({bin: "1011"});
+858  * // initialize with boolean array
+859  * o = new KJUR.asn1.DERBitString({array: [true,false,true,true]});
+860  * // initialize with hexadecimal string (04 is unused bits)
+861  * o = new KJUR.asn1.DEROctetString({hex: "04bac0"});
+862  * // initialize with ASN1Util.newObject argument for encapsulated
+863  * o = new KJUR.asn1.DERBitString({obj: {seq: [{int: 3}, {prnstr: 'aaa'}]}});
+864  * // above generates a ASN.1 data like this:
+865  * // BIT STRING, encapsulates {
+866  * //   SEQUENCE {
+867  * //     INTEGER 3
+868  * //     PrintableString 'aaa'
+869  * //     }
+870  * //   } 
+871  */
+872 KJUR.asn1.DERBitString = function(params) {
+873     if (params !== undefined && typeof params.obj !== "undefined") {
+874 	var o = KJUR.asn1.ASN1Util.newObject(params.obj);
+875 	params.hex = "00" + o.getEncodedHex();
+876     }
+877     KJUR.asn1.DERBitString.superclass.constructor.call(this);
+878     this.hT = "03";
+879 
+880     /**
+881      * set ASN.1 value(V) by a hexadecimal string including unused bits
+882      * @name setHexValueIncludingUnusedBits
+883      * @memberOf KJUR.asn1.DERBitString#
+884      * @function
+885      * @param {String} newHexStringIncludingUnusedBits
+886      */
+887     this.setHexValueIncludingUnusedBits = function(newHexStringIncludingUnusedBits) {
+888         this.hTLV = null;
+889         this.isModified = true;
+890         this.hV = newHexStringIncludingUnusedBits;
+891     };
+892 
+893     /**
+894      * set ASN.1 value(V) by unused bit and hexadecimal string of value
+895      * @name setUnusedBitsAndHexValue
+896      * @memberOf KJUR.asn1.DERBitString#
+897      * @function
+898      * @param {Integer} unusedBits
+899      * @param {String} hValue
+900      */
+901     this.setUnusedBitsAndHexValue = function(unusedBits, hValue) {
+902         if (unusedBits < 0 || 7 < unusedBits) {
+903             throw "unused bits shall be from 0 to 7: u = " + unusedBits;
+904         }
+905         var hUnusedBits = "0" + unusedBits;
+906         this.hTLV = null;
+907         this.isModified = true;
+908         this.hV = hUnusedBits + hValue;
+909     };
+910 
+911     /**
+912      * set ASN.1 DER BitString by binary string<br/>
+913      * @name setByBinaryString
+914      * @memberOf KJUR.asn1.DERBitString#
+915      * @function
+916      * @param {String} binaryString binary value string (i.e. '10111')
+917      * @description
+918      * Its unused bits will be calculated automatically by length of 
+919      * 'binaryValue'. <br/>
+920      * NOTE: Trailing zeros '0' will be ignored.
+921      * @example
+922      * o = new KJUR.asn1.DERBitString();
+923      * o.setByBooleanArray("01011");
+924      */
+925     this.setByBinaryString = function(binaryString) {
+926         binaryString = binaryString.replace(/0+$/, '');
+927         var unusedBits = 8 - binaryString.length % 8;
+928         if (unusedBits == 8) unusedBits = 0;
+929         for (var i = 0; i <= unusedBits; i++) {
+930             binaryString += '0';
+931         }
+932         var h = '';
+933         for (var i = 0; i < binaryString.length - 1; i += 8) {
+934             var b = binaryString.substr(i, 8);
+935             var x = parseInt(b, 2).toString(16);
+936             if (x.length == 1) x = '0' + x;
+937             h += x;  
+938         }
+939         this.hTLV = null;
+940         this.isModified = true;
+941         this.hV = '0' + unusedBits + h;
+942     };
+943 
+944     /**
+945      * set ASN.1 TLV value(V) by an array of boolean<br/>
+946      * @name setByBooleanArray
+947      * @memberOf KJUR.asn1.DERBitString#
+948      * @function
+949      * @param {array} booleanArray array of boolean (ex. [true, false, true])
+950      * @description
+951      * NOTE: Trailing falses will be ignored in the ASN.1 DER Object.
+952      * @example
+953      * o = new KJUR.asn1.DERBitString();
+954      * o.setByBooleanArray([false, true, false, true, true]);
+955      */
+956     this.setByBooleanArray = function(booleanArray) {
+957         var s = '';
+958         for (var i = 0; i < booleanArray.length; i++) {
+959             if (booleanArray[i] == true) {
+960                 s += '1';
+961             } else {
+962                 s += '0';
+963             }
+964         }
+965         this.setByBinaryString(s);
+966     };
+967 
+968     /**
+969      * generate an array of falses with specified length<br/>
+970      * @name newFalseArray
+971      * @memberOf KJUR.asn1.DERBitString
+972      * @function
+973      * @param {Integer} nLength length of array to generate
+974      * @return {array} array of boolean falses
+975      * @description
+976      * This static method may be useful to initialize boolean array.
+977      * @example
+978      * o = new KJUR.asn1.DERBitString();
+979      * o.newFalseArray(3) → [false, false, false]
+980      */
+981     this.newFalseArray = function(nLength) {
+982         var a = new Array(nLength);
+983         for (var i = 0; i < nLength; i++) {
+984             a[i] = false;
 985         }
-986     }
-987 };
-988 YAHOO.lang.extend(KJUR.asn1.DERBitString, KJUR.asn1.ASN1Object);
-989 
-990 // ********************************************************************
-991 /**
-992  * class for ASN.1 DER OctetString<br/>
-993  * @name KJUR.asn1.DEROctetString
-994  * @class class for ASN.1 DER OctetString
-995  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-996  * @extends KJUR.asn1.DERAbstractString
-997  * @description
-998  * This class provides ASN.1 OctetString simple type.<br/>
-999  * Supported "params" attributes are:
-1000  * <ul>
-1001  * <li>str - to set a string as a value</li>
-1002  * <li>hex - to set a hexadecimal string as a value</li>
-1003  * <li>obj - to set a encapsulated ASN.1 value by JSON object 
-1004  * which is defined in {@link KJUR.asn1.ASN1Util.newObject}</li>
-1005  * </ul>
-1006  * NOTE: A parameter 'obj' have been supported 
-1007  * for "OCTET STRING, encapsulates" structure.
-1008  * since asn1 1.0.11, jsrsasign 6.1.1 (2016-Sep-25).
-1009  * @see KJUR.asn1.DERAbstractString - superclass
-1010  * @example
-1011  * // default constructor
-1012  * o = new KJUR.asn1.DEROctetString();
-1013  * // initialize with string
-1014  * o = new KJUR.asn1.DEROctetString({str: "aaa"});
-1015  * // initialize with hexadecimal string
-1016  * o = new KJUR.asn1.DEROctetString({hex: "616161"});
-1017  * // initialize with ASN1Util.newObject argument 
-1018  * o = new KJUR.asn1.DEROctetString({obj: {seq: [{int: 3}, {prnstr: 'aaa'}]}});
-1019  * // above generates a ASN.1 data like this:
-1020  * // OCTET STRING, encapsulates {
-1021  * //   SEQUENCE {
-1022  * //     INTEGER 3
-1023  * //     PrintableString 'aaa'
-1024  * //     }
-1025  * //   } 
-1026  */
-1027 KJUR.asn1.DEROctetString = function(params) {
-1028     if (params !== undefined && typeof params.obj !== "undefined") {
-1029 	var o = KJUR.asn1.ASN1Util.newObject(params.obj);
-1030 	params.hex = o.getEncodedHex();
-1031     }
-1032     KJUR.asn1.DEROctetString.superclass.constructor.call(this, params);
-1033     this.hT = "04";
-1034 };
-1035 YAHOO.lang.extend(KJUR.asn1.DEROctetString, KJUR.asn1.DERAbstractString);
-1036 
-1037 // ********************************************************************
-1038 /**
-1039  * class for ASN.1 DER Null
-1040  * @name KJUR.asn1.DERNull
-1041  * @class class for ASN.1 DER Null
-1042  * @extends KJUR.asn1.ASN1Object
-1043  * @description
-1044  * @see KJUR.asn1.ASN1Object - superclass
-1045  */
-1046 KJUR.asn1.DERNull = function() {
-1047     KJUR.asn1.DERNull.superclass.constructor.call(this);
-1048     this.hT = "05";
-1049     this.hTLV = "0500";
-1050 };
-1051 YAHOO.lang.extend(KJUR.asn1.DERNull, KJUR.asn1.ASN1Object);
-1052 
-1053 // ********************************************************************
-1054 /**
-1055  * class for ASN.1 DER ObjectIdentifier
-1056  * @name KJUR.asn1.DERObjectIdentifier
-1057  * @class class for ASN.1 DER ObjectIdentifier
-1058  * @param {Array} params associative array of parameters (ex. {'oid': '2.5.4.5'})
+986         return a;
+987     };
+988 
+989     this.getFreshValueHex = function() {
+990         return this.hV;
+991     };
+992 
+993     if (typeof params != "undefined") {
+994         if (typeof params == "string" && params.toLowerCase().match(/^[0-9a-f]+$/)) {
+995             this.setHexValueIncludingUnusedBits(params);
+996         } else if (typeof params['hex'] != "undefined") {
+997             this.setHexValueIncludingUnusedBits(params['hex']);
+998         } else if (typeof params['bin'] != "undefined") {
+999             this.setByBinaryString(params['bin']);
+1000         } else if (typeof params['array'] != "undefined") {
+1001             this.setByBooleanArray(params['array']);
+1002         }
+1003     }
+1004 };
+1005 YAHOO.lang.extend(KJUR.asn1.DERBitString, KJUR.asn1.ASN1Object);
+1006 
+1007 // ********************************************************************
+1008 /**
+1009  * class for ASN.1 DER OctetString<br/>
+1010  * @name KJUR.asn1.DEROctetString
+1011  * @class class for ASN.1 DER OctetString
+1012  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1013  * @extends KJUR.asn1.DERAbstractString
+1014  * @description
+1015  * This class provides ASN.1 OctetString simple type.<br/>
+1016  * Supported "params" attributes are:
+1017  * <ul>
+1018  * <li>str - to set a string as a value</li>
+1019  * <li>hex - to set a hexadecimal string as a value</li>
+1020  * <li>obj - to set a encapsulated ASN.1 value by JSON object 
+1021  * which is defined in {@link KJUR.asn1.ASN1Util.newObject}</li>
+1022  * </ul>
+1023  * NOTE: A parameter 'obj' have been supported 
+1024  * for "OCTET STRING, encapsulates" structure.
+1025  * since asn1 1.0.11, jsrsasign 6.1.1 (2016-Sep-25).
+1026  * @see KJUR.asn1.DERAbstractString - superclass
+1027  * @example
+1028  * // default constructor
+1029  * o = new KJUR.asn1.DEROctetString();
+1030  * // initialize with string
+1031  * o = new KJUR.asn1.DEROctetString({str: "aaa"});
+1032  * // initialize with hexadecimal string
+1033  * o = new KJUR.asn1.DEROctetString({hex: "616161"});
+1034  * // initialize with ASN1Util.newObject argument 
+1035  * o = new KJUR.asn1.DEROctetString({obj: {seq: [{int: 3}, {prnstr: 'aaa'}]}});
+1036  * // above generates a ASN.1 data like this:
+1037  * // OCTET STRING, encapsulates {
+1038  * //   SEQUENCE {
+1039  * //     INTEGER 3
+1040  * //     PrintableString 'aaa'
+1041  * //     }
+1042  * //   } 
+1043  */
+1044 KJUR.asn1.DEROctetString = function(params) {
+1045     if (params !== undefined && typeof params.obj !== "undefined") {
+1046 	var o = KJUR.asn1.ASN1Util.newObject(params.obj);
+1047 	params.hex = o.getEncodedHex();
+1048     }
+1049     KJUR.asn1.DEROctetString.superclass.constructor.call(this, params);
+1050     this.hT = "04";
+1051 };
+1052 YAHOO.lang.extend(KJUR.asn1.DEROctetString, KJUR.asn1.DERAbstractString);
+1053 
+1054 // ********************************************************************
+1055 /**
+1056  * class for ASN.1 DER Null
+1057  * @name KJUR.asn1.DERNull
+1058  * @class class for ASN.1 DER Null
 1059  * @extends KJUR.asn1.ASN1Object
 1060  * @description
-1061  * <br/>
-1062  * As for argument 'params' for constructor, you can specify one of
-1063  * following properties:
-1064  * <ul>
-1065  * <li>oid - specify initial ASN.1 value(V) by a oid string (ex. 2.5.4.13)</li>
-1066  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
-1067  * </ul>
-1068  * NOTE: 'params' can be omitted.
-1069  */
-1070 KJUR.asn1.DERObjectIdentifier = function(params) {
-1071     var itox = function(i) {
-1072         var h = i.toString(16);
-1073         if (h.length == 1) h = '0' + h;
-1074         return h;
-1075     };
-1076     var roidtox = function(roid) {
-1077         var h = '';
-1078         var bi = new BigInteger(roid, 10);
-1079         var b = bi.toString(2);
-1080         var padLen = 7 - b.length % 7;
-1081         if (padLen == 7) padLen = 0;
-1082         var bPad = '';
-1083         for (var i = 0; i < padLen; i++) bPad += '0';
-1084         b = bPad + b;
-1085         for (var i = 0; i < b.length - 1; i += 7) {
-1086             var b8 = b.substr(i, 7);
-1087             if (i != b.length - 7) b8 = '1' + b8;
-1088             h += itox(parseInt(b8, 2));
-1089         }
-1090         return h;
-1091     }
-1092 
-1093     KJUR.asn1.DERObjectIdentifier.superclass.constructor.call(this);
-1094     this.hT = "06";
-1095 
-1096     /**
-1097      * set value by a hexadecimal string
-1098      * @name setValueHex
-1099      * @memberOf KJUR.asn1.DERObjectIdentifier#
-1100      * @function
-1101      * @param {String} newHexString hexadecimal value of OID bytes
-1102      */
-1103     this.setValueHex = function(newHexString) {
-1104         this.hTLV = null;
-1105         this.isModified = true;
-1106         this.s = null;
-1107         this.hV = newHexString;
-1108     };
+1061  * @see KJUR.asn1.ASN1Object - superclass
+1062  */
+1063 KJUR.asn1.DERNull = function() {
+1064     KJUR.asn1.DERNull.superclass.constructor.call(this);
+1065     this.hT = "05";
+1066     this.hTLV = "0500";
+1067 };
+1068 YAHOO.lang.extend(KJUR.asn1.DERNull, KJUR.asn1.ASN1Object);
+1069 
+1070 // ********************************************************************
+1071 /**
+1072  * class for ASN.1 DER ObjectIdentifier
+1073  * @name KJUR.asn1.DERObjectIdentifier
+1074  * @class class for ASN.1 DER ObjectIdentifier
+1075  * @param {Array} params associative array of parameters (ex. {'oid': '2.5.4.5'})
+1076  * @extends KJUR.asn1.ASN1Object
+1077  * @description
+1078  * <br/>
+1079  * As for argument 'params' for constructor, you can specify one of
+1080  * following properties:
+1081  * <ul>
+1082  * <li>oid - specify initial ASN.1 value(V) by a oid string (ex. 2.5.4.13)</li>
+1083  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
+1084  * </ul>
+1085  * NOTE: 'params' can be omitted.
+1086  */
+1087 KJUR.asn1.DERObjectIdentifier = function(params) {
+1088     var itox = function(i) {
+1089         var h = i.toString(16);
+1090         if (h.length == 1) h = '0' + h;
+1091         return h;
+1092     };
+1093     var roidtox = function(roid) {
+1094         var h = '';
+1095         var bi = new BigInteger(roid, 10);
+1096         var b = bi.toString(2);
+1097         var padLen = 7 - b.length % 7;
+1098         if (padLen == 7) padLen = 0;
+1099         var bPad = '';
+1100         for (var i = 0; i < padLen; i++) bPad += '0';
+1101         b = bPad + b;
+1102         for (var i = 0; i < b.length - 1; i += 7) {
+1103             var b8 = b.substr(i, 7);
+1104             if (i != b.length - 7) b8 = '1' + b8;
+1105             h += itox(parseInt(b8, 2));
+1106         }
+1107         return h;
+1108     }
 1109 
-1110     /**
-1111      * set value by a OID string<br/>
-1112      * @name setValueOidString
-1113      * @memberOf KJUR.asn1.DERObjectIdentifier#
-1114      * @function
-1115      * @param {String} oidString OID string (ex. 2.5.4.13)
-1116      * @example
-1117      * o = new KJUR.asn1.DERObjectIdentifier();
-1118      * o.setValueOidString("2.5.4.13");
+1110     KJUR.asn1.DERObjectIdentifier.superclass.constructor.call(this);
+1111     this.hT = "06";
+1112 
+1113     /**
+1114      * set value by a hexadecimal string
+1115      * @name setValueHex
+1116      * @memberOf KJUR.asn1.DERObjectIdentifier#
+1117      * @function
+1118      * @param {String} newHexString hexadecimal value of OID bytes
 1119      */
-1120     this.setValueOidString = function(oidString) {
-1121         if (! oidString.match(/^[0-9.]+$/)) {
-1122             throw "malformed oid string: " + oidString;
-1123         }
-1124         var h = '';
-1125         var a = oidString.split('.');
-1126         var i0 = parseInt(a[0]) * 40 + parseInt(a[1]);
-1127         h += itox(i0);
-1128         a.splice(0, 2);
-1129         for (var i = 0; i < a.length; i++) {
-1130             h += roidtox(a[i]);
-1131         }
-1132         this.hTLV = null;
-1133         this.isModified = true;
-1134         this.s = null;
-1135         this.hV = h;
-1136     };
-1137 
-1138     /**
-1139      * set value by a OID name
-1140      * @name setValueName
-1141      * @memberOf KJUR.asn1.DERObjectIdentifier#
-1142      * @function
-1143      * @param {String} oidName OID name (ex. 'serverAuth')
-1144      * @since 1.0.1
-1145      * @description
-1146      * OID name shall be defined in 'KJUR.asn1.x509.OID.name2oidList'.
-1147      * Otherwise raise error.
-1148      * @example
-1149      * o = new KJUR.asn1.DERObjectIdentifier();
-1150      * o.setValueName("serverAuth");
-1151      */
-1152     this.setValueName = function(oidName) {
-1153 	var oid = KJUR.asn1.x509.OID.name2oid(oidName);
-1154 	if (oid !== '') {
-1155             this.setValueOidString(oid);
-1156         } else {
-1157             throw "DERObjectIdentifier oidName undefined: " + oidName;
-1158         }
-1159     };
-1160 
-1161     this.getFreshValueHex = function() {
-1162         return this.hV;
-1163     };
-1164 
-1165     if (params !== undefined) {
-1166         if (typeof params === "string") {
-1167 	    if (params.match(/^[0-2].[0-9.]+$/)) {
-1168 		this.setValueOidString(params);
-1169 	    } else {
-1170 		this.setValueName(params);
-1171 	    }
-1172         } else if (params.oid !== undefined) {
-1173             this.setValueOidString(params.oid);
-1174         } else if (params.hex !== undefined) {
-1175             this.setValueHex(params.hex);
-1176         } else if (params.name !== undefined) {
-1177             this.setValueName(params.name);
-1178         }
-1179     }
-1180 };
-1181 YAHOO.lang.extend(KJUR.asn1.DERObjectIdentifier, KJUR.asn1.ASN1Object);
-1182 
-1183 // ********************************************************************
-1184 /**
-1185  * class for ASN.1 DER Enumerated
-1186  * @name KJUR.asn1.DEREnumerated
-1187  * @class class for ASN.1 DER Enumerated
-1188  * @extends KJUR.asn1.ASN1Object
-1189  * @description
-1190  * <br/>
-1191  * As for argument 'params' for constructor, you can specify one of
-1192  * following properties:
-1193  * <ul>
-1194  * <li>int - specify initial ASN.1 value(V) by integer value</li>
-1195  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
-1196  * </ul>
-1197  * NOTE: 'params' can be omitted.
-1198  * @example
-1199  * new KJUR.asn1.DEREnumerated(123);
-1200  * new KJUR.asn1.DEREnumerated({int: 123});
-1201  * new KJUR.asn1.DEREnumerated({hex: '1fad'});
-1202  */
-1203 KJUR.asn1.DEREnumerated = function(params) {
-1204     KJUR.asn1.DEREnumerated.superclass.constructor.call(this);
-1205     this.hT = "0a";
-1206 
-1207     /**
-1208      * set value by Tom Wu's BigInteger object
-1209      * @name setByBigInteger
-1210      * @memberOf KJUR.asn1.DEREnumerated#
-1211      * @function
-1212      * @param {BigInteger} bigIntegerValue to set
-1213      */
-1214     this.setByBigInteger = function(bigIntegerValue) {
-1215         this.hTLV = null;
-1216         this.isModified = true;
-1217         this.hV = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(bigIntegerValue);
-1218     };
-1219 
-1220     /**
-1221      * set value by integer value
-1222      * @name setByInteger
-1223      * @memberOf KJUR.asn1.DEREnumerated#
-1224      * @function
-1225      * @param {Integer} integer value to set
-1226      */
-1227     this.setByInteger = function(intValue) {
-1228         var bi = new BigInteger(String(intValue), 10);
-1229         this.setByBigInteger(bi);
-1230     };
-1231 
-1232     /**
-1233      * set value by integer value
-1234      * @name setValueHex
-1235      * @memberOf KJUR.asn1.DEREnumerated#
-1236      * @function
-1237      * @param {String} hexadecimal string of integer value
-1238      * @description
-1239      * <br/>
-1240      * NOTE: Value shall be represented by minimum octet length of
-1241      * two's complement representation.
-1242      */
-1243     this.setValueHex = function(newHexString) {
-1244         this.hV = newHexString;
-1245     };
-1246 
-1247     this.getFreshValueHex = function() {
-1248         return this.hV;
-1249     };
-1250 
-1251     if (typeof params != "undefined") {
-1252         if (typeof params['int'] != "undefined") {
-1253             this.setByInteger(params['int']);
-1254         } else if (typeof params == "number") {
-1255             this.setByInteger(params);
-1256         } else if (typeof params['hex'] != "undefined") {
-1257             this.setValueHex(params['hex']);
-1258         }
-1259     }
-1260 };
-1261 YAHOO.lang.extend(KJUR.asn1.DEREnumerated, KJUR.asn1.ASN1Object);
-1262 
-1263 // ********************************************************************
-1264 /**
-1265  * class for ASN.1 DER UTF8String
-1266  * @name KJUR.asn1.DERUTF8String
-1267  * @class class for ASN.1 DER UTF8String
-1268  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1269  * @extends KJUR.asn1.DERAbstractString
-1270  * @description
-1271  * @see KJUR.asn1.DERAbstractString - superclass
-1272  */
-1273 KJUR.asn1.DERUTF8String = function(params) {
-1274     KJUR.asn1.DERUTF8String.superclass.constructor.call(this, params);
-1275     this.hT = "0c";
-1276 };
-1277 YAHOO.lang.extend(KJUR.asn1.DERUTF8String, KJUR.asn1.DERAbstractString);
-1278 
-1279 // ********************************************************************
-1280 /**
-1281  * class for ASN.1 DER NumericString
-1282  * @name KJUR.asn1.DERNumericString
-1283  * @class class for ASN.1 DER NumericString
-1284  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1285  * @extends KJUR.asn1.DERAbstractString
-1286  * @description
-1287  * @see KJUR.asn1.DERAbstractString - superclass
-1288  */
-1289 KJUR.asn1.DERNumericString = function(params) {
-1290     KJUR.asn1.DERNumericString.superclass.constructor.call(this, params);
-1291     this.hT = "12";
-1292 };
-1293 YAHOO.lang.extend(KJUR.asn1.DERNumericString, KJUR.asn1.DERAbstractString);
-1294 
-1295 // ********************************************************************
-1296 /**
-1297  * class for ASN.1 DER PrintableString
-1298  * @name KJUR.asn1.DERPrintableString
-1299  * @class class for ASN.1 DER PrintableString
-1300  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1301  * @extends KJUR.asn1.DERAbstractString
-1302  * @description
-1303  * @see KJUR.asn1.DERAbstractString - superclass
-1304  */
-1305 KJUR.asn1.DERPrintableString = function(params) {
-1306     KJUR.asn1.DERPrintableString.superclass.constructor.call(this, params);
-1307     this.hT = "13";
-1308 };
-1309 YAHOO.lang.extend(KJUR.asn1.DERPrintableString, KJUR.asn1.DERAbstractString);
-1310 
-1311 // ********************************************************************
-1312 /**
-1313  * class for ASN.1 DER TeletexString
-1314  * @name KJUR.asn1.DERTeletexString
-1315  * @class class for ASN.1 DER TeletexString
-1316  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1317  * @extends KJUR.asn1.DERAbstractString
-1318  * @description
-1319  * @see KJUR.asn1.DERAbstractString - superclass
-1320  */
-1321 KJUR.asn1.DERTeletexString = function(params) {
-1322     KJUR.asn1.DERTeletexString.superclass.constructor.call(this, params);
-1323     this.hT = "14";
-1324 };
-1325 YAHOO.lang.extend(KJUR.asn1.DERTeletexString, KJUR.asn1.DERAbstractString);
-1326 
-1327 // ********************************************************************
-1328 /**
-1329  * class for ASN.1 DER IA5String
-1330  * @name KJUR.asn1.DERIA5String
-1331  * @class class for ASN.1 DER IA5String
-1332  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1333  * @extends KJUR.asn1.DERAbstractString
-1334  * @description
-1335  * @see KJUR.asn1.DERAbstractString - superclass
-1336  */
-1337 KJUR.asn1.DERIA5String = function(params) {
-1338     KJUR.asn1.DERIA5String.superclass.constructor.call(this, params);
-1339     this.hT = "16";
-1340 };
-1341 YAHOO.lang.extend(KJUR.asn1.DERIA5String, KJUR.asn1.DERAbstractString);
-1342 
-1343 // ********************************************************************
-1344 /**
-1345  * class for ASN.1 DER UTCTime
-1346  * @name KJUR.asn1.DERUTCTime
-1347  * @class class for ASN.1 DER UTCTime
-1348  * @param {Array} params associative array of parameters (ex. {'str': '130430235959Z'})
-1349  * @extends KJUR.asn1.DERAbstractTime
-1350  * @description
-1351  * <br/>
-1352  * As for argument 'params' for constructor, you can specify one of
-1353  * following properties:
-1354  * <ul>
-1355  * <li>str - specify initial ASN.1 value(V) by a string (ex.'130430235959Z')</li>
-1356  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
-1357  * <li>date - specify Date object.</li>
-1358  * </ul>
-1359  * NOTE: 'params' can be omitted.
-1360  * <h4>EXAMPLES</h4>
-1361  * @example
-1362  * d1 = new KJUR.asn1.DERUTCTime();
-1363  * d1.setString('130430125959Z');
-1364  *
-1365  * d2 = new KJUR.asn1.DERUTCTime({'str': '130430125959Z'});
-1366  * d3 = new KJUR.asn1.DERUTCTime({'date': new Date(Date.UTC(2015, 0, 31, 0, 0, 0, 0))});
-1367  * d4 = new KJUR.asn1.DERUTCTime('130430125959Z');
-1368  */
-1369 KJUR.asn1.DERUTCTime = function(params) {
-1370     KJUR.asn1.DERUTCTime.superclass.constructor.call(this, params);
-1371     this.hT = "17";
-1372 
-1373     /**
-1374      * set value by a Date object<br/>
-1375      * @name setByDate
-1376      * @memberOf KJUR.asn1.DERUTCTime#
-1377      * @function
-1378      * @param {Date} dateObject Date object to set ASN.1 value(V)
-1379      * @example
-1380      * o = new KJUR.asn1.DERUTCTime();
-1381      * o.setByDate(new Date("2016/12/31"));
-1382      */
-1383     this.setByDate = function(dateObject) {
-1384         this.hTLV = null;
-1385         this.isModified = true;
-1386         this.date = dateObject;
-1387         this.s = this.formatDate(this.date, 'utc');
-1388         this.hV = stohex(this.s);
-1389     };
-1390 
-1391     this.getFreshValueHex = function() {
-1392         if (typeof this.date == "undefined" && typeof this.s == "undefined") {
-1393             this.date = new Date();
-1394             this.s = this.formatDate(this.date, 'utc');
-1395             this.hV = stohex(this.s);
-1396         }
-1397         return this.hV;
-1398     };
-1399 
-1400     if (params !== undefined) {
-1401         if (params.str !== undefined) {
-1402             this.setString(params.str);
-1403         } else if (typeof params == "string" && params.match(/^[0-9]{12}Z$/)) {
-1404             this.setString(params);
-1405         } else if (params.hex !== undefined) {
-1406             this.setStringHex(params.hex);
-1407         } else if (params.date !== undefined) {
-1408             this.setByDate(params.date);
-1409         }
-1410     }
-1411 };
-1412 YAHOO.lang.extend(KJUR.asn1.DERUTCTime, KJUR.asn1.DERAbstractTime);
-1413 
-1414 // ********************************************************************
-1415 /**
-1416  * class for ASN.1 DER GeneralizedTime
-1417  * @name KJUR.asn1.DERGeneralizedTime
-1418  * @class class for ASN.1 DER GeneralizedTime
-1419  * @param {Array} params associative array of parameters (ex. {'str': '20130430235959Z'})
-1420  * @property {Boolean} withMillis flag to show milliseconds or not
-1421  * @extends KJUR.asn1.DERAbstractTime
-1422  * @description
-1423  * <br/>
-1424  * As for argument 'params' for constructor, you can specify one of
-1425  * following properties:
-1426  * <ul>
-1427  * <li>str - specify initial ASN.1 value(V) by a string (ex.'20130430235959Z')</li>
-1428  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
-1429  * <li>date - specify Date object.</li>
-1430  * <li>millis - specify flag to show milliseconds (from 1.0.6)</li>
-1431  * </ul>
-1432  * NOTE1: 'params' can be omitted.
-1433  * NOTE2: 'withMillis' property is supported from asn1 1.0.6.
-1434  */
-1435 KJUR.asn1.DERGeneralizedTime = function(params) {
-1436     KJUR.asn1.DERGeneralizedTime.superclass.constructor.call(this, params);
-1437     this.hT = "18";
-1438     this.withMillis = false;
-1439 
-1440     /**
-1441      * set value by a Date object
-1442      * @name setByDate
-1443      * @memberOf KJUR.asn1.DERGeneralizedTime#
-1444      * @function
-1445      * @param {Date} dateObject Date object to set ASN.1 value(V)
-1446      * @example
-1447      * When you specify UTC time, use 'Date.UTC' method like this:<br/>
-1448      * o1 = new DERUTCTime();
-1449      * o1.setByDate(date);
-1450      *
-1451      * date = new Date(Date.UTC(2015, 0, 31, 23, 59, 59, 0)); #2015JAN31 23:59:59
-1452      */
-1453     this.setByDate = function(dateObject) {
-1454         this.hTLV = null;
-1455         this.isModified = true;
-1456         this.date = dateObject;
-1457         this.s = this.formatDate(this.date, 'gen', this.withMillis);
-1458         this.hV = stohex(this.s);
-1459     };
-1460 
-1461     this.getFreshValueHex = function() {
-1462         if (this.date === undefined && this.s === undefined) {
-1463             this.date = new Date();
-1464             this.s = this.formatDate(this.date, 'gen', this.withMillis);
-1465             this.hV = stohex(this.s);
-1466         }
-1467         return this.hV;
-1468     };
-1469 
-1470     if (params !== undefined) {
-1471         if (params.str !== undefined) {
-1472             this.setString(params.str);
-1473         } else if (typeof params == "string" && params.match(/^[0-9]{14}Z$/)) {
-1474             this.setString(params);
-1475         } else if (params.hex !== undefined) {
-1476             this.setStringHex(params.hex);
-1477         } else if (params.date !== undefined) {
-1478             this.setByDate(params.date);
-1479         }
-1480         if (params.millis === true) {
-1481             this.withMillis = true;
-1482         }
-1483     }
-1484 };
-1485 YAHOO.lang.extend(KJUR.asn1.DERGeneralizedTime, KJUR.asn1.DERAbstractTime);
+1120     this.setValueHex = function(newHexString) {
+1121         this.hTLV = null;
+1122         this.isModified = true;
+1123         this.s = null;
+1124         this.hV = newHexString;
+1125     };
+1126 
+1127     /**
+1128      * set value by a OID string<br/>
+1129      * @name setValueOidString
+1130      * @memberOf KJUR.asn1.DERObjectIdentifier#
+1131      * @function
+1132      * @param {String} oidString OID string (ex. 2.5.4.13)
+1133      * @example
+1134      * o = new KJUR.asn1.DERObjectIdentifier();
+1135      * o.setValueOidString("2.5.4.13");
+1136      */
+1137     this.setValueOidString = function(oidString) {
+1138         if (! oidString.match(/^[0-9.]+$/)) {
+1139             throw "malformed oid string: " + oidString;
+1140         }
+1141         var h = '';
+1142         var a = oidString.split('.');
+1143         var i0 = parseInt(a[0]) * 40 + parseInt(a[1]);
+1144         h += itox(i0);
+1145         a.splice(0, 2);
+1146         for (var i = 0; i < a.length; i++) {
+1147             h += roidtox(a[i]);
+1148         }
+1149         this.hTLV = null;
+1150         this.isModified = true;
+1151         this.s = null;
+1152         this.hV = h;
+1153     };
+1154 
+1155     /**
+1156      * set value by a OID name
+1157      * @name setValueName
+1158      * @memberOf KJUR.asn1.DERObjectIdentifier#
+1159      * @function
+1160      * @param {String} oidName OID name (ex. 'serverAuth')
+1161      * @since 1.0.1
+1162      * @description
+1163      * OID name shall be defined in 'KJUR.asn1.x509.OID.name2oidList'.
+1164      * Otherwise raise error.
+1165      * @example
+1166      * o = new KJUR.asn1.DERObjectIdentifier();
+1167      * o.setValueName("serverAuth");
+1168      */
+1169     this.setValueName = function(oidName) {
+1170 	var oid = KJUR.asn1.x509.OID.name2oid(oidName);
+1171 	if (oid !== '') {
+1172             this.setValueOidString(oid);
+1173         } else {
+1174             throw "DERObjectIdentifier oidName undefined: " + oidName;
+1175         }
+1176     };
+1177 
+1178     this.getFreshValueHex = function() {
+1179         return this.hV;
+1180     };
+1181 
+1182     if (params !== undefined) {
+1183         if (typeof params === "string") {
+1184 	    if (params.match(/^[0-2].[0-9.]+$/)) {
+1185 		this.setValueOidString(params);
+1186 	    } else {
+1187 		this.setValueName(params);
+1188 	    }
+1189         } else if (params.oid !== undefined) {
+1190             this.setValueOidString(params.oid);
+1191         } else if (params.hex !== undefined) {
+1192             this.setValueHex(params.hex);
+1193         } else if (params.name !== undefined) {
+1194             this.setValueName(params.name);
+1195         }
+1196     }
+1197 };
+1198 YAHOO.lang.extend(KJUR.asn1.DERObjectIdentifier, KJUR.asn1.ASN1Object);
+1199 
+1200 // ********************************************************************
+1201 /**
+1202  * class for ASN.1 DER Enumerated
+1203  * @name KJUR.asn1.DEREnumerated
+1204  * @class class for ASN.1 DER Enumerated
+1205  * @extends KJUR.asn1.ASN1Object
+1206  * @description
+1207  * <br/>
+1208  * As for argument 'params' for constructor, you can specify one of
+1209  * following properties:
+1210  * <ul>
+1211  * <li>int - specify initial ASN.1 value(V) by integer value</li>
+1212  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
+1213  * </ul>
+1214  * NOTE: 'params' can be omitted.
+1215  * @example
+1216  * new KJUR.asn1.DEREnumerated(123);
+1217  * new KJUR.asn1.DEREnumerated({int: 123});
+1218  * new KJUR.asn1.DEREnumerated({hex: '1fad'});
+1219  */
+1220 KJUR.asn1.DEREnumerated = function(params) {
+1221     KJUR.asn1.DEREnumerated.superclass.constructor.call(this);
+1222     this.hT = "0a";
+1223 
+1224     /**
+1225      * set value by Tom Wu's BigInteger object
+1226      * @name setByBigInteger
+1227      * @memberOf KJUR.asn1.DEREnumerated#
+1228      * @function
+1229      * @param {BigInteger} bigIntegerValue to set
+1230      */
+1231     this.setByBigInteger = function(bigIntegerValue) {
+1232         this.hTLV = null;
+1233         this.isModified = true;
+1234         this.hV = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(bigIntegerValue);
+1235     };
+1236 
+1237     /**
+1238      * set value by integer value
+1239      * @name setByInteger
+1240      * @memberOf KJUR.asn1.DEREnumerated#
+1241      * @function
+1242      * @param {Integer} integer value to set
+1243      */
+1244     this.setByInteger = function(intValue) {
+1245         var bi = new BigInteger(String(intValue), 10);
+1246         this.setByBigInteger(bi);
+1247     };
+1248 
+1249     /**
+1250      * set value by integer value
+1251      * @name setValueHex
+1252      * @memberOf KJUR.asn1.DEREnumerated#
+1253      * @function
+1254      * @param {String} hexadecimal string of integer value
+1255      * @description
+1256      * <br/>
+1257      * NOTE: Value shall be represented by minimum octet length of
+1258      * two's complement representation.
+1259      */
+1260     this.setValueHex = function(newHexString) {
+1261         this.hV = newHexString;
+1262     };
+1263 
+1264     this.getFreshValueHex = function() {
+1265         return this.hV;
+1266     };
+1267 
+1268     if (typeof params != "undefined") {
+1269         if (typeof params['int'] != "undefined") {
+1270             this.setByInteger(params['int']);
+1271         } else if (typeof params == "number") {
+1272             this.setByInteger(params);
+1273         } else if (typeof params['hex'] != "undefined") {
+1274             this.setValueHex(params['hex']);
+1275         }
+1276     }
+1277 };
+1278 YAHOO.lang.extend(KJUR.asn1.DEREnumerated, KJUR.asn1.ASN1Object);
+1279 
+1280 // ********************************************************************
+1281 /**
+1282  * class for ASN.1 DER UTF8String
+1283  * @name KJUR.asn1.DERUTF8String
+1284  * @class class for ASN.1 DER UTF8String
+1285  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1286  * @extends KJUR.asn1.DERAbstractString
+1287  * @description
+1288  * @see KJUR.asn1.DERAbstractString - superclass
+1289  */
+1290 KJUR.asn1.DERUTF8String = function(params) {
+1291     KJUR.asn1.DERUTF8String.superclass.constructor.call(this, params);
+1292     this.hT = "0c";
+1293 };
+1294 YAHOO.lang.extend(KJUR.asn1.DERUTF8String, KJUR.asn1.DERAbstractString);
+1295 
+1296 // ********************************************************************
+1297 /**
+1298  * class for ASN.1 DER NumericString
+1299  * @name KJUR.asn1.DERNumericString
+1300  * @class class for ASN.1 DER NumericString
+1301  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1302  * @extends KJUR.asn1.DERAbstractString
+1303  * @description
+1304  * @see KJUR.asn1.DERAbstractString - superclass
+1305  */
+1306 KJUR.asn1.DERNumericString = function(params) {
+1307     KJUR.asn1.DERNumericString.superclass.constructor.call(this, params);
+1308     this.hT = "12";
+1309 };
+1310 YAHOO.lang.extend(KJUR.asn1.DERNumericString, KJUR.asn1.DERAbstractString);
+1311 
+1312 // ********************************************************************
+1313 /**
+1314  * class for ASN.1 DER PrintableString
+1315  * @name KJUR.asn1.DERPrintableString
+1316  * @class class for ASN.1 DER PrintableString
+1317  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1318  * @extends KJUR.asn1.DERAbstractString
+1319  * @description
+1320  * @see KJUR.asn1.DERAbstractString - superclass
+1321  */
+1322 KJUR.asn1.DERPrintableString = function(params) {
+1323     KJUR.asn1.DERPrintableString.superclass.constructor.call(this, params);
+1324     this.hT = "13";
+1325 };
+1326 YAHOO.lang.extend(KJUR.asn1.DERPrintableString, KJUR.asn1.DERAbstractString);
+1327 
+1328 // ********************************************************************
+1329 /**
+1330  * class for ASN.1 DER TeletexString
+1331  * @name KJUR.asn1.DERTeletexString
+1332  * @class class for ASN.1 DER TeletexString
+1333  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1334  * @extends KJUR.asn1.DERAbstractString
+1335  * @description
+1336  * @see KJUR.asn1.DERAbstractString - superclass
+1337  */
+1338 KJUR.asn1.DERTeletexString = function(params) {
+1339     KJUR.asn1.DERTeletexString.superclass.constructor.call(this, params);
+1340     this.hT = "14";
+1341 };
+1342 YAHOO.lang.extend(KJUR.asn1.DERTeletexString, KJUR.asn1.DERAbstractString);
+1343 
+1344 // ********************************************************************
+1345 /**
+1346  * class for ASN.1 DER IA5String
+1347  * @name KJUR.asn1.DERIA5String
+1348  * @class class for ASN.1 DER IA5String
+1349  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1350  * @extends KJUR.asn1.DERAbstractString
+1351  * @description
+1352  * @see KJUR.asn1.DERAbstractString - superclass
+1353  */
+1354 KJUR.asn1.DERIA5String = function(params) {
+1355     KJUR.asn1.DERIA5String.superclass.constructor.call(this, params);
+1356     this.hT = "16";
+1357 };
+1358 YAHOO.lang.extend(KJUR.asn1.DERIA5String, KJUR.asn1.DERAbstractString);
+1359 
+1360 // ********************************************************************
+1361 /**
+1362  * class for ASN.1 DER UTCTime
+1363  * @name KJUR.asn1.DERUTCTime
+1364  * @class class for ASN.1 DER UTCTime
+1365  * @param {Array} params associative array of parameters (ex. {'str': '130430235959Z'})
+1366  * @extends KJUR.asn1.DERAbstractTime
+1367  * @description
+1368  * <br/>
+1369  * As for argument 'params' for constructor, you can specify one of
+1370  * following properties:
+1371  * <ul>
+1372  * <li>str - specify initial ASN.1 value(V) by a string (ex.'130430235959Z')</li>
+1373  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
+1374  * <li>date - specify Date object.</li>
+1375  * </ul>
+1376  * NOTE: 'params' can be omitted.
+1377  * <h4>EXAMPLES</h4>
+1378  * @example
+1379  * d1 = new KJUR.asn1.DERUTCTime();
+1380  * d1.setString('130430125959Z');
+1381  *
+1382  * d2 = new KJUR.asn1.DERUTCTime({'str': '130430125959Z'});
+1383  * d3 = new KJUR.asn1.DERUTCTime({'date': new Date(Date.UTC(2015, 0, 31, 0, 0, 0, 0))});
+1384  * d4 = new KJUR.asn1.DERUTCTime('130430125959Z');
+1385  */
+1386 KJUR.asn1.DERUTCTime = function(params) {
+1387     KJUR.asn1.DERUTCTime.superclass.constructor.call(this, params);
+1388     this.hT = "17";
+1389 
+1390     /**
+1391      * set value by a Date object<br/>
+1392      * @name setByDate
+1393      * @memberOf KJUR.asn1.DERUTCTime#
+1394      * @function
+1395      * @param {Date} dateObject Date object to set ASN.1 value(V)
+1396      * @example
+1397      * o = new KJUR.asn1.DERUTCTime();
+1398      * o.setByDate(new Date("2016/12/31"));
+1399      */
+1400     this.setByDate = function(dateObject) {
+1401         this.hTLV = null;
+1402         this.isModified = true;
+1403         this.date = dateObject;
+1404         this.s = this.formatDate(this.date, 'utc');
+1405         this.hV = stohex(this.s);
+1406     };
+1407 
+1408     this.getFreshValueHex = function() {
+1409         if (typeof this.date == "undefined" && typeof this.s == "undefined") {
+1410             this.date = new Date();
+1411             this.s = this.formatDate(this.date, 'utc');
+1412             this.hV = stohex(this.s);
+1413         }
+1414         return this.hV;
+1415     };
+1416 
+1417     if (params !== undefined) {
+1418         if (params.str !== undefined) {
+1419             this.setString(params.str);
+1420         } else if (typeof params == "string" && params.match(/^[0-9]{12}Z$/)) {
+1421             this.setString(params);
+1422         } else if (params.hex !== undefined) {
+1423             this.setStringHex(params.hex);
+1424         } else if (params.date !== undefined) {
+1425             this.setByDate(params.date);
+1426         }
+1427     }
+1428 };
+1429 YAHOO.lang.extend(KJUR.asn1.DERUTCTime, KJUR.asn1.DERAbstractTime);
+1430 
+1431 // ********************************************************************
+1432 /**
+1433  * class for ASN.1 DER GeneralizedTime
+1434  * @name KJUR.asn1.DERGeneralizedTime
+1435  * @class class for ASN.1 DER GeneralizedTime
+1436  * @param {Array} params associative array of parameters (ex. {'str': '20130430235959Z'})
+1437  * @property {Boolean} withMillis flag to show milliseconds or not
+1438  * @extends KJUR.asn1.DERAbstractTime
+1439  * @description
+1440  * <br/>
+1441  * As for argument 'params' for constructor, you can specify one of
+1442  * following properties:
+1443  * <ul>
+1444  * <li>str - specify initial ASN.1 value(V) by a string (ex.'20130430235959Z')</li>
+1445  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
+1446  * <li>date - specify Date object.</li>
+1447  * <li>millis - specify flag to show milliseconds (from 1.0.6)</li>
+1448  * </ul>
+1449  * NOTE1: 'params' can be omitted.
+1450  * NOTE2: 'withMillis' property is supported from asn1 1.0.6.
+1451  */
+1452 KJUR.asn1.DERGeneralizedTime = function(params) {
+1453     KJUR.asn1.DERGeneralizedTime.superclass.constructor.call(this, params);
+1454     this.hT = "18";
+1455     this.withMillis = false;
+1456 
+1457     /**
+1458      * set value by a Date object
+1459      * @name setByDate
+1460      * @memberOf KJUR.asn1.DERGeneralizedTime#
+1461      * @function
+1462      * @param {Date} dateObject Date object to set ASN.1 value(V)
+1463      * @example
+1464      * When you specify UTC time, use 'Date.UTC' method like this:<br/>
+1465      * o1 = new DERUTCTime();
+1466      * o1.setByDate(date);
+1467      *
+1468      * date = new Date(Date.UTC(2015, 0, 31, 23, 59, 59, 0)); #2015JAN31 23:59:59
+1469      */
+1470     this.setByDate = function(dateObject) {
+1471         this.hTLV = null;
+1472         this.isModified = true;
+1473         this.date = dateObject;
+1474         this.s = this.formatDate(this.date, 'gen', this.withMillis);
+1475         this.hV = stohex(this.s);
+1476     };
+1477 
+1478     this.getFreshValueHex = function() {
+1479         if (this.date === undefined && this.s === undefined) {
+1480             this.date = new Date();
+1481             this.s = this.formatDate(this.date, 'gen', this.withMillis);
+1482             this.hV = stohex(this.s);
+1483         }
+1484         return this.hV;
+1485     };
 1486 
-1487 // ********************************************************************
-1488 /**
-1489  * class for ASN.1 DER Sequence
-1490  * @name KJUR.asn1.DERSequence
-1491  * @class class for ASN.1 DER Sequence
-1492  * @extends KJUR.asn1.DERAbstractStructured
-1493  * @description
-1494  * <br/>
-1495  * As for argument 'params' for constructor, you can specify one of
-1496  * following properties:
-1497  * <ul>
-1498  * <li>array - specify array of ASN1Object to set elements of content</li>
-1499  * </ul>
-1500  * NOTE: 'params' can be omitted.
-1501  */
-1502 KJUR.asn1.DERSequence = function(params) {
-1503     KJUR.asn1.DERSequence.superclass.constructor.call(this, params);
-1504     this.hT = "30";
-1505     this.getFreshValueHex = function() {
-1506         var h = '';
-1507         for (var i = 0; i < this.asn1Array.length; i++) {
-1508             var asn1Obj = this.asn1Array[i];
-1509             h += asn1Obj.getEncodedHex();
-1510         }
-1511         this.hV = h;
-1512         return this.hV;
-1513     };
-1514 };
-1515 YAHOO.lang.extend(KJUR.asn1.DERSequence, KJUR.asn1.DERAbstractStructured);
-1516 
-1517 // ********************************************************************
-1518 /**
-1519  * class for ASN.1 DER Set
-1520  * @name KJUR.asn1.DERSet
-1521  * @class class for ASN.1 DER Set
-1522  * @extends KJUR.asn1.DERAbstractStructured
-1523  * @description
-1524  * <br/>
-1525  * As for argument 'params' for constructor, you can specify one of
-1526  * following properties:
-1527  * <ul>
-1528  * <li>array - specify array of ASN1Object to set elements of content</li>
-1529  * <li>sortflag - flag for sort (default: true). ASN.1 BER is not sorted in 'SET OF'.</li>
-1530  * </ul>
-1531  * NOTE1: 'params' can be omitted.<br/>
-1532  * NOTE2: sortflag is supported since 1.0.5.
-1533  */
-1534 KJUR.asn1.DERSet = function(params) {
-1535     KJUR.asn1.DERSet.superclass.constructor.call(this, params);
-1536     this.hT = "31";
-1537     this.sortFlag = true; // item shall be sorted only in ASN.1 DER
-1538     this.getFreshValueHex = function() {
-1539         var a = new Array();
-1540         for (var i = 0; i < this.asn1Array.length; i++) {
-1541             var asn1Obj = this.asn1Array[i];
-1542             a.push(asn1Obj.getEncodedHex());
-1543         }
-1544         if (this.sortFlag == true) a.sort();
-1545         this.hV = a.join('');
-1546         return this.hV;
-1547     };
-1548 
-1549     if (typeof params != "undefined") {
-1550         if (typeof params.sortflag != "undefined" &&
-1551             params.sortflag == false)
-1552             this.sortFlag = false;
-1553     }
-1554 };
-1555 YAHOO.lang.extend(KJUR.asn1.DERSet, KJUR.asn1.DERAbstractStructured);
-1556 
-1557 // ********************************************************************
-1558 /**
-1559  * class for ASN.1 DER TaggedObject
-1560  * @name KJUR.asn1.DERTaggedObject
-1561  * @class class for ASN.1 DER TaggedObject
-1562  * @extends KJUR.asn1.ASN1Object
-1563  * @description
-1564  * <br/>
-1565  * Parameter 'tagNoNex' is ASN.1 tag(T) value for this object.
-1566  * For example, if you find '[1]' tag in a ASN.1 dump, 
-1567  * 'tagNoHex' will be 'a1'.
-1568  * <br/>
-1569  * As for optional argument 'params' for constructor, you can specify *ANY* of
-1570  * following properties:
-1571  * <ul>
-1572  * <li>explicit - specify true if this is explicit tag otherwise false 
-1573  *     (default is 'true').</li>
-1574  * <li>tag - specify tag (default is 'a0' which means [0])</li>
-1575  * <li>obj - specify ASN1Object which is tagged</li>
-1576  * </ul>
-1577  * @example
-1578  * d1 = new KJUR.asn1.DERUTF8String({'str':'a'});
-1579  * d2 = new KJUR.asn1.DERTaggedObject({'obj': d1});
-1580  * hex = d2.getEncodedHex();
-1581  */
-1582 KJUR.asn1.DERTaggedObject = function(params) {
-1583     KJUR.asn1.DERTaggedObject.superclass.constructor.call(this);
-1584     this.hT = "a0";
-1585     this.hV = '';
-1586     this.isExplicit = true;
-1587     this.asn1Object = null;
-1588 
-1589     /**
-1590      * set value by an ASN1Object
-1591      * @name setString
-1592      * @memberOf KJUR.asn1.DERTaggedObject#
-1593      * @function
-1594      * @param {Boolean} isExplicitFlag flag for explicit/implicit tag
-1595      * @param {Integer} tagNoHex hexadecimal string of ASN.1 tag
-1596      * @param {ASN1Object} asn1Object ASN.1 to encapsulate
-1597      */
-1598     this.setASN1Object = function(isExplicitFlag, tagNoHex, asn1Object) {
-1599         this.hT = tagNoHex;
-1600         this.isExplicit = isExplicitFlag;
-1601         this.asn1Object = asn1Object;
-1602         if (this.isExplicit) {
-1603             this.hV = this.asn1Object.getEncodedHex();
-1604             this.hTLV = null;
-1605             this.isModified = true;
-1606         } else {
-1607             this.hV = null;
-1608             this.hTLV = asn1Object.getEncodedHex();
-1609             this.hTLV = this.hTLV.replace(/^../, tagNoHex);
-1610             this.isModified = false;
-1611         }
-1612     };
-1613 
-1614     this.getFreshValueHex = function() {
-1615         return this.hV;
-1616     };
-1617 
-1618     if (typeof params != "undefined") {
-1619         if (typeof params['tag'] != "undefined") {
-1620             this.hT = params['tag'];
-1621         }
-1622         if (typeof params['explicit'] != "undefined") {
-1623             this.isExplicit = params['explicit'];
-1624         }
-1625         if (typeof params['obj'] != "undefined") {
-1626             this.asn1Object = params['obj'];
-1627             this.setASN1Object(this.isExplicit, this.hT, this.asn1Object);
+1487     if (params !== undefined) {
+1488         if (params.str !== undefined) {
+1489             this.setString(params.str);
+1490         } else if (typeof params == "string" && params.match(/^[0-9]{14}Z$/)) {
+1491             this.setString(params);
+1492         } else if (params.hex !== undefined) {
+1493             this.setStringHex(params.hex);
+1494         } else if (params.date !== undefined) {
+1495             this.setByDate(params.date);
+1496         }
+1497         if (params.millis === true) {
+1498             this.withMillis = true;
+1499         }
+1500     }
+1501 };
+1502 YAHOO.lang.extend(KJUR.asn1.DERGeneralizedTime, KJUR.asn1.DERAbstractTime);
+1503 
+1504 // ********************************************************************
+1505 /**
+1506  * class for ASN.1 DER Sequence
+1507  * @name KJUR.asn1.DERSequence
+1508  * @class class for ASN.1 DER Sequence
+1509  * @extends KJUR.asn1.DERAbstractStructured
+1510  * @description
+1511  * <br/>
+1512  * As for argument 'params' for constructor, you can specify one of
+1513  * following properties:
+1514  * <ul>
+1515  * <li>array - specify array of ASN1Object to set elements of content</li>
+1516  * </ul>
+1517  * NOTE: 'params' can be omitted.
+1518  */
+1519 KJUR.asn1.DERSequence = function(params) {
+1520     KJUR.asn1.DERSequence.superclass.constructor.call(this, params);
+1521     this.hT = "30";
+1522     this.getFreshValueHex = function() {
+1523         var h = '';
+1524         for (var i = 0; i < this.asn1Array.length; i++) {
+1525             var asn1Obj = this.asn1Array[i];
+1526             h += asn1Obj.getEncodedHex();
+1527         }
+1528         this.hV = h;
+1529         return this.hV;
+1530     };
+1531 };
+1532 YAHOO.lang.extend(KJUR.asn1.DERSequence, KJUR.asn1.DERAbstractStructured);
+1533 
+1534 // ********************************************************************
+1535 /**
+1536  * class for ASN.1 DER Set
+1537  * @name KJUR.asn1.DERSet
+1538  * @class class for ASN.1 DER Set
+1539  * @extends KJUR.asn1.DERAbstractStructured
+1540  * @description
+1541  * <br/>
+1542  * As for argument 'params' for constructor, you can specify one of
+1543  * following properties:
+1544  * <ul>
+1545  * <li>array - specify array of ASN1Object to set elements of content</li>
+1546  * <li>sortflag - flag for sort (default: true). ASN.1 BER is not sorted in 'SET OF'.</li>
+1547  * </ul>
+1548  * NOTE1: 'params' can be omitted.<br/>
+1549  * NOTE2: sortflag is supported since 1.0.5.
+1550  */
+1551 KJUR.asn1.DERSet = function(params) {
+1552     KJUR.asn1.DERSet.superclass.constructor.call(this, params);
+1553     this.hT = "31";
+1554     this.sortFlag = true; // item shall be sorted only in ASN.1 DER
+1555     this.getFreshValueHex = function() {
+1556         var a = new Array();
+1557         for (var i = 0; i < this.asn1Array.length; i++) {
+1558             var asn1Obj = this.asn1Array[i];
+1559             a.push(asn1Obj.getEncodedHex());
+1560         }
+1561         if (this.sortFlag == true) a.sort();
+1562         this.hV = a.join('');
+1563         return this.hV;
+1564     };
+1565 
+1566     if (typeof params != "undefined") {
+1567         if (typeof params.sortflag != "undefined" &&
+1568             params.sortflag == false)
+1569             this.sortFlag = false;
+1570     }
+1571 };
+1572 YAHOO.lang.extend(KJUR.asn1.DERSet, KJUR.asn1.DERAbstractStructured);
+1573 
+1574 // ********************************************************************
+1575 /**
+1576  * class for ASN.1 DER TaggedObject
+1577  * @name KJUR.asn1.DERTaggedObject
+1578  * @class class for ASN.1 DER TaggedObject
+1579  * @extends KJUR.asn1.ASN1Object
+1580  * @description
+1581  * <br/>
+1582  * Parameter 'tagNoNex' is ASN.1 tag(T) value for this object.
+1583  * For example, if you find '[1]' tag in a ASN.1 dump, 
+1584  * 'tagNoHex' will be 'a1'.
+1585  * <br/>
+1586  * As for optional argument 'params' for constructor, you can specify *ANY* of
+1587  * following properties:
+1588  * <ul>
+1589  * <li>explicit - specify true if this is explicit tag otherwise false 
+1590  *     (default is 'true').</li>
+1591  * <li>tag - specify tag (default is 'a0' which means [0])</li>
+1592  * <li>obj - specify ASN1Object which is tagged</li>
+1593  * </ul>
+1594  * @example
+1595  * d1 = new KJUR.asn1.DERUTF8String({'str':'a'});
+1596  * d2 = new KJUR.asn1.DERTaggedObject({'obj': d1});
+1597  * hex = d2.getEncodedHex();
+1598  */
+1599 KJUR.asn1.DERTaggedObject = function(params) {
+1600     KJUR.asn1.DERTaggedObject.superclass.constructor.call(this);
+1601     this.hT = "a0";
+1602     this.hV = '';
+1603     this.isExplicit = true;
+1604     this.asn1Object = null;
+1605 
+1606     /**
+1607      * set value by an ASN1Object
+1608      * @name setString
+1609      * @memberOf KJUR.asn1.DERTaggedObject#
+1610      * @function
+1611      * @param {Boolean} isExplicitFlag flag for explicit/implicit tag
+1612      * @param {Integer} tagNoHex hexadecimal string of ASN.1 tag
+1613      * @param {ASN1Object} asn1Object ASN.1 to encapsulate
+1614      */
+1615     this.setASN1Object = function(isExplicitFlag, tagNoHex, asn1Object) {
+1616         this.hT = tagNoHex;
+1617         this.isExplicit = isExplicitFlag;
+1618         this.asn1Object = asn1Object;
+1619         if (this.isExplicit) {
+1620             this.hV = this.asn1Object.getEncodedHex();
+1621             this.hTLV = null;
+1622             this.isModified = true;
+1623         } else {
+1624             this.hV = null;
+1625             this.hTLV = asn1Object.getEncodedHex();
+1626             this.hTLV = this.hTLV.replace(/^../, tagNoHex);
+1627             this.isModified = false;
 1628         }
-1629     }
-1630 };
-1631 YAHOO.lang.extend(KJUR.asn1.DERTaggedObject, KJUR.asn1.ASN1Object);
-1632 
\ No newline at end of file +1629
}; +1630 +1631 this.getFreshValueHex = function() { +1632 return this.hV; +1633 }; +1634 +1635 if (typeof params != "undefined") { +1636 if (typeof params['tag'] != "undefined") { +1637 this.hT = params['tag']; +1638 } +1639 if (typeof params['explicit'] != "undefined") { +1640 this.isExplicit = params['explicit']; +1641 } +1642 if (typeof params['obj'] != "undefined") { +1643 this.asn1Object = params['obj']; +1644 this.setASN1Object(this.isExplicit, this.hT, this.asn1Object); +1645 } +1646 } +1647 }; +1648 YAHOO.lang.extend(KJUR.asn1.DERTaggedObject, KJUR.asn1.ASN1Object); +1649
\ No newline at end of file diff --git a/api/symbols/src/asn1cades-1.0.js.html b/api/symbols/src/asn1cades-1.0.js.html index 9ce3ce94..af90c93b 100644 --- a/api/symbols/src/asn1cades-1.0.js.html +++ b/api/symbols/src/asn1cades-1.0.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
  1 /*! asn1cades-1.0.2.js (c) 2014-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* asn1cades-1.0.3.js (c) 2014-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * asn1cades.js - ASN.1 DER encoder classes for RFC 5126 CAdES long term signature
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1cades-1.0.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 7.2.0 asn1cades 1.0.2 (2017-May-12)
+ 19  * @version jsrsasign 7.2.1 asn1cades 1.0.3 (2017-Jun-03)
  20  * @since jsrsasign 4.7.0
  21  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -254,539 +254,577 @@
 247  *    utf8String       UTF8String     (SIZE (1..200)) }
 248  */
 249 KJUR.asn1.cades.SignaturePolicyIdentifier = function(params) {
-250     KJUR.asn1.cades.SignaturePolicyIdentifier.superclass.constructor.call(this);
-251     this.attrTypeOid = "1.2.840.113549.1.9.16.2.15";
-252     var nA = KJUR.asn1;
-253     var nC = KJUR.asn1.cades;
-254 
-255     if (typeof params != "undefined") {
-256         if (typeof params.oid == "string" &&
-257             typeof params.hash == "object") {
-258             var dOid = new nA.DERObjectIdentifier({oid: params.oid});
-259             var dHash = new nC.OtherHashAlgAndValue(params.hash);
-260             var seq = new nA.DERSequence({array: [dOid, dHash]});
-261             this.valueList = [seq];
-262         }
-263     }
-264 };
-265 YAHOO.lang.extend(KJUR.asn1.cades.SignaturePolicyIdentifier,
-266                   KJUR.asn1.cms.Attribute);
-267 
-268 /**
-269  * class for OtherHashAlgAndValue ASN.1 object
-270  * @name KJUR.asn1.cades.OtherHashAlgAndValue
-271  * @class class for OtherHashAlgAndValue ASN.1 object
-272  * @param {Array} params associative array of parameters
-273  * @extends KJUR.asn1.ASN1Object
-274  * @since jsrsasign 4.7.0 asn1cades 1.0.0
-275  * @description
-276  * <pre>
-277  * OtherHashAlgAndValue ::= SEQUENCE {
-278  *    hashAlgorithm   AlgorithmIdentifier,
-279  *    hashValue       OtherHashValue }
-280  * OtherHashValue ::= OCTET STRING
-281  * </pre>
-282  */
-283 KJUR.asn1.cades.OtherHashAlgAndValue = function(params) {
-284     KJUR.asn1.cades.OtherHashAlgAndValue.superclass.constructor.call(this);
-285     var nA = KJUR.asn1;
-286     var nX = KJUR.asn1.x509;
-287     this.dAlg = null;
-288     this.dHash = null;
-289 
-290     this.getEncodedHex = function() {
-291         var seq = new nA.DERSequence({array: [this.dAlg, this.dHash]});
-292         this.hTLV = seq.getEncodedHex();
-293         return this.hTLV;
-294     };
-295 
-296     if (typeof params != "undefined") {
-297         if (typeof params.alg == "string" &&
-298             typeof params.hash == "string") {
-299             this.dAlg = new nX.AlgorithmIdentifier({name: params.alg});
-300             this.dHash = new nA.DEROctetString({hex: params.hash});
-301         }
-302     }
-303 };
-304 YAHOO.lang.extend(KJUR.asn1.cades.OtherHashAlgAndValue, KJUR.asn1.ASN1Object);
-305 
-306 /**
-307  * class for RFC 5126 CAdES SignatureTimeStamp attribute
-308  * @name KJUR.asn1.cades.SignatureTimeStamp
-309  * @class class for RFC 5126 CAdES SignatureTimeStamp attribute
-310  * @param {Array} params associative array of parameters
-311  * @extends KJUR.asn1.cms.Attribute
-312  * @since jsrsasign 4.7.0 asn1cades 1.0.0
-313  * @description
-314  * <pre>
-315  * id-aa-signatureTimeStampToken OBJECT IDENTIFIER ::=
-316  *    1.2.840.113549.1.9.16.2.14
-317  * SignatureTimeStampToken ::= TimeStampToken
-318  * </pre>
-319  */
-320 KJUR.asn1.cades.SignatureTimeStamp = function(params) {
-321     KJUR.asn1.cades.SignatureTimeStamp.superclass.constructor.call(this);
-322     this.attrTypeOid = "1.2.840.113549.1.9.16.2.14";
-323     this.tstHex = null;
-324     var nA = KJUR.asn1;
-325 
-326     if (typeof params != "undefined") {
-327         if (typeof params.res != "undefined") {
-328             if (typeof params.res == "string" &&
-329                 params.res.match(/^[0-9A-Fa-f]+$/)) {
-330             } else if (params.res instanceof KJUR.asn1.ASN1Object) {
-331             } else {
-332                 throw "res param shall be ASN1Object or hex string";
-333             }
-334         }
-335         if (typeof params.tst != "undefined") {
-336             if (typeof params.tst == "string" &&
-337                 params.tst.match(/^[0-9A-Fa-f]+$/)) {
-338                 var d = new nA.ASN1Object();
-339                 this.tstHex = params.tst;
-340                 d.hTLV = this.tstHex;
-341                 d.getEncodedHex();
-342                 this.valueList = [d];
-343             } else if (params.tst instanceof KJUR.asn1.ASN1Object) {
-344             } else {
-345                 throw "tst param shall be ASN1Object or hex string";
-346             }
-347         }
-348     }
-349 };
-350 YAHOO.lang.extend(KJUR.asn1.cades.SignatureTimeStamp,
-351                   KJUR.asn1.cms.Attribute);
-352 
-353 /**
-354  * class for RFC 5126 CAdES CompleteCertificateRefs attribute
-355  * @name KJUR.asn1.cades.CompleteCertificateRefs
-356  * @class class for RFC 5126 CAdES CompleteCertificateRefs attribute
-357  * @param {Array} params associative array of parameters
-358  * @extends KJUR.asn1.cms.Attribute
-359  * @since jsrsasign 4.7.0 asn1cades 1.0.0
-360  * @description
-361  * <pre>
-362  * id-aa-ets-certificateRefs OBJECT IDENTIFIER = 
-363  *    1.2.840.113549.1.9.16.2.21
-364  * CompleteCertificateRefs ::=  SEQUENCE OF OtherCertID
-365  * </pre>
-366  * @example
-367  * o = new KJUR.asn1.cades.CompleteCertificateRefs([certPEM1,certPEM2]);
-368  */
-369 KJUR.asn1.cades.CompleteCertificateRefs = function(params) {
-370     KJUR.asn1.cades.CompleteCertificateRefs.superclass.constructor.call(this);
-371     this.attrTypeOid = "1.2.840.113549.1.9.16.2.21";
-372     var nA = KJUR.asn1;
-373     var nD = KJUR.asn1.cades;
-374 
-375     /**
-376      * set value by array
-377      * @name setByArray
-378      * @memberOf KJUR.asn1.cades.CompleteCertificateRefs
-379      * @function
-380      * @param {Array} a array of {@link KJUR.asn1.cades.OtherCertID} argument
-381      * @return unspecified
-382      * @description
-383      */
-384     this.setByArray = function(a) {
-385         this.valueList = [];
-386         for (var i = 0; i < a.length; i++) {
-387             var o = new nD.OtherCertID(a[i]);
-388             this.valueList.push(o);
-389         }
-390     };
+250     var _KJUR = KJUR,
+251 	_KJUR_asn1 = _KJUR.asn1,
+252 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
+253 	_DERSequence = _KJUR_asn1.DERSequence,
+254 	_KJUR_asn1_cades = _KJUR_asn1.cades,
+255 	_OtherHashAlgAndValue = _KJUR_asn1_cades.OtherHashAlgAndValue;
+256 	
+257     _KJUR_asn1_cades.SignaturePolicyIdentifier.superclass.constructor.call(this);
+258     this.attrTypeOid = "1.2.840.113549.1.9.16.2.15";
+259 
+260     if (params !== undefined) {
+261         if (typeof params.oid == "string" &&
+262             typeof params.hash == "object") {
+263             var dOid = new _DERObjectIdentifier({oid: params.oid});
+264             var dHash = new _OtherHashAlgAndValue(params.hash);
+265             var seq = new _DERSequence({array: [dOid, dHash]});
+266             this.valueList = [seq];
+267         }
+268     }
+269 };
+270 YAHOO.lang.extend(KJUR.asn1.cades.SignaturePolicyIdentifier,
+271                   KJUR.asn1.cms.Attribute);
+272 
+273 /**
+274  * class for OtherHashAlgAndValue ASN.1 object
+275  * @name KJUR.asn1.cades.OtherHashAlgAndValue
+276  * @class class for OtherHashAlgAndValue ASN.1 object
+277  * @param {Array} params associative array of parameters
+278  * @extends KJUR.asn1.ASN1Object
+279  * @since jsrsasign 4.7.0 asn1cades 1.0.0
+280  * @description
+281  * <pre>
+282  * OtherHashAlgAndValue ::= SEQUENCE {
+283  *    hashAlgorithm   AlgorithmIdentifier,
+284  *    hashValue       OtherHashValue }
+285  * OtherHashValue ::= OCTET STRING
+286  * </pre>
+287  */
+288 KJUR.asn1.cades.OtherHashAlgAndValue = function(params) {
+289     var _KJUR = KJUR,
+290 	_KJUR_asn1 = _KJUR.asn1,
+291 	_DERSequence = _KJUR_asn1.DERSequence,
+292 	_DEROctetString = _KJUR_asn1.DEROctetString,
+293 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+294 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
+295 	_KJUR_asn1_cades = _KJUR_asn1.cades,
+296 	_OtherHashAlgAndValue = _KJUR_asn1_cades.OtherHashAlgAndValue;
+297 
+298     _OtherHashAlgAndValue.superclass.constructor.call(this);
+299 
+300     this.dAlg = null;
+301     this.dHash = null;
+302 
+303     this.getEncodedHex = function() {
+304         var seq = new _DERSequence({array: [this.dAlg, this.dHash]});
+305         this.hTLV = seq.getEncodedHex();
+306         return this.hTLV;
+307     };
+308 
+309     if (params !== undefined) {
+310         if (typeof params.alg == "string" &&
+311             typeof params.hash == "string") {
+312             this.dAlg = new _AlgorithmIdentifier({name: params.alg});
+313             this.dHash = new _DEROctetString({hex: params.hash});
+314         }
+315     }
+316 };
+317 YAHOO.lang.extend(KJUR.asn1.cades.OtherHashAlgAndValue, KJUR.asn1.ASN1Object);
+318 
+319 /**
+320  * class for RFC 5126 CAdES SignatureTimeStamp attribute
+321  * @name KJUR.asn1.cades.SignatureTimeStamp
+322  * @class class for RFC 5126 CAdES SignatureTimeStamp attribute
+323  * @param {Array} params associative array of parameters
+324  * @extends KJUR.asn1.cms.Attribute
+325  * @since jsrsasign 4.7.0 asn1cades 1.0.0
+326  * @description
+327  * <pre>
+328  * id-aa-signatureTimeStampToken OBJECT IDENTIFIER ::=
+329  *    1.2.840.113549.1.9.16.2.14
+330  * SignatureTimeStampToken ::= TimeStampToken
+331  * </pre>
+332  */
+333 KJUR.asn1.cades.SignatureTimeStamp = function(params) {
+334     var _KJUR = KJUR,
+335 	_KJUR_asn1 = _KJUR.asn1,
+336 	_ASN1Object = _KJUR_asn1.ASN1Object,
+337 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+338 	_KJUR_asn1_cades = _KJUR_asn1.cades;
+339 
+340     _KJUR_asn1_cades.SignatureTimeStamp.superclass.constructor.call(this);
+341     this.attrTypeOid = "1.2.840.113549.1.9.16.2.14";
+342     this.tstHex = null;
+343 
+344     if (params !== undefined) {
+345         if (params.res !== undefined) {
+346             if (typeof params.res == "string" &&
+347                 params.res.match(/^[0-9A-Fa-f]+$/)) {
+348             } else if (params.res instanceof _ASN1Object) {
+349             } else {
+350                 throw "res param shall be ASN1Object or hex string";
+351             }
+352         }
+353         if (params.tst !== undefined) {
+354             if (typeof params.tst == "string" &&
+355                 params.tst.match(/^[0-9A-Fa-f]+$/)) {
+356                 var d = new _ASN1Object();
+357                 this.tstHex = params.tst;
+358                 d.hTLV = this.tstHex;
+359                 d.getEncodedHex();
+360                 this.valueList = [d];
+361             } else if (params.tst instanceof _ASN1Object) {
+362             } else {
+363                 throw "tst param shall be ASN1Object or hex string";
+364             }
+365         }
+366     }
+367 };
+368 YAHOO.lang.extend(KJUR.asn1.cades.SignatureTimeStamp,
+369                   KJUR.asn1.cms.Attribute);
+370 
+371 /**
+372  * class for RFC 5126 CAdES CompleteCertificateRefs attribute
+373  * @name KJUR.asn1.cades.CompleteCertificateRefs
+374  * @class class for RFC 5126 CAdES CompleteCertificateRefs attribute
+375  * @param {Array} params associative array of parameters
+376  * @extends KJUR.asn1.cms.Attribute
+377  * @since jsrsasign 4.7.0 asn1cades 1.0.0
+378  * @description
+379  * <pre>
+380  * id-aa-ets-certificateRefs OBJECT IDENTIFIER = 
+381  *    1.2.840.113549.1.9.16.2.21
+382  * CompleteCertificateRefs ::=  SEQUENCE OF OtherCertID
+383  * </pre>
+384  * @example
+385  * o = new KJUR.asn1.cades.CompleteCertificateRefs([certPEM1,certPEM2]);
+386  */
+387 KJUR.asn1.cades.CompleteCertificateRefs = function(params) {
+388     var _KJUR = KJUR,
+389 	_KJUR_asn1 = _KJUR.asn1,
+390 	_KJUR_asn1_cades = _KJUR_asn1.cades;
 391 
-392     if (typeof params != "undefined") {
-393         if (typeof params == "object" &&
-394             typeof params.length == "number") {
-395             this.setByArray(params);
-396         }
-397     }
-398 };
-399 YAHOO.lang.extend(KJUR.asn1.cades.CompleteCertificateRefs,
-400                   KJUR.asn1.cms.Attribute);
-401 
-402 /**
-403  * class for OtherCertID ASN.1 object
-404  * @name KJUR.asn1.cades.OtherCertID
-405  * @class class for OtherCertID ASN.1 object
-406  * @param {Array} params associative array of parameters
-407  * @extends KJUR.asn1.ASN1Object
-408  * @since jsrsasign 4.7.0 asn1cades 1.0.0
-409  * @description
-410  * <pre>
-411  * OtherCertID ::= SEQUENCE {
-412  *    otherCertHash    OtherHash,
-413  *    issuerSerial     IssuerSerial OPTIONAL }
-414  * </pre>
-415  * @example
-416  * o = new KJUR.asn1.cades.OtherCertID(certPEM);
-417  * o = new KJUR.asn1.cades.OtherCertID({cert:certPEM, hasis: false});
-418  */
-419 KJUR.asn1.cades.OtherCertID = function(params) {
-420     KJUR.asn1.cades.OtherCertID.superclass.constructor.call(this);
-421     var nA = KJUR.asn1;
-422     var nC = KJUR.asn1.cms;
-423     var nD = KJUR.asn1.cades;
-424     this.hasIssuerSerial = true;
-425     this.dOtherCertHash = null;
-426     this.dIssuerSerial = null;
-427 
-428     /**
-429      * set value by PEM string of certificate
-430      * @name setByCertPEM
-431      * @memberOf KJUR.asn1.cades.OtherCertID
-432      * @function
-433      * @param {String} certPEM PEM string of certificate
-434      * @return unspecified
-435      * @description
-436      * This method will set value by a PEM string of a certificate.
-437      * This will add IssuerAndSerialNumber by default 
-438      * which depends on hasIssuerSerial flag.
-439      */
-440     this.setByCertPEM = function(certPEM) {
-441         this.dOtherCertHash = new nD.OtherHash(certPEM);
-442         if (this.hasIssuerSerial)
-443             this.dIssuerSerial = new nC.IssuerAndSerialNumber(certPEM);
-444     };
-445 
-446     this.getEncodedHex = function() {
-447         if (this.hTLV != null) return this.hTLV;
-448         if (this.dOtherCertHash == null)
-449             throw "otherCertHash not set";
-450         var a = [this.dOtherCertHash];
-451         if (this.dIssuerSerial != null)
-452             a.push(this.dIssuerSerial);
-453         var seq = new nA.DERSequence({array: a});
-454         this.hTLV = seq.getEncodedHex();
-455         return this.hTLV;
-456     };
-457 
-458     if (typeof params != "undefined") {
-459         if (typeof params == "string" &&
-460             params.indexOf("-----BEGIN ") != -1) {
-461             this.setByCertPEM(params);
-462         }
-463         if (typeof params == "object") {
-464             if (params.hasis === false)
-465                 this.hasIssuerSerial = false;
-466             if (typeof params.cert == "string")
-467                 this.setByCertPEM(params.cert);
-468         }
-469     }
-470 };
-471 YAHOO.lang.extend(KJUR.asn1.cades.OtherCertID, KJUR.asn1.ASN1Object);
-472 
-473 /**
-474  * class for OtherHash ASN.1 object
-475  * @name KJUR.asn1.cades.OtherHash
-476  * @class class for OtherHash ASN.1 object
-477  * @param {Array} params associative array of parameters
-478  * @extends KJUR.asn1.ASN1Object
-479  * @since jsrsasign 4.7.0 asn1cades 1.0.0
-480  * @description
-481  * <pre>
-482  * OtherHash ::= CHOICE {
-483  *    sha1Hash   OtherHashValue,  -- This contains a SHA-1 hash
-484  *    otherHash  OtherHashAlgAndValue}
-485  * OtherHashValue ::= OCTET STRING
-486  * </pre>
-487  * @example
-488  * o = new KJUR.asn1.cades.OtherHash("1234");
-489  * o = new KJUR.asn1.cades.OtherHash(certPEMStr); // default alg=sha256
-490  * o = new KJUR.asn1.cades.OtherHash({alg: 'sha256', hash: '1234'});
-491  * o = new KJUR.asn1.cades.OtherHash({alg: 'sha256', cert: certPEM});
-492  * o = new KJUR.asn1.cades.OtherHash({cert: certPEM});
-493  */
-494 KJUR.asn1.cades.OtherHash = function(params) {
-495     KJUR.asn1.cades.OtherHash.superclass.constructor.call(this);
-496     var nA = KJUR.asn1;
-497     var nD = KJUR.asn1.cades;
-498     this.alg = 'sha256';
-499     this.dOtherHash = null;
-500 
-501     /**
-502      * set value by PEM string of certificate
-503      * @name setByCertPEM
-504      * @memberOf KJUR.asn1.cades.OtherHash
-505      * @function
-506      * @param {String} certPEM PEM string of certificate
-507      * @return unspecified
-508      * @description
-509      * This method will set value by a PEM string of a certificate.
-510      * An algorithm used to hash certificate data will
-511      * be defined by 'alg' property and 'sha256' is default.
-512      */
-513     this.setByCertPEM = function(certPEM) {
-514         if (certPEM.indexOf("-----BEGIN ") == -1)
-515             throw "certPEM not to seem PEM format";
-516         var hex = ASN1HEX.pemToHex(certPEM);
-517         var hash = KJUR.crypto.Util.hashHex(hex, this.alg);
-518         this.dOtherHash = 
-519             new nD.OtherHashAlgAndValue({alg: this.alg, hash: hash});
-520     };
-521 
-522     this.getEncodedHex = function() {
-523         if (this.dOtherHash == null)
-524             throw "OtherHash not set";
-525         return this.dOtherHash.getEncodedHex();
-526     };
+392     _KJUR_asn1_cades.CompleteCertificateRefs.superclass.constructor.call(this);
+393     this.attrTypeOid = "1.2.840.113549.1.9.16.2.21";
+394 
+395     /**
+396      * set value by array
+397      * @name setByArray
+398      * @memberOf KJUR.asn1.cades.CompleteCertificateRefs
+399      * @function
+400      * @param {Array} a array of {@link KJUR.asn1.cades.OtherCertID} argument
+401      * @return unspecified
+402      * @description
+403      */
+404     this.setByArray = function(a) {
+405         this.valueList = [];
+406         for (var i = 0; i < a.length; i++) {
+407             var o = new _KJUR_asn1_cades.OtherCertID(a[i]);
+408             this.valueList.push(o);
+409         }
+410     };
+411 
+412     if (params !== undefined) {
+413         if (typeof params == "object" &&
+414             typeof params.length == "number") {
+415             this.setByArray(params);
+416         }
+417     }
+418 };
+419 YAHOO.lang.extend(KJUR.asn1.cades.CompleteCertificateRefs,
+420                   KJUR.asn1.cms.Attribute);
+421 
+422 /**
+423  * class for OtherCertID ASN.1 object
+424  * @name KJUR.asn1.cades.OtherCertID
+425  * @class class for OtherCertID ASN.1 object
+426  * @param {Array} params associative array of parameters
+427  * @extends KJUR.asn1.ASN1Object
+428  * @since jsrsasign 4.7.0 asn1cades 1.0.0
+429  * @description
+430  * <pre>
+431  * OtherCertID ::= SEQUENCE {
+432  *    otherCertHash    OtherHash,
+433  *    issuerSerial     IssuerSerial OPTIONAL }
+434  * </pre>
+435  * @example
+436  * o = new KJUR.asn1.cades.OtherCertID(certPEM);
+437  * o = new KJUR.asn1.cades.OtherCertID({cert:certPEM, hasis: false});
+438  */
+439 KJUR.asn1.cades.OtherCertID = function(params) {
+440     var _KJUR = KJUR,
+441 	_KJUR_asn1 = _KJUR.asn1,
+442 	_KJUR_asn1_cms = _KJUR_asn1.cms,
+443 	_KJUR_asn1_cades = _KJUR_asn1.cades;
+444 
+445     _KJUR_asn1_cades.OtherCertID.superclass.constructor.call(this);
+446 
+447     this.hasIssuerSerial = true;
+448     this.dOtherCertHash = null;
+449     this.dIssuerSerial = null;
+450 
+451     /**
+452      * set value by PEM string of certificate
+453      * @name setByCertPEM
+454      * @memberOf KJUR.asn1.cades.OtherCertID
+455      * @function
+456      * @param {String} certPEM PEM string of certificate
+457      * @return unspecified
+458      * @description
+459      * This method will set value by a PEM string of a certificate.
+460      * This will add IssuerAndSerialNumber by default 
+461      * which depends on hasIssuerSerial flag.
+462      */
+463     this.setByCertPEM = function(certPEM) {
+464         this.dOtherCertHash = new _KJUR_asn1_cades.OtherHash(certPEM);
+465         if (this.hasIssuerSerial)
+466             this.dIssuerSerial = 
+467 	        new _KJUR_asn1_cms.IssuerAndSerialNumber(certPEM);
+468     };
+469 
+470     this.getEncodedHex = function() {
+471         if (this.hTLV != null) return this.hTLV;
+472         if (this.dOtherCertHash == null)
+473             throw "otherCertHash not set";
+474         var a = [this.dOtherCertHash];
+475         if (this.dIssuerSerial != null)
+476             a.push(this.dIssuerSerial);
+477         var seq = new _KJUR_asn1.DERSequence({array: a});
+478         this.hTLV = seq.getEncodedHex();
+479         return this.hTLV;
+480     };
+481 
+482     if (params !== undefined) {
+483         if (typeof params == "string" &&
+484             params.indexOf("-----BEGIN ") != -1) {
+485             this.setByCertPEM(params);
+486         }
+487         if (typeof params == "object") {
+488             if (params.hasis === false)
+489                 this.hasIssuerSerial = false;
+490             if (typeof params.cert == "string")
+491                 this.setByCertPEM(params.cert);
+492         }
+493     }
+494 };
+495 YAHOO.lang.extend(KJUR.asn1.cades.OtherCertID, KJUR.asn1.ASN1Object);
+496 
+497 /**
+498  * class for OtherHash ASN.1 object
+499  * @name KJUR.asn1.cades.OtherHash
+500  * @class class for OtherHash ASN.1 object
+501  * @param {Array} params associative array of parameters
+502  * @extends KJUR.asn1.ASN1Object
+503  * @since jsrsasign 4.7.0 asn1cades 1.0.0
+504  * @description
+505  * <pre>
+506  * OtherHash ::= CHOICE {
+507  *    sha1Hash   OtherHashValue,  -- This contains a SHA-1 hash
+508  *    otherHash  OtherHashAlgAndValue}
+509  * OtherHashValue ::= OCTET STRING
+510  * </pre>
+511  * @example
+512  * o = new KJUR.asn1.cades.OtherHash("1234");
+513  * o = new KJUR.asn1.cades.OtherHash(certPEMStr); // default alg=sha256
+514  * o = new KJUR.asn1.cades.OtherHash({alg: 'sha256', hash: '1234'});
+515  * o = new KJUR.asn1.cades.OtherHash({alg: 'sha256', cert: certPEM});
+516  * o = new KJUR.asn1.cades.OtherHash({cert: certPEM});
+517  */
+518 KJUR.asn1.cades.OtherHash = function(params) {
+519     var _KJUR = KJUR,
+520 	_KJUR_asn1 = _KJUR.asn1,
+521 	_KJUR_asn1_cms = _KJUR_asn1.cms,
+522 	_KJUR_asn1_cades = _KJUR_asn1.cades,
+523 	_OtherHashAlgAndValue = _KJUR_asn1_cades.OtherHashAlgAndValue,
+524 	_hashHex = _KJUR.crypto.Util.hashHex;
+525 
+526     _KJUR_asn1_cades.OtherHash.superclass.constructor.call(this);
 527 
-528     if (typeof params != "undefined") {
-529         if (typeof params == "string") {
-530             if (params.indexOf("-----BEGIN ") != -1) {
-531                 this.setByCertPEM(params);
-532             } else if (params.match(/^[0-9A-Fa-f]+$/)) {
-533                 this.dOtherHash = new nA.DEROctetString({hex: params});
-534             } else {
-535                 throw "unsupported string value for params";
-536             }
-537         } else if (typeof params == "object") {
-538             if (typeof params.cert == "string") {
-539                 if (typeof params.alg == "string")
-540                     this.alg = params.alg;
-541                 this.setByCertPEM(params.cert);
-542             } else {
-543                 this.dOtherHash = new nD.OtherHashAlgAndValue(params);
-544             }
-545         }
-546     }
-547 };
-548 YAHOO.lang.extend(KJUR.asn1.cades.OtherHash, KJUR.asn1.ASN1Object);
-549 
-550 
-551 // == BEGIN UTILITIES =====================================================
-552 
-553 /**
-554  * CAdES utiliteis class
-555  * @name KJUR.asn1.cades.CAdESUtil
-556  * @class CAdES utilities class
-557  * @since jsrsasign 4.7.0 asn1cades 1.0.0
-558  */
-559 KJUR.asn1.cades.CAdESUtil = new function() {
-560 };
-561 /*
-562  *
-563  */
-564 KJUR.asn1.cades.CAdESUtil.addSigTS = function(dCMS, siIdx, sigTSHex) {
-565 };
-566 /**
-567  * parse CMS SignedData to add unsigned attributes
-568  * @name parseSignedDataForAddingUnsigned
-569  * @memberOf KJUR.asn1.cades.CAdESUtil
-570  * @function
-571  * @param {String} hex hexadecimal string of ContentInfo of CMS SignedData
-572  * @return {Object} associative array of parsed data
-573  * @description
-574  * This method will parse a hexadecimal string of 
-575  * ContentInfo with CMS SignedData to add a attribute
-576  * to unsigned attributes field in a signerInfo field.
-577  * Parsed result will be an associative array which has
-578  * following properties:
-579  * <ul>
-580  * <li>version - hex of CMSVersion ASN.1 TLV</li>
-581  * <li>algs - hex of DigestAlgorithms ASN.1 TLV</li>
-582  * <li>encapcontent - hex of EncapContentInfo ASN.1 TLV</li>
-583  * <li>certs - hex of Certificates ASN.1 TLV</li>
-584  * <li>revs - hex of RevocationInfoChoices ASN.1 TLV</li>
-585  * <li>si[] - array of SignerInfo properties</li>
-586  * <li>obj - parsed KJUR.asn1.cms.SignedData object</li>
-587  * </ul>
-588  * @example
-589  * info = KJUR.asn1.cades.CAdESUtil.parseSignedDataForAddingUnsigned(beshex);
-590  * sd = info.obj;
-591  */
-592 KJUR.asn1.cades.CAdESUtil.parseSignedDataForAddingUnsigned = function(hex) {
-593     var _ASN1HEX = ASN1HEX;
-594     var _getChildIdx = _ASN1HEX.getChildIdx;
-595     var _getTLV = _ASN1HEX.getTLV;
-596     var _getTLVbyList = _ASN1HEX.getTLVbyList;
-597     var _getIdxbyList = _ASN1HEX.getIdxbyList;
-598     
-599     var nA = KJUR.asn1;
-600     var nC = KJUR.asn1.cms;
-601     var nU = KJUR.asn1.cades.CAdESUtil;
-602     var r = {};
-603 
-604     // 1. not oid signed-data then error
-605     if (_getTLVbyList(hex, 0, [0]) != "06092a864886f70d010702")
-606         throw "hex is not CMS SignedData";
-607 
-608     var iSD = _getIdxbyList(hex, 0, [1, 0]);
-609     var aSDChildIdx = _getChildIdx(hex, iSD);
-610     if (aSDChildIdx.length < 4)
-611         throw "num of SignedData elem shall be 4 at least";
-612 
-613     // 2. HEXs of SignedData children
-614     // 2.1. SignedData.CMSVersion
-615     var iVersion = aSDChildIdx.shift();
-616     r.version = _getTLV(hex, iVersion);
-617 
-618     // 2.2. SignedData.DigestAlgorithms
-619     var iAlgs = aSDChildIdx.shift();
-620     r.algs = _getTLV(hex, iAlgs);
-621 
-622     // 2.3. SignedData.EncapContentInfo
-623     var iEncapContent = aSDChildIdx.shift();
-624     r.encapcontent = _getTLV(hex, iEncapContent);
-625 
-626     // 2.4. [0]Certs 
-627     r.certs = null;
-628     r.revs = null;
-629     r.si = [];
-630 
-631     var iNext = aSDChildIdx.shift();
-632     if (hex.substr(iNext, 2) == "a0") {
-633         r.certs = _getTLV(hex, iNext);
-634         iNext = aSDChildIdx.shift();
-635     }
-636 
-637     // 2.5. [1]Revs
-638     if (hex.substr(iNext, 2) == "a1") {
-639         r.revs = _getTLV(hex, iNext);
-640         iNext = aSDChildIdx.shift();
-641     }
-642 
-643     // 2.6. SignerInfos
-644     var iSignerInfos = iNext;
-645     if (hex.substr(iSignerInfos, 2) != "31")
-646         throw "Can't find signerInfos";
-647 
-648     var aSIIndex = _getChildIdx(hex, iSignerInfos);
-649     //alert(aSIIndex.join("-"));
-650 
-651     for (var i = 0; i < aSIIndex.length; i++) {
-652         var iSI = aSIIndex[i];
-653         var pSI = nU.parseSignerInfoForAddingUnsigned(hex, iSI, i);
-654         r.si[i] = pSI;
-655     }
-656 
-657     // x. obj(SignedData)
-658     var tmp = null;
-659     r.obj = new nC.SignedData();
-660 
-661     tmp = new nA.ASN1Object();
-662     tmp.hTLV = r.version;
-663     r.obj.dCMSVersion = tmp;
+528     this.alg = 'sha256';
+529     this.dOtherHash = null;
+530 
+531     /**
+532      * set value by PEM string of certificate
+533      * @name setByCertPEM
+534      * @memberOf KJUR.asn1.cades.OtherHash
+535      * @function
+536      * @param {String} certPEM PEM string of certificate
+537      * @return unspecified
+538      * @description
+539      * This method will set value by a PEM string of a certificate.
+540      * An algorithm used to hash certificate data will
+541      * be defined by 'alg' property and 'sha256' is default.
+542      */
+543     this.setByCertPEM = function(certPEM) {
+544         if (certPEM.indexOf("-----BEGIN ") == -1)
+545             throw "certPEM not to seem PEM format";
+546         var hex = pemtohex(certPEM);
+547         var hash = _hashHex(hex, this.alg);
+548         this.dOtherHash = 
+549             new _OtherHashAlgAndValue({alg: this.alg, hash: hash});
+550     };
+551 
+552     this.getEncodedHex = function() {
+553         if (this.dOtherHash == null)
+554             throw "OtherHash not set";
+555         return this.dOtherHash.getEncodedHex();
+556     };
+557 
+558     if (params !== undefined) {
+559         if (typeof params == "string") {
+560             if (params.indexOf("-----BEGIN ") != -1) {
+561                 this.setByCertPEM(params);
+562             } else if (params.match(/^[0-9A-Fa-f]+$/)) {
+563                 this.dOtherHash = new _KJUR_asn1.DEROctetString({hex: params});
+564             } else {
+565                 throw "unsupported string value for params";
+566             }
+567         } else if (typeof params == "object") {
+568             if (typeof params.cert == "string") {
+569                 if (typeof params.alg == "string")
+570                     this.alg = params.alg;
+571                 this.setByCertPEM(params.cert);
+572             } else {
+573                 this.dOtherHash = new _OtherHashAlgAndValue(params);
+574             }
+575         }
+576     }
+577 };
+578 YAHOO.lang.extend(KJUR.asn1.cades.OtherHash, KJUR.asn1.ASN1Object);
+579 
+580 
+581 // == BEGIN UTILITIES =====================================================
+582 
+583 /**
+584  * CAdES utiliteis class
+585  * @name KJUR.asn1.cades.CAdESUtil
+586  * @class CAdES utilities class
+587  * @since jsrsasign 4.7.0 asn1cades 1.0.0
+588  */
+589 KJUR.asn1.cades.CAdESUtil = new function() {
+590 };
+591 /*
+592  *
+593  */
+594 KJUR.asn1.cades.CAdESUtil.addSigTS = function(dCMS, siIdx, sigTSHex) {
+595 };
+596 /**
+597  * parse CMS SignedData to add unsigned attributes
+598  * @name parseSignedDataForAddingUnsigned
+599  * @memberOf KJUR.asn1.cades.CAdESUtil
+600  * @function
+601  * @param {String} hex hexadecimal string of ContentInfo of CMS SignedData
+602  * @return {Object} associative array of parsed data
+603  * @description
+604  * This method will parse a hexadecimal string of 
+605  * ContentInfo with CMS SignedData to add a attribute
+606  * to unsigned attributes field in a signerInfo field.
+607  * Parsed result will be an associative array which has
+608  * following properties:
+609  * <ul>
+610  * <li>version - hex of CMSVersion ASN.1 TLV</li>
+611  * <li>algs - hex of DigestAlgorithms ASN.1 TLV</li>
+612  * <li>encapcontent - hex of EncapContentInfo ASN.1 TLV</li>
+613  * <li>certs - hex of Certificates ASN.1 TLV</li>
+614  * <li>revs - hex of RevocationInfoChoices ASN.1 TLV</li>
+615  * <li>si[] - array of SignerInfo properties</li>
+616  * <li>obj - parsed KJUR.asn1.cms.SignedData object</li>
+617  * </ul>
+618  * @example
+619  * info = KJUR.asn1.cades.CAdESUtil.parseSignedDataForAddingUnsigned(beshex);
+620  * sd = info.obj;
+621  */
+622 KJUR.asn1.cades.CAdESUtil.parseSignedDataForAddingUnsigned = function(hex) {
+623     var _ASN1HEX = ASN1HEX,
+624 	_getChildIdx = _ASN1HEX.getChildIdx,
+625 	_getTLV = _ASN1HEX.getTLV,
+626 	_getTLVbyList = _ASN1HEX.getTLVbyList,
+627 	_getIdxbyList = _ASN1HEX.getIdxbyList,
+628 	_KJUR = KJUR,
+629 	_KJUR_asn1 = _KJUR.asn1,
+630 	_ASN1Object = _KJUR_asn1.ASN1Object,
+631 	_KJUR_asn1_cms = _KJUR_asn1.cms,
+632 	_SignedData = _KJUR_asn1_cms.SignedData,
+633 	_KJUR_asn1_cades = _KJUR_asn1.cades,
+634 	_CAdESUtil = _KJUR_asn1_cades.CAdESUtil;
+635     
+636     var r = {};
+637 
+638     // 1. not oid signed-data then error
+639     if (_getTLVbyList(hex, 0, [0]) != "06092a864886f70d010702")
+640         throw "hex is not CMS SignedData";
+641 
+642     var iSD = _getIdxbyList(hex, 0, [1, 0]);
+643     var aSDChildIdx = _getChildIdx(hex, iSD);
+644     if (aSDChildIdx.length < 4)
+645         throw "num of SignedData elem shall be 4 at least";
+646 
+647     // 2. HEXs of SignedData children
+648     // 2.1. SignedData.CMSVersion
+649     var iVersion = aSDChildIdx.shift();
+650     r.version = _getTLV(hex, iVersion);
+651 
+652     // 2.2. SignedData.DigestAlgorithms
+653     var iAlgs = aSDChildIdx.shift();
+654     r.algs = _getTLV(hex, iAlgs);
+655 
+656     // 2.3. SignedData.EncapContentInfo
+657     var iEncapContent = aSDChildIdx.shift();
+658     r.encapcontent = _getTLV(hex, iEncapContent);
+659 
+660     // 2.4. [0]Certs 
+661     r.certs = null;
+662     r.revs = null;
+663     r.si = [];
 664 
-665     tmp = new nA.ASN1Object();
-666     tmp.hTLV = r.algs;
-667     r.obj.dDigestAlgs = tmp;
-668 
-669     tmp = new nA.ASN1Object();
-670     tmp.hTLV = r.encapcontent;
-671     r.obj.dEncapContentInfo = tmp;
-672 
-673     tmp = new nA.ASN1Object();
-674     tmp.hTLV = r.certs;
-675     r.obj.dCerts = tmp;
+665     var iNext = aSDChildIdx.shift();
+666     if (hex.substr(iNext, 2) == "a0") {
+667         r.certs = _getTLV(hex, iNext);
+668         iNext = aSDChildIdx.shift();
+669     }
+670 
+671     // 2.5. [1]Revs
+672     if (hex.substr(iNext, 2) == "a1") {
+673         r.revs = _getTLV(hex, iNext);
+674         iNext = aSDChildIdx.shift();
+675     }
 676 
-677     r.obj.signerInfoList = [];
-678     for (var i = 0; i < r.si.length; i++) {
-679         r.obj.signerInfoList.push(r.si[i].obj);
-680     }
+677     // 2.6. SignerInfos
+678     var iSignerInfos = iNext;
+679     if (hex.substr(iSignerInfos, 2) != "31")
+680         throw "Can't find signerInfos";
 681 
-682     return r;
-683 };
+682     var aSIIndex = _getChildIdx(hex, iSignerInfos);
+683     //alert(aSIIndex.join("-"));
 684 
-685 /**
-686  * parse SignerInfo to add unsigned attributes
-687  * @name parseSignerInfoForAddingUnsigned
-688  * @memberOf KJUR.asn1.cades.CAdESUtil
-689  * @function
-690  * @param {String} hex hexadecimal string of SignerInfo
-691  * @return {Object} associative array of parsed data
-692  * @description
-693  * This method will parse a hexadecimal string of 
-694  * SignerInfo to add a attribute
-695  * to unsigned attributes field in a signerInfo field.
-696  * Parsed result will be an associative array which has
-697  * following properties:
-698  * <ul>
-699  * <li>version - hex TLV of version</li>
-700  * <li>si - hex TLV of SignerIdentifier</li>
-701  * <li>digalg - hex TLV of DigestAlgorithm</li>
-702  * <li>sattrs - hex TLV of SignedAttributes</li>
-703  * <li>sigalg - hex TLV of SignatureAlgorithm</li>
-704  * <li>sig - hex TLV of signature</li>
-705  * <li>sigval = hex V of signature</li>
-706  * <li>obj - parsed KJUR.asn1.cms.SignerInfo object</li>
-707  * </ul>
-708  * NOTE: Parsing of unsigned attributes will be provided in the
-709  * future version. That's way this version provides support
-710  * for CAdES-T and not for CAdES-C.
-711  */
-712 KJUR.asn1.cades.CAdESUtil.parseSignerInfoForAddingUnsigned = function(hex, iSI, nth) {
-713     var _ASN1HEX = ASN1HEX;
-714     var _getChildIdx = _ASN1HEX.getChildIdx;
-715     var _getTLV = _ASN1HEX.getTLV;
-716     var _getV = _ASN1HEX.getV;
-717 
-718     var nA = KJUR.asn1;
-719     var nC = KJUR.asn1.cms;
-720     var r = {};
-721     var aSIChildIdx = _getChildIdx(hex, iSI);
-722     //alert(aSIChildIdx.join("="));
-723 
-724     if (aSIChildIdx.length != 6)
-725         throw "not supported items for SignerInfo (!=6)"; 
-726 
-727     // 1. SignerInfo.CMSVersion
-728     var iVersion = aSIChildIdx.shift();
-729     r.version = _getTLV(hex, iVersion);
-730 
-731     // 2. SignerIdentifier(IssuerAndSerialNumber)
-732     var iIdentifier = aSIChildIdx.shift();
-733     r.si = _getTLV(hex, iIdentifier);
-734 
-735     // 3. DigestAlgorithm
-736     var iDigestAlg = aSIChildIdx.shift();
-737     r.digalg = _getTLV(hex, iDigestAlg);
-738 
-739     // 4. SignedAttrs
-740     var iSignedAttrs = aSIChildIdx.shift();
-741     r.sattrs = _getTLV(hex, iSignedAttrs);
-742 
-743     // 5. SigAlg
-744     var iSigAlg = aSIChildIdx.shift();
-745     r.sigalg = _getTLV(hex, iSigAlg);
-746 
-747     // 6. Signature
-748     var iSig = aSIChildIdx.shift();
-749     r.sig = _getTLV(hex, iSig);
-750     r.sigval = _getV(hex, iSig);
-751 
-752     // 7. obj(SignerInfo)
-753     var tmp = null;
-754     r.obj = new nC.SignerInfo();
-755 
-756     tmp = new nA.ASN1Object();
-757     tmp.hTLV = r.version;
-758     r.obj.dCMSVersion = tmp;
-759 
-760     tmp = new nA.ASN1Object();
-761     tmp.hTLV = r.si;
-762     r.obj.dSignerIdentifier = tmp;
-763 
-764     tmp = new nA.ASN1Object();
-765     tmp.hTLV = r.digalg;
-766     r.obj.dDigestAlgorithm = tmp;
-767 
-768     tmp = new nA.ASN1Object();
-769     tmp.hTLV = r.sattrs;
-770     r.obj.dSignedAttrs = tmp;
-771 
-772     tmp = new nA.ASN1Object();
-773     tmp.hTLV = r.sigalg;
-774     r.obj.dSigAlg = tmp;
-775 
-776     tmp = new nA.ASN1Object();
-777     tmp.hTLV = r.sig;
-778     r.obj.dSig = tmp;
-779 
-780     r.obj.dUnsignedAttrs = new nC.AttributeList();
-781 
-782     return r;
-783 };
+685     for (var i = 0; i < aSIIndex.length; i++) {
+686         var iSI = aSIIndex[i];
+687         var pSI = _CAdESUtil.parseSignerInfoForAddingUnsigned(hex, iSI, i);
+688         r.si[i] = pSI;
+689     }
+690 
+691     // x. obj(SignedData)
+692     var tmp = null;
+693     r.obj = new _SignedData();
+694 
+695     tmp = new _ASN1Object();
+696     tmp.hTLV = r.version;
+697     r.obj.dCMSVersion = tmp;
+698 
+699     tmp = new _ASN1Object();
+700     tmp.hTLV = r.algs;
+701     r.obj.dDigestAlgs = tmp;
+702 
+703     tmp = new _ASN1Object();
+704     tmp.hTLV = r.encapcontent;
+705     r.obj.dEncapContentInfo = tmp;
+706 
+707     tmp = new _ASN1Object();
+708     tmp.hTLV = r.certs;
+709     r.obj.dCerts = tmp;
+710 
+711     r.obj.signerInfoList = [];
+712     for (var i = 0; i < r.si.length; i++) {
+713         r.obj.signerInfoList.push(r.si[i].obj);
+714     }
+715 
+716     return r;
+717 };
+718 
+719 /**
+720  * parse SignerInfo to add unsigned attributes
+721  * @name parseSignerInfoForAddingUnsigned
+722  * @memberOf KJUR.asn1.cades.CAdESUtil
+723  * @function
+724  * @param {String} hex hexadecimal string of SignerInfo
+725  * @return {Object} associative array of parsed data
+726  * @description
+727  * This method will parse a hexadecimal string of 
+728  * SignerInfo to add a attribute
+729  * to unsigned attributes field in a signerInfo field.
+730  * Parsed result will be an associative array which has
+731  * following properties:
+732  * <ul>
+733  * <li>version - hex TLV of version</li>
+734  * <li>si - hex TLV of SignerIdentifier</li>
+735  * <li>digalg - hex TLV of DigestAlgorithm</li>
+736  * <li>sattrs - hex TLV of SignedAttributes</li>
+737  * <li>sigalg - hex TLV of SignatureAlgorithm</li>
+738  * <li>sig - hex TLV of signature</li>
+739  * <li>sigval = hex V of signature</li>
+740  * <li>obj - parsed KJUR.asn1.cms.SignerInfo object</li>
+741  * </ul>
+742  * NOTE: Parsing of unsigned attributes will be provided in the
+743  * future version. That's way this version provides support
+744  * for CAdES-T and not for CAdES-C.
+745  */
+746 KJUR.asn1.cades.CAdESUtil.parseSignerInfoForAddingUnsigned = function(hex, iSI, nth) {
+747     var _ASN1HEX = ASN1HEX,
+748 	_getChildIdx = _ASN1HEX.getChildIdx,
+749 	_getTLV = _ASN1HEX.getTLV,
+750 	_getV = _ASN1HEX.getV,
+751 	_KJUR = KJUR,
+752 	_KJUR_asn1 = _KJUR.asn1,
+753 	_ASN1Object = _KJUR_asn1.ASN1Object,
+754 	_KJUR_asn1_cms = _KJUR_asn1.cms,
+755 	_AttributeList = _KJUR_asn1_cms.AttributeList,
+756 	_SignerInfo = _KJUR_asn1_cms.SignerInfo;
+757 
+758     var r = {};
+759     var aSIChildIdx = _getChildIdx(hex, iSI);
+760     //alert(aSIChildIdx.join("="));
+761 
+762     if (aSIChildIdx.length != 6)
+763         throw "not supported items for SignerInfo (!=6)"; 
+764 
+765     // 1. SignerInfo.CMSVersion
+766     var iVersion = aSIChildIdx.shift();
+767     r.version = _getTLV(hex, iVersion);
+768 
+769     // 2. SignerIdentifier(IssuerAndSerialNumber)
+770     var iIdentifier = aSIChildIdx.shift();
+771     r.si = _getTLV(hex, iIdentifier);
+772 
+773     // 3. DigestAlgorithm
+774     var iDigestAlg = aSIChildIdx.shift();
+775     r.digalg = _getTLV(hex, iDigestAlg);
+776 
+777     // 4. SignedAttrs
+778     var iSignedAttrs = aSIChildIdx.shift();
+779     r.sattrs = _getTLV(hex, iSignedAttrs);
+780 
+781     // 5. SigAlg
+782     var iSigAlg = aSIChildIdx.shift();
+783     r.sigalg = _getTLV(hex, iSigAlg);
 784 
-785 
\ No newline at end of file +785
// 6. Signature +786 var iSig = aSIChildIdx.shift(); +787 r.sig = _getTLV(hex, iSig); +788 r.sigval = _getV(hex, iSig); +789 +790 // 7. obj(SignerInfo) +791 var tmp = null; +792 r.obj = new _SignerInfo(); +793 +794 tmp = new _ASN1Object(); +795 tmp.hTLV = r.version; +796 r.obj.dCMSVersion = tmp; +797 +798 tmp = new _ASN1Object(); +799 tmp.hTLV = r.si; +800 r.obj.dSignerIdentifier = tmp; +801 +802 tmp = new _ASN1Object(); +803 tmp.hTLV = r.digalg; +804 r.obj.dDigestAlgorithm = tmp; +805 +806 tmp = new _ASN1Object(); +807 tmp.hTLV = r.sattrs; +808 r.obj.dSignedAttrs = tmp; +809 +810 tmp = new _ASN1Object(); +811 tmp.hTLV = r.sigalg; +812 r.obj.dSigAlg = tmp; +813 +814 tmp = new _ASN1Object(); +815 tmp.hTLV = r.sig; +816 r.obj.dSig = tmp; +817 +818 r.obj.dUnsignedAttrs = new _AttributeList(); +819 +820 return r; +821 }; +822 +823
\ No newline at end of file diff --git a/api/symbols/src/asn1cms-1.0.js.html b/api/symbols/src/asn1cms-1.0.js.html index fb213321..955e06e7 100644 --- a/api/symbols/src/asn1cms-1.0.js.html +++ b/api/symbols/src/asn1cms-1.0.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
  1 /*! asn1cms-1.0.3.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* asn1cms-1.0.4.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * asn1cms.js - ASN.1 DER encoder classes for Cryptographic Message Syntax(CMS)
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1cms-1.0.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version 1.0.3 (2017-Jan-14)
+ 19  * @version 1.0.4 (2017-May-30)
  20  * @since jsrsasign 4.2.4
  21  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -98,895 +98,969 @@
  91  * </pre>
  92  */
  93 KJUR.asn1.cms.Attribute = function(params) {
- 94     KJUR.asn1.cms.Attribute.superclass.constructor.call(this);
- 95     var valueList = []; // array of values
- 96 
- 97     this.getEncodedHex = function() {
- 98         var attrTypeASN1, attrValueASN1, seq;
- 99         attrTypeASN1 = new KJUR.asn1.DERObjectIdentifier({"oid": this.attrTypeOid});
-100 
-101         attrValueASN1 = new KJUR.asn1.DERSet({"array": this.valueList});
-102         try {
-103             attrValueASN1.getEncodedHex();
-104         } catch (ex) {
-105             throw "fail valueSet.getEncodedHex in Attribute(1)/" + ex;
-106         }
-107 
-108         seq = new KJUR.asn1.DERSequence({"array": [attrTypeASN1, attrValueASN1]});
-109         try {
-110             this.hTLV = seq.getEncodedHex();
-111         } catch (ex) {
-112             throw "failed seq.getEncodedHex in Attribute(2)/" + ex;
-113         }
-114 
-115         return this.hTLV;
-116     };
-117 };
-118 YAHOO.lang.extend(KJUR.asn1.cms.Attribute, KJUR.asn1.ASN1Object);
-119 
-120 /**
-121  * class for CMS ContentType attribute
-122  * @name KJUR.asn1.cms.ContentType
-123  * @class class for CMS ContentType attribute
-124  * @param {Array} params associative array of parameters
-125  * @extends KJUR.asn1.cms.Attribute
-126  * @since jsrsasign 4.2.4 asn1cms 1.0.0
-127  * @description
-128  * <pre>
-129  * Attribute ::= SEQUENCE {
-130  *    type               OBJECT IDENTIFIER,
-131  *    values             AttributeSetValue }
-132  * AttributeSetValue ::= SET OF ANY
-133  * ContentType ::= OBJECT IDENTIFIER
-134  * </pre>
-135  * @example
-136  * o = new KJUR.asn1.cms.ContentType({name: 'data'});
-137  * o = new KJUR.asn1.cms.ContentType({oid: '1.2.840.113549.1.9.16.1.4'});
-138  */
-139 KJUR.asn1.cms.ContentType = function(params) {
-140     KJUR.asn1.cms.ContentType.superclass.constructor.call(this);
-141     this.attrTypeOid = "1.2.840.113549.1.9.3";
-142     var contentTypeASN1 = null;
-143 
-144     if (typeof params != "undefined") {
-145         var contentTypeASN1 = new KJUR.asn1.DERObjectIdentifier(params);
-146         this.valueList = [contentTypeASN1];
-147     }
-148 };
-149 YAHOO.lang.extend(KJUR.asn1.cms.ContentType, KJUR.asn1.cms.Attribute);
+ 94     var valueList = [], // array of values
+ 95 	_KJUR = KJUR,
+ 96 	_KJUR_asn1 = _KJUR.asn1;
+ 97 
+ 98     _KJUR_asn1.cms.Attribute.superclass.constructor.call(this);
+ 99 
+100     this.getEncodedHex = function() {
+101         var attrTypeASN1, attrValueASN1, seq;
+102         attrTypeASN1 = new _KJUR_asn1.DERObjectIdentifier({"oid": this.attrTypeOid});
+103 
+104         attrValueASN1 = new _KJUR_asn1.DERSet({"array": this.valueList});
+105         try {
+106             attrValueASN1.getEncodedHex();
+107         } catch (ex) {
+108             throw "fail valueSet.getEncodedHex in Attribute(1)/" + ex;
+109         }
+110 
+111         seq = new _KJUR_asn1.DERSequence({"array": [attrTypeASN1, attrValueASN1]});
+112         try {
+113             this.hTLV = seq.getEncodedHex();
+114         } catch (ex) {
+115             throw "failed seq.getEncodedHex in Attribute(2)/" + ex;
+116         }
+117 
+118         return this.hTLV;
+119     };
+120 };
+121 YAHOO.lang.extend(KJUR.asn1.cms.Attribute, KJUR.asn1.ASN1Object);
+122 
+123 /**
+124  * class for CMS ContentType attribute
+125  * @name KJUR.asn1.cms.ContentType
+126  * @class class for CMS ContentType attribute
+127  * @param {Array} params associative array of parameters
+128  * @extends KJUR.asn1.cms.Attribute
+129  * @since jsrsasign 4.2.4 asn1cms 1.0.0
+130  * @description
+131  * <pre>
+132  * Attribute ::= SEQUENCE {
+133  *    type               OBJECT IDENTIFIER,
+134  *    values             AttributeSetValue }
+135  * AttributeSetValue ::= SET OF ANY
+136  * ContentType ::= OBJECT IDENTIFIER
+137  * </pre>
+138  * @example
+139  * o = new KJUR.asn1.cms.ContentType({name: 'data'});
+140  * o = new KJUR.asn1.cms.ContentType({oid: '1.2.840.113549.1.9.16.1.4'});
+141  */
+142 KJUR.asn1.cms.ContentType = function(params) {
+143     var _KJUR = KJUR,
+144 	_KJUR_asn1 = _KJUR.asn1;
+145 
+146     _KJUR_asn1.cms.ContentType.superclass.constructor.call(this);
+147 
+148     this.attrTypeOid = "1.2.840.113549.1.9.3";
+149     var contentTypeASN1 = null;
 150 
-151 /**
-152  * class for CMS MessageDigest attribute
-153  * @name KJUR.asn1.cms.MessageDigest
-154  * @class class for CMS MessageDigest attribute
-155  * @param {Array} params associative array of parameters
-156  * @extends KJUR.asn1.cms.Attribute
-157  * @since jsrsasign 4.2.4 asn1cms 1.0.0
-158  * @description
-159  * <pre>
-160  * Attribute ::= SEQUENCE {
-161  *    type               OBJECT IDENTIFIER,
-162  *    values             AttributeSetValue }
-163  * AttributeSetValue ::= SET OF ANY
-164  * MessageDigest ::= OCTET STRING
-165  * </pre>
-166  * @example
-167  * o = new KJUR.asn1.cms.MessageDigest({hex: 'a1a2a3a4...'});
-168  */
-169 KJUR.asn1.cms.MessageDigest = function(params) {
-170     KJUR.asn1.cms.MessageDigest.superclass.constructor.call(this);
-171     this.attrTypeOid = "1.2.840.113549.1.9.4";
-172 
-173     if (typeof params != "undefined") {
-174         if (params.eciObj instanceof KJUR.asn1.cms.EncapsulatedContentInfo &&
-175             typeof params.hashAlg == "string") {
-176             var dataHex = params.eciObj.eContentValueHex;
-177             var hashAlg = params.hashAlg;
-178             var hashValueHex = KJUR.crypto.Util.hashHex(dataHex, hashAlg);
-179             var dAttrValue1 = new KJUR.asn1.DEROctetString({hex: hashValueHex});
-180             dAttrValue1.getEncodedHex();
-181             this.valueList = [dAttrValue1];
-182         } else {
-183             var dAttrValue1 = new KJUR.asn1.DEROctetString(params);
-184             dAttrValue1.getEncodedHex();
-185             this.valueList = [dAttrValue1];
-186         }
-187     }
-188 };
-189 YAHOO.lang.extend(KJUR.asn1.cms.MessageDigest, KJUR.asn1.cms.Attribute);
-190 
-191 /**
-192  * class for CMS SigningTime attribute
-193  * @name KJUR.asn1.cms.SigningTime
-194  * @class class for CMS SigningTime attribute
-195  * @param {Array} params associative array of parameters
-196  * @extends KJUR.asn1.cms.Attribute
-197  * @since jsrsasign 4.2.4 asn1cms 1.0.0
-198  * @description
-199  * <pre>
-200  * Attribute ::= SEQUENCE {
-201  *    type               OBJECT IDENTIFIER,
-202  *    values             AttributeSetValue }
-203  * AttributeSetValue ::= SET OF ANY
-204  * SigningTime  ::= Time
-205  * Time ::= CHOICE {
-206  *    utcTime UTCTime,
-207  *    generalTime GeneralizedTime }
-208  * </pre>
-209  * @example
-210  * o = new KJUR.asn1.cms.SigningTime(); // current time UTCTime by default
-211  * o = new KJUR.asn1.cms.SigningTime({type: 'gen'}); // current time GeneralizedTime
-212  * o = new KJUR.asn1.cms.SigningTime({str: '20140517093800Z'}); // specified GeneralizedTime
-213  * o = new KJUR.asn1.cms.SigningTime({str: '140517093800Z'}); // specified UTCTime
-214  */
-215 KJUR.asn1.cms.SigningTime = function(params) {
-216     KJUR.asn1.cms.SigningTime.superclass.constructor.call(this);
-217     this.attrTypeOid = "1.2.840.113549.1.9.5";
-218 
-219     if (typeof params != "undefined") {
-220         var asn1 = new KJUR.asn1.x509.Time(params);
-221         try {
-222             asn1.getEncodedHex();
-223         } catch (ex) {
-224             throw "SigningTime.getEncodedHex() failed/" + ex;
-225         }
-226         this.valueList = [asn1];
-227     }
-228 };
-229 YAHOO.lang.extend(KJUR.asn1.cms.SigningTime, KJUR.asn1.cms.Attribute);
+151     if (typeof params != "undefined") {
+152         var contentTypeASN1 = new _KJUR_asn1.DERObjectIdentifier(params);
+153         this.valueList = [contentTypeASN1];
+154     }
+155 };
+156 YAHOO.lang.extend(KJUR.asn1.cms.ContentType, KJUR.asn1.cms.Attribute);
+157 
+158 /**
+159  * class for CMS MessageDigest attribute
+160  * @name KJUR.asn1.cms.MessageDigest
+161  * @class class for CMS MessageDigest attribute
+162  * @param {Array} params associative array of parameters
+163  * @extends KJUR.asn1.cms.Attribute
+164  * @since jsrsasign 4.2.4 asn1cms 1.0.0
+165  * @description
+166  * <pre>
+167  * Attribute ::= SEQUENCE {
+168  *    type               OBJECT IDENTIFIER,
+169  *    values             AttributeSetValue }
+170  * AttributeSetValue ::= SET OF ANY
+171  * MessageDigest ::= OCTET STRING
+172  * </pre>
+173  * @example
+174  * o = new KJUR.asn1.cms.MessageDigest({hex: 'a1a2a3a4...'});
+175  */
+176 KJUR.asn1.cms.MessageDigest = function(params) {
+177     var _KJUR = KJUR,
+178 	_KJUR_asn1 = _KJUR.asn1,
+179 	_DEROctetString = _KJUR_asn1.DEROctetString,
+180 	_KJUR_asn1_cms = _KJUR_asn1.cms;
+181 
+182     _KJUR_asn1_cms.MessageDigest.superclass.constructor.call(this);
+183     this.attrTypeOid = "1.2.840.113549.1.9.4";
+184 
+185     if (params !== undefined) {
+186         if (params.eciObj instanceof _KJUR_asn1_cms.EncapsulatedContentInfo &&
+187             typeof params.hashAlg === "string") {
+188             var dataHex = params.eciObj.eContentValueHex;
+189             var hashAlg = params.hashAlg;
+190             var hashValueHex = _KJUR.crypto.Util.hashHex(dataHex, hashAlg);
+191             var dAttrValue1 = new _DEROctetString({hex: hashValueHex});
+192             dAttrValue1.getEncodedHex();
+193             this.valueList = [dAttrValue1];
+194         } else {
+195             var dAttrValue1 = new _DEROctetString(params);
+196             dAttrValue1.getEncodedHex();
+197             this.valueList = [dAttrValue1];
+198         }
+199     }
+200 };
+201 YAHOO.lang.extend(KJUR.asn1.cms.MessageDigest, KJUR.asn1.cms.Attribute);
+202 
+203 /**
+204  * class for CMS SigningTime attribute
+205  * @name KJUR.asn1.cms.SigningTime
+206  * @class class for CMS SigningTime attribute
+207  * @param {Array} params associative array of parameters
+208  * @extends KJUR.asn1.cms.Attribute
+209  * @since jsrsasign 4.2.4 asn1cms 1.0.0
+210  * @description
+211  * <pre>
+212  * Attribute ::= SEQUENCE {
+213  *    type               OBJECT IDENTIFIER,
+214  *    values             AttributeSetValue }
+215  * AttributeSetValue ::= SET OF ANY
+216  * SigningTime  ::= Time
+217  * Time ::= CHOICE {
+218  *    utcTime UTCTime,
+219  *    generalTime GeneralizedTime }
+220  * </pre>
+221  * @example
+222  * o = new KJUR.asn1.cms.SigningTime(); // current time UTCTime by default
+223  * o = new KJUR.asn1.cms.SigningTime({type: 'gen'}); // current time GeneralizedTime
+224  * o = new KJUR.asn1.cms.SigningTime({str: '20140517093800Z'}); // specified GeneralizedTime
+225  * o = new KJUR.asn1.cms.SigningTime({str: '140517093800Z'}); // specified UTCTime
+226  */
+227 KJUR.asn1.cms.SigningTime = function(params) {
+228     var _KJUR = KJUR,
+229 	_KJUR_asn1 = _KJUR.asn1;
 230 
-231 /**
-232  * class for CMS SigningCertificate attribute
-233  * @name KJUR.asn1.cms.SigningCertificate
-234  * @class class for CMS SigningCertificate attribute
-235  * @param {Array} params associative array of parameters
-236  * @extends KJUR.asn1.cms.Attribute
-237  * @since jsrsasign 4.5.1 asn1cms 1.0.1
-238  * @description
-239  * <pre>
-240  * Attribute ::= SEQUENCE {
-241  *    type               OBJECT IDENTIFIER,
-242  *    values             AttributeSetValue }
-243  * AttributeSetValue ::= SET OF ANY
-244  * SigningCertificate ::= SEQUENCE {
-245  *    certs SEQUENCE OF ESSCertID,
-246  *    policies SEQUENCE OF PolicyInformation OPTIONAL }
-247  * ESSCertID ::= SEQUENCE {
-248  *    certHash Hash,
-249  *    issuerSerial IssuerSerial OPTIONAL }
-250  * IssuerSerial ::= SEQUENCE {
-251  *    issuer GeneralNames,
-252  *    serialNumber CertificateSerialNumber }
-253  * </pre>
-254  * @example
-255  * o = new KJUR.asn1.cms.SigningCertificate({array: [certPEM]});
-256  */
-257 KJUR.asn1.cms.SigningCertificate = function(params) {
-258     KJUR.asn1.cms.SigningCertificate.superclass.constructor.call(this);
-259     this.attrTypeOid = "1.2.840.113549.1.9.16.2.12";
-260     var nA = KJUR.asn1;
-261     var nC = KJUR.asn1.cms;
-262     var nY = KJUR.crypto;
-263 
-264     this.setCerts = function(listPEM) {
-265         var list = [];
-266         for (var i = 0; i < listPEM.length; i++) {
-267             var hex = ASN1HEX.pemToHex(listPEM[i]);
-268             var certHashHex = nY.Util.hashHex(hex, 'sha1');
-269             var dCertHash = new nA.DEROctetString({hex: certHashHex});
-270             dCertHash.getEncodedHex();
-271             var dIssuerSerial =
-272                 new nC.IssuerAndSerialNumber({cert: listPEM[i]});
-273             dIssuerSerial.getEncodedHex();
-274             var dESSCertID =
-275                 new nA.DERSequence({array: [dCertHash, dIssuerSerial]});
-276             dESSCertID.getEncodedHex();
-277             list.push(dESSCertID);
-278         }
-279 
-280         var dValue = new nA.DERSequence({array: list});
-281         dValue.getEncodedHex();
-282         this.valueList = [dValue];
-283     };
-284 
-285     if (typeof params != "undefined") {
-286         if (typeof params.array == "object") {
-287             this.setCerts(params.array);
-288         }
-289     }
-290 };
-291 YAHOO.lang.extend(KJUR.asn1.cms.SigningCertificate, KJUR.asn1.cms.Attribute);
-292 
-293 /**
-294  * class for CMS SigningCertificateV2 attribute
-295  * @name KJUR.asn1.cms.SigningCertificateV2
-296  * @class class for CMS SigningCertificateV2 attribute
-297  * @param {Array} params associative array of parameters
-298  * @extends KJUR.asn1.cms.Attribute
-299  * @since jsrsasign 4.5.1 asn1cms 1.0.1
-300  * @description
-301  * <pre>
-302  * oid-signingCertificateV2 = 1.2.840.113549.1.9.16.2.47 
-303  * Attribute ::= SEQUENCE {
-304  *    type               OBJECT IDENTIFIER,
-305  *    values             AttributeSetValue }
-306  * AttributeSetValue ::= SET OF ANY
-307  * SigningCertificateV2 ::=  SEQUENCE {
-308  *    certs        SEQUENCE OF ESSCertIDv2,
-309  *    policies     SEQUENCE OF PolicyInformation OPTIONAL }
-310  * ESSCertIDv2 ::=  SEQUENCE {
-311  *    hashAlgorithm           AlgorithmIdentifier
-312  *                            DEFAULT {algorithm id-sha256},
-313  *    certHash                Hash,
-314  *    issuerSerial            IssuerSerial OPTIONAL }
-315  * Hash ::= OCTET STRING
-316  * IssuerSerial ::= SEQUENCE {
-317  *    issuer                  GeneralNames,
-318  *    serialNumber            CertificateSerialNumber }
-319  * </pre>
-320  * @example
-321  * // hash algorithm is sha256 by default:
-322  * o = new KJUR.asn1.cms.SigningCertificateV2({array: [certPEM]});
-323  * o = new KJUR.asn1.cms.SigningCertificateV2({array: [certPEM],
-324  *                                             hashAlg: 'sha512'});
-325  */
-326 KJUR.asn1.cms.SigningCertificateV2 = function(params) {
-327     KJUR.asn1.cms.SigningCertificateV2.superclass.constructor.call(this);
-328     this.attrTypeOid = "1.2.840.113549.1.9.16.2.47";
-329     var nA = KJUR.asn1;
-330     var nX = KJUR.asn1.x509;
-331     var nC = KJUR.asn1.cms;
-332     var nY = KJUR.crypto;
-333 
-334     this.setCerts = function(listPEM, hashAlg) {
-335         var list = [];
-336         for (var i = 0; i < listPEM.length; i++) {
-337             var hex = ASN1HEX.pemToHex(listPEM[i]);
-338 
-339             var a = [];
-340             if (hashAlg != "sha256")
-341                 a.push(new nX.AlgorithmIdentifier({name: hashAlg}));
-342 
-343             var certHashHex = nY.Util.hashHex(hex, hashAlg);
-344             var dCertHash = new nA.DEROctetString({hex: certHashHex});
-345             dCertHash.getEncodedHex();
-346             a.push(dCertHash);
-347 
-348             var dIssuerSerial =
-349                 new nC.IssuerAndSerialNumber({cert: listPEM[i]});
-350             dIssuerSerial.getEncodedHex();
-351             a.push(dIssuerSerial);
+231     _KJUR_asn1.cms.SigningTime.superclass.constructor.call(this);
+232     this.attrTypeOid = "1.2.840.113549.1.9.5";
+233 
+234     if (params !== undefined) {
+235         var asn1 = new _KJUR_asn1.x509.Time(params);
+236         try {
+237             asn1.getEncodedHex();
+238         } catch (ex) {
+239             throw "SigningTime.getEncodedHex() failed/" + ex;
+240         }
+241         this.valueList = [asn1];
+242     }
+243 };
+244 YAHOO.lang.extend(KJUR.asn1.cms.SigningTime, KJUR.asn1.cms.Attribute);
+245 
+246 /**
+247  * class for CMS SigningCertificate attribute
+248  * @name KJUR.asn1.cms.SigningCertificate
+249  * @class class for CMS SigningCertificate attribute
+250  * @param {Array} params associative array of parameters
+251  * @extends KJUR.asn1.cms.Attribute
+252  * @since jsrsasign 4.5.1 asn1cms 1.0.1
+253  * @description
+254  * <pre>
+255  * Attribute ::= SEQUENCE {
+256  *    type               OBJECT IDENTIFIER,
+257  *    values             AttributeSetValue }
+258  * AttributeSetValue ::= SET OF ANY
+259  * SigningCertificate ::= SEQUENCE {
+260  *    certs SEQUENCE OF ESSCertID,
+261  *    policies SEQUENCE OF PolicyInformation OPTIONAL }
+262  * ESSCertID ::= SEQUENCE {
+263  *    certHash Hash,
+264  *    issuerSerial IssuerSerial OPTIONAL }
+265  * IssuerSerial ::= SEQUENCE {
+266  *    issuer GeneralNames,
+267  *    serialNumber CertificateSerialNumber }
+268  * </pre>
+269  * @example
+270  * o = new KJUR.asn1.cms.SigningCertificate({array: [certPEM]});
+271  */
+272 KJUR.asn1.cms.SigningCertificate = function(params) {
+273     var _KJUR = KJUR,
+274 	_KJUR_asn1 = _KJUR.asn1,
+275 	_DERSequence = _KJUR_asn1.DERSequence,
+276 	_KJUR_asn1_cms = _KJUR_asn1.cms,
+277 	_KJUR_crypto = _KJUR.crypto;
+278 
+279     _KJUR_asn1_cms.SigningCertificate.superclass.constructor.call(this);
+280     this.attrTypeOid = "1.2.840.113549.1.9.16.2.12";
+281 
+282     this.setCerts = function(listPEM) {
+283         var list = [];
+284         for (var i = 0; i < listPEM.length; i++) {
+285             var hex = pemtohex(listPEM[i]);
+286             var certHashHex = _KJUR.crypto.Util.hashHex(hex, 'sha1');
+287             var dCertHash = 
+288 		new _KJUR_asn1.DEROctetString({hex: certHashHex});
+289             dCertHash.getEncodedHex();
+290             var dIssuerSerial =
+291                 new _KJUR_asn1_cms.IssuerAndSerialNumber({cert: listPEM[i]});
+292             dIssuerSerial.getEncodedHex();
+293             var dESSCertID =
+294                 new _DERSequence({array: [dCertHash, dIssuerSerial]});
+295             dESSCertID.getEncodedHex();
+296             list.push(dESSCertID);
+297         }
+298 
+299         var dValue = new _DERSequence({array: list});
+300         dValue.getEncodedHex();
+301         this.valueList = [dValue];
+302     };
+303 
+304     if (params !== undefined) {
+305         if (typeof params.array == "object") {
+306             this.setCerts(params.array);
+307         }
+308     }
+309 };
+310 YAHOO.lang.extend(KJUR.asn1.cms.SigningCertificate, KJUR.asn1.cms.Attribute);
+311 
+312 /**
+313  * class for CMS SigningCertificateV2 attribute
+314  * @name KJUR.asn1.cms.SigningCertificateV2
+315  * @class class for CMS SigningCertificateV2 attribute
+316  * @param {Array} params associative array of parameters
+317  * @extends KJUR.asn1.cms.Attribute
+318  * @since jsrsasign 4.5.1 asn1cms 1.0.1
+319  * @description
+320  * <pre>
+321  * oid-signingCertificateV2 = 1.2.840.113549.1.9.16.2.47 
+322  * Attribute ::= SEQUENCE {
+323  *    type               OBJECT IDENTIFIER,
+324  *    values             AttributeSetValue }
+325  * AttributeSetValue ::= SET OF ANY
+326  * SigningCertificateV2 ::=  SEQUENCE {
+327  *    certs        SEQUENCE OF ESSCertIDv2,
+328  *    policies     SEQUENCE OF PolicyInformation OPTIONAL }
+329  * ESSCertIDv2 ::=  SEQUENCE {
+330  *    hashAlgorithm           AlgorithmIdentifier
+331  *                            DEFAULT {algorithm id-sha256},
+332  *    certHash                Hash,
+333  *    issuerSerial            IssuerSerial OPTIONAL }
+334  * Hash ::= OCTET STRING
+335  * IssuerSerial ::= SEQUENCE {
+336  *    issuer                  GeneralNames,
+337  *    serialNumber            CertificateSerialNumber }
+338  * </pre>
+339  * @example
+340  * // hash algorithm is sha256 by default:
+341  * o = new KJUR.asn1.cms.SigningCertificateV2({array: [certPEM]});
+342  * o = new KJUR.asn1.cms.SigningCertificateV2({array: [certPEM],
+343  *                                             hashAlg: 'sha512'});
+344  */
+345 KJUR.asn1.cms.SigningCertificateV2 = function(params) {
+346     var _KJUR = KJUR,
+347 	_KJUR_asn1 = _KJUR.asn1,
+348 	_DERSequence = _KJUR_asn1.DERSequence,
+349 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+350 	_KJUR_asn1_cms = _KJUR_asn1.cms,
+351 	_KJUR_crypto = _KJUR.crypto;
 352 
-353             var dESSCertIDv2 =
-354                 new nA.DERSequence({array: a});
-355             dESSCertIDv2.getEncodedHex();
-356             list.push(dESSCertIDv2);
-357         }
-358 
-359         var dValue = new nA.DERSequence({array: list});
-360         dValue.getEncodedHex();
-361         this.valueList = [dValue];
-362     };
-363 
-364     if (typeof params != "undefined") {
-365         if (typeof params.array == "object") {
-366             var hashAlg = "sha256"; // sha2 default
-367             if (typeof params.hashAlg == "string") 
-368                 hashAlg = params.hashAlg;
-369             this.setCerts(params.array, hashAlg);
-370         }
-371     }
-372 };
-373 YAHOO.lang.extend(KJUR.asn1.cms.SigningCertificateV2, KJUR.asn1.cms.Attribute);
+353     _KJUR_asn1_cms.SigningCertificateV2.superclass.constructor.call(this);
+354     this.attrTypeOid = "1.2.840.113549.1.9.16.2.47";
+355 
+356     this.setCerts = function(listPEM, hashAlg) {
+357         var list = [];
+358         for (var i = 0; i < listPEM.length; i++) {
+359             var hex = pemtohex(listPEM[i]);
+360 
+361             var a = [];
+362             if (hashAlg !== "sha256")
+363                 a.push(new _KJUR_asn1_x509.AlgorithmIdentifier({name: hashAlg}));
+364 
+365             var certHashHex = _KJUR_crypto.Util.hashHex(hex, hashAlg);
+366             var dCertHash = new _KJUR_asn1.DEROctetString({hex: certHashHex});
+367             dCertHash.getEncodedHex();
+368             a.push(dCertHash);
+369 
+370             var dIssuerSerial =
+371                 new _KJUR_asn1_cms.IssuerAndSerialNumber({cert: listPEM[i]});
+372             dIssuerSerial.getEncodedHex();
+373             a.push(dIssuerSerial);
 374 
-375 /**
-376  * class for IssuerAndSerialNumber ASN.1 structure for CMS
-377  * @name KJUR.asn1.cms.IssuerAndSerialNumber
-378  * @class class for CMS IssuerAndSerialNumber ASN.1 structure for CMS
-379  * @param {Array} params associative array of parameters
-380  * @extends KJUR.asn1.ASN1Object
-381  * @since jsrsasign 4.2.4 asn1cms 1.0.0
-382  * @description
-383  * <pre>
-384  * IssuerAndSerialNumber ::= SEQUENCE {
-385  *    issuer Name,
-386  *    serialNumber CertificateSerialNumber }
-387  * CertificateSerialNumber ::= INTEGER
-388  * </pre>
-389  * @example
-390  * // specify by X500Name and DERInteger
-391  * o = new KJUR.asn1.cms.IssuerAndSerialNumber(
-392  *      {issuer: {str: '/C=US/O=T1'}, serial {int: 3}});
-393  * // specify by PEM certificate
-394  * o = new KJUR.asn1.cms.IssuerAndSerialNumber({cert: certPEM});
-395  * o = new KJUR.asn1.cms.IssuerAndSerialNumber(certPEM); // since 1.0.3
-396  */
-397 KJUR.asn1.cms.IssuerAndSerialNumber = function(params) {
-398     KJUR.asn1.cms.IssuerAndSerialNumber.superclass.constructor.call(this);
-399     var dIssuer = null;
-400     var dSerial = null;
-401     var nA = KJUR.asn1;
-402     var nX = nA.x509;
-403 
-404     /*
-405      * @since asn1cms 1.0.1
-406      */
-407     this.setByCertPEM = function(certPEM) {
-408         var certHex = ASN1HEX.pemToHex(certPEM);
-409         var x = new X509();
-410         x.hex = certHex;
-411         var issuerTLVHex = x.getIssuerHex();
-412         this.dIssuer = new nX.X500Name();
-413         this.dIssuer.hTLV = issuerTLVHex;
-414         var serialVHex = x.getSerialNumberHex();
-415         this.dSerial = new nA.DERInteger({hex: serialVHex});
-416     };
-417 
-418     this.getEncodedHex = function() {
-419         var seq = new KJUR.asn1.DERSequence({"array": [this.dIssuer,
-420                                                        this.dSerial]});
-421         this.hTLV = seq.getEncodedHex();
-422         return this.hTLV;
-423     };
-424 
-425     if (typeof params != "undefined") {
-426         if (typeof params == "string" &&
-427             params.indexOf("-----BEGIN ") != -1) {
-428             this.setByCertPEM(params);
-429         }
-430         if (params.issuer && params.serial) {
-431             if (params.issuer instanceof KJUR.asn1.x509.X500Name) {
-432                 this.dIssuer = params.issuer;
-433             } else {
-434                 this.dIssuer = new KJUR.asn1.x509.X500Name(params.issuer);
-435             }
-436             if (params.serial instanceof KJUR.asn1.DERInteger) {
-437                 this.dSerial = params.serial;
-438             } else {
-439                 this.dSerial = new KJUR.asn1.DERInteger(params.serial);
-440             }
-441         }
-442         if (typeof params.cert == "string") {
-443             this.setByCertPEM(params.cert);
-444         }
-445     }
-446 };
-447 YAHOO.lang.extend(KJUR.asn1.cms.IssuerAndSerialNumber, KJUR.asn1.ASN1Object);
-448 
-449 /**
-450  * class for Attributes ASN.1 structure for CMS
-451  * @name KJUR.asn1.cms.AttributeList
-452  * @class class for Attributes ASN.1 structure for CMS
-453  * @param {Array} params associative array of parameters
-454  * @extends KJUR.asn1.ASN1Object
-455  * @since jsrsasign 4.2.4 asn1cms 1.0.0
-456  * @description
-457  * <pre>
-458  * Attributes ::= SET OF Attribute
-459  * Attribute ::= SEQUENCE {
-460  *    type               OBJECT IDENTIFIER,
-461  *    values             AttributeSetValue }
-462  * </pre>
-463  * @example
-464  * // specify by X500Name and DERInteger
-465  * o = new KJUR.asn1.cms.AttributeList({sorted: false}); // ASN.1 BER unsorted SET OF
-466  * o = new KJUR.asn1.cms.AttributeList();  // ASN.1 DER sorted by default
-467  * o.clear();                              // clear list of Attributes
-468  * n = o.length();                         // get number of Attribute
-469  * o.add(new KJUR.asn1.cms.SigningTime()); // add SigningTime attribute
-470  * hex = o.getEncodedHex();                // get hex encoded ASN.1 data
-471  */
-472 KJUR.asn1.cms.AttributeList = function(params) {
-473     KJUR.asn1.cms.AttributeList.superclass.constructor.call(this);
-474     this.list = new Array();
-475     this.sortFlag = true;
-476 
-477     this.add = function(item) {
-478         if (item instanceof KJUR.asn1.cms.Attribute) {
-479             this.list.push(item);
-480         }
-481     };
-482 
-483     this.length = function() {
-484         return this.list.length;
-485     };
-486 
-487     this.clear = function() {
-488         this.list = new Array();
-489         this.hTLV = null;
-490         this.hV = null;
-491     };
-492 
-493     this.getEncodedHex = function() {
-494         if (typeof this.hTLV == "string") return this.hTLV;
-495         var set = new KJUR.asn1.DERSet({array: this.list, 
-496                                         sortflag: this.sortFlag});
-497         this.hTLV = set.getEncodedHex();
-498         return this.hTLV;
-499     };
-500 
-501     if (typeof params != "undefined") {
-502         if (typeof params.sortflag != "undefined" &&
-503             params.sortflag == false)
-504             this.sortFlag = false;
-505     }
-506 };
-507 YAHOO.lang.extend(KJUR.asn1.cms.AttributeList, KJUR.asn1.ASN1Object);
-508 
-509 /**
-510  * class for SignerInfo ASN.1 structure of CMS SignedData
-511  * @name KJUR.asn1.cms.SignerInfo
-512  * @class class for Attributes ASN.1 structure of CMS SigndData
-513  * @param {Array} params associative array of parameters
-514  * @extends KJUR.asn1.ASN1Object
-515  * @since jsrsasign 4.2.4 asn1cms 1.0.0
-516  * @description
-517  * <pre>
-518  * SignerInfo ::= SEQUENCE {
-519  *    version CMSVersion,
-520  *    sid SignerIdentifier,
-521  *    digestAlgorithm DigestAlgorithmIdentifier,
-522  *    signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
-523  *    signatureAlgorithm SignatureAlgorithmIdentifier,
-524  *    signature SignatureValue,
-525  *    unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
-526  * </pre>
-527  * @example
-528  * o = new KJUR.asn1.cms.SignerInfo();
-529  * o.setSignerIdentifier(certPEMstring);
-530  * o.dSignedAttrs.add(new KJUR.asn1.cms.ContentType({name: 'data'}));
-531  * o.dSignedAttrs.add(new KJUR.asn1.cms.MessageDigest({hex: 'a1b2...'}));
-532  * o.dSignedAttrs.add(new KJUR.asn1.cms.SigningTime());
-533  * o.sign(privteKeyParam, "SHA1withRSA");
-534  */
-535 KJUR.asn1.cms.SignerInfo = function(params) {
-536     KJUR.asn1.cms.SignerInfo.superclass.constructor.call(this);
-537     var nA = KJUR.asn1;
-538     var nC = KJUR.asn1.cms;
-539     var nX = KJUR.asn1.x509;
-540 
-541     this.dCMSVersion = new nA.DERInteger({'int': 1});
-542     this.dSignerIdentifier = null;
-543     this.dDigestAlgorithm = null;
-544     this.dSignedAttrs = new nC.AttributeList();
-545     this.dSigAlg = null;
-546     this.dSig = null;
-547     this.dUnsignedAttrs = new nC.AttributeList();
-548 
-549     this.setSignerIdentifier = function(params) {
-550         if (typeof params == "string" &&
-551             params.indexOf("CERTIFICATE") != -1 &&
-552             params.indexOf("BEGIN") != -1 &&
-553             params.indexOf("END") != -1) {
-554 
-555             var certPEM = params;
-556             this.dSignerIdentifier = 
-557                 new nC.IssuerAndSerialNumber({cert: params});
-558         }
-559     };
-560 
-561     /**
-562      * set ContentType/MessageDigest/DigestAlgorithms for SignerInfo/SignedData
-563      * @name setForContentAndHash
-564      * @memberOf KJUR.asn1.cms.SignerInfo
-565      * @param {Array} params JSON parameter to set content related field
-566      * @description
-567      * This method will specify following fields by a parameters:
-568      * <ul>
-569      * <li>add ContentType signed attribute by encapContentInfo</li>
-570      * <li>add MessageDigest signed attribute by encapContentInfo and hashAlg</li>
-571      * <li>add a hash algorithm used in MessageDigest to digestAlgorithms field of SignedData</li>
-572      * <li>set a hash algorithm used in MessageDigest to digestAlgorithm field of SignerInfo</li>
-573      * </ul>
-574      * Argument 'params' is an associative array having following elements:
-575      * <ul>
-576      * <li>eciObj - {@link KJUR.asn1.cms.EncapsulatedContentInfo} object</li>
-577      * <li>sdObj - {@link KJUR.asn1.cms.SignedData} object (Option) to set DigestAlgorithms</li>
-578      * <li>hashAlg - string of hash algorithm name which is used for MessageDigest attribute</li>
-579      * </ul>
-580      * some of elements can be omited.
-581      * @example
-582      * sd = new KJUR.asn1.cms.SignedData();
-583      * signerInfo.setForContentAndHash({sdObj: sd,
-584      *                                  eciObj: sd.dEncapContentInfo,
-585      *                                  hashAlg: 'sha256'});
-586      */
-587     this.setForContentAndHash = function(params) {
-588         if (typeof params != "undefined") {
-589             if (params.eciObj instanceof KJUR.asn1.cms.EncapsulatedContentInfo) {
-590                 this.dSignedAttrs.add(new nC.ContentType({oid: '1.2.840.113549.1.7.1'}));
-591                 this.dSignedAttrs.add(new nC.MessageDigest({eciObj: params.eciObj,
-592                                                             hashAlg: params.hashAlg}));
-593             }
-594             if (typeof params.sdObj != "undefined" &&
-595                 params.sdObj instanceof KJUR.asn1.cms.SignedData) {
-596                 if (params.sdObj.digestAlgNameList.join(":").indexOf(params.hashAlg) == -1) {
-597                     params.sdObj.digestAlgNameList.push(params.hashAlg);
-598                 }
-599             }
-600             if (typeof params.hashAlg == "string") {
-601                 this.dDigestAlgorithm = new nX.AlgorithmIdentifier({name: params.hashAlg});
-602             }
-603         }
-604     };
-605 
-606     this.sign = function(keyParam, sigAlg) {
-607         // set algorithm
-608         this.dSigAlg = new nX.AlgorithmIdentifier({name: sigAlg});
-609 
-610         // set signature
-611         var data = this.dSignedAttrs.getEncodedHex();
-612         var prvKey = KEYUTIL.getKey(keyParam);
-613         var sig = new KJUR.crypto.Signature({alg: sigAlg});
-614         sig.init(prvKey);
-615         sig.updateHex(data);
-616         var sigValHex = sig.sign();
-617         this.dSig = new nA.DEROctetString({hex: sigValHex});
-618     };
-619 
-620     /*
-621      * @since asn1cms 1.0.3
-622      */
-623     this.addUnsigned = function(attr) {
-624         this.hTLV = null;
-625         this.dUnsignedAttrs.hTLV = null;
-626         this.dUnsignedAttrs.add(attr);
-627     };
-628 
-629     this.getEncodedHex = function() {
-630         //alert("sattrs.hTLV=" + this.dSignedAttrs.hTLV);
-631         if (this.dSignedAttrs instanceof KJUR.asn1.cms.AttributeList &&
-632             this.dSignedAttrs.length() == 0) {
-633             throw "SignedAttrs length = 0 (empty)";
-634         }
-635         var sa = new nA.DERTaggedObject({obj: this.dSignedAttrs,
-636                                          tag: 'a0', explicit: false});
-637         var ua = null;;
-638         if (this.dUnsignedAttrs.length() > 0) {
-639             ua = new nA.DERTaggedObject({obj: this.dUnsignedAttrs,
-640                                          tag: 'a1', explicit: false});
-641         }
-642 
-643         var items = [
-644             this.dCMSVersion,
-645             this.dSignerIdentifier,
-646             this.dDigestAlgorithm,
-647             sa,
-648             this.dSigAlg,
-649             this.dSig,
-650         ];
-651         if (ua != null) items.push(ua);
-652 
-653         var seq = new nA.DERSequence({array: items});
-654         this.hTLV = seq.getEncodedHex();
-655         return this.hTLV;
-656     };
-657 };
-658 YAHOO.lang.extend(KJUR.asn1.cms.SignerInfo, KJUR.asn1.ASN1Object);
-659 
-660 /**
-661  * class for EncapsulatedContentInfo ASN.1 structure for CMS
-662  * @name KJUR.asn1.cms.EncapsulatedContentInfo
-663  * @class class for EncapsulatedContentInfo ASN.1 structure for CMS
-664  * @param {Array} params associative array of parameters
-665  * @extends KJUR.asn1.ASN1Object
-666  * @since jsrsasign 4.2.4 asn1cms 1.0.0
-667  * @description
-668  * <pre>
-669  * EncapsulatedContentInfo ::= SEQUENCE {
-670  *    eContentType ContentType,
-671  *    eContent [0] EXPLICIT OCTET STRING OPTIONAL }
-672  * ContentType ::= OBJECT IDENTIFIER
-673  * </pre>
-674  * @example
-675  * o = new KJUR.asn1.cms.EncapsulatedContentInfo();
-676  * o.setContentType('1.2.3.4.5');     // specify eContentType by OID
-677  * o.setContentType('data');          // specify eContentType by name
-678  * o.setContentValueHex('a1a2a4...'); // specify eContent data by hex string
-679  * o.setContentValueStr('apple');     // specify eContent data by UTF-8 string
-680  * // for detached contents (i.e. data not concluded in eContent)
-681  * o.isDetached = true;               // false as default 
-682  */
-683 KJUR.asn1.cms.EncapsulatedContentInfo = function(params) {
-684     KJUR.asn1.cms.EncapsulatedContentInfo.superclass.constructor.call(this);
-685     var nA = KJUR.asn1;
-686     var nC = KJUR.asn1.cms;
-687     var nX = KJUR.asn1.x509;
-688     this.dEContentType = new nA.DERObjectIdentifier({name: 'data'});
-689     this.dEContent = null;
-690     this.isDetached = false;
-691     this.eContentValueHex = null;
-692     
-693     this.setContentType = function(nameOrOid) {
-694         if (nameOrOid.match(/^[0-2][.][0-9.]+$/)) {
-695             this.dEContentType = new nA.DERObjectIdentifier({oid: nameOrOid});
-696         } else {
-697             this.dEContentType = new nA.DERObjectIdentifier({name: nameOrOid});
-698         }
-699     };
-700 
-701     this.setContentValue = function(params) {
-702         if (typeof params != "undefined") {
-703             if (typeof params.hex == "string") {
-704                 this.eContentValueHex = params.hex;
-705             } else if (typeof params.str == "string") {
-706                 this.eContentValueHex = utf8tohex(params.str);
-707             }
-708         }
-709     };
-710 
-711     this.setContentValueHex = function(valueHex) {
-712         this.eContentValueHex = valueHex;
-713     };
-714 
-715     this.setContentValueStr = function(valueStr) {
-716         this.eContentValueHex = utf8tohex(valueStr);
-717     };
-718 
-719     this.getEncodedHex = function() {
-720         if (typeof this.eContentValueHex != "string") {
-721             throw "eContentValue not yet set";
-722         }
-723 
-724         var dValue = new nA.DEROctetString({hex: this.eContentValueHex});
-725         this.dEContent = new nA.DERTaggedObject({obj: dValue,
-726                                                  tag: 'a0',
-727                                                  explicit: true});
-728 
-729         var a = [this.dEContentType];
-730         if (! this.isDetached) a.push(this.dEContent);
-731         var seq = new nA.DERSequence({array: a});
-732         this.hTLV = seq.getEncodedHex();
-733         return this.hTLV;
-734     };
-735 };
-736 YAHOO.lang.extend(KJUR.asn1.cms.EncapsulatedContentInfo, KJUR.asn1.ASN1Object);
-737 
-738 // - type
-739 // - obj
-740 /**
-741  * class for ContentInfo ASN.1 structure for CMS
-742  * @name KJUR.asn1.cms.ContentInfo
-743  * @class class for ContentInfo ASN.1 structure for CMS
-744  * @param {Array} params associative array of parameters
-745  * @extends KJUR.asn1.ASN1Object
-746  * @since jsrsasign 4.2.4 asn1cms 1.0.0
-747  * @description
-748  * <pre>
-749  * ContentInfo ::= SEQUENCE {
-750  *    contentType ContentType,
-751  *    content [0] EXPLICIT ANY DEFINED BY contentType }
-752  * ContentType ::= OBJECT IDENTIFIER
-753  * </pre>
-754  * @example
-755  * a = [new KJUR.asn1.DERInteger({int: 1}),
-756  *      new KJUR.asn1.DERInteger({int: 2})];
-757  * seq = new KJUR.asn1.DERSequence({array: a});
-758  * o = new KJUR.asn1.cms.ContentInfo({type: 'data', obj: seq});
-759  */
-760 KJUR.asn1.cms.ContentInfo = function(params) {
-761     KJUR.asn1.cms.ContentInfo.superclass.constructor.call(this);
-762     var nA = KJUR.asn1;
-763     var nC = KJUR.asn1.cms;
-764     var nX = KJUR.asn1.x509;
-765 
-766     this.dContentType = null;
-767     this.dContent = null;
-768 
-769     this.setContentType = function(params) {
-770         if (typeof params == "string") {
-771             this.dContentType = nX.OID.name2obj(params);
-772         }
-773     };
-774 
-775     this.getEncodedHex = function() {
-776         var dContent0 = new nA.DERTaggedObject({obj: this.dContent, tag: 'a0', explicit: true});
-777         var seq = new nA.DERSequence({array: [this.dContentType, dContent0]});
-778         this.hTLV = seq.getEncodedHex();
-779         return this.hTLV;
-780     };
-781 
-782     if (typeof params != "undefined") {
-783         if (params.type) this.setContentType(params.type);
-784         if (params.obj && params.obj instanceof nA.ASN1Object) this.dContent = params.obj;
-785     }
-786 };
-787 YAHOO.lang.extend(KJUR.asn1.cms.ContentInfo, KJUR.asn1.ASN1Object);
-788 
-789 /**
-790  * class for SignerInfo ASN.1 structure of CMS SignedData
-791  * @name KJUR.asn1.cms.SignedData
-792  * @class class for Attributes ASN.1 structure of CMS SigndData
-793  * @param {Array} params associative array of parameters
-794  * @extends KJUR.asn1.ASN1Object
-795  * @since jsrsasign 4.2.4 asn1cms 1.0.0
-796  *
-797  * @description
-798  * <pre>
-799  * SignedData ::= SEQUENCE {
-800  *    version CMSVersion,
-801  *    digestAlgorithms DigestAlgorithmIdentifiers,
-802  *    encapContentInfo EncapsulatedContentInfo,
-803  *    certificates [0] IMPLICIT CertificateSet OPTIONAL,
-804  *    crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
-805  *    signerInfos SignerInfos }
-806  * SignerInfos ::= SET OF SignerInfo
-807  * CertificateSet ::= SET OF CertificateChoices
-808  * DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
-809  * CertificateSet ::= SET OF CertificateChoices
-810  * RevocationInfoChoices ::= SET OF RevocationInfoChoice
-811  * </pre>
-812  *
-813  * @example
-814  * sd = new KJUR.asn1.cms.SignedData();
-815  * sd.dEncapContentInfo.setContentValueStr("test string");
-816  * sd.signerInfoList[0].setForContentAndHash({sdObj: sd,
-817  *                                            eciObj: sd.dEncapContentInfo,
-818  *                                            hashAlg: 'sha256'});
-819  * sd.signerInfoList[0].dSignedAttrs.add(new KJUR.asn1.cms.SigningTime());
-820  * sd.signerInfoList[0].setSignerIdentifier(certPEM);
-821  * sd.signerInfoList[0].sign(prvP8PEM, "SHA256withRSA");
-822  * hex = sd.getContentInfoEncodedHex();
-823  */
-824 KJUR.asn1.cms.SignedData = function(params) {
-825     KJUR.asn1.cms.SignedData.superclass.constructor.call(this);
-826     var nA = KJUR.asn1;
-827     var nC = KJUR.asn1.cms;
-828     var nX = KJUR.asn1.x509;
-829 
-830     this.dCMSVersion = new nA.DERInteger({'int': 1});
-831     this.dDigestAlgs = null;
-832     this.digestAlgNameList = [];
-833     this.dEncapContentInfo = new nC.EncapsulatedContentInfo();
-834     this.dCerts = null;
-835     this.certificateList = [];
-836     this.crlList = [];
-837     this.signerInfoList = [new nC.SignerInfo()];
-838 
-839     this.addCertificatesByPEM = function(certPEM) {
-840         var hex = ASN1HEX.pemToHex(certPEM);
-841         var o = new nA.ASN1Object();
-842         o.hTLV = hex;
-843         this.certificateList.push(o);
-844     };
-845 
-846     this.getEncodedHex = function() {
-847         if (typeof this.hTLV == "string") return this.hTLV;
-848         
-849         if (this.dDigestAlgs == null) {
-850             var digestAlgList = [];
-851             for (var i = 0; i < this.digestAlgNameList.length; i++) {
-852                 var name = this.digestAlgNameList[i];
-853                 var o = new nX.AlgorithmIdentifier({name: name});
-854                 digestAlgList.push(o);
-855             }
-856             this.dDigestAlgs = new nA.DERSet({array: digestAlgList});
-857         }
-858 
-859         var a = [this.dCMSVersion,
-860                  this.dDigestAlgs,
-861                  this.dEncapContentInfo];
-862 
-863         if (this.dCerts == null) {
-864             if (this.certificateList.length > 0) {
-865                 var o1 = new nA.DERSet({array: this.certificateList});
-866                 this.dCerts
-867                     = new nA.DERTaggedObject({obj: o1,
-868                                               tag: 'a0',
-869                                               explicit: false});
-870             }
-871         }
-872         if (this.dCerts != null) a.push(this.dCerts);
-873         
-874         var dSignerInfos = new nA.DERSet({array: this.signerInfoList});
-875         a.push(dSignerInfos);
-876 
-877         var seq = new nA.DERSequence({array: a});
-878         this.hTLV = seq.getEncodedHex();
-879         return this.hTLV;
-880     };
-881 
-882     this.getContentInfo = function() {
-883         this.getEncodedHex();
-884         var ci = new nC.ContentInfo({type: 'signed-data', obj: this});
-885         return ci;
-886     };
-887 
-888     this.getContentInfoEncodedHex = function() {
-889         var ci = this.getContentInfo();
-890         var ciHex = ci.getEncodedHex();
-891         return ciHex;
-892     };
-893 
-894     this.getPEM = function() {
-895         var hex = this.getContentInfoEncodedHex();
-896         var pem = nA.ASN1Util.getPEMStringFromHex(hex, "CMS");
-897         return pem;
-898     };
-899 };
-900 YAHOO.lang.extend(KJUR.asn1.cms.SignedData, KJUR.asn1.ASN1Object);
-901 
-902 /**
-903  * CMS utiliteis class
-904  * @name KJUR.asn1.cms.CMSUtil
-905  * @class CMS utilities class
-906  */
-907 KJUR.asn1.cms.CMSUtil = new function() {
-908 };
-909 /**
-910  * generate SignedData object specified by JSON parameters
-911  * @name newSignedData
-912  * @memberOf KJUR.asn1.cms.CMSUtil
-913  * @function
-914  * @param {Array} param JSON parameter to generate CMS SignedData
-915  * @return {KJUR.asn1.cms.SignedData} object just generated
-916  * @description
-917  * This method provides more easy way to genereate
-918  * CMS SignedData ASN.1 structure by JSON data.
-919  * @example
-920  * var sd = KJUR.asn1.cms.CMSUtil.newSignedData({
-921  *   content: {str: "jsrsasign"},
-922  *   certs: [certPEM],
-923  *   signerInfos: [{
-924  *     hashAlg: 'sha256',
-925  *     sAttr: {
-926  *       SigningTime: {}
-927  *       SigningCertificateV2: {array: [certPEM]},
-928  *     },
-929  *     signerCert: certPEM,
-930  *     sigAlg: 'SHA256withRSA',
-931  *     signerPrvKey: prvPEM
-932  *   }]
-933  * });
-934  */
-935 KJUR.asn1.cms.CMSUtil.newSignedData = function(param) {
-936     var nC = KJUR.asn1.cms;
-937     var nE = KJUR.asn1.cades;
-938     var sd = new nC.SignedData();
-939 
-940     sd.dEncapContentInfo.setContentValue(param.content);
-941 
-942     if (typeof param.certs == "object") {
-943         for (var i = 0; i < param.certs.length; i++) {
-944             sd.addCertificatesByPEM(param.certs[i]);
-945         }
-946     }
-947     
-948     sd.signerInfoList = [];
-949     for (var i = 0; i < param.signerInfos.length; i++) {
-950         var siParam = param.signerInfos[i];
-951         var si = new nC.SignerInfo();
-952         si.setSignerIdentifier(siParam.signerCert);
-953 
-954         si.setForContentAndHash({sdObj: sd,
-955                                  eciObj: sd.dEncapContentInfo,
-956                                  hashAlg: siParam.hashAlg});
-957 
-958         for (attrName in siParam.sAttr) {
-959             var attrParam = siParam.sAttr[attrName];
-960             if (attrName == "SigningTime") {
-961                 var attr = new nC.SigningTime(attrParam);
-962                 si.dSignedAttrs.add(attr);
-963             }
-964             if (attrName == "SigningCertificate") {
-965                 var attr = new nC.SigningCertificate(attrParam);
-966                 si.dSignedAttrs.add(attr);
-967             }
-968             if (attrName == "SigningCertificateV2") {
-969                 var attr = new nC.SigningCertificateV2(attrParam);
-970                 si.dSignedAttrs.add(attr);
-971             }
-972             if (attrName == "SignaturePolicyIdentifier") {
-973                 var attr = new nE.SignaturePolicyIdentifier(attrParam);
-974                 si.dSignedAttrs.add(attr);
-975             }
-976         }
-977 
-978         si.sign(siParam.signerPrvKey, siParam.sigAlg);
-979         sd.signerInfoList.push(si);
-980     }
-981 
-982     return sd;
-983 };
-984 
-985 
\ No newline at end of file +375
var dESSCertIDv2 = new _DERSequence({array: a}); +376 dESSCertIDv2.getEncodedHex(); +377 list.push(dESSCertIDv2); +378 } +379 +380 var dValue = new _DERSequence({array: list}); +381 dValue.getEncodedHex(); +382 this.valueList = [dValue]; +383 }; +384 +385 if (params !== undefined) { +386 if (typeof params.array == "object") { +387 var hashAlg = "sha256"; // sha2 default +388 if (typeof params.hashAlg == "string") +389 hashAlg = params.hashAlg; +390 this.setCerts(params.array, hashAlg); +391 } +392 } +393 }; +394 YAHOO.lang.extend(KJUR.asn1.cms.SigningCertificateV2, KJUR.asn1.cms.Attribute); +395 +396 /** +397 * class for IssuerAndSerialNumber ASN.1 structure for CMS +398 * @name KJUR.asn1.cms.IssuerAndSerialNumber +399 * @class class for CMS IssuerAndSerialNumber ASN.1 structure for CMS +400 * @param {Array} params associative array of parameters +401 * @extends KJUR.asn1.ASN1Object +402 * @since jsrsasign 4.2.4 asn1cms 1.0.0 +403 * @description +404 * <pre> +405 * IssuerAndSerialNumber ::= SEQUENCE { +406 * issuer Name, +407 * serialNumber CertificateSerialNumber } +408 * CertificateSerialNumber ::= INTEGER +409 * </pre> +410 * @example +411 * // specify by X500Name and DERInteger +412 * o = new KJUR.asn1.cms.IssuerAndSerialNumber( +413 * {issuer: {str: '/C=US/O=T1'}, serial {int: 3}}); +414 * // specify by PEM certificate +415 * o = new KJUR.asn1.cms.IssuerAndSerialNumber({cert: certPEM}); +416 * o = new KJUR.asn1.cms.IssuerAndSerialNumber(certPEM); // since 1.0.3 +417 */ +418 KJUR.asn1.cms.IssuerAndSerialNumber = function(params) { +419 var _KJUR = KJUR, +420 _KJUR_asn1 = _KJUR.asn1, +421 _DERInteger = _KJUR_asn1.DERInteger, +422 _KJUR_asn1_cms = _KJUR_asn1.cms, +423 _KJUR_asn1_x509 = _KJUR_asn1.x509, +424 _X500Name = _KJUR_asn1_x509.X500Name, +425 _X509 = X509; +426 +427 _KJUR_asn1_cms.IssuerAndSerialNumber.superclass.constructor.call(this); +428 var dIssuer = null; +429 var dSerial = null; +430 +431 /* +432 * @since asn1cms 1.0.1 +433 */ +434 this.setByCertPEM = function(certPEM) { +435 var certHex = pemtohex(certPEM); +436 var x = new _X509(); +437 x.hex = certHex; +438 var issuerTLVHex = x.getIssuerHex(); +439 this.dIssuer = new _X500Name(); +440 this.dIssuer.hTLV = issuerTLVHex; +441 var serialVHex = x.getSerialNumberHex(); +442 this.dSerial = new _DERInteger({hex: serialVHex}); +443 }; +444 +445 this.getEncodedHex = function() { +446 var seq = new _KJUR_asn1.DERSequence({"array": [this.dIssuer, +447 this.dSerial]}); +448 this.hTLV = seq.getEncodedHex(); +449 return this.hTLV; +450 }; +451 +452 if (params !== undefined) { +453 if (typeof params == "string" && +454 params.indexOf("-----BEGIN ") != -1) { +455 this.setByCertPEM(params); +456 } +457 if (params.issuer && params.serial) { +458 if (params.issuer instanceof _X500Name) { +459 this.dIssuer = params.issuer; +460 } else { +461 this.dIssuer = new _X500Name(params.issuer); +462 } +463 if (params.serial instanceof _DERInteger) { +464 this.dSerial = params.serial; +465 } else { +466 this.dSerial = new _DERInteger(params.serial); +467 } +468 } +469 if (typeof params.cert == "string") { +470 this.setByCertPEM(params.cert); +471 } +472 } +473 }; +474 YAHOO.lang.extend(KJUR.asn1.cms.IssuerAndSerialNumber, KJUR.asn1.ASN1Object); +475 +476 /** +477 * class for Attributes ASN.1 structure for CMS +478 * @name KJUR.asn1.cms.AttributeList +479 * @class class for Attributes ASN.1 structure for CMS +480 * @param {Array} params associative array of parameters +481 * @extends KJUR.asn1.ASN1Object +482 * @since jsrsasign 4.2.4 asn1cms 1.0.0 +483 * @description +484 * <pre> +485 * Attributes ::= SET OF Attribute +486 * Attribute ::= SEQUENCE { +487 * type OBJECT IDENTIFIER, +488 * values AttributeSetValue } +489 * </pre> +490 * @example +491 * // specify by X500Name and DERInteger +492 * o = new KJUR.asn1.cms.AttributeList({sorted: false}); // ASN.1 BER unsorted SET OF +493 * o = new KJUR.asn1.cms.AttributeList(); // ASN.1 DER sorted by default +494 * o.clear(); // clear list of Attributes +495 * n = o.length(); // get number of Attribute +496 * o.add(new KJUR.asn1.cms.SigningTime()); // add SigningTime attribute +497 * hex = o.getEncodedHex(); // get hex encoded ASN.1 data +498 */ +499 KJUR.asn1.cms.AttributeList = function(params) { +500 var _KJUR = KJUR, +501 _KJUR_asn1 = _KJUR.asn1, +502 _KJUR_asn1_cms = _KJUR_asn1.cms; +503 +504 _KJUR_asn1_cms.AttributeList.superclass.constructor.call(this); +505 this.list = new Array(); +506 this.sortFlag = true; +507 +508 this.add = function(item) { +509 if (item instanceof _KJUR_asn1_cms.Attribute) { +510 this.list.push(item); +511 } +512 }; +513 +514 this.length = function() { +515 return this.list.length; +516 }; +517 +518 this.clear = function() { +519 this.list = new Array(); +520 this.hTLV = null; +521 this.hV = null; +522 }; +523 +524 this.getEncodedHex = function() { +525 if (typeof this.hTLV == "string") return this.hTLV; +526 var set = new _KJUR_asn1.DERSet({array: this.list, +527 sortflag: this.sortFlag}); +528 this.hTLV = set.getEncodedHex(); +529 return this.hTLV; +530 }; +531 +532 if (params !== undefined) { +533 if (typeof params.sortflag != "undefined" && +534 params.sortflag == false) +535 this.sortFlag = false; +536 } +537 }; +538 YAHOO.lang.extend(KJUR.asn1.cms.AttributeList, KJUR.asn1.ASN1Object); +539 +540 /** +541 * class for SignerInfo ASN.1 structure of CMS SignedData +542 * @name KJUR.asn1.cms.SignerInfo +543 * @class class for Attributes ASN.1 structure of CMS SigndData +544 * @param {Array} params associative array of parameters +545 * @extends KJUR.asn1.ASN1Object +546 * @since jsrsasign 4.2.4 asn1cms 1.0.0 +547 * @description +548 * <pre> +549 * SignerInfo ::= SEQUENCE { +550 * version CMSVersion, +551 * sid SignerIdentifier, +552 * digestAlgorithm DigestAlgorithmIdentifier, +553 * signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL, +554 * signatureAlgorithm SignatureAlgorithmIdentifier, +555 * signature SignatureValue, +556 * unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL } +557 * </pre> +558 * @example +559 * o = new KJUR.asn1.cms.SignerInfo(); +560 * o.setSignerIdentifier(certPEMstring); +561 * o.dSignedAttrs.add(new KJUR.asn1.cms.ContentType({name: 'data'})); +562 * o.dSignedAttrs.add(new KJUR.asn1.cms.MessageDigest({hex: 'a1b2...'})); +563 * o.dSignedAttrs.add(new KJUR.asn1.cms.SigningTime()); +564 * o.sign(privteKeyParam, "SHA1withRSA"); +565 */ +566 KJUR.asn1.cms.SignerInfo = function(params) { +567 var _KJUR = KJUR, +568 _KJUR_asn1 = _KJUR.asn1, +569 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, +570 _KJUR_asn1_cms = _KJUR_asn1.cms, +571 _AttributeList = _KJUR_asn1_cms.AttributeList, +572 _ContentType = _KJUR_asn1_cms.ContentType, +573 _EncapsulatedContentInfo = _KJUR_asn1_cms.EncapsulatedContentInfo, +574 _MessageDigest = _KJUR_asn1_cms.MessageDigest, +575 _SignedData = _KJUR_asn1_cms.SignedData, +576 _KJUR_asn1_x509 = _KJUR_asn1.x509, +577 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, +578 _KJUR_crypto = _KJUR.crypto, +579 _KEYUTIL = KEYUTIL; +580 +581 _KJUR_asn1_cms.SignerInfo.superclass.constructor.call(this); +582 +583 this.dCMSVersion = new _KJUR_asn1.DERInteger({'int': 1}); +584 this.dSignerIdentifier = null; +585 this.dDigestAlgorithm = null; +586 this.dSignedAttrs = new _AttributeList(); +587 this.dSigAlg = null; +588 this.dSig = null; +589 this.dUnsignedAttrs = new _AttributeList(); +590 +591 this.setSignerIdentifier = function(params) { +592 if (typeof params == "string" && +593 params.indexOf("CERTIFICATE") != -1 && +594 params.indexOf("BEGIN") != -1 && +595 params.indexOf("END") != -1) { +596 +597 var certPEM = params; +598 this.dSignerIdentifier = +599 new _KJUR_asn1_cms.IssuerAndSerialNumber({cert: params}); +600 } +601 }; +602 +603 /** +604 * set ContentType/MessageDigest/DigestAlgorithms for SignerInfo/SignedData +605 * @name setForContentAndHash +606 * @memberOf KJUR.asn1.cms.SignerInfo +607 * @param {Array} params JSON parameter to set content related field +608 * @description +609 * This method will specify following fields by a parameters: +610 * <ul> +611 * <li>add ContentType signed attribute by encapContentInfo</li> +612 * <li>add MessageDigest signed attribute by encapContentInfo and hashAlg</li> +613 * <li>add a hash algorithm used in MessageDigest to digestAlgorithms field of SignedData</li> +614 * <li>set a hash algorithm used in MessageDigest to digestAlgorithm field of SignerInfo</li> +615 * </ul> +616 * Argument 'params' is an associative array having following elements: +617 * <ul> +618 * <li>eciObj - {@link KJUR.asn1.cms.EncapsulatedContentInfo} object</li> +619 * <li>sdObj - {@link KJUR.asn1.cms.SignedData} object (Option) to set DigestAlgorithms</li> +620 * <li>hashAlg - string of hash algorithm name which is used for MessageDigest attribute</li> +621 * </ul> +622 * some of elements can be omited. +623 * @example +624 * sd = new KJUR.asn1.cms.SignedData(); +625 * signerInfo.setForContentAndHash({sdObj: sd, +626 * eciObj: sd.dEncapContentInfo, +627 * hashAlg: 'sha256'}); +628 */ +629 this.setForContentAndHash = function(params) { +630 if (params !== undefined) { +631 if (params.eciObj instanceof _EncapsulatedContentInfo) { +632 this.dSignedAttrs.add(new _ContentType({oid: '1.2.840.113549.1.7.1'})); +633 this.dSignedAttrs.add(new _MessageDigest({eciObj: params.eciObj, +634 hashAlg: params.hashAlg})); +635 } +636 if (params.sdObj !== undefined && +637 params.sdObj instanceof _SignedData) { +638 if (params.sdObj.digestAlgNameList.join(":").indexOf(params.hashAlg) == -1) { +639 params.sdObj.digestAlgNameList.push(params.hashAlg); +640 } +641 } +642 if (typeof params.hashAlg == "string") { +643 this.dDigestAlgorithm = new _AlgorithmIdentifier({name: params.hashAlg}); +644 } +645 } +646 }; +647 +648 this.sign = function(keyParam, sigAlg) { +649 // set algorithm +650 this.dSigAlg = new _AlgorithmIdentifier({name: sigAlg}); +651 +652 // set signature +653 var data = this.dSignedAttrs.getEncodedHex(); +654 var prvKey = _KEYUTIL.getKey(keyParam); +655 var sig = new _KJUR_crypto.Signature({alg: sigAlg}); +656 sig.init(prvKey); +657 sig.updateHex(data); +658 var sigValHex = sig.sign(); +659 this.dSig = new _KJUR_asn1.DEROctetString({hex: sigValHex}); +660 }; +661 +662 /* +663 * @since asn1cms 1.0.3 +664 */ +665 this.addUnsigned = function(attr) { +666 this.hTLV = null; +667 this.dUnsignedAttrs.hTLV = null; +668 this.dUnsignedAttrs.add(attr); +669 }; +670 +671 this.getEncodedHex = function() { +672 //alert("sattrs.hTLV=" + this.dSignedAttrs.hTLV); +673 if (this.dSignedAttrs instanceof _AttributeList && +674 this.dSignedAttrs.length() == 0) { +675 throw "SignedAttrs length = 0 (empty)"; +676 } +677 var sa = new _DERTaggedObject({obj: this.dSignedAttrs, +678 tag: 'a0', explicit: false}); +679 var ua = null;; +680 if (this.dUnsignedAttrs.length() > 0) { +681 ua = new _DERTaggedObject({obj: this.dUnsignedAttrs, +682 tag: 'a1', explicit: false}); +683 } +684 +685 var items = [ +686 this.dCMSVersion, +687 this.dSignerIdentifier, +688 this.dDigestAlgorithm, +689 sa, +690 this.dSigAlg, +691 this.dSig, +692 ]; +693 if (ua != null) items.push(ua); +694 +695 var seq = new _KJUR_asn1.DERSequence({array: items}); +696 this.hTLV = seq.getEncodedHex(); +697 return this.hTLV; +698 }; +699 }; +700 YAHOO.lang.extend(KJUR.asn1.cms.SignerInfo, KJUR.asn1.ASN1Object); +701 +702 /** +703 * class for EncapsulatedContentInfo ASN.1 structure for CMS +704 * @name KJUR.asn1.cms.EncapsulatedContentInfo +705 * @class class for EncapsulatedContentInfo ASN.1 structure for CMS +706 * @param {Array} params associative array of parameters +707 * @extends KJUR.asn1.ASN1Object +708 * @since jsrsasign 4.2.4 asn1cms 1.0.0 +709 * @description +710 * <pre> +711 * EncapsulatedContentInfo ::= SEQUENCE { +712 * eContentType ContentType, +713 * eContent [0] EXPLICIT OCTET STRING OPTIONAL } +714 * ContentType ::= OBJECT IDENTIFIER +715 * </pre> +716 * @example +717 * o = new KJUR.asn1.cms.EncapsulatedContentInfo(); +718 * o.setContentType('1.2.3.4.5'); // specify eContentType by OID +719 * o.setContentType('data'); // specify eContentType by name +720 * o.setContentValueHex('a1a2a4...'); // specify eContent data by hex string +721 * o.setContentValueStr('apple'); // specify eContent data by UTF-8 string +722 * // for detached contents (i.e. data not concluded in eContent) +723 * o.isDetached = true; // false as default +724 */ +725 KJUR.asn1.cms.EncapsulatedContentInfo = function(params) { +726 var _KJUR = KJUR, +727 _KJUR_asn1 = _KJUR.asn1, +728 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, +729 _DERSequence = _KJUR_asn1.DERSequence, +730 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, +731 _DEROctetString = _KJUR_asn1.DEROctetString, +732 _KJUR_asn1_cms = _KJUR_asn1.cms; +733 +734 _KJUR_asn1_cms.EncapsulatedContentInfo.superclass.constructor.call(this); +735 +736 this.dEContentType = new _DERObjectIdentifier({name: 'data'}); +737 this.dEContent = null; +738 this.isDetached = false; +739 this.eContentValueHex = null; +740 +741 this.setContentType = function(nameOrOid) { +742 if (nameOrOid.match(/^[0-2][.][0-9.]+$/)) { +743 this.dEContentType = new _DERObjectIdentifier({oid: nameOrOid}); +744 } else { +745 this.dEContentType = new _DERObjectIdentifier({name: nameOrOid}); +746 } +747 }; +748 +749 this.setContentValue = function(params) { +750 if (params !== undefined) { +751 if (typeof params.hex == "string") { +752 this.eContentValueHex = params.hex; +753 } else if (typeof params.str == "string") { +754 this.eContentValueHex = utf8tohex(params.str); +755 } +756 } +757 }; +758 +759 this.setContentValueHex = function(valueHex) { +760 this.eContentValueHex = valueHex; +761 }; +762 +763 this.setContentValueStr = function(valueStr) { +764 this.eContentValueHex = utf8tohex(valueStr); +765 }; +766 +767 this.getEncodedHex = function() { +768 if (typeof this.eContentValueHex != "string") { +769 throw "eContentValue not yet set"; +770 } +771 +772 var dValue = new _DEROctetString({hex: this.eContentValueHex}); +773 this.dEContent = new _DERTaggedObject({obj: dValue, +774 tag: 'a0', +775 explicit: true}); +776 +777 var a = [this.dEContentType]; +778 if (! this.isDetached) a.push(this.dEContent); +779 var seq = new _DERSequence({array: a}); +780 this.hTLV = seq.getEncodedHex(); +781 return this.hTLV; +782 }; +783 }; +784 YAHOO.lang.extend(KJUR.asn1.cms.EncapsulatedContentInfo, KJUR.asn1.ASN1Object); +785 +786 // - type +787 // - obj +788 /** +789 * class for ContentInfo ASN.1 structure for CMS +790 * @name KJUR.asn1.cms.ContentInfo +791 * @class class for ContentInfo ASN.1 structure for CMS +792 * @param {Array} params associative array of parameters +793 * @extends KJUR.asn1.ASN1Object +794 * @since jsrsasign 4.2.4 asn1cms 1.0.0 +795 * @description +796 * <pre> +797 * ContentInfo ::= SEQUENCE { +798 * contentType ContentType, +799 * content [0] EXPLICIT ANY DEFINED BY contentType } +800 * ContentType ::= OBJECT IDENTIFIER +801 * </pre> +802 * @example +803 * a = [new KJUR.asn1.DERInteger({int: 1}), +804 * new KJUR.asn1.DERInteger({int: 2})]; +805 * seq = new KJUR.asn1.DERSequence({array: a}); +806 * o = new KJUR.asn1.cms.ContentInfo({type: 'data', obj: seq}); +807 */ +808 KJUR.asn1.cms.ContentInfo = function(params) { +809 var _KJUR = KJUR, +810 _KJUR_asn1 = _KJUR.asn1, +811 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, +812 _DERSequence = _KJUR_asn1.DERSequence, +813 _KJUR_asn1_x509 = _KJUR_asn1.x509; +814 +815 KJUR.asn1.cms.ContentInfo.superclass.constructor.call(this); +816 +817 this.dContentType = null; +818 this.dContent = null; +819 +820 this.setContentType = function(params) { +821 if (typeof params == "string") { +822 this.dContentType = _KJUR_asn1_x509.OID.name2obj(params); +823 } +824 }; +825 +826 this.getEncodedHex = function() { +827 var dContent0 = new _DERTaggedObject({obj: this.dContent, +828 tag: 'a0', +829 explicit: true}); +830 var seq = new _DERSequence({array: [this.dContentType, dContent0]}); +831 this.hTLV = seq.getEncodedHex(); +832 return this.hTLV; +833 }; +834 +835 if (params !== undefined) { +836 if (params.type) +837 this.setContentType(params.type); +838 if (params.obj && +839 params.obj instanceof _KJUR_asn1.ASN1Object) +840 this.dContent = params.obj; +841 } +842 }; +843 YAHOO.lang.extend(KJUR.asn1.cms.ContentInfo, KJUR.asn1.ASN1Object); +844 +845 /** +846 * class for SignerInfo ASN.1 structure of CMS SignedData +847 * @name KJUR.asn1.cms.SignedData +848 * @class class for Attributes ASN.1 structure of CMS SigndData +849 * @param {Array} params associative array of parameters +850 * @extends KJUR.asn1.ASN1Object +851 * @since jsrsasign 4.2.4 asn1cms 1.0.0 +852 * +853 * @description +854 * <pre> +855 * SignedData ::= SEQUENCE { +856 * version CMSVersion, +857 * digestAlgorithms DigestAlgorithmIdentifiers, +858 * encapContentInfo EncapsulatedContentInfo, +859 * certificates [0] IMPLICIT CertificateSet OPTIONAL, +860 * crls [1] IMPLICIT RevocationInfoChoices OPTIONAL, +861 * signerInfos SignerInfos } +862 * SignerInfos ::= SET OF SignerInfo +863 * CertificateSet ::= SET OF CertificateChoices +864 * DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier +865 * CertificateSet ::= SET OF CertificateChoices +866 * RevocationInfoChoices ::= SET OF RevocationInfoChoice +867 * </pre> +868 * +869 * @example +870 * sd = new KJUR.asn1.cms.SignedData(); +871 * sd.dEncapContentInfo.setContentValueStr("test string"); +872 * sd.signerInfoList[0].setForContentAndHash({sdObj: sd, +873 * eciObj: sd.dEncapContentInfo, +874 * hashAlg: 'sha256'}); +875 * sd.signerInfoList[0].dSignedAttrs.add(new KJUR.asn1.cms.SigningTime()); +876 * sd.signerInfoList[0].setSignerIdentifier(certPEM); +877 * sd.signerInfoList[0].sign(prvP8PEM, "SHA256withRSA"); +878 * hex = sd.getContentInfoEncodedHex(); +879 */ +880 KJUR.asn1.cms.SignedData = function(params) { +881 var _KJUR = KJUR, +882 _KJUR_asn1 = _KJUR.asn1, +883 _ASN1Object = _KJUR_asn1.ASN1Object, +884 _DERInteger = _KJUR_asn1.DERInteger, +885 _DERSet = _KJUR_asn1.DERSet, +886 _DERSequence = _KJUR_asn1.DERSequence, +887 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, +888 _KJUR_asn1_cms = _KJUR_asn1.cms, +889 _EncapsulatedContentInfo = _KJUR_asn1_cms.EncapsulatedContentInfo, +890 _SignerInfo = _KJUR_asn1_cms.SignerInfo, +891 _ContentInfo = _KJUR_asn1_cms.ContentInfo, +892 _KJUR_asn1_x509 = _KJUR_asn1.x509, +893 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier; +894 +895 KJUR.asn1.cms.SignedData.superclass.constructor.call(this); +896 +897 this.dCMSVersion = new _DERInteger({'int': 1}); +898 this.dDigestAlgs = null; +899 this.digestAlgNameList = []; +900 this.dEncapContentInfo = new _EncapsulatedContentInfo(); +901 this.dCerts = null; +902 this.certificateList = []; +903 this.crlList = []; +904 this.signerInfoList = [new _SignerInfo()]; +905 +906 this.addCertificatesByPEM = function(certPEM) { +907 var hex = pemtohex(certPEM); +908 var o = new _ASN1Object(); +909 o.hTLV = hex; +910 this.certificateList.push(o); +911 }; +912 +913 this.getEncodedHex = function() { +914 if (typeof this.hTLV == "string") return this.hTLV; +915 +916 if (this.dDigestAlgs == null) { +917 var digestAlgList = []; +918 for (var i = 0; i < this.digestAlgNameList.length; i++) { +919 var name = this.digestAlgNameList[i]; +920 var o = new _AlgorithmIdentifier({name: name}); +921 digestAlgList.push(o); +922 } +923 this.dDigestAlgs = new _DERSet({array: digestAlgList}); +924 } +925 +926 var a = [this.dCMSVersion, +927 this.dDigestAlgs, +928 this.dEncapContentInfo]; +929 +930 if (this.dCerts == null) { +931 if (this.certificateList.length > 0) { +932 var o1 = new _DERSet({array: this.certificateList}); +933 this.dCerts +934 = new _DERTaggedObject({obj: o1, +935 tag: 'a0', +936 explicit: false}); +937 } +938 } +939 if (this.dCerts != null) a.push(this.dCerts); +940 +941 var dSignerInfos = new _DERSet({array: this.signerInfoList}); +942 a.push(dSignerInfos); +943 +944 var seq = new _DERSequence({array: a}); +945 this.hTLV = seq.getEncodedHex(); +946 return this.hTLV; +947 }; +948 +949 this.getContentInfo = function() { +950 this.getEncodedHex(); +951 var ci = new _ContentInfo({type: 'signed-data', obj: this}); +952 return ci; +953 }; +954 +955 this.getContentInfoEncodedHex = function() { +956 var ci = this.getContentInfo(); +957 var ciHex = ci.getEncodedHex(); +958 return ciHex; +959 }; +960 +961 this.getPEM = function() { +962 return hextopem(this.getContentInfoEncodedHex(), "CMS"); +963 }; +964 }; +965 YAHOO.lang.extend(KJUR.asn1.cms.SignedData, KJUR.asn1.ASN1Object); +966 +967 /** +968 * CMS utiliteis class +969 * @name KJUR.asn1.cms.CMSUtil +970 * @class CMS utilities class +971 */ +972 KJUR.asn1.cms.CMSUtil = new function() { +973 }; +974 /** +975 * generate SignedData object specified by JSON parameters +976 * @name newSignedData +977 * @memberOf KJUR.asn1.cms.CMSUtil +978 * @function +979 * @param {Array} param JSON parameter to generate CMS SignedData +980 * @return {KJUR.asn1.cms.SignedData} object just generated +981 * @description +982 * This method provides more easy way to genereate +983 * CMS SignedData ASN.1 structure by JSON data. +984 * @example +985 * var sd = KJUR.asn1.cms.CMSUtil.newSignedData({ +986 * content: {str: "jsrsasign"}, +987 * certs: [certPEM], +988 * signerInfos: [{ +989 * hashAlg: 'sha256', +990 * sAttr: { +991 * SigningTime: {} +992 * SigningCertificateV2: {array: [certPEM]}, +993 * }, +994 * signerCert: certPEM, +995 * sigAlg: 'SHA256withRSA', +996 * signerPrvKey: prvPEM +997 * }] +998 * }); +999 */ +1000 KJUR.asn1.cms.CMSUtil.newSignedData = function(param) { +1001 var _KJUR = KJUR, +1002 _KJUR_asn1 = _KJUR.asn1, +1003 _KJUR_asn1_cms = _KJUR_asn1.cms, +1004 _SignerInfo = _KJUR_asn1_cms.SignerInfo, +1005 _SignedData = _KJUR_asn1_cms.SignedData, +1006 _SigningTime = _KJUR_asn1_cms.SigningTime, +1007 _SigningCertificate = _KJUR_asn1_cms.SigningCertificate, +1008 _SigningCertificateV2 = _KJUR_asn1_cms.SigningCertificateV2, +1009 _KJUR_asn1_cades = _KJUR_asn1.cades, +1010 _SignaturePolicyIdentifier = _KJUR_asn1_cades.SignaturePolicyIdentifier; +1011 +1012 var sd = new _SignedData(); +1013 +1014 sd.dEncapContentInfo.setContentValue(param.content); +1015 +1016 if (typeof param.certs == "object") { +1017 for (var i = 0; i < param.certs.length; i++) { +1018 sd.addCertificatesByPEM(param.certs[i]); +1019 } +1020 } +1021 +1022 sd.signerInfoList = []; +1023 for (var i = 0; i < param.signerInfos.length; i++) { +1024 var siParam = param.signerInfos[i]; +1025 var si = new _SignerInfo(); +1026 si.setSignerIdentifier(siParam.signerCert); +1027 +1028 si.setForContentAndHash({sdObj: sd, +1029 eciObj: sd.dEncapContentInfo, +1030 hashAlg: siParam.hashAlg}); +1031 +1032 for (attrName in siParam.sAttr) { +1033 var attrParam = siParam.sAttr[attrName]; +1034 if (attrName == "SigningTime") { +1035 var attr = new _SigningTime(attrParam); +1036 si.dSignedAttrs.add(attr); +1037 } +1038 if (attrName == "SigningCertificate") { +1039 var attr = new _SigningCertificate(attrParam); +1040 si.dSignedAttrs.add(attr); +1041 } +1042 if (attrName == "SigningCertificateV2") { +1043 var attr = new _SigningCertificateV2(attrParam); +1044 si.dSignedAttrs.add(attr); +1045 } +1046 if (attrName == "SignaturePolicyIdentifier") { +1047 var attr = new _SignaturePolicyIdentifier(attrParam); +1048 si.dSignedAttrs.add(attr); +1049 } +1050 } +1051 +1052 si.sign(siParam.signerPrvKey, siParam.sigAlg); +1053 sd.signerInfoList.push(si); +1054 } +1055 +1056 return sd; +1057 }; +1058 +1059
\ No newline at end of file diff --git a/api/symbols/src/asn1csr-1.0.js.html b/api/symbols/src/asn1csr-1.0.js.html index ab72b959..75e1066b 100644 --- a/api/symbols/src/asn1csr-1.0.js.html +++ b/api/symbols/src/asn1csr-1.0.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
  1 /*! asn1csr-1.0.4.js (c) 2015-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* asn1csr-1.0.5.js (c) 2015-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * asn1csr.js - ASN.1 DER encoder classes for PKCS#10 CSR
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1csr-1.0.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 7.2.0 asn1csr 1.0.4 (2017-May-21)
+ 19  * @version jsrsasign 7.2.1 asn1csr 1.0.5 (2017-Jun-03)
  20  * @since jsrsasign 4.9.0
  21  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -83,356 +83,376 @@
  76  * //   attributes    [0] Attributes{{ CRIAttributes }} }
  77  */
  78 KJUR.asn1.csr.CertificationRequest = function(params) {
- 79     KJUR.asn1.csr.CertificationRequest.superclass.constructor.call(this);
- 80     var asn1CSRInfo = null;
- 81     var asn1SignatureAlg = null;
- 82     var asn1Sig = null;
- 83     var hexSig = null;
- 84     var prvKey = null;
+ 79     var _KJUR = KJUR,
+ 80 	_KJUR_asn1 = _KJUR.asn1,
+ 81 	_DERBitString = _KJUR_asn1.DERBitString,
+ 82 	_DERSequence = _KJUR_asn1.DERSequence,
+ 83 	_KJUR_asn1_csr = _KJUR_asn1.csr,
+ 84 	_KJUR_asn1_x509 = _KJUR_asn1.x509;
  85 
- 86     /**
- 87      * sign CertificationRequest and set signature value internally<br/>
- 88      * @name sign
- 89      * @memberOf KJUR.asn1.csr.CertificationRequest#
- 90      * @function
- 91      * @description
- 92      * This method self-signs CertificateRequestInfo with a subject's
- 93      * private key and set signature value internally.
- 94      * <br/>
- 95      * @example
- 96      * csr = new KJUR.asn1.csr.CertificationRequest({'csrinfo': csri});
- 97      * csr.sign("SHA256withRSA", prvKeyObj);
- 98      */
- 99     this.sign = function(sigAlgName, prvKeyObj) {
-100 	if (this.prvKey == null) this.prvKey = prvKeyObj;
-101 
-102 	this.asn1SignatureAlg = 
-103 	    new KJUR.asn1.x509.AlgorithmIdentifier({'name': sigAlgName});
-104 
-105         sig = new KJUR.crypto.Signature({'alg': sigAlgName});
-106         sig.initSign(this.prvKey);
-107         sig.updateHex(this.asn1CSRInfo.getEncodedHex());
-108         this.hexSig = sig.sign();
+ 86     _KJUR_asn1_csr.CertificationRequest.superclass.constructor.call(this);
+ 87 
+ 88     var asn1CSRInfo = null;
+ 89     var asn1SignatureAlg = null;
+ 90     var asn1Sig = null;
+ 91     var hexSig = null;
+ 92     var prvKey = null;
+ 93 
+ 94     /**
+ 95      * sign CertificationRequest and set signature value internally<br/>
+ 96      * @name sign
+ 97      * @memberOf KJUR.asn1.csr.CertificationRequest#
+ 98      * @function
+ 99      * @description
+100      * This method self-signs CertificateRequestInfo with a subject's
+101      * private key and set signature value internally.
+102      * <br/>
+103      * @example
+104      * csr = new KJUR.asn1.csr.CertificationRequest({'csrinfo': csri});
+105      * csr.sign("SHA256withRSA", prvKeyObj);
+106      */
+107     this.sign = function(sigAlgName, prvKeyObj) {
+108 	if (this.prvKey == null) this.prvKey = prvKeyObj;
 109 
-110         this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
-111         var seq = new KJUR.asn1.DERSequence({'array': [this.asn1CSRInfo,
-112                                                        this.asn1SignatureAlg,
-113                                                        this.asn1Sig]});
-114         this.hTLV = seq.getEncodedHex();
-115         this.isModified = false;
-116     };
+110 	this.asn1SignatureAlg = 
+111 	    new _KJUR_asn1_x509.AlgorithmIdentifier({'name': sigAlgName});
+112 
+113         sig = new _KJUR.crypto.Signature({'alg': sigAlgName});
+114         sig.initSign(this.prvKey);
+115         sig.updateHex(this.asn1CSRInfo.getEncodedHex());
+116         this.hexSig = sig.sign();
 117 
-118     /**
-119      * get PEM formatted certificate signing request (CSR/PKCS#10)<br/>
-120      * @name getPEMString
-121      * @memberOf KJUR.asn1.csr.CertificationRequest#
-122      * @function
-123      * @return PEM formatted string of CSR/PKCS#10
-124      * @description
-125      * This method is to a get CSR PEM string after signed.
-126      * <br/>
-127      * @example
-128      * csr = new KJUR.asn1.csr.CertificationRequest({'csrinfo': csri});
-129      * csr.sign();
-130      * pem =  csr.getPEMString();
-131      * // pem will be following:
-132      * // -----BEGIN CERTIFICATE REQUEST-----
-133      * // MII ...snip...
-134      * // -----END CERTIFICATE REQUEST-----
-135      */
-136     this.getPEMString = function() {
-137 	var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(this.getEncodedHex(),
-138 							 "CERTIFICATE REQUEST");
-139 	return pem;
-140     };
-141 
-142     this.getEncodedHex = function() {
-143         if (this.isModified == false && this.hTLV != null) return this.hTLV;
-144         throw "not signed yet";
-145     };
-146 
-147     if (typeof params != "undefined") {
-148         if (typeof params['csrinfo'] != "undefined") {
-149             this.asn1CSRInfo = params['csrinfo'];
-150         }
-151     }
-152 };
-153 YAHOO.lang.extend(KJUR.asn1.csr.CertificationRequest, KJUR.asn1.ASN1Object);
-154 
-155 /**
-156  * ASN.1 CertificationRequestInfo structure class
-157  * @name KJUR.asn1.csr.CertificationRequestInfo
-158  * @class ASN.1 CertificationRequestInfo structure class
-159  * @param {Array} params associative array of parameters (ex. {})
-160  * @extends KJUR.asn1.ASN1Object
-161  * @since jsrsasign 4.9.0 asn1csr 1.0.0
-162  * @description
-163  * <pre>
-164  * // -- DEFINITION OF ASN.1 SYNTAX --
-165  * // CertificationRequestInfo ::= SEQUENCE {
-166  * //   version       INTEGER { v1(0) } (v1,...),
-167  * //   subject       Name,
-168  * //   subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
-169  * //   attributes    [0] Attributes{{ CRIAttributes }} }
-170  * </pre>
-171  * <br/>
-172  * @example
-173  * csri = new KJUR.asn1.csr.CertificationRequestInfo();
-174  * csri.setSubjectByParam({'str': '/C=US/O=Test/CN=example.com'});
-175  * csri.setSubjectPublicKeyByGetKey(pubKeyObj);
-176  */
-177 KJUR.asn1.csr.CertificationRequestInfo = function(params) {
-178     KJUR.asn1.csr.CertificationRequestInfo.superclass.constructor.call(this);
-179 
-180     this._initialize = function() {
-181         this.asn1Array = new Array();
-182 
-183 	this.asn1Version = new KJUR.asn1.DERInteger({'int': 0});
-184 	this.asn1Subject = null;
-185 	this.asn1SubjPKey = null;
-186 	this.extensionsArray = new Array();
-187     };
-188 
-189     /**
-190      * set subject name field by parameter
-191      * @name setSubjectByParam
-192      * @memberOf KJUR.asn1.csr.CertificationRequestInfo#
-193      * @function
-194      * @param {Array} x500NameParam X500Name parameter
-195      * @description
-196      * @example
-197      * csri.setSubjectByParam({'str': '/C=US/CN=b'});
-198      * @see KJUR.asn1.x509.X500Name
-199      */
-200     this.setSubjectByParam = function(x500NameParam) {
-201         this.asn1Subject = new KJUR.asn1.x509.X500Name(x500NameParam);
-202     };
-203 
-204     /**
-205      * set subject public key info by RSA/ECDSA/DSA key parameter
-206      * @name setSubjectPublicKeyByGetKey
-207      * @memberOf KJUR.asn1.csr.CertificationRequestInfo#
-208      * @function
-209      * @param {Object} keyParam public key parameter which passed to {@link KEYUTIL.getKey} argument
-210      * @description
-211      * @example
-212      * csri.setSubjectPublicKeyByGetKeyParam(certPEMString); // or 
-213      * csri.setSubjectPublicKeyByGetKeyParam(pkcs8PublicKeyPEMString); // or 
-214      * csir.setSubjectPublicKeyByGetKeyParam(kjurCryptoECDSAKeyObject); // et.al.
-215      * @see KJUR.asn1.x509.SubjectPublicKeyInfo
-216      * @see KEYUTIL.getKey
+118         this.asn1Sig = new _DERBitString({'hex': '00' + this.hexSig});
+119         var seq = new _DERSequence({'array': [this.asn1CSRInfo,
+120                                               this.asn1SignatureAlg,
+121                                               this.asn1Sig]});
+122         this.hTLV = seq.getEncodedHex();
+123         this.isModified = false;
+124     };
+125 
+126     /**
+127      * get PEM formatted certificate signing request (CSR/PKCS#10)<br/>
+128      * @name getPEMString
+129      * @memberOf KJUR.asn1.csr.CertificationRequest#
+130      * @function
+131      * @return PEM formatted string of CSR/PKCS#10
+132      * @description
+133      * This method is to a get CSR PEM string after signed.
+134      * <br/>
+135      * @example
+136      * csr = new KJUR.asn1.csr.CertificationRequest({'csrinfo': csri});
+137      * csr.sign();
+138      * pem =  csr.getPEMString();
+139      * // pem will be following:
+140      * // -----BEGIN CERTIFICATE REQUEST-----
+141      * // MII ...snip...
+142      * // -----END CERTIFICATE REQUEST-----
+143      */
+144     this.getPEMString = function() {
+145 	return hextopem(this.getEncodedHex(), "CERTIFICATE REQUEST");
+146     };
+147 
+148     this.getEncodedHex = function() {
+149         if (this.isModified == false && this.hTLV != null) return this.hTLV;
+150         throw "not signed yet";
+151     };
+152 
+153     if (params !== undefined && params.csrinfo !== undefined) {
+154         this.asn1CSRInfo = params.csrinfo;
+155     }
+156 };
+157 YAHOO.lang.extend(KJUR.asn1.csr.CertificationRequest, KJUR.asn1.ASN1Object);
+158 
+159 /**
+160  * ASN.1 CertificationRequestInfo structure class
+161  * @name KJUR.asn1.csr.CertificationRequestInfo
+162  * @class ASN.1 CertificationRequestInfo structure class
+163  * @param {Array} params associative array of parameters (ex. {})
+164  * @extends KJUR.asn1.ASN1Object
+165  * @since jsrsasign 4.9.0 asn1csr 1.0.0
+166  * @description
+167  * <pre>
+168  * // -- DEFINITION OF ASN.1 SYNTAX --
+169  * // CertificationRequestInfo ::= SEQUENCE {
+170  * //   version       INTEGER { v1(0) } (v1,...),
+171  * //   subject       Name,
+172  * //   subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
+173  * //   attributes    [0] Attributes{{ CRIAttributes }} }
+174  * </pre>
+175  * <br/>
+176  * @example
+177  * csri = new KJUR.asn1.csr.CertificationRequestInfo();
+178  * csri.setSubjectByParam({'str': '/C=US/O=Test/CN=example.com'});
+179  * csri.setSubjectPublicKeyByGetKey(pubKeyObj);
+180  */
+181 KJUR.asn1.csr.CertificationRequestInfo = function(params) {
+182     var _KJUR = KJUR,
+183 	_KJUR_asn1 = _KJUR.asn1,
+184 	_DERInteger = _KJUR_asn1.DERInteger,
+185 	_DERSequence = _KJUR_asn1.DERSequence,
+186 	_DERSet = _KJUR_asn1.DERSet,
+187 	_DERNull = _KJUR_asn1.DERNull,
+188 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
+189 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
+190 	_KJUR_asn1_csr = _KJUR_asn1.csr,
+191 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+192 	_X500Name = _KJUR_asn1_x509.X500Name,
+193 	_Extension = _KJUR_asn1_x509.Extension,
+194 	_KEYUTIL = KEYUTIL;
+195 
+196     _KJUR_asn1_csr.CertificationRequestInfo.superclass.constructor.call(this);
+197 
+198     this._initialize = function() {
+199         this.asn1Array = new Array();
+200 
+201 	this.asn1Version = new _DERInteger({'int': 0});
+202 	this.asn1Subject = null;
+203 	this.asn1SubjPKey = null;
+204 	this.extensionsArray = new Array();
+205     };
+206 
+207     /**
+208      * set subject name field by parameter
+209      * @name setSubjectByParam
+210      * @memberOf KJUR.asn1.csr.CertificationRequestInfo#
+211      * @function
+212      * @param {Array} x500NameParam X500Name parameter
+213      * @description
+214      * @example
+215      * csri.setSubjectByParam({'str': '/C=US/CN=b'});
+216      * @see KJUR.asn1.x509.X500Name
 217      */
-218     this.setSubjectPublicKeyByGetKey = function(keyParam) {
-219         var keyObj = KEYUTIL.getKey(keyParam);
-220         this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObj);
-221     };
-222 
-223     /**
-224      * append X.509v3 extension to this object by name and parameters
-225      * @name appendExtensionByName
-226      * @memberOf KJUR.asn1.csr.CertificationRequestInfo#
-227      * @function
-228      * @param {name} name name of X.509v3 Extension object
-229      * @param {Array} extParams parameters as argument of Extension constructor.
-230      * @see KJUR.asn1.x509.Extension
-231      * @description
-232      * @example
-233      * var o = new KJUR.asn1.csr.CertificationRequestInfo();
-234      * o.appendExtensionByName('BasicConstraints', {'cA':true, 'critical': true});
-235      * o.appendExtensionByName('KeyUsage', {'bin':'11'});
-236      * o.appendExtensionByName('CRLDistributionPoints', {uri: 'http://aaa.com/a.crl'});
-237      * o.appendExtensionByName('ExtKeyUsage', {array: [{name: 'clientAuth'}]});
-238      * o.appendExtensionByName('AuthorityKeyIdentifier', {kid: '1234ab..'});
-239      * o.appendExtensionByName('AuthorityInfoAccess', {array: [{accessMethod:{oid:...},accessLocation:{uri:...}}]});
-240      */
-241     this.appendExtensionByName = function(name, extParams) {
-242 	KJUR.asn1.x509.Extension.appendByNameToArray(name,
-243 						     extParams,
-244 						     this.extensionsArray);
-245     };
-246 
-247     this.getEncodedHex = function() {
-248         this.asn1Array = new Array();
-249 
-250         this.asn1Array.push(this.asn1Version);
-251         this.asn1Array.push(this.asn1Subject);
-252         this.asn1Array.push(this.asn1SubjPKey);
-253 
-254 	// extensionRequest
-255 	if (this.extensionsArray.length > 0) {
-256             var extSeq = new KJUR.asn1.DERSequence({array: this.extensionsArray});
-257 	    var extSet = new KJUR.asn1.DERSet({array: [extSeq]});
-258 	    var extSeq2 = new KJUR.asn1.DERSequence({array: [
-259 		new KJUR.asn1.DERObjectIdentifier({oid: "1.2.840.113549.1.9.14"}),
-260 		extSet
-261 	    ]});
-262             var extTagObj = new KJUR.asn1.DERTaggedObject({
-263 		explicit: true,
-264 		tag: 'a0',
-265 		obj: extSeq2
-266 	    });
-267             this.asn1Array.push(extTagObj);
-268 	} else {
-269             var extTagObj = new KJUR.asn1.DERTaggedObject({
-270 		explicit: false,
-271 		tag: 'a0',
-272 		obj: new KJUR.asn1.DERNull()
-273 	    });
-274             this.asn1Array.push(extTagObj);
-275 	}
-276 
-277         var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
-278         this.hTLV = o.getEncodedHex();
-279         this.isModified = false;
-280         return this.hTLV;
-281     };
-282 
-283     this._initialize();
-284 };
-285 YAHOO.lang.extend(KJUR.asn1.csr.CertificationRequestInfo, KJUR.asn1.ASN1Object);
-286 
-287 /**
-288  * Certification Request (CSR/PKCS#10) utilities class<br/>
-289  * @name KJUR.asn1.csr.CSRUtil
-290  * @class Certification Request (CSR/PKCS#10) utilities class
-291  * @description
-292  * This class provides utility static methods for CSR/PKCS#10.
-293  * Here is a list of methods:
-294  * <ul>
-295  * <li>{@link KJUR.asn1.csr.CSRUtil.newCSRPEM}</li>
-296  * <li>{@link KJUR.asn1.csr.CSRUtil.getInfo}</li>
-297  * </ul>
-298  * <br/>
-299  */
-300 KJUR.asn1.csr.CSRUtil = new function() {
-301 };
-302 
-303 /**
-304  * generate a PEM format of CSR/PKCS#10 certificate signing request
-305  * @name newCSRPEM
-306  * @memberOf KJUR.asn1.csr.CSRUtil
-307  * @function
-308  * @param {Array} param parameter to generate CSR
-309  * @since jsrsasign 4.9.0 asn1csr 1.0.0
+218     this.setSubjectByParam = function(x500NameParam) {
+219         this.asn1Subject = new _X500Name(x500NameParam);
+220     };
+221 
+222     /**
+223      * set subject public key info by RSA/ECDSA/DSA key parameter
+224      * @name setSubjectPublicKeyByGetKey
+225      * @memberOf KJUR.asn1.csr.CertificationRequestInfo#
+226      * @function
+227      * @param {Object} keyParam public key parameter which passed to {@link KEYUTIL.getKey} argument
+228      * @description
+229      * @example
+230      * csri.setSubjectPublicKeyByGetKeyParam(certPEMString); // or 
+231      * csri.setSubjectPublicKeyByGetKeyParam(pkcs8PublicKeyPEMString); // or 
+232      * csir.setSubjectPublicKeyByGetKeyParam(kjurCryptoECDSAKeyObject); // et.al.
+233      * @see KJUR.asn1.x509.SubjectPublicKeyInfo
+234      * @see KEYUTIL.getKey
+235      */
+236     this.setSubjectPublicKeyByGetKey = function(keyParam) {
+237         var keyObj = _KEYUTIL.getKey(keyParam);
+238         this.asn1SubjPKey = 
+239 	    new _KJUR_asn1_x509.SubjectPublicKeyInfo(keyObj);
+240     };
+241 
+242     /**
+243      * append X.509v3 extension to this object by name and parameters
+244      * @name appendExtensionByName
+245      * @memberOf KJUR.asn1.csr.CertificationRequestInfo#
+246      * @function
+247      * @param {name} name name of X.509v3 Extension object
+248      * @param {Array} extParams parameters as argument of Extension constructor.
+249      * @see KJUR.asn1.x509.Extension
+250      * @description
+251      * @example
+252      * var o = new KJUR.asn1.csr.CertificationRequestInfo();
+253      * o.appendExtensionByName('BasicConstraints', {'cA':true, 'critical': true});
+254      * o.appendExtensionByName('KeyUsage', {'bin':'11'});
+255      * o.appendExtensionByName('CRLDistributionPoints', {uri: 'http://aaa.com/a.crl'});
+256      * o.appendExtensionByName('ExtKeyUsage', {array: [{name: 'clientAuth'}]});
+257      * o.appendExtensionByName('AuthorityKeyIdentifier', {kid: '1234ab..'});
+258      * o.appendExtensionByName('AuthorityInfoAccess', {array: [{accessMethod:{oid:...},accessLocation:{uri:...}}]});
+259      */
+260     this.appendExtensionByName = function(name, extParams) {
+261 	_Extension.appendByNameToArray(name,
+262 				       extParams,
+263 				       this.extensionsArray);
+264     };
+265 
+266     this.getEncodedHex = function() {
+267         this.asn1Array = new Array();
+268 
+269         this.asn1Array.push(this.asn1Version);
+270         this.asn1Array.push(this.asn1Subject);
+271         this.asn1Array.push(this.asn1SubjPKey);
+272 
+273 	// extensionRequest
+274 	if (this.extensionsArray.length > 0) {
+275             var extSeq = new _DERSequence({array: this.extensionsArray});
+276 	    var extSet = new _DERSet({array: [extSeq]});
+277 	    var extSeq2 = new _DERSequence({array: [
+278 		new _DERObjectIdentifier({oid: "1.2.840.113549.1.9.14"}),
+279 		extSet
+280 	    ]});
+281             var extTagObj = new _DERTaggedObject({
+282 		explicit: true,
+283 		tag: 'a0',
+284 		obj: extSeq2
+285 	    });
+286             this.asn1Array.push(extTagObj);
+287 	} else {
+288             var extTagObj = new _DERTaggedObject({
+289 		explicit: false,
+290 		tag: 'a0',
+291 		obj: new _DERNull()
+292 	    });
+293             this.asn1Array.push(extTagObj);
+294 	}
+295 
+296         var o = new _DERSequence({"array": this.asn1Array});
+297         this.hTLV = o.getEncodedHex();
+298         this.isModified = false;
+299         return this.hTLV;
+300     };
+301 
+302     this._initialize();
+303 };
+304 YAHOO.lang.extend(KJUR.asn1.csr.CertificationRequestInfo, KJUR.asn1.ASN1Object);
+305 
+306 /**
+307  * Certification Request (CSR/PKCS#10) utilities class<br/>
+308  * @name KJUR.asn1.csr.CSRUtil
+309  * @class Certification Request (CSR/PKCS#10) utilities class
 310  * @description
-311  * This method can generate a CSR certificate signing
-312  * request by a simple JSON object which has following parameters:
+311  * This class provides utility static methods for CSR/PKCS#10.
+312  * Here is a list of methods:
 313  * <ul>
-314  * <li>subject - parameter to be passed to {@link KJUR.asn1.x509.X500Name}</li>
-315  * <li>sbjpubkey - parameter to be passed to {@link KEYUTIL.getKey}</li>
-316  * <li>sigalg - signature algorithm name (ex. SHA256withRSA)</li>
-317  * <li>sbjprvkey - parameter to be passed to {@link KEYUTIL.getKey}</li>
-318  * </ul>
-319  *
-320  * @example
-321  * // 1) by key object
-322  * pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
-323  *   subject: {str: '/C=US/O=Test/CN=example.com'},
-324  *   sbjpubkey: pubKeyObj,
-325  *   sigalg: "SHA256withRSA",
-326  *   sbjprvkey: prvKeyObj
-327  * });
-328  *
-329  * // 2) by private/public key PEM 
-330  * pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
-331  *   subject: {str: '/C=US/O=Test/CN=example.com'},
-332  *   sbjpubkey: pubKeyPEM,
-333  *   sigalg: "SHA256withRSA",
-334  *   sbjprvkey: prvKeyPEM
-335  * });
-336  *
-337  * // 3) with generateKeypair
-338  * kp = KEYUTIL.generateKeypair("RSA", 2048);
-339  * pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
-340  *   subject: {str: '/C=US/O=Test/CN=example.com'},
-341  *   sbjpubkey: kp.pubKeyObj,
-342  *   sigalg: "SHA256withRSA",
-343  *   sbjprvkey: kp.prvKeyObj
-344  * });
-345  *
-346  * // 4) by private/public key PEM with extension
-347  * pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
-348  *   subject: {str: '/C=US/O=Test/CN=example.com'},
-349  *   ext: [
-350  *     {subjectAltName: {array: [{dns: 'example.net'}]}
-351  *   ],
-352  *   sbjpubkey: pubKeyPEM,
-353  *   sigalg: "SHA256withRSA",
-354  *   sbjprvkey: prvKeyPEM
-355  * });
-356  */
-357 KJUR.asn1.csr.CSRUtil.newCSRPEM = function(param) {
-358     var ns1 = KJUR.asn1.csr;
-359 
-360     if (param.subject === undefined) throw "parameter subject undefined";
-361     if (param.sbjpubkey === undefined) throw "parameter sbjpubkey undefined";
-362     if (param.sigalg === undefined) throw "parameter sigalg undefined";
-363     if (param.sbjprvkey === undefined) throw "parameter sbjpubkey undefined";
-364 
-365     var csri = new ns1.CertificationRequestInfo();
-366     csri.setSubjectByParam(param.subject);
-367     csri.setSubjectPublicKeyByGetKey(param.sbjpubkey);
-368 
-369     if (param.ext !== undefined && param.ext.length !== undefined) {
-370 	for (var i = 0; i < param.ext.length; i++) {
-371 	    for (key in param.ext[i]) {
-372                 csri.appendExtensionByName(key, param.ext[i][key]);
-373 	    }
-374 	}
-375     }
-376 
-377     var csr = new ns1.CertificationRequest({'csrinfo': csri});
-378     var prvKey = KEYUTIL.getKey(param.sbjprvkey);
-379     csr.sign(param.sigalg, prvKey);
-380 
-381     var pem = csr.getPEMString();
-382     return pem;
-383 };
+314  * <li>{@link KJUR.asn1.csr.CSRUtil.newCSRPEM}</li>
+315  * <li>{@link KJUR.asn1.csr.CSRUtil.getInfo}</li>
+316  * </ul>
+317  * <br/>
+318  */
+319 KJUR.asn1.csr.CSRUtil = new function() {
+320 };
+321 
+322 /**
+323  * generate a PEM format of CSR/PKCS#10 certificate signing request
+324  * @name newCSRPEM
+325  * @memberOf KJUR.asn1.csr.CSRUtil
+326  * @function
+327  * @param {Array} param parameter to generate CSR
+328  * @since jsrsasign 4.9.0 asn1csr 1.0.0
+329  * @description
+330  * This method can generate a CSR certificate signing
+331  * request by a simple JSON object which has following parameters:
+332  * <ul>
+333  * <li>subject - parameter to be passed to {@link KJUR.asn1.x509.X500Name}</li>
+334  * <li>sbjpubkey - parameter to be passed to {@link KEYUTIL.getKey}</li>
+335  * <li>sigalg - signature algorithm name (ex. SHA256withRSA)</li>
+336  * <li>sbjprvkey - parameter to be passed to {@link KEYUTIL.getKey}</li>
+337  * </ul>
+338  *
+339  * @example
+340  * // 1) by key object
+341  * pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
+342  *   subject: {str: '/C=US/O=Test/CN=example.com'},
+343  *   sbjpubkey: pubKeyObj,
+344  *   sigalg: "SHA256withRSA",
+345  *   sbjprvkey: prvKeyObj
+346  * });
+347  *
+348  * // 2) by private/public key PEM 
+349  * pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
+350  *   subject: {str: '/C=US/O=Test/CN=example.com'},
+351  *   sbjpubkey: pubKeyPEM,
+352  *   sigalg: "SHA256withRSA",
+353  *   sbjprvkey: prvKeyPEM
+354  * });
+355  *
+356  * // 3) with generateKeypair
+357  * kp = KEYUTIL.generateKeypair("RSA", 2048);
+358  * pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
+359  *   subject: {str: '/C=US/O=Test/CN=example.com'},
+360  *   sbjpubkey: kp.pubKeyObj,
+361  *   sigalg: "SHA256withRSA",
+362  *   sbjprvkey: kp.prvKeyObj
+363  * });
+364  *
+365  * // 4) by private/public key PEM with extension
+366  * pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
+367  *   subject: {str: '/C=US/O=Test/CN=example.com'},
+368  *   ext: [
+369  *     {subjectAltName: {array: [{dns: 'example.net'}]}
+370  *   ],
+371  *   sbjpubkey: pubKeyPEM,
+372  *   sigalg: "SHA256withRSA",
+373  *   sbjprvkey: prvKeyPEM
+374  * });
+375  */
+376 KJUR.asn1.csr.CSRUtil.newCSRPEM = function(param) {
+377     var _KEYUTIL = KEYUTIL,
+378 	_KJUR_asn1_csr = KJUR.asn1.csr;
+379 
+380     if (param.subject === undefined) throw "parameter subject undefined";
+381     if (param.sbjpubkey === undefined) throw "parameter sbjpubkey undefined";
+382     if (param.sigalg === undefined) throw "parameter sigalg undefined";
+383     if (param.sbjprvkey === undefined) throw "parameter sbjpubkey undefined";
 384 
-385 /**
-386  * get field values from CSR/PKCS#10 PEM string<br/>
-387  * @name getInfo
-388  * @memberOf KJUR.asn1.csr.CSRUtil
-389  * @function
-390  * @param {String} sPEM PEM string of CSR/PKCS#10
-391  * @returns {Object} JSON object with parsed parameters such as name or public key
-392  * @since jsrsasign 6.1.3 asn1csr 1.0.1
-393  * @description
-394  * This method parses PEM CSR/PKCS#1 string and retrieves
-395  * subject name and public key. Following parameters are available in the
-396  * resulted JSON object.
-397  * <ul>
-398  * <li>subject.name - subject name string (ex. /C=US/O=Test)</li>
-399  * <li>subject.hex - hexadecimal string of X.500 Name of subject</li>
-400  * <li>pubkey.obj - subject public key object such as RSAKey, KJUR.crypto.{ECDSA,DSA}</li>
-401  * <li>pubkey.hex - hexadecimal string of subject public key</li>
-402  * </ul>
-403  *
-404  * @example
-405  * o = KJUR.asn1.csr.CSRUtil.getInfo("-----BEGIN CERTIFICATE REQUEST...");
-406  * console.log(o.subject.name) → "/C=US/O=Test"
-407  */
-408 KJUR.asn1.csr.CSRUtil.getInfo = function(sPEM) {
-409     var _ASN1HEX = ASN1HEX;
-410     var _getTLVbyList = _ASN1HEX.getTLVbyList;
-411 
-412     var result = {};
-413     result.subject = {};
-414     result.pubkey = {};
-415 
-416     if (sPEM.indexOf("-----BEGIN CERTIFICATE REQUEST") == -1)
-417 	throw "argument is not PEM file";
-418 
-419     var hex = ASN1HEX.pemToHex(sPEM, "CERTIFICATE REQUEST");
-420 
-421     result.subject.hex = _getTLVbyList(hex, 0, [0, 1]);
-422     result.subject.name = X509.hex2dn(result.subject.hex);
-423 
-424     result.pubkey.hex = _getTLVbyList(hex, 0, [0, 2]);
-425     result.pubkey.obj = KEYUTIL.getKey(result.pubkey.hex, null, "pkcs8pub");
-426 
-427     return result;
-428 };
-429 
-430 
-431 
\ No newline at end of file +385
var csri = new _KJUR_asn1_csr.CertificationRequestInfo(); +386 csri.setSubjectByParam(param.subject); +387 csri.setSubjectPublicKeyByGetKey(param.sbjpubkey); +388 +389 if (param.ext !== undefined && param.ext.length !== undefined) { +390 for (var i = 0; i < param.ext.length; i++) { +391 for (key in param.ext[i]) { +392 csri.appendExtensionByName(key, param.ext[i][key]); +393 } +394 } +395 } +396 +397 var csr = new _KJUR_asn1_csr.CertificationRequest({'csrinfo': csri}); +398 var prvKey = _KEYUTIL.getKey(param.sbjprvkey); +399 csr.sign(param.sigalg, prvKey); +400 +401 var pem = csr.getPEMString(); +402 return pem; +403 }; +404 +405 /** +406 * get field values from CSR/PKCS#10 PEM string<br/> +407 * @name getInfo +408 * @memberOf KJUR.asn1.csr.CSRUtil +409 * @function +410 * @param {String} sPEM PEM string of CSR/PKCS#10 +411 * @returns {Object} JSON object with parsed parameters such as name or public key +412 * @since jsrsasign 6.1.3 asn1csr 1.0.1 +413 * @description +414 * This method parses PEM CSR/PKCS#1 string and retrieves +415 * subject name and public key. Following parameters are available in the +416 * resulted JSON object. +417 * <ul> +418 * <li>subject.name - subject name string (ex. /C=US/O=Test)</li> +419 * <li>subject.hex - hexadecimal string of X.500 Name of subject</li> +420 * <li>pubkey.obj - subject public key object such as RSAKey, KJUR.crypto.{ECDSA,DSA}</li> +421 * <li>pubkey.hex - hexadecimal string of subject public key</li> +422 * </ul> +423 * +424 * @example +425 * o = KJUR.asn1.csr.CSRUtil.getInfo("-----BEGIN CERTIFICATE REQUEST..."); +426 * console.log(o.subject.name) → "/C=US/O=Test" +427 */ +428 KJUR.asn1.csr.CSRUtil.getInfo = function(sPEM) { +429 var _ASN1HEX = ASN1HEX; +430 var _getTLVbyList = _ASN1HEX.getTLVbyList; +431 +432 var result = {}; +433 result.subject = {}; +434 result.pubkey = {}; +435 +436 if (sPEM.indexOf("-----BEGIN CERTIFICATE REQUEST") == -1) +437 throw "argument is not PEM file"; +438 +439 var hex = pemtohex(sPEM, "CERTIFICATE REQUEST"); +440 +441 result.subject.hex = _getTLVbyList(hex, 0, [0, 1]); +442 result.subject.name = X509.hex2dn(result.subject.hex); +443 +444 result.pubkey.hex = _getTLVbyList(hex, 0, [0, 2]); +445 result.pubkey.obj = KEYUTIL.getKey(result.pubkey.hex, null, "pkcs8pub"); +446 +447 return result; +448 }; +449 +450 +451
\ No newline at end of file diff --git a/api/symbols/src/asn1hex-1.1.js.html b/api/symbols/src/asn1hex-1.1.js.html index f41f4911..c2f87242 100644 --- a/api/symbols/src/asn1hex-1.1.js.html +++ b/api/symbols/src/asn1hex-1.1.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
  1 /*! asn1hex-1.1.11.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* asn1hex-1.1.12.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * asn1hex.js - Hexadecimal represented ASN.1 string library
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1hex-1.1.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version asn1hex 1.1.11 (2017-May-11)
+ 19  * @version asn1hex 1.1.12 (2017-Jun-03)
  20  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
  21  */
  22 
@@ -665,7 +665,7 @@
 658  *   INTEGER 01
 659  *   INTEGER 02
 660  * // 5) ASN.1 DUMP FOR X.509 CERTIFICATE
-661  * ASN1HEX.dump(ASN1HEX.pemToHex(certPEM))
+661  * ASN1HEX.dump(pemtohex(certPEM))
 662  * ↓
 663  * SEQUENCE
 664  *   SEQUENCE
@@ -883,7 +883,7 @@
 876 };
 877 
 878 /**
-879  * get hexacedimal string from PEM format data<br/>
+879  * (DEPRECATED) get hexacedimal string from PEM format data<br/>
 880  * @name pemToHex
 881  * @memberOf ASN1HEX
 882  * @function
@@ -891,33 +891,22 @@
 884  * @param {String} sHead PEM header string without BEGIN/END(OPTION)
 885  * @return {String} hexadecimal string data of PEM contents
 886  * @since jsrsasign 7.0.1 asn1hex 1.1.9
-887  * @description
-888  * This static method gets a hexacedimal string of contents 
-889  * from PEM format data. You can explicitly specify PEM header 
-890  * by sHead argument. 
-891  * Any space characters such as white space or new line
-892  * will be omitted.<br/>
-893  * NOTE: Now {@link KEYUTIL.getHexFromPEM} and {@link X509.pemToHex}
-894  * have been deprecated since jsrsasign 7.0.1. 
-895  * Please use this method instead.
-896  * @example
-897  * ASN1HEX.pemToHex("-----BEGIN PUBLIC KEY...") → "3082..."
-898  * ASN1HEX.pemToHex("-----BEGIN CERTIFICATE...", "CERTIFICATE") → "3082..."
-899  * ASN1HEX.pemToHex(" \r\n-----BEGIN DSA PRIVATE KEY...") → "3082..."
-900  */
-901 ASN1HEX.pemToHex = function(s, sHead) {
-902     if (s.indexOf("-----BEGIN ") == -1)
-903         throw "can't find PEM header: " + sHead;
-904 
-905     if (sHead !== undefined) {
-906         s = s.replace("-----BEGIN " + sHead + "-----", "");
-907         s = s.replace("-----END " + sHead + "-----", "");
-908     } else {
-909         s = s.replace(/-----BEGIN [^-]+-----/, '');
-910         s = s.replace(/-----END [^-]+-----/, '');
-911     }
-912     var sB64 = s.replace(/\s+/g, '');
-913     var dataHex = b64tohex(sB64);
-914     return dataHex;
-915 };
-916 
\ No newline at end of file +887 * @deprecated since jsrsasign 7.2.1 asn1hex 1.1.12. Please move to {@link pemtohex} +888 * @description +889 * This static method gets a hexacedimal string of contents +890 * from PEM format data. You can explicitly specify PEM header +891 * by sHead argument. +892 * Any space characters such as white space or new line +893 * will be omitted.<br/> +894 * NOTE: Now {@link KEYUTIL.getHexFromPEM} and {@link X509.pemToHex} +895 * have been deprecated since jsrsasign 7.0.1. +896 * Please use this method instead. +897 * @example +898 * ASN1HEX.pemToHex("-----BEGIN PUBLIC KEY...") → "3082..." +899 * ASN1HEX.pemToHex("-----BEGIN CERTIFICATE...", "CERTIFICATE") → "3082..." +900 * ASN1HEX.pemToHex(" \r\n-----BEGIN DSA PRIVATE KEY...") → "3082..." +901 */
+902 ASN1HEX.pemToHex = function(s, sHead) { +903 return pemtohex(s, sHead); +904 }; +905
\ No newline at end of file diff --git a/api/symbols/src/asn1ocsp-1.0.js.html b/api/symbols/src/asn1ocsp-1.0.js.html index 7c222b76..61655b1a 100644 --- a/api/symbols/src/asn1ocsp-1.0.js.html +++ b/api/symbols/src/asn1ocsp-1.0.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
  1 /*! asn1ocsp-1.0.2.js (c) 2016 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* asn1ocsp-1.0.3.js (c) 2016 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * asn1ocsp.js - ASN.1 DER encoder classes for OCSP protocol
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1ocsp-1.0.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 7.2.0 asn1ocsp 1.0.2 (2017-May-12)
+ 19  * @version jsrsasign 7.2.1 asn1ocsp 1.0.3 (2017-Jun-03)
  20  * @since jsrsasign 6.1.0
  21  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -91,410 +91,441 @@
  84  * o = new KJUR.asn1.ocsp.CertID({namehash: "1a...", keyhash: "ad...", serial: "1234", alg: "sha256"});
  85  */
  86 KJUR.asn1.ocsp.CertID = function(params) {
- 87     KJUR.asn1.ocsp.CertID.superclass.constructor.call(this);
- 88     var nA = KJUR.asn1;
- 89     var nX = KJUR.asn1.x509;
- 90     this.dHashAlg = null;
- 91     this.dIssuerNameHash = null;
- 92     this.dIssuerKeyHash = null;
- 93     this.dSerialNumber = null;
- 94 
- 95     /**
- 96      * set CertID ASN.1 object by values.<br/>
- 97      * @name setByValue
- 98      * @memberOf KJUR.asn1.ocsp.CertID#
- 99      * @function
-100      * @param {String} issuerNameHashHex hexadecimal string of hash value of issuer name
-101      * @param {String} issuerKeyHashHex hexadecimal string of hash value of issuer public key
-102      * @param {String} serialNumberHex hexadecimal string of certificate serial number to be verified
-103      * @param {String} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1
-104      * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
-105      * @example
-106      * o = new KJUR.asn1.ocsp.CertID();
-107      * o.setByValue("1fac...", "fd3a...", "1234"); // sha1 is used by default
-108      * o.setByValue("1fac...", "fd3a...", "1234", "sha256");
-109      */
-110     this.setByValue = function(issuerNameHashHex, issuerKeyHashHex,
-111 			       serialNumberHex, algName) {
-112 	if (algName === undefined)
-113 	    algName = KJUR.asn1.ocsp.DEFAULT_HASH;
-114 	this.dHashAlg =        new nX.AlgorithmIdentifier({name: algName});
-115 	this.dIssuerNameHash = new nA.DEROctetString({hex: issuerNameHashHex});
-116 	this.dIssuerKeyHash =  new nA.DEROctetString({hex: issuerKeyHashHex});
-117 	this.dSerialNumber =   new nA.DERInteger({hex: serialNumberHex});
-118     };
-119 
-120     /**
-121      * set CertID ASN.1 object by PEM certificates.<br/>
-122      * @name setByCert
-123      * @memberOf KJUR.asn1.ocsp.CertID#
-124      * @function
-125      * @param {String} issuerCert string of PEM issuer certificate
-126      * @param {String} subjectCert string of PEM subject certificate to be verified by OCSP
-127      * @param {String} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1
-128      * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
-129      * @example
-130      * o = new KJUR.asn1.ocsp.CertID();
-131      * o.setByCert("-----BEGIN...", "-----BEGIN..."); // sha1 is used by default
-132      * o.setByCert("-----BEGIN...", "-----BEGIN...", "sha256");
-133      */
-134     this.setByCert = function(issuerCert, subjectCert, algName) {
-135 	if (algName === undefined)
-136 	    algName = KJUR.asn1.ocsp.DEFAULT_HASH;
-137 
-138 	var xSbj = new X509();
-139 	xSbj.readCertPEM(subjectCert);
-140 	var xIss = new X509();
-141 	xIss.readCertPEM(issuerCert);
-142 	var kiPropIss = X509.getPublicKeyInfoPropOfCertPEM(issuerCert);
-143         var issuerKeyHex = kiPropIss.keyhex;
-144 
-145 	var serialNumberHex = xSbj.getSerialNumberHex();
-146 	var issuerNameHashHex = KJUR.crypto.Util.hashHex(xIss.getSubjectHex(), algName);
-147 	var issuerKeyHashHex = KJUR.crypto.Util.hashHex(issuerKeyHex, algName);
-148 	this.setByValue(issuerNameHashHex, issuerKeyHashHex,
-149 			serialNumberHex, algName);
-150 	this.hoge = xSbj.getSerialNumberHex();
-151     };
-152 
-153     this.getEncodedHex = function() {
-154 	if (this.dHashAlg === null && 
-155 	    this.dIssuerNameHash === null &&
-156 	    this.dIssuerKeyHash === null &&
-157 	    this.dSerialNumber === null)
-158 	    throw "not yet set values";
-159 
-160 	var a = [this.dHashAlg, this.dIssuerNameHash,
-161 		 this.dIssuerKeyHash, this.dSerialNumber];
-162 	var seq = new nA.DERSequence({array: a});
-163         this.hTLV = seq.getEncodedHex();
-164         return this.hTLV;
-165     };
-166 
-167     if (typeof params !== "undefined") {
-168 	var p = params;
-169 	if (typeof p.issuerCert !== "undefined" &&
-170 	    typeof p.subjectCert !== "undefined") {
-171 	    var alg = KJUR.asn1.ocsp.DEFAULT_HASH;
-172 	    if (typeof p.alg === "undefined") alg = undefined;
-173 	    this.setByCert(p.issuerCert, p.subjectCert, alg);
-174 	} else if (typeof p.namehash !== "undefined" &&
-175 		   typeof p.keyhash !== "undefined" &&
-176 		   typeof p.serial !== "undefined") {
-177 	    var alg = KJUR.asn1.ocsp.DEFAULT_HASH;
-178 	    if (typeof p.alg === "undefined") alg = undefined;
-179 	    this.setByValue(p.namehash, p.keyhash, p.serial, alg);
-180 	} else {
-181 	    throw "invalid constructor arguments";
-182 	}
-183     }
-184 };
-185 YAHOO.lang.extend(KJUR.asn1.ocsp.CertID, KJUR.asn1.ASN1Object);
-186 
-187 /**
-188  * ASN.1 Request class for OCSP<br/>
-189  * @name KJUR.asn1.ocsp.Request
-190  * @class ASN.1 Request class for OCSP
-191  * @param {Array} params associative array of parameters
-192  * @extends KJUR.asn1.ASN1Object
-193  * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
-194  * @description
-195  * Request ASN.1 class is defined in 
-196  * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
-197  * singleRequestExtensions is not supported yet in this version such as nonce.
-198  * <pre>
-199  * Request ::= SEQUENCE {
-200  *   reqCert                  CertID,
-201  *   singleRequestExtensions  [0] EXPLICIT Extensions OPTIONAL }
-202  * </pre>
-203  * @example
-204  * // default constructor
-205  * o = new KJUR.asn1.ocsp.Request();
-206  * // constructor with certs (sha1 is used by default)
-207  * o = new KJUR.asn1.ocsp.Request({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN..."});
-208  * // constructor with certs and sha256
-209  * o = new KJUR.asn1.ocsp.Request({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"});
-210  * // constructor with values
-211  * o = new KJUR.asn1.ocsp.Request({namehash: "1a...", keyhash: "ad...", serial: "1234", alg: "sha256"});
-212  */
-213 KJUR.asn1.ocsp.Request = function(params) {
-214     KJUR.asn1.ocsp.Request.superclass.constructor.call(this);
-215     this.dReqCert = null;
-216     this.dExt = null;
-217     
-218     this.getEncodedHex = function() {
-219 	var a = [];
-220 
-221 	// 1. reqCert
-222 	if (this.dReqCert === null)
-223 	    throw "reqCert not set";
-224 	a.push(this.dReqCert);
-225 
-226 	// 2. singleRequestExtensions (not supported yet)
-227 
-228 	// 3. construct SEQUENCE
-229 	var seq = new KJUR.asn1.DERSequence({array: a});
-230         this.hTLV = seq.getEncodedHex();
-231         return this.hTLV;
-232     };
-233 
-234     if (typeof params !== "undefined") {
-235 	var o = new KJUR.asn1.ocsp.CertID(params);
-236 	this.dReqCert = o;
-237     }
-238 };
-239 YAHOO.lang.extend(KJUR.asn1.ocsp.Request, KJUR.asn1.ASN1Object);
-240 
-241 /**
-242  * ASN.1 TBSRequest class for OCSP<br/>
-243  * @name KJUR.asn1.ocsp.TBSRequest
-244  * @class ASN.1 TBSRequest class for OCSP
-245  * @param {Array} params associative array of parameters
-246  * @extends KJUR.asn1.ASN1Object
-247  * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
-248  * @description
-249  * TBSRequest ASN.1 class is defined in 
-250  * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
-251  * <pre>
-252  * TBSRequest ::= SEQUENCE {
-253  *   version            [0] EXPLICIT Version DEFAULT v1,
-254  *   requestorName      [1] EXPLICIT GeneralName OPTIONAL,
-255  *   requestList            SEQUENCE OF Request,
-256  *   requestExtensions  [2] EXPLICIT Extensions OPTIONAL }
-257  * </pre>
-258  * @example
-259  * // default constructor
-260  * o = new KJUR.asn1.ocsp.TBSRequest();
-261  * // constructor with requestList parameter
-262  * o = new KJUR.asn1.ocsp.TBSRequest({reqList:[
-263  *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg:},
-264  *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"}
-265  * ]});
-266  */
-267 KJUR.asn1.ocsp.TBSRequest = function(params) {
-268     KJUR.asn1.ocsp.TBSRequest.superclass.constructor.call(this);
-269     this.version = 0;
-270     this.dRequestorName = null;
-271     this.dRequestList = [];
-272     this.dRequestExt = null;
-273 
-274     /**
-275      * set TBSRequest ASN.1 object by array of parameters.<br/>
-276      * @name setRequestListByParam
-277      * @memberOf KJUR.asn1.ocsp.TBSRequest#
-278      * @function
-279      * @param {Array} aParams array of parameters for Request class
-280      * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
-281      * @example
-282      * o = new KJUR.asn1.ocsp.TBSRequest();
-283      * o.setRequestListByParam([
-284      *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg:},
-285      *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"}
-286      * ]);
-287      */
-288     this.setRequestListByParam = function(aParams) {
-289 	var a = [];
-290 	for (var i = 0; i < aParams.length; i++) {
-291 	    var dReq = new KJUR.asn1.ocsp.Request(aParams[0]);
-292 	    a.push(dReq);
-293 	}
-294 	this.dRequestList = a;
-295     };
-296 
-297     this.getEncodedHex = function() {
-298 	var a = [];
-299 
-300 	// 1. version
-301 	if (this.version !== 0)
-302 	    throw "not supported version: " + this.version;
-303 
-304 	// 2. requestorName
-305 	if (this.dRequestorName !== null)
-306 	    throw "requestorName not supported";
-307 
-308 	// 3. requestList
-309 	var seqRequestList = 
-310 	    new KJUR.asn1.DERSequence({array: this.dRequestList});
-311 	a.push(seqRequestList);
-312 
-313 	// 4. requestExtensions
-314 	if (this.dRequestExt !== null)
-315 	    throw "requestExtensions not supported";
-316 
-317 	// 5. construct SEQUENCE
-318 	var seq = new KJUR.asn1.DERSequence({array: a});
-319         this.hTLV = seq.getEncodedHex();
-320         return this.hTLV;
-321     };
-322 
-323     if (typeof params !== "undefined") {
-324 	if (typeof params.reqList !== "undefined")
-325 	    this.setRequestListByParam(params.reqList);
-326     }
-327 };
-328 YAHOO.lang.extend(KJUR.asn1.ocsp.TBSRequest, KJUR.asn1.ASN1Object);
+ 87     var _KJUR = KJUR,
+ 88 	_KJUR_asn1 = _KJUR.asn1,
+ 89 	_DEROctetString = _KJUR_asn1.DEROctetString,
+ 90 	_DERInteger = _KJUR_asn1.DERInteger,
+ 91 	_DERSequence = _KJUR_asn1.DERSequence,
+ 92 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+ 93 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
+ 94 	_KJUR_asn1_ocsp = _KJUR_asn1.ocsp,
+ 95 	_DEFAULT_HASH = _KJUR_asn1_ocsp.DEFAULT_HASH,
+ 96 	_KJUR_crypto = _KJUR.crypto,
+ 97 	_hashHex = _KJUR_crypto.Util.hashHex,
+ 98 	_X509 = X509,
+ 99 	_ASN1HEX = ASN1HEX;
+100 
+101     _KJUR_asn1_ocsp.CertID.superclass.constructor.call(this);
+102 
+103     this.dHashAlg = null;
+104     this.dIssuerNameHash = null;
+105     this.dIssuerKeyHash = null;
+106     this.dSerialNumber = null;
+107 
+108     /**
+109      * set CertID ASN.1 object by values.<br/>
+110      * @name setByValue
+111      * @memberOf KJUR.asn1.ocsp.CertID#
+112      * @function
+113      * @param {String} issuerNameHashHex hexadecimal string of hash value of issuer name
+114      * @param {String} issuerKeyHashHex hexadecimal string of hash value of issuer public key
+115      * @param {String} serialNumberHex hexadecimal string of certificate serial number to be verified
+116      * @param {String} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1
+117      * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
+118      * @example
+119      * o = new KJUR.asn1.ocsp.CertID();
+120      * o.setByValue("1fac...", "fd3a...", "1234"); // sha1 is used by default
+121      * o.setByValue("1fac...", "fd3a...", "1234", "sha256");
+122      */
+123     this.setByValue = function(issuerNameHashHex, issuerKeyHashHex,
+124 			       serialNumberHex, algName) {
+125 	if (algName === undefined) algName = _DEFAULT_HASH;
+126 	this.dHashAlg =        new _AlgorithmIdentifier({name: algName});
+127 	this.dIssuerNameHash = new _DEROctetString({hex: issuerNameHashHex});
+128 	this.dIssuerKeyHash =  new _DEROctetString({hex: issuerKeyHashHex});
+129 	this.dSerialNumber =   new _DERInteger({hex: serialNumberHex});
+130     };
+131 
+132     /**
+133      * set CertID ASN.1 object by PEM certificates.<br/>
+134      * @name setByCert
+135      * @memberOf KJUR.asn1.ocsp.CertID#
+136      * @function
+137      * @param {String} issuerCert string of PEM issuer certificate
+138      * @param {String} subjectCert string of PEM subject certificate to be verified by OCSP
+139      * @param {String} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1
+140      * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
+141      * @example
+142      * o = new KJUR.asn1.ocsp.CertID();
+143      * o.setByCert("-----BEGIN...", "-----BEGIN..."); // sha1 is used by default
+144      * o.setByCert("-----BEGIN...", "-----BEGIN...", "sha256");
+145      */
+146     this.setByCert = function(issuerCert, subjectCert, algName) {
+147 	if (algName === undefined) algName = _DEFAULT_HASH;
+148 
+149 	var xSbj = new _X509();
+150 	xSbj.readCertPEM(subjectCert);
+151 	var xIss = new _X509();
+152 	xIss.readCertPEM(issuerCert);
+153 
+154 	var hISS_SPKI = xIss.getPublicKeyHex();
+155 	var issuerKeyHex = _ASN1HEX.getTLVbyList(hISS_SPKI, 0, [1, 0], "30");
+156 
+157 	var serialNumberHex = xSbj.getSerialNumberHex();
+158 	var issuerNameHashHex = _hashHex(xIss.getSubjectHex(), algName);
+159 	var issuerKeyHashHex = _hashHex(issuerKeyHex, algName);
+160 	this.setByValue(issuerNameHashHex, issuerKeyHashHex,
+161 			serialNumberHex, algName);
+162 	this.hoge = xSbj.getSerialNumberHex();
+163     };
+164 
+165     this.getEncodedHex = function() {
+166 	if (this.dHashAlg === null && 
+167 	    this.dIssuerNameHash === null &&
+168 	    this.dIssuerKeyHash === null &&
+169 	    this.dSerialNumber === null)
+170 	    throw "not yet set values";
+171 
+172 	var a = [this.dHashAlg, this.dIssuerNameHash,
+173 		 this.dIssuerKeyHash, this.dSerialNumber];
+174 	var seq = new _DERSequence({array: a});
+175         this.hTLV = seq.getEncodedHex();
+176         return this.hTLV;
+177     };
+178 
+179     if (params !== undefined) {
+180 	var p = params;
+181 	if (p.issuerCert !== undefined &&
+182 	    p.subjectCert !== undefined) {
+183 	    var alg = _DEFAULT_HASH;
+184 	    if (p.alg === undefined) alg = undefined;
+185 	    this.setByCert(p.issuerCert, p.subjectCert, alg);
+186 	} else if (p.namehash !== undefined &&
+187 		   p.keyhash !== undefined &&
+188 		   p.serial !== undefined) {
+189 	    var alg = _DEFAULT_HASH;
+190 	    if (p.alg === undefined) alg = undefined;
+191 	    this.setByValue(p.namehash, p.keyhash, p.serial, alg);
+192 	} else {
+193 	    throw "invalid constructor arguments";
+194 	}
+195     }
+196 };
+197 YAHOO.lang.extend(KJUR.asn1.ocsp.CertID, KJUR.asn1.ASN1Object);
+198 
+199 /**
+200  * ASN.1 Request class for OCSP<br/>
+201  * @name KJUR.asn1.ocsp.Request
+202  * @class ASN.1 Request class for OCSP
+203  * @param {Array} params associative array of parameters
+204  * @extends KJUR.asn1.ASN1Object
+205  * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
+206  * @description
+207  * Request ASN.1 class is defined in 
+208  * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
+209  * singleRequestExtensions is not supported yet in this version such as nonce.
+210  * <pre>
+211  * Request ::= SEQUENCE {
+212  *   reqCert                  CertID,
+213  *   singleRequestExtensions  [0] EXPLICIT Extensions OPTIONAL }
+214  * </pre>
+215  * @example
+216  * // default constructor
+217  * o = new KJUR.asn1.ocsp.Request();
+218  * // constructor with certs (sha1 is used by default)
+219  * o = new KJUR.asn1.ocsp.Request({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN..."});
+220  * // constructor with certs and sha256
+221  * o = new KJUR.asn1.ocsp.Request({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"});
+222  * // constructor with values
+223  * o = new KJUR.asn1.ocsp.Request({namehash: "1a...", keyhash: "ad...", serial: "1234", alg: "sha256"});
+224  */
+225 KJUR.asn1.ocsp.Request = function(params) {
+226     var _KJUR = KJUR,
+227 	_KJUR_asn1 = _KJUR.asn1,
+228 	_DERSequence = _KJUR_asn1.DERSequence,
+229 	_KJUR_asn1_ocsp = _KJUR_asn1.ocsp;
+230     
+231     _KJUR_asn1_ocsp.Request.superclass.constructor.call(this);
+232     this.dReqCert = null;
+233     this.dExt = null;
+234     
+235     this.getEncodedHex = function() {
+236 	var a = [];
+237 
+238 	// 1. reqCert
+239 	if (this.dReqCert === null)
+240 	    throw "reqCert not set";
+241 	a.push(this.dReqCert);
+242 
+243 	// 2. singleRequestExtensions (not supported yet)
+244 
+245 	// 3. construct SEQUENCE
+246 	var seq = new _DERSequence({array: a});
+247         this.hTLV = seq.getEncodedHex();
+248         return this.hTLV;
+249     };
+250 
+251     if (typeof params !== "undefined") {
+252 	var o = new _KJUR_asn1_ocsp.CertID(params);
+253 	this.dReqCert = o;
+254     }
+255 };
+256 YAHOO.lang.extend(KJUR.asn1.ocsp.Request, KJUR.asn1.ASN1Object);
+257 
+258 /**
+259  * ASN.1 TBSRequest class for OCSP<br/>
+260  * @name KJUR.asn1.ocsp.TBSRequest
+261  * @class ASN.1 TBSRequest class for OCSP
+262  * @param {Array} params associative array of parameters
+263  * @extends KJUR.asn1.ASN1Object
+264  * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
+265  * @description
+266  * TBSRequest ASN.1 class is defined in 
+267  * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
+268  * <pre>
+269  * TBSRequest ::= SEQUENCE {
+270  *   version            [0] EXPLICIT Version DEFAULT v1,
+271  *   requestorName      [1] EXPLICIT GeneralName OPTIONAL,
+272  *   requestList            SEQUENCE OF Request,
+273  *   requestExtensions  [2] EXPLICIT Extensions OPTIONAL }
+274  * </pre>
+275  * @example
+276  * // default constructor
+277  * o = new KJUR.asn1.ocsp.TBSRequest();
+278  * // constructor with requestList parameter
+279  * o = new KJUR.asn1.ocsp.TBSRequest({reqList:[
+280  *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg:},
+281  *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"}
+282  * ]});
+283  */
+284 KJUR.asn1.ocsp.TBSRequest = function(params) {
+285     var _KJUR = KJUR,
+286 	_KJUR_asn1 = _KJUR.asn1,
+287 	_DERSequence = _KJUR_asn1.DERSequence,
+288 	_KJUR_asn1_ocsp = _KJUR_asn1.ocsp;
+289 
+290     _KJUR_asn1_ocsp.TBSRequest.superclass.constructor.call(this);
+291     this.version = 0;
+292     this.dRequestorName = null;
+293     this.dRequestList = [];
+294     this.dRequestExt = null;
+295 
+296     /**
+297      * set TBSRequest ASN.1 object by array of parameters.<br/>
+298      * @name setRequestListByParam
+299      * @memberOf KJUR.asn1.ocsp.TBSRequest#
+300      * @function
+301      * @param {Array} aParams array of parameters for Request class
+302      * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
+303      * @example
+304      * o = new KJUR.asn1.ocsp.TBSRequest();
+305      * o.setRequestListByParam([
+306      *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg:},
+307      *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"}
+308      * ]);
+309      */
+310     this.setRequestListByParam = function(aParams) {
+311 	var a = [];
+312 	for (var i = 0; i < aParams.length; i++) {
+313 	    var dReq = new _KJUR_asn1_ocsp.Request(aParams[0]);
+314 	    a.push(dReq);
+315 	}
+316 	this.dRequestList = a;
+317     };
+318 
+319     this.getEncodedHex = function() {
+320 	var a = [];
+321 
+322 	// 1. version
+323 	if (this.version !== 0)
+324 	    throw "not supported version: " + this.version;
+325 
+326 	// 2. requestorName
+327 	if (this.dRequestorName !== null)
+328 	    throw "requestorName not supported";
 329 
-330 
-331 /**
-332  * ASN.1 OCSPRequest class for OCSP<br/>
-333  * @name KJUR.asn1.ocsp.OCSPRequest
-334  * @class ASN.1 OCSPRequest class for OCSP
-335  * @param {Array} params associative array of parameters
-336  * @extends KJUR.asn1.ASN1Object
-337  * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
-338  * @description
-339  * OCSPRequest ASN.1 class is defined in 
-340  * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
-341  * A signed request is not supported yet in this version.
-342  * <pre>
-343  * OCSPRequest ::= SEQUENCE {
-344  *   tbsRequest             TBSRequest,
-345  *   optionalSignature  [0] EXPLICIT Signature OPTIONAL }
-346  * </pre>
-347  * @example
-348  * // default constructor
-349  * o = new KJUR.asn1.ocsp.OCSPRequest();
-350  * // constructor with requestList parameter
-351  * o = new KJUR.asn1.ocsp.OCSPRequest({reqList:[
-352  *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg:},
-353  *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"}
-354  * ]});
-355  */
-356 KJUR.asn1.ocsp.OCSPRequest = function(params) {
-357     KJUR.asn1.ocsp.OCSPRequest.superclass.constructor.call(this);
-358     this.dTbsRequest = null;
-359     this.dOptionalSignature = null;
-360 
-361     this.getEncodedHex = function() {
-362 	var a = [];
-363 
-364 	// 1. tbsRequest
-365 	if (this.dTbsRequest !== null) {
-366 	    a.push(this.dTbsRequest);
-367 	} else {
-368 	    throw "tbsRequest not set";
-369 	}
-370 
-371 	// 2. optionalSignature
-372 	if (this.dOptionalSignature !== null)
-373 	    throw "optionalSignature not supported";
-374 
-375 	// 3. construct SEQUENCE
-376 	var seq = new KJUR.asn1.DERSequence({array: a});
-377         this.hTLV = seq.getEncodedHex();
-378         return this.hTLV;
-379     };
-380 
-381     if (typeof params !== "undefined") {
-382 	if (typeof params.reqList !== "undefined") {
-383 	    var o = new KJUR.asn1.ocsp.TBSRequest(params);
-384 	    this.dTbsRequest = o;
-385 	}
-386     }
-387 };
-388 YAHOO.lang.extend(KJUR.asn1.ocsp.OCSPRequest, KJUR.asn1.ASN1Object);
-389 
-390 /**
-391  * Utility class for OCSP<br/>
-392  * @name KJUR.asn1.ocsp.OCSPUtil
-393  * @class Utility class for OCSP
-394  * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
-395  * @description
-396  * This class provides utility static methods for OCSP.
-397  * <ul>
-398  * <li>{@link KJUR.asn1.ocsp.OCSPUtil.getRequestHex} - generates hexadecimal string of OCSP request</li>
-399  * </ul>
-400  */
-401 KJUR.asn1.ocsp.OCSPUtil = {};
-402 
-403 /**
-404  * generates hexadecimal string of OCSP request<br/>
-405  * @name getRequestHex
-406  * @memberOf KJUR.asn1.ocsp.OCSPUtil
-407  * @function
-408  * @param {String} issuerCert string of PEM issuer certificate
-409  * @param {String} subjectCert string of PEM subject certificate to be verified by OCSP
-410  * @param {String} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1
-411  * @return {String} hexadecimal string of generated OCSP request
-412  * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
-413  * @description
-414  * This static method generates hexadecimal string of OCSP request.
-415  * @example
-416  * // generate OCSP request using sha1 algorithnm by default.
-417  * hReq = KJUR.asn1.ocsp.OCSPUtil.getRequestHex("-----BEGIN...", "-----BEGIN...");
-418  */
-419 KJUR.asn1.ocsp.OCSPUtil.getRequestHex = function(issuerCert, subjectCert, alg) {
-420     if (alg === undefined) alg = KJUR.asn1.ocsp.DEFAULT_HASH;
-421     var param = {alg: alg, issuerCert: issuerCert, subjectCert: subjectCert};
-422     var o = new KJUR.asn1.ocsp.OCSPRequest({reqList: [param]});
-423     return o.getEncodedHex();
-424 };
-425 
-426 /**
-427  * parse OCSPResponse<br/>
-428  * @name getOCSPResponseInfo
-429  * @memberOf KJUR.asn1.ocsp.OCSPUtil
-430  * @function
-431  * @param {String} h hexadecimal string of DER OCSPResponse
-432  * @return {Object} JSON object of parsed OCSPResponse
-433  * @since jsrsasign 6.1.0 asn1ocsp 1.0.1
-434  * @description
-435  * This static method parse a hexadecimal string of DER OCSPResponse and
-436  * returns JSON object of its parsed result.
-437  * Its result has following properties:
-438  * <ul>
-439  * <li>responseStatus - integer of responseStatus</li>
-440  * <li>certStatus - string of certStatus (ex. good, revoked or unknown)</li>
-441  * <li>thisUpdate - string of thisUpdate in Zulu(ex. 20151231235959Z)</li>
-442  * <li>nextUpdate - string of nextUpdate in Zulu(ex. 20151231235959Z)</li>
-443  * </ul>
-444  * @example
-445  * info = KJUR.asn1.ocsp.OCSPUtil.getOCSPResponseInfo("3082...");
-446  */
-447 KJUR.asn1.ocsp.OCSPUtil.getOCSPResponseInfo = function(h) {
-448     var _ASN1HEX = ASN1HEX;
-449     var _getVbyList = _ASN1HEX.getVbyList;
-450     var _getIdxbyList = _ASN1HEX.getIdxbyList;
-451     var _getVbyList = _ASN1HEX.getVbyList;
-452     var _getV = _ASN1HEX.getV;
-453 
-454     var result = {};
-455     try {
-456 	var v = _getVbyList(h, 0, [0], "0a");
-457 	result.responseStatus = parseInt(v, 16);
-458     } catch(ex) {};
-459     if (result.responseStatus !== 0) return result;
-460 
-461     try {
-462 	// certStatus
-463 	var idxCertStatus = _getIdxbyList(h, 0, [1,0,1,0,0,2,0,1]);
-464 	if (h.substr(idxCertStatus, 2) === "80") {
-465 	    result.certStatus = "good";
-466 	} else if (h.substr(idxCertStatus, 2) === "a1") {
-467 	    result.certStatus = "revoked";
-468 	    result.revocationTime = 
-469 		hextoutf8(_getVbyList(h, idxCertStatus, [0]));
-470 	} else if (h.substr(idxCertStatus, 2) === "82") {
-471 	    result.certStatus = "unknown";
-472 	}
-473     } catch (ex) {};
-474 
-475     // thisUpdate
-476     try {
-477 	var idxThisUpdate = _getIdxbyList(h, 0, [1,0,1,0,0,2,0,2]);
-478 	result.thisUpdate = hextoutf8(_getV(h, idxThisUpdate));
-479     } catch (ex) {};
-480 
-481     // nextUpdate
-482     try {
-483 	var idxEncapNextUpdate = _getIdxbyList(h, 0, [1,0,1,0,0,2,0,3]);
-484 	if (h.substr(idxEncapNextUpdate, 2) === "a0") {
-485 	    result.nextUpdate = 
-486 		hextoutf8(_getVbyList(h, idxEncapNextUpdate, [0]));
-487 	}
-488     } catch (ex) {};
-489 
-490     return result;
-491 };
-492 
-493 
\ No newline at end of file +330
// 3. requestList +331 var seqRequestList = +332 new _DERSequence({array: this.dRequestList}); +333 a.push(seqRequestList); +334 +335 // 4. requestExtensions +336 if (this.dRequestExt !== null) +337 throw "requestExtensions not supported"; +338 +339 // 5. construct SEQUENCE +340 var seq = new _DERSequence({array: a}); +341 this.hTLV = seq.getEncodedHex(); +342 return this.hTLV; +343 }; +344 +345 if (params !== undefined) { +346 if (params.reqList !== undefined) +347 this.setRequestListByParam(params.reqList); +348 } +349 }; +350 YAHOO.lang.extend(KJUR.asn1.ocsp.TBSRequest, KJUR.asn1.ASN1Object); +351 +352 +353 /** +354 * ASN.1 OCSPRequest class for OCSP<br/> +355 * @name KJUR.asn1.ocsp.OCSPRequest +356 * @class ASN.1 OCSPRequest class for OCSP +357 * @param {Array} params associative array of parameters +358 * @extends KJUR.asn1.ASN1Object +359 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 +360 * @description +361 * OCSPRequest ASN.1 class is defined in +362 * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. +363 * A signed request is not supported yet in this version. +364 * <pre> +365 * OCSPRequest ::= SEQUENCE { +366 * tbsRequest TBSRequest, +367 * optionalSignature [0] EXPLICIT Signature OPTIONAL } +368 * </pre> +369 * @example +370 * // default constructor +371 * o = new KJUR.asn1.ocsp.OCSPRequest(); +372 * // constructor with requestList parameter +373 * o = new KJUR.asn1.ocsp.OCSPRequest({reqList:[ +374 * {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg:}, +375 * {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"} +376 * ]}); +377 */ +378 KJUR.asn1.ocsp.OCSPRequest = function(params) { +379 var _KJUR = KJUR, +380 _KJUR_asn1 = _KJUR.asn1, +381 _DERSequence = _KJUR_asn1.DERSequence, +382 _KJUR_asn1_ocsp = _KJUR_asn1.ocsp; +383 +384 _KJUR_asn1_ocsp.OCSPRequest.superclass.constructor.call(this); +385 this.dTbsRequest = null; +386 this.dOptionalSignature = null; +387 +388 this.getEncodedHex = function() { +389 var a = []; +390 +391 // 1. tbsRequest +392 if (this.dTbsRequest !== null) { +393 a.push(this.dTbsRequest); +394 } else { +395 throw "tbsRequest not set"; +396 } +397 +398 // 2. optionalSignature +399 if (this.dOptionalSignature !== null) +400 throw "optionalSignature not supported"; +401 +402 // 3. construct SEQUENCE +403 var seq = new _DERSequence({array: a}); +404 this.hTLV = seq.getEncodedHex(); +405 return this.hTLV; +406 }; +407 +408 if (params !== undefined) { +409 if (params.reqList !== undefined) { +410 var o = new _KJUR_asn1_ocsp.TBSRequest(params); +411 this.dTbsRequest = o; +412 } +413 } +414 }; +415 YAHOO.lang.extend(KJUR.asn1.ocsp.OCSPRequest, KJUR.asn1.ASN1Object); +416 +417 /** +418 * Utility class for OCSP<br/> +419 * @name KJUR.asn1.ocsp.OCSPUtil +420 * @class Utility class for OCSP +421 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 +422 * @description +423 * This class provides utility static methods for OCSP. +424 * <ul> +425 * <li>{@link KJUR.asn1.ocsp.OCSPUtil.getRequestHex} - generates hexadecimal string of OCSP request</li> +426 * </ul> +427 */ +428 KJUR.asn1.ocsp.OCSPUtil = {}; +429 +430 /** +431 * generates hexadecimal string of OCSP request<br/> +432 * @name getRequestHex +433 * @memberOf KJUR.asn1.ocsp.OCSPUtil +434 * @function +435 * @param {String} issuerCert string of PEM issuer certificate +436 * @param {String} subjectCert string of PEM subject certificate to be verified by OCSP +437 * @param {String} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1 +438 * @return {String} hexadecimal string of generated OCSP request +439 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 +440 * @description +441 * This static method generates hexadecimal string of OCSP request. +442 * @example +443 * // generate OCSP request using sha1 algorithnm by default. +444 * hReq = KJUR.asn1.ocsp.OCSPUtil.getRequestHex("-----BEGIN...", "-----BEGIN..."); +445 */ +446 KJUR.asn1.ocsp.OCSPUtil.getRequestHex = function(issuerCert, subjectCert, alg) { +447 var _KJUR = KJUR, +448 _KJUR_asn1 = _KJUR.asn1, +449 _KJUR_asn1_ocsp = _KJUR_asn1.ocsp; +450 +451 if (alg === undefined) alg = _KJUR_asn1_ocsp.DEFAULT_HASH; +452 var param = {alg: alg, issuerCert: issuerCert, subjectCert: subjectCert}; +453 var o = new _KJUR_asn1_ocsp.OCSPRequest({reqList: [param]}); +454 return o.getEncodedHex(); +455 }; +456 +457 /** +458 * parse OCSPResponse<br/> +459 * @name getOCSPResponseInfo +460 * @memberOf KJUR.asn1.ocsp.OCSPUtil +461 * @function +462 * @param {String} h hexadecimal string of DER OCSPResponse +463 * @return {Object} JSON object of parsed OCSPResponse +464 * @since jsrsasign 6.1.0 asn1ocsp 1.0.1 +465 * @description +466 * This static method parse a hexadecimal string of DER OCSPResponse and +467 * returns JSON object of its parsed result. +468 * Its result has following properties: +469 * <ul> +470 * <li>responseStatus - integer of responseStatus</li> +471 * <li>certStatus - string of certStatus (ex. good, revoked or unknown)</li> +472 * <li>thisUpdate - string of thisUpdate in Zulu(ex. 20151231235959Z)</li> +473 * <li>nextUpdate - string of nextUpdate in Zulu(ex. 20151231235959Z)</li> +474 * </ul> +475 * @example +476 * info = KJUR.asn1.ocsp.OCSPUtil.getOCSPResponseInfo("3082..."); +477 */ +478 KJUR.asn1.ocsp.OCSPUtil.getOCSPResponseInfo = function(h) { +479 var _ASN1HEX = ASN1HEX; +480 var _getVbyList = _ASN1HEX.getVbyList; +481 var _getIdxbyList = _ASN1HEX.getIdxbyList; +482 var _getVbyList = _ASN1HEX.getVbyList; +483 var _getV = _ASN1HEX.getV; +484 +485 var result = {}; +486 try { +487 var v = _getVbyList(h, 0, [0], "0a"); +488 result.responseStatus = parseInt(v, 16); +489 } catch(ex) {}; +490 if (result.responseStatus !== 0) return result; +491 +492 try { +493 // certStatus +494 var idxCertStatus = _getIdxbyList(h, 0, [1,0,1,0,0,2,0,1]); +495 if (h.substr(idxCertStatus, 2) === "80") { +496 result.certStatus = "good"; +497 } else if (h.substr(idxCertStatus, 2) === "a1") { +498 result.certStatus = "revoked"; +499 result.revocationTime = +500 hextoutf8(_getVbyList(h, idxCertStatus, [0])); +501 } else if (h.substr(idxCertStatus, 2) === "82") { +502 result.certStatus = "unknown"; +503 } +504 } catch (ex) {}; +505 +506 // thisUpdate +507 try { +508 var idxThisUpdate = _getIdxbyList(h, 0, [1,0,1,0,0,2,0,2]); +509 result.thisUpdate = hextoutf8(_getV(h, idxThisUpdate)); +510 } catch (ex) {}; +511 +512 // nextUpdate +513 try { +514 var idxEncapNextUpdate = _getIdxbyList(h, 0, [1,0,1,0,0,2,0,3]); +515 if (h.substr(idxEncapNextUpdate, 2) === "a0") { +516 result.nextUpdate = +517 hextoutf8(_getVbyList(h, idxEncapNextUpdate, [0])); +518 } +519 } catch (ex) {}; +520 +521 return result; +522 }; +523 +524
\ No newline at end of file diff --git a/api/symbols/src/asn1tsp-1.0.js.html b/api/symbols/src/asn1tsp-1.0.js.html index 45a9b410..4863fb62 100644 --- a/api/symbols/src/asn1tsp-1.0.js.html +++ b/api/symbols/src/asn1tsp-1.0.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
  1 /*! asn1tsp-1.0.2.js (c) 2014-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* asn1tsp-1.0.3.js (c) 2014-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * asn1tsp.js - ASN.1 DER encoder classes for RFC 3161 Time Stamp Protocol
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1tsp-1.0.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 7.2.0 asn1tsp 1.0.2 (2017-May-12)
+ 19  * @version jsrsasign 7.2.1 asn1tsp 1.0.3 (2017-Jun-03)
  20  * @since jsrsasign 4.5.1
  21  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -87,747 +87,819 @@
  80  *                                 micros: 500});
  81  */
  82 KJUR.asn1.tsp.Accuracy = function(params) {
- 83     KJUR.asn1.tsp.Accuracy.superclass.constructor.call(this);
- 84     var nA = KJUR.asn1;
- 85     this.seconds = null;
- 86     this.millis = null;
- 87     this.micros = null;
+ 83     var _KJUR = KJUR,
+ 84 	_KJUR_asn1 = _KJUR.asn1,
+ 85 	_DERInteger = _KJUR_asn1.DERInteger,
+ 86 	_DERSequence = _KJUR_asn1.DERSequence,
+ 87 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject;
  88 
- 89     this.getEncodedHex = function() {
- 90         var dSeconds = null;
- 91         var dTagMillis = null;
- 92         var dTagMicros = null;
- 93         
- 94         var a = [];
- 95         if (this.seconds != null) {
- 96             dSeconds = new nA.DERInteger({'int': this.seconds});
- 97             a.push(dSeconds);
- 98         }
- 99         if (this.millis != null) {
-100             var dMillis = new nA.DERInteger({'int': this.millis});
-101             dTagMillis = new nA.DERTaggedObject({obj: dMillis,
-102                                                  tag: '80',
-103                                                  explicit: false});
-104             a.push(dTagMillis);
-105         }
-106         if (this.micros != null) {
-107             var dMicros = new nA.DERInteger({'int': this.micros});
-108             dTagMicros = new nA.DERTaggedObject({obj: dMicros,
-109                                                  tag: '81',
-110                                                  explicit: false});
-111             a.push(dTagMicros);
-112         }
-113         var seq = new nA.DERSequence({array: a});
-114         this.hTLV = seq.getEncodedHex();
-115         return this.hTLV;
-116     };
-117 
-118     if (typeof params != "undefined") {
-119         if (typeof params.seconds == "number") this.seconds = params.seconds;
-120         if (typeof params.millis == "number") this.millis = params.millis;
-121         if (typeof params.micros == "number") this.micros = params.micros;
-122     }
-123 };
-124 YAHOO.lang.extend(KJUR.asn1.tsp.Accuracy, KJUR.asn1.ASN1Object);
-125 
-126 /**
-127  * class for TSP MessageImprint ASN.1 object
-128  * @name KJUR.asn1.tsp.MessageImprint
-129  * @class class for TSP MessageImprint ASN.1 object
-130  * @param {Array} params associative array of parameters
-131  * @extends KJUR.asn1.ASN1Object
-132  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
-133  * @description
-134  * <pre>
-135  * MessageImprint ::= SEQUENCE  {
-136  *      hashAlgorithm                AlgorithmIdentifier,
-137  *      hashedMessage                OCTET STRING  }
-138  * </pre>
-139  * @example
-140  * o = new KJUR.asn1.tsp.MessageImprint({hashAlg: 'sha1',
-141  *                                       hashValue: '1f3dea...'});
-142  */
-143 KJUR.asn1.tsp.MessageImprint = function(params) {
-144     KJUR.asn1.tsp.MessageImprint.superclass.constructor.call(this);
-145     var nA = KJUR.asn1;
-146     var nX = KJUR.asn1.x509;
-147     this.dHashAlg = null;
-148     this.dHashValue = null;
-149 
-150     this.getEncodedHex = function() {
-151         if (typeof this.hTLV == "string") return this.hTLV;
-152         var seq = 
-153             new nA.DERSequence({array: [this.dHashAlg, this.dHashValue]});
-154         return seq.getEncodedHex();
-155     };
+ 89     _KJUR_asn1.tsp.Accuracy.superclass.constructor.call(this);
+ 90 
+ 91     this.seconds = null;
+ 92     this.millis = null;
+ 93     this.micros = null;
+ 94 
+ 95     this.getEncodedHex = function() {
+ 96         var dSeconds = null;
+ 97         var dTagMillis = null;
+ 98         var dTagMicros = null;
+ 99         
+100         var a = [];
+101         if (this.seconds != null) {
+102             dSeconds = new _DERInteger({'int': this.seconds});
+103             a.push(dSeconds);
+104         }
+105         if (this.millis != null) {
+106             var dMillis = new _DERInteger({'int': this.millis});
+107             dTagMillis = new _DERTaggedObject({obj: dMillis,
+108                                                tag: '80',
+109                                                explicit: false});
+110             a.push(dTagMillis);
+111         }
+112         if (this.micros != null) {
+113             var dMicros = new _DERInteger({'int': this.micros});
+114             dTagMicros = new _DERTaggedObject({obj: dMicros,
+115                                                tag: '81',
+116                                                explicit: false});
+117             a.push(dTagMicros);
+118         }
+119         var seq = new _DERSequence({array: a});
+120         this.hTLV = seq.getEncodedHex();
+121         return this.hTLV;
+122     };
+123 
+124     if (params !== undefined) {
+125         if (typeof params.seconds == "number") this.seconds = params.seconds;
+126         if (typeof params.millis == "number") this.millis = params.millis;
+127         if (typeof params.micros == "number") this.micros = params.micros;
+128     }
+129 };
+130 YAHOO.lang.extend(KJUR.asn1.tsp.Accuracy, KJUR.asn1.ASN1Object);
+131 
+132 /**
+133  * class for TSP MessageImprint ASN.1 object
+134  * @name KJUR.asn1.tsp.MessageImprint
+135  * @class class for TSP MessageImprint ASN.1 object
+136  * @param {Array} params associative array of parameters
+137  * @extends KJUR.asn1.ASN1Object
+138  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
+139  * @description
+140  * <pre>
+141  * MessageImprint ::= SEQUENCE  {
+142  *      hashAlgorithm                AlgorithmIdentifier,
+143  *      hashedMessage                OCTET STRING  }
+144  * </pre>
+145  * @example
+146  * o = new KJUR.asn1.tsp.MessageImprint({hashAlg: 'sha1',
+147  *                                       hashValue: '1f3dea...'});
+148  */
+149 KJUR.asn1.tsp.MessageImprint = function(params) {
+150     var _KJUR = KJUR,
+151 	_KJUR_asn1 = _KJUR.asn1,
+152 	_DERSequence = _KJUR_asn1.DERSequence,
+153 	_DEROctetString = _KJUR_asn1.DEROctetString,
+154 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+155 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier;
 156 
-157     if (typeof params != "undefined") {
-158         if (typeof params.hashAlg == "string") {
-159             this.dHashAlg = new nX.AlgorithmIdentifier({name: params.hashAlg});
-160         } 
-161         if (typeof params.hashValue == "string") {
-162             this.dHashValue = new nA.DEROctetString({hex: params.hashValue});
-163         }
-164     }
-165 };
-166 YAHOO.lang.extend(KJUR.asn1.tsp.MessageImprint, KJUR.asn1.ASN1Object);
-167 
-168 /**
-169  * class for TSP TimeStampReq ASN.1 object
-170  * @name KJUR.asn1.tsp.TimeStampReq
-171  * @class class for TSP TimeStampReq ASN.1 object
-172  * @param {Array} params associative array of parameters
-173  * @extends KJUR.asn1.ASN1Object
-174  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
-175  * @description
-176  * <pre>
-177  * TimeStampReq ::= SEQUENCE  {
-178  *    version          INTEGER  { v1(1) },
-179  *    messageImprint   MessageImprint,
-180  *    reqPolicy        TSAPolicyId               OPTIONAL,
-181  *    nonce            INTEGER                   OPTIONAL,
-182  *    certReq          BOOLEAN                   DEFAULT FALSE,
-183  *    extensions       [0] IMPLICIT Extensions   OPTIONAL  }
-184  * </pre>
-185  */
-186 KJUR.asn1.tsp.TimeStampReq = function(params) {
-187     KJUR.asn1.tsp.TimeStampReq.superclass.constructor.call(this);
-188     var nA = KJUR.asn1;
-189     var nT = KJUR.asn1.tsp;
-190     this.dVersion = new nA.DERInteger({'int': 1});
-191     this.dMessageImprint = null;
-192     this.dPolicy = null;
-193     this.dNonce = null;
-194     this.certReq = true;
-195 
-196     this.setMessageImprint = function(params) {
-197         if (params instanceof KJUR.asn1.tsp.MessageImprint) {
-198             this.dMessageImprint = params;
-199             return;
-200         }
-201         if (typeof params == "object") {
-202             this.dMessageImprint = new nT.MessageImprint(params);
-203         }
-204     };
-205 
-206     this.getEncodedHex = function() {
-207         if (this.dMessageImprint == null)
-208             throw "messageImprint shall be specified";
+157     _KJUR_asn1.tsp.MessageImprint.superclass.constructor.call(this);
+158 
+159     this.dHashAlg = null;
+160     this.dHashValue = null;
+161 
+162     this.getEncodedHex = function() {
+163         if (typeof this.hTLV == "string") return this.hTLV;
+164         var seq = 
+165             new _DERSequence({array: [this.dHashAlg, this.dHashValue]});
+166         return seq.getEncodedHex();
+167     };
+168 
+169     if (params !== undefined) {
+170         if (typeof params.hashAlg == "string") {
+171             this.dHashAlg = new _AlgorithmIdentifier({name: params.hashAlg});
+172         } 
+173         if (typeof params.hashValue == "string") {
+174             this.dHashValue = new _DEROctetString({hex: params.hashValue});
+175         }
+176     }
+177 };
+178 YAHOO.lang.extend(KJUR.asn1.tsp.MessageImprint, KJUR.asn1.ASN1Object);
+179 
+180 /**
+181  * class for TSP TimeStampReq ASN.1 object
+182  * @name KJUR.asn1.tsp.TimeStampReq
+183  * @class class for TSP TimeStampReq ASN.1 object
+184  * @param {Array} params associative array of parameters
+185  * @extends KJUR.asn1.ASN1Object
+186  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
+187  * @description
+188  * <pre>
+189  * TimeStampReq ::= SEQUENCE  {
+190  *    version          INTEGER  { v1(1) },
+191  *    messageImprint   MessageImprint,
+192  *    reqPolicy        TSAPolicyId               OPTIONAL,
+193  *    nonce            INTEGER                   OPTIONAL,
+194  *    certReq          BOOLEAN                   DEFAULT FALSE,
+195  *    extensions       [0] IMPLICIT Extensions   OPTIONAL  }
+196  * </pre>
+197  */
+198 KJUR.asn1.tsp.TimeStampReq = function(params) {
+199     var _KJUR = KJUR,
+200 	_KJUR_asn1 = _KJUR.asn1,
+201 	_DERSequence = _KJUR_asn1.DERSequence,
+202 	_DERInteger = _KJUR_asn1.DERInteger,
+203 	_DERBoolean = _KJUR_asn1.DERBoolean,
+204 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
+205 	_KJUR_asn1_tsp = _KJUR_asn1.tsp,
+206 	_MessageImprint = _KJUR_asn1_tsp.MessageImprint;
+207 
+208     _KJUR_asn1_tsp.TimeStampReq.superclass.constructor.call(this);
 209 
-210         var a = [this.dVersion, this.dMessageImprint];
-211         if (this.dPolicy != null) a.push(this.dPolicy);
-212         if (this.dNonce != null)  a.push(this.dNonce);
-213         if (this.certReq)         a.push(new nA.DERBoolean());
-214 
-215         var seq = new nA.DERSequence({array: a});
-216         this.hTLV = seq.getEncodedHex();
-217         return this.hTLV;
-218     };
-219 
-220     if (typeof params != "undefined") {
-221         if (typeof params.mi == "object") {
-222             this.setMessageImprint(params.mi);
+210     this.dVersion = new _DERInteger({'int': 1});
+211     this.dMessageImprint = null;
+212     this.dPolicy = null;
+213     this.dNonce = null;
+214     this.certReq = true;
+215 
+216     this.setMessageImprint = function(params) {
+217         if (params instanceof _MessageImprint) {
+218             this.dMessageImprint = params;
+219             return;
+220         }
+221         if (typeof params == "object") {
+222             this.dMessageImprint = new _MessageImprint(params);
 223         }
-224         if (typeof params.policy == "object") {
-225             this.dPolicy = new nA.DERObjectIdentifier(params.policy);
-226         }
-227         if (typeof params.nonce == "object") {
-228             this.dNonce = new nA.DERInteger(params.nonce);
-229         }
-230         if (typeof params.certreq == "boolean") {
-231             this.certReq = params.certreq;
-232         }
-233     }
-234 };
-235 YAHOO.lang.extend(KJUR.asn1.tsp.TimeStampReq, KJUR.asn1.ASN1Object);
-236 
-237 /**
-238  * class for TSP TSTInfo ASN.1 object
-239  * @name KJUR.asn1.tsp.TSTInfo
-240  * @class class for TSP TSTInfo ASN.1 object
-241  * @param {Array} params associative array of parameters
-242  * @extends KJUR.asn1.ASN1Object
-243  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
-244  * @description
-245  * <pre>
-246  * TSTInfo ::= SEQUENCE  {
-247  *    version         INTEGER  { v1(1) },
-248  *    policy          TSAPolicyId,
-249  *    messageImprint  MessageImprint,
-250  *    serialNumber    INTEGER, -- up to 160bit
-251  *    genTime         GeneralizedTime,
-252  *    accuracy        Accuracy                 OPTIONAL,
-253  *    ordering        BOOLEAN                  DEFAULT FALSE,
-254  *    nonce           INTEGER                  OPTIONAL,
-255  *    tsa             [0] GeneralName          OPTIONAL,
-256  *    extensions      [1] IMPLICIT Extensions  OPTIONAL   }
-257  * </pre>
-258  * @example
-259  * o = new KJUR.asn1.tsp.TSTInfo({
-260  *     policy:    '1.2.3.4.5',
-261  *     messageImprint: {hashAlg: 'sha256', hashMsgHex: '1abc...'},
-262  *     genTime:   {withMillis: true},     // OPTION
-263  *     accuracy:  {micros: 500},          // OPTION
-264  *     ordering:  true,                   // OPITON
-265  *     nonce:     {hex: '52fab1...'},     // OPTION
-266  *     tsa:       {str: '/C=US/O=TSA1'}   // OPITON
-267  * });
-268  */
-269 KJUR.asn1.tsp.TSTInfo = function(params) {
-270     KJUR.asn1.tsp.TSTInfo.superclass.constructor.call(this);
-271     var nA = KJUR.asn1;
-272     var nX = KJUR.asn1.x509;
-273     var nT = KJUR.asn1.tsp;
-274 
-275     this.dVersion = new nA.DERInteger({'int': 1});
-276     this.dPolicy = null;
-277     this.dMessageImprint = null;
-278     this.dSerialNumber = null;
-279     this.dGenTime = null;
-280     this.dAccuracy = null;
-281     this.dOrdering = null;
-282     this.dNonce = null;
-283     this.dTsa = null;
-284 
-285     this.getEncodedHex = function() {
-286         var a = [this.dVersion];
-287 
-288         if (this.dPolicy == null) throw "policy shall be specified.";
-289         a.push(this.dPolicy);
-290 
-291         if (this.dMessageImprint == null)
-292             throw "messageImprint shall be specified.";
-293         a.push(this.dMessageImprint);
-294 
-295         if (this.dSerialNumber == null)
-296             throw "serialNumber shall be specified.";
-297         a.push(this.dSerialNumber);
-298 
-299         if (this.dGenTime == null)
-300             throw "genTime shall be specified.";
-301         a.push(this.dGenTime);
-302 
-303         if (this.dAccuracy != null) a.push(this.dAccuracy);
-304         if (this.dOrdering != null) a.push(this.dOrdering);
-305         if (this.dNonce != null) a.push(this.dNonce);
-306         if (this.dTsa != null) a.push(this.dTsa);
-307 
-308         var seq = new nA.DERSequence({array: a});
-309         this.hTLV = seq.getEncodedHex();
-310         return this.hTLV;
-311     };
-312 
-313     if (typeof params != "undefined") {
-314         if (typeof params.policy == "string") {
-315             if (! params.policy.match(/^[0-9.]+$/))
-316                 throw "policy shall be oid like 0.1.4.134";
-317             this.dPolicy = new nA.DERObjectIdentifier({oid: params.policy});
-318         }
-319         if (typeof params.messageImprint != "undefined") {
-320             this.dMessageImprint = new nT.MessageImprint(params.messageImprint);
-321         }
-322         if (typeof params.serialNumber != "undefined") {
-323             this.dSerialNumber = new nA.DERInteger(params.serialNumber);
-324         }
-325         if (typeof params.genTime != "undefined") {
-326             this.dGenTime = new nA.DERGeneralizedTime(params.genTime);
-327         }
-328         if (typeof params.accuracy != "undefind") {
-329             this.dAccuracy = new nT.Accuracy(params.accuracy);
-330         }
-331         if (typeof params.ordering != "undefined" &&
-332             params.ordering == true) {
-333             this.dOrdering = new nA.DERBoolean();
-334         }
-335         if (typeof params.nonce != "undefined") {
-336             this.dNonce = new nA.DERInteger(params.nonce);
-337         }
-338         if (typeof params.tsa != "undefined") {
-339             this.dTsa = new nX.X500Name(params.tsa);
-340         }
-341     }
-342 };
-343 YAHOO.lang.extend(KJUR.asn1.tsp.TSTInfo, KJUR.asn1.ASN1Object);
-344 
-345 /**
-346  * class for TSP TimeStampResp ASN.1 object
-347  * @name KJUR.asn1.tsp.TimeStampResp
-348  * @class class for TSP TimeStampResp ASN.1 object
-349  * @param {Array} params associative array of parameters
-350  * @extends KJUR.asn1.ASN1Object
-351  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
-352  * @description
-353  * <pre>
-354  * TimeStampResp ::= SEQUENCE  {
-355  *    status                  PKIStatusInfo,
-356  *    timeStampToken          TimeStampToken     OPTIONAL  }
-357  * </pre>
-358  */
-359 KJUR.asn1.tsp.TimeStampResp = function(params) {
-360     KJUR.asn1.tsp.TimeStampResp.superclass.constructor.call(this);
-361     var nA = KJUR.asn1;
-362     var nT = KJUR.asn1.tsp;
-363     this.dStatus = null;
-364     this.dTST = null;
-365 
-366     this.getEncodedHex = function() {
-367         if (this.dStatus == null)
-368             throw "status shall be specified";
-369         var a = [this.dStatus];
-370         if (this.dTST != null) a.push(this.dTST);
-371         var seq = new nA.DERSequence({array: a});
-372         this.hTLV = seq.getEncodedHex();
-373         return this.hTLV;
-374     };
-375 
-376     if (typeof params != "undefined") {
-377         if (typeof params.status == "object") {
-378             this.dStatus = new nT.PKIStatusInfo(params.status);
-379         }
-380         if (typeof params.tst != "undefined" &&
-381             params.tst instanceof KJUR.asn1.ASN1Object) {
-382             this.dTST = params.tst.getContentInfo();
-383         }
-384     }
-385 };
-386 YAHOO.lang.extend(KJUR.asn1.tsp.TimeStampResp, KJUR.asn1.ASN1Object);
-387 
-388 // --- BEGIN OF RFC 2510 CMP -----------------------------------------------
-389 
-390 /**
-391  * class for TSP PKIStatusInfo ASN.1 object
-392  * @name KJUR.asn1.tsp.PKIStatusInfo
-393  * @class class for TSP PKIStatusInfo ASN.1 object
-394  * @param {Array} params associative array of parameters
-395  * @extends KJUR.asn1.ASN1Object
-396  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
-397  * @description
-398  * <pre>
-399  * PKIStatusInfo ::= SEQUENCE {
-400  *    status                  PKIStatus,
-401  *    statusString            PKIFreeText     OPTIONAL,
-402  *    failInfo                PKIFailureInfo  OPTIONAL  }
-403  * </pre>
-404  */
-405 KJUR.asn1.tsp.PKIStatusInfo = function(params) {
-406     KJUR.asn1.tsp.PKIStatusInfo.superclass.constructor.call(this);
-407     var nA = KJUR.asn1;
-408     var nT = KJUR.asn1.tsp;
-409     this.dStatus = null;
-410     this.dStatusString = null;
-411     this.dFailureInfo = null;
-412 
-413     this.getEncodedHex = function() {
-414         if (this.dStatus == null)
-415             throw "status shall be specified";
-416         var a = [this.dStatus];
-417         if (this.dStatusString != null) a.push(this.dStatusString);
-418         if (this.dFailureInfo != null) a.push(this.dFailureInfo);
-419         var seq = new nA.DERSequence({array: a});
-420         this.hTLV = seq.getEncodedHex();
-421         return this.hTLV;
-422     };
-423 
-424     if (typeof params != "undefined") {
-425         if (typeof params.status == "object") { // param for int
-426             this.dStatus = new nT.PKIStatus(params.status);
-427         }
-428         if (typeof params.statstr == "object") { // array of str
-429             this.dStatusString = 
-430                 new nT.PKIFreeText({array: params.statstr});
-431         }
-432         if (typeof params.failinfo == "object") {
-433             this.dFailureInfo = 
-434                 new nT.PKIFailureInfo(params.failinfo); // param for bitstr
-435         }
-436     };
-437 };
-438 YAHOO.lang.extend(KJUR.asn1.tsp.PKIStatusInfo, KJUR.asn1.ASN1Object);
-439 
-440 /**
-441  * class for TSP PKIStatus ASN.1 object
-442  * @name KJUR.asn1.tsp.PKIStatus
-443  * @class class for TSP PKIStatus ASN.1 object
-444  * @param {Array} params associative array of parameters
-445  * @extends KJUR.asn1.ASN1Object
-446  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
-447  * @description
-448  * <pre>
-449  * PKIStatus ::= INTEGER {
-450  *    granted                (0),
-451  *    grantedWithMods        (1),
-452  *    rejection              (2),
-453  *    waiting                (3),
-454  *    revocationWarning      (4),
-455  *    revocationNotification (5) }
-456  * </pre>
-457  */
-458 KJUR.asn1.tsp.PKIStatus = function(params) {
-459     KJUR.asn1.tsp.PKIStatus.superclass.constructor.call(this);
-460     var nA = KJUR.asn1;
-461     var nT = KJUR.asn1.tsp;
-462     var dStatus = null;
-463 
-464     this.getEncodedHex = function() {
-465         this.hTLV = this.dStatus.getEncodedHex();
-466         return this.hTLV;
-467     };
-468 
-469     if (typeof params != "undefined") {
-470         if (typeof params.name != "undefined") {
-471             var list = nT.PKIStatus.valueList;
-472             if (typeof list[params.name] == "undefined")
-473                 throw "name undefined: " + params.name;
-474             this.dStatus = 
-475                 new nA.DERInteger({'int': list[params.name]});
-476         } else {
-477             this.dStatus = new nA.DERInteger(params);
-478         }
-479     }
-480 };
-481 YAHOO.lang.extend(KJUR.asn1.tsp.PKIStatus, KJUR.asn1.ASN1Object);
-482 
-483 KJUR.asn1.tsp.PKIStatus.valueList = {
-484     granted:                0,
-485     grantedWithMods:        1,
-486     rejection:              2,
-487     waiting:                3,
-488     revocationWarning:      4,
-489     revocationNotification: 5
-490 };
-491 
-492 /**
-493  * class for TSP PKIFreeText ASN.1 object
-494  * @name KJUR.asn1.tsp.PKIFreeText
-495  * @class class for TSP PKIFreeText ASN.1 object
-496  * @param {Array} params associative array of parameters
-497  * @extends KJUR.asn1.ASN1Object
-498  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
-499  * @description
-500  * <pre>
-501  * PKIFreeText ::= SEQUENCE {
-502  *    SIZE (1..MAX) OF UTF8String }
-503  * </pre>
-504  */
-505 KJUR.asn1.tsp.PKIFreeText = function(params) {
-506     KJUR.asn1.tsp.PKIFreeText.superclass.constructor.call(this);
-507     var nA = KJUR.asn1;
-508     this.textList = [];
-509 
-510     this.getEncodedHex = function() {
-511         var a = [];
-512         for (var i = 0; i < this.textList.length; i++) {
-513             a.push(new nA.DERUTF8String({str: this.textList[i]}));
-514         }
-515         var seq = new nA.DERSequence({array: a});
-516         this.hTLV = seq.getEncodedHex();
-517         return this.hTLV;
-518     };
-519 
-520     if (typeof params != "undefined") {
-521         if (typeof params.array == "object") {
-522             this.textList = params.array;
-523         }
-524     }
-525 };
-526 YAHOO.lang.extend(KJUR.asn1.tsp.PKIFreeText, KJUR.asn1.ASN1Object);
-527 
-528 /**
-529  * class for TSP PKIFailureInfo ASN.1 object
-530  * @name KJUR.asn1.tsp.PKIFailureInfo
-531  * @class class for TSP PKIFailureInfo ASN.1 object
-532  * @param {Array} params associative array of parameters
-533  * @extends KJUR.asn1.ASN1Object
-534  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
-535  * @description
-536  * <pre>
-537  * PKIFailureInfo ::= BIT STRING {
-538  *    badAlg                 (0),
-539  *    badRequest             (2),
-540  *    badDataFormat          (5),
-541  *    timeNotAvailable       (14),
-542  *    unacceptedPolicy       (15),
-543  *    unacceptedExtension    (16),
-544  *    addInfoNotAvailable    (17),
-545  *    systemFailure          (25) }
-546  * </pre>
-547  */
-548 KJUR.asn1.tsp.PKIFailureInfo = function(params) {
-549     KJUR.asn1.tsp.PKIFailureInfo.superclass.constructor.call(this);
-550     var nA = KJUR.asn1;
-551     var nT = KJUR.asn1.tsp;
-552     this.value = null;
-553 
-554     this.getEncodedHex = function() {
-555         if (this.value == null)
-556             throw "value shall be specified";
-557         var binValue = new Number(this.value).toString(2);
-558         var dValue = new nA.DERBitString();
-559         dValue.setByBinaryString(binValue);
-560         this.hTLV = dValue.getEncodedHex();
-561         return this.hTLV;
-562     };
-563 
-564     if (typeof params != "undefined") {
-565         if (typeof params.name == "string") {
-566             var list = nT.PKIFailureInfo.valueList;
-567             if (typeof list[params.name] == "undefined")
-568                 throw "name undefined: " + params.name;
-569             this.value = list[params.name];
-570         } else if (typeof params['int'] == "number") {
-571             this.value = params['int'];
-572         }
-573     }
-574 };
-575 YAHOO.lang.extend(KJUR.asn1.tsp.PKIFailureInfo, KJUR.asn1.ASN1Object);
-576 
-577 KJUR.asn1.tsp.PKIFailureInfo.valueList = {
-578     badAlg:                 0,
-579     badRequest:             2,
-580     badDataFormat:          5,
-581     timeNotAvailable:       14,
-582     unacceptedPolicy:       15,
-583     unacceptedExtension:    16,
-584     addInfoNotAvailable:    17,
-585     systemFailure:          25
-586 };
-587 
-588 // --- END OF RFC 2510 CMP -------------------------------------------
-589 
-590 /**
-591  * abstract class for TimeStampToken generator
-592  * @name KJUR.asn1.tsp.AbstractTSAAdapter
-593  * @class abstract class for TimeStampToken generator
-594  * @param {Array} params associative array of parameters
-595  * @since jsrsasign 4.7.0 asn1tsp 1.0.1
-596  * @description
-597  */
-598 KJUR.asn1.tsp.AbstractTSAAdapter = function(params) {
-599     this.getTSTHex = function(msgHex, hashAlg) {
-600         throw "not implemented yet";
-601     };
-602 };
-603 
-604 /**
-605  * class for simple TimeStampToken generator
-606  * @name KJUR.asn1.tsp.SimpleTSAAdapter
-607  * @class class for simple TimeStampToken generator
-608  * @param {Array} params associative array of parameters
-609  * @since jsrsasign 4.7.0 asn1tsp 1.0.1
-610  * @description
-611  */
-612 KJUR.asn1.tsp.SimpleTSAAdapter = function(initParams) {
-613     KJUR.asn1.tsp.SimpleTSAAdapter.superclass.constructor.call(this);
-614     this.params = null;
-615     this.serial = 0;
-616 
-617     this.getTSTHex = function(msgHex, hashAlg) {
-618         // messageImprint
-619         var hashHex = KJUR.crypto.Util.hashHex(msgHex, hashAlg);
-620         this.params.tstInfo.messageImprint =
-621             {hashAlg: hashAlg, hashValue: hashHex};
-622 
-623         // serial
-624         this.params.tstInfo.serialNumber = {'int': this.serial++};
-625 
-626         // nonce
-627         var nonceValue = Math.floor(Math.random() * 1000000000);
-628         this.params.tstInfo.nonce = {'int': nonceValue};
-629 
-630         var obj = 
-631             KJUR.asn1.tsp.TSPUtil.newTimeStampToken(this.params);
-632         return obj.getContentInfoEncodedHex();
-633     };
+224     };
+225 
+226     this.getEncodedHex = function() {
+227         if (this.dMessageImprint == null)
+228             throw "messageImprint shall be specified";
+229 
+230         var a = [this.dVersion, this.dMessageImprint];
+231         if (this.dPolicy != null) a.push(this.dPolicy);
+232         if (this.dNonce != null)  a.push(this.dNonce);
+233         if (this.certReq)         a.push(new _DERBoolean());
+234 
+235         var seq = new _DERSequence({array: a});
+236         this.hTLV = seq.getEncodedHex();
+237         return this.hTLV;
+238     };
+239 
+240     if (params !== undefined) {
+241         if (typeof params.mi == "object") {
+242             this.setMessageImprint(params.mi);
+243         }
+244         if (typeof params.policy == "object") {
+245             this.dPolicy = new _DERObjectIdentifier(params.policy);
+246         }
+247         if (typeof params.nonce == "object") {
+248             this.dNonce = new _DERInteger(params.nonce);
+249         }
+250         if (typeof params.certreq == "boolean") {
+251             this.certReq = params.certreq;
+252         }
+253     }
+254 };
+255 YAHOO.lang.extend(KJUR.asn1.tsp.TimeStampReq, KJUR.asn1.ASN1Object);
+256 
+257 /**
+258  * class for TSP TSTInfo ASN.1 object
+259  * @name KJUR.asn1.tsp.TSTInfo
+260  * @class class for TSP TSTInfo ASN.1 object
+261  * @param {Array} params associative array of parameters
+262  * @extends KJUR.asn1.ASN1Object
+263  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
+264  * @description
+265  * <pre>
+266  * TSTInfo ::= SEQUENCE  {
+267  *    version         INTEGER  { v1(1) },
+268  *    policy          TSAPolicyId,
+269  *    messageImprint  MessageImprint,
+270  *    serialNumber    INTEGER, -- up to 160bit
+271  *    genTime         GeneralizedTime,
+272  *    accuracy        Accuracy                 OPTIONAL,
+273  *    ordering        BOOLEAN                  DEFAULT FALSE,
+274  *    nonce           INTEGER                  OPTIONAL,
+275  *    tsa             [0] GeneralName          OPTIONAL,
+276  *    extensions      [1] IMPLICIT Extensions  OPTIONAL   }
+277  * </pre>
+278  * @example
+279  * o = new KJUR.asn1.tsp.TSTInfo({
+280  *     policy:    '1.2.3.4.5',
+281  *     messageImprint: {hashAlg: 'sha256', hashMsgHex: '1abc...'},
+282  *     genTime:   {withMillis: true},     // OPTION
+283  *     accuracy:  {micros: 500},          // OPTION
+284  *     ordering:  true,                   // OPITON
+285  *     nonce:     {hex: '52fab1...'},     // OPTION
+286  *     tsa:       {str: '/C=US/O=TSA1'}   // OPITON
+287  * });
+288  */
+289 KJUR.asn1.tsp.TSTInfo = function(params) {
+290     var _KJUR = KJUR,
+291 	_KJUR_asn1 = _KJUR.asn1,
+292 	_DERSequence = _KJUR_asn1.DERSequence,
+293 	_DERInteger = _KJUR_asn1.DERInteger,
+294 	_DERBoolean = _KJUR_asn1.DERBoolean,
+295 	_DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime,
+296 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
+297 	_KJUR_asn1_tsp = _KJUR_asn1.tsp,
+298 	_MessageImprint = _KJUR_asn1_tsp.MessageImprint,
+299 	_Accuracy = _KJUR_asn1_tsp.Accuracy,
+300         _X500Name = _KJUR_asn1.x509.X500Name;
+301 
+302     _KJUR_asn1_tsp.TSTInfo.superclass.constructor.call(this);
+303 
+304     this.dVersion = new _DERInteger({'int': 1});
+305     this.dPolicy = null;
+306     this.dMessageImprint = null;
+307     this.dSerialNumber = null;
+308     this.dGenTime = null;
+309     this.dAccuracy = null;
+310     this.dOrdering = null;
+311     this.dNonce = null;
+312     this.dTsa = null;
+313 
+314     this.getEncodedHex = function() {
+315         var a = [this.dVersion];
+316 
+317         if (this.dPolicy == null) throw "policy shall be specified.";
+318         a.push(this.dPolicy);
+319 
+320         if (this.dMessageImprint == null)
+321             throw "messageImprint shall be specified.";
+322         a.push(this.dMessageImprint);
+323 
+324         if (this.dSerialNumber == null)
+325             throw "serialNumber shall be specified.";
+326         a.push(this.dSerialNumber);
+327 
+328         if (this.dGenTime == null)
+329             throw "genTime shall be specified.";
+330         a.push(this.dGenTime);
+331 
+332         if (this.dAccuracy != null) a.push(this.dAccuracy);
+333         if (this.dOrdering != null) a.push(this.dOrdering);
+334         if (this.dNonce != null) a.push(this.dNonce);
+335         if (this.dTsa != null) a.push(this.dTsa);
+336 
+337         var seq = new _DERSequence({array: a});
+338         this.hTLV = seq.getEncodedHex();
+339         return this.hTLV;
+340     };
+341 
+342     if (params !== undefined) {
+343         if (typeof params.policy == "string") {
+344             if (! params.policy.match(/^[0-9.]+$/))
+345                 throw "policy shall be oid like 0.1.4.134";
+346             this.dPolicy = new _DERObjectIdentifier({oid: params.policy});
+347         }
+348         if (params.messageImprint !== undefined) {
+349             this.dMessageImprint = new _MessageImprint(params.messageImprint);
+350         }
+351         if (params.serialNumber !== undefined) {
+352             this.dSerialNumber = new _DERInteger(params.serialNumber);
+353         }
+354         if (params.genTime !== undefined) {
+355             this.dGenTime = new _DERGeneralizedTime(params.genTime);
+356         }
+357         if (params.accuracy !== undefined) {
+358             this.dAccuracy = new _Accuracy(params.accuracy);
+359         }
+360         if (params.ordering !== undefined &&
+361             params.ordering == true) {
+362             this.dOrdering = new _DERBoolean();
+363         }
+364         if (params.nonce !== undefined) {
+365             this.dNonce = new _DERInteger(params.nonce);
+366         }
+367         if (params.tsa !== undefined) {
+368             this.dTsa = new _X500Name(params.tsa);
+369         }
+370     }
+371 };
+372 YAHOO.lang.extend(KJUR.asn1.tsp.TSTInfo, KJUR.asn1.ASN1Object);
+373 
+374 /**
+375  * class for TSP TimeStampResp ASN.1 object
+376  * @name KJUR.asn1.tsp.TimeStampResp
+377  * @class class for TSP TimeStampResp ASN.1 object
+378  * @param {Array} params associative array of parameters
+379  * @extends KJUR.asn1.ASN1Object
+380  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
+381  * @description
+382  * <pre>
+383  * TimeStampResp ::= SEQUENCE  {
+384  *    status                  PKIStatusInfo,
+385  *    timeStampToken          TimeStampToken     OPTIONAL  }
+386  * </pre>
+387  */
+388 KJUR.asn1.tsp.TimeStampResp = function(params) {
+389     var _KJUR = KJUR,
+390 	_KJUR_asn1 = _KJUR.asn1,
+391 	_DERSequence = _KJUR_asn1.DERSequence,
+392 	_ASN1Object = _KJUR_asn1.ASN1Object,
+393 	_KJUR_asn1_tsp = _KJUR_asn1.tsp,
+394 	_PKIStatusInfo = _KJUR_asn1_tsp.PKIStatusInfo;
+395 
+396     _KJUR_asn1_tsp.TimeStampResp.superclass.constructor.call(this);
+397 
+398     this.dStatus = null;
+399     this.dTST = null;
+400 
+401     this.getEncodedHex = function() {
+402         if (this.dStatus == null)
+403             throw "status shall be specified";
+404         var a = [this.dStatus];
+405         if (this.dTST != null) a.push(this.dTST);
+406         var seq = new _DERSequence({array: a});
+407         this.hTLV = seq.getEncodedHex();
+408         return this.hTLV;
+409     };
+410 
+411     if (params !== undefined) {
+412         if (typeof params.status == "object") {
+413             this.dStatus = new _PKIStatusInfo(params.status);
+414         }
+415         if (params.tst !== undefined &&
+416             params.tst instanceof _ASN1Object) {
+417             this.dTST = params.tst.getContentInfo();
+418         }
+419     }
+420 };
+421 YAHOO.lang.extend(KJUR.asn1.tsp.TimeStampResp, KJUR.asn1.ASN1Object);
+422 
+423 // --- BEGIN OF RFC 2510 CMP -----------------------------------------------
+424 
+425 /**
+426  * class for TSP PKIStatusInfo ASN.1 object
+427  * @name KJUR.asn1.tsp.PKIStatusInfo
+428  * @class class for TSP PKIStatusInfo ASN.1 object
+429  * @param {Array} params associative array of parameters
+430  * @extends KJUR.asn1.ASN1Object
+431  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
+432  * @description
+433  * <pre>
+434  * PKIStatusInfo ::= SEQUENCE {
+435  *    status                  PKIStatus,
+436  *    statusString            PKIFreeText     OPTIONAL,
+437  *    failInfo                PKIFailureInfo  OPTIONAL  }
+438  * </pre>
+439  */
+440 KJUR.asn1.tsp.PKIStatusInfo = function(params) {
+441     var _KJUR = KJUR,
+442 	_KJUR_asn1 = _KJUR.asn1,
+443 	_DERSequence = _KJUR_asn1.DERSequence,
+444 	_KJUR_asn1_tsp = _KJUR_asn1.tsp,
+445 	_PKIStatus = _KJUR_asn1_tsp.PKIStatus,
+446 	_PKIFreeText = _KJUR_asn1_tsp.PKIFreeText,
+447 	_PKIFailureInfo = _KJUR_asn1_tsp.PKIFailureInfo;
+448 
+449     _KJUR_asn1_tsp.PKIStatusInfo.superclass.constructor.call(this);
+450 
+451     this.dStatus = null;
+452     this.dStatusString = null;
+453     this.dFailureInfo = null;
+454 
+455     this.getEncodedHex = function() {
+456         if (this.dStatus == null)
+457             throw "status shall be specified";
+458         var a = [this.dStatus];
+459         if (this.dStatusString != null) a.push(this.dStatusString);
+460         if (this.dFailureInfo != null) a.push(this.dFailureInfo);
+461         var seq = new _DERSequence({array: a});
+462         this.hTLV = seq.getEncodedHex();
+463         return this.hTLV;
+464     };
+465 
+466     if (params !== undefined) {
+467         if (typeof params.status == "object") { // param for int
+468             this.dStatus = new _PKIStatus(params.status);
+469         }
+470         if (typeof params.statstr == "object") { // array of str
+471             this.dStatusString = 
+472                 new _PKIFreeText({array: params.statstr});
+473         }
+474         if (typeof params.failinfo == "object") {
+475             this.dFailureInfo = 
+476                 new _PKIFailureInfo(params.failinfo); // param for bitstr
+477         }
+478     };
+479 };
+480 YAHOO.lang.extend(KJUR.asn1.tsp.PKIStatusInfo, KJUR.asn1.ASN1Object);
+481 
+482 /**
+483  * class for TSP PKIStatus ASN.1 object
+484  * @name KJUR.asn1.tsp.PKIStatus
+485  * @class class for TSP PKIStatus ASN.1 object
+486  * @param {Array} params associative array of parameters
+487  * @extends KJUR.asn1.ASN1Object
+488  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
+489  * @description
+490  * <pre>
+491  * PKIStatus ::= INTEGER {
+492  *    granted                (0),
+493  *    grantedWithMods        (1),
+494  *    rejection              (2),
+495  *    waiting                (3),
+496  *    revocationWarning      (4),
+497  *    revocationNotification (5) }
+498  * </pre>
+499  */
+500 KJUR.asn1.tsp.PKIStatus = function(params) {
+501     var _KJUR = KJUR,
+502 	_KJUR_asn1 = _KJUR.asn1,
+503 	_DERInteger = _KJUR_asn1.DERInteger,
+504 	_KJUR_asn1_tsp = _KJUR_asn1.tsp,
+505 	_PKIStatus = _KJUR_asn1_tsp.PKIStatus;
+506 
+507     _KJUR_asn1_tsp.PKIStatus.superclass.constructor.call(this);
+508 
+509     var dStatus = null;
+510 
+511     this.getEncodedHex = function() {
+512         this.hTLV = this.dStatus.getEncodedHex();
+513         return this.hTLV;
+514     };
+515 
+516     if (params !== undefined) {
+517         if (params.name !== undefined) {
+518             var list = _PKIStatus.valueList;
+519             if (list[params.name] === undefined)
+520                 throw "name undefined: " + params.name;
+521             this.dStatus = 
+522                 new _DERInteger({'int': list[params.name]});
+523         } else {
+524             this.dStatus = new _DERInteger(params);
+525         }
+526     }
+527 };
+528 YAHOO.lang.extend(KJUR.asn1.tsp.PKIStatus, KJUR.asn1.ASN1Object);
+529 
+530 KJUR.asn1.tsp.PKIStatus.valueList = {
+531     granted:                0,
+532     grantedWithMods:        1,
+533     rejection:              2,
+534     waiting:                3,
+535     revocationWarning:      4,
+536     revocationNotification: 5
+537 };
+538 
+539 /**
+540  * class for TSP PKIFreeText ASN.1 object
+541  * @name KJUR.asn1.tsp.PKIFreeText
+542  * @class class for TSP PKIFreeText ASN.1 object
+543  * @param {Array} params associative array of parameters
+544  * @extends KJUR.asn1.ASN1Object
+545  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
+546  * @description
+547  * <pre>
+548  * PKIFreeText ::= SEQUENCE {
+549  *    SIZE (1..MAX) OF UTF8String }
+550  * </pre>
+551  */
+552 KJUR.asn1.tsp.PKIFreeText = function(params) {
+553     var _KJUR = KJUR,
+554 	_KJUR_asn1 = _KJUR.asn1,
+555 	_DERSequence = _KJUR_asn1.DERSequence,
+556 	_DERUTF8String = _KJUR_asn1.DERUTF8String,
+557 	_KJUR_asn1_tsp = _KJUR_asn1.tsp;
+558 
+559     _KJUR_asn1_tsp.PKIFreeText.superclass.constructor.call(this);
+560 
+561     this.textList = [];
+562 
+563     this.getEncodedHex = function() {
+564         var a = [];
+565         for (var i = 0; i < this.textList.length; i++) {
+566             a.push(new _DERUTF8String({str: this.textList[i]}));
+567         }
+568         var seq = new _DERSequence({array: a});
+569         this.hTLV = seq.getEncodedHex();
+570         return this.hTLV;
+571     };
+572 
+573     if (params !== undefined) {
+574         if (typeof params.array == "object") {
+575             this.textList = params.array;
+576         }
+577     }
+578 };
+579 YAHOO.lang.extend(KJUR.asn1.tsp.PKIFreeText, KJUR.asn1.ASN1Object);
+580 
+581 /**
+582  * class for TSP PKIFailureInfo ASN.1 object
+583  * @name KJUR.asn1.tsp.PKIFailureInfo
+584  * @class class for TSP PKIFailureInfo ASN.1 object
+585  * @param {Array} params associative array of parameters
+586  * @extends KJUR.asn1.ASN1Object
+587  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
+588  * @description
+589  * <pre>
+590  * PKIFailureInfo ::= BIT STRING {
+591  *    badAlg                 (0),
+592  *    badRequest             (2),
+593  *    badDataFormat          (5),
+594  *    timeNotAvailable       (14),
+595  *    unacceptedPolicy       (15),
+596  *    unacceptedExtension    (16),
+597  *    addInfoNotAvailable    (17),
+598  *    systemFailure          (25) }
+599  * </pre>
+600  */
+601 KJUR.asn1.tsp.PKIFailureInfo = function(params) {
+602     var _KJUR = KJUR,
+603 	_KJUR_asn1 = _KJUR.asn1,
+604 	_DERBitString = _KJUR_asn1.DERBitString,
+605 	_KJUR_asn1_tsp = _KJUR_asn1.tsp,
+606 	_PKIFailureInfo = _KJUR_asn1_tsp.PKIFailureInfo;
+607 
+608     _PKIFailureInfo.superclass.constructor.call(this);
+609 
+610     this.value = null;
+611 
+612     this.getEncodedHex = function() {
+613         if (this.value == null)
+614             throw "value shall be specified";
+615         var binValue = new Number(this.value).toString(2);
+616         var dValue = new _DERBitString();
+617         dValue.setByBinaryString(binValue);
+618         this.hTLV = dValue.getEncodedHex();
+619         return this.hTLV;
+620     };
+621 
+622     if (params !== undefined) {
+623         if (typeof params.name == "string") {
+624             var list = _PKIFailureInfo.valueList;
+625             if (list[params.name] === undefined)
+626                 throw "name undefined: " + params.name;
+627             this.value = list[params.name];
+628         } else if (typeof params['int'] == "number") {
+629             this.value = params['int'];
+630         }
+631     }
+632 };
+633 YAHOO.lang.extend(KJUR.asn1.tsp.PKIFailureInfo, KJUR.asn1.ASN1Object);
 634 
-635     if (typeof initParams != "undefined") {
-636         this.params = initParams;
-637     }
-638 };
-639 YAHOO.lang.extend(KJUR.asn1.tsp.SimpleTSAAdapter,
-640                   KJUR.asn1.tsp.AbstractTSAAdapter);
-641 
-642 /**
-643  * class for fixed TimeStampToken generator
-644  * @name KJUR.asn1.tsp.FixedTSAAdapter
-645  * @class class for fixed TimeStampToken generator
-646  * @param {Array} params associative array of parameters
-647  * @since jsrsasign 4.7.0 asn1tsp 1.0.1
-648  * @description
-649  * This class generates fixed TimeStampToken except messageImprint
-650  * for testing purpose.
-651  * General TSA generates TimeStampToken which varies following
-652  * fields:
-653  * <ul>
-654  * <li>genTime</li>
-655  * <li>serialNumber</li>
-656  * <li>nonce</li>
-657  * </ul>
-658  * Those values are provided by initial parameters.
-659  */
-660 KJUR.asn1.tsp.FixedTSAAdapter = function(initParams) {
-661     KJUR.asn1.tsp.FixedTSAAdapter.superclass.constructor.call(this);
-662     this.params = null;
-663 
-664     this.getTSTHex = function(msgHex, hashAlg) {
-665         // fixed serialNumber
-666         // fixed nonce        
-667         var hashHex = KJUR.crypto.Util.hashHex(msgHex, hashAlg);
-668         this.params.tstInfo.messageImprint =
-669             {hashAlg: hashAlg, hashValue: hashHex};
-670         var obj = 
-671             KJUR.asn1.tsp.TSPUtil.newTimeStampToken(this.params);
-672         return obj.getContentInfoEncodedHex();
-673     };
-674 
-675     if (typeof initParams != "undefined") {
-676         this.params = initParams;
-677     }
-678 };
-679 YAHOO.lang.extend(KJUR.asn1.tsp.FixedTSAAdapter,
-680                   KJUR.asn1.tsp.AbstractTSAAdapter);
-681 
-682 // --- TSP utilities -------------------------------------------------
-683 
-684 /**
-685  * TSP utiliteis class
-686  * @name KJUR.asn1.tsp.TSPUtil
-687  * @class TSP utilities class
-688  */
-689 KJUR.asn1.tsp.TSPUtil = new function() {
-690 };
-691 /**
-692  * generate TimeStampToken ASN.1 object specified by JSON parameters
-693  * @name newTimeStampToken
-694  * @memberOf KJUR.asn1.tsp.TSPUtil
-695  * @function
-696  * @param {Array} param JSON parameter to generate TimeStampToken
-697  * @return {KJUR.asn1.cms.SignedData} object just generated
-698  * @description
-699  * @example
-700  */
-701 KJUR.asn1.tsp.TSPUtil.newTimeStampToken = function(param) {
-702     var nC = KJUR.asn1.cms;
-703     var nT = KJUR.asn1.tsp;
-704     var sd = new nC.SignedData();
-705 
-706     var dTSTInfo = new nT.TSTInfo(param.tstInfo);
-707     var tstInfoHex = dTSTInfo.getEncodedHex();
-708     sd.dEncapContentInfo.setContentValue({hex: tstInfoHex});
-709     sd.dEncapContentInfo.setContentType('tstinfo');
-710 
-711     if (typeof param.certs == "object") {
-712         for (var i = 0; i < param.certs.length; i++) {
-713             sd.addCertificatesByPEM(param.certs[i]);
-714         }
-715     }
-716 
-717     var si = sd.signerInfoList[0];
-718     si.setSignerIdentifier(param.signerCert);
-719     si.setForContentAndHash({sdObj: sd,
-720                              eciObj: sd.dEncapContentInfo,
-721                              hashAlg: param.hashAlg});
-722     var signingCertificate = 
-723         new nC.SigningCertificate({array: [param.signerCert]});
-724     si.dSignedAttrs.add(signingCertificate);
-725 
-726     si.sign(param.signerPrvKey, param.sigAlg);
-727 
-728     return sd;
-729 };
-730 
-731 /**
-732  * parse hexadecimal string of TimeStampReq
-733  * @name parseTimeStampReq
-734  * @memberOf KJUR.asn1.tsp.TSPUtil
-735  * @function
-736  * @param {String} hexadecimal string of TimeStampReq
-737  * @return {Array} JSON object of parsed parameters
-738  * @description
-739  * This method parses a hexadecimal string of TimeStampReq
-740  * and returns parsed their fields:
-741  * @example
-742  * var json = KJUR.asn1.tsp.TSPUtil.parseTimeStampReq("302602...");
-743  * // resulted DUMP of above 'json':
-744  * {mi: {hashAlg: 'sha256',          // MessageImprint hashAlg
-745  *       hashValue: 'a1a2a3a4...'},  // MessageImprint hashValue
-746  *  policy: '1.2.3.4.5',             // tsaPolicy (OPTION)
-747  *  nonce: '9abcf318...',            // nonce (OPTION)
-748  *  certreq: true}                   // certReq (OPTION)
-749  */
-750 KJUR.asn1.tsp.TSPUtil.parseTimeStampReq = function(reqHex) {
-751     var _ASN1HEX = ASN1HEX;
-752     var _getChildIdx = _ASN1HEX.getChildIdx;
-753     var _getV = _ASN1HEX.getV;
-754     var _getTLV = _ASN1HEX.getTLV;
-755     var json = {};
-756     json.certreq = false;
-757 
-758     var idxList = _getChildIdx(reqHex, 0);
-759 
-760     if (idxList.length < 2)
-761         throw "TimeStampReq must have at least 2 items";
-762 
-763     var miHex = _getTLV(reqHex, idxList[1]);
-764     json.mi = KJUR.asn1.tsp.TSPUtil.parseMessageImprint(miHex); 
-765 
-766     for (var i = 2; i < idxList.length; i++) {
-767         var idx = idxList[i];
-768         var tag = reqHex.substr(idx, 2);
-769         if (tag == "06") { // case OID
-770             var policyHex = _getV(reqHex, idx);
-771             json.policy = _ASN1HEX.hextooidstr(policyHex);
-772         }
-773         if (tag == "02") { // case INTEGER
-774             json.nonce = _getV(reqHex, idx);
-775         }
-776         if (tag == "01") { // case BOOLEAN
-777             json.certreq = true;
-778         }
-779     }
-780 
-781     return json;
-782 };
-783 
-784 /**
-785  * parse hexadecimal string of MessageImprint
-786  * @name parseMessageImprint
-787  * @memberOf KJUR.asn1.tsp.TSPUtil
-788  * @function
-789  * @param {String} hexadecimal string of MessageImprint
-790  * @return {Array} JSON object of parsed parameters
-791  * @description
-792  * This method parses a hexadecimal string of MessageImprint
-793  * and returns parsed their fields:
-794  * @example
-795  * var json = KJUR.asn1.tsp.TSPUtil.parseMessageImprint("302602...");
-796  * // resulted DUMP of above 'json':
-797  * {hashAlg: 'sha256',          // MessageImprint hashAlg
-798  *  hashValue: 'a1a2a3a4...'}   // MessageImprint hashValue
-799  */
-800 KJUR.asn1.tsp.TSPUtil.parseMessageImprint = function(miHex) {
-801     var _ASN1HEX = ASN1HEX;
-802     var _getChildIdx = _ASN1HEX.getChildIdx;
-803     var _getV = _ASN1HEX.getV;
-804     var _getIdxbyList = _ASN1HEX.getIdxbyList;
-805     var json = {};
-806 
-807     if (miHex.substr(0, 2) != "30")
-808         throw "head of messageImprint hex shall be '30'";
-809 
-810     var idxList = _getChildIdx(miHex, 0);
-811     var hashAlgOidIdx = _getIdxbyList(miHex, 0, [0, 0]);
-812     var hashAlgHex = _getV(miHex, hashAlgOidIdx);
-813     var hashAlgOid = _ASN1HEX.hextooidstr(hashAlgHex);
-814     var hashAlgName = KJUR.asn1.x509.OID.oid2name(hashAlgOid);
-815     if (hashAlgName == '')
-816         throw "hashAlg name undefined: " + hashAlgOid;
-817     var hashAlg = hashAlgName;
-818     var hashValueIdx = _getIdxbyList(miHex, 0, [1]);
-819 
-820     json.hashAlg = hashAlg;
-821     json.hashValue = _getV(miHex, hashValueIdx); 
-822 
-823     return json;
-824 };
-825 
-826 
\ No newline at end of file +635
KJUR.asn1.tsp.PKIFailureInfo.valueList = { +636 badAlg: 0, +637 badRequest: 2, +638 badDataFormat: 5, +639 timeNotAvailable: 14, +640 unacceptedPolicy: 15, +641 unacceptedExtension: 16, +642 addInfoNotAvailable: 17, +643 systemFailure: 25 +644 }; +645 +646 // --- END OF RFC 2510 CMP ------------------------------------------- +647 +648 /** +649 * abstract class for TimeStampToken generator +650 * @name KJUR.asn1.tsp.AbstractTSAAdapter +651 * @class abstract class for TimeStampToken generator +652 * @param {Array} params associative array of parameters +653 * @since jsrsasign 4.7.0 asn1tsp 1.0.1 +654 * @description +655 */ +656 KJUR.asn1.tsp.AbstractTSAAdapter = function(params) { +657 this.getTSTHex = function(msgHex, hashAlg) { +658 throw "not implemented yet"; +659 }; +660 }; +661 +662 /** +663 * class for simple TimeStampToken generator +664 * @name KJUR.asn1.tsp.SimpleTSAAdapter +665 * @class class for simple TimeStampToken generator +666 * @param {Array} params associative array of parameters +667 * @since jsrsasign 4.7.0 asn1tsp 1.0.1 +668 * @description +669 */ +670 KJUR.asn1.tsp.SimpleTSAAdapter = function(initParams) { +671 var _KJUR = KJUR, +672 _KJUR_asn1 = _KJUR.asn1, +673 _KJUR_asn1_tsp = _KJUR_asn1.tsp, +674 _hashHex = _KJUR.crypto.Util.hashHex; +675 +676 _KJUR_asn1_tsp.SimpleTSAAdapter.superclass.constructor.call(this); +677 this.params = null; +678 this.serial = 0; +679 +680 this.getTSTHex = function(msgHex, hashAlg) { +681 // messageImprint +682 var hashHex = _hashHex(msgHex, hashAlg); +683 this.params.tstInfo.messageImprint = +684 {hashAlg: hashAlg, hashValue: hashHex}; +685 +686 // serial +687 this.params.tstInfo.serialNumber = {'int': this.serial++}; +688 +689 // nonce +690 var nonceValue = Math.floor(Math.random() * 1000000000); +691 this.params.tstInfo.nonce = {'int': nonceValue}; +692 +693 var obj = +694 _KJUR_asn1_tsp.TSPUtil.newTimeStampToken(this.params); +695 return obj.getContentInfoEncodedHex(); +696 }; +697 +698 if (initParams !== undefined) { +699 this.params = initParams; +700 } +701 }; +702 YAHOO.lang.extend(KJUR.asn1.tsp.SimpleTSAAdapter, +703 KJUR.asn1.tsp.AbstractTSAAdapter); +704 +705 /** +706 * class for fixed TimeStampToken generator +707 * @name KJUR.asn1.tsp.FixedTSAAdapter +708 * @class class for fixed TimeStampToken generator +709 * @param {Array} params associative array of parameters +710 * @since jsrsasign 4.7.0 asn1tsp 1.0.1 +711 * @description +712 * This class generates fixed TimeStampToken except messageImprint +713 * for testing purpose. +714 * General TSA generates TimeStampToken which varies following +715 * fields: +716 * <ul> +717 * <li>genTime</li> +718 * <li>serialNumber</li> +719 * <li>nonce</li> +720 * </ul> +721 * Those values are provided by initial parameters. +722 */ +723 KJUR.asn1.tsp.FixedTSAAdapter = function(initParams) { +724 var _KJUR = KJUR, +725 _KJUR_asn1 = _KJUR.asn1, +726 _KJUR_asn1_tsp = _KJUR_asn1.tsp, +727 _hashHex = _KJUR.crypto.Util.hashHex; //o +728 +729 _KJUR_asn1_tsp.FixedTSAAdapter.superclass.constructor.call(this); +730 this.params = null; +731 +732 this.getTSTHex = function(msgHex, hashAlg) { +733 // fixed serialNumber +734 // fixed nonce +735 var hashHex = _hashHex(msgHex, hashAlg); +736 this.params.tstInfo.messageImprint = +737 {hashAlg: hashAlg, hashValue: hashHex}; +738 var obj = +739 _KJUR_asn1_tsp.TSPUtil.newTimeStampToken(this.params); +740 return obj.getContentInfoEncodedHex(); +741 }; +742 +743 if (initParams !== undefined) { +744 this.params = initParams; +745 } +746 }; +747 YAHOO.lang.extend(KJUR.asn1.tsp.FixedTSAAdapter, +748 KJUR.asn1.tsp.AbstractTSAAdapter); +749 +750 // --- TSP utilities ------------------------------------------------- +751 +752 /** +753 * TSP utiliteis class +754 * @name KJUR.asn1.tsp.TSPUtil +755 * @class TSP utilities class +756 */ +757 KJUR.asn1.tsp.TSPUtil = new function() { +758 }; +759 /** +760 * generate TimeStampToken ASN.1 object specified by JSON parameters +761 * @name newTimeStampToken +762 * @memberOf KJUR.asn1.tsp.TSPUtil +763 * @function +764 * @param {Array} param JSON parameter to generate TimeStampToken +765 * @return {KJUR.asn1.cms.SignedData} object just generated +766 * @description +767 * @example +768 */ +769 KJUR.asn1.tsp.TSPUtil.newTimeStampToken = function(param) { +770 var _KJUR = KJUR, +771 _KJUR_asn1 = _KJUR.asn1, +772 _KJUR_asn1_cms = _KJUR_asn1.cms, +773 _KJUR_asn1_tsp = _KJUR_asn1.tsp, +774 _TSTInfo = _KJUR_asn1.tsp.TSTInfo; +775 +776 var sd = new _KJUR_asn1_cms.SignedData(); +777 +778 var dTSTInfo = new _TSTInfo(param.tstInfo); +779 var tstInfoHex = dTSTInfo.getEncodedHex(); +780 sd.dEncapContentInfo.setContentValue({hex: tstInfoHex}); +781 sd.dEncapContentInfo.setContentType('tstinfo'); +782 +783 if (typeof param.certs == "object") { +784 for (var i = 0; i < param.certs.length; i++) { +785 sd.addCertificatesByPEM(param.certs[i]); +786 } +787 } +788 +789 var si = sd.signerInfoList[0]; +790 si.setSignerIdentifier(param.signerCert); +791 si.setForContentAndHash({sdObj: sd, +792 eciObj: sd.dEncapContentInfo, +793 hashAlg: param.hashAlg}); +794 var signingCertificate = +795 new _KJUR_asn1_cms.SigningCertificate({array: [param.signerCert]}); +796 si.dSignedAttrs.add(signingCertificate); +797 +798 si.sign(param.signerPrvKey, param.sigAlg); +799 +800 return sd; +801 }; +802 +803 /** +804 * parse hexadecimal string of TimeStampReq +805 * @name parseTimeStampReq +806 * @memberOf KJUR.asn1.tsp.TSPUtil +807 * @function +808 * @param {String} hexadecimal string of TimeStampReq +809 * @return {Array} JSON object of parsed parameters +810 * @description +811 * This method parses a hexadecimal string of TimeStampReq +812 * and returns parsed their fields: +813 * @example +814 * var json = KJUR.asn1.tsp.TSPUtil.parseTimeStampReq("302602..."); +815 * // resulted DUMP of above 'json': +816 * {mi: {hashAlg: 'sha256', // MessageImprint hashAlg +817 * hashValue: 'a1a2a3a4...'}, // MessageImprint hashValue +818 * policy: '1.2.3.4.5', // tsaPolicy (OPTION) +819 * nonce: '9abcf318...', // nonce (OPTION) +820 * certreq: true} // certReq (OPTION) +821 */ +822 KJUR.asn1.tsp.TSPUtil.parseTimeStampReq = function(reqHex) { +823 var _ASN1HEX = ASN1HEX; +824 var _getChildIdx = _ASN1HEX.getChildIdx; +825 var _getV = _ASN1HEX.getV; +826 var _getTLV = _ASN1HEX.getTLV; +827 var json = {}; +828 json.certreq = false; +829 +830 var idxList = _getChildIdx(reqHex, 0); +831 +832 if (idxList.length < 2) +833 throw "TimeStampReq must have at least 2 items"; +834 +835 var miHex = _getTLV(reqHex, idxList[1]); +836 json.mi = KJUR.asn1.tsp.TSPUtil.parseMessageImprint(miHex); +837 +838 for (var i = 2; i < idxList.length; i++) { +839 var idx = idxList[i]; +840 var tag = reqHex.substr(idx, 2); +841 if (tag == "06") { // case OID +842 var policyHex = _getV(reqHex, idx); +843 json.policy = _ASN1HEX.hextooidstr(policyHex); +844 } +845 if (tag == "02") { // case INTEGER +846 json.nonce = _getV(reqHex, idx); +847 } +848 if (tag == "01") { // case BOOLEAN +849 json.certreq = true; +850 } +851 } +852 +853 return json; +854 }; +855 +856 /** +857 * parse hexadecimal string of MessageImprint +858 * @name parseMessageImprint +859 * @memberOf KJUR.asn1.tsp.TSPUtil +860 * @function +861 * @param {String} hexadecimal string of MessageImprint +862 * @return {Array} JSON object of parsed parameters +863 * @description +864 * This method parses a hexadecimal string of MessageImprint +865 * and returns parsed their fields: +866 * @example +867 * var json = KJUR.asn1.tsp.TSPUtil.parseMessageImprint("302602..."); +868 * // resulted DUMP of above 'json': +869 * {hashAlg: 'sha256', // MessageImprint hashAlg +870 * hashValue: 'a1a2a3a4...'} // MessageImprint hashValue +871 */ +872 KJUR.asn1.tsp.TSPUtil.parseMessageImprint = function(miHex) { +873 var _ASN1HEX = ASN1HEX; +874 var _getChildIdx = _ASN1HEX.getChildIdx; +875 var _getV = _ASN1HEX.getV; +876 var _getIdxbyList = _ASN1HEX.getIdxbyList; +877 var json = {}; +878 +879 if (miHex.substr(0, 2) != "30") +880 throw "head of messageImprint hex shall be '30'"; +881 +882 var idxList = _getChildIdx(miHex, 0); +883 var hashAlgOidIdx = _getIdxbyList(miHex, 0, [0, 0]); +884 var hashAlgHex = _getV(miHex, hashAlgOidIdx); +885 var hashAlgOid = _ASN1HEX.hextooidstr(hashAlgHex); +886 var hashAlgName = KJUR.asn1.x509.OID.oid2name(hashAlgOid); +887 if (hashAlgName == '') +888 throw "hashAlg name undefined: " + hashAlgOid; +889 var hashAlg = hashAlgName; +890 var hashValueIdx = _getIdxbyList(miHex, 0, [1]); +891 +892 json.hashAlg = hashAlg; +893 json.hashValue = _getV(miHex, hashValueIdx); +894 +895 return json; +896 }; +897 +898
\ No newline at end of file diff --git a/api/symbols/src/asn1x509-1.0.js.html b/api/symbols/src/asn1x509-1.0.js.html index 212073e8..6757d998 100644 --- a/api/symbols/src/asn1x509-1.0.js.html +++ b/api/symbols/src/asn1x509-1.0.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
  1 /*! asn1x509-1.0.23.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* asn1x509-1.0.24.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1x509-1.0.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version 1.0.23 (2017-Apr-30)
+ 19  * @version 1.0.24 (2017-May-28)
  20  * @since jsrsasign 2.1
  21  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -124,2685 +124,2765 @@
 117  */
 118 KJUR.asn1.x509.Certificate = function(params) {
 119     KJUR.asn1.x509.Certificate.superclass.constructor.call(this);
-120     var asn1TBSCert = null;
-121     var asn1SignatureAlg = null;
-122     var asn1Sig = null;
-123     var hexSig = null;
-124     var prvKey = null;
-125     var rsaPrvKey = null; // DEPRECATED
-126 
-127     /**
-128      * (DEPRECATED) set PKCS#5 encrypted RSA PEM private key as CA key
-129      * @name setRsaPrvKeyByPEMandPass
-130      * @memberOf KJUR.asn1.x509.Certificate#
-131      * @function
-132      * @param {String} rsaPEM string of PKCS#5 encrypted RSA PEM private key
-133      * @param {String} passPEM passcode string to decrypt private key
-134      * @since 1.0.1
-135      * @deprecated 
-136      * @description
-137      * <br/>
-138      * <h4>EXAMPLES</h4>
-139      * @example
-140      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs});
-141      * cert.setRsaPrvKeyByPEMandPass("-----BEGIN RSA PRIVATE..(snip)", "password");
-142      */
-143     this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) {
-144         var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM);
-145         var caKey = new RSAKey();
-146         caKey.readPrivateKeyFromASN1HexString(caKeyHex);
-147         this.prvKey = caKey;
-148     };
-149 
-150     /**
-151      * sign TBSCertificate and set signature value internally
-152      * @name sign
-153      * @memberOf KJUR.asn1.x509.Certificate#
-154      * @function
-155      * @description
-156      * @example
-157      * var cert = new KJUR.asn1.x509.Certificate({tbscertobj: tbs, prvkeyobj: prvKey});
-158      * cert.sign();
-159      */
-160     this.sign = function() {
-161         this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg;
-162 	
-163         var sig = new KJUR.crypto.Signature({alg: this.asn1SignatureAlg.nameAlg});
-164         sig.init(this.prvKey);
-165         sig.updateHex(this.asn1TBSCert.getEncodedHex());
-166         this.hexSig = sig.sign();
-167 
-168         this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
-169 
-170         var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCert,
-171                                                        this.asn1SignatureAlg,
-172                                                        this.asn1Sig]});
-173         this.hTLV = seq.getEncodedHex();
-174         this.isModified = false;
-175     };
-176 
-177     /**
-178      * set signature value internally by hex string
-179      * @name setSignatureHex
-180      * @memberOf KJUR.asn1.x509.Certificate#
-181      * @function
-182      * @since asn1x509 1.0.8
-183      * @description
-184      * @example
-185      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs});
-186      * cert.setSignatureHex('01020304');
-187      */
-188     this.setSignatureHex = function(sigHex) {
-189         this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg;
-190         this.hexSig = sigHex;
-191         this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
-192 
-193         var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCert,
-194                                                        this.asn1SignatureAlg,
-195                                                        this.asn1Sig]});
-196         this.hTLV = seq.getEncodedHex();
-197         this.isModified = false;
-198     };
-199 
-200     this.getEncodedHex = function() {
-201         if (this.isModified == false && this.hTLV != null) return this.hTLV;
-202         throw "not signed yet";
+120     var asn1TBSCert = null,
+121 	asn1SignatureAlg = null,
+122 	asn1Sig = null,
+123 	hexSig = null,
+124         prvKey = null,
+125         rsaPrvKey = null, // DEPRECATED
+126 	_KJUR = KJUR,
+127 	_KJUR_crypto = _KJUR.crypto,
+128 	_KJUR_asn1 = _KJUR.asn1,
+129 	_DERSequence = _KJUR_asn1.DERSequence,
+130 	_DERBitString = _KJUR_asn1.DERBitString;
+131 
+132     /**
+133      * (DEPRECATED) set PKCS#5 encrypted RSA PEM private key as CA key
+134      * @name setRsaPrvKeyByPEMandPass
+135      * @memberOf KJUR.asn1.x509.Certificate#
+136      * @function
+137      * @param {String} rsaPEM string of PKCS#5 encrypted RSA PEM private key
+138      * @param {String} passPEM passcode string to decrypt private key
+139      * @since 1.0.1
+140      * @deprecated 
+141      * @description
+142      * <br/>
+143      * <h4>EXAMPLES</h4>
+144      * @example
+145      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs});
+146      * cert.setRsaPrvKeyByPEMandPass("-----BEGIN RSA PRIVATE..(snip)", "password");
+147      */
+148     this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) {
+149         var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM);
+150         var caKey = new RSAKey();
+151         caKey.readPrivateKeyFromASN1HexString(caKeyHex);
+152         this.prvKey = caKey;
+153     };
+154 
+155     /**
+156      * sign TBSCertificate and set signature value internally
+157      * @name sign
+158      * @memberOf KJUR.asn1.x509.Certificate#
+159      * @function
+160      * @description
+161      * @example
+162      * var cert = new KJUR.asn1.x509.Certificate({tbscertobj: tbs, prvkeyobj: prvKey});
+163      * cert.sign();
+164      */
+165     this.sign = function() {
+166         this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg;
+167 	
+168         var sig = new KJUR.crypto.Signature({alg: this.asn1SignatureAlg.nameAlg});
+169         sig.init(this.prvKey);
+170         sig.updateHex(this.asn1TBSCert.getEncodedHex());
+171         this.hexSig = sig.sign();
+172 
+173         this.asn1Sig = new _DERBitString({'hex': '00' + this.hexSig});
+174 
+175         var seq = new _DERSequence({'array': [this.asn1TBSCert,
+176                                               this.asn1SignatureAlg,
+177                                               this.asn1Sig]});
+178         this.hTLV = seq.getEncodedHex();
+179         this.isModified = false;
+180     };
+181 
+182     /**
+183      * set signature value internally by hex string
+184      * @name setSignatureHex
+185      * @memberOf KJUR.asn1.x509.Certificate#
+186      * @function
+187      * @since asn1x509 1.0.8
+188      * @description
+189      * @example
+190      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs});
+191      * cert.setSignatureHex('01020304');
+192      */
+193     this.setSignatureHex = function(sigHex) {
+194         this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg;
+195         this.hexSig = sigHex;
+196         this.asn1Sig = new _DERBitString({'hex': '00' + this.hexSig});
+197 
+198         var seq = new _DERSequence({'array': [this.asn1TBSCert,
+199                                               this.asn1SignatureAlg,
+200                                               this.asn1Sig]});
+201         this.hTLV = seq.getEncodedHex();
+202         this.isModified = false;
 203     };
 204 
-205     /**
-206      * get PEM formatted certificate string after signed
-207      * @name getPEMString
-208      * @memberOf KJUR.asn1.x509.Certificate#
-209      * @function
-210      * @return PEM formatted string of certificate
-211      * @description
-212      * @example
-213      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs, 'rsaprvkey': prvKey});
-214      * cert.sign();
-215      * var sPEM = cert.getPEMString();
-216      */
-217     this.getPEMString = function() {
-218         var hCert = this.getEncodedHex();
-219         var wCert = CryptoJS.enc.Hex.parse(hCert);
-220         var b64Cert = CryptoJS.enc.Base64.stringify(wCert);
-221         var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n");
-222         return "-----BEGIN CERTIFICATE-----\r\n" + pemBody + "\r\n-----END CERTIFICATE-----\r\n";
-223     };
-224 
-225     if (params !== undefined) {
-226         if (params.tbscertobj !== undefined) {
-227             this.asn1TBSCert = params.tbscertobj;
-228         }
-229         if (params.prvkeyobj !== undefined) {
-230             this.prvKey = params.prvkeyobj;
-231         } else if (params.rsaprvkey !== undefined) {
-232             this.prvKey = params.rsaprvkey;
-233         } else if ((params.rsaprvpem !== undefined) &&
-234                    (params.rsaprvpas !== undefined)) {
-235             this.setRsaPrvKeyByPEMandPass(params.rsaprvpem, params.rsaprvpas);
-236         }
-237     }
-238 };
-239 YAHOO.lang.extend(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object);
-240 
-241 /**
-242  * ASN.1 TBSCertificate structure class
-243  * @name KJUR.asn1.x509.TBSCertificate
-244  * @class ASN.1 TBSCertificate structure class
-245  * @param {Array} params associative array of parameters (ex. {})
-246  * @extends KJUR.asn1.ASN1Object
-247  * @description
-248  * <br/>
-249  * <h4>EXAMPLE</h4>
-250  * @example
-251  *  var o = new KJUR.asn1.x509.TBSCertificate();
-252  *  o.setSerialNumberByParam({'int': 4});
-253  *  o.setSignatureAlgByParam({'name': 'SHA1withRSA'});
-254  *  o.setIssuerByParam({'str': '/C=US/O=a'});
-255  *  o.setNotBeforeByParam({'str': '130504235959Z'});
-256  *  o.setNotAfterByParam({'str': '140504235959Z'});
-257  *  o.setSubjectByParam({'str': '/C=US/CN=b'});
-258  *  o.setSubjectPublicKeyByParam({'rsakey': rsaKey});
-259  *  o.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA':true}));
-260  *  o.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
-261  */
-262 KJUR.asn1.x509.TBSCertificate = function(params) {
-263     KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this);
-264 
-265     this._initialize = function() {
-266         this.asn1Array = new Array();
-267 
-268         this.asn1Version =
-269             new KJUR.asn1.DERTaggedObject({'obj': new KJUR.asn1.DERInteger({'int': 2})});
-270         this.asn1SerialNumber = null;
-271         this.asn1SignatureAlg = null;
-272         this.asn1Issuer = null;
-273         this.asn1NotBefore = null;
-274         this.asn1NotAfter = null;
-275         this.asn1Subject = null;
-276         this.asn1SubjPKey = null;
-277         this.extensionsArray = new Array();
-278     };
-279 
-280     /**
-281      * set serial number field by parameter
-282      * @name setSerialNumberByParam
-283      * @memberOf KJUR.asn1.x509.TBSCertificate#
-284      * @function
-285      * @param {Array} intParam DERInteger param
-286      * @description
-287      * @example
-288      * tbsc.setSerialNumberByParam({'int': 3});
-289      */
-290     this.setSerialNumberByParam = function(intParam) {
-291         this.asn1SerialNumber = new KJUR.asn1.DERInteger(intParam);
+205     this.getEncodedHex = function() {
+206         if (this.isModified == false && this.hTLV != null) return this.hTLV;
+207         throw "not signed yet";
+208     };
+209 
+210     /**
+211      * get PEM formatted certificate string after signed
+212      * @name getPEMString
+213      * @memberOf KJUR.asn1.x509.Certificate#
+214      * @function
+215      * @return PEM formatted string of certificate
+216      * @description
+217      * @example
+218      * var cert = new KJUR.asn1.x509.Certificate({'tbscertobj': tbs, 'rsaprvkey': prvKey});
+219      * cert.sign();
+220      * var sPEM = cert.getPEMString();
+221      */
+222     this.getPEMString = function() {
+223 	var pemBody = hextob64nl(this.getEncodedHex());
+224         return "-----BEGIN CERTIFICATE-----\r\n" + 
+225 	    pemBody + 
+226 	    "\r\n-----END CERTIFICATE-----\r\n";
+227     };
+228 
+229     if (params !== undefined) {
+230         if (params.tbscertobj !== undefined) {
+231             this.asn1TBSCert = params.tbscertobj;
+232         }
+233         if (params.prvkeyobj !== undefined) {
+234             this.prvKey = params.prvkeyobj;
+235         } else if (params.rsaprvkey !== undefined) {
+236             this.prvKey = params.rsaprvkey;
+237         } else if ((params.rsaprvpem !== undefined) &&
+238                    (params.rsaprvpas !== undefined)) {
+239             this.setRsaPrvKeyByPEMandPass(params.rsaprvpem, params.rsaprvpas);
+240         }
+241     }
+242 };
+243 YAHOO.lang.extend(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object);
+244 
+245 /**
+246  * ASN.1 TBSCertificate structure class
+247  * @name KJUR.asn1.x509.TBSCertificate
+248  * @class ASN.1 TBSCertificate structure class
+249  * @param {Array} params associative array of parameters (ex. {})
+250  * @extends KJUR.asn1.ASN1Object
+251  * @description
+252  * <br/>
+253  * <h4>EXAMPLE</h4>
+254  * @example
+255  *  var o = new KJUR.asn1.x509.TBSCertificate();
+256  *  o.setSerialNumberByParam({'int': 4});
+257  *  o.setSignatureAlgByParam({'name': 'SHA1withRSA'});
+258  *  o.setIssuerByParam({'str': '/C=US/O=a'});
+259  *  o.setNotBeforeByParam({'str': '130504235959Z'});
+260  *  o.setNotAfterByParam({'str': '140504235959Z'});
+261  *  o.setSubjectByParam({'str': '/C=US/CN=b'});
+262  *  o.setSubjectPublicKeyByParam({'rsakey': rsaKey});
+263  *  o.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA':true}));
+264  *  o.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
+265  */
+266 KJUR.asn1.x509.TBSCertificate = function(params) {
+267     KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this);
+268 
+269     var _KJUR = KJUR,
+270 	_KJUR_asn1 = _KJUR.asn1,
+271 	_DERSequence = _KJUR_asn1.DERSequence,
+272 	_DERInteger = _KJUR_asn1.DERInteger,
+273 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
+274 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+275 	_Time = _KJUR_asn1_x509.Time,
+276 	_X500Name = _KJUR_asn1_x509.X500Name,
+277 	_SubjectPublicKeyInfo = _KJUR_asn1_x509.SubjectPublicKeyInfo;
+278 
+279     this._initialize = function() {
+280         this.asn1Array = new Array();
+281 
+282         this.asn1Version =
+283             new _DERTaggedObject({'obj': new _DERInteger({'int': 2})});
+284         this.asn1SerialNumber = null;
+285         this.asn1SignatureAlg = null;
+286         this.asn1Issuer = null;
+287         this.asn1NotBefore = null;
+288         this.asn1NotAfter = null;
+289         this.asn1Subject = null;
+290         this.asn1SubjPKey = null;
+291         this.extensionsArray = new Array();
 292     };
 293 
 294     /**
-295      * set signature algorithm field by parameter
-296      * @name setSignatureAlgByParam
+295      * set serial number field by parameter
+296      * @name setSerialNumberByParam
 297      * @memberOf KJUR.asn1.x509.TBSCertificate#
 298      * @function
-299      * @param {Array} algIdParam AlgorithmIdentifier parameter
+299      * @param {Array} intParam DERInteger param
 300      * @description
 301      * @example
-302      * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
+302      * tbsc.setSerialNumberByParam({'int': 3});
 303      */
-304     this.setSignatureAlgByParam = function(algIdParam) {
-305         this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam);
+304     this.setSerialNumberByParam = function(intParam) {
+305         this.asn1SerialNumber = new _DERInteger(intParam);
 306     };
 307 
 308     /**
-309      * set issuer name field by parameter
-310      * @name setIssuerByParam
+309      * set signature algorithm field by parameter
+310      * @name setSignatureAlgByParam
 311      * @memberOf KJUR.asn1.x509.TBSCertificate#
 312      * @function
-313      * @param {Array} x500NameParam X500Name parameter
+313      * @param {Array} algIdParam AlgorithmIdentifier parameter
 314      * @description
 315      * @example
-316      * tbsc.setIssuerParam({'str': '/C=US/CN=b'});
-317      * @see KJUR.asn1.x509.X500Name
-318      */
-319     this.setIssuerByParam = function(x500NameParam) {
-320         this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam);
-321     };
-322 
-323     /**
-324      * set notBefore field by parameter
-325      * @name setNotBeforeByParam
-326      * @memberOf KJUR.asn1.x509.TBSCertificate#
-327      * @function
-328      * @param {Array} timeParam Time parameter
-329      * @description
-330      * @example
-331      * tbsc.setNotBeforeByParam({'str': '130508235959Z'});
-332      * @see KJUR.asn1.x509.Time
-333      */
-334     this.setNotBeforeByParam = function(timeParam) {
-335         this.asn1NotBefore = new KJUR.asn1.x509.Time(timeParam);
-336     };
-337 
-338     /**
-339      * set notAfter field by parameter
-340      * @name setNotAfterByParam
-341      * @memberOf KJUR.asn1.x509.TBSCertificate#
-342      * @function
-343      * @param {Array} timeParam Time parameter
-344      * @description
-345      * @example
-346      * tbsc.setNotAfterByParam({'str': '130508235959Z'});
-347      * @see KJUR.asn1.x509.Time
-348      */
-349     this.setNotAfterByParam = function(timeParam) {
-350         this.asn1NotAfter = new KJUR.asn1.x509.Time(timeParam);
-351     };
-352 
-353     /**
-354      * set subject name field by parameter
-355      * @name setSubjectByParam
-356      * @memberOf KJUR.asn1.x509.TBSCertificate#
-357      * @function
-358      * @param {Array} x500NameParam X500Name parameter
-359      * @description
-360      * @example
-361      * tbsc.setSubjectParam({'str': '/C=US/CN=b'});
-362      * @see KJUR.asn1.x509.X500Name
-363      */
-364     this.setSubjectByParam = function(x500NameParam) {
-365         this.asn1Subject = new KJUR.asn1.x509.X500Name(x500NameParam);
-366     };
-367 
-368     /**
-369      * (DEPRECATED) set subject public key info field by RSA key parameter
-370      * @name setSubjectPublicKeyByParam
-371      * @memberOf KJUR.asn1.x509.TBSCertificate#
-372      * @function
-373      * @param {Array} subjPKeyParam SubjectPublicKeyInfo parameter of RSA
-374      * @deprecated
-375      * @description
-376      * @example
-377      * tbsc.setSubjectPublicKeyByParam({'rsakey': pubKey});
-378      * @see KJUR.asn1.x509.SubjectPublicKeyInfo
-379      */
-380     this.setSubjectPublicKeyByParam = function(subjPKeyParam) {
-381         this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(subjPKeyParam);
-382     };
-383 
-384     /**
-385      * set subject public key info by RSA/ECDSA/DSA key parameter
-386      * @name setSubjectPublicKeyByGetKey
-387      * @memberOf KJUR.asn1.x509.TBSCertificate
-388      * @function
-389      * @param {Object} keyParam public key parameter which passed to {@link KEYUTIL.getKey} argument
-390      * @description
-391      * @example
-392      * tbsc.setSubjectPublicKeyByGetKeyParam(certPEMString); // or
-393      * tbsc.setSubjectPublicKeyByGetKeyParam(pkcs8PublicKeyPEMString); // or
-394      * tbsc.setSubjectPublicKeyByGetKeyParam(kjurCryptoECDSAKeyObject); // et.al.
-395      * @see KJUR.asn1.x509.SubjectPublicKeyInfo
-396      * @see KEYUTIL.getKey
-397      * @since asn1x509 1.0.6
-398      */
-399     this.setSubjectPublicKeyByGetKey = function(keyParam) {
-400         var keyObj = KEYUTIL.getKey(keyParam);
-401         this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObj);
-402     };
-403 
-404     /**
-405      * append X.509v3 extension to this object
-406      * @name appendExtension
-407      * @memberOf KJUR.asn1.x509.TBSCertificate#
-408      * @function
-409      * @param {Extension} extObj X.509v3 Extension object
-410      * @description
-411      * @example
-412      * tbsc.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA':true, 'critical': true}));
-413      * tbsc.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
-414      * @see KJUR.asn1.x509.Extension
-415      */
-416     this.appendExtension = function(extObj) {
-417         this.extensionsArray.push(extObj);
-418     };
-419 
-420     /**
-421      * append X.509v3 extension to this object by name and parameters
-422      * @name appendExtensionByName
-423      * @memberOf KJUR.asn1.x509.TBSCertificate#
-424      * @function
-425      * @param {name} name name of X.509v3 Extension object
-426      * @param {Array} extParams parameters as argument of Extension constructor.
-427      * @description
-428      * @example
-429      * var o = new KJUR.asn1.x509.TBSCertificate();
-430      * o.appendExtensionByName('BasicConstraints', {'cA':true, 'critical': true});
-431      * o.appendExtensionByName('KeyUsage', {'bin':'11'});
-432      * o.appendExtensionByName('CRLDistributionPoints', {uri: 'http://aaa.com/a.crl'});
-433      * o.appendExtensionByName('ExtKeyUsage', {array: [{name: 'clientAuth'}]});
-434      * o.appendExtensionByName('AuthorityKeyIdentifier', {kid: '1234ab..'});
-435      * o.appendExtensionByName('AuthorityInfoAccess', {array: [{accessMethod:{oid:...},accessLocation:{uri:...}}]});
-436      * @see KJUR.asn1.x509.Extension
-437      */
-438     this.appendExtensionByName = function(name, extParams) {
-439 	KJUR.asn1.x509.Extension.appendByNameToArray(name,
-440 						     extParams,
-441 						     this.extensionsArray);
-442     };
-443 
-444     this.getEncodedHex = function() {
-445         if (this.asn1NotBefore == null || this.asn1NotAfter == null)
-446             throw "notBefore and/or notAfter not set";
-447         var asn1Validity =
-448             new KJUR.asn1.DERSequence({'array':[this.asn1NotBefore, this.asn1NotAfter]});
-449 
-450         this.asn1Array = new Array();
-451 
-452         this.asn1Array.push(this.asn1Version);
-453         this.asn1Array.push(this.asn1SerialNumber);
-454         this.asn1Array.push(this.asn1SignatureAlg);
-455         this.asn1Array.push(this.asn1Issuer);
-456         this.asn1Array.push(asn1Validity);
-457         this.asn1Array.push(this.asn1Subject);
-458         this.asn1Array.push(this.asn1SubjPKey);
-459 
-460         if (this.extensionsArray.length > 0) {
-461             var extSeq = new KJUR.asn1.DERSequence({"array": this.extensionsArray});
-462             var extTagObj = new KJUR.asn1.DERTaggedObject({'explicit': true,
-463                                                            'tag': 'a3',
-464                                                            'obj': extSeq});
-465             this.asn1Array.push(extTagObj);
-466         }
-467 
-468         var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
-469         this.hTLV = o.getEncodedHex();
-470         this.isModified = false;
-471         return this.hTLV;
-472     };
+316      * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
+317      */
+318     this.setSignatureAlgByParam = function(algIdParam) {
+319         this.asn1SignatureAlg = new _KJUR_asn1_x509.AlgorithmIdentifier(algIdParam);
+320     };
+321 
+322     /**
+323      * set issuer name field by parameter
+324      * @name setIssuerByParam
+325      * @memberOf KJUR.asn1.x509.TBSCertificate#
+326      * @function
+327      * @param {Array} x500NameParam X500Name parameter
+328      * @description
+329      * @example
+330      * tbsc.setIssuerParam({'str': '/C=US/CN=b'});
+331      * @see KJUR.asn1.x509.X500Name
+332      */
+333     this.setIssuerByParam = function(x500NameParam) {
+334         this.asn1Issuer = new _X500Name(x500NameParam);
+335     };
+336 
+337     /**
+338      * set notBefore field by parameter
+339      * @name setNotBeforeByParam
+340      * @memberOf KJUR.asn1.x509.TBSCertificate#
+341      * @function
+342      * @param {Array} timeParam Time parameter
+343      * @description
+344      * @example
+345      * tbsc.setNotBeforeByParam({'str': '130508235959Z'});
+346      * @see KJUR.asn1.x509.Time
+347      */
+348     this.setNotBeforeByParam = function(timeParam) {
+349         this.asn1NotBefore = new _Time(timeParam);
+350     };
+351 
+352     /**
+353      * set notAfter field by parameter
+354      * @name setNotAfterByParam
+355      * @memberOf KJUR.asn1.x509.TBSCertificate#
+356      * @function
+357      * @param {Array} timeParam Time parameter
+358      * @description
+359      * @example
+360      * tbsc.setNotAfterByParam({'str': '130508235959Z'});
+361      * @see KJUR.asn1.x509.Time
+362      */
+363     this.setNotAfterByParam = function(timeParam) {
+364         this.asn1NotAfter = new _Time(timeParam);
+365     };
+366 
+367     /**
+368      * set subject name field by parameter
+369      * @name setSubjectByParam
+370      * @memberOf KJUR.asn1.x509.TBSCertificate#
+371      * @function
+372      * @param {Array} x500NameParam X500Name parameter
+373      * @description
+374      * @example
+375      * tbsc.setSubjectParam({'str': '/C=US/CN=b'});
+376      * @see KJUR.asn1.x509.X500Name
+377      */
+378     this.setSubjectByParam = function(x500NameParam) {
+379         this.asn1Subject = new _X500Name(x500NameParam);
+380     };
+381 
+382     /**
+383      * (DEPRECATED) set subject public key info field by RSA key parameter
+384      * @name setSubjectPublicKeyByParam
+385      * @memberOf KJUR.asn1.x509.TBSCertificate#
+386      * @function
+387      * @param {Array} subjPKeyParam SubjectPublicKeyInfo parameter of RSA
+388      * @deprecated
+389      * @description
+390      * @example
+391      * tbsc.setSubjectPublicKeyByParam({'rsakey': pubKey});
+392      * @see KJUR.asn1.x509.SubjectPublicKeyInfo
+393      */
+394     this.setSubjectPublicKeyByParam = function(subjPKeyParam) {
+395         this.asn1SubjPKey = new _SubjectPublicKeyInfo(subjPKeyParam);
+396     };
+397 
+398     /**
+399      * set subject public key info by RSA/ECDSA/DSA key parameter
+400      * @name setSubjectPublicKeyByGetKey
+401      * @memberOf KJUR.asn1.x509.TBSCertificate
+402      * @function
+403      * @param {Object} keyParam public key parameter which passed to {@link KEYUTIL.getKey} argument
+404      * @description
+405      * @example
+406      * tbsc.setSubjectPublicKeyByGetKeyParam(certPEMString); // or
+407      * tbsc.setSubjectPublicKeyByGetKeyParam(pkcs8PublicKeyPEMString); // or
+408      * tbsc.setSubjectPublicKeyByGetKeyParam(kjurCryptoECDSAKeyObject); // et.al.
+409      * @see KJUR.asn1.x509.SubjectPublicKeyInfo
+410      * @see KEYUTIL.getKey
+411      * @since asn1x509 1.0.6
+412      */
+413     this.setSubjectPublicKeyByGetKey = function(keyParam) {
+414         var keyObj = KEYUTIL.getKey(keyParam);
+415         this.asn1SubjPKey = new _SubjectPublicKeyInfo(keyObj);
+416     };
+417 
+418     /**
+419      * append X.509v3 extension to this object
+420      * @name appendExtension
+421      * @memberOf KJUR.asn1.x509.TBSCertificate#
+422      * @function
+423      * @param {Extension} extObj X.509v3 Extension object
+424      * @description
+425      * @example
+426      * tbsc.appendExtension(new KJUR.asn1.x509.BasicConstraints({'cA':true, 'critical': true}));
+427      * tbsc.appendExtension(new KJUR.asn1.x509.KeyUsage({'bin':'11'}));
+428      * @see KJUR.asn1.x509.Extension
+429      */
+430     this.appendExtension = function(extObj) {
+431         this.extensionsArray.push(extObj);
+432     };
+433 
+434     /**
+435      * append X.509v3 extension to this object by name and parameters
+436      * @name appendExtensionByName
+437      * @memberOf KJUR.asn1.x509.TBSCertificate#
+438      * @function
+439      * @param {name} name name of X.509v3 Extension object
+440      * @param {Array} extParams parameters as argument of Extension constructor.
+441      * @description
+442      * @example
+443      * var o = new KJUR.asn1.x509.TBSCertificate();
+444      * o.appendExtensionByName('BasicConstraints', {'cA':true, 'critical': true});
+445      * o.appendExtensionByName('KeyUsage', {'bin':'11'});
+446      * o.appendExtensionByName('CRLDistributionPoints', {uri: 'http://aaa.com/a.crl'});
+447      * o.appendExtensionByName('ExtKeyUsage', {array: [{name: 'clientAuth'}]});
+448      * o.appendExtensionByName('AuthorityKeyIdentifier', {kid: '1234ab..'});
+449      * o.appendExtensionByName('AuthorityInfoAccess', {array: [{accessMethod:{oid:...},accessLocation:{uri:...}}]});
+450      * @see KJUR.asn1.x509.Extension
+451      */
+452     this.appendExtensionByName = function(name, extParams) {
+453 	KJUR.asn1.x509.Extension.appendByNameToArray(name,
+454 						     extParams,
+455 						     this.extensionsArray);
+456     };
+457 
+458     this.getEncodedHex = function() {
+459         if (this.asn1NotBefore == null || this.asn1NotAfter == null)
+460             throw "notBefore and/or notAfter not set";
+461         var asn1Validity =
+462             new _DERSequence({'array':[this.asn1NotBefore, this.asn1NotAfter]});
+463 
+464         this.asn1Array = new Array();
+465 
+466         this.asn1Array.push(this.asn1Version);
+467         this.asn1Array.push(this.asn1SerialNumber);
+468         this.asn1Array.push(this.asn1SignatureAlg);
+469         this.asn1Array.push(this.asn1Issuer);
+470         this.asn1Array.push(asn1Validity);
+471         this.asn1Array.push(this.asn1Subject);
+472         this.asn1Array.push(this.asn1SubjPKey);
 473 
-474     this._initialize();
-475 };
-476 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate, KJUR.asn1.ASN1Object);
-477 
-478 // === END   TBSCertificate ===================================================
-479 
-480 // === BEGIN X.509v3 Extensions Related =======================================
+474         if (this.extensionsArray.length > 0) {
+475             var extSeq = new _DERSequence({"array": this.extensionsArray});
+476             var extTagObj = new _DERTaggedObject({'explicit': true,
+477                                                   'tag': 'a3',
+478                                                   'obj': extSeq});
+479             this.asn1Array.push(extTagObj);
+480         }
 481 
-482 /**
-483  * base Extension ASN.1 structure class
-484  * @name KJUR.asn1.x509.Extension
-485  * @class base Extension ASN.1 structure class
-486  * @param {Array} params associative array of parameters (ex. {'critical': true})
-487  * @extends KJUR.asn1.ASN1Object
-488  * @description
-489  * @example
-490  * // Extension  ::=  SEQUENCE  {
-491  * //     extnID      OBJECT IDENTIFIER,
-492  * //     critical    BOOLEAN DEFAULT FALSE,
-493  * //     extnValue   OCTET STRING  }
-494  */
-495 KJUR.asn1.x509.Extension = function(params) {
-496     KJUR.asn1.x509.Extension.superclass.constructor.call(this);
-497     var asn1ExtnValue = null;
-498 
-499     this.getEncodedHex = function() {
-500         var asn1Oid = new KJUR.asn1.DERObjectIdentifier({'oid': this.oid});
-501         var asn1EncapExtnValue =
-502             new KJUR.asn1.DEROctetString({'hex': this.getExtnValueHex()});
-503 
-504         var asn1Array = new Array();
-505         asn1Array.push(asn1Oid);
-506         if (this.critical) asn1Array.push(new KJUR.asn1.DERBoolean());
-507         asn1Array.push(asn1EncapExtnValue);
-508 
-509         var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array});
-510         return asn1Seq.getEncodedHex();
-511     };
-512 
-513     this.critical = false;
-514     if (typeof params != "undefined") {
-515         if (typeof params['critical'] != "undefined") {
-516             this.critical = params['critical'];
-517         }
-518     }
-519 };
-520 YAHOO.lang.extend(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object);
-521 
-522 /**
-523  * append X.509v3 extension to any specified array<br/>
-524  * @name appendByNameToArray
-525  * @memberOf KJUR.asn1.x509.Extension
-526  * @function
-527  * @param {String} name X.509v3 extension name
-528  * @param {Object} extParams associative array of extension parameters
-529  * @param {Array} a array to add specified extension
-530  * @see KJUR.asn1.x509.Extension
-531  * @since jsrsasign 6.2.3 asn1x509 1.0.19
-532  * @description
-533  * This static function add a X.509v3 extension specified by name and extParams to
-534  * array 'a' so that 'a' will be an array of X.509v3 extension objects.
-535  * @example
-536  * var a = new Array();
-537  * KJUR.asn1.x509.Extension.appendByNameToArray("BasicConstraints", {'cA':true, 'critical': true}, a);
-538  * KJUR.asn1.x509.Extension.appendByNameToArray("KeyUsage", {'bin':'11'}, a);
-539  */
-540 KJUR.asn1.x509.Extension.appendByNameToArray = function(name, extParams, a) {
-541     if (name.toLowerCase() == "basicconstraints") {
-542         var extObj = new KJUR.asn1.x509.BasicConstraints(extParams);
-543         a.push(extObj);
-544     } else if (name.toLowerCase() == "keyusage") {
-545         var extObj = new KJUR.asn1.x509.KeyUsage(extParams);
-546         a.push(extObj);
-547     } else if (name.toLowerCase() == "crldistributionpoints") {
-548         var extObj = new KJUR.asn1.x509.CRLDistributionPoints(extParams);
-549         a.push(extObj);
-550     } else if (name.toLowerCase() == "extkeyusage") {
-551         var extObj = new KJUR.asn1.x509.ExtKeyUsage(extParams);
-552         a.push(extObj);
-553     } else if (name.toLowerCase() == "authoritykeyidentifier") {
-554         var extObj = new KJUR.asn1.x509.AuthorityKeyIdentifier(extParams);
-555         a.push(extObj);
-556     } else if (name.toLowerCase() == "authorityinfoaccess") {
-557         var extObj = new KJUR.asn1.x509.AuthorityInfoAccess(extParams);
-558         a.push(extObj);
-559     } else if (name.toLowerCase() == "subjectaltname") {
-560         var extObj = new KJUR.asn1.x509.SubjectAltName(extParams);
-561         a.push(extObj);
-562     } else if (name.toLowerCase() == "issueraltname") {
-563         var extObj = new KJUR.asn1.x509.IssuerAltName(extParams);
-564         a.push(extObj);
-565     } else {
-566         throw "unsupported extension name: " + name;
-567     }
-568 };
-569 
-570 /**
-571  * KeyUsage ASN.1 structure class
-572  * @name KJUR.asn1.x509.KeyUsage
-573  * @class KeyUsage ASN.1 structure class
-574  * @param {Array} params associative array of parameters (ex. {'bin': '11', 'critical': true})
-575  * @extends KJUR.asn1.x509.Extension
-576  * @description
-577  * @example
-578  */
-579 KJUR.asn1.x509.KeyUsage = function(params) {
-580     KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this, params);
-581 
-582     this.getExtnValueHex = function() {
-583         return this.asn1ExtnValue.getEncodedHex();
-584     };
-585 
-586     this.oid = "2.5.29.15";
-587     if (typeof params != "undefined") {
-588         if (typeof params['bin'] != "undefined") {
-589             this.asn1ExtnValue = new KJUR.asn1.DERBitString(params);
-590         }
+482         var o = new _DERSequence({"array": this.asn1Array});
+483         this.hTLV = o.getEncodedHex();
+484         this.isModified = false;
+485         return this.hTLV;
+486     };
+487 
+488     this._initialize();
+489 };
+490 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate, KJUR.asn1.ASN1Object);
+491 
+492 // === END   TBSCertificate ===================================================
+493 
+494 // === BEGIN X.509v3 Extensions Related =======================================
+495 
+496 /**
+497  * base Extension ASN.1 structure class
+498  * @name KJUR.asn1.x509.Extension
+499  * @class base Extension ASN.1 structure class
+500  * @param {Array} params associative array of parameters (ex. {'critical': true})
+501  * @extends KJUR.asn1.ASN1Object
+502  * @description
+503  * @example
+504  * // Extension  ::=  SEQUENCE  {
+505  * //     extnID      OBJECT IDENTIFIER,
+506  * //     critical    BOOLEAN DEFAULT FALSE,
+507  * //     extnValue   OCTET STRING  }
+508  */
+509 KJUR.asn1.x509.Extension = function(params) {
+510     KJUR.asn1.x509.Extension.superclass.constructor.call(this);
+511     var asn1ExtnValue = null,
+512 	_KJUR = KJUR,
+513 	_KJUR_asn1 = _KJUR.asn1,
+514 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
+515 	_DEROctetString = _KJUR_asn1.DEROctetString,
+516 	_DERBitString = _KJUR_asn1.DERBitString,
+517 	_DERBoolean = _KJUR_asn1.DERBoolean,
+518 	_DERSequence = _KJUR_asn1.DERSequence;
+519 
+520     this.getEncodedHex = function() {
+521         var asn1Oid = new _DERObjectIdentifier({'oid': this.oid});
+522         var asn1EncapExtnValue =
+523             new _DEROctetString({'hex': this.getExtnValueHex()});
+524 
+525         var asn1Array = new Array();
+526         asn1Array.push(asn1Oid);
+527         if (this.critical) asn1Array.push(new _DERBoolean());
+528         asn1Array.push(asn1EncapExtnValue);
+529 
+530         var asn1Seq = new _DERSequence({'array': asn1Array});
+531         return asn1Seq.getEncodedHex();
+532     };
+533 
+534     this.critical = false;
+535     if (typeof params != "undefined") {
+536         if (typeof params['critical'] != "undefined") {
+537             this.critical = params['critical'];
+538         }
+539     }
+540 };
+541 YAHOO.lang.extend(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object);
+542 
+543 /**
+544  * append X.509v3 extension to any specified array<br/>
+545  * @name appendByNameToArray
+546  * @memberOf KJUR.asn1.x509.Extension
+547  * @function
+548  * @param {String} name X.509v3 extension name
+549  * @param {Object} extParams associative array of extension parameters
+550  * @param {Array} a array to add specified extension
+551  * @see KJUR.asn1.x509.Extension
+552  * @since jsrsasign 6.2.3 asn1x509 1.0.19
+553  * @description
+554  * This static function add a X.509v3 extension specified by name and extParams to
+555  * array 'a' so that 'a' will be an array of X.509v3 extension objects.
+556  * @example
+557  * var a = new Array();
+558  * KJUR.asn1.x509.Extension.appendByNameToArray("BasicConstraints", {'cA':true, 'critical': true}, a);
+559  * KJUR.asn1.x509.Extension.appendByNameToArray("KeyUsage", {'bin':'11'}, a);
+560  */
+561 KJUR.asn1.x509.Extension.appendByNameToArray = function(name, extParams, a) {
+562     var _lowname = name.toLowerCase(),
+563 	_KJUR_asn1_x509 = KJUR.asn1.x509;
+564     
+565     if (_lowname == "basicconstraints") {
+566         var extObj = new _KJUR_asn1_x509.BasicConstraints(extParams);
+567         a.push(extObj);
+568     } else if (_lowname == "keyusage") {
+569         var extObj = new _KJUR_asn1_x509.KeyUsage(extParams);
+570         a.push(extObj);
+571     } else if (_lowname == "crldistributionpoints") {
+572         var extObj = new _KJUR_asn1_x509.CRLDistributionPoints(extParams);
+573         a.push(extObj);
+574     } else if (_lowname == "extkeyusage") {
+575         var extObj = new _KJUR_asn1_x509.ExtKeyUsage(extParams);
+576         a.push(extObj);
+577     } else if (_lowname == "authoritykeyidentifier") {
+578         var extObj = new _KJUR_asn1_x509.AuthorityKeyIdentifier(extParams);
+579         a.push(extObj);
+580     } else if (_lowname == "authorityinfoaccess") {
+581         var extObj = new _KJUR_asn1_x509.AuthorityInfoAccess(extParams);
+582         a.push(extObj);
+583     } else if (_lowname == "subjectaltname") {
+584         var extObj = new _KJUR_asn1_x509.SubjectAltName(extParams);
+585         a.push(extObj);
+586     } else if (_lowname == "issueraltname") {
+587         var extObj = new _KJUR_asn1_x509.IssuerAltName(extParams);
+588         a.push(extObj);
+589     } else {
+590         throw "unsupported extension name: " + name;
 591     }
 592 };
-593 YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage, KJUR.asn1.x509.Extension);
-594 
-595 /**
-596  * BasicConstraints ASN.1 structure class
-597  * @name KJUR.asn1.x509.BasicConstraints
-598  * @class BasicConstraints ASN.1 structure class
-599  * @param {Array} params associative array of parameters (ex. {'cA': true, 'critical': true})
-600  * @extends KJUR.asn1.x509.Extension
-601  * @description
-602  * @example
-603  */
-604 KJUR.asn1.x509.BasicConstraints = function(params) {
-605     KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this, params);
-606     var cA = false;
-607     var pathLen = -1;
-608 
-609     this.getExtnValueHex = function() {
-610         var asn1Array = new Array();
-611         if (this.cA) asn1Array.push(new KJUR.asn1.DERBoolean());
-612         if (this.pathLen > -1)
-613             asn1Array.push(new KJUR.asn1.DERInteger({'int': this.pathLen}));
-614         var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array});
-615         this.asn1ExtnValue = asn1Seq;
-616         return this.asn1ExtnValue.getEncodedHex();
-617     };
+593 
+594 /**
+595  * KeyUsage ASN.1 structure class
+596  * @name KJUR.asn1.x509.KeyUsage
+597  * @class KeyUsage ASN.1 structure class
+598  * @param {Array} params associative array of parameters (ex. {'bin': '11', 'critical': true})
+599  * @extends KJUR.asn1.x509.Extension
+600  * @description
+601  * @example
+602  */
+603 KJUR.asn1.x509.KeyUsage = function(params) {
+604     KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this, params);
+605 
+606     this.getExtnValueHex = function() {
+607         return this.asn1ExtnValue.getEncodedHex();
+608     };
+609 
+610     this.oid = "2.5.29.15";
+611     if (typeof params != "undefined") {
+612         if (typeof params['bin'] != "undefined") {
+613             this.asn1ExtnValue = new KJUR.asn1.DERBitString(params);
+614         }
+615     }
+616 };
+617 YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage, KJUR.asn1.x509.Extension);
 618 
-619     this.oid = "2.5.29.19";
-620     this.cA = false;
-621     this.pathLen = -1;
-622     if (typeof params != "undefined") {
-623         if (typeof params['cA'] != "undefined") {
-624             this.cA = params['cA'];
-625         }
-626         if (typeof params['pathLen'] != "undefined") {
-627             this.pathLen = params['pathLen'];
-628         }
-629     }
-630 };
-631 YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension);
+619 /**
+620  * BasicConstraints ASN.1 structure class
+621  * @name KJUR.asn1.x509.BasicConstraints
+622  * @class BasicConstraints ASN.1 structure class
+623  * @param {Array} params associative array of parameters (ex. {'cA': true, 'critical': true})
+624  * @extends KJUR.asn1.x509.Extension
+625  * @description
+626  * @example
+627  */
+628 KJUR.asn1.x509.BasicConstraints = function(params) {
+629     KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this, params);
+630     var cA = false;
+631     var pathLen = -1;
 632 
-633 /**
-634  * CRLDistributionPoints ASN.1 structure class
-635  * @name KJUR.asn1.x509.CRLDistributionPoints
-636  * @class CRLDistributionPoints ASN.1 structure class
-637  * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
-638  * @extends KJUR.asn1.x509.Extension
-639  * @description
-640  * <pre>
-641  * id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-ce 31 }
-642  *
-643  * CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
-644  *
-645  * DistributionPoint ::= SEQUENCE {
-646  *      distributionPoint       [0]     DistributionPointName OPTIONAL,
-647  *      reasons                 [1]     ReasonFlags OPTIONAL,
-648  *      cRLIssuer               [2]     GeneralNames OPTIONAL }
-649  *
-650  * DistributionPointName ::= CHOICE {
-651  *      fullName                [0]     GeneralNames,
-652  *      nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
-653  * 
-654  * ReasonFlags ::= BIT STRING {
-655  *      unused                  (0),
-656  *      keyCompromise           (1),
-657  *      cACompromise            (2),
-658  *      affiliationChanged      (3),
-659  *      superseded              (4),
-660  *      cessationOfOperation    (5),
-661  *      certificateHold         (6),
-662  *      privilegeWithdrawn      (7),
-663  *      aACompromise            (8) }
-664  * </pre>
-665  * @example
-666  */
-667 KJUR.asn1.x509.CRLDistributionPoints = function(params) {
-668     KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params);
-669 
-670     this.getExtnValueHex = function() {
-671         return this.asn1ExtnValue.getEncodedHex();
-672     };
-673 
-674     this.setByDPArray = function(dpArray) {
-675         this.asn1ExtnValue = new KJUR.asn1.DERSequence({'array': dpArray});
-676     };
-677 
-678     this.setByOneURI = function(uri) {
-679         var gn1 = new KJUR.asn1.x509.GeneralNames([{'uri': uri}]);
-680         var dpn1 = new KJUR.asn1.x509.DistributionPointName(gn1);
-681         var dp1 = new KJUR.asn1.x509.DistributionPoint({'dpobj': dpn1});
-682         this.setByDPArray([dp1]);
-683     };
-684 
-685     this.oid = "2.5.29.31";
-686     if (typeof params != "undefined") {
-687         if (typeof params['array'] != "undefined") {
-688             this.setByDPArray(params['array']);
-689         } else if (typeof params['uri'] != "undefined") {
-690             this.setByOneURI(params['uri']);
-691         }
-692     }
-693 };
-694 YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension);
-695 
-696 /**
-697  * KeyUsage ASN.1 structure class
-698  * @name KJUR.asn1.x509.ExtKeyUsage
-699  * @class ExtKeyUsage ASN.1 structure class
-700  * @param {Array} params associative array of parameters
-701  * @extends KJUR.asn1.x509.Extension
-702  * @description
-703  * @example
-704  * e1 = new KJUR.asn1.x509.ExtKeyUsage({
-705  *   critical: true,
-706  *   array: [
-707  *     {oid: '2.5.29.37.0'},  // anyExtendedKeyUsage
-708  *     {name: 'clientAuth'}
-709  *   ]
-710  * });
-711  * // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
-712  * // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
-713  * // KeyPurposeId ::= OBJECT IDENTIFIER
-714  */
-715 KJUR.asn1.x509.ExtKeyUsage = function(params) {
-716     KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params);
-717 
-718     this.setPurposeArray = function(purposeArray) {
-719         this.asn1ExtnValue = new KJUR.asn1.DERSequence();
-720         for (var i = 0; i < purposeArray.length; i++) {
-721             var o = new KJUR.asn1.DERObjectIdentifier(purposeArray[i]);
-722             this.asn1ExtnValue.appendASN1Object(o);
-723         }
-724     };
-725 
-726     this.getExtnValueHex = function() {
-727         return this.asn1ExtnValue.getEncodedHex();
-728     };
-729 
-730     this.oid = "2.5.29.37";
-731     if (typeof params != "undefined") {
-732         if (typeof params['array'] != "undefined") {
-733             this.setPurposeArray(params['array']);
-734         }
-735     }
-736 };
-737 YAHOO.lang.extend(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension);
-738 
-739 /**
-740  * AuthorityKeyIdentifier ASN.1 structure class
-741  * @name KJUR.asn1.x509.AuthorityKeyIdentifier
-742  * @class AuthorityKeyIdentifier ASN.1 structure class
-743  * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
-744  * @extends KJUR.asn1.x509.Extension
-745  * @since asn1x509 1.0.8
-746  * @description
-747  * <pre>
-748  * d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
-749  * AuthorityKeyIdentifier ::= SEQUENCE {
-750  *    keyIdentifier             [0] KeyIdentifier           OPTIONAL,
-751  *    authorityCertIssuer       [1] GeneralNames            OPTIONAL,
-752  *    authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }
-753  * KeyIdentifier ::= OCTET STRING
-754  * </pre>
-755  * @example
-756  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({
-757  *   critical: true,
-758  *   kid:    {hex: '89ab'},
-759  *   issuer: {str: '/C=US/CN=a'},
-760  *   sn:     {hex: '1234'}
-761  * });
-762  */
-763 KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) {
-764     KJUR.asn1.x509.AuthorityKeyIdentifier.superclass.constructor.call(this, params);
-765     this.asn1KID = null;
-766     this.asn1CertIssuer = null;
-767     this.asn1CertSN = null;
-768 
-769     this.getExtnValueHex = function() {
-770         var a = new Array();
-771         if (this.asn1KID)
-772             a.push(new KJUR.asn1.DERTaggedObject({'explicit': false,
-773                                                   'tag': '80',
-774                                                   'obj': this.asn1KID}));
-775         if (this.asn1CertIssuer)
-776             a.push(new KJUR.asn1.DERTaggedObject({'explicit': false,
-777                                                   'tag': 'a1',
-778                                                   'obj': this.asn1CertIssuer}));
-779         if (this.asn1CertSN)
-780             a.push(new KJUR.asn1.DERTaggedObject({'explicit': false,
-781                                                   'tag': '82',
-782                                                   'obj': this.asn1CertSN}));
-783 
-784         var asn1Seq = new KJUR.asn1.DERSequence({'array': a});
-785         this.asn1ExtnValue = asn1Seq;
-786         return this.asn1ExtnValue.getEncodedHex();
-787     };
-788 
-789     /**
-790      * set keyIdentifier value by DERInteger parameter
-791      * @name setKIDByParam
-792      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier#
-793      * @function
-794      * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter
-795      * @since asn1x509 1.0.8
-796      * @description
-797      * NOTE: Automatic keyIdentifier value calculation by an issuer
-798      * public key will be supported in future version.
-799      */
-800     this.setKIDByParam = function(param) {
-801         this.asn1KID = new KJUR.asn1.DEROctetString(param);
-802     };
-803 
-804     /**
-805      * set authorityCertIssuer value by X500Name parameter
-806      * @name setCertIssuerByParam
-807      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier#
-808      * @function
-809      * @param {Array} param array of {@link KJUR.asn1.x509.X500Name} parameter
-810      * @since asn1x509 1.0.8
-811      * @description
-812      * NOTE: Automatic authorityCertIssuer name setting by an issuer
-813      * certificate will be supported in future version.
-814      */
-815     this.setCertIssuerByParam = function(param) {
-816         this.asn1CertIssuer = new KJUR.asn1.x509.X500Name(param);
-817     };
-818 
-819     /**
-820      * set authorityCertSerialNumber value by DERInteger parameter
-821      * @name setCertSerialNumberByParam
-822      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier#
-823      * @function
-824      * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter
-825      * @since asn1x509 1.0.8
-826      * @description
-827      * NOTE: Automatic authorityCertSerialNumber setting by an issuer
-828      * certificate will be supported in future version.
-829      */
-830     this.setCertSNByParam = function(param) {
-831         this.asn1CertSN = new KJUR.asn1.DERInteger(param);
-832     };
-833 
-834     this.oid = "2.5.29.35";
-835     if (typeof params != "undefined") {
-836         if (typeof params['kid'] != "undefined") {
-837             this.setKIDByParam(params['kid']);
-838         }
-839         if (typeof params['issuer'] != "undefined") {
-840             this.setCertIssuerByParam(params['issuer']);
-841         }
-842         if (typeof params['sn'] != "undefined") {
-843             this.setCertSNByParam(params['sn']);
-844         }
-845     }
-846 };
-847 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityKeyIdentifier, KJUR.asn1.x509.Extension);
-848 
-849 /**
-850  * AuthorityInfoAccess ASN.1 structure class
-851  * @name KJUR.asn1.x509.AuthorityInfoAccess
-852  * @class AuthorityInfoAccess ASN.1 structure class
-853  * @param {Array} params associative array of parameters
-854  * @extends KJUR.asn1.x509.Extension
-855  * @since asn1x509 1.0.8
-856  * @description
-857  * <pre>
-858  * id-pe OBJECT IDENTIFIER  ::=  { id-pkix 1 }
-859  * id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
-860  * AuthorityInfoAccessSyntax  ::=
-861  *         SEQUENCE SIZE (1..MAX) OF AccessDescription
-862  * AccessDescription  ::=  SEQUENCE {
-863  *         accessMethod          OBJECT IDENTIFIER,
-864  *         accessLocation        GeneralName  }
-865  * id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
-866  * id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
-867  * id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
-868  * </pre>
-869  * @example
-870  * e1 = new KJUR.asn1.x509.AuthorityInfoAccess({
-871  *   array: [{
-872  *     accessMethod:{'oid': '1.3.6.1.5.5.7.48.1'},
-873  *     accessLocation:{'uri': 'http://ocsp.cacert.org'}
-874  *   }]
-875  * });
-876  */
-877 KJUR.asn1.x509.AuthorityInfoAccess = function(params) {
-878     KJUR.asn1.x509.AuthorityInfoAccess.superclass.constructor.call(this, params);
-879 
-880     this.setAccessDescriptionArray = function(accessDescriptionArray) {
-881         var array = new Array();
-882         for (var i = 0; i < accessDescriptionArray.length; i++) {
-883             var o = new KJUR.asn1.DERObjectIdentifier(accessDescriptionArray[i].accessMethod);
-884             var gn = new KJUR.asn1.x509.GeneralName(accessDescriptionArray[i].accessLocation);
-885             var accessDescription = new KJUR.asn1.DERSequence({'array':[o, gn]});
-886             array.push(accessDescription);
-887         }
-888         this.asn1ExtnValue = new KJUR.asn1.DERSequence({'array':array});
-889     };
-890 
-891     this.getExtnValueHex = function() {
-892         return this.asn1ExtnValue.getEncodedHex();
-893     };
-894 
-895     this.oid = "1.3.6.1.5.5.7.1.1";
-896     if (typeof params != "undefined") {
-897         if (typeof params['array'] != "undefined") {
-898             this.setAccessDescriptionArray(params['array']);
-899         }
-900     }
-901 };
-902 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityInfoAccess, KJUR.asn1.x509.Extension);
-903 
-904 /**
-905  * SubjectAltName ASN.1 structure class<br/>
-906  * @name KJUR.asn1.x509.SubjectAltName
-907  * @class SubjectAltName ASN.1 structure class
-908  * @param {Array} params associative array of parameters
-909  * @extends KJUR.asn1.x509.Extension
-910  * @since jsrsasign 6.2.3 asn1x509 1.0.19
-911  * @see KJUR.asn1.x509.GeneralNames
-912  * @see KJUR.asn1.x509.GeneralName
-913  * @description
-914  * This class provides X.509v3 SubjectAltName extension.
-915  * <pre>
-916  * id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 }
-917  * SubjectAltName ::= GeneralNames
-918  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-919  * GeneralName ::= CHOICE {
-920  *   otherName                  [0] OtherName,
-921  *   rfc822Name                 [1] IA5String,
-922  *   dNSName                    [2] IA5String,
-923  *   x400Address                [3] ORAddress,
-924  *   directoryName              [4] Name,
-925  *   ediPartyName               [5] EDIPartyName,
-926  *   uniformResourceIdentifier  [6] IA5String,
-927  *   iPAddress                  [7] OCTET STRING,
-928  *   registeredID               [8] OBJECT IDENTIFIER }
-929  * </pre>
-930  * @example
-931  * e1 = new KJUR.asn1.x509.SubjectAltName({
-932  *   critical: true,
-933  *   array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]
-934  * });
-935  */
-936 KJUR.asn1.x509.SubjectAltName = function(params) {
-937     KJUR.asn1.x509.SubjectAltName.superclass.constructor.call(this, params)
-938 
-939     this.setNameArray = function(paramsArray) {
-940 	this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray);
-941     };
-942 
-943     this.getExtnValueHex = function() {
-944         return this.asn1ExtnValue.getEncodedHex();
-945     };
-946 
-947     this.oid = "2.5.29.17";
-948     if (params !== undefined) {
-949         if (params.array !== undefined) {
-950             this.setNameArray(params.array);
-951         }
-952     }
-953 };
-954 YAHOO.lang.extend(KJUR.asn1.x509.SubjectAltName, KJUR.asn1.x509.Extension);
-955 
-956 /**
-957  * IssuerAltName ASN.1 structure class<br/>
-958  * @name KJUR.asn1.x509.IssuerAltName
-959  * @class IssuerAltName ASN.1 structure class
-960  * @param {Array} params associative array of parameters
-961  * @extends KJUR.asn1.x509.Extension
-962  * @since jsrsasign 6.2.3 asn1x509 1.0.19
-963  * @see KJUR.asn1.x509.GeneralNames
-964  * @see KJUR.asn1.x509.GeneralName
-965  * @description
-966  * This class provides X.509v3 IssuerAltName extension.
-967  * <pre>
-968  * id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 18 }
-969  * IssuerAltName ::= GeneralNames
-970  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-971  * GeneralName ::= CHOICE {
-972  *   otherName                  [0] OtherName,
-973  *   rfc822Name                 [1] IA5String,
-974  *   dNSName                    [2] IA5String,
-975  *   x400Address                [3] ORAddress,
-976  *   directoryName              [4] Name,
-977  *   ediPartyName               [5] EDIPartyName,
-978  *   uniformResourceIdentifier  [6] IA5String,
-979  *   iPAddress                  [7] OCTET STRING,
-980  *   registeredID               [8] OBJECT IDENTIFIER }
-981  * </pre>
-982  * @example
-983  * e1 = new KJUR.asn1.x509.IssuerAltName({
-984  *   critical: true,
-985  *   array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]
-986  * });
-987  */
-988 KJUR.asn1.x509.IssuerAltName = function(params) {
-989     KJUR.asn1.x509.IssuerAltName.superclass.constructor.call(this, params)
-990 
-991     this.setNameArray = function(paramsArray) {
-992 	this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray);
-993     };
-994 
-995     this.getExtnValueHex = function() {
-996         return this.asn1ExtnValue.getEncodedHex();
-997     };
-998 
-999     this.oid = "2.5.29.18";
-1000     if (params !== undefined) {
-1001         if (params.array !== undefined) {
-1002             this.setNameArray(params.array);
-1003         }
-1004     }
-1005 };
-1006 YAHOO.lang.extend(KJUR.asn1.x509.IssuerAltName, KJUR.asn1.x509.Extension);
-1007 
-1008 // === END   X.509v3 Extensions Related =======================================
-1009 
-1010 // === BEGIN CRL Related ===================================================
-1011 /**
-1012  * X.509 CRL class to sign and generate hex encoded CRL
-1013  * @name KJUR.asn1.x509.CRL
-1014  * @class X.509 CRL class to sign and generate hex encoded certificate
-1015  * @param {Array} params associative array of parameters (ex. {'tbsobj': obj, 'rsaprvkey': key})
-1016  * @extends KJUR.asn1.ASN1Object
-1017  * @since 1.0.3
-1018  * @description
-1019  * <br/>
-1020  * As for argument 'params' for constructor, you can specify one of
-1021  * following properties:
-1022  * <ul>
-1023  * <li>tbsobj - specify {@link KJUR.asn1.x509.TBSCertList} object to be signed</li>
-1024  * <li>rsaprvkey - specify {@link RSAKey} object CA private key</li>
-1025  * </ul>
-1026  * NOTE: 'params' can be omitted.
-1027  * <h4>EXAMPLE</h4>
-1028  * @example
-1029  * var prvKey = new RSAKey(); // CA's private key
-1030  * prvKey.readPrivateKeyFromASN1HexString("3080...");
-1031  * var crl = new KJUR.asn1x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
-1032  * crl.sign(); // issue CRL by CA's private key
-1033  * var hCRL = crl.getEncodedHex();
-1034  *
-1035  * // CertificateList  ::=  SEQUENCE  {
-1036  * //     tbsCertList          TBSCertList,
-1037  * //     signatureAlgorithm   AlgorithmIdentifier,
-1038  * //     signatureValue       BIT STRING  }
-1039  */
-1040 KJUR.asn1.x509.CRL = function(params) {
-1041     KJUR.asn1.x509.CRL.superclass.constructor.call(this);
-1042 
-1043     var asn1TBSCertList = null;
-1044     var asn1SignatureAlg = null;
-1045     var asn1Sig = null;
-1046     var hexSig = null;
-1047     var rsaPrvKey = null;
-1048 
-1049     /**
-1050      * set PKCS#5 encrypted RSA PEM private key as CA key
-1051      * @name setRsaPrvKeyByPEMandPass
-1052      * @memberOf KJUR.asn1.x509.CRL#
-1053      * @function
-1054      * @param {String} rsaPEM string of PKCS#5 encrypted RSA PEM private key
-1055      * @param {String} passPEM passcode string to decrypt private key
-1056      * @description
-1057      * <br/>
-1058      * <h4>EXAMPLES</h4>
-1059      * @example
-1060      */
-1061     this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) {
-1062         var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM);
-1063         var caKey = new RSAKey();
-1064         caKey.readPrivateKeyFromASN1HexString(caKeyHex);
-1065         this.rsaPrvKey = caKey;
-1066     };
-1067 
-1068     /**
-1069      * sign TBSCertList and set signature value internally
-1070      * @name sign
-1071      * @memberOf KJUR.asn1.x509.CRL#
-1072      * @function
-1073      * @description
-1074      * @example
-1075      * var cert = new KJUR.asn1.x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
-1076      * cert.sign();
-1077      */
-1078     this.sign = function() {
-1079         this.asn1SignatureAlg = this.asn1TBSCertList.asn1SignatureAlg;
-1080 
-1081         sig = new KJUR.crypto.Signature({'alg': 'SHA1withRSA', 'prov': 'cryptojs/jsrsa'});
-1082         sig.initSign(this.rsaPrvKey);
-1083         sig.updateHex(this.asn1TBSCertList.getEncodedHex());
-1084         this.hexSig = sig.sign();
+633     this.getExtnValueHex = function() {
+634         var asn1Array = new Array();
+635         if (this.cA) asn1Array.push(new KJUR.asn1.DERBoolean());
+636         if (this.pathLen > -1)
+637             asn1Array.push(new KJUR.asn1.DERInteger({'int': this.pathLen}));
+638         var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array});
+639         this.asn1ExtnValue = asn1Seq;
+640         return this.asn1ExtnValue.getEncodedHex();
+641     };
+642 
+643     this.oid = "2.5.29.19";
+644     this.cA = false;
+645     this.pathLen = -1;
+646     if (typeof params != "undefined") {
+647         if (typeof params['cA'] != "undefined") {
+648             this.cA = params['cA'];
+649         }
+650         if (typeof params['pathLen'] != "undefined") {
+651             this.pathLen = params['pathLen'];
+652         }
+653     }
+654 };
+655 YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension);
+656 
+657 /**
+658  * CRLDistributionPoints ASN.1 structure class
+659  * @name KJUR.asn1.x509.CRLDistributionPoints
+660  * @class CRLDistributionPoints ASN.1 structure class
+661  * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
+662  * @extends KJUR.asn1.x509.Extension
+663  * @description
+664  * <pre>
+665  * id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-ce 31 }
+666  *
+667  * CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
+668  *
+669  * DistributionPoint ::= SEQUENCE {
+670  *      distributionPoint       [0]     DistributionPointName OPTIONAL,
+671  *      reasons                 [1]     ReasonFlags OPTIONAL,
+672  *      cRLIssuer               [2]     GeneralNames OPTIONAL }
+673  *
+674  * DistributionPointName ::= CHOICE {
+675  *      fullName                [0]     GeneralNames,
+676  *      nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
+677  * 
+678  * ReasonFlags ::= BIT STRING {
+679  *      unused                  (0),
+680  *      keyCompromise           (1),
+681  *      cACompromise            (2),
+682  *      affiliationChanged      (3),
+683  *      superseded              (4),
+684  *      cessationOfOperation    (5),
+685  *      certificateHold         (6),
+686  *      privilegeWithdrawn      (7),
+687  *      aACompromise            (8) }
+688  * </pre>
+689  * @example
+690  */
+691 KJUR.asn1.x509.CRLDistributionPoints = function(params) {
+692     KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params);
+693     var _KJUR = KJUR,
+694 	_KJUR_asn1 = _KJUR.asn1,
+695 	_KJUR_asn1_x509 = _KJUR_asn1.x509;
+696 
+697     this.getExtnValueHex = function() {
+698         return this.asn1ExtnValue.getEncodedHex();
+699     };
+700 
+701     this.setByDPArray = function(dpArray) {
+702         this.asn1ExtnValue = new _KJUR_asn1.DERSequence({'array': dpArray});
+703     };
+704 
+705     this.setByOneURI = function(uri) {
+706         var gn1 = new _KJUR_asn1_x509.GeneralNames([{'uri': uri}]);
+707         var dpn1 = new _KJUR_asn1_x509.DistributionPointName(gn1);
+708         var dp1 = new _KJUR_asn1_x509.DistributionPoint({'dpobj': dpn1});
+709         this.setByDPArray([dp1]);
+710     };
+711 
+712     this.oid = "2.5.29.31";
+713     if (typeof params != "undefined") {
+714         if (typeof params['array'] != "undefined") {
+715             this.setByDPArray(params['array']);
+716         } else if (typeof params['uri'] != "undefined") {
+717             this.setByOneURI(params['uri']);
+718         }
+719     }
+720 };
+721 YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension);
+722 
+723 /**
+724  * KeyUsage ASN.1 structure class
+725  * @name KJUR.asn1.x509.ExtKeyUsage
+726  * @class ExtKeyUsage ASN.1 structure class
+727  * @param {Array} params associative array of parameters
+728  * @extends KJUR.asn1.x509.Extension
+729  * @description
+730  * @example
+731  * e1 = new KJUR.asn1.x509.ExtKeyUsage({
+732  *   critical: true,
+733  *   array: [
+734  *     {oid: '2.5.29.37.0'},  // anyExtendedKeyUsage
+735  *     {name: 'clientAuth'}
+736  *   ]
+737  * });
+738  * // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
+739  * // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+740  * // KeyPurposeId ::= OBJECT IDENTIFIER
+741  */
+742 KJUR.asn1.x509.ExtKeyUsage = function(params) {
+743     KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params);
+744     var _KJUR = KJUR,
+745 	_KJUR_asn1 = _KJUR.asn1;
+746 
+747     this.setPurposeArray = function(purposeArray) {
+748         this.asn1ExtnValue = new _KJUR_asn1.DERSequence();
+749         for (var i = 0; i < purposeArray.length; i++) {
+750             var o = new _KJUR_asn1.DERObjectIdentifier(purposeArray[i]);
+751             this.asn1ExtnValue.appendASN1Object(o);
+752         }
+753     };
+754 
+755     this.getExtnValueHex = function() {
+756         return this.asn1ExtnValue.getEncodedHex();
+757     };
+758 
+759     this.oid = "2.5.29.37";
+760     if (typeof params != "undefined") {
+761         if (typeof params['array'] != "undefined") {
+762             this.setPurposeArray(params['array']);
+763         }
+764     }
+765 };
+766 YAHOO.lang.extend(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension);
+767 
+768 /**
+769  * AuthorityKeyIdentifier ASN.1 structure class
+770  * @name KJUR.asn1.x509.AuthorityKeyIdentifier
+771  * @class AuthorityKeyIdentifier ASN.1 structure class
+772  * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
+773  * @extends KJUR.asn1.x509.Extension
+774  * @since asn1x509 1.0.8
+775  * @description
+776  * <pre>
+777  * d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
+778  * AuthorityKeyIdentifier ::= SEQUENCE {
+779  *    keyIdentifier             [0] KeyIdentifier           OPTIONAL,
+780  *    authorityCertIssuer       [1] GeneralNames            OPTIONAL,
+781  *    authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }
+782  * KeyIdentifier ::= OCTET STRING
+783  * </pre>
+784  * @example
+785  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({
+786  *   critical: true,
+787  *   kid:    {hex: '89ab'},
+788  *   issuer: {str: '/C=US/CN=a'},
+789  *   sn:     {hex: '1234'}
+790  * });
+791  */
+792 KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) {
+793     KJUR.asn1.x509.AuthorityKeyIdentifier.superclass.constructor.call(this, params);
+794     var _KJUR = KJUR,
+795 	_KJUR_asn1 = _KJUR.asn1,
+796 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject;
+797 
+798     this.asn1KID = null;
+799     this.asn1CertIssuer = null;
+800     this.asn1CertSN = null;
+801 
+802     this.getExtnValueHex = function() {
+803         var a = new Array();
+804         if (this.asn1KID)
+805             a.push(new _DERTaggedObject({'explicit': false,
+806                                          'tag': '80',
+807                                          'obj': this.asn1KID}));
+808         if (this.asn1CertIssuer)
+809             a.push(new _DERTaggedObject({'explicit': false,
+810                                          'tag': 'a1',
+811                                          'obj': this.asn1CertIssuer}));
+812         if (this.asn1CertSN)
+813             a.push(new _DERTaggedObject({'explicit': false,
+814                                          'tag': '82',
+815                                          'obj': this.asn1CertSN}));
+816 
+817         var asn1Seq = new _KJUR_asn1.DERSequence({'array': a});
+818         this.asn1ExtnValue = asn1Seq;
+819         return this.asn1ExtnValue.getEncodedHex();
+820     };
+821 
+822     /**
+823      * set keyIdentifier value by DERInteger parameter
+824      * @name setKIDByParam
+825      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier#
+826      * @function
+827      * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter
+828      * @since asn1x509 1.0.8
+829      * @description
+830      * NOTE: Automatic keyIdentifier value calculation by an issuer
+831      * public key will be supported in future version.
+832      */
+833     this.setKIDByParam = function(param) {
+834         this.asn1KID = new KJUR.asn1.DEROctetString(param);
+835     };
+836 
+837     /**
+838      * set authorityCertIssuer value by X500Name parameter
+839      * @name setCertIssuerByParam
+840      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier#
+841      * @function
+842      * @param {Array} param array of {@link KJUR.asn1.x509.X500Name} parameter
+843      * @since asn1x509 1.0.8
+844      * @description
+845      * NOTE: Automatic authorityCertIssuer name setting by an issuer
+846      * certificate will be supported in future version.
+847      */
+848     this.setCertIssuerByParam = function(param) {
+849         this.asn1CertIssuer = new KJUR.asn1.x509.X500Name(param);
+850     };
+851 
+852     /**
+853      * set authorityCertSerialNumber value by DERInteger parameter
+854      * @name setCertSerialNumberByParam
+855      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier#
+856      * @function
+857      * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter
+858      * @since asn1x509 1.0.8
+859      * @description
+860      * NOTE: Automatic authorityCertSerialNumber setting by an issuer
+861      * certificate will be supported in future version.
+862      */
+863     this.setCertSNByParam = function(param) {
+864         this.asn1CertSN = new KJUR.asn1.DERInteger(param);
+865     };
+866 
+867     this.oid = "2.5.29.35";
+868     if (typeof params != "undefined") {
+869         if (typeof params['kid'] != "undefined") {
+870             this.setKIDByParam(params['kid']);
+871         }
+872         if (typeof params['issuer'] != "undefined") {
+873             this.setCertIssuerByParam(params['issuer']);
+874         }
+875         if (typeof params['sn'] != "undefined") {
+876             this.setCertSNByParam(params['sn']);
+877         }
+878     }
+879 };
+880 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityKeyIdentifier, KJUR.asn1.x509.Extension);
+881 
+882 /**
+883  * AuthorityInfoAccess ASN.1 structure class
+884  * @name KJUR.asn1.x509.AuthorityInfoAccess
+885  * @class AuthorityInfoAccess ASN.1 structure class
+886  * @param {Array} params associative array of parameters
+887  * @extends KJUR.asn1.x509.Extension
+888  * @since asn1x509 1.0.8
+889  * @description
+890  * <pre>
+891  * id-pe OBJECT IDENTIFIER  ::=  { id-pkix 1 }
+892  * id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
+893  * AuthorityInfoAccessSyntax  ::=
+894  *         SEQUENCE SIZE (1..MAX) OF AccessDescription
+895  * AccessDescription  ::=  SEQUENCE {
+896  *         accessMethod          OBJECT IDENTIFIER,
+897  *         accessLocation        GeneralName  }
+898  * id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
+899  * id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
+900  * id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
+901  * </pre>
+902  * @example
+903  * e1 = new KJUR.asn1.x509.AuthorityInfoAccess({
+904  *   array: [{
+905  *     accessMethod:{'oid': '1.3.6.1.5.5.7.48.1'},
+906  *     accessLocation:{'uri': 'http://ocsp.cacert.org'}
+907  *   }]
+908  * });
+909  */
+910 KJUR.asn1.x509.AuthorityInfoAccess = function(params) {
+911     KJUR.asn1.x509.AuthorityInfoAccess.superclass.constructor.call(this, params);
+912 
+913     this.setAccessDescriptionArray = function(accessDescriptionArray) {
+914         var array = new Array(),
+915 	    _KJUR = KJUR,
+916 	    _KJUR_asn1 = _KJUR.asn1,
+917 	    _DERSequence = _KJUR_asn1.DERSequence;
+918 
+919         for (var i = 0; i < accessDescriptionArray.length; i++) {
+920             var o = new _KJUR_asn1.DERObjectIdentifier(accessDescriptionArray[i].accessMethod);
+921             var gn = new _KJUR_asn1.x509.GeneralName(accessDescriptionArray[i].accessLocation);
+922             var accessDescription = new _DERSequence({'array':[o, gn]});
+923             array.push(accessDescription);
+924         }
+925         this.asn1ExtnValue = new _DERSequence({'array':array});
+926     };
+927 
+928     this.getExtnValueHex = function() {
+929         return this.asn1ExtnValue.getEncodedHex();
+930     };
+931 
+932     this.oid = "1.3.6.1.5.5.7.1.1";
+933     if (typeof params != "undefined") {
+934         if (typeof params['array'] != "undefined") {
+935             this.setAccessDescriptionArray(params['array']);
+936         }
+937     }
+938 };
+939 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityInfoAccess, KJUR.asn1.x509.Extension);
+940 
+941 /**
+942  * SubjectAltName ASN.1 structure class<br/>
+943  * @name KJUR.asn1.x509.SubjectAltName
+944  * @class SubjectAltName ASN.1 structure class
+945  * @param {Array} params associative array of parameters
+946  * @extends KJUR.asn1.x509.Extension
+947  * @since jsrsasign 6.2.3 asn1x509 1.0.19
+948  * @see KJUR.asn1.x509.GeneralNames
+949  * @see KJUR.asn1.x509.GeneralName
+950  * @description
+951  * This class provides X.509v3 SubjectAltName extension.
+952  * <pre>
+953  * id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 }
+954  * SubjectAltName ::= GeneralNames
+955  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+956  * GeneralName ::= CHOICE {
+957  *   otherName                  [0] OtherName,
+958  *   rfc822Name                 [1] IA5String,
+959  *   dNSName                    [2] IA5String,
+960  *   x400Address                [3] ORAddress,
+961  *   directoryName              [4] Name,
+962  *   ediPartyName               [5] EDIPartyName,
+963  *   uniformResourceIdentifier  [6] IA5String,
+964  *   iPAddress                  [7] OCTET STRING,
+965  *   registeredID               [8] OBJECT IDENTIFIER }
+966  * </pre>
+967  * @example
+968  * e1 = new KJUR.asn1.x509.SubjectAltName({
+969  *   critical: true,
+970  *   array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]
+971  * });
+972  */
+973 KJUR.asn1.x509.SubjectAltName = function(params) {
+974     KJUR.asn1.x509.SubjectAltName.superclass.constructor.call(this, params)
+975 
+976     this.setNameArray = function(paramsArray) {
+977 	this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray);
+978     };
+979 
+980     this.getExtnValueHex = function() {
+981         return this.asn1ExtnValue.getEncodedHex();
+982     };
+983 
+984     this.oid = "2.5.29.17";
+985     if (params !== undefined) {
+986         if (params.array !== undefined) {
+987             this.setNameArray(params.array);
+988         }
+989     }
+990 };
+991 YAHOO.lang.extend(KJUR.asn1.x509.SubjectAltName, KJUR.asn1.x509.Extension);
+992 
+993 /**
+994  * IssuerAltName ASN.1 structure class<br/>
+995  * @name KJUR.asn1.x509.IssuerAltName
+996  * @class IssuerAltName ASN.1 structure class
+997  * @param {Array} params associative array of parameters
+998  * @extends KJUR.asn1.x509.Extension
+999  * @since jsrsasign 6.2.3 asn1x509 1.0.19
+1000  * @see KJUR.asn1.x509.GeneralNames
+1001  * @see KJUR.asn1.x509.GeneralName
+1002  * @description
+1003  * This class provides X.509v3 IssuerAltName extension.
+1004  * <pre>
+1005  * id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 18 }
+1006  * IssuerAltName ::= GeneralNames
+1007  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+1008  * GeneralName ::= CHOICE {
+1009  *   otherName                  [0] OtherName,
+1010  *   rfc822Name                 [1] IA5String,
+1011  *   dNSName                    [2] IA5String,
+1012  *   x400Address                [3] ORAddress,
+1013  *   directoryName              [4] Name,
+1014  *   ediPartyName               [5] EDIPartyName,
+1015  *   uniformResourceIdentifier  [6] IA5String,
+1016  *   iPAddress                  [7] OCTET STRING,
+1017  *   registeredID               [8] OBJECT IDENTIFIER }
+1018  * </pre>
+1019  * @example
+1020  * e1 = new KJUR.asn1.x509.IssuerAltName({
+1021  *   critical: true,
+1022  *   array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]
+1023  * });
+1024  */
+1025 KJUR.asn1.x509.IssuerAltName = function(params) {
+1026     KJUR.asn1.x509.IssuerAltName.superclass.constructor.call(this, params)
+1027 
+1028     this.setNameArray = function(paramsArray) {
+1029 	this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray);
+1030     };
+1031 
+1032     this.getExtnValueHex = function() {
+1033         return this.asn1ExtnValue.getEncodedHex();
+1034     };
+1035 
+1036     this.oid = "2.5.29.18";
+1037     if (params !== undefined) {
+1038         if (params.array !== undefined) {
+1039             this.setNameArray(params.array);
+1040         }
+1041     }
+1042 };
+1043 YAHOO.lang.extend(KJUR.asn1.x509.IssuerAltName, KJUR.asn1.x509.Extension);
+1044 
+1045 // === END   X.509v3 Extensions Related =======================================
+1046 
+1047 // === BEGIN CRL Related ===================================================
+1048 /**
+1049  * X.509 CRL class to sign and generate hex encoded CRL
+1050  * @name KJUR.asn1.x509.CRL
+1051  * @class X.509 CRL class to sign and generate hex encoded certificate
+1052  * @param {Array} params associative array of parameters (ex. {'tbsobj': obj, 'rsaprvkey': key})
+1053  * @extends KJUR.asn1.ASN1Object
+1054  * @since 1.0.3
+1055  * @description
+1056  * <br/>
+1057  * As for argument 'params' for constructor, you can specify one of
+1058  * following properties:
+1059  * <ul>
+1060  * <li>tbsobj - specify {@link KJUR.asn1.x509.TBSCertList} object to be signed</li>
+1061  * <li>rsaprvkey - specify {@link RSAKey} object CA private key</li>
+1062  * </ul>
+1063  * NOTE: 'params' can be omitted.
+1064  * <h4>EXAMPLE</h4>
+1065  * @example
+1066  * var prvKey = new RSAKey(); // CA's private key
+1067  * prvKey.readPrivateKeyFromASN1HexString("3080...");
+1068  * var crl = new KJUR.asn1x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
+1069  * crl.sign(); // issue CRL by CA's private key
+1070  * var hCRL = crl.getEncodedHex();
+1071  *
+1072  * // CertificateList  ::=  SEQUENCE  {
+1073  * //     tbsCertList          TBSCertList,
+1074  * //     signatureAlgorithm   AlgorithmIdentifier,
+1075  * //     signatureValue       BIT STRING  }
+1076  */
+1077 KJUR.asn1.x509.CRL = function(params) {
+1078     KJUR.asn1.x509.CRL.superclass.constructor.call(this);
+1079 
+1080     var asn1TBSCertList = null,
+1081 	asn1SignatureAlg = null,
+1082 	asn1Sig = null,
+1083 	hexSig = null,
+1084 	rsaPrvKey = null;
 1085 
-1086         this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
-1087 
-1088         var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCertList,
-1089                                                        this.asn1SignatureAlg,
-1090                                                        this.asn1Sig]});
-1091         this.hTLV = seq.getEncodedHex();
-1092         this.isModified = false;
-1093     };
-1094 
-1095     this.getEncodedHex = function() {
-1096         if (this.isModified == false && this.hTLV != null) return this.hTLV;
-1097         throw "not signed yet";
-1098     };
-1099 
-1100     /**
-1101      * get PEM formatted CRL string after signed
-1102      * @name getPEMString
-1103      * @memberOf KJUR.asn1.x509.CRL#
-1104      * @function
-1105      * @return PEM formatted string of certificate
-1106      * @description
-1107      * @example
-1108      * var cert = new KJUR.asn1.x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
-1109      * cert.sign();
-1110      * var sPEM =  cert.getPEMString();
-1111      */
-1112     this.getPEMString = function() {
-1113         var hCert = this.getEncodedHex();
-1114         var wCert = CryptoJS.enc.Hex.parse(hCert);
-1115         var b64Cert = CryptoJS.enc.Base64.stringify(wCert);
-1116         var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n");
-1117         return "-----BEGIN X509 CRL-----\r\n" + pemBody + "\r\n-----END X509 CRL-----\r\n";
-1118     };
-1119 
-1120     if (typeof params != "undefined") {
-1121         if (typeof params['tbsobj'] != "undefined") {
-1122             this.asn1TBSCertList = params['tbsobj'];
-1123         }
-1124         if (typeof params['rsaprvkey'] != "undefined") {
-1125             this.rsaPrvKey = params['rsaprvkey'];
-1126         }
-1127         if ((typeof params['rsaprvpem'] != "undefined") &&
-1128             (typeof params['rsaprvpas'] != "undefined")) {
-1129             this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']);
-1130         }
-1131     }
-1132 };
-1133 YAHOO.lang.extend(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object);
-1134 
-1135 /**
-1136  * ASN.1 TBSCertList structure class for CRL
-1137  * @name KJUR.asn1.x509.TBSCertList
-1138  * @class ASN.1 TBSCertList structure class for CRL
-1139  * @param {Array} params associative array of parameters (ex. {})
-1140  * @extends KJUR.asn1.ASN1Object
-1141  * @since 1.0.3
-1142  * @description
-1143  * <br/>
-1144  * <h4>EXAMPLE</h4>
-1145  * @example
-1146  *  var o = new KJUR.asn1.x509.TBSCertList();
-1147  *  o.setSignatureAlgByParam({'name': 'SHA1withRSA'});
-1148  *  o.setIssuerByParam({'str': '/C=US/O=a'});
-1149  *  o.setNotThisUpdateByParam({'str': '130504235959Z'});
-1150  *  o.setNotNextUpdateByParam({'str': '140504235959Z'});
-1151  *  o.addRevokedCert({'int': 4}, {'str':'130514235959Z'}));
-1152  *  o.addRevokedCert({'hex': '0f34dd'}, {'str':'130514235959Z'}));
-1153  *
-1154  * // TBSCertList  ::=  SEQUENCE  {
-1155  * //        version                 Version OPTIONAL,
-1156  * //                                     -- if present, MUST be v2
-1157  * //        signature               AlgorithmIdentifier,
-1158  * //        issuer                  Name,
-1159  * //        thisUpdate              Time,
-1160  * //        nextUpdate              Time OPTIONAL,
-1161  * //        revokedCertificates     SEQUENCE OF SEQUENCE  {
-1162  * //             userCertificate         CertificateSerialNumber,
-1163  * //             revocationDate          Time,
-1164  * //             crlEntryExtensions      Extensions OPTIONAL
-1165  * //                                      -- if present, version MUST be v2
-1166  * //                                  }  OPTIONAL,
-1167  * //        crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
-1168  */
-1169 KJUR.asn1.x509.TBSCertList = function(params) {
-1170     KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this);
-1171     var aRevokedCert = null;
-1172 
-1173     /**
-1174      * set signature algorithm field by parameter
-1175      * @name setSignatureAlgByParam
-1176      * @memberOf KJUR.asn1.x509.TBSCertList#
-1177      * @function
-1178      * @param {Array} algIdParam AlgorithmIdentifier parameter
-1179      * @description
-1180      * @example
-1181      * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
-1182      */
-1183     this.setSignatureAlgByParam = function(algIdParam) {
-1184         this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam);
-1185     };
-1186 
-1187     /**
-1188      * set issuer name field by parameter
-1189      * @name setIssuerByParam
-1190      * @memberOf KJUR.asn1.x509.TBSCertList#
-1191      * @function
-1192      * @param {Array} x500NameParam X500Name parameter
-1193      * @description
-1194      * @example
-1195      * tbsc.setIssuerParam({'str': '/C=US/CN=b'});
-1196      * @see KJUR.asn1.x509.X500Name
-1197      */
-1198     this.setIssuerByParam = function(x500NameParam) {
-1199         this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam);
-1200     };
-1201 
-1202     /**
-1203      * set thisUpdate field by parameter
-1204      * @name setThisUpdateByParam
-1205      * @memberOf KJUR.asn1.x509.TBSCertList#
-1206      * @function
-1207      * @param {Array} timeParam Time parameter
-1208      * @description
-1209      * @example
-1210      * tbsc.setThisUpdateByParam({'str': '130508235959Z'});
-1211      * @see KJUR.asn1.x509.Time
-1212      */
-1213     this.setThisUpdateByParam = function(timeParam) {
-1214         this.asn1ThisUpdate = new KJUR.asn1.x509.Time(timeParam);
-1215     };
-1216 
-1217     /**
-1218      * set nextUpdate field by parameter
-1219      * @name setNextUpdateByParam
-1220      * @memberOf KJUR.asn1.x509.TBSCertList#
-1221      * @function
-1222      * @param {Array} timeParam Time parameter
-1223      * @description
-1224      * @example
-1225      * tbsc.setNextUpdateByParam({'str': '130508235959Z'});
-1226      * @see KJUR.asn1.x509.Time
-1227      */
-1228     this.setNextUpdateByParam = function(timeParam) {
-1229         this.asn1NextUpdate = new KJUR.asn1.x509.Time(timeParam);
-1230     };
-1231 
-1232     /**
-1233      * add revoked certificate by parameter
-1234      * @name addRevokedCert
-1235      * @memberOf KJUR.asn1.x509.TBSCertList#
-1236      * @function
-1237      * @param {Array} snParam DERInteger parameter for certificate serial number
-1238      * @param {Array} timeParam Time parameter for revocation date
-1239      * @description
-1240      * @example
-1241      * tbsc.addRevokedCert({'int': 3}, {'str': '130508235959Z'});
-1242      * @see KJUR.asn1.x509.Time
-1243      */
-1244     this.addRevokedCert = function(snParam, timeParam) {
-1245         var param = {};
-1246         if (snParam != undefined && snParam != null) param['sn'] = snParam;
-1247         if (timeParam != undefined && timeParam != null) param['time'] = timeParam;
-1248         var o = new KJUR.asn1.x509.CRLEntry(param);
-1249         this.aRevokedCert.push(o);
-1250     };
-1251 
-1252     this.getEncodedHex = function() {
-1253         this.asn1Array = new Array();
-1254 
-1255         if (this.asn1Version != null) this.asn1Array.push(this.asn1Version);
-1256         this.asn1Array.push(this.asn1SignatureAlg);
-1257         this.asn1Array.push(this.asn1Issuer);
-1258         this.asn1Array.push(this.asn1ThisUpdate);
-1259         if (this.asn1NextUpdate != null) this.asn1Array.push(this.asn1NextUpdate);
-1260 
-1261         if (this.aRevokedCert.length > 0) {
-1262             var seq = new KJUR.asn1.DERSequence({'array': this.aRevokedCert});
-1263             this.asn1Array.push(seq);
-1264         }
-1265 
-1266         var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
-1267         this.hTLV = o.getEncodedHex();
-1268         this.isModified = false;
-1269         return this.hTLV;
-1270     };
-1271 
-1272     this._initialize = function() {
-1273         this.asn1Version = null;
-1274         this.asn1SignatureAlg = null;
-1275         this.asn1Issuer = null;
-1276         this.asn1ThisUpdate = null;
-1277         this.asn1NextUpdate = null;
-1278         this.aRevokedCert = new Array();
-1279     };
-1280 
-1281     this._initialize();
-1282 };
-1283 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object);
-1284 
-1285 /**
-1286  * ASN.1 CRLEntry structure class for CRL
-1287  * @name KJUR.asn1.x509.CRLEntry
-1288  * @class ASN.1 CRLEntry structure class for CRL
-1289  * @param {Array} params associative array of parameters (ex. {})
-1290  * @extends KJUR.asn1.ASN1Object
-1291  * @since 1.0.3
-1292  * @description
-1293  * @example
-1294  * var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}});
-1295  *
-1296  * // revokedCertificates     SEQUENCE OF SEQUENCE  {
-1297  * //     userCertificate         CertificateSerialNumber,
-1298  * //     revocationDate          Time,
-1299  * //     crlEntryExtensions      Extensions OPTIONAL
-1300  * //                             -- if present, version MUST be v2 }
-1301  */
-1302 KJUR.asn1.x509.CRLEntry = function(params) {
-1303     KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);
-1304     var sn = null;
-1305     var time = null;
-1306 
-1307     /**
-1308      * set DERInteger parameter for serial number of revoked certificate
-1309      * @name setCertSerial
-1310      * @memberOf KJUR.asn1.x509.CRLEntry
-1311      * @function
-1312      * @param {Array} intParam DERInteger parameter for certificate serial number
-1313      * @description
-1314      * @example
-1315      * entry.setCertSerial({'int': 3});
-1316      */
-1317     this.setCertSerial = function(intParam) {
-1318         this.sn = new KJUR.asn1.DERInteger(intParam);
-1319     };
-1320 
-1321     /**
-1322      * set Time parameter for revocation date
-1323      * @name setRevocationDate
-1324      * @memberOf KJUR.asn1.x509.CRLEntry
-1325      * @function
-1326      * @param {Array} timeParam Time parameter for revocation date
-1327      * @description
-1328      * @example
-1329      * entry.setRevocationDate({'str': '130508235959Z'});
-1330      */
-1331     this.setRevocationDate = function(timeParam) {
-1332         this.time = new KJUR.asn1.x509.Time(timeParam);
-1333     };
-1334 
-1335     this.getEncodedHex = function() {
-1336         var o = new KJUR.asn1.DERSequence({"array": [this.sn, this.time]});
-1337         this.TLV = o.getEncodedHex();
-1338         return this.TLV;
-1339     };
-1340 
-1341     if (typeof params != "undefined") {
-1342         if (typeof params['time'] != "undefined") {
-1343             this.setRevocationDate(params['time']);
-1344         }
-1345         if (typeof params['sn'] != "undefined") {
-1346             this.setCertSerial(params['sn']);
-1347         }
-1348     }
-1349 };
-1350 YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object);
-1351 
-1352 // === END   CRL Related ===================================================
-1353 
-1354 // === BEGIN X500Name Related =================================================
-1355 /**
-1356  * X500Name ASN.1 structure class
-1357  * @name KJUR.asn1.x509.X500Name
-1358  * @class X500Name ASN.1 structure class
-1359  * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'})
-1360  * @extends KJUR.asn1.ASN1Object
-1361  * @see KJUR.asn1.x509.X500Name
-1362  * @see KJUR.asn1.x509.RDN
-1363  * @see KJUR.asn1.x509.AttributeTypeAndValue
-1364  * @description
-1365  * This class provides DistinguishedName ASN.1 class structure
-1366  * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>.
-1367  * <blockquote><pre>
-1368  * DistinguishedName ::= RDNSequence
-1369  *
-1370  * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-1371  *
-1372  * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
-1373  *   AttributeTypeAndValue
-1374  *
-1375  * AttributeTypeAndValue ::= SEQUENCE {
-1376  *   type  AttributeType,
-1377  *   value AttributeValue }
-1378  * </pre></blockquote>
-1379  * <br/>
-1380  * For string representation of distinguished name in jsrsasign,
-1381  * OpenSSL oneline format is used. Please see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">wiki article</a> for it.
-1382  * <br/>
-1383  * NOTE: Multi-valued RDN is supported since jsrsasign 6.2.1 asn1x509 1.0.17.
-1384  * @example
-1385  * // 1. construct with string
-1386  * o = new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa/OU=bbb/CN=foo@example.com"});
-1387  * o = new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa+CN=contact@example.com"}); // multi valued
-1388  * // 2. construct by object
-1389  * o = new KJUR.asn1.x509.X500Name({C: "US", O: "aaa", CN: "http://example.com/"});
-1390  */
-1391 KJUR.asn1.x509.X500Name = function(params) {
-1392     KJUR.asn1.x509.X500Name.superclass.constructor.call(this);
-1393     this.asn1Array = new Array();
-1394 
-1395     /**
-1396      * set DN by OpenSSL oneline distinguished name string<br/>
-1397      * @name setByString
-1398      * @memberOf KJUR.asn1.x509.X500Name#
-1399      * @function
-1400      * @param {String} dnStr distinguished name by string (ex. /C=US/O=aaa)
-1401      * @description
-1402      * @example
-1403      * name = new KJUR.asn1.x509.X500Name();
-1404      * name.setByString("/C=US/O=aaa/OU=bbb/CN=foo@example.com");
-1405      */
-1406     this.setByString = function(dnStr) {
-1407         var a = dnStr.split('/');
-1408         a.shift();
-1409         for (var i = 0; i < a.length; i++) {
-1410             this.asn1Array.push(new KJUR.asn1.x509.RDN({'str':a[i]}));
-1411         }
-1412     };
-1413 
-1414     /**
-1415      * set DN by LDAP(RFC 2253) distinguished name string<br/>
-1416      * @name setByLdapString
-1417      * @memberOf KJUR.asn1.x509.X500Name#
-1418      * @function
-1419      * @param {String} dnStr distinguished name by LDAP string (ex. O=aaa,C=US)
-1420      * @since jsrsasign 6.2.2 asn1x509 1.0.18
-1421      * @description
-1422      * @example
-1423      * name = new KJUR.asn1.x509.X500Name();
-1424      * name.setByLdapString("CN=foo@example.com,OU=bbb,O=aaa,C=US");
-1425      */
-1426     this.setByLdapString = function(dnStr) {
-1427 	var oneline = KJUR.asn1.x509.X500Name.ldapToOneline(dnStr);
-1428 	this.setByString(oneline);
-1429     };
-1430 
-1431     /**
-1432      * set DN by associative array<br/>
-1433      * @name setByObject
-1434      * @memberOf KJUR.asn1.x509.X500Name#
-1435      * @function
-1436      * @param {Array} dnObj associative array of DN (ex. {C: "US", O: "aaa"})
-1437      * @since jsrsasign 4.9. asn1x509 1.0.13
-1438      * @description
-1439      * @example
-1440      * name = new KJUR.asn1.x509.X500Name();
-1441      * name.setByObject({C: "US", O: "aaa", CN="http://example.com/"1});
-1442      */
-1443     this.setByObject = function(dnObj) {
-1444         // Get all the dnObject attributes and stuff them in the ASN.1 array.
-1445         for (var x in dnObj) {
-1446             if (dnObj.hasOwnProperty(x)) {
-1447                 var newRDN = new KJUR.asn1.x509.RDN(
-1448                     {'str': x + '=' + dnObj[x]});
-1449                 // Initialize or push into the ANS1 array.
-1450                 this.asn1Array ? this.asn1Array.push(newRDN)
-1451                     : this.asn1Array = [newRDN];
-1452             }
-1453         }
-1454     };
-1455 
-1456     this.getEncodedHex = function() {
-1457         if (typeof this.hTLV == "string") return this.hTLV;
-1458         var o = new KJUR.asn1.DERSequence({"array": this.asn1Array});
-1459         this.hTLV = o.getEncodedHex();
-1460         return this.hTLV;
-1461     };
-1462 
-1463     if (params !== undefined) {
-1464         if (params.str !== undefined) {
-1465             this.setByString(params.str);
-1466         } else if (params.ldapstr !== undefined) {
-1467 	    this.setByLdapString(params.ldapstr);
-1468         // If params is an object, then set the ASN1 array just using the object
-1469         // attributes. This is nice for fields that have lots of special
-1470         // characters (i.e. CN: 'http://www.github.com/kjur//').
-1471         } else if (typeof params === "object") {
-1472             this.setByObject(params);
-1473         }
-1474 
-1475         if (params.certissuer !== undefined) {
-1476             var x = new X509();
-1477             x.hex = ASN1HEX.pemToHex(params.certissuer);
-1478             this.hTLV = x.getIssuerHex();
-1479         }
-1480         if (params.certsubject !== undefined) {
-1481             var x = new X509();
-1482             x.hex = ASN1HEX.pemToHex(params.certsubject);
-1483             this.hTLV = x.getSubjectHex();
-1484         }
-1485     }
-1486 };
-1487 YAHOO.lang.extend(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object);
-1488 
-1489 /**
-1490  * convert OpenSSL oneline distinguished name format string to LDAP(RFC 2253) format<br/>
-1491  * @name onelineToLDAP
-1492  * @memberOf KJUR.asn1.x509.X500Name
-1493  * @function
-1494  * @param {String} s distinguished name string in OpenSSL oneline format (ex. /C=US/O=test)
-1495  * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
-1496  * @since jsrsasign 6.2.2 asn1x509 1.0.18
-1497  * @description
-1498  * This static method converts a distinguished name string in OpenSSL oneline 
-1499  * format to LDAP(RFC 2253) format.
-1500  * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL oneline and LDAP(RFC 2253)</a>
-1501  * @example
-1502  * KJUR.asn1.x509.X500Name.onelineToLDAP("/C=US/O=test") → 'O=test,C=US'
-1503  * KJUR.asn1.x509.X500Name.onelineToLDAP("/C=US/O=a,a") → 'O=a\,a,C=US'
-1504  */
-1505 KJUR.asn1.x509.X500Name.onelineToLDAP = function(s) {
-1506     if (s.substr(0, 1) !== "/") throw "malformed input";
-1507 
-1508     var result = "";
-1509     s = s.substr(1);
-1510 
-1511     var a = s.split("/");
-1512     a.reverse();
-1513     a = a.map(function(s) {return s.replace(/,/, "\\,")});
-1514 
-1515     return a.join(",");
-1516 };
-1517 
-1518 /**
-1519  * convert LDAP(RFC 2253) distinguished name format string to OpenSSL oneline format<br/>
-1520  * @name ldapToOneline
-1521  * @memberOf KJUR.asn1.x509.X500Name
-1522  * @function
-1523  * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
-1524  * @return {String} distinguished name string in OpenSSL oneline format (ex. /C=US/O=test)
-1525  * @since jsrsasign 6.2.2 asn1x509 1.0.18
-1526  * @description
-1527  * This static method converts a distinguished name string in 
-1528  * LDAP(RFC 2253) format to OpenSSL oneline format.
-1529  * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL oneline and LDAP(RFC 2253)</a>
-1530  * @example
-1531  * KJUR.asn1.x509.X500Name.ldapToOneline('O=test,C=US') → '/C=US/O=test'
-1532  * KJUR.asn1.x509.X500Name.ldapToOneline('O=a\,a,C=US') → '/C=US/O=a,a'
-1533  * KJUR.asn1.x509.X500Name.ldapToOneline('O=a/a,C=US')  → '/C=US/O=a\/a'
-1534  */
-1535 KJUR.asn1.x509.X500Name.ldapToOneline = function(s) {
-1536     var a = s.split(",");
-1537 
-1538     // join \,
-1539     var isBSbefore = false;
-1540     var a2 = [];
-1541     for (var i = 0; a.length > 0; i++) {
-1542 	var item = a.shift();
-1543 	//console.log("item=" + item);
-1544 
-1545 	if (isBSbefore === true) {
-1546 	    var a2last = a2.pop();
-1547 	    var newitem = (a2last + "," + item).replace(/\\,/g, ",");
-1548 	    a2.push(newitem);
-1549 	    isBSbefore = false;
-1550 	} else {
-1551 	    a2.push(item);
-1552 	}
-1553 
-1554 	if (item.substr(-1, 1) === "\\") isBSbefore = true;
-1555     }
-1556 
-1557     a2 = a2.map(function(s) {return s.replace("/", "\\/")});
-1558     a2.reverse();
-1559     return "/" + a2.join("/");
-1560 };
-1561 
-1562 /**
-1563  * RDN (Relative Distinguished Name) ASN.1 structure class
-1564  * @name KJUR.asn1.x509.RDN
-1565  * @class RDN (Relative Distinguished Name) ASN.1 structure class
-1566  * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
-1567  * @extends KJUR.asn1.ASN1Object
-1568  * @see KJUR.asn1.x509.X500Name
-1569  * @see KJUR.asn1.x509.RDN
-1570  * @see KJUR.asn1.x509.AttributeTypeAndValue
-1571  * @description
-1572  * This class provides RelativeDistinguishedName ASN.1 class structure
-1573  * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>.
-1574  * <blockquote><pre>
-1575  * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
-1576  *   AttributeTypeAndValue
-1577  *
-1578  * AttributeTypeAndValue ::= SEQUENCE {
-1579  *   type  AttributeType,
-1580  *   value AttributeValue }
-1581  * </pre></blockquote>
-1582  * <br/>
-1583  * NOTE: Multi-valued RDN is supported since jsrsasign 6.2.1 asn1x509 1.0.17.
-1584  * @example
-1585  * rdn = new KJUR.asn1.x509.RDN({str: "CN=test"});
-1586  * rdn = new KJUR.asn1.x509.RDN({str: "O=a+O=bb+O=c"}); // multi-valued
-1587  * rdn = new KJUR.asn1.x509.RDN({str: "O=a+O=b\\+b+O=c"}); // plus escaped
-1588  * rdn = new KJUR.asn1.x509.RDN({str: "O=a+O=\"b+b\"+O=c"}); // double quoted
-1589  */
-1590 KJUR.asn1.x509.RDN = function(params) {
-1591     KJUR.asn1.x509.RDN.superclass.constructor.call(this);
-1592     this.asn1Array = new Array();
-1593 
-1594     /**
-1595      * add one AttributeTypeAndValue by string<br/>
-1596      * @name addByString
-1597      * @memberOf KJUR.asn1.x509.RDN#
-1598      * @function
-1599      * @param {String} s string of AttributeTypeAndValue
-1600      * @return {Object} unspecified
-1601      * @description
-1602      * This method add one AttributeTypeAndValue to RDN object.
-1603      * @example
-1604      * rdn = new KJUR.asn1.x509.RDN();
-1605      * rdn.addByString("CN=john");
-1606      * rdn.addByString("serialNumber=1234"); // for multi-valued RDN
-1607      */
-1608     this.addByString = function(s) {
-1609         this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str': s}));
-1610     };
+1086     /**
+1087      * set PKCS#5 encrypted RSA PEM private key as CA key
+1088      * @name setRsaPrvKeyByPEMandPass
+1089      * @memberOf KJUR.asn1.x509.CRL#
+1090      * @function
+1091      * @param {String} rsaPEM string of PKCS#5 encrypted RSA PEM private key
+1092      * @param {String} passPEM passcode string to decrypt private key
+1093      * @description
+1094      * <br/>
+1095      * <h4>EXAMPLES</h4>
+1096      * @example
+1097      */
+1098     this.setRsaPrvKeyByPEMandPass = function(rsaPEM, passPEM) {
+1099         var caKeyHex = PKCS5PKEY.getDecryptedKeyHex(rsaPEM, passPEM);
+1100         var caKey = new RSAKey();
+1101         caKey.readPrivateKeyFromASN1HexString(caKeyHex);
+1102         this.rsaPrvKey = caKey;
+1103     };
+1104 
+1105     /**
+1106      * sign TBSCertList and set signature value internally
+1107      * @name sign
+1108      * @memberOf KJUR.asn1.x509.CRL#
+1109      * @function
+1110      * @description
+1111      * @example
+1112      * var cert = new KJUR.asn1.x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
+1113      * cert.sign();
+1114      */
+1115     this.sign = function() {
+1116         this.asn1SignatureAlg = this.asn1TBSCertList.asn1SignatureAlg;
+1117 
+1118         sig = new KJUR.crypto.Signature({'alg': 'SHA1withRSA', 'prov': 'cryptojs/jsrsa'});
+1119         sig.initSign(this.rsaPrvKey);
+1120         sig.updateHex(this.asn1TBSCertList.getEncodedHex());
+1121         this.hexSig = sig.sign();
+1122 
+1123         this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig});
+1124 
+1125         var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCertList,
+1126                                                        this.asn1SignatureAlg,
+1127                                                        this.asn1Sig]});
+1128         this.hTLV = seq.getEncodedHex();
+1129         this.isModified = false;
+1130     };
+1131 
+1132     this.getEncodedHex = function() {
+1133         if (this.isModified == false && this.hTLV != null) return this.hTLV;
+1134         throw "not signed yet";
+1135     };
+1136 
+1137     /**
+1138      * get PEM formatted CRL string after signed
+1139      * @name getPEMString
+1140      * @memberOf KJUR.asn1.x509.CRL#
+1141      * @function
+1142      * @return PEM formatted string of certificate
+1143      * @description
+1144      * @example
+1145      * var cert = new KJUR.asn1.x509.CRL({'tbsobj': tbs, 'rsaprvkey': prvKey});
+1146      * cert.sign();
+1147      * var sPEM =  cert.getPEMString();
+1148      */
+1149     this.getPEMString = function() {
+1150         var pemBody = hextob64nl(this.getEncodedHex());
+1151         return "-----BEGIN X509 CRL-----\r\n" + 
+1152 	    pemBody + 
+1153 	    "\r\n-----END X509 CRL-----\r\n";
+1154     };
+1155 
+1156     if (typeof params != "undefined") {
+1157         if (typeof params['tbsobj'] != "undefined") {
+1158             this.asn1TBSCertList = params['tbsobj'];
+1159         }
+1160         if (typeof params['rsaprvkey'] != "undefined") {
+1161             this.rsaPrvKey = params['rsaprvkey'];
+1162         }
+1163         if ((typeof params['rsaprvpem'] != "undefined") &&
+1164             (typeof params['rsaprvpas'] != "undefined")) {
+1165             this.setRsaPrvKeyByPEMandPass(params['rsaprvpem'], params['rsaprvpas']);
+1166         }
+1167     }
+1168 };
+1169 YAHOO.lang.extend(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object);
+1170 
+1171 /**
+1172  * ASN.1 TBSCertList structure class for CRL
+1173  * @name KJUR.asn1.x509.TBSCertList
+1174  * @class ASN.1 TBSCertList structure class for CRL
+1175  * @param {Array} params associative array of parameters (ex. {})
+1176  * @extends KJUR.asn1.ASN1Object
+1177  * @since 1.0.3
+1178  * @description
+1179  * <br/>
+1180  * <h4>EXAMPLE</h4>
+1181  * @example
+1182  *  var o = new KJUR.asn1.x509.TBSCertList();
+1183  *  o.setSignatureAlgByParam({'name': 'SHA1withRSA'});
+1184  *  o.setIssuerByParam({'str': '/C=US/O=a'});
+1185  *  o.setNotThisUpdateByParam({'str': '130504235959Z'});
+1186  *  o.setNotNextUpdateByParam({'str': '140504235959Z'});
+1187  *  o.addRevokedCert({'int': 4}, {'str':'130514235959Z'}));
+1188  *  o.addRevokedCert({'hex': '0f34dd'}, {'str':'130514235959Z'}));
+1189  *
+1190  * // TBSCertList  ::=  SEQUENCE  {
+1191  * //        version                 Version OPTIONAL,
+1192  * //                                     -- if present, MUST be v2
+1193  * //        signature               AlgorithmIdentifier,
+1194  * //        issuer                  Name,
+1195  * //        thisUpdate              Time,
+1196  * //        nextUpdate              Time OPTIONAL,
+1197  * //        revokedCertificates     SEQUENCE OF SEQUENCE  {
+1198  * //             userCertificate         CertificateSerialNumber,
+1199  * //             revocationDate          Time,
+1200  * //             crlEntryExtensions      Extensions OPTIONAL
+1201  * //                                      -- if present, version MUST be v2
+1202  * //                                  }  OPTIONAL,
+1203  * //        crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
+1204  */
+1205 KJUR.asn1.x509.TBSCertList = function(params) {
+1206     KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this);
+1207     var aRevokedCert = null,
+1208 	_KJUR = KJUR,
+1209 	_KJUR_asn1 = _KJUR.asn1,
+1210 	_DERSequence = _KJUR_asn1.DERSequence,
+1211 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+1212 	_Time = _KJUR_asn1_x509.Time;
+1213 
+1214     /**
+1215      * set signature algorithm field by parameter
+1216      * @name setSignatureAlgByParam
+1217      * @memberOf KJUR.asn1.x509.TBSCertList#
+1218      * @function
+1219      * @param {Array} algIdParam AlgorithmIdentifier parameter
+1220      * @description
+1221      * @example
+1222      * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'});
+1223      */
+1224     this.setSignatureAlgByParam = function(algIdParam) {
+1225         this.asn1SignatureAlg = 
+1226 	    new _KJUR_asn1_x509.AlgorithmIdentifier(algIdParam);
+1227     };
+1228 
+1229     /**
+1230      * set issuer name field by parameter
+1231      * @name setIssuerByParam
+1232      * @memberOf KJUR.asn1.x509.TBSCertList#
+1233      * @function
+1234      * @param {Array} x500NameParam X500Name parameter
+1235      * @description
+1236      * @example
+1237      * tbsc.setIssuerParam({'str': '/C=US/CN=b'});
+1238      * @see KJUR.asn1.x509.X500Name
+1239      */
+1240     this.setIssuerByParam = function(x500NameParam) {
+1241         this.asn1Issuer = new _KJUR_asn1_x509.X500Name(x500NameParam);
+1242     };
+1243 
+1244     /**
+1245      * set thisUpdate field by parameter
+1246      * @name setThisUpdateByParam
+1247      * @memberOf KJUR.asn1.x509.TBSCertList#
+1248      * @function
+1249      * @param {Array} timeParam Time parameter
+1250      * @description
+1251      * @example
+1252      * tbsc.setThisUpdateByParam({'str': '130508235959Z'});
+1253      * @see KJUR.asn1.x509.Time
+1254      */
+1255     this.setThisUpdateByParam = function(timeParam) {
+1256         this.asn1ThisUpdate = new _Time(timeParam);
+1257     };
+1258 
+1259     /**
+1260      * set nextUpdate field by parameter
+1261      * @name setNextUpdateByParam
+1262      * @memberOf KJUR.asn1.x509.TBSCertList#
+1263      * @function
+1264      * @param {Array} timeParam Time parameter
+1265      * @description
+1266      * @example
+1267      * tbsc.setNextUpdateByParam({'str': '130508235959Z'});
+1268      * @see KJUR.asn1.x509.Time
+1269      */
+1270     this.setNextUpdateByParam = function(timeParam) {
+1271         this.asn1NextUpdate = new _Time(timeParam);
+1272     };
+1273 
+1274     /**
+1275      * add revoked certificate by parameter
+1276      * @name addRevokedCert
+1277      * @memberOf KJUR.asn1.x509.TBSCertList#
+1278      * @function
+1279      * @param {Array} snParam DERInteger parameter for certificate serial number
+1280      * @param {Array} timeParam Time parameter for revocation date
+1281      * @description
+1282      * @example
+1283      * tbsc.addRevokedCert({'int': 3}, {'str': '130508235959Z'});
+1284      * @see KJUR.asn1.x509.Time
+1285      */
+1286     this.addRevokedCert = function(snParam, timeParam) {
+1287         var param = {};
+1288         if (snParam != undefined && snParam != null)
+1289 	    param['sn'] = snParam;
+1290         if (timeParam != undefined && timeParam != null)
+1291 	    param['time'] = timeParam;
+1292         var o = new _KJUR_asn1_x509.CRLEntry(param);
+1293         this.aRevokedCert.push(o);
+1294     };
+1295 
+1296     this.getEncodedHex = function() {
+1297         this.asn1Array = new Array();
+1298 
+1299         if (this.asn1Version != null) this.asn1Array.push(this.asn1Version);
+1300         this.asn1Array.push(this.asn1SignatureAlg);
+1301         this.asn1Array.push(this.asn1Issuer);
+1302         this.asn1Array.push(this.asn1ThisUpdate);
+1303         if (this.asn1NextUpdate != null) this.asn1Array.push(this.asn1NextUpdate);
+1304 
+1305         if (this.aRevokedCert.length > 0) {
+1306             var seq = new _DERSequence({'array': this.aRevokedCert});
+1307             this.asn1Array.push(seq);
+1308         }
+1309 
+1310         var o = new _DERSequence({"array": this.asn1Array});
+1311         this.hTLV = o.getEncodedHex();
+1312         this.isModified = false;
+1313         return this.hTLV;
+1314     };
+1315 
+1316     this._initialize = function() {
+1317         this.asn1Version = null;
+1318         this.asn1SignatureAlg = null;
+1319         this.asn1Issuer = null;
+1320         this.asn1ThisUpdate = null;
+1321         this.asn1NextUpdate = null;
+1322         this.aRevokedCert = new Array();
+1323     };
+1324 
+1325     this._initialize();
+1326 };
+1327 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object);
+1328 
+1329 /**
+1330  * ASN.1 CRLEntry structure class for CRL
+1331  * @name KJUR.asn1.x509.CRLEntry
+1332  * @class ASN.1 CRLEntry structure class for CRL
+1333  * @param {Array} params associative array of parameters (ex. {})
+1334  * @extends KJUR.asn1.ASN1Object
+1335  * @since 1.0.3
+1336  * @description
+1337  * @example
+1338  * var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}});
+1339  *
+1340  * // revokedCertificates     SEQUENCE OF SEQUENCE  {
+1341  * //     userCertificate         CertificateSerialNumber,
+1342  * //     revocationDate          Time,
+1343  * //     crlEntryExtensions      Extensions OPTIONAL
+1344  * //                             -- if present, version MUST be v2 }
+1345  */
+1346 KJUR.asn1.x509.CRLEntry = function(params) {
+1347     KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);
+1348     var sn = null,
+1349 	time = null,
+1350 	_KJUR = KJUR,
+1351 	_KJUR_asn1 = _KJUR.asn1;
+1352 
+1353     /**
+1354      * set DERInteger parameter for serial number of revoked certificate
+1355      * @name setCertSerial
+1356      * @memberOf KJUR.asn1.x509.CRLEntry
+1357      * @function
+1358      * @param {Array} intParam DERInteger parameter for certificate serial number
+1359      * @description
+1360      * @example
+1361      * entry.setCertSerial({'int': 3});
+1362      */
+1363     this.setCertSerial = function(intParam) {
+1364         this.sn = new _KJUR_asn1.DERInteger(intParam);
+1365     };
+1366 
+1367     /**
+1368      * set Time parameter for revocation date
+1369      * @name setRevocationDate
+1370      * @memberOf KJUR.asn1.x509.CRLEntry
+1371      * @function
+1372      * @param {Array} timeParam Time parameter for revocation date
+1373      * @description
+1374      * @example
+1375      * entry.setRevocationDate({'str': '130508235959Z'});
+1376      */
+1377     this.setRevocationDate = function(timeParam) {
+1378         this.time = new _KJUR_asn1.x509.Time(timeParam);
+1379     };
+1380 
+1381     this.getEncodedHex = function() {
+1382         var o = new _KJUR_asn1.DERSequence({"array": [this.sn, this.time]});
+1383         this.TLV = o.getEncodedHex();
+1384         return this.TLV;
+1385     };
+1386 
+1387     if (params !== undefined) {
+1388         if (params.time !== undefined) {
+1389             this.setRevocationDate(params.time);
+1390         }
+1391         if (params.sn !== undefined) {
+1392             this.setCertSerial(params.sn);
+1393         }
+1394     }
+1395 };
+1396 YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object);
+1397 
+1398 // === END   CRL Related ===================================================
+1399 
+1400 // === BEGIN X500Name Related =================================================
+1401 /**
+1402  * X500Name ASN.1 structure class
+1403  * @name KJUR.asn1.x509.X500Name
+1404  * @class X500Name ASN.1 structure class
+1405  * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'})
+1406  * @extends KJUR.asn1.ASN1Object
+1407  * @see KJUR.asn1.x509.X500Name
+1408  * @see KJUR.asn1.x509.RDN
+1409  * @see KJUR.asn1.x509.AttributeTypeAndValue
+1410  * @description
+1411  * This class provides DistinguishedName ASN.1 class structure
+1412  * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>.
+1413  * <blockquote><pre>
+1414  * DistinguishedName ::= RDNSequence
+1415  *
+1416  * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+1417  *
+1418  * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
+1419  *   AttributeTypeAndValue
+1420  *
+1421  * AttributeTypeAndValue ::= SEQUENCE {
+1422  *   type  AttributeType,
+1423  *   value AttributeValue }
+1424  * </pre></blockquote>
+1425  * <br/>
+1426  * For string representation of distinguished name in jsrsasign,
+1427  * OpenSSL oneline format is used. Please see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">wiki article</a> for it.
+1428  * <br/>
+1429  * NOTE: Multi-valued RDN is supported since jsrsasign 6.2.1 asn1x509 1.0.17.
+1430  * @example
+1431  * // 1. construct with string
+1432  * o = new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa/OU=bbb/CN=foo@example.com"});
+1433  * o = new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa+CN=contact@example.com"}); // multi valued
+1434  * // 2. construct by object
+1435  * o = new KJUR.asn1.x509.X500Name({C: "US", O: "aaa", CN: "http://example.com/"});
+1436  */
+1437 KJUR.asn1.x509.X500Name = function(params) {
+1438     KJUR.asn1.x509.X500Name.superclass.constructor.call(this);
+1439     this.asn1Array = new Array();
+1440     var _KJUR = KJUR,
+1441 	_KJUR_asn1 = _KJUR.asn1,
+1442 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+1443 	_pemtohex = pemtohex;
+1444 
+1445     /**
+1446      * set DN by OpenSSL oneline distinguished name string<br/>
+1447      * @name setByString
+1448      * @memberOf KJUR.asn1.x509.X500Name#
+1449      * @function
+1450      * @param {String} dnStr distinguished name by string (ex. /C=US/O=aaa)
+1451      * @description
+1452      * @example
+1453      * name = new KJUR.asn1.x509.X500Name();
+1454      * name.setByString("/C=US/O=aaa/OU=bbb/CN=foo@example.com");
+1455      */
+1456     this.setByString = function(dnStr) {
+1457         var a = dnStr.split('/');
+1458         a.shift();
+1459         for (var i = 0; i < a.length; i++) {
+1460             this.asn1Array.push(new _KJUR_asn1_x509.RDN({'str':a[i]}));
+1461         }
+1462     };
+1463 
+1464     /**
+1465      * set DN by LDAP(RFC 2253) distinguished name string<br/>
+1466      * @name setByLdapString
+1467      * @memberOf KJUR.asn1.x509.X500Name#
+1468      * @function
+1469      * @param {String} dnStr distinguished name by LDAP string (ex. O=aaa,C=US)
+1470      * @since jsrsasign 6.2.2 asn1x509 1.0.18
+1471      * @description
+1472      * @example
+1473      * name = new KJUR.asn1.x509.X500Name();
+1474      * name.setByLdapString("CN=foo@example.com,OU=bbb,O=aaa,C=US");
+1475      */
+1476     this.setByLdapString = function(dnStr) {
+1477 	var oneline = _KJUR_asn1_x509.X500Name.ldapToOneline(dnStr);
+1478 	this.setByString(oneline);
+1479     };
+1480 
+1481     /**
+1482      * set DN by associative array<br/>
+1483      * @name setByObject
+1484      * @memberOf KJUR.asn1.x509.X500Name#
+1485      * @function
+1486      * @param {Array} dnObj associative array of DN (ex. {C: "US", O: "aaa"})
+1487      * @since jsrsasign 4.9. asn1x509 1.0.13
+1488      * @description
+1489      * @example
+1490      * name = new KJUR.asn1.x509.X500Name();
+1491      * name.setByObject({C: "US", O: "aaa", CN="http://example.com/"1});
+1492      */
+1493     this.setByObject = function(dnObj) {
+1494         // Get all the dnObject attributes and stuff them in the ASN.1 array.
+1495         for (var x in dnObj) {
+1496             if (dnObj.hasOwnProperty(x)) {
+1497                 var newRDN = new KJUR.asn1.x509.RDN(
+1498                     {'str': x + '=' + dnObj[x]});
+1499                 // Initialize or push into the ANS1 array.
+1500                 this.asn1Array ? this.asn1Array.push(newRDN)
+1501                     : this.asn1Array = [newRDN];
+1502             }
+1503         }
+1504     };
+1505 
+1506     this.getEncodedHex = function() {
+1507         if (typeof this.hTLV == "string") return this.hTLV;
+1508         var o = new _KJUR_asn1.DERSequence({"array": this.asn1Array});
+1509         this.hTLV = o.getEncodedHex();
+1510         return this.hTLV;
+1511     };
+1512 
+1513     if (params !== undefined) {
+1514         if (params.str !== undefined) {
+1515             this.setByString(params.str);
+1516         } else if (params.ldapstr !== undefined) {
+1517 	    this.setByLdapString(params.ldapstr);
+1518         // If params is an object, then set the ASN1 array just using the object
+1519         // attributes. This is nice for fields that have lots of special
+1520         // characters (i.e. CN: 'http://www.github.com/kjur//').
+1521         } else if (typeof params === "object") {
+1522             this.setByObject(params);
+1523         }
+1524 
+1525         if (params.certissuer !== undefined) {
+1526             var x = new X509();
+1527             x.hex = _pemtohex(params.certissuer);
+1528             this.hTLV = x.getIssuerHex();
+1529         }
+1530         if (params.certsubject !== undefined) {
+1531             var x = new X509();
+1532             x.hex = _pemtohex(params.certsubject);
+1533             this.hTLV = x.getSubjectHex();
+1534         }
+1535     }
+1536 };
+1537 YAHOO.lang.extend(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object);
+1538 
+1539 /**
+1540  * convert OpenSSL oneline distinguished name format string to LDAP(RFC 2253) format<br/>
+1541  * @name onelineToLDAP
+1542  * @memberOf KJUR.asn1.x509.X500Name
+1543  * @function
+1544  * @param {String} s distinguished name string in OpenSSL oneline format (ex. /C=US/O=test)
+1545  * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
+1546  * @since jsrsasign 6.2.2 asn1x509 1.0.18
+1547  * @description
+1548  * This static method converts a distinguished name string in OpenSSL oneline 
+1549  * format to LDAP(RFC 2253) format.
+1550  * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL oneline and LDAP(RFC 2253)</a>
+1551  * @example
+1552  * KJUR.asn1.x509.X500Name.onelineToLDAP("/C=US/O=test") → 'O=test,C=US'
+1553  * KJUR.asn1.x509.X500Name.onelineToLDAP("/C=US/O=a,a") → 'O=a\,a,C=US'
+1554  */
+1555 KJUR.asn1.x509.X500Name.onelineToLDAP = function(s) {
+1556     if (s.substr(0, 1) !== "/") throw "malformed input";
+1557 
+1558     var result = "";
+1559     s = s.substr(1);
+1560 
+1561     var a = s.split("/");
+1562     a.reverse();
+1563     a = a.map(function(s) {return s.replace(/,/, "\\,")});
+1564 
+1565     return a.join(",");
+1566 };
+1567 
+1568 /**
+1569  * convert LDAP(RFC 2253) distinguished name format string to OpenSSL oneline format<br/>
+1570  * @name ldapToOneline
+1571  * @memberOf KJUR.asn1.x509.X500Name
+1572  * @function
+1573  * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
+1574  * @return {String} distinguished name string in OpenSSL oneline format (ex. /C=US/O=test)
+1575  * @since jsrsasign 6.2.2 asn1x509 1.0.18
+1576  * @description
+1577  * This static method converts a distinguished name string in 
+1578  * LDAP(RFC 2253) format to OpenSSL oneline format.
+1579  * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL oneline and LDAP(RFC 2253)</a>
+1580  * @example
+1581  * KJUR.asn1.x509.X500Name.ldapToOneline('O=test,C=US') → '/C=US/O=test'
+1582  * KJUR.asn1.x509.X500Name.ldapToOneline('O=a\,a,C=US') → '/C=US/O=a,a'
+1583  * KJUR.asn1.x509.X500Name.ldapToOneline('O=a/a,C=US')  → '/C=US/O=a\/a'
+1584  */
+1585 KJUR.asn1.x509.X500Name.ldapToOneline = function(s) {
+1586     var a = s.split(",");
+1587 
+1588     // join \,
+1589     var isBSbefore = false;
+1590     var a2 = [];
+1591     for (var i = 0; a.length > 0; i++) {
+1592 	var item = a.shift();
+1593 	//console.log("item=" + item);
+1594 
+1595 	if (isBSbefore === true) {
+1596 	    var a2last = a2.pop();
+1597 	    var newitem = (a2last + "," + item).replace(/\\,/g, ",");
+1598 	    a2.push(newitem);
+1599 	    isBSbefore = false;
+1600 	} else {
+1601 	    a2.push(item);
+1602 	}
+1603 
+1604 	if (item.substr(-1, 1) === "\\") isBSbefore = true;
+1605     }
+1606 
+1607     a2 = a2.map(function(s) {return s.replace("/", "\\/")});
+1608     a2.reverse();
+1609     return "/" + a2.join("/");
+1610 };
 1611 
-1612     /**
-1613      * add one AttributeTypeAndValue by multi-valued string<br/>
-1614      * @name addByMultiValuedString
-1615      * @memberOf KJUR.asn1.x509.RDN#
-1616      * @function
-1617      * @param {String} s string of multi-valued RDN
-1618      * @return {Object} unspecified
-1619      * @since jsrsasign 6.2.1 asn1x509 1.0.17
-1620      * @description
-1621      * This method add multi-valued RDN to RDN object.
-1622      * @example
-1623      * rdn = new KJUR.asn1.x509.RDN();
-1624      * rdn.addByMultiValuedString("CN=john+O=test");
-1625      * rdn.addByMultiValuedString("O=a+O=b\+b\+b+O=c"); // multi-valued RDN with quoted plus
-1626      * rdn.addByMultiValuedString("O=a+O=\"b+b+b\"+O=c"); // multi-valued RDN with quoted quotation
-1627      */
-1628     this.addByMultiValuedString = function(s) {
-1629 	var a = KJUR.asn1.x509.RDN.parseString(s);
-1630 	for (var i = 0; i < a.length; i++) {
-1631 	    this.addByString(a[i]);
-1632 	}
-1633     };
-1634 
-1635     this.getEncodedHex = function() {
-1636         var o = new KJUR.asn1.DERSet({"array": this.asn1Array});
-1637         this.TLV = o.getEncodedHex();
-1638         return this.TLV;
-1639     };
-1640 
-1641     if (typeof params != "undefined") {
-1642         if (typeof params['str'] != "undefined") {
-1643             this.addByMultiValuedString(params['str']);
-1644         }
-1645     }
-1646 };
-1647 YAHOO.lang.extend(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object);
-1648 
-1649 /**
-1650  * parse multi-valued RDN string and split into array of 'AttributeTypeAndValue'<br/>
-1651  * @name parseString
-1652  * @memberOf KJUR.asn1.x509.RDN
-1653  * @function
-1654  * @param {String} s multi-valued string of RDN
-1655  * @return {Array} array of string of AttributeTypeAndValue
-1656  * @since jsrsasign 6.2.1 asn1x509 1.0.17
-1657  * @description
-1658  * This static method parses multi-valued RDN string and split into
-1659  * array of AttributeTypeAndValue.
-1660  * @example
-1661  * KJUR.asn1.x509.RDN.parseString("CN=john") → ["CN=john"]
-1662  * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test") → ["CN=john", "OU=test"]
-1663  * KJUR.asn1.x509.RDN.parseString('CN="jo+hn"+OU=test') → ["CN=jo+hn", "OU=test"]
-1664  * KJUR.asn1.x509.RDN.parseString('CN=jo\+hn+OU=test') → ["CN=jo+hn", "OU=test"]
-1665  * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test+OU=t1") → ["CN=john", "OU=test", "OU=t1"]
-1666  */
-1667 KJUR.asn1.x509.RDN.parseString = function(s) {
-1668     var a = s.split(/\+/);
-1669 
-1670     // join \+
-1671     var isBSbefore = false;
-1672     var a2 = [];
-1673     for (var i = 0; a.length > 0; i++) {
-1674 	var item = a.shift();
-1675 	//console.log("item=" + item);
-1676 
-1677 	if (isBSbefore === true) {
-1678 	    var a2last = a2.pop();
-1679 	    var newitem = (a2last + "+" + item).replace(/\\\+/g, "+");
-1680 	    a2.push(newitem);
-1681 	    isBSbefore = false;
-1682 	} else {
-1683 	    a2.push(item);
-1684 	}
-1685 
-1686 	if (item.substr(-1, 1) === "\\") isBSbefore = true;
-1687     }
-1688 
-1689     // join quote
-1690     var beginQuote = false;
-1691     var a3 = [];
-1692     for (var i = 0; a2.length > 0; i++) {
-1693 	var item = a2.shift();
-1694 
-1695 	if (beginQuote === true) {
-1696 	    var a3last = a3.pop();
-1697 	    if (item.match(/"$/)) {
-1698 		var newitem = (a3last + "+" + item).replace(/^([^=]+)="(.*)"$/, "$1=$2");
-1699 		a3.push(newitem);
-1700 		beginQuote = false;
-1701 	    } else {
-1702 		a3.push(a3last + "+" + item);
-1703 	    }
-1704 	} else {
-1705 	    a3.push(item);
-1706 	}
-1707 
-1708 	if (item.match(/^[^=]+="/)) {
-1709 	    //console.log(i + "=" + item);
-1710 	    beginQuote = true;
-1711 	}
-1712     }
-1713 
-1714     return a3;
-1715 };
-1716 
-1717 /**
-1718  * AttributeTypeAndValue ASN.1 structure class
-1719  * @name KJUR.asn1.x509.AttributeTypeAndValue
-1720  * @class AttributeTypeAndValue ASN.1 structure class
-1721  * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
-1722  * @extends KJUR.asn1.ASN1Object
-1723  * @description
-1724  * @see KJUR.asn1.x509.X500Name
-1725  * @see KJUR.asn1.x509.RDN
-1726  * @see KJUR.asn1.x509.AttributeTypeAndValue
-1727  * @example
-1728  */
-1729 KJUR.asn1.x509.AttributeTypeAndValue = function(params) {
-1730     KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);
-1731     var typeObj = null;
-1732     var valueObj = null;
-1733     var defaultDSType = "utf8";
-1734 
-1735     this.setByString = function(attrTypeAndValueStr) {
-1736         var matchResult = attrTypeAndValueStr.match(/^([^=]+)=(.+)$/);
-1737         if (matchResult) {
-1738             this.setByAttrTypeAndValueStr(matchResult[1], matchResult[2]);
-1739         } else {
-1740             throw "malformed attrTypeAndValueStr: " + attrTypeAndValueStr;
-1741         }
-1742     };
-1743 
-1744     this.setByAttrTypeAndValueStr = function(shortAttrType, valueStr) {
-1745         this.typeObj = KJUR.asn1.x509.OID.atype2obj(shortAttrType);
-1746         var dsType = defaultDSType;
-1747         if (shortAttrType == "C") dsType = "prn";
-1748         this.valueObj = this.getValueObj(dsType, valueStr);
-1749     };
-1750 
-1751     this.getValueObj = function(dsType, valueStr) {
-1752         if (dsType == "utf8")   return new KJUR.asn1.DERUTF8String({"str": valueStr});
-1753         if (dsType == "prn")    return new KJUR.asn1.DERPrintableString({"str": valueStr});
-1754         if (dsType == "tel")    return new KJUR.asn1.DERTeletexString({"str": valueStr});
-1755         if (dsType == "ia5")    return new KJUR.asn1.DERIA5String({"str": valueStr});
-1756         throw "unsupported directory string type: type=" + dsType + " value=" + valueStr;
-1757     };
-1758 
-1759     this.getEncodedHex = function() {
-1760         var o = new KJUR.asn1.DERSequence({"array": [this.typeObj, this.valueObj]});
-1761         this.TLV = o.getEncodedHex();
-1762         return this.TLV;
-1763     };
-1764 
-1765     if (typeof params != "undefined") {
-1766         if (typeof params['str'] != "undefined") {
-1767             this.setByString(params['str']);
-1768         }
-1769     }
-1770 };
-1771 YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object);
-1772 
-1773 // === END   X500Name Related =================================================
-1774 
-1775 // === BEGIN Other ASN1 structure class  ======================================
-1776 
-1777 /**
-1778  * SubjectPublicKeyInfo ASN.1 structure class
-1779  * @name KJUR.asn1.x509.SubjectPublicKeyInfo
-1780  * @class SubjectPublicKeyInfo ASN.1 structure class
-1781  * @param {Object} params parameter for subject public key
-1782  * @extends KJUR.asn1.ASN1Object
-1783  * @description
-1784  * <br/>
-1785  * As for argument 'params' for constructor, you can specify one of
-1786  * following properties:
-1787  * <ul>
-1788  * <li>{@link RSAKey} object</li>
-1789  * <li>{@link KJUR.crypto.ECDSA} object</li>
-1790  * <li>{@link KJUR.crypto.DSA} object</li>
-1791  * <li>(DEPRECATED)rsakey - specify {@link RSAKey} object of subject public key</li>
-1792  * <li>(DEPRECATED)rsapem - specify a string of PEM public key of RSA key</li>
-1793  * </ul>
-1794  * NOTE1: 'params' can be omitted.<br/>
-1795  * NOTE2: DSA/ECDSA key object is also supported since asn1x509 1.0.6.<br/>
-1796  * <h4>EXAMPLE</h4>
-1797  * @example
-1798  * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(RSAKey_object);
-1799  * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoECDSA_object);
-1800  * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoDSA_object);
-1801  */
-1802 KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) {
-1803     KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);
-1804     var asn1AlgId = null;
-1805     var asn1SubjPKey = null;
-1806     var rsaKey = null;
-1807 
-1808     /**
-1809      * (DEPRECATED) set RSAKey object as subject public key
-1810      * @name setRSAKey
-1811      * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo
-1812      * @function
-1813      * @param {RSAKey} rsaKey {@link RSAKey} object for RSA public key
-1814      * @description
-1815      * @deprecated
-1816      * @example
-1817      * spki.setRSAKey(rsaKey);
-1818      */
-1819     this.setRSAKey = function(rsaKey) {
-1820         if (! RSAKey.prototype.isPrototypeOf(rsaKey))
-1821             throw "argument is not RSAKey instance";
-1822         this.rsaKey = rsaKey;
-1823         var asn1RsaN = new KJUR.asn1.DERInteger({'bigint': rsaKey.n});
-1824         var asn1RsaE = new KJUR.asn1.DERInteger({'int': rsaKey.e});
-1825         var asn1RsaPub = new KJUR.asn1.DERSequence({'array': [asn1RsaN, asn1RsaE]});
-1826         var rsaKeyHex = asn1RsaPub.getEncodedHex();
-1827         this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'});
-1828         this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex});
-1829     };
-1830 
-1831     /**
-1832      * (DEPRECATED) set a PEM formatted RSA public key string as RSA public key
-1833      * @name setRSAPEM
-1834      * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo
-1835      * @function
-1836      * @param {String} rsaPubPEM PEM formatted RSA public key string
-1837      * @deprecated from jsrsasign 7.1.1 asn1x509 1.0.20.
-1838      * @description
-1839      * @example
-1840      * spki.setRSAPEM(rsaPubPEM);
-1841      */
-1842     this.setRSAPEM = function(rsaPubPEM) {
-1843         if (rsaPubPEM.match(/-----BEGIN PUBLIC KEY-----/)) {
-1844             var s = rsaPubPEM;
-1845             s = s.replace(/^-----[^-]+-----/, '');
-1846             s = s.replace(/-----[^-]+-----\s*$/, '');
-1847             var rsaB64 = s.replace(/\s+/g, '');
-1848             var rsaWA = CryptoJS.enc.Base64.parse(rsaB64);
-1849             var rsaP8Hex = CryptoJS.enc.Hex.stringify(rsaWA);
-1850             var a = RSAKey.getHexValueArrayOfChildrenFromHex(rsaP8Hex);
-1851             var hBitStrVal = a[1];
-1852             var rsaHex = hBitStrVal.substr(2);
-1853             var a3 = RSAKey.getHexValueArrayOfChildrenFromHex(rsaHex);
-1854             var rsaKey = new RSAKey();
-1855             rsaKey.setPublic(a3[0], a3[1]);
-1856             this.setRSAKey(rsaKey);
-1857         } else {
-1858             throw "key not supported";
-1859         }
-1860     };
-1861 
-1862     /*
-1863      * @since asn1x509 1.0.7
-1864      */
-1865     this.getASN1Object = function() {
-1866         if (this.asn1AlgId == null || this.asn1SubjPKey == null)
-1867             throw "algId and/or subjPubKey not set";
-1868         var o = new KJUR.asn1.DERSequence({'array':
-1869                                            [this.asn1AlgId, this.asn1SubjPKey]});
-1870         return o;
-1871     };
-1872 
-1873     this.getEncodedHex = function() {
-1874         var o = this.getASN1Object();
-1875         this.hTLV = o.getEncodedHex();
-1876         return this.hTLV;
-1877     };
-1878 
-1879     this._setRSAKey = function(key) {
-1880         var asn1RsaPub = KJUR.asn1.ASN1Util.newObject({
-1881             'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}]
-1882         });
-1883         var rsaKeyHex = asn1RsaPub.getEncodedHex();
-1884         this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'});
-1885         this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex});
-1886     };
-1887 
-1888     this._setEC = function(key) {
-1889         var asn1Params = new KJUR.asn1.DERObjectIdentifier({'name': key.curveName});
-1890         this.asn1AlgId =
-1891             new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'ecPublicKey',
-1892                                                     'asn1params': asn1Params});
-1893         this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + key.pubKeyHex});
-1894     };
-1895 
-1896     this._setDSA = function(key) {
-1897         var asn1Params = new KJUR.asn1.ASN1Util.newObject({
-1898             'seq': [{'int': {'bigint': key.p}},
-1899                     {'int': {'bigint': key.q}},
-1900                     {'int': {'bigint': key.g}}]
-1901         });
-1902         this.asn1AlgId =
-1903             new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'dsa',
-1904                                                     'asn1params': asn1Params});
-1905         var pubInt = new KJUR.asn1.DERInteger({'bigint': key.y});
-1906         this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + pubInt.getEncodedHex()});
-1907     };
-1908 
-1909     if (typeof params != "undefined") {
-1910         if (typeof RSAKey != 'undefined' && params instanceof RSAKey) {
-1911             this._setRSAKey(params);
-1912         } else if (typeof KJUR.crypto.ECDSA != 'undefined' &&
-1913                    params instanceof KJUR.crypto.ECDSA) {
-1914             this._setEC(params);
-1915         } else if (typeof KJUR.crypto.DSA != 'undefined' &&
-1916                    params instanceof KJUR.crypto.DSA) {
-1917             this._setDSA(params);
-1918         } else if (typeof params['rsakey'] != "undefined") {
-1919             this.setRSAKey(params['rsakey']);
-1920         } else if (typeof params['rsapem'] != "undefined") {
-1921             this.setRSAPEM(params['rsapem']);
-1922         }
-1923     }
-1924 };
-1925 YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object);
-1926 
-1927 /**
-1928  * Time ASN.1 structure class
-1929  * @name KJUR.asn1.x509.Time
-1930  * @class Time ASN.1 structure class
-1931  * @param {Array} params associative array of parameters (ex. {'str': '130508235959Z'})
-1932  * @extends KJUR.asn1.ASN1Object
-1933  * @description
-1934  * <br/>
-1935  * <h4>EXAMPLES</h4>
-1936  * @example
-1937  * var t1 = new KJUR.asn1.x509.Time{'str': '130508235959Z'} // UTCTime by default
-1938  * var t2 = new KJUR.asn1.x509.Time{'type': 'gen',  'str': '20130508235959Z'} // GeneralizedTime
-1939  */
-1940 KJUR.asn1.x509.Time = function(params) {
-1941     KJUR.asn1.x509.Time.superclass.constructor.call(this);
-1942     var type = null;
-1943     var timeParams = null;
-1944 
-1945     this.setTimeParams = function(timeParams) {
-1946         this.timeParams = timeParams;
-1947     }
-1948 
-1949     this.getEncodedHex = function() {
-1950         var o = null;
-1951 
-1952         if (this.timeParams != null) {
-1953             if (this.type == "utc") {
-1954                 o = new KJUR.asn1.DERUTCTime(this.timeParams);
-1955             } else {
-1956                 o = new KJUR.asn1.DERGeneralizedTime(this.timeParams);
-1957             }
-1958         } else {
-1959             if (this.type == "utc") {
-1960                 o = new KJUR.asn1.DERUTCTime();
-1961             } else {
-1962                 o = new KJUR.asn1.DERGeneralizedTime();
-1963             }
-1964         }
-1965         this.TLV = o.getEncodedHex();
-1966         return this.TLV;
+1612 /**
+1613  * RDN (Relative Distinguished Name) ASN.1 structure class
+1614  * @name KJUR.asn1.x509.RDN
+1615  * @class RDN (Relative Distinguished Name) ASN.1 structure class
+1616  * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
+1617  * @extends KJUR.asn1.ASN1Object
+1618  * @see KJUR.asn1.x509.X500Name
+1619  * @see KJUR.asn1.x509.RDN
+1620  * @see KJUR.asn1.x509.AttributeTypeAndValue
+1621  * @description
+1622  * This class provides RelativeDistinguishedName ASN.1 class structure
+1623  * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>.
+1624  * <blockquote><pre>
+1625  * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
+1626  *   AttributeTypeAndValue
+1627  *
+1628  * AttributeTypeAndValue ::= SEQUENCE {
+1629  *   type  AttributeType,
+1630  *   value AttributeValue }
+1631  * </pre></blockquote>
+1632  * <br/>
+1633  * NOTE: Multi-valued RDN is supported since jsrsasign 6.2.1 asn1x509 1.0.17.
+1634  * @example
+1635  * rdn = new KJUR.asn1.x509.RDN({str: "CN=test"});
+1636  * rdn = new KJUR.asn1.x509.RDN({str: "O=a+O=bb+O=c"}); // multi-valued
+1637  * rdn = new KJUR.asn1.x509.RDN({str: "O=a+O=b\\+b+O=c"}); // plus escaped
+1638  * rdn = new KJUR.asn1.x509.RDN({str: "O=a+O=\"b+b\"+O=c"}); // double quoted
+1639  */
+1640 KJUR.asn1.x509.RDN = function(params) {
+1641     KJUR.asn1.x509.RDN.superclass.constructor.call(this);
+1642     this.asn1Array = new Array();
+1643 
+1644     /**
+1645      * add one AttributeTypeAndValue by string<br/>
+1646      * @name addByString
+1647      * @memberOf KJUR.asn1.x509.RDN#
+1648      * @function
+1649      * @param {String} s string of AttributeTypeAndValue
+1650      * @return {Object} unspecified
+1651      * @description
+1652      * This method add one AttributeTypeAndValue to RDN object.
+1653      * @example
+1654      * rdn = new KJUR.asn1.x509.RDN();
+1655      * rdn.addByString("CN=john");
+1656      * rdn.addByString("serialNumber=1234"); // for multi-valued RDN
+1657      */
+1658     this.addByString = function(s) {
+1659         this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str': s}));
+1660     };
+1661 
+1662     /**
+1663      * add one AttributeTypeAndValue by multi-valued string<br/>
+1664      * @name addByMultiValuedString
+1665      * @memberOf KJUR.asn1.x509.RDN#
+1666      * @function
+1667      * @param {String} s string of multi-valued RDN
+1668      * @return {Object} unspecified
+1669      * @since jsrsasign 6.2.1 asn1x509 1.0.17
+1670      * @description
+1671      * This method add multi-valued RDN to RDN object.
+1672      * @example
+1673      * rdn = new KJUR.asn1.x509.RDN();
+1674      * rdn.addByMultiValuedString("CN=john+O=test");
+1675      * rdn.addByMultiValuedString("O=a+O=b\+b\+b+O=c"); // multi-valued RDN with quoted plus
+1676      * rdn.addByMultiValuedString("O=a+O=\"b+b+b\"+O=c"); // multi-valued RDN with quoted quotation
+1677      */
+1678     this.addByMultiValuedString = function(s) {
+1679 	var a = KJUR.asn1.x509.RDN.parseString(s);
+1680 	for (var i = 0; i < a.length; i++) {
+1681 	    this.addByString(a[i]);
+1682 	}
+1683     };
+1684 
+1685     this.getEncodedHex = function() {
+1686         var o = new KJUR.asn1.DERSet({"array": this.asn1Array});
+1687         this.TLV = o.getEncodedHex();
+1688         return this.TLV;
+1689     };
+1690 
+1691     if (typeof params != "undefined") {
+1692         if (typeof params['str'] != "undefined") {
+1693             this.addByMultiValuedString(params['str']);
+1694         }
+1695     }
+1696 };
+1697 YAHOO.lang.extend(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object);
+1698 
+1699 /**
+1700  * parse multi-valued RDN string and split into array of 'AttributeTypeAndValue'<br/>
+1701  * @name parseString
+1702  * @memberOf KJUR.asn1.x509.RDN
+1703  * @function
+1704  * @param {String} s multi-valued string of RDN
+1705  * @return {Array} array of string of AttributeTypeAndValue
+1706  * @since jsrsasign 6.2.1 asn1x509 1.0.17
+1707  * @description
+1708  * This static method parses multi-valued RDN string and split into
+1709  * array of AttributeTypeAndValue.
+1710  * @example
+1711  * KJUR.asn1.x509.RDN.parseString("CN=john") → ["CN=john"]
+1712  * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test") → ["CN=john", "OU=test"]
+1713  * KJUR.asn1.x509.RDN.parseString('CN="jo+hn"+OU=test') → ["CN=jo+hn", "OU=test"]
+1714  * KJUR.asn1.x509.RDN.parseString('CN=jo\+hn+OU=test') → ["CN=jo+hn", "OU=test"]
+1715  * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test+OU=t1") → ["CN=john", "OU=test", "OU=t1"]
+1716  */
+1717 KJUR.asn1.x509.RDN.parseString = function(s) {
+1718     var a = s.split(/\+/);
+1719 
+1720     // join \+
+1721     var isBSbefore = false;
+1722     var a2 = [];
+1723     for (var i = 0; a.length > 0; i++) {
+1724 	var item = a.shift();
+1725 	//console.log("item=" + item);
+1726 
+1727 	if (isBSbefore === true) {
+1728 	    var a2last = a2.pop();
+1729 	    var newitem = (a2last + "+" + item).replace(/\\\+/g, "+");
+1730 	    a2.push(newitem);
+1731 	    isBSbefore = false;
+1732 	} else {
+1733 	    a2.push(item);
+1734 	}
+1735 
+1736 	if (item.substr(-1, 1) === "\\") isBSbefore = true;
+1737     }
+1738 
+1739     // join quote
+1740     var beginQuote = false;
+1741     var a3 = [];
+1742     for (var i = 0; a2.length > 0; i++) {
+1743 	var item = a2.shift();
+1744 
+1745 	if (beginQuote === true) {
+1746 	    var a3last = a3.pop();
+1747 	    if (item.match(/"$/)) {
+1748 		var newitem = (a3last + "+" + item).replace(/^([^=]+)="(.*)"$/, "$1=$2");
+1749 		a3.push(newitem);
+1750 		beginQuote = false;
+1751 	    } else {
+1752 		a3.push(a3last + "+" + item);
+1753 	    }
+1754 	} else {
+1755 	    a3.push(item);
+1756 	}
+1757 
+1758 	if (item.match(/^[^=]+="/)) {
+1759 	    //console.log(i + "=" + item);
+1760 	    beginQuote = true;
+1761 	}
+1762     }
+1763 
+1764     return a3;
+1765 };
+1766 
+1767 /**
+1768  * AttributeTypeAndValue ASN.1 structure class
+1769  * @name KJUR.asn1.x509.AttributeTypeAndValue
+1770  * @class AttributeTypeAndValue ASN.1 structure class
+1771  * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
+1772  * @extends KJUR.asn1.ASN1Object
+1773  * @description
+1774  * @see KJUR.asn1.x509.X500Name
+1775  * @see KJUR.asn1.x509.RDN
+1776  * @see KJUR.asn1.x509.AttributeTypeAndValue
+1777  * @example
+1778  */
+1779 KJUR.asn1.x509.AttributeTypeAndValue = function(params) {
+1780     KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);
+1781     var typeObj = null,
+1782 	valueObj = null,
+1783 	defaultDSType = "utf8",
+1784 	_KJUR = KJUR,
+1785 	_KJUR_asn1 = _KJUR.asn1;
+1786 
+1787     this.setByString = function(attrTypeAndValueStr) {
+1788         var matchResult = attrTypeAndValueStr.match(/^([^=]+)=(.+)$/);
+1789         if (matchResult) {
+1790             this.setByAttrTypeAndValueStr(matchResult[1], matchResult[2]);
+1791         } else {
+1792             throw "malformed attrTypeAndValueStr: " + attrTypeAndValueStr;
+1793         }
+1794     };
+1795 
+1796     this.setByAttrTypeAndValueStr = function(shortAttrType, valueStr) {
+1797         this.typeObj = KJUR.asn1.x509.OID.atype2obj(shortAttrType);
+1798         var dsType = defaultDSType;
+1799         if (shortAttrType == "C") dsType = "prn";
+1800         this.valueObj = this.getValueObj(dsType, valueStr);
+1801     };
+1802 
+1803     this.getValueObj = function(dsType, valueStr) {
+1804         if (dsType == "utf8")   return new _KJUR_asn1.DERUTF8String({"str": valueStr});
+1805         if (dsType == "prn")    return new _KJUR_asn1.DERPrintableString({"str": valueStr});
+1806         if (dsType == "tel")    return new _KJUR_asn1.DERTeletexString({"str": valueStr});
+1807         if (dsType == "ia5")    return new _KJUR_asn1.DERIA5String({"str": valueStr});
+1808         throw "unsupported directory string type: type=" + dsType + " value=" + valueStr;
+1809     };
+1810 
+1811     this.getEncodedHex = function() {
+1812         var o = new _KJUR_asn1.DERSequence({"array": [this.typeObj, this.valueObj]});
+1813         this.TLV = o.getEncodedHex();
+1814         return this.TLV;
+1815     };
+1816 
+1817     if (typeof params != "undefined") {
+1818         if (typeof params['str'] != "undefined") {
+1819             this.setByString(params['str']);
+1820         }
+1821     }
+1822 };
+1823 YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object);
+1824 
+1825 // === END   X500Name Related =================================================
+1826 
+1827 // === BEGIN Other ASN1 structure class  ======================================
+1828 
+1829 /**
+1830  * SubjectPublicKeyInfo ASN.1 structure class
+1831  * @name KJUR.asn1.x509.SubjectPublicKeyInfo
+1832  * @class SubjectPublicKeyInfo ASN.1 structure class
+1833  * @param {Object} params parameter for subject public key
+1834  * @extends KJUR.asn1.ASN1Object
+1835  * @description
+1836  * <br/>
+1837  * As for argument 'params' for constructor, you can specify one of
+1838  * following properties:
+1839  * <ul>
+1840  * <li>{@link RSAKey} object</li>
+1841  * <li>{@link KJUR.crypto.ECDSA} object</li>
+1842  * <li>{@link KJUR.crypto.DSA} object</li>
+1843  * <li>(DEPRECATED)rsakey - specify {@link RSAKey} object of subject public key</li>
+1844  * <li>(DEPRECATED)rsapem - specify a string of PEM public key of RSA key</li>
+1845  * </ul>
+1846  * NOTE1: 'params' can be omitted.<br/>
+1847  * NOTE2: DSA/ECDSA key object is also supported since asn1x509 1.0.6.<br/>
+1848  * <h4>EXAMPLE</h4>
+1849  * @example
+1850  * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(RSAKey_object);
+1851  * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoECDSA_object);
+1852  * var spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoDSA_object);
+1853  */
+1854 KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) {
+1855     KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);
+1856     var asn1AlgId = null,
+1857 	asn1SubjPKey = null,
+1858 	rsaKey = null,
+1859 	_KJUR = KJUR,
+1860 	_KJUR_asn1 = _KJUR.asn1,
+1861 	_DERInteger = _KJUR_asn1.DERInteger,
+1862 	_DERBitString = _KJUR_asn1.DERBitString,
+1863 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
+1864 	_DERSequence = _KJUR_asn1.DERSequence,
+1865 	_newObject = _KJUR_asn1.ASN1Util.newObject,
+1866 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+1867 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
+1868 	_KJUR_crypto = _KJUR.crypto,
+1869 	_KJUR_crypto_ECDSA = _KJUR_crypto.ECDSA,
+1870 	_KJUR_crypto_DSA = _KJUR_crypto.DSA;
+1871 
+1872     /**
+1873      * (DEPRECATED) set RSAKey object as subject public key
+1874      * @name setRSAKey
+1875      * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo
+1876      * @function
+1877      * @param {RSAKey} rsaKey {@link RSAKey} object for RSA public key
+1878      * @description
+1879      * @deprecated
+1880      * @example
+1881      * spki.setRSAKey(rsaKey);
+1882      */
+1883     this.setRSAKey = function(rsaKey) {
+1884         if (! RSAKey.prototype.isPrototypeOf(rsaKey))
+1885             throw "argument is not RSAKey instance";
+1886         this.rsaKey = rsaKey;
+1887         var asn1RsaN = new _DERInteger({'bigint': rsaKey.n});
+1888         var asn1RsaE = new _DERInteger({'int': rsaKey.e});
+1889         var asn1RsaPub = new _KJUR_asn1.DERSequence({'array': [asn1RsaN, asn1RsaE]});
+1890         var rsaKeyHex = asn1RsaPub.getEncodedHex();
+1891         this.asn1AlgId = new _KJUR_asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'});
+1892         this.asn1SubjPKey = new _KJUR_asn1.DERBitString({'hex':'00'+rsaKeyHex});
+1893     };
+1894 
+1895     /**
+1896      * (DEPRECATED) set a PEM formatted RSA public key string as RSA public key
+1897      * @name setRSAPEM
+1898      * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo
+1899      * @function
+1900      * @param {String} rsaPubPEM PEM formatted RSA public key string
+1901      * @deprecated from jsrsasign 7.1.1 asn1x509 1.0.20.
+1902      * @description
+1903      * @example
+1904      * spki.setRSAPEM(rsaPubPEM);
+1905      */
+1906     this.setRSAPEM = function(rsaPubPEM) {
+1907         if (rsaPubPEM.match(/-----BEGIN PUBLIC KEY-----/)) {
+1908 	    var rsaP8Hex = pemtohex(rsaPubPEM);
+1909             var a = RSAKey.getHexValueArrayOfChildrenFromHex(rsaP8Hex);
+1910             var hBitStrVal = a[1];
+1911             var rsaHex = hBitStrVal.substr(2);
+1912             var a3 = RSAKey.getHexValueArrayOfChildrenFromHex(rsaHex);
+1913             var rsaKey = new RSAKey();
+1914             rsaKey.setPublic(a3[0], a3[1]);
+1915             this.setRSAKey(rsaKey);
+1916         } else {
+1917             throw "key not supported";
+1918         }
+1919     };
+1920 
+1921     /*
+1922      * @since asn1x509 1.0.7
+1923      */
+1924     this.getASN1Object = function() {
+1925         if (this.asn1AlgId == null || this.asn1SubjPKey == null)
+1926             throw "algId and/or subjPubKey not set";
+1927         var o = new _DERSequence({'array':
+1928                                   [this.asn1AlgId, this.asn1SubjPKey]});
+1929         return o;
+1930     };
+1931 
+1932     this.getEncodedHex = function() {
+1933         var o = this.getASN1Object();
+1934         this.hTLV = o.getEncodedHex();
+1935         return this.hTLV;
+1936     };
+1937 
+1938     this._setRSAKey = function(key) {
+1939         var asn1RsaPub = _newObject({
+1940             'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}]
+1941         });
+1942         var rsaKeyHex = asn1RsaPub.getEncodedHex();
+1943         this.asn1AlgId = new _AlgorithmIdentifier({'name':'rsaEncryption'});
+1944         this.asn1SubjPKey = new _DERBitString({'hex':'00'+rsaKeyHex});
+1945     };
+1946 
+1947     this._setEC = function(key) {
+1948         var asn1Params = new _DERObjectIdentifier({'name': key.curveName});
+1949         this.asn1AlgId =
+1950             new _AlgorithmIdentifier({'name': 'ecPublicKey',
+1951                                       'asn1params': asn1Params});
+1952         this.asn1SubjPKey = new _DERBitString({'hex': '00' + key.pubKeyHex});
+1953     };
+1954 
+1955     this._setDSA = function(key) {
+1956         var asn1Params = new _newObject({
+1957             'seq': [{'int': {'bigint': key.p}},
+1958                     {'int': {'bigint': key.q}},
+1959                     {'int': {'bigint': key.g}}]
+1960         });
+1961         this.asn1AlgId =
+1962             new _AlgorithmIdentifier({'name': 'dsa',
+1963                                       'asn1params': asn1Params});
+1964         var pubInt = new _DERInteger({'bigint': key.y});
+1965         this.asn1SubjPKey = 
+1966 	    new _DERBitString({'hex': '00' + pubInt.getEncodedHex()});
 1967     };
 1968 
-1969     this.type = "utc";
-1970     if (typeof params != "undefined") {
-1971         if (typeof params.type != "undefined") {
-1972             this.type = params.type;
-1973         } else {
-1974             if (typeof params.str != "undefined") {
-1975                 if (params.str.match(/^[0-9]{12}Z$/)) this.type = "utc";
-1976                 if (params.str.match(/^[0-9]{14}Z$/)) this.type = "gen";
-1977             }
-1978         }
-1979         this.timeParams = params;
-1980     }
-1981 };
-1982 YAHOO.lang.extend(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object);
-1983 
-1984 /**
-1985  * AlgorithmIdentifier ASN.1 structure class
-1986  * @name KJUR.asn1.x509.AlgorithmIdentifier
-1987  * @class AlgorithmIdentifier ASN.1 structure class
-1988  * @param {Array} params associative array of parameters (ex. {'name': 'SHA1withRSA'})
-1989  * @extends KJUR.asn1.ASN1Object
-1990  * @description
-1991  * The 'params' argument is an associative array and has following parameters:
-1992  * <ul>
-1993  * <li>name: algorithm name (MANDATORY, ex. sha1, SHA256withRSA)</li>
-1994  * <li>asn1params: explicitly specify ASN.1 object for algorithm.
-1995  * (OPTION)</li>
-1996  * <li>paramempty: set algorithm parameter to NULL by force.
-1997  * If paramempty is false, algorithm parameter will be set automatically.
-1998  * If paramempty is false and algorithm name is "*withDSA" or "withECDSA" parameter field of
-1999  * AlgorithmIdentifier will be ommitted otherwise
-2000  * it will be NULL by default.
-2001  * (OPTION, DEFAULT = false)</li>
-2002  * </ul>
-2003  * @example
-2004  * algId = new KJUR.asn1.x509.AlgorithmIdentifier({name: "sha1"});
-2005  * // set parameter to NULL authomatically if algorithm name is "*withRSA".
-2006  * algId = new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA"});
-2007  * // set parameter to NULL authomatically if algorithm name is "rsaEncryption".
-2008  * algId = new KJUR.asn1.x509.AlgorithmIdentifier({name: "rsaEncryption"});
-2009  * // SHA256withRSA and set parameter empty by force
-2010  * algId = new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA", paramempty: true});
-2011  */
-2012 KJUR.asn1.x509.AlgorithmIdentifier = function(params) {
-2013     KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);
-2014     this.nameAlg = null;
-2015     this.asn1Alg = null;
-2016     this.asn1Params = null;
-2017     this.paramEmpty = false;
-2018 
-2019     this.getEncodedHex = function() {
-2020         if (this.nameAlg === null && this.asn1Alg === null) {
-2021             throw "algorithm not specified";
-2022         }
-2023         if (this.nameAlg !== null && this.asn1Alg === null) {
-2024             this.asn1Alg = KJUR.asn1.x509.OID.name2obj(this.nameAlg);
-2025         }
-2026         var a = [this.asn1Alg];
-2027         if (this.asn1Params !== null) a.push(this.asn1Params);
-2028 
-2029         var o = new KJUR.asn1.DERSequence({'array': a});
-2030         this.hTLV = o.getEncodedHex();
-2031         return this.hTLV;
-2032     };
-2033 
+1969     if (typeof params != "undefined") {
+1970         if (typeof RSAKey != 'undefined' && params instanceof RSAKey) {
+1971             this._setRSAKey(params);
+1972         } else if (typeof _KJUR_crypto_ECDSA != 'undefined' &&
+1973                    params instanceof _KJUR_crypto_ECDSA) {
+1974             this._setEC(params);
+1975         } else if (typeof _KJUR_crypto_DSA != 'undefined' &&
+1976                    params instanceof _KJUR_crypto_DSA) {
+1977             this._setDSA(params);
+1978         } else if (params.rsakey !== undefined) {
+1979             this.setRSAKey(params.rsakey);
+1980         } else if (params.rsapem !== undefined) {
+1981             this.setRSAPEM(params.rsapem);
+1982         }
+1983     }
+1984 };
+1985 YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object);
+1986 
+1987 /**
+1988  * Time ASN.1 structure class
+1989  * @name KJUR.asn1.x509.Time
+1990  * @class Time ASN.1 structure class
+1991  * @param {Array} params associative array of parameters (ex. {'str': '130508235959Z'})
+1992  * @extends KJUR.asn1.ASN1Object
+1993  * @description
+1994  * <br/>
+1995  * <h4>EXAMPLES</h4>
+1996  * @example
+1997  * var t1 = new KJUR.asn1.x509.Time{'str': '130508235959Z'} // UTCTime by default
+1998  * var t2 = new KJUR.asn1.x509.Time{'type': 'gen',  'str': '20130508235959Z'} // GeneralizedTime
+1999  */
+2000 KJUR.asn1.x509.Time = function(params) {
+2001     KJUR.asn1.x509.Time.superclass.constructor.call(this);
+2002     var type = null,
+2003 	timeParams = null,
+2004 	_KJUR = KJUR,
+2005 	_KJUR_asn1 = _KJUR.asn1,
+2006 	_DERUTCTime = _KJUR_asn1.DERUTCTime,
+2007 	_DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime;
+2008 
+2009     this.setTimeParams = function(timeParams) {
+2010         this.timeParams = timeParams;
+2011     }
+2012 
+2013     this.getEncodedHex = function() {
+2014         var o = null;
+2015 
+2016         if (this.timeParams != null) {
+2017             if (this.type == "utc") {
+2018                 o = new _DERUTCTime(this.timeParams);
+2019             } else {
+2020                 o = new _DERGeneralizedTime(this.timeParams);
+2021             }
+2022         } else {
+2023             if (this.type == "utc") {
+2024                 o = new _DERUTCTime();
+2025             } else {
+2026                 o = new _DERGeneralizedTime();
+2027             }
+2028         }
+2029         this.TLV = o.getEncodedHex();
+2030         return this.TLV;
+2031     };
+2032 
+2033     this.type = "utc";
 2034     if (params !== undefined) {
-2035         if (params.name !== undefined) {
-2036             this.nameAlg = params.name;
-2037         }
-2038         if (params.asn1params !== undefined) {
-2039             this.asn1Params = params.asn1params;
-2040         }
-2041         if (params.paramempty !== undefined) {
-2042             this.paramEmpty = params.paramempty;
-2043         }
+2035         if (params.type !== undefined) {
+2036             this.type = params.type;
+2037         } else {
+2038             if (params.str !== undefined) {
+2039                 if (params.str.match(/^[0-9]{12}Z$/)) this.type = "utc";
+2040                 if (params.str.match(/^[0-9]{14}Z$/)) this.type = "gen";
+2041             }
+2042         }
+2043         this.timeParams = params;
 2044     }
-2045 
-2046     // set algorithm parameters will be ommitted for
-2047     // "*withDSA" or "*withECDSA" otherwise will be NULL.
-2048     if (this.asn1Params === null &&
-2049 	this.paramEmpty === false &&
-2050 	this.nameAlg !== null) {
-2051 	var lcNameAlg = this.nameAlg.toLowerCase();
-2052 	if (lcNameAlg.substr(-7, 7) !== "withdsa" &&
-2053 	    lcNameAlg.substr(-9, 9) !== "withecdsa") {
-2054             this.asn1Params = new KJUR.asn1.DERNull();
-2055 	}
-2056     }
-2057 };
-2058 YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object);
-2059 
-2060 /**
-2061  * GeneralName ASN.1 structure class<br/>
-2062  * @name KJUR.asn1.x509.GeneralName
-2063  * @class GeneralName ASN.1 structure class
-2064  * @description
-2065  * <br/>
-2066  * As for argument 'params' for constructor, you can specify one of
-2067  * following properties:
-2068  * <ul>
-2069  * <li>rfc822 - rfc822Name[1] (ex. user1@foo.com)</li>
-2070  * <li>dns - dNSName[2] (ex. foo.com)</li>
-2071  * <li>uri - uniformResourceIdentifier[6] (ex. http://foo.com/)</li>
-2072  * <li>dn - directoryName[4] (ex. /C=US/O=Test)</li>
-2073  * <li>ldapdn - directoryName[4] (ex. O=Test,C=US)</li>
-2074  * <li>certissuer - directoryName[4] (PEM or hex string of cert)</li>
-2075  * <li>certsubj - directoryName[4] (PEM or hex string of cert)</li>
-2076  * </ul>
-2077  * NOTE1: certissuer and certsubj were supported since asn1x509 1.0.10.<br/>
-2078  * NOTE2: dn and ldapdn were supported since jsrsasign 6.2.3 asn1x509 1.0.19.<br/>
-2079  *
-2080  * Here is definition of the ASN.1 syntax:
-2081  * <pre>
-2082  * -- NOTE: under the CHOICE, it will always be explicit.
-2083  * GeneralName ::= CHOICE {
-2084  *   otherName                  [0] OtherName,
-2085  *   rfc822Name                 [1] IA5String,
-2086  *   dNSName                    [2] IA5String,
-2087  *   x400Address                [3] ORAddress,
-2088  *   directoryName              [4] Name,
-2089  *   ediPartyName               [5] EDIPartyName,
-2090  *   uniformResourceIdentifier  [6] IA5String,
-2091  *   iPAddress                  [7] OCTET STRING,
-2092  *   registeredID               [8] OBJECT IDENTIFIER }
-2093  * </pre>
-2094  *
-2095  * @example
-2096  * gn = new KJUR.asn1.x509.GeneralName({rfc822:     'test@aaa.com'});
-2097  * gn = new KJUR.asn1.x509.GeneralName({dns:        'aaa.com'});
-2098  * gn = new KJUR.asn1.x509.GeneralName({uri:        'http://aaa.com/'});
-2099  * gn = new KJUR.asn1.x509.GeneralName({dn:         '/C=US/O=Test'});
-2100  * gn = new KJUR.asn1.x509.GeneralName({ldapdn:     'O=Test,C=US'});
-2101  * gn = new KJUR.asn1.x509.GeneralName({certissuer: certPEM});
-2102  * gn = new KJUR.asn1.x509.GeneralName({certsubj:   certPEM});
-2103  */
-2104 KJUR.asn1.x509.GeneralName = function(params) {
-2105     KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);
-2106     var asn1Obj = null;
-2107     var type = null;
-2108     var pTag = {rfc822: '81', dns: '82', dn: 'a4',  uri: '86'};
-2109     this.explicit = false;
-2110 
-2111     this.setByParam = function(params) {
-2112         var str = null;
-2113         var v = null;
-2114 
-2115 	if (params === undefined) return;
-2116 
-2117         if (params.rfc822 !== undefined) {
-2118             this.type = 'rfc822';
-2119             v = new KJUR.asn1.DERIA5String({str: params[this.type]});
-2120         }
-2121 
-2122         if (params.dns !== undefined) {
-2123             this.type = 'dns';
-2124             v = new KJUR.asn1.DERIA5String({str: params[this.type]});
-2125         }
-2126 
-2127         if (params.uri !== undefined) {
-2128             this.type = 'uri';
-2129             v = new KJUR.asn1.DERIA5String({str: params[this.type]});
-2130         }
-2131 
-2132         if (params.dn !== undefined) {
-2133 	    this.type = 'dn';
-2134 	    v = new KJUR.asn1.x509.X500Name({str: params.dn});
-2135 	}
-2136 
-2137         if (params.ldapdn !== undefined) {
-2138 	    this.type = 'dn';
-2139 	    v = new KJUR.asn1.x509.X500Name({ldapstr: params.ldapdn});
-2140 	}
-2141 
-2142 	if (params.certissuer !== undefined) {
-2143 	    this.type = 'dn';
-2144 	    this.explicit = true;
-2145 	    var certStr = params.certissuer;
-2146 	    var certHex = null;
-2147 
-2148 	    if (certStr.match(/^[0-9A-Fa-f]+$/)) {
-2149 		certHex == certStr;
-2150             }
-2151 
-2152 	    if (certStr.indexOf("-----BEGIN ") != -1) {
-2153 		certHex = ASN1HEX.pemToHex(certStr);
-2154 	    }
-2155 
-2156 	    if (certHex == null) throw "certissuer param not cert";
-2157 	    var x = new X509();
-2158 	    x.hex = certHex;
-2159 	    var dnHex = x.getIssuerHex();
-2160 	    v = new KJUR.asn1.ASN1Object();
-2161 	    v.hTLV = dnHex;
-2162 	}
-2163 
-2164 	if (params.certsubj !== undefined) {
-2165 	    this.type = 'dn';
-2166 	    this.explicit = true;
-2167 	    var certStr = params.certsubj;
-2168 	    var certHex = null;
-2169 	    if (certStr.match(/^[0-9A-Fa-f]+$/)) {
-2170 		certHex == certStr;
-2171             }
-2172 	    if (certStr.indexOf("-----BEGIN ") != -1) {
-2173 		certHex = ASN1HEX.pemToHex(certStr);
-2174 	    }
-2175 	    if (certHex == null) throw "certsubj param not cert";
-2176 	    var x = new X509();
-2177 	    x.hex = certHex;
-2178 	    var dnHex = x.getSubjectHex();
-2179 	    v = new KJUR.asn1.ASN1Object();
-2180 	    v.hTLV = dnHex;
-2181 	}
-2182 
-2183         if (this.type == null)
-2184             throw "unsupported type in params=" + params;
-2185         this.asn1Obj = new KJUR.asn1.DERTaggedObject({'explicit': this.explicit,
-2186                                                       'tag': pTag[this.type],
-2187                                                       'obj': v});
-2188     };
-2189 
-2190     this.getEncodedHex = function() {
-2191         return this.asn1Obj.getEncodedHex();
-2192     }
-2193 
-2194     if (params !== undefined) {
-2195         this.setByParam(params);
-2196     }
-2197 
-2198 };
-2199 YAHOO.lang.extend(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object);
+2045 };
+2046 YAHOO.lang.extend(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object);
+2047 
+2048 /**
+2049  * AlgorithmIdentifier ASN.1 structure class
+2050  * @name KJUR.asn1.x509.AlgorithmIdentifier
+2051  * @class AlgorithmIdentifier ASN.1 structure class
+2052  * @param {Array} params associative array of parameters (ex. {'name': 'SHA1withRSA'})
+2053  * @extends KJUR.asn1.ASN1Object
+2054  * @description
+2055  * The 'params' argument is an associative array and has following parameters:
+2056  * <ul>
+2057  * <li>name: algorithm name (MANDATORY, ex. sha1, SHA256withRSA)</li>
+2058  * <li>asn1params: explicitly specify ASN.1 object for algorithm.
+2059  * (OPTION)</li>
+2060  * <li>paramempty: set algorithm parameter to NULL by force.
+2061  * If paramempty is false, algorithm parameter will be set automatically.
+2062  * If paramempty is false and algorithm name is "*withDSA" or "withECDSA" parameter field of
+2063  * AlgorithmIdentifier will be ommitted otherwise
+2064  * it will be NULL by default.
+2065  * (OPTION, DEFAULT = false)</li>
+2066  * </ul>
+2067  * @example
+2068  * algId = new KJUR.asn1.x509.AlgorithmIdentifier({name: "sha1"});
+2069  * // set parameter to NULL authomatically if algorithm name is "*withRSA".
+2070  * algId = new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA"});
+2071  * // set parameter to NULL authomatically if algorithm name is "rsaEncryption".
+2072  * algId = new KJUR.asn1.x509.AlgorithmIdentifier({name: "rsaEncryption"});
+2073  * // SHA256withRSA and set parameter empty by force
+2074  * algId = new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA", paramempty: true});
+2075  */
+2076 KJUR.asn1.x509.AlgorithmIdentifier = function(params) {
+2077     KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);
+2078     this.nameAlg = null;
+2079     this.asn1Alg = null;
+2080     this.asn1Params = null;
+2081     this.paramEmpty = false;
+2082     var _KJUR = KJUR,
+2083 	_KJUR_asn1 = _KJUR.asn1;
+2084 
+2085     this.getEncodedHex = function() {
+2086         if (this.nameAlg === null && this.asn1Alg === null) {
+2087             throw "algorithm not specified";
+2088         }
+2089         if (this.nameAlg !== null && this.asn1Alg === null) {
+2090             this.asn1Alg = _KJUR_asn1.x509.OID.name2obj(this.nameAlg);
+2091         }
+2092         var a = [this.asn1Alg];
+2093         if (this.asn1Params !== null) a.push(this.asn1Params);
+2094 
+2095         var o = new _KJUR_asn1.DERSequence({'array': a});
+2096         this.hTLV = o.getEncodedHex();
+2097         return this.hTLV;
+2098     };
+2099 
+2100     if (params !== undefined) {
+2101         if (params.name !== undefined) {
+2102             this.nameAlg = params.name;
+2103         }
+2104         if (params.asn1params !== undefined) {
+2105             this.asn1Params = params.asn1params;
+2106         }
+2107         if (params.paramempty !== undefined) {
+2108             this.paramEmpty = params.paramempty;
+2109         }
+2110     }
+2111 
+2112     // set algorithm parameters will be ommitted for
+2113     // "*withDSA" or "*withECDSA" otherwise will be NULL.
+2114     if (this.asn1Params === null &&
+2115 	this.paramEmpty === false &&
+2116 	this.nameAlg !== null) {
+2117 	var lcNameAlg = this.nameAlg.toLowerCase();
+2118 	if (lcNameAlg.substr(-7, 7) !== "withdsa" &&
+2119 	    lcNameAlg.substr(-9, 9) !== "withecdsa") {
+2120             this.asn1Params = new _KJUR_asn1.DERNull();
+2121 	}
+2122     }
+2123 };
+2124 YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object);
+2125 
+2126 /**
+2127  * GeneralName ASN.1 structure class<br/>
+2128  * @name KJUR.asn1.x509.GeneralName
+2129  * @class GeneralName ASN.1 structure class
+2130  * @description
+2131  * <br/>
+2132  * As for argument 'params' for constructor, you can specify one of
+2133  * following properties:
+2134  * <ul>
+2135  * <li>rfc822 - rfc822Name[1] (ex. user1@foo.com)</li>
+2136  * <li>dns - dNSName[2] (ex. foo.com)</li>
+2137  * <li>uri - uniformResourceIdentifier[6] (ex. http://foo.com/)</li>
+2138  * <li>dn - directoryName[4] (ex. /C=US/O=Test)</li>
+2139  * <li>ldapdn - directoryName[4] (ex. O=Test,C=US)</li>
+2140  * <li>certissuer - directoryName[4] (PEM or hex string of cert)</li>
+2141  * <li>certsubj - directoryName[4] (PEM or hex string of cert)</li>
+2142  * </ul>
+2143  * NOTE1: certissuer and certsubj were supported since asn1x509 1.0.10.<br/>
+2144  * NOTE2: dn and ldapdn were supported since jsrsasign 6.2.3 asn1x509 1.0.19.<br/>
+2145  *
+2146  * Here is definition of the ASN.1 syntax:
+2147  * <pre>
+2148  * -- NOTE: under the CHOICE, it will always be explicit.
+2149  * GeneralName ::= CHOICE {
+2150  *   otherName                  [0] OtherName,
+2151  *   rfc822Name                 [1] IA5String,
+2152  *   dNSName                    [2] IA5String,
+2153  *   x400Address                [3] ORAddress,
+2154  *   directoryName              [4] Name,
+2155  *   ediPartyName               [5] EDIPartyName,
+2156  *   uniformResourceIdentifier  [6] IA5String,
+2157  *   iPAddress                  [7] OCTET STRING,
+2158  *   registeredID               [8] OBJECT IDENTIFIER }
+2159  * </pre>
+2160  *
+2161  * @example
+2162  * gn = new KJUR.asn1.x509.GeneralName({rfc822:     'test@aaa.com'});
+2163  * gn = new KJUR.asn1.x509.GeneralName({dns:        'aaa.com'});
+2164  * gn = new KJUR.asn1.x509.GeneralName({uri:        'http://aaa.com/'});
+2165  * gn = new KJUR.asn1.x509.GeneralName({dn:         '/C=US/O=Test'});
+2166  * gn = new KJUR.asn1.x509.GeneralName({ldapdn:     'O=Test,C=US'});
+2167  * gn = new KJUR.asn1.x509.GeneralName({certissuer: certPEM});
+2168  * gn = new KJUR.asn1.x509.GeneralName({certsubj:   certPEM});
+2169  */
+2170 KJUR.asn1.x509.GeneralName = function(params) {
+2171     KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);
+2172     var asn1Obj = null,
+2173 	type = null,
+2174 	pTag = {rfc822: '81', dns: '82', dn: 'a4',  uri: '86'},
+2175 	_KJUR = KJUR,
+2176 	_KJUR_asn1 = _KJUR.asn1,
+2177 	_DERIA5String = _KJUR_asn1.DERIA5String,
+2178 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
+2179 	_ASN1Object = _KJUR_asn1.ASN1Object,
+2180 	_X500Name = _KJUR_asn1.x509.X500Name,
+2181 	_pemtohex = pemtohex;
+2182 	
+2183     this.explicit = false;
+2184 
+2185     this.setByParam = function(params) {
+2186         var str = null;
+2187         var v = null;
+2188 
+2189 	if (params === undefined) return;
+2190 
+2191         if (params.rfc822 !== undefined) {
+2192             this.type = 'rfc822';
+2193             v = new _DERIA5String({str: params[this.type]});
+2194         }
+2195 
+2196         if (params.dns !== undefined) {
+2197             this.type = 'dns';
+2198             v = new _DERIA5String({str: params[this.type]});
+2199         }
 2200 
-2201 /**
-2202  * GeneralNames ASN.1 structure class<br/>
-2203  * @name KJUR.asn1.x509.GeneralNames
-2204  * @class GeneralNames ASN.1 structure class
-2205  * @description
-2206  * <br/>
-2207  * <h4>EXAMPLE AND ASN.1 SYNTAX</h4>
-2208  * @example
-2209  * gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]);
-2210  *
-2211  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-2212  */
-2213 KJUR.asn1.x509.GeneralNames = function(paramsArray) {
-2214     KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);
-2215     var asn1Array = null;
-2216 
-2217     /**
-2218      * set a array of {@link KJUR.asn1.x509.GeneralName} parameters<br/>
-2219      * @name setByParamArray
-2220      * @memberOf KJUR.asn1.x509.GeneralNames#
-2221      * @function
-2222      * @param {Array} paramsArray Array of {@link KJUR.asn1.x509.GeneralNames}
-2223      * @description
-2224      * <br/>
-2225      * <h4>EXAMPLES</h4>
-2226      * @example
-2227      * gns = new KJUR.asn1.x509.GeneralNames();
-2228      * gns.setByParamArray([{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]);
-2229      */
-2230     this.setByParamArray = function(paramsArray) {
-2231         for (var i = 0; i < paramsArray.length; i++) {
-2232             var o = new KJUR.asn1.x509.GeneralName(paramsArray[i]);
-2233             this.asn1Array.push(o);
-2234         }
-2235     };
-2236 
-2237     this.getEncodedHex = function() {
-2238         var o = new KJUR.asn1.DERSequence({'array': this.asn1Array});
-2239         return o.getEncodedHex();
-2240     };
-2241 
-2242     this.asn1Array = new Array();
-2243     if (typeof paramsArray != "undefined") {
-2244         this.setByParamArray(paramsArray);
-2245     }
-2246 };
-2247 YAHOO.lang.extend(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object);
-2248 
-2249 /**
-2250  * DistributionPointName ASN.1 structure class<br/>
-2251  * @name KJUR.asn1.x509.DistributionPointName
-2252  * @class DistributionPointName ASN.1 structure class
-2253  * @description
-2254  * <pre>
-2255  * DistributionPoint ::= SEQUENCE {
-2256  *      distributionPoint       [0]     DistributionPointName OPTIONAL,
-2257  *      reasons                 [1]     ReasonFlags OPTIONAL,
-2258  *      cRLIssuer               [2]     GeneralNames OPTIONAL }
-2259  *
-2260  * DistributionPointName ::= CHOICE {
-2261  *      fullName                [0]     GeneralNames,
-2262  *      nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
-2263  * 
-2264  * ReasonFlags ::= BIT STRING {
-2265  *      unused                  (0),
-2266  *      keyCompromise           (1),
-2267  *      cACompromise            (2),
-2268  *      affiliationChanged      (3),
-2269  *      superseded              (4),
-2270  *      cessationOfOperation    (5),
-2271  *      certificateHold         (6),
-2272  *      privilegeWithdrawn      (7),
-2273  *      aACompromise            (8) }
-2274  * </pre>
-2275  * @example
-2276  */
-2277 KJUR.asn1.x509.DistributionPointName = function(gnOrRdn) {
-2278     KJUR.asn1.x509.DistributionPointName.superclass.constructor.call(this);
-2279     var asn1Obj = null;
-2280     var type = null;
-2281     var tag = null;
-2282     var asn1V = null;
-2283 
-2284     this.getEncodedHex = function() {
-2285         if (this.type != "full")
-2286             throw "currently type shall be 'full': " + this.type;
-2287         this.asn1Obj = new KJUR.asn1.DERTaggedObject({'explicit': false,
-2288                                                       'tag': this.tag,
-2289                                                       'obj': this.asn1V});
-2290         this.hTLV = this.asn1Obj.getEncodedHex();
-2291         return this.hTLV;
-2292     };
-2293 
-2294     if (typeof gnOrRdn != "undefined") {
-2295         if (KJUR.asn1.x509.GeneralNames.prototype.isPrototypeOf(gnOrRdn)) {
-2296             this.type = "full";
-2297             this.tag = "a0";
-2298             this.asn1V = gnOrRdn;
-2299         } else {
-2300             throw "This class supports GeneralNames only as argument";
-2301         }
-2302     }
-2303 };
-2304 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPointName, KJUR.asn1.ASN1Object);
-2305 
-2306 /**
-2307  * DistributionPoint ASN.1 structure class<br/>
-2308  * @name KJUR.asn1.x509.DistributionPoint
-2309  * @class DistributionPoint ASN.1 structure class
-2310  * @description
-2311  * <pre>
-2312  * DistributionPoint ::= SEQUENCE {
-2313  *      distributionPoint       [0]     DistributionPointName OPTIONAL,
-2314  *      reasons                 [1]     ReasonFlags OPTIONAL,
-2315  *      cRLIssuer               [2]     GeneralNames OPTIONAL }
-2316  *
-2317  * DistributionPointName ::= CHOICE {
-2318  *      fullName                [0]     GeneralNames,
-2319  *      nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
-2320  * 
-2321  * ReasonFlags ::= BIT STRING {
-2322  *      unused                  (0),
-2323  *      keyCompromise           (1),
-2324  *      cACompromise            (2),
-2325  *      affiliationChanged      (3),
-2326  *      superseded              (4),
-2327  *      cessationOfOperation    (5),
-2328  *      certificateHold         (6),
-2329  *      privilegeWithdrawn      (7),
-2330  *      aACompromise            (8) }
-2331  * </pre>
-2332  * @example
-2333  */
-2334 KJUR.asn1.x509.DistributionPoint = function(params) {
-2335     KJUR.asn1.x509.DistributionPoint.superclass.constructor.call(this);
-2336     var asn1DP = null;
-2337 
-2338     this.getEncodedHex = function() {
-2339         var seq = new KJUR.asn1.DERSequence();
-2340         if (this.asn1DP != null) {
-2341             var o1 = new KJUR.asn1.DERTaggedObject({'explicit': true,
-2342                                                     'tag': 'a0',
-2343                                                     'obj': this.asn1DP});
-2344             seq.appendASN1Object(o1);
-2345         }
-2346         this.hTLV = seq.getEncodedHex();
-2347         return this.hTLV;
-2348     };
-2349 
-2350     if (typeof params != "undefined") {
-2351         if (typeof params['dpobj'] != "undefined") {
-2352             this.asn1DP = params['dpobj'];
-2353         }
-2354     }
-2355 };
-2356 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPoint, KJUR.asn1.ASN1Object);
-2357 
-2358 /**
-2359  * static object for OID
-2360  * @name KJUR.asn1.x509.OID
-2361  * @class static object for OID
-2362  * @property {Assoc Array} atype2oidList for short attribute type name and oid (ex. 'C' and '2.5.4.6')
-2363  * @property {Assoc Array} name2oidList for oid name and oid (ex. 'keyUsage' and '2.5.29.15')
-2364  * @property {Assoc Array} objCache for caching name and DERObjectIdentifier object
-2365  * @description
-2366  * This class defines OID name and values.
-2367  * AttributeType names registered in OID.atype2oidList are following:
-2368  * <table style="border-width: thin; border-style: solid; witdh: 100%">
-2369  * <tr><th>short</th><th>long</th><th>OID</th></tr>
-2370  * <tr><td>CN</td>commonName<td></td><td>2.5.4.3</td></tr>
-2371  * <tr><td>L</td><td>localityName</td><td>2.5.4.7</td></tr>
-2372  * <tr><td>ST</td><td>stateOrProvinceName</td><td>2.5.4.8</td></tr>
-2373  * <tr><td>O</td><td>organizationName</td><td>2.5.4.10</td></tr>
-2374  * <tr><td>OU</td><td>organizationalUnitName</td><td>2.5.4.11</td></tr>
-2375  * <tr><td>C</td><td></td>countryName<td>2.5.4.6</td></tr>
-2376  * <tr><td>STREET</td>streetAddress<td></td><td>2.5.4.6</td></tr>
-2377  * <tr><td>DC</td><td>domainComponent</td><td>0.9.2342.19200300.100.1.25</td></tr>
-2378  * <tr><td>UID</td><td>userId</td><td>0.9.2342.19200300.100.1.1</td></tr>
-2379  * <tr><td>SN</td><td>surname</td><td>2.5.4.4</td></tr>
-2380  * <tr><td>DN</td><td>distinguishedName</td><td>2.5.4.49</td></tr>
-2381  * <tr><td>E</td><td>emailAddress</td><td>1.2.840.113549.1.9.1</td></tr>
-2382  * <tr><td></td><td>businessCategory</td><td>2.5.4.15</td></tr>
-2383  * <tr><td></td><td>postalCode</td><td>2.5.4.17</td></tr>
-2384  * <tr><td></td><td>jurisdictionOfIncorporationL</td><td>1.3.6.1.4.1.311.60.2.1.1</td></tr>
-2385  * <tr><td></td><td>jurisdictionOfIncorporationSP</td><td>1.3.6.1.4.1.311.60.2.1.2</td></tr>
-2386  * <tr><td></td><td>jurisdictionOfIncorporationC</td><td>1.3.6.1.4.1.311.60.2.1.3</td></tr>
-2387  * </table>
-2388  *
-2389  * @example
-2390  */
-2391 KJUR.asn1.x509.OID = new function(params) {
-2392     this.atype2oidList = {
-2393 	// RFC 4514 AttributeType name string (MUST recognized)
-2394         'CN':		'2.5.4.3',
-2395         'L':		'2.5.4.7',
-2396         'ST':		'2.5.4.8',
-2397         'O':		'2.5.4.10',
-2398         'OU':		'2.5.4.11',
-2399         'C':		'2.5.4.6',
-2400         'STREET':	'2.5.4.9',
-2401         'DC':		'0.9.2342.19200300.100.1.25',
-2402         'UID':		'0.9.2342.19200300.100.1.1',
-2403 	// other AttributeType name string
-2404 	// http://blog.livedoor.jp/k_urushima/archives/656114.html
-2405         'SN':		'2.5.4.4', // surname
-2406         'DN':		'2.5.4.49', // distinguishedName
-2407         'E':		'1.2.840.113549.1.9.1', // emailAddress in MS.NET or Bouncy
-2408 	// other AttributeType name string (no short name)
-2409 	'businessCategory':		'2.5.4.15',
-2410 	'postalCode':			'2.5.4.17',
-2411 	'serialNumber':			'2.5.4.5',
-2412 	'jurisdictionOfIncorporationL':	'1.3.6.1.4.1.311.60.2.1.1',
-2413 	'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2',
-2414 	'jurisdictionOfIncorporationC':	'1.3.6.1.4.1.311.60.2.1.3'
-2415     };
-2416     this.name2oidList = {
-2417         'sha1':                 '1.3.14.3.2.26',
-2418         'sha256':               '2.16.840.1.101.3.4.2.1',
-2419         'sha384':               '2.16.840.1.101.3.4.2.2',
-2420         'sha512':               '2.16.840.1.101.3.4.2.3',
-2421         'sha224':               '2.16.840.1.101.3.4.2.4',
-2422         'md5':                  '1.2.840.113549.2.5',
-2423         'md2':                  '1.3.14.7.2.2.1',
-2424         'ripemd160':            '1.3.36.3.2.1',
-2425 
-2426         'MD2withRSA':           '1.2.840.113549.1.1.2',
-2427         'MD4withRSA':           '1.2.840.113549.1.1.3',
-2428         'MD5withRSA':           '1.2.840.113549.1.1.4',
-2429         'SHA1withRSA':          '1.2.840.113549.1.1.5',
-2430         'SHA224withRSA':        '1.2.840.113549.1.1.14',
-2431         'SHA256withRSA':        '1.2.840.113549.1.1.11',
-2432         'SHA384withRSA':        '1.2.840.113549.1.1.12',
-2433         'SHA512withRSA':        '1.2.840.113549.1.1.13',
-2434 
-2435         'SHA1withECDSA':        '1.2.840.10045.4.1',
-2436         'SHA224withECDSA':      '1.2.840.10045.4.3.1',
-2437         'SHA256withECDSA':      '1.2.840.10045.4.3.2',
-2438         'SHA384withECDSA':      '1.2.840.10045.4.3.3',
-2439         'SHA512withECDSA':      '1.2.840.10045.4.3.4',
-2440 
-2441         'dsa':                  '1.2.840.10040.4.1',
-2442         'SHA1withDSA':          '1.2.840.10040.4.3',
-2443         'SHA224withDSA':        '2.16.840.1.101.3.4.3.1',
-2444         'SHA256withDSA':        '2.16.840.1.101.3.4.3.2',
-2445 
-2446         'rsaEncryption':        '1.2.840.113549.1.1.1',
-2447 
-2448 	// X.500 AttributeType defined in RFC 4514
-2449         'commonName':			'2.5.4.3',
-2450         'localityName':			'2.5.4.7',
-2451         'stateOrProvinceName':		'2.5.4.8',
-2452         'organizationName':		'2.5.4.10',
-2453         'organizationalUnitName':	'2.5.4.11',
-2454         'countryName':			'2.5.4.6',
-2455         'streetAddress':		'2.5.4.9',
-2456         'domainComponent':		'0.9.2342.19200300.100.1.25',
-2457         'userId':			'0.9.2342.19200300.100.1.1',
-2458 	// other AttributeType name string
-2459 	'surname':			'2.5.4.4',
-2460 	'distinguishedName':		'2.5.4.49',
-2461 	'emailAddress':			'1.2.840.113549.1.9.1',
-2462 	// other AttributeType name string (no short name)
-2463 	'businessCategory':		'2.5.4.15',
-2464 	'postalCode':			'2.5.4.17',
-2465 	'jurisdictionOfIncorporationL':	'1.3.6.1.4.1.311.60.2.1.1',
-2466 	'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2',
-2467 	'jurisdictionOfIncorporationC':	'1.3.6.1.4.1.311.60.2.1.3',
-2468 
-2469         'subjectKeyIdentifier': '2.5.29.14',
-2470         'keyUsage':             '2.5.29.15',
-2471         'subjectAltName':       '2.5.29.17',
-2472         'issuerAltName':        '2.5.29.18',
-2473         'basicConstraints':     '2.5.29.19',
-2474         'nameConstraints':      '2.5.29.30',
-2475         'cRLDistributionPoints':'2.5.29.31',
-2476         'certificatePolicies':  '2.5.29.32',
-2477         'authorityKeyIdentifier':'2.5.29.35',
-2478         'policyConstraints':    '2.5.29.36',
-2479         'extKeyUsage':          '2.5.29.37',
-2480         'authorityInfoAccess':  '1.3.6.1.5.5.7.1.1',
-2481         'ocsp':                 '1.3.6.1.5.5.7.48.1',
-2482         'caIssuers':            '1.3.6.1.5.5.7.48.2',
-2483 
-2484         'anyExtendedKeyUsage':  '2.5.29.37.0',
-2485         'serverAuth':           '1.3.6.1.5.5.7.3.1',
-2486         'clientAuth':           '1.3.6.1.5.5.7.3.2',
-2487         'codeSigning':          '1.3.6.1.5.5.7.3.3',
-2488         'emailProtection':      '1.3.6.1.5.5.7.3.4',
-2489         'timeStamping':         '1.3.6.1.5.5.7.3.8',
-2490         'ocspSigning':          '1.3.6.1.5.5.7.3.9',
-2491 
-2492         'ecPublicKey':          '1.2.840.10045.2.1',
-2493         'secp256r1':            '1.2.840.10045.3.1.7',
-2494         'secp256k1':            '1.3.132.0.10',
-2495         'secp384r1':            '1.3.132.0.34',
-2496 
-2497         'pkcs5PBES2':           '1.2.840.113549.1.5.13',
-2498         'pkcs5PBKDF2':          '1.2.840.113549.1.5.12',
-2499 
-2500         'des-EDE3-CBC':         '1.2.840.113549.3.7',
-2501 
-2502         'data':                 '1.2.840.113549.1.7.1', // CMS data
-2503         'signed-data':          '1.2.840.113549.1.7.2', // CMS signed-data
-2504         'enveloped-data':       '1.2.840.113549.1.7.3', // CMS enveloped-data
-2505         'digested-data':        '1.2.840.113549.1.7.5', // CMS digested-data
-2506         'encrypted-data':       '1.2.840.113549.1.7.6', // CMS encrypted-data
-2507         'authenticated-data':   '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data
-2508         'tstinfo':              '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo
-2509         'extensionRequest':     '1.2.840.113549.1.9.14',// CSR extensionRequest
-2510     };
-2511 
-2512     this.objCache = {};
-2513 
-2514     /**
-2515      * get DERObjectIdentifier by registered OID name
-2516      * @name name2obj
-2517      * @memberOf KJUR.asn1.x509.OID
-2518      * @function
-2519      * @param {String} name OID
-2520      * @description
-2521      * @example
-2522      * var asn1ObjOID = OID.name2obj('SHA1withRSA');
-2523      */
-2524     this.name2obj = function(name) {
-2525         if (typeof this.objCache[name] != "undefined")
-2526             return this.objCache[name];
-2527         if (typeof this.name2oidList[name] == "undefined")
-2528             throw "Name of ObjectIdentifier not defined: " + name;
-2529         var oid = this.name2oidList[name];
-2530         var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
-2531         this.objCache[name] = obj;
-2532         return obj;
-2533     };
-2534 
-2535     /**
-2536      * get DERObjectIdentifier by registered attribute type name such like 'C' or 'CN'<br/>
-2537      * @name atype2obj
-2538      * @memberOf KJUR.asn1.x509.OID
-2539      * @function
-2540      * @param {String} atype short attribute type name such like 'C' or 'CN'
-2541      * @description
-2542      * @example
-2543      * KJUR.asn1.x509.OID.atype2obj('CN') → 2.5.4.3
-2544      * KJUR.asn1.x509.OID.atype2obj('OU') → 2.5.4.11
-2545      */
-2546     this.atype2obj = function(atype) {
-2547         if (typeof this.objCache[atype] != "undefined")
-2548             return this.objCache[atype];
-2549         if (typeof this.atype2oidList[atype] == "undefined")
-2550             throw "AttributeType name undefined: " + atype;
-2551         var oid = this.atype2oidList[atype];
-2552         var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
-2553         this.objCache[atype] = obj;
-2554         return obj;
-2555     };
-2556 };
-2557 
-2558 /**
-2559  * convert OID to name<br/>
-2560  * @name oid2name
-2561  * @memberOf KJUR.asn1.x509.OID
-2562  * @function
-2563  * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4)
-2564  * @return {String} OID name if registered otherwise empty string
-2565  * @since asn1x509 1.0.9
-2566  * @description
-2567  * This static method converts OID string to its name.
-2568  * If OID is undefined then it returns empty string (i.e. '').
-2569  * @example
-2570  * KJUR.asn1.x509.OID.oid2name("1.3.6.1.5.5.7.1.1") → 'authorityInfoAccess'
-2571  */
-2572 KJUR.asn1.x509.OID.oid2name = function(oid) {
-2573     var list = KJUR.asn1.x509.OID.name2oidList;
-2574     for (var name in list) {
-2575         if (list[name] == oid) return name;
-2576     }
-2577     return '';
-2578 };
-2579 
-2580 /**
-2581  * convert OID to AttributeType name<br/>
-2582  * @name oid2atype
-2583  * @memberOf KJUR.asn1.x509.OID
-2584  * @function
-2585  * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4)
-2586  * @return {String} OID AttributeType name if registered otherwise oid
-2587  * @since jsrsasign 6.2.2 asn1x509 1.0.18
-2588  * @description
-2589  * This static method converts OID string to its AttributeType name.
-2590  * If OID is not defined in OID.atype2oidList associative array then it returns OID
-2591  * specified as argument.
-2592  * @example
-2593  * KJUR.asn1.x509.OID.oid2atype("2.5.4.3") → CN
-2594  * KJUR.asn1.x509.OID.oid2atype("1.3.6.1.4.1.311.60.2.1.3") → jurisdictionOfIncorporationC
-2595  * KJUR.asn1.x509.OID.oid2atype("0.1.2.3.4") → 0.1.2.3.4 // unregistered OID
-2596  */
-2597 KJUR.asn1.x509.OID.oid2atype = function(oid) {
-2598     var list = KJUR.asn1.x509.OID.atype2oidList;
-2599     for (var atype in list) {
-2600         if (list[atype] == oid) return atype;
-2601     }
-2602     return oid;
-2603 };
-2604 
-2605 /**
-2606  * convert OID name to OID value<br/>
-2607  * @name name2oid
-2608  * @memberOf KJUR.asn1.x509.OID
-2609  * @function
-2610  * @param {String} OID name
-2611  * @return {String} dot noted Object Identifer string (ex. 1.2.3.4)
-2612  * @since asn1x509 1.0.11
-2613  * @description
-2614  * This static method converts from OID name to OID string.
-2615  * If OID is undefined then it returns empty string (i.e. '').
-2616  * @example
-2617  * KJUR.asn1.x509.OID.name2oid("authorityInfoAccess") → 1.3.6.1.5.5.7.1.1
-2618  */
-2619 KJUR.asn1.x509.OID.name2oid = function(name) {
-2620     var list = KJUR.asn1.x509.OID.name2oidList;
-2621     if (list[name] === undefined) return '';
-2622     return list[name];
-2623 };
-2624 
-2625 /**
-2626  * X.509 certificate and CRL utilities class
-2627  * @name KJUR.asn1.x509.X509Util
-2628  * @class X.509 certificate and CRL utilities class
-2629  */
-2630 KJUR.asn1.x509.X509Util = new function() {
-2631     /**
-2632      * get PKCS#8 PEM public key string from RSAKey object
-2633      * @name getPKCS8PubKeyPEMfromRSAKey
-2634      * @memberOf KJUR.asn1.x509.X509Util
-2635      * @function
-2636      * @param {RSAKey} rsaKey RSA public key of {@link RSAKey} object
-2637      * @description
-2638      * @example
-2639      * var pem = KJUR.asn1.x509.X509Util.getPKCS8PubKeyPEMfromRSAKey(pubKey);
-2640      */
-2641     this.getPKCS8PubKeyPEMfromRSAKey = function(rsaKey) {
-2642         var pem = null;
-2643         var hN = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(rsaKey.n);
-2644         var hE = KJUR.asn1.ASN1Util.integerToByteHex(rsaKey.e);
-2645         var iN = new KJUR.asn1.DERInteger({hex: hN});
-2646         var iE = new KJUR.asn1.DERInteger({hex: hE});
-2647         var asn1PubKey = new KJUR.asn1.DERSequence({array: [iN, iE]});
-2648         var hPubKey = asn1PubKey.getEncodedHex();
-2649         var o1 = new KJUR.asn1.x509.AlgorithmIdentifier({name: 'rsaEncryption'});
-2650         var o2 = new KJUR.asn1.DERBitString({hex: '00' + hPubKey});
-2651         var seq = new KJUR.asn1.DERSequence({array: [o1, o2]});
-2652         var hP8 = seq.getEncodedHex();
-2653         var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(hP8, "PUBLIC KEY");
-2654         return pem;
-2655     };
-2656 };
-2657 /**
-2658  * issue a certificate in PEM format
-2659  * @name newCertPEM
-2660  * @memberOf KJUR.asn1.x509.X509Util
-2661  * @function
-2662  * @param {Array} param parameter to issue a certificate
-2663  * @since asn1x509 1.0.6
-2664  * @description
-2665  * This method can issue a certificate by a simple
-2666  * JSON object.
-2667  * Signature value will be provided by signing with
-2668  * private key using 'cakey' parameter or
-2669  * hexa decimal signature value by 'sighex' parameter.
-2670  * <br/>
-2671  * NOTE: Algorithm parameter of AlgorithmIdentifier will
-2672  * be set automatically by default. (see {@link KJUR.asn1.x509.AlgorithmIdentifier})
-2673  * from jsrsasign 7.1.1 asn1x509 1.0.20.
-2674  *
-2675  * @example
-2676  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
-2677  *   serial: {int: 4},
-2678  *   sigalg: {name: 'SHA1withECDSA'},
-2679  *   issuer: {str: '/C=US/O=a'},
-2680  *   notbefore: {'str': '130504235959Z'},
-2681  *   notafter: {'str': '140504235959Z'},
-2682  *   subject: {str: '/C=US/O=b'},
-2683  *   sbjpubkey: pubKeyObj,
-2684  *   ext: [
-2685  *     {basicConstraints: {cA: true, critical: true}},
-2686  *     {keyUsage: {bin: '11'}},
-2687  *   ],
-2688  *   cakey: prvKeyObj
-2689  * });
-2690  * // -- or --
-2691  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
-2692  *   serial: {int: 4},
-2693  *   sigalg: {name: 'SHA1withECDSA'},
-2694  *   issuer: {str: '/C=US/O=a'},
-2695  *   notbefore: {'str': '130504235959Z'},
-2696  *   notafter: {'str': '140504235959Z'},
-2697  *   subject: {str: '/C=US/O=b'},
-2698  *   sbjpubkey: pubKeyPEM,
-2699  *   ext: [
-2700  *     {basicConstraints: {cA: true, critical: true}},
-2701  *     {keyUsage: {bin: '11'}},
-2702  *   ],
-2703  *   cakey: [prvkey, pass]}
-2704  * );
-2705  * // -- or --
-2706  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
-2707  *   serial: {int: 1},
-2708  *   sigalg: {name: 'SHA1withRSA'},
-2709  *   issuer: {str: '/C=US/O=T1'},
-2710  *   notbefore: {'str': '130504235959Z'},
-2711  *   notafter: {'str': '140504235959Z'},
-2712  *   subject: {str: '/C=US/O=T1'},
-2713  *   sbjpubkey: pubKeyObj,
-2714  *   sighex: '0102030405..'
-2715  * });
-2716  * // for the issuer and subject field, another
-2717  * // representation is also available
-2718  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
-2719  *   serial: {int: 1},
-2720  *   sigalg: {name: 'SHA256withRSA'},
-2721  *   issuer: {C: "US", O: "T1"},
-2722  *   notbefore: {'str': '130504235959Z'},
-2723  *   notafter: {'str': '140504235959Z'},
-2724  *   subject: {C: "US", O: "T1", CN: "http://example.com/"},
-2725  *   sbjpubkey: pubKeyObj,
-2726  *   sighex: '0102030405..'
-2727  * });
-2728  */
-2729 KJUR.asn1.x509.X509Util.newCertPEM = function(param) {
-2730     var ns1 = KJUR.asn1.x509;
-2731     var o = new ns1.TBSCertificate();
-2732 
-2733     if (param.serial !== undefined)
-2734         o.setSerialNumberByParam(param.serial);
-2735     else
-2736         throw "serial number undefined.";
-2737 
-2738     if (typeof param.sigalg.name === 'string')
-2739         o.setSignatureAlgByParam(param.sigalg);
-2740     else
-2741         throw "unproper signature algorithm name";
-2742 
-2743     if (param.issuer !== undefined)
-2744         o.setIssuerByParam(param.issuer);
-2745     else
-2746         throw "issuer name undefined.";
-2747 
-2748     if (param.notbefore !== undefined)
-2749         o.setNotBeforeByParam(param.notbefore);
-2750     else
-2751         throw "notbefore undefined.";
-2752 
-2753     if (param.notafter !== undefined)
-2754         o.setNotAfterByParam(param.notafter);
-2755     else
-2756         throw "notafter undefined.";
-2757 
-2758     if (param.subject !== undefined)
-2759         o.setSubjectByParam(param.subject);
-2760     else
-2761         throw "subject name undefined.";
-2762 
-2763     if (param.sbjpubkey !== undefined)
-2764         o.setSubjectPublicKeyByGetKey(param.sbjpubkey);
-2765     else
-2766         throw "subject public key undefined.";
-2767 
-2768     if (param.ext !== undefined && param.ext.length !== undefined) {
-2769         for (var i = 0; i < param.ext.length; i++) {
-2770             for (key in param.ext[i]) {
-2771                 o.appendExtensionByName(key, param.ext[i][key]);
-2772             }
-2773         }
-2774     }
-2775 
-2776     // set signature
-2777     if (param.cakey === undefined && param.sighex === undefined)
-2778         throw "param cakey and sighex undefined.";
-2779 
-2780     var caKey = null;
-2781     var cert = null;
-2782 
-2783     if (param.cakey) {
-2784 	if (param.cakey.isPrivate === true) {
-2785 	    caKey = param.cakey;
-2786 	} else {
-2787             caKey = KEYUTIL.getKey.apply(null, param.cakey);
-2788 	}
-2789         cert = new ns1.Certificate({'tbscertobj': o, 'prvkeyobj': caKey});
-2790         cert.sign();
-2791     }
-2792 
-2793     if (param.sighex) {
-2794         cert = new ns1.Certificate({'tbscertobj': o});
-2795         cert.setSignatureHex(param.sighex);
-2796     }
-2797 
-2798     return cert.getPEMString();
-2799 };
-2800 
-2801 
\ No newline at end of file +2201
if (params.uri !== undefined) { +2202 this.type = 'uri'; +2203 v = new _DERIA5String({str: params[this.type]}); +2204 } +2205 +2206 if (params.dn !== undefined) { +2207 this.type = 'dn'; +2208 v = new _X500Name({str: params.dn}); +2209 } +2210 +2211 if (params.ldapdn !== undefined) { +2212 this.type = 'dn'; +2213 v = new _X500Name({ldapstr: params.ldapdn}); +2214 } +2215 +2216 if (params.certissuer !== undefined) { +2217 this.type = 'dn'; +2218 this.explicit = true; +2219 var certStr = params.certissuer; +2220 var certHex = null; +2221 +2222 if (certStr.match(/^[0-9A-Fa-f]+$/)) { +2223 certHex == certStr; +2224 } +2225 +2226 if (certStr.indexOf("-----BEGIN ") != -1) { +2227 certHex = _pemtohex(certStr); +2228 } +2229 +2230 if (certHex == null) throw "certissuer param not cert"; +2231 var x = new X509(); +2232 x.hex = certHex; +2233 var dnHex = x.getIssuerHex(); +2234 v = new _ASN1Object(); +2235 v.hTLV = dnHex; +2236 } +2237 +2238 if (params.certsubj !== undefined) { +2239 this.type = 'dn'; +2240 this.explicit = true; +2241 var certStr = params.certsubj; +2242 var certHex = null; +2243 if (certStr.match(/^[0-9A-Fa-f]+$/)) { +2244 certHex == certStr; +2245 } +2246 if (certStr.indexOf("-----BEGIN ") != -1) { +2247 certHex = _pemtohex(certStr); +2248 } +2249 if (certHex == null) throw "certsubj param not cert"; +2250 var x = new X509(); +2251 x.hex = certHex; +2252 var dnHex = x.getSubjectHex(); +2253 v = new _ASN1Object(); +2254 v.hTLV = dnHex; +2255 } +2256 +2257 if (this.type == null) +2258 throw "unsupported type in params=" + params; +2259 this.asn1Obj = new _DERTaggedObject({'explicit': this.explicit, +2260 'tag': pTag[this.type], +2261 'obj': v}); +2262 }; +2263 +2264 this.getEncodedHex = function() { +2265 return this.asn1Obj.getEncodedHex(); +2266 } +2267 +2268 if (params !== undefined) { +2269 this.setByParam(params); +2270 } +2271 +2272 }; +2273 YAHOO.lang.extend(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object); +2274 +2275 /** +2276 * GeneralNames ASN.1 structure class<br/> +2277 * @name KJUR.asn1.x509.GeneralNames +2278 * @class GeneralNames ASN.1 structure class +2279 * @description +2280 * <br/> +2281 * <h4>EXAMPLE AND ASN.1 SYNTAX</h4> +2282 * @example +2283 * gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]); +2284 * +2285 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName +2286 */ +2287 KJUR.asn1.x509.GeneralNames = function(paramsArray) { +2288 KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this); +2289 var asn1Array = null, +2290 _KJUR = KJUR, +2291 _KJUR_asn1 = _KJUR.asn1; +2292 +2293 /** +2294 * set a array of {@link KJUR.asn1.x509.GeneralName} parameters<br/> +2295 * @name setByParamArray +2296 * @memberOf KJUR.asn1.x509.GeneralNames# +2297 * @function +2298 * @param {Array} paramsArray Array of {@link KJUR.asn1.x509.GeneralNames} +2299 * @description +2300 * <br/> +2301 * <h4>EXAMPLES</h4> +2302 * @example +2303 * gns = new KJUR.asn1.x509.GeneralNames(); +2304 * gns.setByParamArray([{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]); +2305 */ +2306 this.setByParamArray = function(paramsArray) { +2307 for (var i = 0; i < paramsArray.length; i++) { +2308 var o = new _KJUR_asn1.x509.GeneralName(paramsArray[i]); +2309 this.asn1Array.push(o); +2310 } +2311 }; +2312 +2313 this.getEncodedHex = function() { +2314 var o = new _KJUR_asn1.DERSequence({'array': this.asn1Array}); +2315 return o.getEncodedHex(); +2316 }; +2317 +2318 this.asn1Array = new Array(); +2319 if (typeof paramsArray != "undefined") { +2320 this.setByParamArray(paramsArray); +2321 } +2322 }; +2323 YAHOO.lang.extend(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object); +2324 +2325 /** +2326 * DistributionPointName ASN.1 structure class<br/> +2327 * @name KJUR.asn1.x509.DistributionPointName +2328 * @class DistributionPointName ASN.1 structure class +2329 * @description +2330 * <pre> +2331 * DistributionPoint ::= SEQUENCE { +2332 * distributionPoint [0] DistributionPointName OPTIONAL, +2333 * reasons [1] ReasonFlags OPTIONAL, +2334 * cRLIssuer [2] GeneralNames OPTIONAL } +2335 * +2336 * DistributionPointName ::= CHOICE { +2337 * fullName [0] GeneralNames, +2338 * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } +2339 * +2340 * ReasonFlags ::= BIT STRING { +2341 * unused (0), +2342 * keyCompromise (1), +2343 * cACompromise (2), +2344 * affiliationChanged (3), +2345 * superseded (4), +2346 * cessationOfOperation (5), +2347 * certificateHold (6), +2348 * privilegeWithdrawn (7), +2349 * aACompromise (8) } +2350 * </pre> +2351 * @example +2352 */ +2353 KJUR.asn1.x509.DistributionPointName = function(gnOrRdn) { +2354 KJUR.asn1.x509.DistributionPointName.superclass.constructor.call(this); +2355 var asn1Obj = null, +2356 type = null, +2357 tag = null, +2358 asn1V = null, +2359 _KJUR = KJUR, +2360 _KJUR_asn1 = _KJUR.asn1, +2361 _DERTaggedObject = _KJUR_asn1.DERTaggedObject; +2362 +2363 this.getEncodedHex = function() { +2364 if (this.type != "full") +2365 throw "currently type shall be 'full': " + this.type; +2366 this.asn1Obj = new _DERTaggedObject({'explicit': false, +2367 'tag': this.tag, +2368 'obj': this.asn1V}); +2369 this.hTLV = this.asn1Obj.getEncodedHex(); +2370 return this.hTLV; +2371 }; +2372 +2373 if (gnOrRdn !== undefined) { +2374 if (_KJUR_asn1.x509.GeneralNames.prototype.isPrototypeOf(gnOrRdn)) { +2375 this.type = "full"; +2376 this.tag = "a0"; +2377 this.asn1V = gnOrRdn; +2378 } else { +2379 throw "This class supports GeneralNames only as argument"; +2380 } +2381 } +2382 }; +2383 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPointName, KJUR.asn1.ASN1Object); +2384 +2385 /** +2386 * DistributionPoint ASN.1 structure class<br/> +2387 * @name KJUR.asn1.x509.DistributionPoint +2388 * @class DistributionPoint ASN.1 structure class +2389 * @description +2390 * <pre> +2391 * DistributionPoint ::= SEQUENCE { +2392 * distributionPoint [0] DistributionPointName OPTIONAL, +2393 * reasons [1] ReasonFlags OPTIONAL, +2394 * cRLIssuer [2] GeneralNames OPTIONAL } +2395 * +2396 * DistributionPointName ::= CHOICE { +2397 * fullName [0] GeneralNames, +2398 * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } +2399 * +2400 * ReasonFlags ::= BIT STRING { +2401 * unused (0), +2402 * keyCompromise (1), +2403 * cACompromise (2), +2404 * affiliationChanged (3), +2405 * superseded (4), +2406 * cessationOfOperation (5), +2407 * certificateHold (6), +2408 * privilegeWithdrawn (7), +2409 * aACompromise (8) } +2410 * </pre> +2411 * @example +2412 */ +2413 KJUR.asn1.x509.DistributionPoint = function(params) { +2414 KJUR.asn1.x509.DistributionPoint.superclass.constructor.call(this); +2415 var asn1DP = null, +2416 _KJUR = KJUR, +2417 _KJUR_asn1 = _KJUR.asn1; +2418 +2419 this.getEncodedHex = function() { +2420 var seq = new _KJUR_asn1.DERSequence(); +2421 if (this.asn1DP != null) { +2422 var o1 = new _KJUR_asn1.DERTaggedObject({'explicit': true, +2423 'tag': 'a0', +2424 'obj': this.asn1DP}); +2425 seq.appendASN1Object(o1); +2426 } +2427 this.hTLV = seq.getEncodedHex(); +2428 return this.hTLV; +2429 }; +2430 +2431 if (params !== undefined) { +2432 if (params.dpobj !== undefined) { +2433 this.asn1DP = params.dpobj; +2434 } +2435 } +2436 }; +2437 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPoint, KJUR.asn1.ASN1Object); +2438 +2439 /** +2440 * static object for OID +2441 * @name KJUR.asn1.x509.OID +2442 * @class static object for OID +2443 * @property {Assoc Array} atype2oidList for short attribute type name and oid (ex. 'C' and '2.5.4.6') +2444 * @property {Assoc Array} name2oidList for oid name and oid (ex. 'keyUsage' and '2.5.29.15') +2445 * @property {Assoc Array} objCache for caching name and DERObjectIdentifier object +2446 * @description +2447 * This class defines OID name and values. +2448 * AttributeType names registered in OID.atype2oidList are following: +2449 * <table style="border-width: thin; border-style: solid; witdh: 100%"> +2450 * <tr><th>short</th><th>long</th><th>OID</th></tr> +2451 * <tr><td>CN</td>commonName<td></td><td>2.5.4.3</td></tr> +2452 * <tr><td>L</td><td>localityName</td><td>2.5.4.7</td></tr> +2453 * <tr><td>ST</td><td>stateOrProvinceName</td><td>2.5.4.8</td></tr> +2454 * <tr><td>O</td><td>organizationName</td><td>2.5.4.10</td></tr> +2455 * <tr><td>OU</td><td>organizationalUnitName</td><td>2.5.4.11</td></tr> +2456 * <tr><td>C</td><td></td>countryName<td>2.5.4.6</td></tr> +2457 * <tr><td>STREET</td>streetAddress<td></td><td>2.5.4.6</td></tr> +2458 * <tr><td>DC</td><td>domainComponent</td><td>0.9.2342.19200300.100.1.25</td></tr> +2459 * <tr><td>UID</td><td>userId</td><td>0.9.2342.19200300.100.1.1</td></tr> +2460 * <tr><td>SN</td><td>surname</td><td>2.5.4.4</td></tr> +2461 * <tr><td>DN</td><td>distinguishedName</td><td>2.5.4.49</td></tr> +2462 * <tr><td>E</td><td>emailAddress</td><td>1.2.840.113549.1.9.1</td></tr> +2463 * <tr><td></td><td>businessCategory</td><td>2.5.4.15</td></tr> +2464 * <tr><td></td><td>postalCode</td><td>2.5.4.17</td></tr> +2465 * <tr><td></td><td>jurisdictionOfIncorporationL</td><td>1.3.6.1.4.1.311.60.2.1.1</td></tr> +2466 * <tr><td></td><td>jurisdictionOfIncorporationSP</td><td>1.3.6.1.4.1.311.60.2.1.2</td></tr> +2467 * <tr><td></td><td>jurisdictionOfIncorporationC</td><td>1.3.6.1.4.1.311.60.2.1.3</td></tr> +2468 * </table> +2469 * +2470 * @example +2471 */ +2472 KJUR.asn1.x509.OID = new function(params) { +2473 this.atype2oidList = { +2474 // RFC 4514 AttributeType name string (MUST recognized) +2475 'CN': '2.5.4.3', +2476 'L': '2.5.4.7', +2477 'ST': '2.5.4.8', +2478 'O': '2.5.4.10', +2479 'OU': '2.5.4.11', +2480 'C': '2.5.4.6', +2481 'STREET': '2.5.4.9', +2482 'DC': '0.9.2342.19200300.100.1.25', +2483 'UID': '0.9.2342.19200300.100.1.1', +2484 // other AttributeType name string +2485 // http://blog.livedoor.jp/k_urushima/archives/656114.html +2486 'SN': '2.5.4.4', // surname +2487 'DN': '2.5.4.49', // distinguishedName +2488 'E': '1.2.840.113549.1.9.1', // emailAddress in MS.NET or Bouncy +2489 // other AttributeType name string (no short name) +2490 'businessCategory': '2.5.4.15', +2491 'postalCode': '2.5.4.17', +2492 'serialNumber': '2.5.4.5', +2493 'jurisdictionOfIncorporationL': '1.3.6.1.4.1.311.60.2.1.1', +2494 'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2', +2495 'jurisdictionOfIncorporationC': '1.3.6.1.4.1.311.60.2.1.3' +2496 }; +2497 this.name2oidList = { +2498 'sha1': '1.3.14.3.2.26', +2499 'sha256': '2.16.840.1.101.3.4.2.1', +2500 'sha384': '2.16.840.1.101.3.4.2.2', +2501 'sha512': '2.16.840.1.101.3.4.2.3', +2502 'sha224': '2.16.840.1.101.3.4.2.4', +2503 'md5': '1.2.840.113549.2.5', +2504 'md2': '1.3.14.7.2.2.1', +2505 'ripemd160': '1.3.36.3.2.1', +2506 +2507 'MD2withRSA': '1.2.840.113549.1.1.2', +2508 'MD4withRSA': '1.2.840.113549.1.1.3', +2509 'MD5withRSA': '1.2.840.113549.1.1.4', +2510 'SHA1withRSA': '1.2.840.113549.1.1.5', +2511 'SHA224withRSA': '1.2.840.113549.1.1.14', +2512 'SHA256withRSA': '1.2.840.113549.1.1.11', +2513 'SHA384withRSA': '1.2.840.113549.1.1.12', +2514 'SHA512withRSA': '1.2.840.113549.1.1.13', +2515 +2516 'SHA1withECDSA': '1.2.840.10045.4.1', +2517 'SHA224withECDSA': '1.2.840.10045.4.3.1', +2518 'SHA256withECDSA': '1.2.840.10045.4.3.2', +2519 'SHA384withECDSA': '1.2.840.10045.4.3.3', +2520 'SHA512withECDSA': '1.2.840.10045.4.3.4', +2521 +2522 'dsa': '1.2.840.10040.4.1', +2523 'SHA1withDSA': '1.2.840.10040.4.3', +2524 'SHA224withDSA': '2.16.840.1.101.3.4.3.1', +2525 'SHA256withDSA': '2.16.840.1.101.3.4.3.2', +2526 +2527 'rsaEncryption': '1.2.840.113549.1.1.1', +2528 +2529 // X.500 AttributeType defined in RFC 4514 +2530 'commonName': '2.5.4.3', +2531 'localityName': '2.5.4.7', +2532 'stateOrProvinceName': '2.5.4.8', +2533 'organizationName': '2.5.4.10', +2534 'organizationalUnitName': '2.5.4.11', +2535 'countryName': '2.5.4.6', +2536 'streetAddress': '2.5.4.9', +2537 'domainComponent': '0.9.2342.19200300.100.1.25', +2538 'userId': '0.9.2342.19200300.100.1.1', +2539 // other AttributeType name string +2540 'surname': '2.5.4.4', +2541 'distinguishedName': '2.5.4.49', +2542 'emailAddress': '1.2.840.113549.1.9.1', +2543 // other AttributeType name string (no short name) +2544 'businessCategory': '2.5.4.15', +2545 'postalCode': '2.5.4.17', +2546 'jurisdictionOfIncorporationL': '1.3.6.1.4.1.311.60.2.1.1', +2547 'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2', +2548 'jurisdictionOfIncorporationC': '1.3.6.1.4.1.311.60.2.1.3', +2549 +2550 'subjectKeyIdentifier': '2.5.29.14', +2551 'keyUsage': '2.5.29.15', +2552 'subjectAltName': '2.5.29.17', +2553 'issuerAltName': '2.5.29.18', +2554 'basicConstraints': '2.5.29.19', +2555 'nameConstraints': '2.5.29.30', +2556 'cRLDistributionPoints':'2.5.29.31', +2557 'certificatePolicies': '2.5.29.32', +2558 'authorityKeyIdentifier':'2.5.29.35', +2559 'policyConstraints': '2.5.29.36', +2560 'extKeyUsage': '2.5.29.37', +2561 'authorityInfoAccess': '1.3.6.1.5.5.7.1.1', +2562 'ocsp': '1.3.6.1.5.5.7.48.1', +2563 'caIssuers': '1.3.6.1.5.5.7.48.2', +2564 +2565 'anyExtendedKeyUsage': '2.5.29.37.0', +2566 'serverAuth': '1.3.6.1.5.5.7.3.1', +2567 'clientAuth': '1.3.6.1.5.5.7.3.2', +2568 'codeSigning': '1.3.6.1.5.5.7.3.3', +2569 'emailProtection': '1.3.6.1.5.5.7.3.4', +2570 'timeStamping': '1.3.6.1.5.5.7.3.8', +2571 'ocspSigning': '1.3.6.1.5.5.7.3.9', +2572 +2573 'ecPublicKey': '1.2.840.10045.2.1', +2574 'secp256r1': '1.2.840.10045.3.1.7', +2575 'secp256k1': '1.3.132.0.10', +2576 'secp384r1': '1.3.132.0.34', +2577 +2578 'pkcs5PBES2': '1.2.840.113549.1.5.13', +2579 'pkcs5PBKDF2': '1.2.840.113549.1.5.12', +2580 +2581 'des-EDE3-CBC': '1.2.840.113549.3.7', +2582 +2583 'data': '1.2.840.113549.1.7.1', // CMS data +2584 'signed-data': '1.2.840.113549.1.7.2', // CMS signed-data +2585 'enveloped-data': '1.2.840.113549.1.7.3', // CMS enveloped-data +2586 'digested-data': '1.2.840.113549.1.7.5', // CMS digested-data +2587 'encrypted-data': '1.2.840.113549.1.7.6', // CMS encrypted-data +2588 'authenticated-data': '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data +2589 'tstinfo': '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo +2590 'extensionRequest': '1.2.840.113549.1.9.14',// CSR extensionRequest +2591 }; +2592 +2593 this.objCache = {}; +2594 +2595 /** +2596 * get DERObjectIdentifier by registered OID name +2597 * @name name2obj +2598 * @memberOf KJUR.asn1.x509.OID +2599 * @function +2600 * @param {String} name OID +2601 * @description +2602 * @example +2603 * var asn1ObjOID = OID.name2obj('SHA1withRSA'); +2604 */ +2605 this.name2obj = function(name) { +2606 if (typeof this.objCache[name] != "undefined") +2607 return this.objCache[name]; +2608 if (typeof this.name2oidList[name] == "undefined") +2609 throw "Name of ObjectIdentifier not defined: " + name; +2610 var oid = this.name2oidList[name]; +2611 var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid}); +2612 this.objCache[name] = obj; +2613 return obj; +2614 }; +2615 +2616 /** +2617 * get DERObjectIdentifier by registered attribute type name such like 'C' or 'CN'<br/> +2618 * @name atype2obj +2619 * @memberOf KJUR.asn1.x509.OID +2620 * @function +2621 * @param {String} atype short attribute type name such like 'C' or 'CN' +2622 * @description +2623 * @example +2624 * KJUR.asn1.x509.OID.atype2obj('CN') → 2.5.4.3 +2625 * KJUR.asn1.x509.OID.atype2obj('OU') → 2.5.4.11 +2626 */ +2627 this.atype2obj = function(atype) { +2628 if (typeof this.objCache[atype] != "undefined") +2629 return this.objCache[atype]; +2630 if (typeof this.atype2oidList[atype] == "undefined") +2631 throw "AttributeType name undefined: " + atype; +2632 var oid = this.atype2oidList[atype]; +2633 var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid}); +2634 this.objCache[atype] = obj; +2635 return obj; +2636 }; +2637 }; +2638 +2639 /** +2640 * convert OID to name<br/> +2641 * @name oid2name +2642 * @memberOf KJUR.asn1.x509.OID +2643 * @function +2644 * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4) +2645 * @return {String} OID name if registered otherwise empty string +2646 * @since asn1x509 1.0.9 +2647 * @description +2648 * This static method converts OID string to its name. +2649 * If OID is undefined then it returns empty string (i.e. ''). +2650 * @example +2651 * KJUR.asn1.x509.OID.oid2name("1.3.6.1.5.5.7.1.1") → 'authorityInfoAccess' +2652 */ +2653 KJUR.asn1.x509.OID.oid2name = function(oid) { +2654 var list = KJUR.asn1.x509.OID.name2oidList; +2655 for (var name in list) { +2656 if (list[name] == oid) return name; +2657 } +2658 return ''; +2659 }; +2660 +2661 /** +2662 * convert OID to AttributeType name<br/> +2663 * @name oid2atype +2664 * @memberOf KJUR.asn1.x509.OID +2665 * @function +2666 * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4) +2667 * @return {String} OID AttributeType name if registered otherwise oid +2668 * @since jsrsasign 6.2.2 asn1x509 1.0.18 +2669 * @description +2670 * This static method converts OID string to its AttributeType name. +2671 * If OID is not defined in OID.atype2oidList associative array then it returns OID +2672 * specified as argument. +2673 * @example +2674 * KJUR.asn1.x509.OID.oid2atype("2.5.4.3") → CN +2675 * KJUR.asn1.x509.OID.oid2atype("1.3.6.1.4.1.311.60.2.1.3") → jurisdictionOfIncorporationC +2676 * KJUR.asn1.x509.OID.oid2atype("0.1.2.3.4") → 0.1.2.3.4 // unregistered OID +2677 */ +2678 KJUR.asn1.x509.OID.oid2atype = function(oid) { +2679 var list = KJUR.asn1.x509.OID.atype2oidList; +2680 for (var atype in list) { +2681 if (list[atype] == oid) return atype; +2682 } +2683 return oid; +2684 }; +2685 +2686 /** +2687 * convert OID name to OID value<br/> +2688 * @name name2oid +2689 * @memberOf KJUR.asn1.x509.OID +2690 * @function +2691 * @param {String} OID name +2692 * @return {String} dot noted Object Identifer string (ex. 1.2.3.4) +2693 * @since asn1x509 1.0.11 +2694 * @description +2695 * This static method converts from OID name to OID string. +2696 * If OID is undefined then it returns empty string (i.e. ''). +2697 * @example +2698 * KJUR.asn1.x509.OID.name2oid("authorityInfoAccess") → 1.3.6.1.5.5.7.1.1 +2699 */ +2700 KJUR.asn1.x509.OID.name2oid = function(name) { +2701 var list = KJUR.asn1.x509.OID.name2oidList; +2702 if (list[name] === undefined) return ''; +2703 return list[name]; +2704 }; +2705 +2706 /** +2707 * X.509 certificate and CRL utilities class<br/> +2708 * @name KJUR.asn1.x509.X509Util +2709 * @class X.509 certificate and CRL utilities class +2710 * @deprecated jsrsasign 7.2.1 asn1x509 1.0.24 +2711 */ +2712 KJUR.asn1.x509.X509Util = new function() { +2713 var _KJUR = KJUR, +2714 _KJUR_asn1 = _KJUR.asn1, +2715 _DERInteger = _KJUR_asn1.DERInteger, +2716 _DERSequence = _KJUR_asn1.DERSequence, +2717 _ASN1Util = _KJUR_asn1.ASN1Util; +2718 +2719 /** +2720 * get PKCS#8 PEM public key string from RSAKey object +2721 * @name getPKCS8PubKeyPEMfromRSAKey +2722 * @memberOf KJUR.asn1.x509.X509Util +2723 * @function +2724 * @param {RSAKey} rsaKey RSA public key of {@link RSAKey} object +2725 * @deprecated jsrsasign 7.2.1 asn1x509 1.0.24 use {@link KEYUTIL.getPEM} +2726 * @description +2727 * @example +2728 * var pem = KJUR.asn1.x509.X509Util.getPKCS8PubKeyPEMfromRSAKey(pubKey); +2729 */ +2730 this.getPKCS8PubKeyPEMfromRSAKey = function(rsaKey) { +2731 return KEYUTIL.getPEM(rsaKey); +2732 }; +2733 }; +2734 +2735 /** +2736 * issue a certificate in PEM format +2737 * @name newCertPEM +2738 * @memberOf KJUR.asn1.x509.X509Util +2739 * @function +2740 * @param {Array} param parameter to issue a certificate +2741 * @since asn1x509 1.0.6 +2742 * @description +2743 * This method can issue a certificate by a simple +2744 * JSON object. +2745 * Signature value will be provided by signing with +2746 * private key using 'cakey' parameter or +2747 * hexa decimal signature value by 'sighex' parameter. +2748 * <br/> +2749 * NOTE: Algorithm parameter of AlgorithmIdentifier will +2750 * be set automatically by default. (see {@link KJUR.asn1.x509.AlgorithmIdentifier}) +2751 * from jsrsasign 7.1.1 asn1x509 1.0.20. +2752 * +2753 * @example +2754 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ +2755 * serial: {int: 4}, +2756 * sigalg: {name: 'SHA1withECDSA'}, +2757 * issuer: {str: '/C=US/O=a'}, +2758 * notbefore: {'str': '130504235959Z'}, +2759 * notafter: {'str': '140504235959Z'}, +2760 * subject: {str: '/C=US/O=b'}, +2761 * sbjpubkey: pubKeyObj, +2762 * ext: [ +2763 * {basicConstraints: {cA: true, critical: true}}, +2764 * {keyUsage: {bin: '11'}}, +2765 * ], +2766 * cakey: prvKeyObj +2767 * }); +2768 * // -- or -- +2769 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ +2770 * serial: {int: 4}, +2771 * sigalg: {name: 'SHA1withECDSA'}, +2772 * issuer: {str: '/C=US/O=a'}, +2773 * notbefore: {'str': '130504235959Z'}, +2774 * notafter: {'str': '140504235959Z'}, +2775 * subject: {str: '/C=US/O=b'}, +2776 * sbjpubkey: pubKeyPEM, +2777 * ext: [ +2778 * {basicConstraints: {cA: true, critical: true}}, +2779 * {keyUsage: {bin: '11'}}, +2780 * ], +2781 * cakey: [prvkey, pass]} +2782 * ); +2783 * // -- or -- +2784 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ +2785 * serial: {int: 1}, +2786 * sigalg: {name: 'SHA1withRSA'}, +2787 * issuer: {str: '/C=US/O=T1'}, +2788 * notbefore: {'str': '130504235959Z'}, +2789 * notafter: {'str': '140504235959Z'}, +2790 * subject: {str: '/C=US/O=T1'}, +2791 * sbjpubkey: pubKeyObj, +2792 * sighex: '0102030405..' +2793 * }); +2794 * // for the issuer and subject field, another +2795 * // representation is also available +2796 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({ +2797 * serial: {int: 1}, +2798 * sigalg: {name: 'SHA256withRSA'}, +2799 * issuer: {C: "US", O: "T1"}, +2800 * notbefore: {'str': '130504235959Z'}, +2801 * notafter: {'str': '140504235959Z'}, +2802 * subject: {C: "US", O: "T1", CN: "http://example.com/"}, +2803 * sbjpubkey: pubKeyObj, +2804 * sighex: '0102030405..' +2805 * }); +2806 */ +2807 KJUR.asn1.x509.X509Util.newCertPEM = function(param) { +2808 var _KJUR_asn1_x509 = KJUR.asn1.x509, +2809 _TBSCertificate = _KJUR_asn1_x509.TBSCertificate, +2810 _Certificate = _KJUR_asn1_x509.Certificate; +2811 var o = new _TBSCertificate(); +2812 +2813 if (param.serial !== undefined) +2814 o.setSerialNumberByParam(param.serial); +2815 else +2816 throw "serial number undefined."; +2817 +2818 if (typeof param.sigalg.name === 'string') +2819 o.setSignatureAlgByParam(param.sigalg); +2820 else +2821 throw "unproper signature algorithm name"; +2822 +2823 if (param.issuer !== undefined) +2824 o.setIssuerByParam(param.issuer); +2825 else +2826 throw "issuer name undefined."; +2827 +2828 if (param.notbefore !== undefined) +2829 o.setNotBeforeByParam(param.notbefore); +2830 else +2831 throw "notbefore undefined."; +2832 +2833 if (param.notafter !== undefined) +2834 o.setNotAfterByParam(param.notafter); +2835 else +2836 throw "notafter undefined."; +2837 +2838 if (param.subject !== undefined) +2839 o.setSubjectByParam(param.subject); +2840 else +2841 throw "subject name undefined."; +2842 +2843 if (param.sbjpubkey !== undefined) +2844 o.setSubjectPublicKeyByGetKey(param.sbjpubkey); +2845 else +2846 throw "subject public key undefined."; +2847 +2848 if (param.ext !== undefined && param.ext.length !== undefined) { +2849 for (var i = 0; i < param.ext.length; i++) { +2850 for (key in param.ext[i]) { +2851 o.appendExtensionByName(key, param.ext[i][key]); +2852 } +2853 } +2854 } +2855 +2856 // set signature +2857 if (param.cakey === undefined && param.sighex === undefined) +2858 throw "param cakey and sighex undefined."; +2859 +2860 var caKey = null; +2861 var cert = null; +2862 +2863 if (param.cakey) { +2864 if (param.cakey.isPrivate === true) { +2865 caKey = param.cakey; +2866 } else { +2867 caKey = KEYUTIL.getKey.apply(null, param.cakey); +2868 } +2869 cert = new _Certificate({'tbscertobj': o, 'prvkeyobj': caKey}); +2870 cert.sign(); +2871 } +2872 +2873 if (param.sighex) { +2874 cert = new _Certificate({'tbscertobj': o}); +2875 cert.setSignatureHex(param.sighex); +2876 } +2877 +2878 return cert.getPEMString(); +2879 }; +2880 +2881
\ No newline at end of file diff --git a/api/symbols/src/base64x-1.1.js.html b/api/symbols/src/base64x-1.1.js.html index f455f574..87a0464f 100644 --- a/api/symbols/src/base64x-1.1.js.html +++ b/api/symbols/src/base64x-1.1.js.html @@ -5,12 +5,12 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
  1 /*! base64x-1.1.11 (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* base64x-1.1.12 (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * base64x.js - Base64url and supplementary functions for Tom Wu's base64.js library
   5  *
-  6  * version: 1.1.11 (2017-May-20)
+  6  * version: 1.1.12 (2017-Jun-03)
   7  *
   8  * Copyright (c) 2012-2017 Kenji Urushima (kenji.urushima@gmail.com)
   9  *
@@ -28,7 +28,7 @@
  21  * @fileOverview
  22  * @name base64x-1.1.js
  23  * @author Kenji Urushima kenji.urushima@gmail.com
- 24  * @version jsrsasign 7.2.0 base64x 1.1.11 (2017-May-20)
+ 24  * @version jsrsasign 7.2.1 base64x 1.1.12 (2017-Jun-03)
  25  * @since jsrsasign 2.1
  26  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
  27  */
@@ -91,800 +91,926 @@
  84 // ==== string / byte array ================================
  85 /**
  86  * convert a string to an array of character codes
- 87  * @param {String} s
- 88  * @return {Array of Numbers} 
- 89  */
- 90 function stoBA(s) {
- 91     var a = new Array();
- 92     for (var i = 0; i < s.length; i++) {
- 93 	a[i] = s.charCodeAt(i);
- 94     }
- 95     return a;
- 96 }
- 97 
- 98 /**
- 99  * convert an array of character codes to a string
-100  * @param {Array of Numbers} a array of character codes
-101  * @return {String} s
-102  */
-103 function BAtos(a) {
-104     var s = "";
-105     for (var i = 0; i < a.length; i++) {
-106 	s = s + String.fromCharCode(a[i]);
-107     }
-108     return s;
-109 }
-110 
-111 // ==== byte array / hex ================================
-112 /**
-113  * convert an array of bytes(Number) to hexadecimal string.<br/>
-114  * @param {Array of Numbers} a array of bytes
-115  * @return {String} hexadecimal string
-116  */
-117 function BAtohex(a) {
-118     var s = "";
-119     for (var i = 0; i < a.length; i++) {
-120 	var hex1 = a[i].toString(16);
-121 	if (hex1.length == 1) hex1 = "0" + hex1;
-122 	s = s + hex1;
-123     }
-124     return s;
-125 }
-126 
-127 // ==== string / hex ================================
-128 /**
-129  * convert a ASCII string to a hexadecimal string of ASCII codes.<br/>
-130  * NOTE: This can't be used for non ASCII characters.
-131  * @param {s} s ASCII string
-132  * @return {String} hexadecimal string
-133  */
-134 function stohex(s) {
-135     return BAtohex(stoBA(s));
-136 }
-137 
-138 // ==== string / base64 ================================
-139 /**
-140  * convert a ASCII string to a Base64 encoded string.<br/>
-141  * NOTE: This can't be used for non ASCII characters.
-142  * @param {s} s ASCII string
-143  * @return {String} Base64 encoded string
-144  */
-145 function stob64(s) {
-146     return hex2b64(stohex(s));
-147 }
-148 
-149 // ==== string / base64url ================================
-150 /**
-151  * convert a ASCII string to a Base64URL encoded string.<br/>
-152  * NOTE: This can't be used for non ASCII characters.
-153  * @param {s} s ASCII string
-154  * @return {String} Base64URL encoded string
-155  */
-156 function stob64u(s) {
-157     return b64tob64u(hex2b64(stohex(s)));
-158 }
-159 
+ 87  * @name stoBA
+ 88  * @function
+ 89  * @param {String} s
+ 90  * @return {Array of Numbers} 
+ 91  */
+ 92 function stoBA(s) {
+ 93     var a = new Array();
+ 94     for (var i = 0; i < s.length; i++) {
+ 95 	a[i] = s.charCodeAt(i);
+ 96     }
+ 97     return a;
+ 98 }
+ 99 
+100 /**
+101  * convert an array of character codes to a string
+102  * @name BAtos
+103  * @function
+104  * @param {Array of Numbers} a array of character codes
+105  * @return {String} s
+106  */
+107 function BAtos(a) {
+108     var s = "";
+109     for (var i = 0; i < a.length; i++) {
+110 	s = s + String.fromCharCode(a[i]);
+111     }
+112     return s;
+113 }
+114 
+115 // ==== byte array / hex ================================
+116 /**
+117  * convert an array of bytes(Number) to hexadecimal string.<br/>
+118  * @name BAtohex
+119  * @function
+120  * @param {Array of Numbers} a array of bytes
+121  * @return {String} hexadecimal string
+122  */
+123 function BAtohex(a) {
+124     var s = "";
+125     for (var i = 0; i < a.length; i++) {
+126 	var hex1 = a[i].toString(16);
+127 	if (hex1.length == 1) hex1 = "0" + hex1;
+128 	s = s + hex1;
+129     }
+130     return s;
+131 }
+132 
+133 // ==== string / hex ================================
+134 /**
+135  * convert a ASCII string to a hexadecimal string of ASCII codes.<br/>
+136  * NOTE: This can't be used for non ASCII characters.
+137  * @name stohex
+138  * @function
+139  * @param {s} s ASCII string
+140  * @return {String} hexadecimal string
+141  */
+142 function stohex(s) {
+143     return BAtohex(stoBA(s));
+144 }
+145 
+146 // ==== string / base64 ================================
+147 /**
+148  * convert a ASCII string to a Base64 encoded string.<br/>
+149  * NOTE: This can't be used for non ASCII characters.
+150  * @name stob64
+151  * @function
+152  * @param {s} s ASCII string
+153  * @return {String} Base64 encoded string
+154  */
+155 function stob64(s) {
+156     return hex2b64(stohex(s));
+157 }
+158 
+159 // ==== string / base64url ================================
 160 /**
-161  * convert a Base64URL encoded string to a ASCII string.<br/>
-162  * NOTE: This can't be used for Base64URL encoded non ASCII characters.
-163  * @param {s} s Base64URL encoded string
-164  * @return {String} ASCII string
-165  */
-166 function b64utos(s) {
-167     return BAtos(b64toBA(b64utob64(s)));
-168 }
-169 
-170 // ==== base64 / base64url ================================
-171 /**
-172  * convert a Base64 encoded string to a Base64URL encoded string.<br/>
-173  * @param {String} s Base64 encoded string
-174  * @return {String} Base64URL encoded string
-175  * @example
-176  * b64tob64u("ab+c3f/==") → "ab-c3f_"
-177  */
-178 function b64tob64u(s) {
-179     s = s.replace(/\=/g, "");
-180     s = s.replace(/\+/g, "-");
-181     s = s.replace(/\//g, "_");
-182     return s;
-183 }
-184 
+161  * convert a ASCII string to a Base64URL encoded string.<br/>
+162  * NOTE: This can't be used for non ASCII characters.
+163  * @name stob64u
+164  * @function
+165  * @param {s} s ASCII string
+166  * @return {String} Base64URL encoded string
+167  */
+168 function stob64u(s) {
+169     return b64tob64u(hex2b64(stohex(s)));
+170 }
+171 
+172 /**
+173  * convert a Base64URL encoded string to a ASCII string.<br/>
+174  * NOTE: This can't be used for Base64URL encoded non ASCII characters.
+175  * @name b64utos
+176  * @function
+177  * @param {s} s Base64URL encoded string
+178  * @return {String} ASCII string
+179  */
+180 function b64utos(s) {
+181     return BAtos(b64toBA(b64utob64(s)));
+182 }
+183 
+184 // ==== base64 / base64url ================================
 185 /**
-186  * convert a Base64URL encoded string to a Base64 encoded string.<br/>
-187  * @param {String} s Base64URL encoded string
-188  * @return {String} Base64 encoded string
-189  * @example
-190  * b64utob64("ab-c3f_") → "ab+c3f/=="
-191  */
-192 function b64utob64(s) {
-193     if (s.length % 4 == 2) s = s + "==";
-194     else if (s.length % 4 == 3) s = s + "=";
-195     s = s.replace(/-/g, "+");
-196     s = s.replace(/_/g, "/");
-197     return s;
-198 }
-199 
-200 // ==== hex / base64url ================================
+186  * convert a Base64 encoded string to a Base64URL encoded string.<br/>
+187  * @name b64tob64u
+188  * @function
+189  * @param {String} s Base64 encoded string
+190  * @return {String} Base64URL encoded string
+191  * @example
+192  * b64tob64u("ab+c3f/==") → "ab-c3f_"
+193  */
+194 function b64tob64u(s) {
+195     s = s.replace(/\=/g, "");
+196     s = s.replace(/\+/g, "-");
+197     s = s.replace(/\//g, "_");
+198     return s;
+199 }
+200 
 201 /**
-202  * convert a hexadecimal string to a Base64URL encoded string.<br/>
-203  * @param {String} s hexadecimal string
-204  * @return {String} Base64URL encoded string
-205  * @description
-206  * convert a hexadecimal string to a Base64URL encoded string.
-207  * NOTE: If leading "0" is omitted and odd number length for
-208  * hexadecimal leading "0" is automatically added.
+202  * convert a Base64URL encoded string to a Base64 encoded string.<br/>
+203  * @name b64utob64
+204  * @function
+205  * @param {String} s Base64URL encoded string
+206  * @return {String} Base64 encoded string
+207  * @example
+208  * b64utob64("ab-c3f_") → "ab+c3f/=="
 209  */
-210 function hextob64u(s) {
-211     if (s.length % 2 == 1) s = "0" + s;
-212     return b64tob64u(hex2b64(s));
-213 }
-214 
-215 /**
-216  * convert a Base64URL encoded string to a hexadecimal string.<br/>
-217  * @param {String} s Base64URL encoded string
-218  * @return {String} hexadecimal string
-219  */
-220 function b64utohex(s) {
-221     return b64tohex(b64utob64(s));
-222 }
-223 
-224 // ==== utf8 / base64url ================================
-225 
-226 /**
-227  * convert a UTF-8 encoded string including CJK or Latin to a Base64URL encoded string.<br/>
-228  * @param {String} s UTF-8 encoded string
-229  * @return {String} Base64URL encoded string
-230  * @since 1.1
-231  */
-232 
-233 /**
-234  * convert a Base64URL encoded string to a UTF-8 encoded string including CJK or Latin.<br/>
-235  * @param {String} s Base64URL encoded string
-236  * @return {String} UTF-8 encoded string
-237  * @since 1.1
-238  */
-239 
-240 var utf8tob64u, b64utoutf8;
-241 
-242 if (typeof Buffer === 'function') {
-243   utf8tob64u = function (s) {
-244     return b64tob64u(new Buffer(s, 'utf8').toString('base64'));
-245   };
-246 
-247   b64utoutf8 = function (s) {
-248     return new Buffer(b64utob64(s), 'base64').toString('utf8');
-249   };
-250 } else {
-251   utf8tob64u = function (s) {
-252     return hextob64u(uricmptohex(encodeURIComponentAll(s)));
-253   };
-254 
-255   b64utoutf8 = function (s) {
-256     return decodeURIComponent(hextouricmp(b64utohex(s)));
-257   };
-258 }
-259 
-260 // ==== utf8 / base64url ================================
-261 /**
-262  * convert a UTF-8 encoded string including CJK or Latin to a Base64 encoded string.<br/>
-263  * @param {String} s UTF-8 encoded string
-264  * @return {String} Base64 encoded string
-265  * @since 1.1.1
-266  */
-267 function utf8tob64(s) {
-268   return hex2b64(uricmptohex(encodeURIComponentAll(s)));
-269 }
-270 
-271 /**
-272  * convert a Base64 encoded string to a UTF-8 encoded string including CJK or Latin.<br/>
-273  * @param {String} s Base64 encoded string
-274  * @return {String} UTF-8 encoded string
-275  * @since 1.1.1
-276  */
-277 function b64toutf8(s) {
-278   return decodeURIComponent(hextouricmp(b64tohex(s)));
-279 }
+210 function b64utob64(s) {
+211     if (s.length % 4 == 2) s = s + "==";
+212     else if (s.length % 4 == 3) s = s + "=";
+213     s = s.replace(/-/g, "+");
+214     s = s.replace(/_/g, "/");
+215     return s;
+216 }
+217 
+218 // ==== hex / base64url ================================
+219 /**
+220  * convert a hexadecimal string to a Base64URL encoded string.<br/>
+221  * @name hextob64u
+222  * @function
+223  * @param {String} s hexadecimal string
+224  * @return {String} Base64URL encoded string
+225  * @description
+226  * convert a hexadecimal string to a Base64URL encoded string.
+227  * NOTE: If leading "0" is omitted and odd number length for
+228  * hexadecimal leading "0" is automatically added.
+229  */
+230 function hextob64u(s) {
+231     if (s.length % 2 == 1) s = "0" + s;
+232     return b64tob64u(hex2b64(s));
+233 }
+234 
+235 /**
+236  * convert a Base64URL encoded string to a hexadecimal string.<br/>
+237  * @name b64utohex
+238  * @function
+239  * @param {String} s Base64URL encoded string
+240  * @return {String} hexadecimal string
+241  */
+242 function b64utohex(s) {
+243     return b64tohex(b64utob64(s));
+244 }
+245 
+246 // ==== utf8 / base64url ================================
+247 
+248 /**
+249  * convert a UTF-8 encoded string including CJK or Latin to a Base64URL encoded string.<br/>
+250  * @name utf8tob64u
+251  * @function
+252  * @param {String} s UTF-8 encoded string
+253  * @return {String} Base64URL encoded string
+254  * @since 1.1
+255  */
+256 
+257 /**
+258  * convert a Base64URL encoded string to a UTF-8 encoded string including CJK or Latin.<br/>
+259  * @name b64utoutf8
+260  * @function
+261  * @param {String} s Base64URL encoded string
+262  * @return {String} UTF-8 encoded string
+263  * @since 1.1
+264  */
+265 
+266 var utf8tob64u, b64utoutf8;
+267 
+268 if (typeof Buffer === 'function') {
+269   utf8tob64u = function (s) {
+270     return b64tob64u(new Buffer(s, 'utf8').toString('base64'));
+271   };
+272 
+273   b64utoutf8 = function (s) {
+274     return new Buffer(b64utob64(s), 'base64').toString('utf8');
+275   };
+276 } else {
+277   utf8tob64u = function (s) {
+278     return hextob64u(uricmptohex(encodeURIComponentAll(s)));
+279   };
 280 
-281 // ==== utf8 / hex ================================
-282 /**
-283  * convert a UTF-8 encoded string including CJK or Latin to a hexadecimal encoded string.<br/>
-284  * @param {String} s UTF-8 encoded string
-285  * @return {String} hexadecimal encoded string
-286  * @since 1.1.1
-287  */
-288 function utf8tohex(s) {
-289   return uricmptohex(encodeURIComponentAll(s));
-290 }
-291 
-292 /**
-293  * convert a hexadecimal encoded string to a UTF-8 encoded string including CJK or Latin.<br/>
-294  * Note that when input is improper hexadecimal string as UTF-8 string, this function returns
-295  * 'null'.
-296  * @param {String} s hexadecimal encoded string
-297  * @return {String} UTF-8 encoded string or null
-298  * @since 1.1.1
-299  */
-300 function hextoutf8(s) {
-301   return decodeURIComponent(hextouricmp(s));
-302 }
-303 
-304 /**
-305  * convert a hexadecimal encoded string to raw string including non printable characters.<br/>
-306  * @param {String} s hexadecimal encoded string
-307  * @return {String} raw string
-308  * @since 1.1.2
-309  * @example
-310  * hextorstr("610061") → "a\x00a"
-311  */
-312 function hextorstr(sHex) {
-313     var s = "";
-314     for (var i = 0; i < sHex.length - 1; i += 2) {
-315         s += String.fromCharCode(parseInt(sHex.substr(i, 2), 16));
-316     }
-317     return s;
-318 }
-319 
-320 /**
-321  * convert a raw string including non printable characters to hexadecimal encoded string.<br/>
-322  * @param {String} s raw string
-323  * @return {String} hexadecimal encoded string
-324  * @since 1.1.2
-325  * @example
-326  * rstrtohex("a\x00a") → "610061"
-327  */
-328 function rstrtohex(s) {
-329     var result = "";
-330     for (var i = 0; i < s.length; i++) {
-331         result += ("0" + s.charCodeAt(i).toString(16)).slice(-2);
-332     }
-333     return result;
-334 }
-335 
-336 // ==== hex / b64nl =======================================
+281   b64utoutf8 = function (s) {
+282     return decodeURIComponent(hextouricmp(b64utohex(s)));
+283   };
+284 }
+285 
+286 // ==== utf8 / base64url ================================
+287 /**
+288  * convert a UTF-8 encoded string including CJK or Latin to a Base64 encoded string.<br/>
+289  * @name utf8tob64
+290  * @function
+291  * @param {String} s UTF-8 encoded string
+292  * @return {String} Base64 encoded string
+293  * @since 1.1.1
+294  */
+295 function utf8tob64(s) {
+296   return hex2b64(uricmptohex(encodeURIComponentAll(s)));
+297 }
+298 
+299 /**
+300  * convert a Base64 encoded string to a UTF-8 encoded string including CJK or Latin.<br/>
+301  * @name b64toutf8
+302  * @function
+303  * @param {String} s Base64 encoded string
+304  * @return {String} UTF-8 encoded string
+305  * @since 1.1.1
+306  */
+307 function b64toutf8(s) {
+308   return decodeURIComponent(hextouricmp(b64tohex(s)));
+309 }
+310 
+311 // ==== utf8 / hex ================================
+312 /**
+313  * convert a UTF-8 encoded string including CJK or Latin to a hexadecimal encoded string.<br/>
+314  * @name utf8tohex
+315  * @function
+316  * @param {String} s UTF-8 encoded string
+317  * @return {String} hexadecimal encoded string
+318  * @since 1.1.1
+319  */
+320 function utf8tohex(s) {
+321   return uricmptohex(encodeURIComponentAll(s));
+322 }
+323 
+324 /**
+325  * convert a hexadecimal encoded string to a UTF-8 encoded string including CJK or Latin.<br/>
+326  * Note that when input is improper hexadecimal string as UTF-8 string, this function returns
+327  * 'null'.
+328  * @name hextoutf8
+329  * @function
+330  * @param {String} s hexadecimal encoded string
+331  * @return {String} UTF-8 encoded string or null
+332  * @since 1.1.1
+333  */
+334 function hextoutf8(s) {
+335   return decodeURIComponent(hextouricmp(s));
+336 }
 337 
 338 /**
-339  * convert a hexadecimal string to Base64 encoded string<br/>
-340  * @param {String} s hexadecimal string
-341  * @return {String} resulted Base64 encoded string
-342  * @since base64x 1.1.3
-343  * @description
-344  * This function converts from a hexadecimal string to Base64 encoded
-345  * string without new lines.
-346  * @example
-347  * hextob64("616161") → "YWFh"
-348  */
-349 function hextob64(s) {
-350     return hex2b64(s);
-351 }
-352 
-353 /**
-354  * convert a hexadecimal string to Base64 encoded string with new lines<br/>
-355  * @param {String} s hexadecimal string
-356  * @return {String} resulted Base64 encoded string with new lines
-357  * @since base64x 1.1.3
-358  * @description
-359  * This function converts from a hexadecimal string to Base64 encoded
-360  * string with new lines for each 64 characters. This is useful for
-361  * PEM encoded file.
-362  * @example
-363  * hextob64nl("123456789012345678901234567890123456789012345678901234567890")
-364  * →
-365  * MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4 // new line
-366  * OTAxMjM0NTY3ODkwCg==
-367  */
-368 function hextob64nl(s) {
-369     var b64 = hextob64(s);
-370     var b64nl = b64.replace(/(.{64})/g, "$1\r\n");
-371     b64nl = b64nl.replace(/\r\n$/, '');
-372     return b64nl;
-373 }
-374 
-375 /**
-376  * convert a Base64 encoded string with new lines to a hexadecimal string<br/>
-377  * @param {String} s Base64 encoded string with new lines
-378  * @return {String} hexadecimal string
-379  * @since base64x 1.1.3
-380  * @description
-381  * This function converts from a Base64 encoded
-382  * string with new lines to a hexadecimal string.
-383  * This is useful to handle PEM encoded file.
-384  * This function removes any non-Base64 characters (i.e. not 0-9,A-Z,a-z,\,+,=)
-385  * including new line.
+339  * convert a hexadecimal encoded string to raw string including non printable characters.<br/>
+340  * @name hextorstr
+341  * @function
+342  * @param {String} s hexadecimal encoded string
+343  * @return {String} raw string
+344  * @since 1.1.2
+345  * @example
+346  * hextorstr("610061") → "a\x00a"
+347  */
+348 function hextorstr(sHex) {
+349     var s = "";
+350     for (var i = 0; i < sHex.length - 1; i += 2) {
+351         s += String.fromCharCode(parseInt(sHex.substr(i, 2), 16));
+352     }
+353     return s;
+354 }
+355 
+356 /**
+357  * convert a raw string including non printable characters to hexadecimal encoded string.<br/>
+358  * @name rstrtohex
+359  * @function
+360  * @param {String} s raw string
+361  * @return {String} hexadecimal encoded string
+362  * @since 1.1.2
+363  * @example
+364  * rstrtohex("a\x00a") → "610061"
+365  */
+366 function rstrtohex(s) {
+367     var result = "";
+368     for (var i = 0; i < s.length; i++) {
+369         result += ("0" + s.charCodeAt(i).toString(16)).slice(-2);
+370     }
+371     return result;
+372 }
+373 
+374 // ==== hex / b64nl =======================================
+375 
+376 /**
+377  * convert a hexadecimal string to Base64 encoded string<br/>
+378  * @name hextob64
+379  * @function
+380  * @param {String} s hexadecimal string
+381  * @return {String} resulted Base64 encoded string
+382  * @since base64x 1.1.3
+383  * @description
+384  * This function converts from a hexadecimal string to Base64 encoded
+385  * string without new lines.
 386  * @example
-387  * hextob64nl(
-388  * "MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4\r\n" +
-389  * "OTAxMjM0NTY3ODkwCg==\r\n")
-390  * →
-391  * "123456789012345678901234567890123456789012345678901234567890"
-392  */
-393 function b64nltohex(s) {
-394     var b64 = s.replace(/[^0-9A-Za-z\/+=]*/g, '');
-395     var hex = b64tohex(b64);
-396     return hex;
-397 } 
-398 
-399 // ==== hex / ArrayBuffer =================================
-400 
-401 /**
-402  * convert a ArrayBuffer to a hexadecimal string<br/>
-403  * @param {String} hex hexadecimal string
-404  * @return {ArrayBuffer} ArrayBuffer
-405  * @since jsrsasign 6.1.4 base64x 1.1.8
-406  * @description
-407  * This function converts from a ArrayBuffer to a hexadecimal string.
-408  * @example
-409  * var buffer = new ArrayBuffer(3);
-410  * var view = new DataView(buffer);
-411  * view.setUint8(0, 0xfa);
-412  * view.setUint8(1, 0xfb);
-413  * view.setUint8(2, 0x01);
-414  * ArrayBuffertohex(buffer) → "fafb01"
-415  */
-416 function hextoArrayBuffer(hex) {
-417     if (hex.length % 2 != 0) throw "input is not even length";
-418     if (hex.match(/^[0-9A-Fa-f]+$/) == null) throw "input is not hexadecimal";
-419 
-420     var buffer = new ArrayBuffer(hex.length / 2);
-421     var view = new DataView(buffer);
-422 
-423     for (var i = 0; i < hex.length / 2; i++) {
-424 	view.setUint8(i, parseInt(hex.substr(i * 2, 2), 16));
-425     }
-426 
-427     return buffer;
-428 }
-429 
-430 // ==== ArrayBuffer / hex =================================
-431 
-432 /**
-433  * convert a ArrayBuffer to a hexadecimal string<br/>
-434  * @param {ArrayBuffer} buffer ArrayBuffer
-435  * @return {String} hexadecimal string
-436  * @since jsrsasign 6.1.4 base64x 1.1.8
-437  * @description
-438  * This function converts from a ArrayBuffer to a hexadecimal string.
-439  * @example
-440  * hextoArrayBuffer("fffa01") → ArrayBuffer of [255, 250, 1]
-441  */
-442 function ArrayBuffertohex(buffer) {
-443     var hex = "";
-444     var view = new DataView(buffer);
-445 
-446     for (var i = 0; i < buffer.byteLength; i++) {
-447 	hex += ("00" + view.getUint8(i).toString(16)).slice(-2);
-448     }
-449 
-450     return hex;
-451 }
-452 
-453 // ==== zulu / int =================================
-454 /**
-455  * GeneralizedTime or UTCTime string to milliseconds from Unix origin<br>
-456  * @name zulutomsec
-457  * @function
-458  * @param {String} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
-459  * @return {Number} milliseconds from Unix origin time (i.e. Jan 1, 1970 0:00:00 UTC)
-460  * @since jsrsasign 7.1.3 base64x 1.1.9
-461  * @description
-462  * This function converts from GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
-463  * UTCTime string (i.e. YYMMDDHHmmSSZ) to milliseconds from Unix origin time
-464  * (i.e. Jan 1 1970 0:00:00 UTC). 
-465  * Argument string may have fraction of seconds and
-466  * its length is one or more digits such as "20170410235959.1234567Z".
-467  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
-468  * If year "YY" is equal or greater than 50 then it is 19YY.
-469  * @example
-470  * zulutomsec(  "071231235959Z")       → 1199145599000 #Mon, 31 Dec 2007 23:59:59 GMT
-471  * zulutomsec(  "071231235959.1Z")     → 1199145599100 #Mon, 31 Dec 2007 23:59:59 GMT
-472  * zulutomsec(  "071231235959.12345Z") → 1199145599123 #Mon, 31 Dec 2007 23:59:59 GMT
-473  * zulutomsec("20071231235959Z")       → 1199145599000 #Mon, 31 Dec 2007 23:59:59 GMT
-474  * zulutomsec(  "931231235959Z")       → -410227201000 #Mon, 31 Dec 1956 23:59:59 GMT
-475  */
-476 function zulutomsec(s) {
-477     var year, month, day, hour, min, sec, msec, d;
-478     var sYear, sFrac, sMsec, matchResult;
-479 
-480     matchResult = s.match(/^(\d{2}|\d{4})(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(|\.\d+)Z$/);
-481 
-482     if (matchResult) {
-483         sYear = matchResult[1];
-484 	year = parseInt(sYear);
-485         if (sYear.length === 2) {
-486 	    if (50 <= year && year < 100) {
-487 		year = 1900 + year;
-488 	    } else if (0 <= year && year < 50) {
-489 		year = 2000 + year;
-490 	    }
-491 	}
-492 	month = parseInt(matchResult[2]) - 1;
-493 	day = parseInt(matchResult[3]);
-494 	hour = parseInt(matchResult[4]);
-495 	min = parseInt(matchResult[5]);
-496 	sec = parseInt(matchResult[6]);
-497 	msec = 0;
-498 
-499 	sFrac = matchResult[7];
-500 	if (sFrac !== "") {
-501 	    sMsec = (sFrac.substr(1) + "00").substr(0, 3); // .12 -> 012
-502 	    msec = parseInt(sMsec);
-503 	}
-504 	return Date.UTC(year, month, day, hour, min, sec, msec);
-505     }
-506     throw "unsupported zulu format: " + s;
-507 }
-508 
-509 /**
-510  * GeneralizedTime or UTCTime string to seconds from Unix origin<br>
-511  * @name zulutosec
-512  * @function
-513  * @param {String} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
-514  * @return {Number} seconds from Unix origin time (i.e. Jan 1, 1970 0:00:00 UTC)
-515  * @since jsrsasign 7.1.3 base64x 1.1.9
-516  * @description
-517  * This function converts from GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
-518  * UTCTime string (i.e. YYMMDDHHmmSSZ) to seconds from Unix origin time
-519  * (i.e. Jan 1 1970 0:00:00 UTC). Argument string may have fraction of seconds 
-520  * however result value will be omitted.
-521  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
-522  * If year "YY" is equal or greater than 50 then it is 19YY.
-523  * @example
-524  * zulutosec(  "071231235959Z")       → 1199145599 #Mon, 31 Dec 2007 23:59:59 GMT
-525  * zulutosec(  "071231235959.1Z")     → 1199145599 #Mon, 31 Dec 2007 23:59:59 GMT
-526  * zulutosec("20071231235959Z")       → 1199145599 #Mon, 31 Dec 2007 23:59:59 GMT
-527  */
-528 function zulutosec(s) {
-529     var msec = zulutomsec(s);
-530     return ~~(msec / 1000);
-531 }
-532 
-533 // ==== zulu / Date =================================
+387  * hextob64("616161") → "YWFh"
+388  */
+389 function hextob64(s) {
+390     return hex2b64(s);
+391 }
+392 
+393 /**
+394  * convert a hexadecimal string to Base64 encoded string with new lines<br/>
+395  * @name hextob64nl
+396  * @function
+397  * @param {String} s hexadecimal string
+398  * @return {String} resulted Base64 encoded string with new lines
+399  * @since base64x 1.1.3
+400  * @description
+401  * This function converts from a hexadecimal string to Base64 encoded
+402  * string with new lines for each 64 characters. This is useful for
+403  * PEM encoded file.
+404  * @example
+405  * hextob64nl("123456789012345678901234567890123456789012345678901234567890")
+406  * →
+407  * MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4 // new line
+408  * OTAxMjM0NTY3ODkwCg==
+409  */
+410 function hextob64nl(s) {
+411     var b64 = hextob64(s);
+412     var b64nl = b64.replace(/(.{64})/g, "$1\r\n");
+413     b64nl = b64nl.replace(/\r\n$/, '');
+414     return b64nl;
+415 }
+416 
+417 /**
+418  * convert a Base64 encoded string with new lines to a hexadecimal string<br/>
+419  * @name b64nltohex
+420  * @function
+421  * @param {String} s Base64 encoded string with new lines
+422  * @return {String} hexadecimal string
+423  * @since base64x 1.1.3
+424  * @description
+425  * This function converts from a Base64 encoded
+426  * string with new lines to a hexadecimal string.
+427  * This is useful to handle PEM encoded file.
+428  * This function removes any non-Base64 characters (i.e. not 0-9,A-Z,a-z,\,+,=)
+429  * including new line.
+430  * @example
+431  * hextob64nl(
+432  * "MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4\r\n" +
+433  * "OTAxMjM0NTY3ODkwCg==\r\n")
+434  * →
+435  * "123456789012345678901234567890123456789012345678901234567890"
+436  */
+437 function b64nltohex(s) {
+438     var b64 = s.replace(/[^0-9A-Za-z\/+=]*/g, '');
+439     var hex = b64tohex(b64);
+440     return hex;
+441 } 
+442 
+443 // ==== hex / pem =========================================
+444 
+445 /**
+446  * get PEM string from hexadecimal data and header string
+447  * @name hextopem
+448  * @function
+449  * @param {String} dataHex hexadecimal string of PEM body
+450  * @param {String} pemHeader PEM header string (ex. 'RSA PRIVATE KEY')
+451  * @return {String} PEM formatted string of input data
+452  * @since jsrasign 7.2.1 base64x 1.1.12
+453  * @description
+454  * This function converts a hexadecimal string to a PEM string with
+455  * a specified header. Its line break will be CRLF("\r\n").
+456  * @example
+457  * hextopem('616161', 'RSA PRIVATE KEY') →
+458  * -----BEGIN PRIVATE KEY-----
+459  * YWFh
+460  * -----END PRIVATE KEY-----
+461  */
+462 function hextopem(dataHex, pemHeader) {
+463     var pemBody = hextob64nl(dataHex);
+464     return "-----BEGIN " + pemHeader + "-----\r\n" + 
+465         pemBody + 
+466         "\r\n-----END " + pemHeader + "-----\r\n";
+467 }
+468 
+469 /**
+470  * get hexacedimal string from PEM format data<br/>
+471  * @name pemtohex
+472  * @function
+473  * @param {String} s PEM formatted string
+474  * @param {String} sHead PEM header string without BEGIN/END(OPTION)
+475  * @return {String} hexadecimal string data of PEM contents
+476  * @since jsrsasign 7.2.1 base64x 1.1.12
+477  * @description
+478  * This static method gets a hexacedimal string of contents 
+479  * from PEM format data. You can explicitly specify PEM header 
+480  * by sHead argument. 
+481  * Any space characters such as white space or new line
+482  * will be omitted.<br/>
+483  * NOTE: Now {@link KEYUTIL.getHexFromPEM} and {@link X509.pemToHex}
+484  * have been deprecated since jsrsasign 7.2.1. 
+485  * Please use this method instead.
+486  * @example
+487  * pemtohex("-----BEGIN PUBLIC KEY...") → "3082..."
+488  * pemtohex("-----BEGIN CERTIFICATE...", "CERTIFICATE") → "3082..."
+489  * pemtohex(" \r\n-----BEGIN DSA PRIVATE KEY...") → "3082..."
+490  */
+491 function pemtohex(s, sHead) {
+492     if (s.indexOf("-----BEGIN ") == -1)
+493         throw "can't find PEM header: " + sHead;
+494 
+495     if (sHead !== undefined) {
+496         s = s.replace("-----BEGIN " + sHead + "-----", "");
+497         s = s.replace("-----END " + sHead + "-----", "");
+498     } else {
+499         s = s.replace(/-----BEGIN [^-]+-----/, '');
+500         s = s.replace(/-----END [^-]+-----/, '');
+501     }
+502     return b64nltohex(s);
+503 }
+504 
+505 // ==== hex / ArrayBuffer =================================
+506 
+507 /**
+508  * convert a ArrayBuffer to a hexadecimal string<br/>
+509  * @name hextoArrayBuffer
+510  * @function
+511  * @param {String} hex hexadecimal string
+512  * @return {ArrayBuffer} ArrayBuffer
+513  * @since jsrsasign 6.1.4 base64x 1.1.8
+514  * @description
+515  * This function converts from a ArrayBuffer to a hexadecimal string.
+516  * @example
+517  * var buffer = new ArrayBuffer(3);
+518  * var view = new DataView(buffer);
+519  * view.setUint8(0, 0xfa);
+520  * view.setUint8(1, 0xfb);
+521  * view.setUint8(2, 0x01);
+522  * ArrayBuffertohex(buffer) → "fafb01"
+523  */
+524 function hextoArrayBuffer(hex) {
+525     if (hex.length % 2 != 0) throw "input is not even length";
+526     if (hex.match(/^[0-9A-Fa-f]+$/) == null) throw "input is not hexadecimal";
+527 
+528     var buffer = new ArrayBuffer(hex.length / 2);
+529     var view = new DataView(buffer);
+530 
+531     for (var i = 0; i < hex.length / 2; i++) {
+532 	view.setUint8(i, parseInt(hex.substr(i * 2, 2), 16));
+533     }
 534 
-535 /**
-536  * GeneralizedTime or UTCTime string to Date object<br>
-537  * @name zulutodate
-538  * @function
-539  * @param {String} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
-540  * @return {Date} Date object for specified time
-541  * @since jsrsasign 7.1.3 base64x 1.1.9
-542  * @description
-543  * This function converts from GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
-544  * UTCTime string (i.e. YYMMDDHHmmSSZ) to Date object.
-545  * Argument string may have fraction of seconds and
-546  * its length is one or more digits such as "20170410235959.1234567Z".
-547  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
-548  * If year "YY" is equal or greater than 50 then it is 19YY.
+535     return buffer;
+536 }
+537 
+538 // ==== ArrayBuffer / hex =================================
+539 
+540 /**
+541  * convert a ArrayBuffer to a hexadecimal string<br/>
+542  * @name ArrayBuffertohex
+543  * @function
+544  * @param {ArrayBuffer} buffer ArrayBuffer
+545  * @return {String} hexadecimal string
+546  * @since jsrsasign 6.1.4 base64x 1.1.8
+547  * @description
+548  * This function converts from a ArrayBuffer to a hexadecimal string.
 549  * @example
-550  * zulutodate(  "071231235959Z").toUTCString()   → "Mon, 31 Dec 2007 23:59:59 GMT"
-551  * zulutodate(  "071231235959.1Z").toUTCString() → "Mon, 31 Dec 2007 23:59:59 GMT"
-552  * zulutodate("20071231235959Z").toUTCString()   → "Mon, 31 Dec 2007 23:59:59 GMT"
-553  * zulutodate(  "071231235959.34").getMilliseconds() → 340
-554  */
-555 function zulutodate(s) {
-556     return new Date(zulutomsec(s));
-557 }
-558 
-559 // ==== Date / zulu =================================
-560 
-561 /**
-562  * Date object to zulu time string<br>
-563  * @name datetozulu
-564  * @function
-565  * @param {Date} d Date object for specified time
-566  * @param {Boolean} flagUTCTime if this is true year will be YY otherwise YYYY
-567  * @param {Boolean} flagMilli if this is true result concludes milliseconds
-568  * @return {String} GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
-569  * @since jsrsasign 7.2.0 base64x 1.1.11
-570  * @description
-571  * This function converts from Date object to GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
-572  * UTCTime string (i.e. YYMMDDHHmmSSZ).
-573  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
-574  * If year "YY" is equal or greater than 50 then it is 19YY.
-575  * If flagMilli is true its result concludes milliseconds such like
-576  * "20170520235959.42Z". 
-577  * @example
-578  * d = new Date(Date.UTC(2017,4,20,23,59,59,670));
-579  * datetozulu(d) → "20170520235959Z"
-580  * datetozulu(d, true) → "170520235959Z"
-581  * datetozulu(d, false, true) → "20170520235959.67Z"
-582  */
-583 function datetozulu(d, flagUTCTime, flagMilli) {
-584     var s;
-585     var year = d.getUTCFullYear();
-586     if (flagUTCTime) {
-587 	if (year < 1950 || 2049 < year) 
-588 	    throw "not proper year for UTCTime: " + year;
-589 	s = ("" + year).slice(-2);
-590     } else {
-591 	s = ("000" + year).slice(-4);
-592     }
-593     s += ("0" + (d.getUTCMonth() + 1)).slice(-2);
-594     s += ("0" + d.getUTCDate()).slice(-2);
-595     s += ("0" + d.getUTCHours()).slice(-2);
-596     s += ("0" + d.getUTCMinutes()).slice(-2);
-597     s += ("0" + d.getUTCSeconds()).slice(-2);
-598     if (flagMilli) {
-599 	var milli = d.getUTCMilliseconds();
-600 	if (milli !== 0) {
-601 	    milli = ("00" + milli).slice(-3);
-602 	    milli = milli.replace(/0+$/g, "");
-603 	    s += "." + milli;
-604 	}
-605     }
-606     s += "Z";
-607     return s;
-608 }
-609 
-610 // ==== URIComponent / hex ================================
-611 /**
-612  * convert a URLComponent string such like "%67%68" to a hexadecimal string.<br/>
-613  * @param {String} s URIComponent string such like "%67%68"
-614  * @return {String} hexadecimal string
-615  * @since 1.1
-616  */
-617 function uricmptohex(s) {
-618   return s.replace(/%/g, "");
-619 }
-620 
-621 /**
-622  * convert a hexadecimal string to a URLComponent string such like "%67%68".<br/>
-623  * @param {String} s hexadecimal string
-624  * @return {String} URIComponent string such like "%67%68"
-625  * @since 1.1
-626  */
-627 function hextouricmp(s) {
-628   return s.replace(/(..)/g, "%$1");
-629 }
-630 
-631 // ==== URIComponent ================================
-632 /**
-633  * convert UTFa hexadecimal string to a URLComponent string such like "%67%68".<br/>
-634  * Note that these "<code>0-9A-Za-z!'()*-._~</code>" characters will not
-635  * converted to "%xx" format by builtin 'encodeURIComponent()' function.
-636  * However this 'encodeURIComponentAll()' function will convert 
-637  * all of characters into "%xx" format.
-638  * @param {String} s hexadecimal string
-639  * @return {String} URIComponent string such like "%67%68"
-640  * @since 1.1
-641  */
-642 function encodeURIComponentAll(u8) {
-643   var s = encodeURIComponent(u8);
-644   var s2 = "";
-645   for (var i = 0; i < s.length; i++) {
-646     if (s[i] == "%") {
-647       s2 = s2 + s.substr(i, 3);
-648       i = i + 2;
-649     } else {
-650       s2 = s2 + "%" + stohex(s[i]);
-651     }
-652   }
-653   return s2;
-654 }
-655 
-656 // ==== new lines ================================
-657 /**
-658  * convert all DOS new line("\r\n") to UNIX new line("\n") in 
-659  * a String "s".
-660  * @param {String} s string 
-661  * @return {String} converted string
-662  */
-663 function newline_toUnix(s) {
-664     s = s.replace(/\r\n/mg, "\n");
-665     return s;
-666 }
-667 
-668 /**
-669  * convert all UNIX new line("\r\n") to DOS new line("\n") in 
-670  * a String "s".
-671  * @param {String} s string 
-672  * @return {String} converted string
-673  */
-674 function newline_toDos(s) {
-675     s = s.replace(/\r\n/mg, "\n");
-676     s = s.replace(/\n/mg, "\r\n");
-677     return s;
-678 }
-679 
-680 // ==== string type checker ===================
-681 
-682 /**
-683  * check whether a string is an integer string or not<br/>
-684  * @name isInteger
-685  * @memberOf KJUR.lang.String
-686  * @function
-687  * @static
-688  * @param {String} s input string
-689  * @return {Boolean} true if a string "s" is an integer string otherwise false
-690  * @since base64x 1.1.7 jsrsasign 5.0.13
-691  * @example
-692  * KJUR.lang.String.isInteger("12345") → true
-693  * KJUR.lang.String.isInteger("123ab") → false
-694  */
-695 KJUR.lang.String.isInteger = function(s) {
-696     if (s.match(/^[0-9]+$/)) {
-697 	return true;
-698     } else if (s.match(/^-[0-9]+$/)) {
-699 	return true;
+550  * hextoArrayBuffer("fffa01") → ArrayBuffer of [255, 250, 1]
+551  */
+552 function ArrayBuffertohex(buffer) {
+553     var hex = "";
+554     var view = new DataView(buffer);
+555 
+556     for (var i = 0; i < buffer.byteLength; i++) {
+557 	hex += ("00" + view.getUint8(i).toString(16)).slice(-2);
+558     }
+559 
+560     return hex;
+561 }
+562 
+563 // ==== zulu / int =================================
+564 /**
+565  * GeneralizedTime or UTCTime string to milliseconds from Unix origin<br>
+566  * @name zulutomsec
+567  * @function
+568  * @param {String} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
+569  * @return {Number} milliseconds from Unix origin time (i.e. Jan 1, 1970 0:00:00 UTC)
+570  * @since jsrsasign 7.1.3 base64x 1.1.9
+571  * @description
+572  * This function converts from GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
+573  * UTCTime string (i.e. YYMMDDHHmmSSZ) to milliseconds from Unix origin time
+574  * (i.e. Jan 1 1970 0:00:00 UTC). 
+575  * Argument string may have fraction of seconds and
+576  * its length is one or more digits such as "20170410235959.1234567Z".
+577  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
+578  * If year "YY" is equal or greater than 50 then it is 19YY.
+579  * @example
+580  * zulutomsec(  "071231235959Z")       → 1199145599000 #Mon, 31 Dec 2007 23:59:59 GMT
+581  * zulutomsec(  "071231235959.1Z")     → 1199145599100 #Mon, 31 Dec 2007 23:59:59 GMT
+582  * zulutomsec(  "071231235959.12345Z") → 1199145599123 #Mon, 31 Dec 2007 23:59:59 GMT
+583  * zulutomsec("20071231235959Z")       → 1199145599000 #Mon, 31 Dec 2007 23:59:59 GMT
+584  * zulutomsec(  "931231235959Z")       → -410227201000 #Mon, 31 Dec 1956 23:59:59 GMT
+585  */
+586 function zulutomsec(s) {
+587     var year, month, day, hour, min, sec, msec, d;
+588     var sYear, sFrac, sMsec, matchResult;
+589 
+590     matchResult = s.match(/^(\d{2}|\d{4})(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(|\.\d+)Z$/);
+591 
+592     if (matchResult) {
+593         sYear = matchResult[1];
+594 	year = parseInt(sYear);
+595         if (sYear.length === 2) {
+596 	    if (50 <= year && year < 100) {
+597 		year = 1900 + year;
+598 	    } else if (0 <= year && year < 50) {
+599 		year = 2000 + year;
+600 	    }
+601 	}
+602 	month = parseInt(matchResult[2]) - 1;
+603 	day = parseInt(matchResult[3]);
+604 	hour = parseInt(matchResult[4]);
+605 	min = parseInt(matchResult[5]);
+606 	sec = parseInt(matchResult[6]);
+607 	msec = 0;
+608 
+609 	sFrac = matchResult[7];
+610 	if (sFrac !== "") {
+611 	    sMsec = (sFrac.substr(1) + "00").substr(0, 3); // .12 -> 012
+612 	    msec = parseInt(sMsec);
+613 	}
+614 	return Date.UTC(year, month, day, hour, min, sec, msec);
+615     }
+616     throw "unsupported zulu format: " + s;
+617 }
+618 
+619 /**
+620  * GeneralizedTime or UTCTime string to seconds from Unix origin<br>
+621  * @name zulutosec
+622  * @function
+623  * @param {String} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
+624  * @return {Number} seconds from Unix origin time (i.e. Jan 1, 1970 0:00:00 UTC)
+625  * @since jsrsasign 7.1.3 base64x 1.1.9
+626  * @description
+627  * This function converts from GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
+628  * UTCTime string (i.e. YYMMDDHHmmSSZ) to seconds from Unix origin time
+629  * (i.e. Jan 1 1970 0:00:00 UTC). Argument string may have fraction of seconds 
+630  * however result value will be omitted.
+631  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
+632  * If year "YY" is equal or greater than 50 then it is 19YY.
+633  * @example
+634  * zulutosec(  "071231235959Z")       → 1199145599 #Mon, 31 Dec 2007 23:59:59 GMT
+635  * zulutosec(  "071231235959.1Z")     → 1199145599 #Mon, 31 Dec 2007 23:59:59 GMT
+636  * zulutosec("20071231235959Z")       → 1199145599 #Mon, 31 Dec 2007 23:59:59 GMT
+637  */
+638 function zulutosec(s) {
+639     var msec = zulutomsec(s);
+640     return ~~(msec / 1000);
+641 }
+642 
+643 // ==== zulu / Date =================================
+644 
+645 /**
+646  * GeneralizedTime or UTCTime string to Date object<br>
+647  * @name zulutodate
+648  * @function
+649  * @param {String} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
+650  * @return {Date} Date object for specified time
+651  * @since jsrsasign 7.1.3 base64x 1.1.9
+652  * @description
+653  * This function converts from GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
+654  * UTCTime string (i.e. YYMMDDHHmmSSZ) to Date object.
+655  * Argument string may have fraction of seconds and
+656  * its length is one or more digits such as "20170410235959.1234567Z".
+657  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
+658  * If year "YY" is equal or greater than 50 then it is 19YY.
+659  * @example
+660  * zulutodate(  "071231235959Z").toUTCString()   → "Mon, 31 Dec 2007 23:59:59 GMT"
+661  * zulutodate(  "071231235959.1Z").toUTCString() → "Mon, 31 Dec 2007 23:59:59 GMT"
+662  * zulutodate("20071231235959Z").toUTCString()   → "Mon, 31 Dec 2007 23:59:59 GMT"
+663  * zulutodate(  "071231235959.34").getMilliseconds() → 340
+664  */
+665 function zulutodate(s) {
+666     return new Date(zulutomsec(s));
+667 }
+668 
+669 // ==== Date / zulu =================================
+670 
+671 /**
+672  * Date object to zulu time string<br>
+673  * @name datetozulu
+674  * @function
+675  * @param {Date} d Date object for specified time
+676  * @param {Boolean} flagUTCTime if this is true year will be YY otherwise YYYY
+677  * @param {Boolean} flagMilli if this is true result concludes milliseconds
+678  * @return {String} GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
+679  * @since jsrsasign 7.2.0 base64x 1.1.11
+680  * @description
+681  * This function converts from Date object to GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
+682  * UTCTime string (i.e. YYMMDDHHmmSSZ).
+683  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
+684  * If year "YY" is equal or greater than 50 then it is 19YY.
+685  * If flagMilli is true its result concludes milliseconds such like
+686  * "20170520235959.42Z". 
+687  * @example
+688  * d = new Date(Date.UTC(2017,4,20,23,59,59,670));
+689  * datetozulu(d) → "20170520235959Z"
+690  * datetozulu(d, true) → "170520235959Z"
+691  * datetozulu(d, false, true) → "20170520235959.67Z"
+692  */
+693 function datetozulu(d, flagUTCTime, flagMilli) {
+694     var s;
+695     var year = d.getUTCFullYear();
+696     if (flagUTCTime) {
+697 	if (year < 1950 || 2049 < year) 
+698 	    throw "not proper year for UTCTime: " + year;
+699 	s = ("" + year).slice(-2);
 700     } else {
-701 	return false;
+701 	s = ("000" + year).slice(-4);
 702     }
-703 };
-704 
-705 /**
-706  * check whether a string is an hexadecimal string or not<br/>
-707  * @name isHex
-708  * @memberOf KJUR.lang.String
-709  * @function
-710  * @static
-711  * @param {String} s input string
-712  * @return {Boolean} true if a string "s" is an hexadecimal string otherwise false
-713  * @since base64x 1.1.7 jsrsasign 5.0.13
-714  * @example
-715  * KJUR.lang.String.isHex("1234") → true
-716  * KJUR.lang.String.isHex("12ab") → true
-717  * KJUR.lang.String.isHex("12AB") → true
-718  * KJUR.lang.String.isHex("12ZY") → false
-719  * KJUR.lang.String.isHex("121") → false -- odd length
-720  */
-721 KJUR.lang.String.isHex = function(s) {
-722     if (s.length % 2 == 0 &&
-723 	(s.match(/^[0-9a-f]+$/) || s.match(/^[0-9A-F]+$/))) {
-724 	return true;
-725     } else {
-726 	return false;
-727     }
-728 };
-729 
-730 /**
-731  * check whether a string is a base64 encoded string or not<br/>
-732  * Input string can conclude new lines or space characters.
-733  * @name isBase64
-734  * @memberOf KJUR.lang.String
-735  * @function
-736  * @static
-737  * @param {String} s input string
-738  * @return {Boolean} true if a string "s" is a base64 encoded string otherwise false
-739  * @since base64x 1.1.7 jsrsasign 5.0.13
-740  * @example
-741  * KJUR.lang.String.isBase64("YWE=") → true
-742  * KJUR.lang.String.isBase64("YW_=") → false
-743  * KJUR.lang.String.isBase64("YWE") → false -- length shall be multiples of 4
-744  */
-745 KJUR.lang.String.isBase64 = function(s) {
-746     s = s.replace(/\s+/g, "");
-747     if (s.match(/^[0-9A-Za-z+\/]+={0,3}$/) && s.length % 4 == 0) {
-748 	return true;
-749     } else {
-750 	return false;
-751     }
-752 };
-753 
-754 /**
-755  * check whether a string is a base64url encoded string or not<br/>
-756  * Input string can conclude new lines or space characters.
-757  * @name isBase64URL
-758  * @memberOf KJUR.lang.String
-759  * @function
-760  * @static
-761  * @param {String} s input string
-762  * @return {Boolean} true if a string "s" is a base64url encoded string otherwise false
-763  * @since base64x 1.1.7 jsrsasign 5.0.13
-764  * @example
-765  * KJUR.lang.String.isBase64URL("YWE") → true
-766  * KJUR.lang.String.isBase64URL("YW-") → true
-767  * KJUR.lang.String.isBase64URL("YW+") → false
-768  */
-769 KJUR.lang.String.isBase64URL = function(s) {
-770     if (s.match(/[+/=]/)) return false;
-771     s = b64utob64(s);
-772     return KJUR.lang.String.isBase64(s);
-773 };
-774 
-775 /**
-776  * check whether a string is a string of integer array or not<br/>
-777  * Input string can conclude new lines or space characters.
-778  * @name isIntegerArray
-779  * @memberOf KJUR.lang.String
-780  * @function
-781  * @static
-782  * @param {String} s input string
-783  * @return {Boolean} true if a string "s" is a string of integer array otherwise false
-784  * @since base64x 1.1.7 jsrsasign 5.0.13
-785  * @example
-786  * KJUR.lang.String.isIntegerArray("[1,2,3]") → true
-787  * KJUR.lang.String.isIntegerArray("  [1, 2, 3  ] ") → true
-788  * KJUR.lang.String.isIntegerArray("[a,2]") → false
-789  */
-790 KJUR.lang.String.isIntegerArray = function(s) {
-791     s = s.replace(/\s+/g, "");
-792     if (s.match(/^\[[0-9,]+\]$/)) {
-793 	return true;
-794     } else {
-795 	return false;
-796     }
-797 };
-798 
-799 // ==== others ================================
-800 
-801 /**
-802  * canonicalize hexadecimal string of positive integer<br/>
-803  * @param {String} s hexadecimal string 
-804  * @return {String} canonicalized hexadecimal string of positive integer
-805  * @since base64x 1.1.10 jsrsasign 7.1.4
-806  * @description
-807  * This method canonicalize a hexadecimal string of positive integer
-808  * for two's complement representation.
-809  * Canonicalized hexadecimal string of positive integer will be:
-810  * <ul>
-811  * <li>Its length is always even.</li>
-812  * <li>If odd length it will be padded with leading zero.<li>
-813  * <li>If it is even length and its first character is "8" or greater,
-814  * it will be padded with "00" to make it positive integer.</li>
-815  * </ul>
-816  * @example
-817  * hextoposhex("abcd") → "00abcd"
-818  * hextoposhex("1234") → "1234"
-819  * hextoposhex("12345") → "012345"
-820  */
-821 function hextoposhex(s) {
-822     if (s.length % 2 == 1) return "0" + s;
-823     if (s.substr(0, 1) > "7") return "00" + s;
-824     return s;
-825 }
-826 
-827 /**
-828  * convert string of integer array to hexadecimal string.<br/>
-829  * @param {String} s string of integer array
-830  * @return {String} hexadecimal string
-831  * @since base64x 1.1.6 jsrsasign 5.0.2
-832  * @throws "malformed integer array string: *" for wrong input
-833  * @description
-834  * This function converts a string of JavaScript integer array to
-835  * a hexadecimal string. Each integer value shall be in a range 
-836  * from 0 to 255 otherwise it raise exception. Input string can
-837  * have extra space or newline string so that they will be ignored.
-838  * 
-839  * @example
-840  * intarystrtohex(" [123, 34, 101, 34, 58] ")
-841  * → 7b2265223a (i.e. '{"e":' as string)
-842  */
-843 function intarystrtohex(s) {
-844   s = s.replace(/^\s*\[\s*/, '');
-845   s = s.replace(/\s*\]\s*$/, '');
-846   s = s.replace(/\s*/g, '');
-847   try {
-848     var hex = s.split(/,/).map(function(element, index, array) {
-849       var i = parseInt(element);
-850       if (i < 0 || 255 < i) throw "integer not in range 0-255";
-851       var hI = ("00" + i.toString(16)).slice(-2);
-852       return hI;
-853     }).join('');
-854     return hex;
-855   } catch(ex) {
-856     throw "malformed integer array string: " + ex;
-857   }
-858 }
-859 
-860 /**
-861  * find index of string where two string differs
-862  * @param {String} s1 string to compare
-863  * @param {String} s2 string to compare
-864  * @return {Number} string index of where character differs. Return -1 if same.
-865  * @since jsrsasign 4.9.0 base64x 1.1.5
-866  * @example
-867  * strdiffidx("abcdefg", "abcd4fg") -> 4
-868  * strdiffidx("abcdefg", "abcdefg") -> -1
-869  * strdiffidx("abcdefg", "abcdef") -> 6
-870  * strdiffidx("abcdefgh", "abcdef") -> 6
-871  */
-872 var strdiffidx = function(s1, s2) {
-873     var n = s1.length;
-874     if (s1.length > s2.length) n = s2.length;
-875     for (var i = 0; i < n; i++) {
-876 	if (s1.charCodeAt(i) != s2.charCodeAt(i)) return i;
-877     }
-878     if (s1.length != s2.length) return n;
-879     return -1; // same
-880 };
-881 
-882 
-883 
\ No newline at end of file +703
s += ("0" + (d.getUTCMonth() + 1)).slice(-2); +704 s += ("0" + d.getUTCDate()).slice(-2); +705 s += ("0" + d.getUTCHours()).slice(-2); +706 s += ("0" + d.getUTCMinutes()).slice(-2); +707 s += ("0" + d.getUTCSeconds()).slice(-2); +708 if (flagMilli) { +709 var milli = d.getUTCMilliseconds(); +710 if (milli !== 0) { +711 milli = ("00" + milli).slice(-3); +712 milli = milli.replace(/0+$/g, ""); +713 s += "." + milli; +714 } +715 } +716 s += "Z"; +717 return s; +718 } +719 +720 // ==== URIComponent / hex ================================ +721 /** +722 * convert a URLComponent string such like "%67%68" to a hexadecimal string.<br/> +723 * @name uricmptohex +724 * @function +725 * @param {String} s URIComponent string such like "%67%68" +726 * @return {String} hexadecimal string +727 * @since 1.1 +728 */ +729 function uricmptohex(s) { +730 return s.replace(/%/g, ""); +731 } +732 +733 /** +734 * convert a hexadecimal string to a URLComponent string such like "%67%68".<br/> +735 * @name hextouricmp +736 * @function +737 * @param {String} s hexadecimal string +738 * @return {String} URIComponent string such like "%67%68" +739 * @since 1.1 +740 */ +741 function hextouricmp(s) { +742 return s.replace(/(..)/g, "%$1"); +743 } +744 +745 // ==== URIComponent ================================ +746 /** +747 * convert UTFa hexadecimal string to a URLComponent string such like "%67%68".<br/> +748 * Note that these "<code>0-9A-Za-z!'()*-._~</code>" characters will not +749 * converted to "%xx" format by builtin 'encodeURIComponent()' function. +750 * However this 'encodeURIComponentAll()' function will convert +751 * all of characters into "%xx" format. +752 * @name encodeURIComponentAll +753 * @function +754 * @param {String} s hexadecimal string +755 * @return {String} URIComponent string such like "%67%68" +756 * @since 1.1 +757 */ +758 function encodeURIComponentAll(u8) { +759 var s = encodeURIComponent(u8); +760 var s2 = ""; +761 for (var i = 0; i < s.length; i++) { +762 if (s[i] == "%") { +763 s2 = s2 + s.substr(i, 3); +764 i = i + 2; +765 } else { +766 s2 = s2 + "%" + stohex(s[i]); +767 } +768 } +769 return s2; +770 } +771 +772 // ==== new lines ================================ +773 /** +774 * convert all DOS new line("\r\n") to UNIX new line("\n") in +775 * a String "s". +776 * @name newline_toUnix +777 * @function +778 * @param {String} s string +779 * @return {String} converted string +780 */ +781 function newline_toUnix(s) { +782 s = s.replace(/\r\n/mg, "\n"); +783 return s; +784 } +785 +786 /** +787 * convert all UNIX new line("\r\n") to DOS new line("\n") in +788 * a String "s". +789 * @name newline_toDos +790 * @function +791 * @param {String} s string +792 * @return {String} converted string +793 */ +794 function newline_toDos(s) { +795 s = s.replace(/\r\n/mg, "\n"); +796 s = s.replace(/\n/mg, "\r\n"); +797 return s; +798 } +799 +800 // ==== string type checker =================== +801 +802 /** +803 * check whether a string is an integer string or not<br/> +804 * @name isInteger +805 * @memberOf KJUR.lang.String +806 * @function +807 * @static +808 * @param {String} s input string +809 * @return {Boolean} true if a string "s" is an integer string otherwise false +810 * @since base64x 1.1.7 jsrsasign 5.0.13 +811 * @example +812 * KJUR.lang.String.isInteger("12345") → true +813 * KJUR.lang.String.isInteger("123ab") → false +814 */ +815 KJUR.lang.String.isInteger = function(s) { +816 if (s.match(/^[0-9]+$/)) { +817 return true; +818 } else if (s.match(/^-[0-9]+$/)) { +819 return true; +820 } else { +821 return false; +822 } +823 }; +824 +825 /** +826 * check whether a string is an hexadecimal string or not<br/> +827 * @name isHex +828 * @memberOf KJUR.lang.String +829 * @function +830 * @static +831 * @param {String} s input string +832 * @return {Boolean} true if a string "s" is an hexadecimal string otherwise false +833 * @since base64x 1.1.7 jsrsasign 5.0.13 +834 * @example +835 * KJUR.lang.String.isHex("1234") → true +836 * KJUR.lang.String.isHex("12ab") → true +837 * KJUR.lang.String.isHex("12AB") → true +838 * KJUR.lang.String.isHex("12ZY") → false +839 * KJUR.lang.String.isHex("121") → false -- odd length +840 */ +841 KJUR.lang.String.isHex = function(s) { +842 if (s.length % 2 == 0 && +843 (s.match(/^[0-9a-f]+$/) || s.match(/^[0-9A-F]+$/))) { +844 return true; +845 } else { +846 return false; +847 } +848 }; +849 +850 /** +851 * check whether a string is a base64 encoded string or not<br/> +852 * Input string can conclude new lines or space characters. +853 * @name isBase64 +854 * @memberOf KJUR.lang.String +855 * @function +856 * @static +857 * @param {String} s input string +858 * @return {Boolean} true if a string "s" is a base64 encoded string otherwise false +859 * @since base64x 1.1.7 jsrsasign 5.0.13 +860 * @example +861 * KJUR.lang.String.isBase64("YWE=") → true +862 * KJUR.lang.String.isBase64("YW_=") → false +863 * KJUR.lang.String.isBase64("YWE") → false -- length shall be multiples of 4 +864 */ +865 KJUR.lang.String.isBase64 = function(s) { +866 s = s.replace(/\s+/g, ""); +867 if (s.match(/^[0-9A-Za-z+\/]+={0,3}$/) && s.length % 4 == 0) { +868 return true; +869 } else { +870 return false; +871 } +872 }; +873 +874 /** +875 * check whether a string is a base64url encoded string or not<br/> +876 * Input string can conclude new lines or space characters. +877 * @name isBase64URL +878 * @memberOf KJUR.lang.String +879 * @function +880 * @static +881 * @param {String} s input string +882 * @return {Boolean} true if a string "s" is a base64url encoded string otherwise false +883 * @since base64x 1.1.7 jsrsasign 5.0.13 +884 * @example +885 * KJUR.lang.String.isBase64URL("YWE") → true +886 * KJUR.lang.String.isBase64URL("YW-") → true +887 * KJUR.lang.String.isBase64URL("YW+") → false +888 */ +889 KJUR.lang.String.isBase64URL = function(s) { +890 if (s.match(/[+/=]/)) return false; +891 s = b64utob64(s); +892 return KJUR.lang.String.isBase64(s); +893 }; +894 +895 /** +896 * check whether a string is a string of integer array or not<br/> +897 * Input string can conclude new lines or space characters. +898 * @name isIntegerArray +899 * @memberOf KJUR.lang.String +900 * @function +901 * @static +902 * @param {String} s input string +903 * @return {Boolean} true if a string "s" is a string of integer array otherwise false +904 * @since base64x 1.1.7 jsrsasign 5.0.13 +905 * @example +906 * KJUR.lang.String.isIntegerArray("[1,2,3]") → true +907 * KJUR.lang.String.isIntegerArray(" [1, 2, 3 ] ") → true +908 * KJUR.lang.String.isIntegerArray("[a,2]") → false +909 */ +910 KJUR.lang.String.isIntegerArray = function(s) { +911 s = s.replace(/\s+/g, ""); +912 if (s.match(/^\[[0-9,]+\]$/)) { +913 return true; +914 } else { +915 return false; +916 } +917 }; +918 +919 // ==== others ================================ +920 +921 /** +922 * canonicalize hexadecimal string of positive integer<br/> +923 * @name hextoposhex +924 * @function +925 * @param {String} s hexadecimal string +926 * @return {String} canonicalized hexadecimal string of positive integer +927 * @since base64x 1.1.10 jsrsasign 7.1.4 +928 * @description +929 * This method canonicalize a hexadecimal string of positive integer +930 * for two's complement representation. +931 * Canonicalized hexadecimal string of positive integer will be: +932 * <ul> +933 * <li>Its length is always even.</li> +934 * <li>If odd length it will be padded with leading zero.<li> +935 * <li>If it is even length and its first character is "8" or greater, +936 * it will be padded with "00" to make it positive integer.</li> +937 * </ul> +938 * @example +939 * hextoposhex("abcd") → "00abcd" +940 * hextoposhex("1234") → "1234" +941 * hextoposhex("12345") → "012345" +942 */ +943 function hextoposhex(s) { +944 if (s.length % 2 == 1) return "0" + s; +945 if (s.substr(0, 1) > "7") return "00" + s; +946 return s; +947 } +948 +949 /** +950 * convert string of integer array to hexadecimal string.<br/> +951 * @name intarystrtohex +952 * @function +953 * @param {String} s string of integer array +954 * @return {String} hexadecimal string +955 * @since base64x 1.1.6 jsrsasign 5.0.2 +956 * @throws "malformed integer array string: *" for wrong input +957 * @description +958 * This function converts a string of JavaScript integer array to +959 * a hexadecimal string. Each integer value shall be in a range +960 * from 0 to 255 otherwise it raise exception. Input string can +961 * have extra space or newline string so that they will be ignored. +962 * +963 * @example +964 * intarystrtohex(" [123, 34, 101, 34, 58] ") +965 * → 7b2265223a (i.e. '{"e":' as string) +966 */ +967 function intarystrtohex(s) { +968 s = s.replace(/^\s*\[\s*/, ''); +969 s = s.replace(/\s*\]\s*$/, ''); +970 s = s.replace(/\s*/g, ''); +971 try { +972 var hex = s.split(/,/).map(function(element, index, array) { +973 var i = parseInt(element); +974 if (i < 0 || 255 < i) throw "integer not in range 0-255"; +975 var hI = ("00" + i.toString(16)).slice(-2); +976 return hI; +977 }).join(''); +978 return hex; +979 } catch(ex) { +980 throw "malformed integer array string: " + ex; +981 } +982 } +983 +984 /** +985 * find index of string where two string differs +986 * @name strdiffidx +987 * @function +988 * @param {String} s1 string to compare +989 * @param {String} s2 string to compare +990 * @return {Number} string index of where character differs. Return -1 if same. +991 * @since jsrsasign 4.9.0 base64x 1.1.5 +992 * @example +993 * strdiffidx("abcdefg", "abcd4fg") -> 4 +994 * strdiffidx("abcdefg", "abcdefg") -> -1 +995 * strdiffidx("abcdefg", "abcdef") -> 6 +996 * strdiffidx("abcdefgh", "abcdef") -> 6 +997 */ +998 var strdiffidx = function(s1, s2) { +999 var n = s1.length; +1000 if (s1.length > s2.length) n = s2.length; +1001 for (var i = 0; i < n; i++) { +1002 if (s1.charCodeAt(i) != s2.charCodeAt(i)) return i; +1003 } +1004 if (s1.length != s2.length) return n; +1005 return -1; // same +1006 }; +1007 +1008 +1009
\ No newline at end of file diff --git a/api/symbols/src/crypto-1.1.js.html b/api/symbols/src/crypto-1.1.js.html index 01dc83ec..778471fc 100644 --- a/api/symbols/src/crypto-1.1.js.html +++ b/api/symbols/src/crypto-1.1.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
  1 /*! crypto-1.1.12.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* crypto-1.1.12.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * crypto.js - Cryptographic Algorithm Provider class
diff --git a/api/symbols/src/dsa-2.0.js.html b/api/symbols/src/dsa-2.0.js.html
index d2731ed5..4f03caf9 100644
--- a/api/symbols/src/dsa-2.0.js.html
+++ b/api/symbols/src/dsa-2.0.js.html
@@ -5,7 +5,7 @@
 	.STRN {color: #393;}
 	.REGX {color: #339;}
 	.line {border-right: 1px dotted #666; color: #666; font-style: normal;}
-	
  1 /*! dsa-2.1.1.js (c) 2016-2017 Kenji Urushimma | kjur.github.com/jsrsasign/license
+	
  1 /* dsa-2.1.1.js (c) 2016-2017 Kenji Urushimma | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * dsa.js - new DSA class
diff --git a/api/symbols/src/ecdsa-modified-1.0.js.html b/api/symbols/src/ecdsa-modified-1.0.js.html
index d36400d0..7b4ddc1b 100644
--- a/api/symbols/src/ecdsa-modified-1.0.js.html
+++ b/api/symbols/src/ecdsa-modified-1.0.js.html
@@ -5,7 +5,7 @@
 	.STRN {color: #393;}
 	.REGX {color: #339;}
 	.line {border-right: 1px dotted #666; color: #666; font-style: normal;}
-	
  1 /*! ecdsa-modified-1.1.1.js (c) Stephan Thomas, Kenji Urushima | github.com/bitcoinjs/bitcoinjs-lib/blob/master/LICENSE
+	
  1 /* ecdsa-modified-1.1.1.js (c) Stephan Thomas, Kenji Urushima | github.com/bitcoinjs/bitcoinjs-lib/blob/master/LICENSE
   2  */
   3 /*
   4  * ecdsa-modified.js - modified Bitcoin.ECDSA class
diff --git a/api/symbols/src/ecparam-1.0.js.html b/api/symbols/src/ecparam-1.0.js.html
index 10b7b0ee..be03a14f 100644
--- a/api/symbols/src/ecparam-1.0.js.html
+++ b/api/symbols/src/ecparam-1.0.js.html
@@ -5,7 +5,7 @@
 	.STRN {color: #393;}
 	.REGX {color: #339;}
 	.line {border-right: 1px dotted #666; color: #666; font-style: normal;}
-	
  1 /*! ecparam-1.0.0.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* ecparam-1.0.0.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * ecparam.js - Elliptic Curve Cryptography Curve Parameter Definition class
diff --git a/api/symbols/src/jws-3.3.js.html b/api/symbols/src/jws-3.3.js.html
index f8f30b16..735ca51a 100644
--- a/api/symbols/src/jws-3.3.js.html
+++ b/api/symbols/src/jws-3.3.js.html
@@ -5,124 +5,124 @@
 	.STRN {color: #393;}
 	.REGX {color: #339;}
 	.line {border-right: 1px dotted #666; color: #666; font-style: normal;}
-	
  1 /*! jws-3.3.6 (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* jws-3.3.7 (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * jws.js - JSON Web Signature(JWS) and JSON Web Token(JWT) Class
   5  *
-  6  * version: 3.3.6 (2017 Apr 15)
+  6  * Copyright (c) 2010-2017 Kenji Urushima (kenji.urushima@gmail.com)
   7  *
-  8  * Copyright (c) 2010-2017 Kenji Urushima (kenji.urushima@gmail.com)
-  9  *
- 10  * This software is licensed under the terms of the MIT License.
- 11  * http://kjur.github.com/jsrsasign/license/
- 12  *
- 13  * The above copyright and license notice shall be 
- 14  * included in all copies or substantial portions of the Software.
- 15  */
- 16 
- 17 /**
- 18  * @fileOverview
- 19  * @name jws-3.3.js
- 20  * @author Kenji Urushima kenji.urushima@gmail.com
- 21  * @version 3.3.6 (2017-Apr-15)
- 22  * @since jsjws 1.0, jsrsasign 4.8.0
- 23  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
- 24  */
+  8  * This software is licensed under the terms of the MIT License.
+  9  * http://kjur.github.com/jsrsasign/license/
+ 10  *
+ 11  * The above copyright and license notice shall be 
+ 12  * included in all copies or substantial portions of the Software.
+ 13  */
+ 14 
+ 15 /**
+ 16  * @fileOverview
+ 17  * @name jws-3.3.js
+ 18  * @author Kenji Urushima kenji.urushima@gmail.com
+ 19  * @version jsrsasign 7.2.1 jws 3.3.7 (2017-Jun-03)
+ 20  * @since jsjws 1.0, jsrsasign 4.8.0
+ 21  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
+ 22  */
+ 23 
+ 24 if (typeof KJUR == "undefined" || !KJUR) KJUR = {};
  25 
- 26 if (typeof KJUR == "undefined" || !KJUR) KJUR = {};
- 27 
- 28 /**
- 29  * kjur's JSON Web Signature/Token(JWS/JWT) library name space
- 30  * <p>
- 31  * This namespace privides following JWS/JWS related classes.
- 32  * <ul>
- 33  * <li>{@link KJUR.jws.JWS} - JSON Web Signature/Token(JWS/JWT) class</li>
- 34  * <li>{@link KJUR.jws.JWSJS} - JWS JSON Serialization(JWSJS) class</li>
- 35  * <li>{@link KJUR.jws.IntDate} - UNIX origin time utility class</li>
- 36  * </ul>
- 37  * NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.
- 38  * </p>
- 39  * @name KJUR.jws
- 40  * @namespace
- 41  */
- 42 if (typeof KJUR.jws == "undefined" || !KJUR.jws) KJUR.jws = {};
- 43 
- 44 /**
- 45  * JSON Web Signature(JWS) class.<br/>
- 46  * @name KJUR.jws.JWS
- 47  * @class JSON Web Signature(JWS) class
- 48  * @see <a href="http://kjur.github.com/jsjws/">'jwjws'(JWS JavaScript Library) home page http://kjur.github.com/jsjws/</a>
- 49  * @see <a href="http://kjur.github.com/jsrsasigns/">'jwrsasign'(RSA Sign JavaScript Library) home page http://kjur.github.com/jsrsasign/</a>
- 50  * @see <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14">IETF I-D JSON Web Algorithms (JWA)</a>
- 51  * @since jsjws 1.0
- 52  * @description
- 53  * This class provides JSON Web Signature(JWS)/JSON Web Token(JWT) signing and validation.
- 54  *
- 55  * <h4>METHOD SUMMARY</h4>
- 56  * Here is major methods of {@link KJUR.jws.JWS} class.
- 57  * <ul>
- 58  * <li><b>SIGN</b><br/>
- 59  * <li>{@link KJUR.jws.JWS.sign} - sign JWS</li>
- 60  * </li>
- 61  * <li><b>VERIFY</b><br/>
- 62  * <li>{@link KJUR.jws.JWS.verify} - verify JWS signature</li>
- 63  * <li>{@link KJUR.jws.JWS.verifyJWT} - verify properties of JWT token at specified time</li>
- 64  * </li>
- 65  * <li><b>UTILITY</b><br/>
- 66  * <li>{@link KJUR.jws.JWS.getJWKthumbprint} - get RFC 7638 JWK thumbprint</li>
- 67  * <li>{@link KJUR.jws.JWS.isSafeJSONString} - check whether safe JSON string or not</li>
- 68  * <li>{@link KJUR.jws.JWS.readSafeJSONString} - read safe JSON string only</li>
- 69  * </li>
- 70  * </ul> 
- 71  *
- 72  * <h4>SUPPORTED SIGNATURE ALGORITHMS</h4>
- 73  * Here is supported algorithm names for {@link KJUR.jws.JWS.sign} and
- 74  * {@link KJUR.jws.JWS.verify} methods.
- 75  * <table>
- 76  * <tr><th>alg value</th><th>spec requirement</th><th>jsjws support</th></tr>
- 77  * <tr><td>HS256</td><td>REQUIRED</td><td>SUPPORTED</td></tr>
- 78  * <tr><td>HS384</td><td>OPTIONAL</td><td>SUPPORTED</td></tr>
- 79  * <tr><td>HS512</td><td>OPTIONAL</td><td>SUPPORTED</td></tr>
- 80  * <tr><td>RS256</td><td>RECOMMENDED</td><td>SUPPORTED</td></tr>
- 81  * <tr><td>RS384</td><td>OPTIONAL</td><td>SUPPORTED</td></tr>
- 82  * <tr><td>RS512</td><td>OPTIONAL</td><td>SUPPORTED</td></tr>
- 83  * <tr><td>ES256</td><td>RECOMMENDED+</td><td>SUPPORTED</td></tr>
- 84  * <tr><td>ES384</td><td>OPTIONAL</td><td>SUPPORTED</td></tr>
- 85  * <tr><td>ES512</td><td>OPTIONAL</td><td>-</td></tr>
- 86  * <tr><td>PS256</td><td>OPTIONAL</td><td>SUPPORTED</td></tr>
- 87  * <tr><td>PS384</td><td>OPTIONAL</td><td>SUPPORTED</td></tr>
- 88  * <tr><td>PS512</td><td>OPTIONAL</td><td>SUPPORTED</td></tr>
- 89  * <tr><td>none</td><td>REQUIRED</td><td>SUPPORTED(signature generation only)</td></tr>
- 90  * </table>
- 91  * <dl>
- 92  * <dt><b>NOTE1</b>
- 93  * <dd>HS384 is supported since jsjws 3.0.2 with jsrsasign 4.1.4.
- 94  * <dt><b>NOTE2</b>
- 95  * <dd>Some deprecated methods have been removed since jws 3.3 of jsrsasign 4.10.0.
- 96  * Removed methods are following:
- 97  * <ul>
- 98  * <li>JWS.verifyJWSByNE</li>
- 99  * <li>JWS.verifyJWSByKey</li>
-100  * <li>JWS.generateJWSByNED</li>
-101  * <li>JWS.generateJWSByKey</li>
-102  * <li>JWS.generateJWSByP1PrvKey</li>
-103  * </ul>
-104  * </dl>
-105  * <b>EXAMPLE</b><br/>
-106  * @example
-107  * // JWS signing 
-108  * sJWS = KJUR.jws.JWS.sign(null, '{"alg":"HS256", "cty":"JWT"}', '{"age": 21}', {"utf8": "password"});
-109  * // JWS validation
-110  * isValid = KJUR.jws.JWS.verify('eyJjdHkiOiJKV1QiLCJhbGc...', {"utf8": "password"});
-111  * // JWT validation
-112  * isValid = KJUR.jws.JWS.verifyJWT('eyJh...', {"utf8": "password"}, {
-113  *   alg: ['HS256', 'HS384'],
-114  *   iss: ['http://foo.com']
-115  * });
-116  */
-117 KJUR.jws.JWS = function() {
-118     var ns1 = KJUR.jws.JWS;
+ 26 /**
+ 27  * kjur's JSON Web Signature/Token(JWS/JWT) library name space
+ 28  * <p>
+ 29  * This namespace privides following JWS/JWS related classes.
+ 30  * <ul>
+ 31  * <li>{@link KJUR.jws.JWS} - JSON Web Signature/Token(JWS/JWT) class</li>
+ 32  * <li>{@link KJUR.jws.JWSJS} - JWS JSON Serialization(JWSJS) class</li>
+ 33  * <li>{@link KJUR.jws.IntDate} - UNIX origin time utility class</li>
+ 34  * </ul>
+ 35  * NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.
+ 36  * </p>
+ 37  * @name KJUR.jws
+ 38  * @namespace
+ 39  */
+ 40 if (typeof KJUR.jws == "undefined" || !KJUR.jws) KJUR.jws = {};
+ 41 
+ 42 /**
+ 43  * JSON Web Signature(JWS) class.<br/>
+ 44  * @name KJUR.jws.JWS
+ 45  * @class JSON Web Signature(JWS) class
+ 46  * @see <a href="http://kjur.github.com/jsjws/">'jwjws'(JWS JavaScript Library) home page http://kjur.github.com/jsjws/</a>
+ 47  * @see <a href="http://kjur.github.com/jsrsasigns/">'jwrsasign'(RSA Sign JavaScript Library) home page http://kjur.github.com/jsrsasign/</a>
+ 48  * @see <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14">IETF I-D JSON Web Algorithms (JWA)</a>
+ 49  * @since jsjws 1.0
+ 50  * @description
+ 51  * This class provides JSON Web Signature(JWS)/JSON Web Token(JWT) signing and validation.
+ 52  *
+ 53  * <h4>METHOD SUMMARY</h4>
+ 54  * Here is major methods of {@link KJUR.jws.JWS} class.
+ 55  * <ul>
+ 56  * <li><b>SIGN</b><br/>
+ 57  * <li>{@link KJUR.jws.JWS.sign} - sign JWS</li>
+ 58  * </li>
+ 59  * <li><b>VERIFY</b><br/>
+ 60  * <li>{@link KJUR.jws.JWS.verify} - verify JWS signature</li>
+ 61  * <li>{@link KJUR.jws.JWS.verifyJWT} - verify properties of JWT token at specified time</li>
+ 62  * </li>
+ 63  * <li><b>UTILITY</b><br/>
+ 64  * <li>{@link KJUR.jws.JWS.getJWKthumbprint} - get RFC 7638 JWK thumbprint</li>
+ 65  * <li>{@link KJUR.jws.JWS.isSafeJSONString} - check whether safe JSON string or not</li>
+ 66  * <li>{@link KJUR.jws.JWS.readSafeJSONString} - read safe JSON string only</li>
+ 67  * </li>
+ 68  * </ul> 
+ 69  *
+ 70  * <h4>SUPPORTED SIGNATURE ALGORITHMS</h4>
+ 71  * Here is supported algorithm names for {@link KJUR.jws.JWS.sign} and
+ 72  * {@link KJUR.jws.JWS.verify} methods.
+ 73  * <table>
+ 74  * <tr><th>alg value</th><th>spec requirement</th><th>jsjws support</th></tr>
+ 75  * <tr><td>HS256</td><td>REQUIRED</td><td>SUPPORTED</td></tr>
+ 76  * <tr><td>HS384</td><td>OPTIONAL</td><td>SUPPORTED</td></tr>
+ 77  * <tr><td>HS512</td><td>OPTIONAL</td><td>SUPPORTED</td></tr>
+ 78  * <tr><td>RS256</td><td>RECOMMENDED</td><td>SUPPORTED</td></tr>
+ 79  * <tr><td>RS384</td><td>OPTIONAL</td><td>SUPPORTED</td></tr>
+ 80  * <tr><td>RS512</td><td>OPTIONAL</td><td>SUPPORTED</td></tr>
+ 81  * <tr><td>ES256</td><td>RECOMMENDED+</td><td>SUPPORTED</td></tr>
+ 82  * <tr><td>ES384</td><td>OPTIONAL</td><td>SUPPORTED</td></tr>
+ 83  * <tr><td>ES512</td><td>OPTIONAL</td><td>-</td></tr>
+ 84  * <tr><td>PS256</td><td>OPTIONAL</td><td>SUPPORTED</td></tr>
+ 85  * <tr><td>PS384</td><td>OPTIONAL</td><td>SUPPORTED</td></tr>
+ 86  * <tr><td>PS512</td><td>OPTIONAL</td><td>SUPPORTED</td></tr>
+ 87  * <tr><td>none</td><td>REQUIRED</td><td>SUPPORTED(signature generation only)</td></tr>
+ 88  * </table>
+ 89  * <dl>
+ 90  * <dt><b>NOTE1</b>
+ 91  * <dd>HS384 is supported since jsjws 3.0.2 with jsrsasign 4.1.4.
+ 92  * <dt><b>NOTE2</b>
+ 93  * <dd>Some deprecated methods have been removed since jws 3.3 of jsrsasign 4.10.0.
+ 94  * Removed methods are following:
+ 95  * <ul>
+ 96  * <li>JWS.verifyJWSByNE</li>
+ 97  * <li>JWS.verifyJWSByKey</li>
+ 98  * <li>JWS.generateJWSByNED</li>
+ 99  * <li>JWS.generateJWSByKey</li>
+100  * <li>JWS.generateJWSByP1PrvKey</li>
+101  * </ul>
+102  * </dl>
+103  * <b>EXAMPLE</b><br/>
+104  * @example
+105  * // JWS signing 
+106  * sJWS = KJUR.jws.JWS.sign(null, '{"alg":"HS256", "cty":"JWT"}', '{"age": 21}', {"utf8": "password"});
+107  * // JWS validation
+108  * isValid = KJUR.jws.JWS.verify('eyJjdHkiOiJKV1QiLCJhbGc...', {"utf8": "password"});
+109  * // JWT validation
+110  * isValid = KJUR.jws.JWS.verifyJWT('eyJh...', {"utf8": "password"}, {
+111  *   alg: ['HS256', 'HS384'],
+112  *   iss: ['http://foo.com']
+113  * });
+114  */
+115 KJUR.jws.JWS = function() {
+116     var _KJUR = KJUR,
+117 	_KJUR_jws_JWS = _KJUR.jws.JWS,
+118 	_isSafeJSONString = _KJUR_jws_JWS.isSafeJSONString;
 119 
 120     // === utility =============================================================
 121 
@@ -141,7 +141,7 @@
 134 	    (sigValNotNeeded || (this.parsedJWS.sigvalH !== undefined))) {
 135 	    return;
 136 	}
-137     var matchResult = sJWS.match(/^([^.]+)\.([^.]+)\.([^.]+)$/);
+137 	var matchResult = sJWS.match(/^([^.]+)\.([^.]+)\.([^.]+)$/);
 138 	if (matchResult == null) {
 139 	    throw "JWS signature is not a form of 'Head.Payload.SigValue'.";
 140 	}
@@ -167,7 +167,7 @@
 160 	this.parsedJWS.headS = sHead;
 161 	this.parsedJWS.payloadS = sPayload;
 162 
-163 	if (! ns1.isSafeJSONString(sHead, this.parsedJWS, 'headP'))
+163 	if (! _isSafeJSONString(sHead, this.parsedJWS, 'headP'))
 164 	    throw "malformed JSON string for JWS Head: " + sHead;
 165     };
 166 };
@@ -241,827 +241,856 @@
 234  * sJWS = KJUR.jws.JWS.sign(null, '{alg:"HS256",cty:"JWT"}', '{age:21}', "aaa");
 235  */
 236 KJUR.jws.JWS.sign = function(alg, spHeader, spPayload, key, pass) {
-237     var ns1 = KJUR.jws.JWS;
-238     var sHeader, pHeader, sPayload;
-239 
-240     // 1. check signatureInput(Header, Payload) is string or object
-241     if (typeof spHeader != 'string' && typeof spHeader != 'object')
-242 	throw "spHeader must be JSON string or object: " + spHeader;
-243 
-244     if (typeof spHeader == 'object') {
-245 	pHeader = spHeader;
-246 	sHeader = JSON.stringify(pHeader);
-247     }
+237     var _KJUR = KJUR,
+238 	_KJUR_jws = _KJUR.jws,
+239 	_KJUR_jws_JWS = _KJUR_jws.JWS,
+240 	_readSafeJSONString = _KJUR_jws_JWS.readSafeJSONString,
+241 	_isSafeJSONString = _KJUR_jws_JWS.isSafeJSONString,
+242 	_KJUR_crypto = _KJUR.crypto,
+243 	_ECDSA = _KJUR_crypto.ECDSA,
+244 	_Mac = _KJUR_crypto.Mac,
+245 	_Signature = _KJUR_crypto.Signature,
+246 	_RSAKey = RSAKey,
+247 	_JSON = JSON;
 248 
-249     if (typeof spHeader == 'string') {
-250 	sHeader = spHeader;
-251 	if (! ns1.isSafeJSONString(sHeader))
-252 	    throw "JWS Head is not safe JSON string: " + sHeader;
-253 	pHeader = ns1.readSafeJSONString(sHeader);
+249     var sHeader, pHeader, sPayload;
+250 
+251     // 1. check signatureInput(Header, Payload) is string or object
+252     if (typeof spHeader != 'string' && typeof spHeader != 'object')
+253 	throw "spHeader must be JSON string or object: " + spHeader;
 254 
-255     }
-256 
-257     sPayload = spPayload;
-258     if (typeof spPayload == 'object') sPayload = JSON.stringify(spPayload);
+255     if (typeof spHeader == 'object') {
+256 	pHeader = spHeader;
+257 	sHeader = _JSON.stringify(pHeader);
+258     }
 259 
-260     // 2. use alg if defined in sHeader
-261     if ((alg == '' || alg == null) &&
-262 	pHeader['alg'] !== undefined) {
-263 	alg = pHeader['alg'];
-264     }
+260     if (typeof spHeader == 'string') {
+261 	sHeader = spHeader;
+262 	if (! _isSafeJSONString(sHeader))
+263 	    throw "JWS Head is not safe JSON string: " + sHeader;
+264 	pHeader = _readSafeJSONString(sHeader);
 265 
-266     // 3. update sHeader to add alg if alg undefined
-267     if ((alg != '' && alg != null) &&
-268 	pHeader['alg'] === undefined) {
-269 	pHeader['alg'] = alg;
-270 	sHeader = JSON.stringify(pHeader);
-271     }
-272 
-273     // 4. check explicit algorithm doesn't match with JWS header.
-274     if (alg !== pHeader.alg)
-275 	throw "alg and sHeader.alg doesn't match: " + alg + "!=" + pHeader.alg;
+266     }
+267 
+268     sPayload = spPayload;
+269     if (typeof spPayload == 'object') sPayload = _JSON.stringify(spPayload);
+270 
+271     // 2. use alg if defined in sHeader
+272     if ((alg == '' || alg == null) &&
+273 	pHeader['alg'] !== undefined) {
+274 	alg = pHeader['alg'];
+275     }
 276 
-277     // 5. set signature algorithm like SHA1withRSA
-278     var sigAlg = null;
-279     if (ns1.jwsalg2sigalg[alg] === undefined) {
-280 	throw "unsupported alg name: " + alg;
-281     } else {
-282 	sigAlg = ns1.jwsalg2sigalg[alg];
-283     }
-284     
-285     var uHeader = utf8tob64u(sHeader);
-286     var uPayload = utf8tob64u(sPayload);
-287     var uSignatureInput = uHeader + "." + uPayload
-288     // 6. sign
-289     var hSig = "";
-290     if (sigAlg.substr(0, 4) == "Hmac") {
-291 	if (key === undefined)
-292 	    throw "mac key shall be specified for HS* alg";
-293 	//alert("sigAlg=" + sigAlg);
-294 	var mac = new KJUR.crypto.Mac({'alg': sigAlg, 'prov': 'cryptojs', 'pass': key});
-295 	mac.updateString(uSignatureInput);
-296 	hSig = mac.doFinal();
-297     } else if (sigAlg.indexOf("withECDSA") != -1) {
-298 	var sig = new KJUR.crypto.Signature({'alg': sigAlg});
-299 	sig.init(key, pass);
-300 	sig.updateString(uSignatureInput);
-301 	hASN1Sig = sig.sign();
-302 	hSig = KJUR.crypto.ECDSA.asn1SigToConcatSig(hASN1Sig);
-303     } else if (sigAlg != "none") {
-304 	var sig = new KJUR.crypto.Signature({'alg': sigAlg});
-305 	sig.init(key, pass);
-306 	sig.updateString(uSignatureInput);
-307 	hSig = sig.sign();
-308     }
-309 
-310     var uSig = hextob64u(hSig);
-311     return uSignatureInput + "." + uSig;
-312 };
-313 
-314 /**
-315  * verify JWS signature by specified key or certificate<br/>
-316  * @name verify
-317  * @memberOf KJUR.jws.JWS
-318  * @function
-319  * @static
-320  * @param {String} sJWS string of JWS signature to verify
-321  * @param {Object} key string of public key, certificate or key object to verify
-322  * @param {String} acceptAlgs array of algorithm name strings (OPTION)
-323  * @return {Boolean} true if the signature is valid otherwise false
-324  * @since jws 3.0.0
-325  * @see <a href="http://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Signature.html">jsrsasign KJUR.crypto.Signature method</a>
-326  * @see <a href="http://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Mac.html">jsrsasign KJUR.crypto.Mac method</a>
-327  * @description
-328  * <p>
-329  * This method verifies a JSON Web Signature Compact Serialization string by the validation 
-330  * algorithm as described in 
-331  * <a href="http://self-issued.info/docs/draft-jones-json-web-signature-04.html#anchor5">
-332  * the section 5 of Internet Draft draft-jones-json-web-signature-04.</a>
-333  * </p>
-334  * <p>
-335  * Since 3.2.0 strict key checking has been provided against a JWS algorithm
-336  * in a JWS header.
-337  * <ul>
-338  * <li>In case 'alg' is 'HS*' in the JWS header,
-339  * 'key' shall be hexadecimal string for Hmac{256,384,512} shared secret key.
-340  * Otherwise it raise an error.</li>
-341  * <li>In case 'alg' is 'RS*' or 'PS*' in the JWS header,
-342  * 'key' shall be a RSAKey object or a PEM string of
-343  * X.509 RSA public key certificate or PKCS#8 RSA public key.
-344  * Otherwise it raise an error.</li>
-345  * <li>In case 'alg' is 'ES*' in the JWS header,
-346  * 'key' shall be a KJUR.crypto.ECDSA object or a PEM string of
-347  * X.509 ECC public key certificate or PKCS#8 ECC public key.
-348  * Otherwise it raise an error.</li>
-349  * <li>In case 'alg' is 'none' in the JWS header,
-350  * validation not supported after jsjws 3.1.0.</li>
-351  * </ul>
-352  * </p>
-353  * <p>
-354  * NOTE1: The argument 'acceptAlgs' is supported since 3.2.0.
-355  * Strongly recommended to provide acceptAlgs to mitigate
-356  * signature replacement attacks.<br/>
-357  * </p>
-358  * <p>
-359  * NOTE2: From jsrsasign 4.9.0 jws 3.2.5, Way to provide password
-360  * for HS* algorithm is changed. The 'key' attribute value is
-361  * passed to {@link KJUR.crypto.Mac.setPassword} so please see
-362  * {@link KJUR.crypto.Mac.setPassword} for detail.
-363  * As for backword compatibility, if key is a string, has even length and
-364  * 0..9, A-F or a-f characters, key string is treated as a hexadecimal
-365  * otherwise it is treated as a raw string.
-366  * </p>
-367  * @example
-368  * // 1) verify a RS256 JWS signature by a certificate string.
-369  * isValid = KJUR.jws.JWS.verify('eyJh...', '-----BEGIN...', ['RS256']);
-370  * 
-371  * // 2) verify a HS256 JWS signature by a certificate string.
-372  * isValid = KJUR.jws.JWS.verify('eyJh...', {hex: '6f62ad...'}, ['HS256']);
-373  * isValid = KJUR.jws.JWS.verify('eyJh...', {b64: 'Mi/ab8...a=='}, ['HS256']);
-374  * isValid = KJUR.jws.JWS.verify('eyJh...', {utf8: 'Secret秘密'}, ['HS256']);
-375  * isValid = KJUR.jws.JWS.verify('eyJh...', '6f62ad', ['HS256']); // implicit hex
-376  * isValid = KJUR.jws.JWS.verify('eyJh...', '6f62ada', ['HS256']); // implicit raw string
-377  *
-378  * // 3) verify a ES256 JWS signature by a KJUR.crypto.ECDSA key object.
-379  * var pubkey = KEYUTIL.getKey('-----BEGIN CERT...');
-380  * var isValid = KJUR.jws.JWS.verify('eyJh...', pubkey);
-381  */
-382 KJUR.jws.JWS.verify = function(sJWS, key, acceptAlgs) {
-383     var jws = KJUR.jws.JWS;
-384     var a = sJWS.split(".");
-385     var uHeader = a[0];
-386     var uPayload = a[1];
-387     var uSignatureInput = uHeader + "." + uPayload;
-388     var hSig = b64utohex(a[2]);
-389 
-390     // 1. parse JWS header
-391     var pHeader = jws.readSafeJSONString(b64utoutf8(a[0]));
-392     var alg = null;
-393     var algType = null; // HS|RS|PS|ES|no
-394     if (pHeader.alg === undefined) {
-395 	throw "algorithm not specified in header";
-396     } else {
-397 	alg = pHeader.alg;
-398 	algType = alg.substr(0, 2);
-399     }
-400 
-401     // 2. check whether alg is acceptable algorithms
-402     if (acceptAlgs != null &&
-403         Object.prototype.toString.call(acceptAlgs) === '[object Array]' &&
-404         acceptAlgs.length > 0) {
-405 	var acceptAlgStr = ":" + acceptAlgs.join(":") + ":";
-406 	if (acceptAlgStr.indexOf(":" + alg + ":") == -1) {
-407 	    throw "algorithm '" + alg + "' not accepted in the list";
-408 	}
-409     }
-410 
-411     // 3. check whether key is a proper key for alg.
-412     if (alg != "none" && key === null) {
-413 	throw "key shall be specified to verify.";
-414     }
-415 
-416     // 3.1. There is no key check for HS* because Mac will check it.
-417     //      since jsrsasign 5.0.0.
-418 
-419     // 3.2. convert key object if key is a public key or cert PEM string
-420     if (typeof key == "string" &&
-421 	key.indexOf("-----BEGIN ") != -1) {
-422 	key = KEYUTIL.getKey(key);
-423     }
-424 
-425     // 3.3. check whether key is RSAKey obj if alg is RS* or PS*.
-426     if (algType == "RS" || algType == "PS") {
-427 	if (!(key instanceof RSAKey)) {
-428 	    throw "key shall be a RSAKey obj for RS* and PS* algs";
-429 	}
-430     }
-431 
-432     // 3.4. check whether key is ECDSA obj if alg is ES*.
-433     if (algType == "ES") {
-434 	if (!(key instanceof KJUR.crypto.ECDSA)) {
-435 	    throw "key shall be a ECDSA obj for ES* algs";
-436 	}
-437     }
+277     // 3. update sHeader to add alg if alg undefined
+278     if ((alg != '' && alg != null) &&
+279 	pHeader['alg'] === undefined) {
+280 	pHeader['alg'] = alg;
+281 	sHeader = _JSON.stringify(pHeader);
+282     }
+283 
+284     // 4. check explicit algorithm doesn't match with JWS header.
+285     if (alg !== pHeader.alg)
+286 	throw "alg and sHeader.alg doesn't match: " + alg + "!=" + pHeader.alg;
+287 
+288     // 5. set signature algorithm like SHA1withRSA
+289     var sigAlg = null;
+290     if (_KJUR_jws_JWS.jwsalg2sigalg[alg] === undefined) {
+291 	throw "unsupported alg name: " + alg;
+292     } else {
+293 	sigAlg = _KJUR_jws_JWS.jwsalg2sigalg[alg];
+294     }
+295     
+296     var uHeader = utf8tob64u(sHeader);
+297     var uPayload = utf8tob64u(sPayload);
+298     var uSignatureInput = uHeader + "." + uPayload
+299     // 6. sign
+300     var hSig = "";
+301     if (sigAlg.substr(0, 4) == "Hmac") {
+302 	if (key === undefined)
+303 	    throw "mac key shall be specified for HS* alg";
+304 	//alert("sigAlg=" + sigAlg);
+305 	var mac = new _Mac({'alg': sigAlg, 'prov': 'cryptojs', 'pass': key});
+306 	mac.updateString(uSignatureInput);
+307 	hSig = mac.doFinal();
+308     } else if (sigAlg.indexOf("withECDSA") != -1) {
+309 	var sig = new _Signature({'alg': sigAlg});
+310 	sig.init(key, pass);
+311 	sig.updateString(uSignatureInput);
+312 	hASN1Sig = sig.sign();
+313 	hSig = KJUR.crypto.ECDSA.asn1SigToConcatSig(hASN1Sig);
+314     } else if (sigAlg != "none") {
+315 	var sig = new _Signature({'alg': sigAlg});
+316 	sig.init(key, pass);
+317 	sig.updateString(uSignatureInput);
+318 	hSig = sig.sign();
+319     }
+320 
+321     var uSig = hextob64u(hSig);
+322     return uSignatureInput + "." + uSig;
+323 };
+324 
+325 /**
+326  * verify JWS signature by specified key or certificate<br/>
+327  * @name verify
+328  * @memberOf KJUR.jws.JWS
+329  * @function
+330  * @static
+331  * @param {String} sJWS string of JWS signature to verify
+332  * @param {Object} key string of public key, certificate or key object to verify
+333  * @param {String} acceptAlgs array of algorithm name strings (OPTION)
+334  * @return {Boolean} true if the signature is valid otherwise false
+335  * @since jws 3.0.0
+336  * @see <a href="http://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Signature.html">jsrsasign KJUR.crypto.Signature method</a>
+337  * @see <a href="http://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Mac.html">jsrsasign KJUR.crypto.Mac method</a>
+338  * @description
+339  * <p>
+340  * This method verifies a JSON Web Signature Compact Serialization string by the validation 
+341  * algorithm as described in 
+342  * <a href="http://self-issued.info/docs/draft-jones-json-web-signature-04.html#anchor5">
+343  * the section 5 of Internet Draft draft-jones-json-web-signature-04.</a>
+344  * </p>
+345  * <p>
+346  * Since 3.2.0 strict key checking has been provided against a JWS algorithm
+347  * in a JWS header.
+348  * <ul>
+349  * <li>In case 'alg' is 'HS*' in the JWS header,
+350  * 'key' shall be hexadecimal string for Hmac{256,384,512} shared secret key.
+351  * Otherwise it raise an error.</li>
+352  * <li>In case 'alg' is 'RS*' or 'PS*' in the JWS header,
+353  * 'key' shall be a RSAKey object or a PEM string of
+354  * X.509 RSA public key certificate or PKCS#8 RSA public key.
+355  * Otherwise it raise an error.</li>
+356  * <li>In case 'alg' is 'ES*' in the JWS header,
+357  * 'key' shall be a KJUR.crypto.ECDSA object or a PEM string of
+358  * X.509 ECC public key certificate or PKCS#8 ECC public key.
+359  * Otherwise it raise an error.</li>
+360  * <li>In case 'alg' is 'none' in the JWS header,
+361  * validation not supported after jsjws 3.1.0.</li>
+362  * </ul>
+363  * </p>
+364  * <p>
+365  * NOTE1: The argument 'acceptAlgs' is supported since 3.2.0.
+366  * Strongly recommended to provide acceptAlgs to mitigate
+367  * signature replacement attacks.<br/>
+368  * </p>
+369  * <p>
+370  * NOTE2: From jsrsasign 4.9.0 jws 3.2.5, Way to provide password
+371  * for HS* algorithm is changed. The 'key' attribute value is
+372  * passed to {@link KJUR.crypto.Mac.setPassword} so please see
+373  * {@link KJUR.crypto.Mac.setPassword} for detail.
+374  * As for backword compatibility, if key is a string, has even length and
+375  * 0..9, A-F or a-f characters, key string is treated as a hexadecimal
+376  * otherwise it is treated as a raw string.
+377  * </p>
+378  * @example
+379  * // 1) verify a RS256 JWS signature by a certificate string.
+380  * isValid = KJUR.jws.JWS.verify('eyJh...', '-----BEGIN...', ['RS256']);
+381  * 
+382  * // 2) verify a HS256 JWS signature by a certificate string.
+383  * isValid = KJUR.jws.JWS.verify('eyJh...', {hex: '6f62ad...'}, ['HS256']);
+384  * isValid = KJUR.jws.JWS.verify('eyJh...', {b64: 'Mi/ab8...a=='}, ['HS256']);
+385  * isValid = KJUR.jws.JWS.verify('eyJh...', {utf8: 'Secret秘密'}, ['HS256']);
+386  * isValid = KJUR.jws.JWS.verify('eyJh...', '6f62ad', ['HS256']); // implicit hex
+387  * isValid = KJUR.jws.JWS.verify('eyJh...', '6f62ada', ['HS256']); // implicit raw string
+388  *
+389  * // 3) verify a ES256 JWS signature by a KJUR.crypto.ECDSA key object.
+390  * var pubkey = KEYUTIL.getKey('-----BEGIN CERT...');
+391  * var isValid = KJUR.jws.JWS.verify('eyJh...', pubkey);
+392  */
+393 KJUR.jws.JWS.verify = function(sJWS, key, acceptAlgs) {
+394     var _KJUR = KJUR,
+395 	_KJUR_jws = _KJUR.jws,
+396 	_KJUR_jws_JWS = _KJUR_jws.JWS,
+397 	_readSafeJSONString = _KJUR_jws_JWS.readSafeJSONString,
+398 	_KJUR_crypto = _KJUR.crypto,
+399 	_ECDSA = _KJUR_crypto.ECDSA,
+400 	_Mac = _KJUR_crypto.Mac,
+401 	_Signature = _KJUR_crypto.Signature,
+402 	_RSAKey = RSAKey;
+403 
+404     var a = sJWS.split(".");
+405     var uHeader = a[0];
+406     var uPayload = a[1];
+407     var uSignatureInput = uHeader + "." + uPayload;
+408     var hSig = b64utohex(a[2]);
+409 
+410     // 1. parse JWS header
+411     var pHeader = _readSafeJSONString(b64utoutf8(a[0]));
+412     var alg = null;
+413     var algType = null; // HS|RS|PS|ES|no
+414     if (pHeader.alg === undefined) {
+415 	throw "algorithm not specified in header";
+416     } else {
+417 	alg = pHeader.alg;
+418 	algType = alg.substr(0, 2);
+419     }
+420 
+421     // 2. check whether alg is acceptable algorithms
+422     if (acceptAlgs != null &&
+423         Object.prototype.toString.call(acceptAlgs) === '[object Array]' &&
+424         acceptAlgs.length > 0) {
+425 	var acceptAlgStr = ":" + acceptAlgs.join(":") + ":";
+426 	if (acceptAlgStr.indexOf(":" + alg + ":") == -1) {
+427 	    throw "algorithm '" + alg + "' not accepted in the list";
+428 	}
+429     }
+430 
+431     // 3. check whether key is a proper key for alg.
+432     if (alg != "none" && key === null) {
+433 	throw "key shall be specified to verify.";
+434     }
+435 
+436     // 3.1. There is no key check for HS* because Mac will check it.
+437     //      since jsrsasign 5.0.0.
 438 
-439     // 3.5. check when alg is 'none'
-440     if (alg == "none") {
-441     }
-442 
-443     // 4. check whether alg is supported alg in jsjws.
-444     var sigAlg = null;
-445     if (jws.jwsalg2sigalg[pHeader.alg] === undefined) {
-446 	throw "unsupported alg name: " + alg;
-447     } else {
-448 	sigAlg = jws.jwsalg2sigalg[alg];
-449     }
-450 
-451     // 5. verify
-452     if (sigAlg == "none") {
-453         throw "not supported";
-454     } else if (sigAlg.substr(0, 4) == "Hmac") {
-455 	var hSig2 = null;
-456 	if (key === undefined)
-457 	    throw "hexadecimal key shall be specified for HMAC";
-458 	//try {
-459 	    var mac = new KJUR.crypto.Mac({'alg': sigAlg, 'pass': key});
-460 	    mac.updateString(uSignatureInput);
-461 	    hSig2 = mac.doFinal();
-462 	//} catch(ex) {};
-463 	return hSig == hSig2;
-464     } else if (sigAlg.indexOf("withECDSA") != -1) {
-465 	var hASN1Sig = null;
-466         try {
-467 	    hASN1Sig = KJUR.crypto.ECDSA.concatSigToASN1Sig(hSig);
-468 	} catch (ex) {
-469 	    return false;
-470 	}
-471 	var sig = new KJUR.crypto.Signature({'alg': sigAlg});
-472 	sig.init(key)
-473 	sig.updateString(uSignatureInput);
-474 	return sig.verify(hASN1Sig);
-475     } else {
-476 	var sig = new KJUR.crypto.Signature({'alg': sigAlg});
-477 	sig.init(key)
-478 	sig.updateString(uSignatureInput);
-479 	return sig.verify(hSig);
-480     }
-481 };
-482 
-483 /**
-484  * parse header and payload of JWS signature<br/>
-485  * @name parse
-486  * @memberOf KJUR.jws.JWS
-487  * @function
-488  * @static
-489  * @param {String} sJWS string of JWS signature to parse
-490  * @return {Array} associative array of parsed header and payload. See below.
-491  * @throws if sJWS is malformed JWS signature
-492  * @since jws 3.3.3
-493  * @description
-494  * This method parses JWS signature string. 
-495  * Resulted associative array has following properties:
-496  * <ul>
-497  * <li>headerObj - JSON object of header</li>
-498  * <li>payloadObj - JSON object of payload if payload is JSON string otherwise undefined</li>
-499  * <li>headerPP - pretty printed JSON header by stringify</li>
-500  * <li>payloadPP - pretty printed JSON payload by stringify if payload is JSON otherwise Base64URL decoded raw string of payload</li>
-501  * <li>sigHex - hexadecimal string of signature</li>
-502  * </ul>
-503  * @example
-504  * KJUR.jws.JWS.parse(sJWS) ->
-505  * { 
-506  *   headerObj: {"alg": "RS256", "typ": "JWS"},
-507  *   payloadObj: {"product": "orange", "quantity": 100},
-508  *   headerPP: 
-509  *   '{
-510  *     "alg": "RS256",
-511  *     "typ": "JWS"
-512  *   }',
-513  *   payloadPP: 
-514  *   '{
-515  *     "product": "orange",
-516  *     "quantity": 100
-517  *   }',
-518  *   sigHex: "91f3cd..." 
-519  * }
-520  */
-521 KJUR.jws.JWS.parse = function(sJWS) {
-522     var a = sJWS.split(".");
-523     var result = {};
-524     var uHeader, uPayload, uSig;
-525     if (a.length != 2 && a.length != 3)
-526 	throw "malformed sJWS: wrong number of '.' splitted elements";
-527 
-528     uHeader = a[0];
-529     uPayload = a[1];
-530     if (a.length == 3) uSig = a[2]; 
-531 
-532     result.headerObj = KJUR.jws.JWS.readSafeJSONString(b64utoutf8(uHeader));
-533     result.payloadObj = KJUR.jws.JWS.readSafeJSONString(b64utoutf8(uPayload));
-534 
-535     result.headerPP = JSON.stringify(result.headerObj, null, "  ");
-536     if (result.payloadObj == null) {
-537 	result.payloadPP = b64utoutf8(uPayload);
-538     } else {
-539 	result.payloadPP = JSON.stringify(result.payloadObj, null, "  ");
-540     }
-541 
-542     if (uSig !== undefined) {
-543 	result.sigHex = b64utohex(uSig);
-544     }
-545 
-546     return result;
-547 };
-548 
-549 /**
-550  * @name verifyJWT
-551  * @memberOf KJUR.jws.JWS
-552  * @function
-553  * @static
-554  * @param {String} sJWT string of JSON Web Token(JWT) to verify
-555  * @param {Object} key string of public key, certificate or key object to verify
-556  * @param {Array} acceptField associative array of acceptable fields (OPTION)
-557  * @return {Boolean} true if the JWT token is valid otherwise false
-558  * @since jws 3.2.3 jsrsasign 4.8.0
-559  *
-560  * @description
-561  * This method verifies a
-562  * <a href="https://tools.ietf.org/html/rfc7519">RFC 7519</a> 
-563  * JSON Web Token(JWT).
-564  * It will verify following:
-565  * <ul>
-566  * <li>Header.alg
-567  * <ul>
-568  * <li>alg is specified in JWT header.</li>
-569  * <li>alg is included in acceptField.alg array. (MANDATORY)</li>
-570  * <li>alg is proper for key.</li>
-571  * </ul>
-572  * </li>
-573  * <li>Payload.iss (issuer) - Payload.iss is included in acceptField.iss array if specified. (OPTION)</li>
-574  * <li>Payload.sub (subject) - Payload.sub is included in acceptField.sub array if specified. (OPTION)</li>
-575  * <li>Payload.aud (audience) - Payload.aud is included in acceptField.aud array or 
-576  *     the same as value if specified. (OPTION)</li>
-577  * <li>Time validity
-578  * <ul>
-579  * <li>
-580  * If acceptField.verifyAt as number of UNIX origin time is specifed for validation time, 
-581  * this method will verify at the time for it, otherwise current time will be used to verify.
-582  * </li>
-583  * <li>
-584  * Clock of JWT generator or verifier can be fast or slow. If these clocks are
-585  * very different, JWT validation may fail. To avoid such case, 'jsrsasign' supports
-586  * 'acceptField.gracePeriod' parameter which specifies acceptable time difference
-587  * of those clocks in seconds. So if you want to accept slow or fast in 2 hours,
-588  * you can specify <code>acceptField.gracePeriod = 2 * 60 * 60;</code>.
-589  * "gracePeriod" is zero by default.
-590  * "gracePeriod" is supported since jsrsasign 5.0.12.
-591  * </li>
-592  * <li>Payload.exp (expire) - Validation time is smaller than Payload.exp + gracePeriod.</li>
-593  * <li>Payload.nbf (not before) - Validation time is greater than Payload.nbf - gracePeriod.</li>
-594  * <li>Payload.iat (issued at) - Validation time is greater than Payload.iat - gracePeriod.</li>
-595  * </ul>
-596  * </li>
-597  * <li>Payload.jti (JWT id) - Payload.jti is included in acceptField.jti if specified. (OPTION)</li>
-598  * <li>JWS signature of JWS is valid for specified key.</li>
-599  * </ul>
-600  *
-601  * <h4>acceptField parameters</h4>
-602  * Here is available acceptField argument parameters:
-603  * <ul>
-604  * <li>alg - array of acceptable signature algorithm names (ex. ["HS256", "HS384"])</li>
-605  * <li>iss - array of acceptable issuer names (ex. ['http://foo.com'])</li>
-606  * <li>sub - array of acceptable subject names (ex. ['mailto:john@foo.com'])</li>
-607  * <li>aud - array or string of acceptable audience name(s) (ex. ['http://foo.com'])</li>
-608  * <li>jti - string of acceptable JWT ID (OPTION) (ex. 'id1234')</li>
-609  * <li>
-610  * verifyAt - time to verify 'nbf', 'iat' and 'exp' in UNIX seconds 
-611  * (OPTION) (ex. 1377663900).  
-612  * If this is not specified, current time of verifier will be used. 
-613  * {@link KJUR.jws.IntDate} may be useful to specify it.
-614  * </li>
-615  * <li>gracePeriod - acceptable time difference between signer and verifier
-616  * in seconds (ex. 3600). If this is not specified, zero will be used.</li>
-617  * </ul>
-618  *
-619  * @example
-620  * // simple validation for HS256
-621  * isValid = KJUR.jws.JWS.verifyJWT("eyJhbG...", "616161", {alg: ["HS256"]}),
-622  *
-623  * // full validation for RS or PS
-624  * pubkey = KEYUTIL.getKey('-----BEGIN CERT...');
-625  * isValid = KJUR.jws.JWS.verifyJWT('eyJh...', pubkey, {
-626  *   alg: ['RS256', 'RS512', 'PS256', 'PS512'],
-627  *   iss: ['http://foo.com'],
-628  *   sub: ['mailto:john@foo.com', 'mailto:alice@foo.com'],
-629  *   verifyAt: KJUR.jws.IntDate.get('20150520235959Z'),
-630  *   aud: ['http://foo.com'], // aud: 'http://foo.com' is fine too.
-631  *   jti: 'id123456',
-632  *   gracePeriod: 1 * 60 * 60 // accept 1 hour slow or fast
-633  * });
-634  */
-635 KJUR.jws.JWS.verifyJWT = function(sJWT, key, acceptField) {
-636     var ns1 = KJUR.jws.JWS;
-637 
-638     // 1. parse JWT
-639     var a = sJWT.split(".");
-640     var uHeader = a[0];
-641     var uPayload = a[1];
-642     var uSignatureInput = uHeader + "." + uPayload;
-643     var hSig = b64utohex(a[2]);
-644 
-645     // 2. parse JWS header
-646     var pHeader = ns1.readSafeJSONString(b64utoutf8(uHeader));
-647 
-648     // 3. parse JWS payload
-649     var pPayload = ns1.readSafeJSONString(b64utoutf8(uPayload));
-650 
-651     // 4. algorithm ('alg' in header) check
-652     if (pHeader.alg === undefined) return false;
-653     if (acceptField.alg === undefined)
-654 	throw "acceptField.alg shall be specified";
-655     if (! ns1.inArray(pHeader.alg, acceptField.alg)) return false;
-656 
-657     // 5. issuer ('iss' in payload) check
-658     if (pPayload.iss !== undefined && typeof acceptField.iss === "object") {
-659 	if (! ns1.inArray(pPayload.iss, acceptField.iss)) return false;
-660     }
-661 
-662     // 6. subject ('sub' in payload) check
-663     if (pPayload.sub !== undefined && typeof acceptField.sub === "object") {
-664 	if (! ns1.inArray(pPayload.sub, acceptField.sub)) return false;
-665     }
-666 
-667     // 7. audience ('aud' in payload) check
-668     if (pPayload.aud !== undefined && typeof acceptField.aud === "object") {
-669 	if (typeof pPayload.aud == "string") {
-670 	    if (! ns1.inArray(pPayload.aud, acceptField.aud))
-671 		return false;
-672 	} else if (typeof pPayload.aud == "object") {
-673 	    if (! ns1.includedArray(pPayload.aud, acceptField.aud))
-674 		return false;
-675 	}
-676     }
-677 
-678     // 8. time validity 
-679     //   (nbf - gracePeriod < now < exp + gracePeriod) && (iat - gracePeriod < now)
-680     var now = KJUR.jws.IntDate.getNow();
-681     if (acceptField.verifyAt !== undefined && typeof acceptField.verifyAt === "number") {
-682 	now = acceptField.verifyAt;
-683     }
-684     if (acceptField.gracePeriod === undefined || 
-685         typeof acceptField.gracePeriod !== "number") {
-686 	acceptField.gracePeriod = 0;
-687     }
-688 
-689     // 8.1 expired time 'exp' check
-690     if (pPayload.exp !== undefined && typeof pPayload.exp == "number") {
-691 	if (pPayload.exp + acceptField.gracePeriod < now) return false;
-692     }
-693 
-694     // 8.2 not before time 'nbf' check
-695     if (pPayload.nbf !== undefined && typeof pPayload.nbf == "number") {
-696 	if (now < pPayload.nbf - acceptField.gracePeriod) return false;
-697     }
-698     
-699     // 8.3 issued at time 'iat' check
-700     if (pPayload.iat !== undefined && typeof pPayload.iat == "number") {
-701 	if (now < pPayload.iat - acceptField.gracePeriod) return false;
-702     }
-703 
-704     // 9 JWT id 'jti' check
-705     if (pPayload.jti !== undefined && acceptField.jti !== undefined) {
-706       if (pPayload.jti !== acceptField.jti) return false;
-707     }
-708 
-709     // 10 JWS signature check
-710     if (! KJUR.jws.JWS.verify(sJWT, key, acceptField.alg)) return false;
-711 
-712     // 11 passed all check
-713     return true;
-714 };
-715 
-716 /**
-717  * check whether array is included by another array
-718  * @name includedArray
-719  * @memberOf KJUR.jws.JWS
-720  * @function
-721  * @static
-722  * @param {Array} a1 check whether set a1 is included by a2
-723  * @param {Array} a2 check whether set a1 is included by a2
-724  * @return {Boolean} check whether set a1 is included by a2
-725  * @since jws 3.2.3
-726  * This method verifies whether an array is included by another array.
-727  * It doesn't care about item ordering in a array.
-728  * @example
-729  * KJUR.jws.JWS.includedArray(['b'], ['b', 'c', 'a']) => true
-730  * KJUR.jws.JWS.includedArray(['a', 'b'], ['b', 'c', 'a']) => true
-731  * KJUR.jws.JWS.includedArray(['a', 'b'], ['b', 'c']) => false
-732  */
-733 KJUR.jws.JWS.includedArray = function(a1, a2) {
-734     var inArray = KJUR.jws.JWS.inArray;
-735     if (a1 === null) return false;
-736     if (typeof a1 !== "object") return false;
-737     if (typeof a1.length !== "number") return false;
-738 
-739     for (var i = 0; i < a1.length; i++) {
-740 	if (! inArray(a1[i], a2)) return false;
-741     }
-742     return true;
-743 };
-744 
-745 /**
-746  * check whether item is included by array
-747  * @name inArray
-748  * @memberOf KJUR.jws.JWS
-749  * @function
-750  * @static
-751  * @param {String} item check whether item is included by array
-752  * @param {Array} a check whether item is included by array
-753  * @return {Boolean} check whether item is included by array
-754  * @since jws 3.2.3
-755  * This method verifies whether an item is included by an array.
-756  * It doesn't care about item ordering in an array.
-757  * @example
-758  * KJUR.jws.JWS.inArray('b', ['b', 'c', 'a']) => true
-759  * KJUR.jws.JWS.inArray('a', ['b', 'c', 'a']) => true
-760  * KJUR.jws.JWS.inArray('a', ['b', 'c']) => false
-761  */
-762 KJUR.jws.JWS.inArray = function(item, a) {
-763     if (a === null) return false;
-764     if (typeof a !== "object") return false;
-765     if (typeof a.length !== "number") return false;
-766     for (var i = 0; i < a.length; i++) {
-767 	if (a[i] == item) return true;
-768     }
-769     return false;
-770 };
-771 
-772 /**
-773  * static associative array of general signature algorithm name from JWS algorithm name
-774  * @since jws 3.0.0
-775  */
-776 KJUR.jws.JWS.jwsalg2sigalg = {
-777     "HS256":	"HmacSHA256",
-778     "HS384":	"HmacSHA384",
-779     "HS512":	"HmacSHA512",
-780     "RS256":	"SHA256withRSA",
-781     "RS384":	"SHA384withRSA",
-782     "RS512":	"SHA512withRSA",
-783     "ES256":	"SHA256withECDSA",
-784     "ES384":	"SHA384withECDSA",
-785     //"ES512":	"SHA512withECDSA", // unsupported because of jsrsasign's bug
-786     "PS256":	"SHA256withRSAandMGF1",
-787     "PS384":	"SHA384withRSAandMGF1",
-788     "PS512":	"SHA512withRSAandMGF1",
-789     "none":	"none",
-790 };
-791 
-792 // === utility static method ==================================================
-793 
-794 /**
-795  * check whether a String "s" is a safe JSON string or not.<br/>
-796  * If a String "s" is a malformed JSON string or an other object type
-797  * this returns 0, otherwise this returns 1.
-798  * @name isSafeJSONString
-799  * @memberOf KJUR.jws.JWS
-800  * @function
-801  * @static
-802  * @param {String} s JSON string
-803  * @return {Number} 1 or 0
-804  */
-805 KJUR.jws.JWS.isSafeJSONString = function(s, h, p) {
-806     var o = null;
-807     try {
-808 	o = jsonParse(s);
-809 	if (typeof o != "object") return 0;
-810 	if (o.constructor === Array) return 0;
-811 	if (h) h[p] = o;
-812 	return 1;
-813     } catch (ex) {
-814 	return 0;
-815     }
-816 };
-817 
-818 /**
-819  * read a String "s" as JSON object if it is safe.<br/>
-820  * If a String "s" is a malformed JSON string or not JSON string,
-821  * this returns null, otherwise returns JSON object.
-822  * @name readSafeJSONString
-823  * @memberOf KJUR.jws.JWS
-824  * @function
-825  * @static
-826  * @param {String} s JSON string
-827  * @return {Object} JSON object or null
-828  * @since 1.1.1
+439     // 3.2. convert key object if key is a public key or cert PEM string
+440     if (typeof key == "string" &&
+441 	key.indexOf("-----BEGIN ") != -1) {
+442 	key = KEYUTIL.getKey(key);
+443     }
+444 
+445     // 3.3. check whether key is RSAKey obj if alg is RS* or PS*.
+446     if (algType == "RS" || algType == "PS") {
+447 	if (!(key instanceof _RSAKey)) {
+448 	    throw "key shall be a RSAKey obj for RS* and PS* algs";
+449 	}
+450     }
+451 
+452     // 3.4. check whether key is ECDSA obj if alg is ES*.
+453     if (algType == "ES") {
+454 	if (!(key instanceof _ECDSA)) {
+455 	    throw "key shall be a ECDSA obj for ES* algs";
+456 	}
+457     }
+458 
+459     // 3.5. check when alg is 'none'
+460     if (alg == "none") {
+461     }
+462 
+463     // 4. check whether alg is supported alg in jsjws.
+464     var sigAlg = null;
+465     if (_KJUR_jws_JWS.jwsalg2sigalg[pHeader.alg] === undefined) {
+466 	throw "unsupported alg name: " + alg;
+467     } else {
+468 	sigAlg = _KJUR_jws_JWS.jwsalg2sigalg[alg];
+469     }
+470 
+471     // 5. verify
+472     if (sigAlg == "none") {
+473         throw "not supported";
+474     } else if (sigAlg.substr(0, 4) == "Hmac") {
+475 	var hSig2 = null;
+476 	if (key === undefined)
+477 	    throw "hexadecimal key shall be specified for HMAC";
+478 	//try {
+479 	    var mac = new _Mac({'alg': sigAlg, 'pass': key});
+480 	    mac.updateString(uSignatureInput);
+481 	    hSig2 = mac.doFinal();
+482 	//} catch(ex) {};
+483 	return hSig == hSig2;
+484     } else if (sigAlg.indexOf("withECDSA") != -1) {
+485 	var hASN1Sig = null;
+486         try {
+487 	    hASN1Sig = _ECDSA.concatSigToASN1Sig(hSig);
+488 	} catch (ex) {
+489 	    return false;
+490 	}
+491 	var sig = new _Signature({'alg': sigAlg});
+492 	sig.init(key)
+493 	sig.updateString(uSignatureInput);
+494 	return sig.verify(hASN1Sig);
+495     } else {
+496 	var sig = new _Signature({'alg': sigAlg});
+497 	sig.init(key)
+498 	sig.updateString(uSignatureInput);
+499 	return sig.verify(hSig);
+500     }
+501 };
+502 
+503 /**
+504  * parse header and payload of JWS signature<br/>
+505  * @name parse
+506  * @memberOf KJUR.jws.JWS
+507  * @function
+508  * @static
+509  * @param {String} sJWS string of JWS signature to parse
+510  * @return {Array} associative array of parsed header and payload. See below.
+511  * @throws if sJWS is malformed JWS signature
+512  * @since jws 3.3.3
+513  * @description
+514  * This method parses JWS signature string. 
+515  * Resulted associative array has following properties:
+516  * <ul>
+517  * <li>headerObj - JSON object of header</li>
+518  * <li>payloadObj - JSON object of payload if payload is JSON string otherwise undefined</li>
+519  * <li>headerPP - pretty printed JSON header by stringify</li>
+520  * <li>payloadPP - pretty printed JSON payload by stringify if payload is JSON otherwise Base64URL decoded raw string of payload</li>
+521  * <li>sigHex - hexadecimal string of signature</li>
+522  * </ul>
+523  * @example
+524  * KJUR.jws.JWS.parse(sJWS) ->
+525  * { 
+526  *   headerObj: {"alg": "RS256", "typ": "JWS"},
+527  *   payloadObj: {"product": "orange", "quantity": 100},
+528  *   headerPP: 
+529  *   '{
+530  *     "alg": "RS256",
+531  *     "typ": "JWS"
+532  *   }',
+533  *   payloadPP: 
+534  *   '{
+535  *     "product": "orange",
+536  *     "quantity": 100
+537  *   }',
+538  *   sigHex: "91f3cd..." 
+539  * }
+540  */
+541 KJUR.jws.JWS.parse = function(sJWS) {
+542     var a = sJWS.split(".");
+543     var result = {};
+544     var uHeader, uPayload, uSig;
+545     if (a.length != 2 && a.length != 3)
+546 	throw "malformed sJWS: wrong number of '.' splitted elements";
+547 
+548     uHeader = a[0];
+549     uPayload = a[1];
+550     if (a.length == 3) uSig = a[2]; 
+551 
+552     result.headerObj = KJUR.jws.JWS.readSafeJSONString(b64utoutf8(uHeader));
+553     result.payloadObj = KJUR.jws.JWS.readSafeJSONString(b64utoutf8(uPayload));
+554 
+555     result.headerPP = JSON.stringify(result.headerObj, null, "  ");
+556     if (result.payloadObj == null) {
+557 	result.payloadPP = b64utoutf8(uPayload);
+558     } else {
+559 	result.payloadPP = JSON.stringify(result.payloadObj, null, "  ");
+560     }
+561 
+562     if (uSig !== undefined) {
+563 	result.sigHex = b64utohex(uSig);
+564     }
+565 
+566     return result;
+567 };
+568 
+569 /**
+570  * @name verifyJWT
+571  * @memberOf KJUR.jws.JWS
+572  * @function
+573  * @static
+574  * @param {String} sJWT string of JSON Web Token(JWT) to verify
+575  * @param {Object} key string of public key, certificate or key object to verify
+576  * @param {Array} acceptField associative array of acceptable fields (OPTION)
+577  * @return {Boolean} true if the JWT token is valid otherwise false
+578  * @since jws 3.2.3 jsrsasign 4.8.0
+579  *
+580  * @description
+581  * This method verifies a
+582  * <a href="https://tools.ietf.org/html/rfc7519">RFC 7519</a> 
+583  * JSON Web Token(JWT).
+584  * It will verify following:
+585  * <ul>
+586  * <li>Header.alg
+587  * <ul>
+588  * <li>alg is specified in JWT header.</li>
+589  * <li>alg is included in acceptField.alg array. (MANDATORY)</li>
+590  * <li>alg is proper for key.</li>
+591  * </ul>
+592  * </li>
+593  * <li>Payload.iss (issuer) - Payload.iss is included in acceptField.iss array if specified. (OPTION)</li>
+594  * <li>Payload.sub (subject) - Payload.sub is included in acceptField.sub array if specified. (OPTION)</li>
+595  * <li>Payload.aud (audience) - Payload.aud is included in acceptField.aud array or 
+596  *     the same as value if specified. (OPTION)</li>
+597  * <li>Time validity
+598  * <ul>
+599  * <li>
+600  * If acceptField.verifyAt as number of UNIX origin time is specifed for validation time, 
+601  * this method will verify at the time for it, otherwise current time will be used to verify.
+602  * </li>
+603  * <li>
+604  * Clock of JWT generator or verifier can be fast or slow. If these clocks are
+605  * very different, JWT validation may fail. To avoid such case, 'jsrsasign' supports
+606  * 'acceptField.gracePeriod' parameter which specifies acceptable time difference
+607  * of those clocks in seconds. So if you want to accept slow or fast in 2 hours,
+608  * you can specify <code>acceptField.gracePeriod = 2 * 60 * 60;</code>.
+609  * "gracePeriod" is zero by default.
+610  * "gracePeriod" is supported since jsrsasign 5.0.12.
+611  * </li>
+612  * <li>Payload.exp (expire) - Validation time is smaller than Payload.exp + gracePeriod.</li>
+613  * <li>Payload.nbf (not before) - Validation time is greater than Payload.nbf - gracePeriod.</li>
+614  * <li>Payload.iat (issued at) - Validation time is greater than Payload.iat - gracePeriod.</li>
+615  * </ul>
+616  * </li>
+617  * <li>Payload.jti (JWT id) - Payload.jti is included in acceptField.jti if specified. (OPTION)</li>
+618  * <li>JWS signature of JWS is valid for specified key.</li>
+619  * </ul>
+620  *
+621  * <h4>acceptField parameters</h4>
+622  * Here is available acceptField argument parameters:
+623  * <ul>
+624  * <li>alg - array of acceptable signature algorithm names (ex. ["HS256", "HS384"])</li>
+625  * <li>iss - array of acceptable issuer names (ex. ['http://foo.com'])</li>
+626  * <li>sub - array of acceptable subject names (ex. ['mailto:john@foo.com'])</li>
+627  * <li>aud - array or string of acceptable audience name(s) (ex. ['http://foo.com'])</li>
+628  * <li>jti - string of acceptable JWT ID (OPTION) (ex. 'id1234')</li>
+629  * <li>
+630  * verifyAt - time to verify 'nbf', 'iat' and 'exp' in UNIX seconds 
+631  * (OPTION) (ex. 1377663900).  
+632  * If this is not specified, current time of verifier will be used. 
+633  * {@link KJUR.jws.IntDate} may be useful to specify it.
+634  * </li>
+635  * <li>gracePeriod - acceptable time difference between signer and verifier
+636  * in seconds (ex. 3600). If this is not specified, zero will be used.</li>
+637  * </ul>
+638  *
+639  * @example
+640  * // simple validation for HS256
+641  * isValid = KJUR.jws.JWS.verifyJWT("eyJhbG...", "616161", {alg: ["HS256"]}),
+642  *
+643  * // full validation for RS or PS
+644  * pubkey = KEYUTIL.getKey('-----BEGIN CERT...');
+645  * isValid = KJUR.jws.JWS.verifyJWT('eyJh...', pubkey, {
+646  *   alg: ['RS256', 'RS512', 'PS256', 'PS512'],
+647  *   iss: ['http://foo.com'],
+648  *   sub: ['mailto:john@foo.com', 'mailto:alice@foo.com'],
+649  *   verifyAt: KJUR.jws.IntDate.get('20150520235959Z'),
+650  *   aud: ['http://foo.com'], // aud: 'http://foo.com' is fine too.
+651  *   jti: 'id123456',
+652  *   gracePeriod: 1 * 60 * 60 // accept 1 hour slow or fast
+653  * });
+654  */
+655 KJUR.jws.JWS.verifyJWT = function(sJWT, key, acceptField) {
+656     var _KJUR = KJUR,
+657 	_KJUR_jws = _KJUR.jws,
+658 	_KJUR_jws_JWS = _KJUR_jws.JWS,
+659 	_readSafeJSONString = _KJUR_jws_JWS.readSafeJSONString,
+660 	_inArray = _KJUR_jws_JWS.inArray,
+661 	_includedArray = _KJUR_jws_JWS.includedArray;
+662 
+663     // 1. parse JWT
+664     var a = sJWT.split(".");
+665     var uHeader = a[0];
+666     var uPayload = a[1];
+667     var uSignatureInput = uHeader + "." + uPayload;
+668     var hSig = b64utohex(a[2]);
+669 
+670     // 2. parse JWS header
+671     var pHeader = _readSafeJSONString(b64utoutf8(uHeader));
+672 
+673     // 3. parse JWS payload
+674     var pPayload = _readSafeJSONString(b64utoutf8(uPayload));
+675 
+676     // 4. algorithm ('alg' in header) check
+677     if (pHeader.alg === undefined) return false;
+678     if (acceptField.alg === undefined)
+679 	throw "acceptField.alg shall be specified";
+680     if (! _inArray(pHeader.alg, acceptField.alg)) return false;
+681 
+682     // 5. issuer ('iss' in payload) check
+683     if (pPayload.iss !== undefined && typeof acceptField.iss === "object") {
+684 	if (! _inArray(pPayload.iss, acceptField.iss)) return false;
+685     }
+686 
+687     // 6. subject ('sub' in payload) check
+688     if (pPayload.sub !== undefined && typeof acceptField.sub === "object") {
+689 	if (! _inArray(pPayload.sub, acceptField.sub)) return false;
+690     }
+691 
+692     // 7. audience ('aud' in payload) check
+693     if (pPayload.aud !== undefined && typeof acceptField.aud === "object") {
+694 	if (typeof pPayload.aud == "string") {
+695 	    if (! _inArray(pPayload.aud, acceptField.aud))
+696 		return false;
+697 	} else if (typeof pPayload.aud == "object") {
+698 	    if (! _includedArray(pPayload.aud, acceptField.aud))
+699 		return false;
+700 	}
+701     }
+702 
+703     // 8. time validity 
+704     //   (nbf - gracePeriod < now < exp + gracePeriod) && (iat - gracePeriod < now)
+705     var now = _KJUR_jws.IntDate.getNow();
+706     if (acceptField.verifyAt !== undefined && typeof acceptField.verifyAt === "number") {
+707 	now = acceptField.verifyAt;
+708     }
+709     if (acceptField.gracePeriod === undefined || 
+710         typeof acceptField.gracePeriod !== "number") {
+711 	acceptField.gracePeriod = 0;
+712     }
+713 
+714     // 8.1 expired time 'exp' check
+715     if (pPayload.exp !== undefined && typeof pPayload.exp == "number") {
+716 	if (pPayload.exp + acceptField.gracePeriod < now) return false;
+717     }
+718 
+719     // 8.2 not before time 'nbf' check
+720     if (pPayload.nbf !== undefined && typeof pPayload.nbf == "number") {
+721 	if (now < pPayload.nbf - acceptField.gracePeriod) return false;
+722     }
+723     
+724     // 8.3 issued at time 'iat' check
+725     if (pPayload.iat !== undefined && typeof pPayload.iat == "number") {
+726 	if (now < pPayload.iat - acceptField.gracePeriod) return false;
+727     }
+728 
+729     // 9 JWT id 'jti' check
+730     if (pPayload.jti !== undefined && acceptField.jti !== undefined) {
+731       if (pPayload.jti !== acceptField.jti) return false;
+732     }
+733 
+734     // 10 JWS signature check
+735     if (! _KJUR_jws_JWS.verify(sJWT, key, acceptField.alg)) return false;
+736 
+737     // 11 passed all check
+738     return true;
+739 };
+740 
+741 /**
+742  * check whether array is included by another array
+743  * @name includedArray
+744  * @memberOf KJUR.jws.JWS
+745  * @function
+746  * @static
+747  * @param {Array} a1 check whether set a1 is included by a2
+748  * @param {Array} a2 check whether set a1 is included by a2
+749  * @return {Boolean} check whether set a1 is included by a2
+750  * @since jws 3.2.3
+751  * This method verifies whether an array is included by another array.
+752  * It doesn't care about item ordering in a array.
+753  * @example
+754  * KJUR.jws.JWS.includedArray(['b'], ['b', 'c', 'a']) => true
+755  * KJUR.jws.JWS.includedArray(['a', 'b'], ['b', 'c', 'a']) => true
+756  * KJUR.jws.JWS.includedArray(['a', 'b'], ['b', 'c']) => false
+757  */
+758 KJUR.jws.JWS.includedArray = function(a1, a2) {
+759     var _inArray = KJUR.jws.JWS.inArray;
+760     if (a1 === null) return false;
+761     if (typeof a1 !== "object") return false;
+762     if (typeof a1.length !== "number") return false;
+763 
+764     for (var i = 0; i < a1.length; i++) {
+765 	if (! _inArray(a1[i], a2)) return false;
+766     }
+767     return true;
+768 };
+769 
+770 /**
+771  * check whether item is included by array
+772  * @name inArray
+773  * @memberOf KJUR.jws.JWS
+774  * @function
+775  * @static
+776  * @param {String} item check whether item is included by array
+777  * @param {Array} a check whether item is included by array
+778  * @return {Boolean} check whether item is included by array
+779  * @since jws 3.2.3
+780  * This method verifies whether an item is included by an array.
+781  * It doesn't care about item ordering in an array.
+782  * @example
+783  * KJUR.jws.JWS.inArray('b', ['b', 'c', 'a']) => true
+784  * KJUR.jws.JWS.inArray('a', ['b', 'c', 'a']) => true
+785  * KJUR.jws.JWS.inArray('a', ['b', 'c']) => false
+786  */
+787 KJUR.jws.JWS.inArray = function(item, a) {
+788     if (a === null) return false;
+789     if (typeof a !== "object") return false;
+790     if (typeof a.length !== "number") return false;
+791     for (var i = 0; i < a.length; i++) {
+792 	if (a[i] == item) return true;
+793     }
+794     return false;
+795 };
+796 
+797 /**
+798  * static associative array of general signature algorithm name from JWS algorithm name
+799  * @since jws 3.0.0
+800  */
+801 KJUR.jws.JWS.jwsalg2sigalg = {
+802     "HS256":	"HmacSHA256",
+803     "HS384":	"HmacSHA384",
+804     "HS512":	"HmacSHA512",
+805     "RS256":	"SHA256withRSA",
+806     "RS384":	"SHA384withRSA",
+807     "RS512":	"SHA512withRSA",
+808     "ES256":	"SHA256withECDSA",
+809     "ES384":	"SHA384withECDSA",
+810     //"ES512":	"SHA512withECDSA", // unsupported because of jsrsasign's bug
+811     "PS256":	"SHA256withRSAandMGF1",
+812     "PS384":	"SHA384withRSAandMGF1",
+813     "PS512":	"SHA512withRSAandMGF1",
+814     "none":	"none",
+815 };
+816 
+817 // === utility static method ==================================================
+818 
+819 /**
+820  * check whether a String "s" is a safe JSON string or not.<br/>
+821  * If a String "s" is a malformed JSON string or an other object type
+822  * this returns 0, otherwise this returns 1.
+823  * @name isSafeJSONString
+824  * @memberOf KJUR.jws.JWS
+825  * @function
+826  * @static
+827  * @param {String} s JSON string
+828  * @return {Number} 1 or 0
 829  */
-830 KJUR.jws.JWS.readSafeJSONString = function(s) {
+830 KJUR.jws.JWS.isSafeJSONString = function(s, h, p) {
 831     var o = null;
 832     try {
 833 	o = jsonParse(s);
-834 	if (typeof o != "object") return null;
-835 	if (o.constructor === Array) return null;
-836 	return o;
-837     } catch (ex) {
-838 	return null;
-839     }
-840 };
-841 
-842 /**
-843  * get Encoed Signature Value from JWS string.<br/>
-844  * @name getEncodedSignatureValueFromJWS
-845  * @memberOf KJUR.jws.JWS
-846  * @function
-847  * @static
-848  * @param {String} sJWS JWS signature string to be verified
-849  * @return {String} string of Encoded Signature Value 
-850  * @throws if sJWS is not comma separated string such like "Header.Payload.Signature".
-851  */
-852 KJUR.jws.JWS.getEncodedSignatureValueFromJWS = function(sJWS) {
-853     var matchResult = sJWS.match(/^[^.]+\.[^.]+\.([^.]+)$/);
-854     if (matchResult == null) {
-855 	throw "JWS signature is not a form of 'Head.Payload.SigValue'.";
-856     }
-857     return matchResult[1];
-858 };
-859 
-860 /**
-861  * get RFC 7638 JWK thumbprint from JWK object
-862  * @name getJWKthumbprint
-863  * @memberOf KJUR.jws.JWS
-864  * @function
-865  * @static
-866  * @param {Object} o JWK object to be calculated thumbprint
-867  * @return {String} Base64 URL encoded JWK thumbprint value
-868  * @since jsrsasign 5.0.2 jws 3.3.2
-869  * @description
-870  * This method calculates JWK thmubprint for specified JWK object
-871  * as described in 
-872  * <a href="https://tools.ietf.org/html/rfc7638">RFC 7638</a>.
-873  * It supports all type of "kty". (i.e. "RSA", "EC" and "oct"
-874  * (for symmetric key))
-875  * Working sample is 
-876  * <a href="https://kjur.github.io/jsrsasign/sample/tool_jwktp.html">here</a>.
-877  * @example
-878  * jwk = {"kty":"RSA", "n":"0vx...", "e":"AQAB", ...};
-879  * thumbprint = KJUR.jws.JWS.getJWKthumbprint(jwk);
-880  */
-881 KJUR.jws.JWS.getJWKthumbprint = function(o) {
-882     if (o.kty !== "RSA" &&
-883 	o.kty !== "EC" &&
-884 	o.kty !== "oct")
-885 	throw "unsupported algorithm for JWK Thumprint";
-886 
-887     // 1. get canonically ordered json string
-888     var s = '{';
-889     if (o.kty === "RSA") {
-890 	if (typeof o.n != "string" || typeof o.e != "string")
-891 	    throw "wrong n and e value for RSA key";
-892 	s += '"' + 'e' + '":"' + o.e + '",';
-893 	s += '"' + 'kty' + '":"' + o.kty + '",';
-894 	s += '"' + 'n' + '":"' + o.n + '"}';
-895     } else if (o.kty === "EC") {
-896 	if (typeof o.crv != "string" || 
-897 	    typeof o.x != "string" ||
-898 	    typeof o.y != "string")
-899 	    throw "wrong crv, x and y value for EC key";
-900 	s += '"' + 'crv' + '":"' + o.crv + '",';
-901 	s += '"' + 'kty' + '":"' + o.kty + '",';
-902 	s += '"' + 'x' + '":"' + o.x + '",';
-903 	s += '"' + 'y' + '":"' + o.y + '"}';
-904     } else if (o.kty === "oct") {
-905 	if (typeof o.k != "string")
-906 	    throw "wrong k value for oct(symmetric) key";
-907 	s += '"' + 'kty' + '":"' + o.kty + '",';
-908 	s += '"' + 'k' + '":"' + o.k + '"}';
-909     }
-910     //alert(s);
+834 	if (typeof o != "object") return 0;
+835 	if (o.constructor === Array) return 0;
+836 	if (h) h[p] = o;
+837 	return 1;
+838     } catch (ex) {
+839 	return 0;
+840     }
+841 };
+842 
+843 /**
+844  * read a String "s" as JSON object if it is safe.<br/>
+845  * If a String "s" is a malformed JSON string or not JSON string,
+846  * this returns null, otherwise returns JSON object.
+847  * @name readSafeJSONString
+848  * @memberOf KJUR.jws.JWS
+849  * @function
+850  * @static
+851  * @param {String} s JSON string
+852  * @return {Object} JSON object or null
+853  * @since 1.1.1
+854  */
+855 KJUR.jws.JWS.readSafeJSONString = function(s) {
+856     var o = null;
+857     try {
+858 	o = jsonParse(s);
+859 	if (typeof o != "object") return null;
+860 	if (o.constructor === Array) return null;
+861 	return o;
+862     } catch (ex) {
+863 	return null;
+864     }
+865 };
+866 
+867 /**
+868  * get Encoed Signature Value from JWS string.<br/>
+869  * @name getEncodedSignatureValueFromJWS
+870  * @memberOf KJUR.jws.JWS
+871  * @function
+872  * @static
+873  * @param {String} sJWS JWS signature string to be verified
+874  * @return {String} string of Encoded Signature Value 
+875  * @throws if sJWS is not comma separated string such like "Header.Payload.Signature".
+876  */
+877 KJUR.jws.JWS.getEncodedSignatureValueFromJWS = function(sJWS) {
+878     var matchResult = sJWS.match(/^[^.]+\.[^.]+\.([^.]+)$/);
+879     if (matchResult == null) {
+880 	throw "JWS signature is not a form of 'Head.Payload.SigValue'.";
+881     }
+882     return matchResult[1];
+883 };
+884 
+885 /**
+886  * get RFC 7638 JWK thumbprint from JWK object
+887  * @name getJWKthumbprint
+888  * @memberOf KJUR.jws.JWS
+889  * @function
+890  * @static
+891  * @param {Object} o JWK object to be calculated thumbprint
+892  * @return {String} Base64 URL encoded JWK thumbprint value
+893  * @since jsrsasign 5.0.2 jws 3.3.2
+894  * @description
+895  * This method calculates JWK thmubprint for specified JWK object
+896  * as described in 
+897  * <a href="https://tools.ietf.org/html/rfc7638">RFC 7638</a>.
+898  * It supports all type of "kty". (i.e. "RSA", "EC" and "oct"
+899  * (for symmetric key))
+900  * Working sample is 
+901  * <a href="https://kjur.github.io/jsrsasign/sample/tool_jwktp.html">here</a>.
+902  * @example
+903  * jwk = {"kty":"RSA", "n":"0vx...", "e":"AQAB", ...};
+904  * thumbprint = KJUR.jws.JWS.getJWKthumbprint(jwk);
+905  */
+906 KJUR.jws.JWS.getJWKthumbprint = function(o) {
+907     if (o.kty !== "RSA" &&
+908 	o.kty !== "EC" &&
+909 	o.kty !== "oct")
+910 	throw "unsupported algorithm for JWK Thumprint";
 911 
-912     // 2. get thumb print
-913     var hJWK = rstrtohex(s);
-914     var hash = KJUR.crypto.Util.hashHex(hJWK, "sha256");
-915     var hashB64U = hextob64u(hash);
-916 
-917     return hashB64U;
-918 };
-919 
-920 /**
-921  * IntDate class for time representation for JSON Web Token(JWT)
-922  * @class KJUR.jws.IntDate class
-923  * @name KJUR.jws.IntDate
-924  * @since jws 3.0.1
-925  * @description
-926  * Utility class for IntDate which is integer representation of UNIX origin time
-927  * used in JSON Web Token(JWT).
-928  */
-929 KJUR.jws.IntDate = {};
-930 
-931 /**
-932  * get UNIX origin time from by string
-933  * @name get
-934  * @memberOf KJUR.jws.IntDate
-935  * @function
-936  * @static
-937  * @param {String} s string of time representation
-938  * @return {Integer} UNIX origin time in seconds for argument 's'
-939  * @since jws 3.0.1
-940  * @throws "unsupported format: s" when malformed format
-941  * @description
-942  * This method will accept following representation of time.
-943  * <ul>
-944  * <li>now - current time</li>
-945  * <li>now + 1hour - after 1 hour from now</li>
-946  * <li>now + 1day - after 1 day from now</li>
-947  * <li>now + 1month - after 30 days from now</li>
-948  * <li>now + 1year - after 365 days from now</li>
-949  * <li>YYYYmmDDHHMMSSZ - UTC time (ex. 20130828235959Z)</li>
-950  * <li>number - UNIX origin time (seconds from 1970-01-01 00:00:00) (ex. 1377714748)</li>
-951  * </ul>
-952  */
-953 KJUR.jws.IntDate.get = function(s) {
-954     if (s == "now") {
-955 	return KJUR.jws.IntDate.getNow();
-956     } else if (s == "now + 1hour") {
-957 	return KJUR.jws.IntDate.getNow() + 60 * 60;
-958     } else if (s == "now + 1day") {
-959 	return KJUR.jws.IntDate.getNow() + 60 * 60 * 24;
-960     } else if (s == "now + 1month") {
-961 	return KJUR.jws.IntDate.getNow() + 60 * 60 * 24 * 30;
-962     } else if (s == "now + 1year") {
-963 	return KJUR.jws.IntDate.getNow() + 60 * 60 * 24 * 365;
-964     } else if (s.match(/Z$/)) {
-965 	return KJUR.jws.IntDate.getZulu(s);
-966     } else if (s.match(/^[0-9]+$/)) {
-967 	return parseInt(s);
-968     }
-969     throw "unsupported format: " + s;
-970 };
-971 
-972 /**
-973  * get UNIX origin time from Zulu time representation string
-974  * @name getZulu
-975  * @memberOf KJUR.jws.IntDate
-976  * @function
-977  * @static
-978  * @param {String} s string of Zulu time representation (ex. 20151012125959Z)
-979  * @return {Integer} UNIX origin time in seconds for argument 's'
-980  * @since jws 3.0.1
-981  * @throws "unsupported format: s" when malformed format
-982  * @description
-983  * This method provides UNIX origin time from Zulu time.
-984  * Following representations are supported:
-985  * <ul>
-986  * <li>YYYYMMDDHHmmSSZ - GeneralizedTime format</li>
-987  * <li>YYMMDDHHmmSSZ - UTCTime format. If YY is greater or equal to 
-988  * 50 then it represents 19YY otherwise 20YY.</li>
-989  * </ul>
-990  * @example
-991  * KJUR.jws.IntDate.getZulu("20151012125959Z") => 1478...
-992  * KJUR.jws.IntDate.getZulu("151012125959Z") => 1478...
-993  */
-994 KJUR.jws.IntDate.getZulu = function(s) {
-995     return zulutosec(s);
-996 };
-997 
-998 /**
-999  * get UNIX origin time of current time
-1000  * @name getNow
-1001  * @memberOf KJUR.jws.IntDate
-1002  * @function
-1003  * @static
-1004  * @return {Integer} UNIX origin time for current time
-1005  * @since jws 3.0.1
-1006  * @description
-1007  * This method provides UNIX origin time for current time
-1008  * @example
-1009  * KJUR.jws.IntDate.getNow() => 1478...
-1010  */
-1011 KJUR.jws.IntDate.getNow = function() {
-1012     var d = ~~(new Date() / 1000);
-1013     return d;
-1014 };
-1015 
-1016 /**
-1017  * get UTC time string from UNIX origin time value
-1018  * @name intDate2UTCString
-1019  * @memberOf KJUR.jws.IntDate
-1020  * @function
-1021  * @static
-1022  * @param {Integer} intDate UNIX origin time value (ex. 1478...)
-1023  * @return {String} UTC time string
-1024  * @since jws 3.0.1
-1025  * @description
-1026  * This method provides UTC time string for UNIX origin time value.
-1027  * @example
-1028  * KJUR.jws.IntDate.intDate2UTCString(1478...) => "2015 Oct ..."
-1029  */
-1030 KJUR.jws.IntDate.intDate2UTCString = function(intDate) {
-1031     var d = new Date(intDate * 1000);
-1032     return d.toUTCString();
-1033 };
-1034 
-1035 /**
-1036  * get UTC time string from UNIX origin time value
-1037  * @name intDate2Zulu
-1038  * @memberOf KJUR.jws.IntDate
-1039  * @function
-1040  * @static
-1041  * @param {Integer} intDate UNIX origin time value (ex. 1478...)
-1042  * @return {String} Zulu time string
-1043  * @since jws 3.0.1
-1044  * @description
-1045  * This method provides Zulu time string for UNIX origin time value.
-1046  * @example
-1047  * KJUR.jws.IntDate.intDate2UTCString(1478...) => "20151012...Z"
-1048  */
-1049 KJUR.jws.IntDate.intDate2Zulu = function(intDate) {
-1050     var d = new Date(intDate * 1000);
-1051     var year = ("0000" + d.getUTCFullYear()).slice(-4);    
-1052     var mon =  ("00" + (d.getUTCMonth() + 1)).slice(-2);    
-1053     var day =  ("00" + d.getUTCDate()).slice(-2);    
-1054     var hour = ("00" + d.getUTCHours()).slice(-2);    
-1055     var min =  ("00" + d.getUTCMinutes()).slice(-2);    
-1056     var sec =  ("00" + d.getUTCSeconds()).slice(-2);    
-1057     return year + mon + day + hour + min + sec + "Z";
-1058 };
-1059 
-1060 
\ No newline at end of file +912
// 1. get canonically ordered json string +913 var s = '{'; +914 if (o.kty === "RSA") { +915 if (typeof o.n != "string" || typeof o.e != "string") +916 throw "wrong n and e value for RSA key"; +917 s += '"' + 'e' + '":"' + o.e + '",'; +918 s += '"' + 'kty' + '":"' + o.kty + '",'; +919 s += '"' + 'n' + '":"' + o.n + '"}'; +920 } else if (o.kty === "EC") { +921 if (typeof o.crv != "string" || +922 typeof o.x != "string" || +923 typeof o.y != "string") +924 throw "wrong crv, x and y value for EC key"; +925 s += '"' + 'crv' + '":"' + o.crv + '",'; +926 s += '"' + 'kty' + '":"' + o.kty + '",'; +927 s += '"' + 'x' + '":"' + o.x + '",'; +928 s += '"' + 'y' + '":"' + o.y + '"}'; +929 } else if (o.kty === "oct") { +930 if (typeof o.k != "string") +931 throw "wrong k value for oct(symmetric) key"; +932 s += '"' + 'kty' + '":"' + o.kty + '",'; +933 s += '"' + 'k' + '":"' + o.k + '"}'; +934 } +935 //alert(s); +936 +937 // 2. get thumb print +938 var hJWK = rstrtohex(s); +939 var hash = KJUR.crypto.Util.hashHex(hJWK, "sha256"); +940 var hashB64U = hextob64u(hash); +941 +942 return hashB64U; +943 }; +944 +945 /** +946 * IntDate class for time representation for JSON Web Token(JWT) +947 * @class KJUR.jws.IntDate class +948 * @name KJUR.jws.IntDate +949 * @since jws 3.0.1 +950 * @description +951 * Utility class for IntDate which is integer representation of UNIX origin time +952 * used in JSON Web Token(JWT). +953 */ +954 KJUR.jws.IntDate = {}; +955 +956 /** +957 * get UNIX origin time from by string +958 * @name get +959 * @memberOf KJUR.jws.IntDate +960 * @function +961 * @static +962 * @param {String} s string of time representation +963 * @return {Integer} UNIX origin time in seconds for argument 's' +964 * @since jws 3.0.1 +965 * @throws "unsupported format: s" when malformed format +966 * @description +967 * This method will accept following representation of time. +968 * <ul> +969 * <li>now - current time</li> +970 * <li>now + 1hour - after 1 hour from now</li> +971 * <li>now + 1day - after 1 day from now</li> +972 * <li>now + 1month - after 30 days from now</li> +973 * <li>now + 1year - after 365 days from now</li> +974 * <li>YYYYmmDDHHMMSSZ - UTC time (ex. 20130828235959Z)</li> +975 * <li>number - UNIX origin time (seconds from 1970-01-01 00:00:00) (ex. 1377714748)</li> +976 * </ul> +977 */ +978 KJUR.jws.IntDate.get = function(s) { +979 var _KJUR_jws_IntDate = KJUR.jws.IntDate, +980 _getNow = _KJUR_jws_IntDate.getNow, +981 _getZulu = _KJUR_jws_IntDate.getZulu; +982 +983 if (s == "now") { +984 return _getNow(); +985 } else if (s == "now + 1hour") { +986 return _getNow() + 60 * 60; +987 } else if (s == "now + 1day") { +988 return _getNow() + 60 * 60 * 24; +989 } else if (s == "now + 1month") { +990 return _getNow() + 60 * 60 * 24 * 30; +991 } else if (s == "now + 1year") { +992 return _getNow() + 60 * 60 * 24 * 365; +993 } else if (s.match(/Z$/)) { +994 return _getZulu(s); +995 } else if (s.match(/^[0-9]+$/)) { +996 return parseInt(s); +997 } +998 throw "unsupported format: " + s; +999 }; +1000 +1001 /** +1002 * get UNIX origin time from Zulu time representation string +1003 * @name getZulu +1004 * @memberOf KJUR.jws.IntDate +1005 * @function +1006 * @static +1007 * @param {String} s string of Zulu time representation (ex. 20151012125959Z) +1008 * @return {Integer} UNIX origin time in seconds for argument 's' +1009 * @since jws 3.0.1 +1010 * @throws "unsupported format: s" when malformed format +1011 * @description +1012 * This method provides UNIX origin time from Zulu time. +1013 * Following representations are supported: +1014 * <ul> +1015 * <li>YYYYMMDDHHmmSSZ - GeneralizedTime format</li> +1016 * <li>YYMMDDHHmmSSZ - UTCTime format. If YY is greater or equal to +1017 * 50 then it represents 19YY otherwise 20YY.</li> +1018 * </ul> +1019 * @example +1020 * KJUR.jws.IntDate.getZulu("20151012125959Z") => 1478... +1021 * KJUR.jws.IntDate.getZulu("151012125959Z") => 1478... +1022 */ +1023 KJUR.jws.IntDate.getZulu = function(s) { +1024 return zulutosec(s); +1025 }; +1026 +1027 /** +1028 * get UNIX origin time of current time +1029 * @name getNow +1030 * @memberOf KJUR.jws.IntDate +1031 * @function +1032 * @static +1033 * @return {Integer} UNIX origin time for current time +1034 * @since jws 3.0.1 +1035 * @description +1036 * This method provides UNIX origin time for current time +1037 * @example +1038 * KJUR.jws.IntDate.getNow() => 1478... +1039 */ +1040 KJUR.jws.IntDate.getNow = function() { +1041 var d = ~~(new Date() / 1000); +1042 return d; +1043 }; +1044 +1045 /** +1046 * get UTC time string from UNIX origin time value +1047 * @name intDate2UTCString +1048 * @memberOf KJUR.jws.IntDate +1049 * @function +1050 * @static +1051 * @param {Integer} intDate UNIX origin time value (ex. 1478...) +1052 * @return {String} UTC time string +1053 * @since jws 3.0.1 +1054 * @description +1055 * This method provides UTC time string for UNIX origin time value. +1056 * @example +1057 * KJUR.jws.IntDate.intDate2UTCString(1478...) => "2015 Oct ..." +1058 */ +1059 KJUR.jws.IntDate.intDate2UTCString = function(intDate) { +1060 var d = new Date(intDate * 1000); +1061 return d.toUTCString(); +1062 }; +1063 +1064 /** +1065 * get UTC time string from UNIX origin time value +1066 * @name intDate2Zulu +1067 * @memberOf KJUR.jws.IntDate +1068 * @function +1069 * @static +1070 * @param {Integer} intDate UNIX origin time value (ex. 1478...) +1071 * @return {String} Zulu time string +1072 * @since jws 3.0.1 +1073 * @description +1074 * This method provides Zulu time string for UNIX origin time value. +1075 * @example +1076 * KJUR.jws.IntDate.intDate2UTCString(1478...) => "20151012...Z" +1077 */ +1078 KJUR.jws.IntDate.intDate2Zulu = function(intDate) { +1079 var d = new Date(intDate * 1000), +1080 year = ("0000" + d.getUTCFullYear()).slice(-4), +1081 mon = ("00" + (d.getUTCMonth() + 1)).slice(-2), +1082 day = ("00" + d.getUTCDate()).slice(-2), +1083 hour = ("00" + d.getUTCHours()).slice(-2), +1084 min = ("00" + d.getUTCMinutes()).slice(-2), +1085 sec = ("00" + d.getUTCSeconds()).slice(-2); +1086 return year + mon + day + hour + min + sec + "Z"; +1087 }; +1088 +1089
\ No newline at end of file diff --git a/api/symbols/src/jwsjs-2.0.js.html b/api/symbols/src/jwsjs-2.0.js.html index e9adff75..4b8beebc 100644 --- a/api/symbols/src/jwsjs-2.0.js.html +++ b/api/symbols/src/jwsjs-2.0.js.html @@ -5,87 +5,87 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
  1 /*! jwsjs-2.1.0 (c) 2010-2016 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* jwsjs-2.1.1 (c) 2010-2016 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * jwsjs.js - JSON Web Signature JSON Serialization (JWSJS) Class
   5  *
-  6  * version: 2.1.0 (2016 Sep 6)
+  6  * Copyright (c) 2010-2017 Kenji Urushima (kenji.urushima@gmail.com)
   7  *
-  8  * Copyright (c) 2010-2016 Kenji Urushima (kenji.urushima@gmail.com)
-  9  *
- 10  * This software is licensed under the terms of the MIT License.
- 11  * http://kjur.github.com/jsrsasign/license/
- 12  *
- 13  * The above copyright and license notice shall be 
- 14  * included in all copies or substantial portions of the Software.
- 15  */
- 16 
- 17 /**
- 18  * @fileOverview
- 19  * @name jwsjs-2.0.js
- 20  * @author Kenji Urushima kenji.urushima@gmail.com
- 21  * @version 2.1.0 (2016 Sep 6)
- 22  * @since jsjws 1.2, jsrsasign 4.8.0
- 23  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
- 24  */
- 25 
- 26 if (typeof KJUR == "undefined" || !KJUR) KJUR = {};
- 27 if (typeof KJUR.jws == "undefined" || !KJUR.jws) KJUR.jws = {};
- 28 
- 29 /**
- 30  * JSON Web Signature JSON Serialization (JWSJS) class.<br/>
- 31  * @class JSON Web Signature JSON Serialization (JWSJS) class
- 32  * @name KJUR.jws.JWSJS
- 33  * @property {array of String} aHeader array of Encoded JWS Headers
- 34  * @property {String} sPayload Encoded JWS payload
- 35  * @property {array of String} aSignature array of Encoded JWS signature value
- 36  * @author Kenji Urushima
- 37  * @version 2.1.0 (2016 Sep 6)
- 38  * @see <a href="http://kjur.github.com/jsjws/">old jwjws home page http://kjur.github.com/jsjws/</a>
- 39  * @see <a href="http://kjur.github.com/jsrsasigns/">'jwrsasign'(RSA Sign JavaScript Library) home page http://kjur.github.com/jsrsasign/</a>
- 40  * @see <a href="http://tools.ietf.org/html/draft-jones-json-web-signature-json-serialization-01">IETF I-D JSON Web Signature JSON Serialization (JWS-JS) specification</a>
- 41  *
- 42  * @description
- 43  * This class generates and verfies "JSON Web Signature JSON Serialization (JWSJS)" of
- 44  * <a href="http://tools.ietf.org/html/draft-jones-json-web-signature-json-serialization-01">
- 45  * IETF Internet Draft</a>. Here is major methods of this class:
- 46  * <ul>
- 47  * <li>{@link KJUR.jws.JWSJS#readJWSJS} - initialize with string or JSON object of JWSJS.</li>
- 48  * <li>{@link KJUR.jws.JWSJS#initWithJWS} - initialize with JWS as first signature.</li>
- 49  * <li>{@link KJUR.jws.JWSJS#addSignature} - append signature to JWSJS object.</li>
- 50  * <li>{@link KJUR.jws.JWSJS#verifyAll} - verify all signatures in JWSJS object.</li>
- 51  * <li>{@link KJUR.jws.JWSJS#getJSON} - get result of JWSJS object as JSON object.</li>
- 52  * </ul>
- 53  *
- 54  * @example
- 55  * // initialize
- 56  * jwsjs1 = new KJUR.jws.JWSJS();
- 57  * jwsjs1.readJWSJS("{headers: [...], payload: "eyJ...", signatures: [...]}");
- 58  * 
- 59  * // add PS256 signature with RSA private key object
- 60  * prvKeyObj = KEYUTIL.getKey("-----BEGIN PRIVATE KEY...");
- 61  * jwsjs1.addSignature("PS256", {alg: "PS256"}, prvKeyObj);
- 62  * // add HS256 signature with HMAC password "secret"
- 63  * jwsjs1.addSignature(null, {alg: "HS256"}, {utf8: "secret"});
- 64  * 
- 65  * // get result finally
- 66  * jwsjsObj1 = jwsjs1.getJSON();
- 67  *
- 68  * // verify all signatures
- 69  * isValid = jwsjs1.verifyAll([["-----BEGIN CERT...", ["RS256"]],
- 70  *                             [{utf8: "secret"}, ["HS256"]]]); 
- 71  * 
- 72  */
- 73 KJUR.jws.JWSJS = function() {
- 74     var ns1 = KJUR.jws.JWS;
- 75     var nJWS = KJUR.jws.JWS;
+  8  * This software is licensed under the terms of the MIT License.
+  9  * http://kjur.github.com/jsrsasign/license/
+ 10  *
+ 11  * The above copyright and license notice shall be 
+ 12  * included in all copies or substantial portions of the Software.
+ 13  */
+ 14 
+ 15 /**
+ 16  * @fileOverview
+ 17  * @name jwsjs-2.0.js
+ 18  * @author Kenji Urushima kenji.urushima@gmail.com
+ 19  * @version jsrsasign 7.2.1 jwsjs 2.1.1 (2017-Jun-03)
+ 20  * @since jsjws 1.2, jsrsasign 4.8.0
+ 21  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
+ 22  */
+ 23 
+ 24 if (typeof KJUR == "undefined" || !KJUR) KJUR = {};
+ 25 if (typeof KJUR.jws == "undefined" || !KJUR.jws) KJUR.jws = {};
+ 26 
+ 27 /**
+ 28  * JSON Web Signature JSON Serialization (JWSJS) class.<br/>
+ 29  * @class JSON Web Signature JSON Serialization (JWSJS) class
+ 30  * @name KJUR.jws.JWSJS
+ 31  * @property {array of String} aHeader array of Encoded JWS Headers
+ 32  * @property {String} sPayload Encoded JWS payload
+ 33  * @property {array of String} aSignature array of Encoded JWS signature value
+ 34  * @author Kenji Urushima
+ 35  * @version 2.1.0 (2016 Sep 6)
+ 36  * @see <a href="http://kjur.github.com/jsjws/">old jwjws home page http://kjur.github.com/jsjws/</a>
+ 37  * @see <a href="http://kjur.github.com/jsrsasigns/">'jwrsasign'(RSA Sign JavaScript Library) home page http://kjur.github.com/jsrsasign/</a>
+ 38  * @see <a href="http://tools.ietf.org/html/draft-jones-json-web-signature-json-serialization-01">IETF I-D JSON Web Signature JSON Serialization (JWS-JS) specification</a>
+ 39  *
+ 40  * @description
+ 41  * This class generates and verfies "JSON Web Signature JSON Serialization (JWSJS)" of
+ 42  * <a href="http://tools.ietf.org/html/draft-jones-json-web-signature-json-serialization-01">
+ 43  * IETF Internet Draft</a>. Here is major methods of this class:
+ 44  * <ul>
+ 45  * <li>{@link KJUR.jws.JWSJS#readJWSJS} - initialize with string or JSON object of JWSJS.</li>
+ 46  * <li>{@link KJUR.jws.JWSJS#initWithJWS} - initialize with JWS as first signature.</li>
+ 47  * <li>{@link KJUR.jws.JWSJS#addSignature} - append signature to JWSJS object.</li>
+ 48  * <li>{@link KJUR.jws.JWSJS#verifyAll} - verify all signatures in JWSJS object.</li>
+ 49  * <li>{@link KJUR.jws.JWSJS#getJSON} - get result of JWSJS object as JSON object.</li>
+ 50  * </ul>
+ 51  *
+ 52  * @example
+ 53  * // initialize
+ 54  * jwsjs1 = new KJUR.jws.JWSJS();
+ 55  * jwsjs1.readJWSJS("{headers: [...], payload: "eyJ...", signatures: [...]}");
+ 56  * 
+ 57  * // add PS256 signature with RSA private key object
+ 58  * prvKeyObj = KEYUTIL.getKey("-----BEGIN PRIVATE KEY...");
+ 59  * jwsjs1.addSignature("PS256", {alg: "PS256"}, prvKeyObj);
+ 60  * // add HS256 signature with HMAC password "secret"
+ 61  * jwsjs1.addSignature(null, {alg: "HS256"}, {utf8: "secret"});
+ 62  * 
+ 63  * // get result finally
+ 64  * jwsjsObj1 = jwsjs1.getJSON();
+ 65  *
+ 66  * // verify all signatures
+ 67  * isValid = jwsjs1.verifyAll([["-----BEGIN CERT...", ["RS256"]],
+ 68  *                             [{utf8: "secret"}, ["HS256"]]]); 
+ 69  * 
+ 70  */
+ 71 KJUR.jws.JWSJS = function() {
+ 72     var _KJUR = KJUR,
+ 73 	_KJUR_jws = _KJUR.jws,
+ 74 	_KJUR_jws_JWS = _KJUR_jws.JWS,
+ 75 	_readSafeJSONString = _KJUR_jws_JWS.readSafeJSONString;
  76 
  77     this.aHeader = [];
  78     this.sPayload = "";
  79     this.aSignature = [];
  80 
- 81     // == initialize ===================================================================
+ 81     // == initialize ==========================================================
  82     /**
  83      * (re-)initialize this object.<br/>
  84      * @name init
@@ -120,7 +120,7 @@
 113 	this.aSignature.push(a[2]);
 114     };
 115 
-116     // == add signature ===================================================================
+116     // == add signature =======================================================
 117     /**
 118      * add a signature to existing JWS-JS by algorithm, header and key.<br/>
 119      * @name addSignature
@@ -207,7 +207,7 @@
 200 	this.aSignature.push(jws.parsedJWS.sigvalB64U);
 201     };
 202 
-203     // == verify signature ===================================================================
+203     // == verify signature ====================================================
 204     /**
 205      * verify all signature of JWS-JS object by array of key and acceptAlgs.<br/>
 206      * @name verifyAll
@@ -260,7 +260,7 @@
 253 	var sJWS = sHeader + "." + this.sPayload + "." + sSignature;
 254 	var result = false;
 255 	try {
-256 	    result = nJWS.verify(sJWS, key, acceptAlgs);
+256 	    result = _KJUR_jws_JWS.verify(sJWS, key, acceptAlgs);
 257 	} catch (ex) {
 258 	    return false;
 259 	}
@@ -330,7 +330,7 @@
 323      */
 324     this.readJWSJS = function(spJWSJS) {
 325 	if (typeof spJWSJS === "string") {
-326 	    var oJWSJS = ns1.readSafeJSONString(spJWSJS);
+326 	    var oJWSJS = _readSafeJSONString(spJWSJS);
 327 	    if (oJWSJS == null) throw "argument is not safe JSON object string";
 328 
 329 	    this.aHeader = oJWSJS.headers;
@@ -359,7 +359,7 @@
 352 	}
 353     };
 354 
-355     // == utility ===================================================================
+355     // == utility =============================================================
 356     /**
 357      * get JSON object for this JWS-JS object.<br/>
 358      * @name getJSON
diff --git a/api/symbols/src/keyutil-1.0.js.html b/api/symbols/src/keyutil-1.0.js.html
index 17c21cb2..103b6b74 100644
--- a/api/symbols/src/keyutil-1.0.js.html
+++ b/api/symbols/src/keyutil-1.0.js.html
@@ -5,7 +5,7 @@
 	.STRN {color: #393;}
 	.REGX {color: #339;}
 	.line {border-right: 1px dotted #666; color: #666; font-style: normal;}
-	
  1 /*! keyutil-1.1.1.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* keyutil-1.1.2.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * keyutil.js - key utility for PKCS#1/5/8 PEM, RSA/DSA/ECDSA key object
@@ -22,7 +22,7 @@
  15  * @fileOverview
  16  * @name keyutil-1.0.js
  17  * @author Kenji Urushima kenji.urushima@gmail.com
- 18  * @version jsrsasign 7.2.0 keyutil 1.1.1 (2017-May-21)
+ 18  * @version jsrsasign 7.2.1 keyutil 1.1.2 (2017-Jun-03)
  19  * @since jsrsasign 4.1.4
  20  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
  21  */
@@ -296,7 +296,7 @@
 289 	 * @deprecated from keyutil 1.1.0 jsrsasign 7.0.1. please move to {@link ASN1HEX.pemToHex}
 290          */
 291         getHexFromPEM: function(sPEM, sHead) {
-292 	    return ASN1HEX.pemToHex(sPEM, sHead);
+292 	    return pemtohex(sPEM, sHead);
 293         },
 294 
 295         /**
@@ -557,7 +557,7 @@
 550         getRSAKeyFromPlainPKCS8PEM: function(pkcs8PEM) {
 551             if (pkcs8PEM.match(/ENCRYPTED/))
 552                 throw "pem shall be not ENCRYPTED";
-553             var prvKeyHex = ASN1HEX.pemToHex(pkcs8PEM, "PRIVATE KEY");
+553             var prvKeyHex = pemtohex(pkcs8PEM, "PRIVATE KEY");
 554             var rsaKey = this.getRSAKeyFromPlainPKCS8Hex(prvKeyHex);
 555             return rsaKey;
 556         },
@@ -726,7 +726,7 @@
 719          */
 720         getPlainPKCS8HexFromEncryptedPKCS8PEM: function(pkcs8PEM, passcode) {
 721             // 1. derHex - PKCS#8 private key encrypted by PBKDF2
-722             var derHex = ASN1HEX.pemToHex(pkcs8PEM, "ENCRYPTED PRIVATE KEY");
+722             var derHex = pemtohex(pkcs8PEM, "ENCRYPTED PRIVATE KEY");
 723             // 2. info - PKCS#5 PBES info
 724             var info = this.parseHexOfEncryptedPKCS8(derHex);
 725             // 3. hKey - PBKDF2 key
@@ -853,7 +853,7 @@
 846          * @since pkcs5pkey 1.0.5
 847          */
 848         getKeyFromPlainPrivatePKCS8PEM: function(prvKeyPEM) {
-849             var prvKeyHex = ASN1HEX.pemToHex(prvKeyPEM, "PRIVATE KEY");
+849             var prvKeyHex = pemtohex(prvKeyPEM, "PRIVATE KEY");
 850             var key = this.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex);
 851             return key;
 852         },
@@ -897,7 +897,7 @@
 890          * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}.
 891          */
 892         getRSAKeyFromPublicPKCS8PEM: function(pkcs8PubPEM) {
-893             var pubKeyHex = ASN1HEX.pemToHex(pkcs8PubPEM, "PUBLIC KEY");
+893             var pubKeyHex = pemtohex(pkcs8PubPEM, "PUBLIC KEY");
 894             var rsaKey = this.getRSAKeyFromPublicPKCS8Hex(pubKeyHex);
 895             return rsaKey;
 896         },
@@ -913,7 +913,7 @@
 906          * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}.
 907          */
 908         getKeyFromPublicPKCS8PEM: function(pkcs8PubPEM) {
-909             var pubKeyHex = ASN1HEX.pemToHex(pkcs8PubPEM, "PUBLIC KEY");
+909             var pubKeyHex = pemtohex(pkcs8PubPEM, "PUBLIC KEY");
 910             var key = this.getKeyFromPublicPKCS8Hex(pubKeyHex);
 911             return key;
 912         },
@@ -1211,845 +1211,845 @@
 1204  * keyObj = KEYUTIL.getKey({n: "75ab..", e: "010001"});
 1205  */
 1206 KEYUTIL.getKey = function(param, passcode, hextype) {
-1207     var _ASN1HEX = ASN1HEX;
-1208     var _getChildIdx = _ASN1HEX.getChildIdx;
-1209     var _getV = _ASN1HEX.getV;
-1210     var _getVbyList = _ASN1HEX.getVbyList;
-1211     var _KJUR_crypto = KJUR.crypto;
-1212     var _KJUR_crypto_ECDSA = _KJUR_crypto.ECDSA;
-1213     var _KJUR_crypto_DSA = _KJUR_crypto.DSA;
-1214     var _RSAKey = RSAKey;
-1215 
-1216     // 1. by key RSAKey/KJUR.crypto.ECDSA/KJUR.crypto.DSA object
-1217     if (typeof _RSAKey != 'undefined' && param instanceof _RSAKey)
-1218         return param;
-1219     if (typeof _KJUR_crypto_ECDSA != 'undefined' && param instanceof _KJUR_crypto_ECDSA)
-1220         return param;
-1221     if (typeof _KJUR_crypto_DSA != 'undefined' && param instanceof _KJUR_crypto_DSA)
-1222         return param;
-1223 
-1224     // 2. by parameters of key
-1225 
-1226     // 2.1. bare ECC
-1227     // 2.1.1. bare ECC public key by hex values
-1228     if (param.curve !== undefined &&
-1229 	param.xy !== undefined && param.d === undefined) {
-1230         return new _KJUR_crypto_ECDSA({pub: param.xy, curve: param.curve});
-1231     }
-1232 
-1233     // 2.1.2. bare ECC private key by hex values
-1234     if (param.curve !== undefined && param.d !== undefined) {
-1235         return new _KJUR_crypto_ECDSA({prv: param.d, curve: param.curve});
-1236     }
-1237 
-1238     // 2.2. bare RSA
-1239     // 2.2.1. bare RSA public key by hex values
-1240     if (param.kty === undefined &&
-1241 	param.n !== undefined && param.e !== undefined &&
-1242         param.d === undefined) {
-1243         var key = new _RSAKey();
-1244         key.setPublic(param.n, param.e);
-1245         return key;
-1246     }
-1247 
-1248     // 2.2.2. bare RSA private key with P/Q/DP/DQ/COEFF by hex values
-1249     if (param.kty === undefined &&
-1250 	param.n !== undefined &&
-1251 	param.e !== undefined &&
-1252 	param.d !== undefined &&
-1253         param.p !== undefined &&
-1254 	param.q !== undefined &&
-1255         param.dp !== undefined &&
-1256 	param.dq !== undefined &&
-1257 	param.co !== undefined &&
-1258         param.qi === undefined) {
-1259         var key = new _RSAKey();
-1260         key.setPrivateEx(param.n, param.e, param.d, param.p, param.q,
-1261                          param.dp, param.dq, param.co);
-1262         return key;
-1263     }
-1264 
-1265     // 2.2.3. bare RSA public key without P/Q/DP/DQ/COEFF by hex values
-1266     if (param.kty === undefined &&
-1267 	param.n !== undefined &&
-1268 	param.e !== undefined &&
-1269 	param.d !== undefined &&
-1270         param.p === undefined) {
-1271         var key = new _RSAKey();
-1272         key.setPrivate(param.n, param.e, param.d);
-1273         return key;
-1274     }
-1275 
-1276     // 2.3. bare DSA
-1277     // 2.3.1. bare DSA public key by hex values
-1278     if (param.p !== undefined && param.q !== undefined &&
-1279 	param.g !== undefined &&
-1280         param.y !== undefined && param.x === undefined) {
-1281         var key = new _KJUR_crypto_DSA();
-1282         key.setPublic(param.p, param.q, param.g, param.y);
-1283         return key;
-1284     }
-1285 
-1286     // 2.3.2. bare DSA private key by hex values
-1287     if (param.p !== undefined && param.q !== undefined &&
-1288 	param.g !== undefined &&
-1289         param.y !== undefined && param.x !== undefined) {
-1290         var key = new _KJUR_crypto_DSA();
-1291         key.setPrivate(param.p, param.q, param.g, param.y, param.x);
-1292         return key;
-1293     }
-1294 
-1295     // 3. JWK
-1296     // 3.1. JWK RSA
-1297     // 3.1.1. JWK RSA public key by b64u values
-1298     if (param.kty === "RSA" &&
-1299 	param.n !== undefined &&
-1300 	param.e !== undefined &&
-1301 	param.d === undefined) {
-1302 	var key = new _RSAKey();
-1303 	key.setPublic(b64utohex(param.n), b64utohex(param.e));
-1304 	return key;
-1305     }
-1306 
-1307     // 3.1.2. JWK RSA private key with p/q/dp/dq/coeff by b64u values
-1308     if (param.kty === "RSA" &&
-1309 	param.n !== undefined &&
-1310 	param.e !== undefined &&
-1311 	param.d !== undefined &&
-1312 	param.p !== undefined &&
-1313 	param.q !== undefined &&
-1314 	param.dp !== undefined &&
-1315 	param.dq !== undefined &&
-1316 	param.qi !== undefined) {
-1317 	var key = new _RSAKey();
-1318         key.setPrivateEx(b64utohex(param.n),
-1319 			 b64utohex(param.e),
-1320 			 b64utohex(param.d),
-1321 			 b64utohex(param.p),
-1322 			 b64utohex(param.q),
-1323                          b64utohex(param.dp),
-1324 			 b64utohex(param.dq),
-1325 			 b64utohex(param.qi));
-1326 	return key;
-1327     }
-1328 
-1329     // 3.1.3. JWK RSA private key without p/q/dp/dq/coeff by b64u
-1330     //        since jsrsasign 5.0.0 keyutil 1.0.11
-1331     if (param.kty === "RSA" &&
-1332 	param.n !== undefined &&
-1333 	param.e !== undefined &&
-1334 	param.d !== undefined) {
-1335 	var key = new _RSAKey();
-1336         key.setPrivate(b64utohex(param.n),
-1337 		       b64utohex(param.e),
-1338 		       b64utohex(param.d));
-1339 	return key;
-1340     }
-1341 
-1342     // 3.2. JWK ECC
-1343     // 3.2.1. JWK ECC public key by b64u values
-1344     if (param.kty === "EC" &&
-1345 	param.crv !== undefined &&
-1346 	param.x !== undefined &&
-1347 	param.y !== undefined &&
-1348         param.d === undefined) {
-1349 	var ec = new _KJUR_crypto_ECDSA({"curve": param.crv});
-1350 	var charlen = ec.ecparams.keylen / 4;
-1351         var hX   = ("0000000000" + b64utohex(param.x)).slice(- charlen);
-1352         var hY   = ("0000000000" + b64utohex(param.y)).slice(- charlen);
-1353         var hPub = "04" + hX + hY;
-1354 	ec.setPublicKeyHex(hPub);
-1355 	return ec;
-1356     }
-1357 
-1358     // 3.2.2. JWK ECC private key by b64u values
-1359     if (param.kty === "EC" &&
-1360 	param.crv !== undefined &&
-1361 	param.x !== undefined &&
-1362 	param.y !== undefined &&
-1363         param.d !== undefined) {
-1364 	var ec = new _KJUR_crypto_ECDSA({"curve": param.crv});
-1365 	var charlen = ec.ecparams.keylen / 4;
-1366         var hX   = ("0000000000" + b64utohex(param.x)).slice(- charlen);
-1367         var hY   = ("0000000000" + b64utohex(param.y)).slice(- charlen);
-1368         var hPub = "04" + hX + hY;
-1369         var hPrv = ("0000000000" + b64utohex(param.d)).slice(- charlen);
-1370 	ec.setPublicKeyHex(hPub);
-1371 	ec.setPrivateKeyHex(hPrv);
-1372 	return ec;
-1373     }
-1374     
-1375     // 4. (plain) hexadecimal data
-1376     // 4.1. get private key by PKCS#5 plain RSA/DSA/ECDSA hexadecimal string
-1377     if (hextype === "pkcs5prv") {
-1378 	var h = param, _ASN1HEX = ASN1HEX, a, key;
-1379 	a = _getChildIdx(h, 0);
-1380 	if (a.length === 9) {        // RSA (INT x 9)
-1381 	    key = new _RSAKey();
-1382             key.readPrivateKeyFromASN1HexString(param);
-1383 	} else if (a.length === 6) { // DSA (INT x 6)
-1384 	    key = new _KJUR_crypto_DSA();
-1385 	    key.readPKCS5PrvKeyHex(h);
-1386 	} else if (a.length > 2 &&   // ECDSA (INT, OCT prv, [0] curve, [1] pub)
-1387 		   h.substr(a[1], 2) === "04") {
-1388 	    key = new _KJUR_crypto_ECDSA();
-1389 	    key.readPKCS5PrvKeyHex(h);
-1390 	} else {
-1391 	    throw "unsupported PKCS#1/5 hexadecimal key";
-1392 	}
-1393 
-1394         return key;
-1395     }
-1396 
-1397     // 4.2. get private key by PKCS#8 plain RSA/DSA/ECDSA hexadecimal string
-1398     if (hextype === "pkcs8prv") {
-1399 	var key = KEYUTIL.getKeyFromPlainPrivatePKCS8Hex(param);
-1400         return key;
-1401     }
-1402 
-1403     // 4.3. get public key by PKCS#8 RSA/DSA/ECDSA hexadecimal string
-1404     if (hextype === "pkcs8pub") {
-1405         return KEYUTIL.getKeyFromPublicPKCS8Hex(param);
-1406     }
-1407 
-1408     // 4.4. get public key by X.509 hexadecimal string for RSA/DSA/ECDSA
-1409     if (hextype === "x509pub") {
-1410         return X509.getPublicKeyFromCertHex(param);
-1411     }
-1412 
-1413     // 5. by PEM certificate (-----BEGIN ... CERTIFICATE----)
-1414     if (param.indexOf("-END CERTIFICATE-", 0) != -1 ||
-1415         param.indexOf("-END X509 CERTIFICATE-", 0) != -1 ||
-1416         param.indexOf("-END TRUSTED CERTIFICATE-", 0) != -1) {
-1417         return X509.getPublicKeyFromCertPEM(param);
-1418     }
-1419 
-1420     // 6. public key by PKCS#8 PEM string
-1421     if (param.indexOf("-END PUBLIC KEY-") != -1) {
-1422         return KEYUTIL.getKeyFromPublicPKCS8PEM(param);
-1423     }
-1424     
-1425     // 8.1 private key by plain PKCS#5 PEM RSA string 
-1426     //    getKey("-----BEGIN RSA PRIVATE KEY-...")
-1427     if (param.indexOf("-END RSA PRIVATE KEY-") != -1 &&
-1428         param.indexOf("4,ENCRYPTED") == -1) {
-1429         var hex = _ASN1HEX.pemToHex(param, "RSA PRIVATE KEY");
-1430         return KEYUTIL.getKey(hex, null, "pkcs5prv");
-1431     }
-1432 
-1433     // 8.2. private key by plain PKCS#5 PEM DSA string
-1434     if (param.indexOf("-END DSA PRIVATE KEY-") != -1 &&
-1435         param.indexOf("4,ENCRYPTED") == -1) {
-1436 
-1437         var hKey = _ASN1HEX.pemToHex(param, "DSA PRIVATE KEY");
-1438         var p = _getVbyList(hKey, 0, [1], "02");
-1439         var q = _getVbyList(hKey, 0, [2], "02");
-1440         var g = _getVbyList(hKey, 0, [3], "02");
-1441         var y = _getVbyList(hKey, 0, [4], "02");
-1442         var x = _getVbyList(hKey, 0, [5], "02");
-1443         var key = new _KJUR_crypto_DSA();
-1444         key.setPrivate(new BigInteger(p, 16),
-1445                        new BigInteger(q, 16),
-1446                        new BigInteger(g, 16),
-1447                        new BigInteger(y, 16),
-1448                        new BigInteger(x, 16));
-1449         return key;
-1450     }
-1451 
-1452     // 10. private key by plain PKCS#8 PEM ECC/RSA string
-1453     if (param.indexOf("-END PRIVATE KEY-") != -1) {
-1454         return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(param);
-1455     }
-1456 
-1457     // 11.1 private key by encrypted PKCS#5 PEM RSA string
-1458     if (param.indexOf("-END RSA PRIVATE KEY-") != -1 &&
-1459         param.indexOf("4,ENCRYPTED") != -1) {
-1460         return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(param, passcode);
-1461     }
-1462 
-1463     // 11.2. private key by encrypted PKCS#5 PEM ECDSA string
-1464     if (param.indexOf("-END EC PRIVATE KEY-") != -1 &&
-1465         param.indexOf("4,ENCRYPTED") != -1) {
-1466         var hKey = KEYUTIL.getDecryptedKeyHex(param, passcode);
-1467 
-1468         var key = _getVbyList(hKey, 0, [1], "04");
-1469         var curveNameOidHex = _getVbyList(hKey, 0, [2,0], "06");
-1470         var pubkey = _getVbyList(hKey, 0, [3,0], "03").substr(2);
-1471         var curveName = "";
-1472 
-1473         if (KJUR.crypto.OID.oidhex2name[curveNameOidHex] !== undefined) {
-1474             curveName = KJUR.crypto.OID.oidhex2name[curveNameOidHex];
-1475         } else {
-1476             throw "undefined OID(hex) in KJUR.crypto.OID: " + curveNameOidHex;
-1477         }
-1478 
-1479         var ec = new _KJUR_crypto_ECDSA({'curve': curveName});
-1480         ec.setPublicKeyHex(pubkey);
-1481         ec.setPrivateKeyHex(key);
-1482         ec.isPublic = false;
-1483         return ec;
-1484     }
-1485 
-1486     // 11.3. private key by encrypted PKCS#5 PEM DSA string
-1487     if (param.indexOf("-END DSA PRIVATE KEY-") != -1 &&
-1488         param.indexOf("4,ENCRYPTED") != -1) {
-1489         var hKey = KEYUTIL.getDecryptedKeyHex(param, passcode);
-1490         var p = _getVbyList(hKey, 0, [1], "02");
-1491         var q = _getVbyList(hKey, 0, [2], "02");
-1492         var g = _getVbyList(hKey, 0, [3], "02");
-1493         var y = _getVbyList(hKey, 0, [4], "02");
-1494         var x = _getVbyList(hKey, 0, [5], "02");
-1495         var key = new _KJUR_crypto_DSA();
-1496         key.setPrivate(new BigInteger(p, 16),
-1497                        new BigInteger(q, 16),
-1498                        new BigInteger(g, 16),
-1499                        new BigInteger(y, 16),
-1500                        new BigInteger(x, 16));
-1501         return key;
-1502     }
-1503 
-1504     // 11. private key by encrypted PKCS#8 hexadecimal RSA/ECDSA string
-1505     if (param.indexOf("-END ENCRYPTED PRIVATE KEY-") != -1) {
-1506         return KEYUTIL.getKeyFromEncryptedPKCS8PEM(param, passcode);
-1507     }
-1508 
-1509     throw "not supported argument";
-1510 };
-1511 
-1512 /**
-1513  * @name generateKeypair
-1514  * @memberOf KEYUTIL
-1515  * @function
-1516  * @static
-1517  * @param {String} alg 'RSA' or 'EC'
-1518  * @param {Object} keylenOrCurve key length for RSA or curve name for EC
-1519  * @return {Array} associative array of keypair which has prvKeyObj and pubKeyObj parameters
-1520  * @since keyutil 1.0.1
-1521  * @description
-1522  * This method generates a key pair of public key algorithm.
-1523  * The result will be an associative array which has following
-1524  * parameters:
-1525  * <ul>
-1526  * <li>prvKeyObj - RSAKey or ECDSA object of private key</li>
-1527  * <li>pubKeyObj - RSAKey or ECDSA object of public key</li>
-1528  * </ul>
-1529  * NOTE1: As for RSA algoirthm, public exponent has fixed
-1530  * value '0x10001'.
-1531  * NOTE2: As for EC algorithm, supported names of curve are
-1532  * secp256r1, secp256k1 and secp384r1.
-1533  * NOTE3: DSA is not supported yet.
-1534  * @example
-1535  * var rsaKeypair = KEYUTIL.generateKeypair("RSA", 1024);
-1536  * var ecKeypair = KEYUTIL.generateKeypair("EC", "secp256r1");
-1537  *
-1538  */
-1539 KEYUTIL.generateKeypair = function(alg, keylenOrCurve) {
-1540     if (alg == "RSA") {
-1541         var keylen = keylenOrCurve;
-1542         var prvKey = new RSAKey();
-1543         prvKey.generate(keylen, '10001');
-1544         prvKey.isPrivate = true;
-1545         prvKey.isPublic = true;
-1546         
-1547         var pubKey = new RSAKey();
-1548         var hN = prvKey.n.toString(16);
-1549         var hE = prvKey.e.toString(16);
-1550         pubKey.setPublic(hN, hE);
-1551         pubKey.isPrivate = false;
-1552         pubKey.isPublic = true;
-1553         
-1554         var result = {};
-1555         result.prvKeyObj = prvKey;
-1556         result.pubKeyObj = pubKey;
-1557         return result;
-1558     } else if (alg == "EC") {
-1559         var curve = keylenOrCurve;
-1560         var ec = new KJUR.crypto.ECDSA({curve: curve});
-1561         var keypairHex = ec.generateKeyPairHex();
-1562 
-1563         var prvKey = new KJUR.crypto.ECDSA({curve: curve});
-1564         prvKey.setPublicKeyHex(keypairHex.ecpubhex);
-1565         prvKey.setPrivateKeyHex(keypairHex.ecprvhex);
-1566         prvKey.isPrivate = true;
-1567         prvKey.isPublic = false;
-1568 
-1569         var pubKey = new KJUR.crypto.ECDSA({curve: curve});
-1570         pubKey.setPublicKeyHex(keypairHex.ecpubhex);
-1571         pubKey.isPrivate = false;
-1572         pubKey.isPublic = true;
-1573 
-1574         var result = {};
-1575         result.prvKeyObj = prvKey;
-1576         result.pubKeyObj = pubKey;
-1577         return result;
-1578     } else {
-1579         throw "unknown algorithm: " + alg;
-1580     }
-1581 };
-1582 
-1583 /**
-1584  * get PEM formatted private or public key file from a RSA/ECDSA/DSA key object
-1585  * @name getPEM
-1586  * @memberOf KEYUTIL
-1587  * @function
-1588  * @static
-1589  * @param {Object} keyObjOrHex key object {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} to encode to
-1590  * @param {String} formatType (OPTION) output format type of "PKCS1PRV", "PKCS5PRV" or "PKCS8PRV" for private key
-1591  * @param {String} passwd (OPTION) password to protect private key
-1592  * @param {String} encAlg (OPTION) encryption algorithm for PKCS#5. currently supports DES-CBC, DES-EDE3-CBC and AES-{128,192,256}-CBC
-1593  * @since keyutil 1.0.4
-1594  * @description
-1595  * <dl>
-1596  * <dt><b>NOTE1:</b>
-1597  * <dd>
-1598  * PKCS#5 encrypted private key protection algorithm supports DES-CBC, 
-1599  * DES-EDE3-CBC and AES-{128,192,256}-CBC
-1600  * <dt><b>NOTE2:</b>
-1601  * <dd>
-1602  * OpenSSL supports
-1603  * </dl>
-1604  * @example
-1605  * KEUUTIL.getPEM(publicKey) => generates PEM PKCS#8 public key 
-1606  * KEUUTIL.getPEM(privateKey, "PKCS1PRV") => generates PEM PKCS#1 plain private key
-1607  * KEUUTIL.getPEM(privateKey, "PKCS5PRV", "pass") => generates PEM PKCS#5 encrypted private key 
-1608  *                                                          with DES-EDE3-CBC (DEFAULT)
-1609  * KEUUTIL.getPEM(privateKey, "PKCS5PRV", "pass", "DES-CBC") => generates PEM PKCS#5 encrypted 
-1610  *                                                                 private key with DES-CBC
-1611  * KEUUTIL.getPEM(privateKey, "PKCS8PRV") => generates PEM PKCS#8 plain private key
-1612  * KEUUTIL.getPEM(privateKey, "PKCS8PRV", "pass") => generates PEM PKCS#8 encrypted private key
-1613  *                                                      with PBKDF2_HmacSHA1_3DES
-1614  */
-1615 KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) {
-1616     var ns1 = KJUR.asn1;
-1617     var ns2 = KJUR.crypto;
-1618 
-1619     function _rsaprv2asn1obj(keyObjOrHex) {
-1620         var asn1Obj = KJUR.asn1.ASN1Util.newObject({
-1621             "seq": [
-1622                 {"int": 0 },
-1623                 {"int": {"bigint": keyObjOrHex.n}},
-1624                 {"int": keyObjOrHex.e},
-1625                 {"int": {"bigint": keyObjOrHex.d}},
-1626                 {"int": {"bigint": keyObjOrHex.p}},
-1627                 {"int": {"bigint": keyObjOrHex.q}},
-1628                 {"int": {"bigint": keyObjOrHex.dmp1}},
-1629                 {"int": {"bigint": keyObjOrHex.dmq1}},
-1630                 {"int": {"bigint": keyObjOrHex.coeff}}
-1631             ]
-1632         });
-1633         return asn1Obj;
-1634     };
-1635 
-1636     function _ecdsaprv2asn1obj(keyObjOrHex) {
-1637         var asn1Obj2 = KJUR.asn1.ASN1Util.newObject({
-1638             "seq": [
-1639                 {"int": 1 },
-1640                 {"octstr": {"hex": keyObjOrHex.prvKeyHex}},
-1641                 {"tag": ['a0', true, {'oid': {'name': keyObjOrHex.curveName}}]},
-1642                 {"tag": ['a1', true, {'bitstr': {'hex': '00' + keyObjOrHex.pubKeyHex}}]}
-1643             ]
-1644         });
-1645         return asn1Obj2;
-1646     };
-1647 
-1648     function _dsaprv2asn1obj(keyObjOrHex) {
-1649         var asn1Obj = KJUR.asn1.ASN1Util.newObject({
-1650             "seq": [
-1651                 {"int": 0 },
-1652                 {"int": {"bigint": keyObjOrHex.p}},
-1653                 {"int": {"bigint": keyObjOrHex.q}},
-1654                 {"int": {"bigint": keyObjOrHex.g}},
-1655                 {"int": {"bigint": keyObjOrHex.y}},
-1656                 {"int": {"bigint": keyObjOrHex.x}}
-1657             ]
-1658         });
-1659         return asn1Obj;
-1660     };
-1661 
-1662     // 1. public key
-1663 
-1664     // x. PEM PKCS#8 public key of RSA/ECDSA/DSA public key object
-1665     if (((typeof RSAKey != "undefined" && keyObjOrHex instanceof RSAKey) ||
-1666          (typeof ns2.DSA != "undefined" && keyObjOrHex instanceof ns2.DSA) ||
-1667          (typeof ns2.ECDSA != "undefined" && keyObjOrHex instanceof ns2.ECDSA)) &&
-1668         keyObjOrHex.isPublic == true &&
-1669         (formatType === undefined || formatType == "PKCS8PUB")) {
-1670         var asn1Obj = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObjOrHex);
-1671         var asn1Hex = asn1Obj.getEncodedHex();
-1672         return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PUBLIC KEY");
-1673     }
-1674     
-1675     // 2. private
-1676 
-1677     // x. PEM PKCS#1 plain private key of RSA private key object
-1678     if (formatType == "PKCS1PRV" &&
-1679         typeof RSAKey != "undefined" &&
-1680         keyObjOrHex instanceof RSAKey &&
-1681         (passwd === undefined || passwd == null) &&
-1682         keyObjOrHex.isPrivate  == true) {
-1683 
-1684         var asn1Obj = _rsaprv2asn1obj(keyObjOrHex);
-1685         var asn1Hex = asn1Obj.getEncodedHex();
-1686         return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "RSA PRIVATE KEY");
-1687     }
-1688 
-1689     // x. PEM PKCS#1 plain private key of ECDSA private key object
-1690     if (formatType == "PKCS1PRV" &&
-1691         typeof RSAKey != "undefined" &&
-1692         keyObjOrHex instanceof KJUR.crypto.ECDSA &&
-1693         (passwd === undefined || passwd == null) &&
-1694         keyObjOrHex.isPrivate  == true) {
-1695 
-1696         var asn1Obj1 = new KJUR.asn1.DERObjectIdentifier({'name': keyObjOrHex.curveName});
-1697         var asn1Hex1 = asn1Obj1.getEncodedHex();
-1698         var asn1Obj2 = _ecdsaprv2asn1obj(keyObjOrHex);
-1699         var asn1Hex2 = asn1Obj2.getEncodedHex();
-1700 
-1701         var s = "";
-1702         s += ns1.ASN1Util.getPEMStringFromHex(asn1Hex1, "EC PARAMETERS");
-1703         s += ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "EC PRIVATE KEY");
-1704         return s;
-1705     }
-1706 
-1707     // x. PEM PKCS#1 plain private key of DSA private key object
-1708     if (formatType == "PKCS1PRV" &&
-1709         typeof KJUR.crypto.DSA != "undefined" &&
-1710         keyObjOrHex instanceof KJUR.crypto.DSA &&
-1711         (passwd === undefined || passwd == null) &&
-1712         keyObjOrHex.isPrivate  == true) {
-1713 
-1714         var asn1Obj = _dsaprv2asn1obj(keyObjOrHex);
-1715         var asn1Hex = asn1Obj.getEncodedHex();
-1716         return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "DSA PRIVATE KEY");
-1717     }
-1718 
-1719     // 3. private
-1720 
-1721     // x. PEM PKCS#5 encrypted private key of RSA private key object
-1722     if (formatType == "PKCS5PRV" &&
-1723         typeof RSAKey != "undefined" &&
-1724         keyObjOrHex instanceof RSAKey &&
-1725         (passwd !== undefined && passwd != null) &&
-1726         keyObjOrHex.isPrivate  == true) {
-1727 
-1728         var asn1Obj = _rsaprv2asn1obj(keyObjOrHex);
-1729         var asn1Hex = asn1Obj.getEncodedHex();
-1730 
-1731         if (encAlg === undefined) encAlg = "DES-EDE3-CBC";
-1732         return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA", asn1Hex, passwd, encAlg);
-1733     }
-1734 
-1735     // x. PEM PKCS#5 encrypted private key of ECDSA private key object
-1736     if (formatType == "PKCS5PRV" &&
-1737         typeof KJUR.crypto.ECDSA != "undefined" &&
-1738         keyObjOrHex instanceof KJUR.crypto.ECDSA &&
-1739         (passwd !== undefined && passwd != null) &&
-1740         keyObjOrHex.isPrivate  == true) {
+1207     var _ASN1HEX = ASN1HEX,
+1208 	_getChildIdx = _ASN1HEX.getChildIdx,
+1209 	_getV = _ASN1HEX.getV,
+1210 	_getVbyList = _ASN1HEX.getVbyList,
+1211 	_KJUR_crypto = KJUR.crypto,
+1212 	_KJUR_crypto_ECDSA = _KJUR_crypto.ECDSA,
+1213 	_KJUR_crypto_DSA = _KJUR_crypto.DSA,
+1214 	_RSAKey = RSAKey,
+1215 	_pemtohex = pemtohex;
+1216 
+1217     // 1. by key RSAKey/KJUR.crypto.ECDSA/KJUR.crypto.DSA object
+1218     if (typeof _RSAKey != 'undefined' && param instanceof _RSAKey)
+1219         return param;
+1220     if (typeof _KJUR_crypto_ECDSA != 'undefined' && param instanceof _KJUR_crypto_ECDSA)
+1221         return param;
+1222     if (typeof _KJUR_crypto_DSA != 'undefined' && param instanceof _KJUR_crypto_DSA)
+1223         return param;
+1224 
+1225     // 2. by parameters of key
+1226 
+1227     // 2.1. bare ECC
+1228     // 2.1.1. bare ECC public key by hex values
+1229     if (param.curve !== undefined &&
+1230 	param.xy !== undefined && param.d === undefined) {
+1231         return new _KJUR_crypto_ECDSA({pub: param.xy, curve: param.curve});
+1232     }
+1233 
+1234     // 2.1.2. bare ECC private key by hex values
+1235     if (param.curve !== undefined && param.d !== undefined) {
+1236         return new _KJUR_crypto_ECDSA({prv: param.d, curve: param.curve});
+1237     }
+1238 
+1239     // 2.2. bare RSA
+1240     // 2.2.1. bare RSA public key by hex values
+1241     if (param.kty === undefined &&
+1242 	param.n !== undefined && param.e !== undefined &&
+1243         param.d === undefined) {
+1244         var key = new _RSAKey();
+1245         key.setPublic(param.n, param.e);
+1246         return key;
+1247     }
+1248 
+1249     // 2.2.2. bare RSA private key with P/Q/DP/DQ/COEFF by hex values
+1250     if (param.kty === undefined &&
+1251 	param.n !== undefined &&
+1252 	param.e !== undefined &&
+1253 	param.d !== undefined &&
+1254         param.p !== undefined &&
+1255 	param.q !== undefined &&
+1256         param.dp !== undefined &&
+1257 	param.dq !== undefined &&
+1258 	param.co !== undefined &&
+1259         param.qi === undefined) {
+1260         var key = new _RSAKey();
+1261         key.setPrivateEx(param.n, param.e, param.d, param.p, param.q,
+1262                          param.dp, param.dq, param.co);
+1263         return key;
+1264     }
+1265 
+1266     // 2.2.3. bare RSA public key without P/Q/DP/DQ/COEFF by hex values
+1267     if (param.kty === undefined &&
+1268 	param.n !== undefined &&
+1269 	param.e !== undefined &&
+1270 	param.d !== undefined &&
+1271         param.p === undefined) {
+1272         var key = new _RSAKey();
+1273         key.setPrivate(param.n, param.e, param.d);
+1274         return key;
+1275     }
+1276 
+1277     // 2.3. bare DSA
+1278     // 2.3.1. bare DSA public key by hex values
+1279     if (param.p !== undefined && param.q !== undefined &&
+1280 	param.g !== undefined &&
+1281         param.y !== undefined && param.x === undefined) {
+1282         var key = new _KJUR_crypto_DSA();
+1283         key.setPublic(param.p, param.q, param.g, param.y);
+1284         return key;
+1285     }
+1286 
+1287     // 2.3.2. bare DSA private key by hex values
+1288     if (param.p !== undefined && param.q !== undefined &&
+1289 	param.g !== undefined &&
+1290         param.y !== undefined && param.x !== undefined) {
+1291         var key = new _KJUR_crypto_DSA();
+1292         key.setPrivate(param.p, param.q, param.g, param.y, param.x);
+1293         return key;
+1294     }
+1295 
+1296     // 3. JWK
+1297     // 3.1. JWK RSA
+1298     // 3.1.1. JWK RSA public key by b64u values
+1299     if (param.kty === "RSA" &&
+1300 	param.n !== undefined &&
+1301 	param.e !== undefined &&
+1302 	param.d === undefined) {
+1303 	var key = new _RSAKey();
+1304 	key.setPublic(b64utohex(param.n), b64utohex(param.e));
+1305 	return key;
+1306     }
+1307 
+1308     // 3.1.2. JWK RSA private key with p/q/dp/dq/coeff by b64u values
+1309     if (param.kty === "RSA" &&
+1310 	param.n !== undefined &&
+1311 	param.e !== undefined &&
+1312 	param.d !== undefined &&
+1313 	param.p !== undefined &&
+1314 	param.q !== undefined &&
+1315 	param.dp !== undefined &&
+1316 	param.dq !== undefined &&
+1317 	param.qi !== undefined) {
+1318 	var key = new _RSAKey();
+1319         key.setPrivateEx(b64utohex(param.n),
+1320 			 b64utohex(param.e),
+1321 			 b64utohex(param.d),
+1322 			 b64utohex(param.p),
+1323 			 b64utohex(param.q),
+1324                          b64utohex(param.dp),
+1325 			 b64utohex(param.dq),
+1326 			 b64utohex(param.qi));
+1327 	return key;
+1328     }
+1329 
+1330     // 3.1.3. JWK RSA private key without p/q/dp/dq/coeff by b64u
+1331     //        since jsrsasign 5.0.0 keyutil 1.0.11
+1332     if (param.kty === "RSA" &&
+1333 	param.n !== undefined &&
+1334 	param.e !== undefined &&
+1335 	param.d !== undefined) {
+1336 	var key = new _RSAKey();
+1337         key.setPrivate(b64utohex(param.n),
+1338 		       b64utohex(param.e),
+1339 		       b64utohex(param.d));
+1340 	return key;
+1341     }
+1342 
+1343     // 3.2. JWK ECC
+1344     // 3.2.1. JWK ECC public key by b64u values
+1345     if (param.kty === "EC" &&
+1346 	param.crv !== undefined &&
+1347 	param.x !== undefined &&
+1348 	param.y !== undefined &&
+1349         param.d === undefined) {
+1350 	var ec = new _KJUR_crypto_ECDSA({"curve": param.crv});
+1351 	var charlen = ec.ecparams.keylen / 4;
+1352         var hX   = ("0000000000" + b64utohex(param.x)).slice(- charlen);
+1353         var hY   = ("0000000000" + b64utohex(param.y)).slice(- charlen);
+1354         var hPub = "04" + hX + hY;
+1355 	ec.setPublicKeyHex(hPub);
+1356 	return ec;
+1357     }
+1358 
+1359     // 3.2.2. JWK ECC private key by b64u values
+1360     if (param.kty === "EC" &&
+1361 	param.crv !== undefined &&
+1362 	param.x !== undefined &&
+1363 	param.y !== undefined &&
+1364         param.d !== undefined) {
+1365 	var ec = new _KJUR_crypto_ECDSA({"curve": param.crv});
+1366 	var charlen = ec.ecparams.keylen / 4;
+1367         var hX   = ("0000000000" + b64utohex(param.x)).slice(- charlen);
+1368         var hY   = ("0000000000" + b64utohex(param.y)).slice(- charlen);
+1369         var hPub = "04" + hX + hY;
+1370         var hPrv = ("0000000000" + b64utohex(param.d)).slice(- charlen);
+1371 	ec.setPublicKeyHex(hPub);
+1372 	ec.setPrivateKeyHex(hPrv);
+1373 	return ec;
+1374     }
+1375     
+1376     // 4. (plain) hexadecimal data
+1377     // 4.1. get private key by PKCS#5 plain RSA/DSA/ECDSA hexadecimal string
+1378     if (hextype === "pkcs5prv") {
+1379 	var h = param, _ASN1HEX = ASN1HEX, a, key;
+1380 	a = _getChildIdx(h, 0);
+1381 	if (a.length === 9) {        // RSA (INT x 9)
+1382 	    key = new _RSAKey();
+1383             key.readPrivateKeyFromASN1HexString(param);
+1384 	} else if (a.length === 6) { // DSA (INT x 6)
+1385 	    key = new _KJUR_crypto_DSA();
+1386 	    key.readPKCS5PrvKeyHex(h);
+1387 	} else if (a.length > 2 &&   // ECDSA (INT, OCT prv, [0] curve, [1] pub)
+1388 		   h.substr(a[1], 2) === "04") {
+1389 	    key = new _KJUR_crypto_ECDSA();
+1390 	    key.readPKCS5PrvKeyHex(h);
+1391 	} else {
+1392 	    throw "unsupported PKCS#1/5 hexadecimal key";
+1393 	}
+1394 
+1395         return key;
+1396     }
+1397 
+1398     // 4.2. get private key by PKCS#8 plain RSA/DSA/ECDSA hexadecimal string
+1399     if (hextype === "pkcs8prv") {
+1400 	var key = KEYUTIL.getKeyFromPlainPrivatePKCS8Hex(param);
+1401         return key;
+1402     }
+1403 
+1404     // 4.3. get public key by PKCS#8 RSA/DSA/ECDSA hexadecimal string
+1405     if (hextype === "pkcs8pub") {
+1406         return KEYUTIL.getKeyFromPublicPKCS8Hex(param);
+1407     }
+1408 
+1409     // 4.4. get public key by X.509 hexadecimal string for RSA/DSA/ECDSA
+1410     if (hextype === "x509pub") {
+1411         return X509.getPublicKeyFromCertHex(param);
+1412     }
+1413 
+1414     // 5. by PEM certificate (-----BEGIN ... CERTIFICATE----)
+1415     if (param.indexOf("-END CERTIFICATE-", 0) != -1 ||
+1416         param.indexOf("-END X509 CERTIFICATE-", 0) != -1 ||
+1417         param.indexOf("-END TRUSTED CERTIFICATE-", 0) != -1) {
+1418         return X509.getPublicKeyFromCertPEM(param);
+1419     }
+1420 
+1421     // 6. public key by PKCS#8 PEM string
+1422     if (param.indexOf("-END PUBLIC KEY-") != -1) {
+1423         return KEYUTIL.getKeyFromPublicPKCS8PEM(param);
+1424     }
+1425     
+1426     // 8.1 private key by plain PKCS#5 PEM RSA string 
+1427     //    getKey("-----BEGIN RSA PRIVATE KEY-...")
+1428     if (param.indexOf("-END RSA PRIVATE KEY-") != -1 &&
+1429         param.indexOf("4,ENCRYPTED") == -1) {
+1430         var hex = _pemtohex(param, "RSA PRIVATE KEY");
+1431         return KEYUTIL.getKey(hex, null, "pkcs5prv");
+1432     }
+1433 
+1434     // 8.2. private key by plain PKCS#5 PEM DSA string
+1435     if (param.indexOf("-END DSA PRIVATE KEY-") != -1 &&
+1436         param.indexOf("4,ENCRYPTED") == -1) {
+1437 
+1438         var hKey = _pemtohex(param, "DSA PRIVATE KEY");
+1439         var p = _getVbyList(hKey, 0, [1], "02");
+1440         var q = _getVbyList(hKey, 0, [2], "02");
+1441         var g = _getVbyList(hKey, 0, [3], "02");
+1442         var y = _getVbyList(hKey, 0, [4], "02");
+1443         var x = _getVbyList(hKey, 0, [5], "02");
+1444         var key = new _KJUR_crypto_DSA();
+1445         key.setPrivate(new BigInteger(p, 16),
+1446                        new BigInteger(q, 16),
+1447                        new BigInteger(g, 16),
+1448                        new BigInteger(y, 16),
+1449                        new BigInteger(x, 16));
+1450         return key;
+1451     }
+1452 
+1453     // 10. private key by plain PKCS#8 PEM ECC/RSA string
+1454     if (param.indexOf("-END PRIVATE KEY-") != -1) {
+1455         return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(param);
+1456     }
+1457 
+1458     // 11.1 private key by encrypted PKCS#5 PEM RSA string
+1459     if (param.indexOf("-END RSA PRIVATE KEY-") != -1 &&
+1460         param.indexOf("4,ENCRYPTED") != -1) {
+1461         return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(param, passcode);
+1462     }
+1463 
+1464     // 11.2. private key by encrypted PKCS#5 PEM ECDSA string
+1465     if (param.indexOf("-END EC PRIVATE KEY-") != -1 &&
+1466         param.indexOf("4,ENCRYPTED") != -1) {
+1467         var hKey = KEYUTIL.getDecryptedKeyHex(param, passcode);
+1468 
+1469         var key = _getVbyList(hKey, 0, [1], "04");
+1470         var curveNameOidHex = _getVbyList(hKey, 0, [2,0], "06");
+1471         var pubkey = _getVbyList(hKey, 0, [3,0], "03").substr(2);
+1472         var curveName = "";
+1473 
+1474         if (KJUR.crypto.OID.oidhex2name[curveNameOidHex] !== undefined) {
+1475             curveName = KJUR.crypto.OID.oidhex2name[curveNameOidHex];
+1476         } else {
+1477             throw "undefined OID(hex) in KJUR.crypto.OID: " + curveNameOidHex;
+1478         }
+1479 
+1480         var ec = new _KJUR_crypto_ECDSA({'curve': curveName});
+1481         ec.setPublicKeyHex(pubkey);
+1482         ec.setPrivateKeyHex(key);
+1483         ec.isPublic = false;
+1484         return ec;
+1485     }
+1486 
+1487     // 11.3. private key by encrypted PKCS#5 PEM DSA string
+1488     if (param.indexOf("-END DSA PRIVATE KEY-") != -1 &&
+1489         param.indexOf("4,ENCRYPTED") != -1) {
+1490         var hKey = KEYUTIL.getDecryptedKeyHex(param, passcode);
+1491         var p = _getVbyList(hKey, 0, [1], "02");
+1492         var q = _getVbyList(hKey, 0, [2], "02");
+1493         var g = _getVbyList(hKey, 0, [3], "02");
+1494         var y = _getVbyList(hKey, 0, [4], "02");
+1495         var x = _getVbyList(hKey, 0, [5], "02");
+1496         var key = new _KJUR_crypto_DSA();
+1497         key.setPrivate(new BigInteger(p, 16),
+1498                        new BigInteger(q, 16),
+1499                        new BigInteger(g, 16),
+1500                        new BigInteger(y, 16),
+1501                        new BigInteger(x, 16));
+1502         return key;
+1503     }
+1504 
+1505     // 11. private key by encrypted PKCS#8 hexadecimal RSA/ECDSA string
+1506     if (param.indexOf("-END ENCRYPTED PRIVATE KEY-") != -1) {
+1507         return KEYUTIL.getKeyFromEncryptedPKCS8PEM(param, passcode);
+1508     }
+1509 
+1510     throw "not supported argument";
+1511 };
+1512 
+1513 /**
+1514  * @name generateKeypair
+1515  * @memberOf KEYUTIL
+1516  * @function
+1517  * @static
+1518  * @param {String} alg 'RSA' or 'EC'
+1519  * @param {Object} keylenOrCurve key length for RSA or curve name for EC
+1520  * @return {Array} associative array of keypair which has prvKeyObj and pubKeyObj parameters
+1521  * @since keyutil 1.0.1
+1522  * @description
+1523  * This method generates a key pair of public key algorithm.
+1524  * The result will be an associative array which has following
+1525  * parameters:
+1526  * <ul>
+1527  * <li>prvKeyObj - RSAKey or ECDSA object of private key</li>
+1528  * <li>pubKeyObj - RSAKey or ECDSA object of public key</li>
+1529  * </ul>
+1530  * NOTE1: As for RSA algoirthm, public exponent has fixed
+1531  * value '0x10001'.
+1532  * NOTE2: As for EC algorithm, supported names of curve are
+1533  * secp256r1, secp256k1 and secp384r1.
+1534  * NOTE3: DSA is not supported yet.
+1535  * @example
+1536  * var rsaKeypair = KEYUTIL.generateKeypair("RSA", 1024);
+1537  * var ecKeypair = KEYUTIL.generateKeypair("EC", "secp256r1");
+1538  *
+1539  */
+1540 KEYUTIL.generateKeypair = function(alg, keylenOrCurve) {
+1541     if (alg == "RSA") {
+1542         var keylen = keylenOrCurve;
+1543         var prvKey = new RSAKey();
+1544         prvKey.generate(keylen, '10001');
+1545         prvKey.isPrivate = true;
+1546         prvKey.isPublic = true;
+1547         
+1548         var pubKey = new RSAKey();
+1549         var hN = prvKey.n.toString(16);
+1550         var hE = prvKey.e.toString(16);
+1551         pubKey.setPublic(hN, hE);
+1552         pubKey.isPrivate = false;
+1553         pubKey.isPublic = true;
+1554         
+1555         var result = {};
+1556         result.prvKeyObj = prvKey;
+1557         result.pubKeyObj = pubKey;
+1558         return result;
+1559     } else if (alg == "EC") {
+1560         var curve = keylenOrCurve;
+1561         var ec = new KJUR.crypto.ECDSA({curve: curve});
+1562         var keypairHex = ec.generateKeyPairHex();
+1563 
+1564         var prvKey = new KJUR.crypto.ECDSA({curve: curve});
+1565         prvKey.setPublicKeyHex(keypairHex.ecpubhex);
+1566         prvKey.setPrivateKeyHex(keypairHex.ecprvhex);
+1567         prvKey.isPrivate = true;
+1568         prvKey.isPublic = false;
+1569 
+1570         var pubKey = new KJUR.crypto.ECDSA({curve: curve});
+1571         pubKey.setPublicKeyHex(keypairHex.ecpubhex);
+1572         pubKey.isPrivate = false;
+1573         pubKey.isPublic = true;
+1574 
+1575         var result = {};
+1576         result.prvKeyObj = prvKey;
+1577         result.pubKeyObj = pubKey;
+1578         return result;
+1579     } else {
+1580         throw "unknown algorithm: " + alg;
+1581     }
+1582 };
+1583 
+1584 /**
+1585  * get PEM formatted private or public key file from a RSA/ECDSA/DSA key object
+1586  * @name getPEM
+1587  * @memberOf KEYUTIL
+1588  * @function
+1589  * @static
+1590  * @param {Object} keyObjOrHex key object {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} to encode to
+1591  * @param {String} formatType (OPTION) output format type of "PKCS1PRV", "PKCS5PRV" or "PKCS8PRV" for private key
+1592  * @param {String} passwd (OPTION) password to protect private key
+1593  * @param {String} encAlg (OPTION) encryption algorithm for PKCS#5. currently supports DES-CBC, DES-EDE3-CBC and AES-{128,192,256}-CBC
+1594  * @since keyutil 1.0.4
+1595  * @description
+1596  * <dl>
+1597  * <dt><b>NOTE1:</b>
+1598  * <dd>
+1599  * PKCS#5 encrypted private key protection algorithm supports DES-CBC, 
+1600  * DES-EDE3-CBC and AES-{128,192,256}-CBC
+1601  * <dt><b>NOTE2:</b>
+1602  * <dd>
+1603  * OpenSSL supports
+1604  * </dl>
+1605  * @example
+1606  * KEUUTIL.getPEM(publicKey) => generates PEM PKCS#8 public key 
+1607  * KEUUTIL.getPEM(privateKey, "PKCS1PRV") => generates PEM PKCS#1 plain private key
+1608  * KEUUTIL.getPEM(privateKey, "PKCS5PRV", "pass") => generates PEM PKCS#5 encrypted private key 
+1609  *                                                          with DES-EDE3-CBC (DEFAULT)
+1610  * KEUUTIL.getPEM(privateKey, "PKCS5PRV", "pass", "DES-CBC") => generates PEM PKCS#5 encrypted 
+1611  *                                                                 private key with DES-CBC
+1612  * KEUUTIL.getPEM(privateKey, "PKCS8PRV") => generates PEM PKCS#8 plain private key
+1613  * KEUUTIL.getPEM(privateKey, "PKCS8PRV", "pass") => generates PEM PKCS#8 encrypted private key
+1614  *                                                      with PBKDF2_HmacSHA1_3DES
+1615  */
+1616 KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) {
+1617     var _KJUR = KJUR,
+1618 	_KJUR_asn1 = _KJUR.asn1,
+1619 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
+1620 	_DERInteger = _KJUR_asn1.DERInteger,
+1621 	_newObject = _KJUR_asn1.ASN1Util.newObject,
+1622 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+1623 	_SubjectPublicKeyInfo = _KJUR_asn1_x509.SubjectPublicKeyInfo,
+1624 	_KJUR_crypto = _KJUR.crypto,
+1625 	_DSA = _KJUR_crypto.DSA,
+1626 	_ECDSA = _KJUR_crypto.ECDSA,
+1627 	_RSAKey = RSAKey;
+1628 
+1629     function _rsaprv2asn1obj(keyObjOrHex) {
+1630         var asn1Obj = _newObject({
+1631             "seq": [
+1632                 {"int": 0 },
+1633                 {"int": {"bigint": keyObjOrHex.n}},
+1634                 {"int": keyObjOrHex.e},
+1635                 {"int": {"bigint": keyObjOrHex.d}},
+1636                 {"int": {"bigint": keyObjOrHex.p}},
+1637                 {"int": {"bigint": keyObjOrHex.q}},
+1638                 {"int": {"bigint": keyObjOrHex.dmp1}},
+1639                 {"int": {"bigint": keyObjOrHex.dmq1}},
+1640                 {"int": {"bigint": keyObjOrHex.coeff}}
+1641             ]
+1642         });
+1643         return asn1Obj;
+1644     };
+1645 
+1646     function _ecdsaprv2asn1obj(keyObjOrHex) {
+1647         var asn1Obj2 = _newObject({
+1648             "seq": [
+1649                 {"int": 1 },
+1650                 {"octstr": {"hex": keyObjOrHex.prvKeyHex}},
+1651                 {"tag": ['a0', true, {'oid': {'name': keyObjOrHex.curveName}}]},
+1652                 {"tag": ['a1', true, {'bitstr': {'hex': '00' + keyObjOrHex.pubKeyHex}}]}
+1653             ]
+1654         });
+1655         return asn1Obj2;
+1656     };
+1657 
+1658     function _dsaprv2asn1obj(keyObjOrHex) {
+1659         var asn1Obj = _newObject({
+1660             "seq": [
+1661                 {"int": 0 },
+1662                 {"int": {"bigint": keyObjOrHex.p}},
+1663                 {"int": {"bigint": keyObjOrHex.q}},
+1664                 {"int": {"bigint": keyObjOrHex.g}},
+1665                 {"int": {"bigint": keyObjOrHex.y}},
+1666                 {"int": {"bigint": keyObjOrHex.x}}
+1667             ]
+1668         });
+1669         return asn1Obj;
+1670     };
+1671 
+1672     // 1. public key
+1673 
+1674     // x. PEM PKCS#8 public key of RSA/ECDSA/DSA public key object
+1675     if (((_RSAKey !== undefined && keyObjOrHex instanceof _RSAKey) ||
+1676          (_DSA !== undefined    && keyObjOrHex instanceof _DSA) ||
+1677          (_ECDSA !== undefined  && keyObjOrHex instanceof _ECDSA)) &&
+1678         keyObjOrHex.isPublic == true &&
+1679         (formatType === undefined || formatType == "PKCS8PUB")) {
+1680         var asn1Obj = new _SubjectPublicKeyInfo(keyObjOrHex);
+1681         var asn1Hex = asn1Obj.getEncodedHex();
+1682         return hextopem(asn1Hex, "PUBLIC KEY");
+1683     }
+1684     
+1685     // 2. private
+1686 
+1687     // x. PEM PKCS#1 plain private key of RSA private key object
+1688     if (formatType == "PKCS1PRV" &&
+1689         _RSAKey !== undefined &&
+1690         keyObjOrHex instanceof _RSAKey &&
+1691         (passwd === undefined || passwd == null) &&
+1692         keyObjOrHex.isPrivate  == true) {
+1693 
+1694         var asn1Obj = _rsaprv2asn1obj(keyObjOrHex);
+1695         var asn1Hex = asn1Obj.getEncodedHex();
+1696         return hextopem(asn1Hex, "RSA PRIVATE KEY");
+1697     }
+1698 
+1699     // x. PEM PKCS#1 plain private key of ECDSA private key object
+1700     if (formatType == "PKCS1PRV" &&
+1701         _ECDSA !== undefined &&
+1702         keyObjOrHex instanceof _ECDSA &&
+1703         (passwd === undefined || passwd == null) &&
+1704         keyObjOrHex.isPrivate  == true) {
+1705 
+1706         var asn1Obj1 = 
+1707 	    new _DERObjectIdentifier({'name': keyObjOrHex.curveName});
+1708         var asn1Hex1 = asn1Obj1.getEncodedHex();
+1709         var asn1Obj2 = _ecdsaprv2asn1obj(keyObjOrHex);
+1710         var asn1Hex2 = asn1Obj2.getEncodedHex();
+1711 
+1712         var s = "";
+1713         s += hextopem(asn1Hex1, "EC PARAMETERS");
+1714         s += hextopem(asn1Hex2, "EC PRIVATE KEY");
+1715         return s;
+1716     }
+1717 
+1718     // x. PEM PKCS#1 plain private key of DSA private key object
+1719     if (formatType == "PKCS1PRV" &&
+1720         _DSA !== undefined &&
+1721         keyObjOrHex instanceof _DSA &&
+1722         (passwd === undefined || passwd == null) &&
+1723         keyObjOrHex.isPrivate  == true) {
+1724 
+1725         var asn1Obj = _dsaprv2asn1obj(keyObjOrHex);
+1726         var asn1Hex = asn1Obj.getEncodedHex();
+1727         return hextopem(asn1Hex, "DSA PRIVATE KEY");
+1728     }
+1729 
+1730     // 3. private
+1731 
+1732     // x. PEM PKCS#5 encrypted private key of RSA private key object
+1733     if (formatType == "PKCS5PRV" &&
+1734         _RSAKey !== undefined &&
+1735         keyObjOrHex instanceof _RSAKey &&
+1736         (passwd !== undefined && passwd != null) &&
+1737         keyObjOrHex.isPrivate  == true) {
+1738 
+1739         var asn1Obj = _rsaprv2asn1obj(keyObjOrHex);
+1740         var asn1Hex = asn1Obj.getEncodedHex();
 1741 
-1742         var asn1Obj = _ecdsaprv2asn1obj(keyObjOrHex);
-1743         var asn1Hex = asn1Obj.getEncodedHex();
-1744 
-1745         if (encAlg === undefined) encAlg = "DES-EDE3-CBC";
-1746         return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC", asn1Hex, passwd, encAlg);
-1747     }
-1748 
-1749     // x. PEM PKCS#5 encrypted private key of DSA private key object
-1750     if (formatType == "PKCS5PRV" &&
-1751         typeof KJUR.crypto.DSA != "undefined" &&
-1752         keyObjOrHex instanceof KJUR.crypto.DSA &&
-1753         (passwd !== undefined && passwd != null) &&
-1754         keyObjOrHex.isPrivate  == true) {
+1742         if (encAlg === undefined) encAlg = "DES-EDE3-CBC";
+1743         return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA", asn1Hex, passwd, encAlg);
+1744     }
+1745 
+1746     // x. PEM PKCS#5 encrypted private key of ECDSA private key object
+1747     if (formatType == "PKCS5PRV" &&
+1748         _ECDSA !== undefined &&
+1749         keyObjOrHex instanceof _ECDSA &&
+1750         (passwd !== undefined && passwd != null) &&
+1751         keyObjOrHex.isPrivate  == true) {
+1752 
+1753         var asn1Obj = _ecdsaprv2asn1obj(keyObjOrHex);
+1754         var asn1Hex = asn1Obj.getEncodedHex();
 1755 
-1756         var asn1Obj = _dsaprv2asn1obj(keyObjOrHex);
-1757         var asn1Hex = asn1Obj.getEncodedHex();
-1758 
-1759         if (encAlg === undefined) encAlg = "DES-EDE3-CBC";
-1760         return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA", asn1Hex, passwd, encAlg);
-1761     }
-1762 
-1763     // x. ======================================================================
-1764 
-1765     var _getEncryptedPKCS8 = function(plainKeyHex, passcode) {
-1766         var info = _getEencryptedPKCS8Info(plainKeyHex, passcode);
-1767         //alert("iv=" + info.encryptionSchemeIV);
-1768         //alert("info.ciphertext2[" + info.ciphertext.length + "=" + info.ciphertext);
-1769         var asn1Obj = new KJUR.asn1.ASN1Util.newObject({
-1770             "seq": [
-1771                 {"seq": [
-1772                     {"oid": {"name": "pkcs5PBES2"}},
-1773                     {"seq": [
-1774                         {"seq": [
-1775                             {"oid": {"name": "pkcs5PBKDF2"}},
-1776                             {"seq": [
-1777                                 {"octstr": {"hex": info.pbkdf2Salt}},
-1778                                 {"int": info.pbkdf2Iter}
-1779                             ]}
-1780                         ]},
-1781                         {"seq": [
-1782                             {"oid": {"name": "des-EDE3-CBC"}},
-1783                             {"octstr": {"hex": info.encryptionSchemeIV}}
-1784                         ]}
-1785                     ]}
-1786                 ]},
-1787                 {"octstr": {"hex": info.ciphertext}}
-1788             ]
-1789         });
-1790         return asn1Obj.getEncodedHex();
-1791     };
-1792 
-1793     var _getEencryptedPKCS8Info = function(plainKeyHex, passcode) {
-1794         var pbkdf2Iter = 100;
-1795         var pbkdf2SaltWS = CryptoJS.lib.WordArray.random(8);
-1796         var encryptionSchemeAlg = "DES-EDE3-CBC";
-1797         var encryptionSchemeIVWS = CryptoJS.lib.WordArray.random(8);
-1798         // PBKDF2 key
-1799         var pbkdf2KeyWS = CryptoJS.PBKDF2(passcode, 
-1800                                           pbkdf2SaltWS, { "keySize": 192/32,
-1801                                                           "iterations": pbkdf2Iter });
-1802         // ENCRYPT
-1803         var plainKeyWS = CryptoJS.enc.Hex.parse(plainKeyHex);
-1804         var encryptedKeyHex = 
-1805             CryptoJS.TripleDES.encrypt(plainKeyWS, pbkdf2KeyWS, { "iv": encryptionSchemeIVWS }) + "";
-1806 
-1807         //alert("encryptedKeyHex=" + encryptedKeyHex);
-1808 
-1809         var info = {};
-1810         info.ciphertext = encryptedKeyHex;
-1811         //alert("info.ciphertext=" + info.ciphertext);
-1812         info.pbkdf2Salt = CryptoJS.enc.Hex.stringify(pbkdf2SaltWS);
-1813         info.pbkdf2Iter = pbkdf2Iter;
-1814         info.encryptionSchemeAlg = encryptionSchemeAlg;
-1815         info.encryptionSchemeIV = CryptoJS.enc.Hex.stringify(encryptionSchemeIVWS);
-1816         return info;
-1817     };
-1818 
-1819     // x. PEM PKCS#8 plain private key of RSA private key object
-1820     if (formatType == "PKCS8PRV" &&
-1821         typeof RSAKey != "undefined" &&
-1822         keyObjOrHex instanceof RSAKey &&
-1823         keyObjOrHex.isPrivate  == true) {
-1824 
-1825         var keyObj = _rsaprv2asn1obj(keyObjOrHex);
-1826         var keyHex = keyObj.getEncodedHex();
-1827 
-1828         var asn1Obj = KJUR.asn1.ASN1Util.newObject({
-1829             "seq": [
-1830                 {"int": 0},
-1831                 {"seq": [{"oid": {"name": "rsaEncryption"}},{"null": true}]},
-1832                 {"octstr": {"hex": keyHex}}
-1833             ]
-1834         });
-1835         var asn1Hex = asn1Obj.getEncodedHex();
-1836 
-1837         if (passwd === undefined || passwd == null) {
-1838             return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY");
-1839         } else {
-1840             var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd);
-1841             return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY");
-1842         }
-1843     }
-1844 
-1845     // x. PEM PKCS#8 plain private key of ECDSA private key object
-1846     if (formatType == "PKCS8PRV" &&
-1847         typeof KJUR.crypto.ECDSA != "undefined" &&
-1848         keyObjOrHex instanceof KJUR.crypto.ECDSA &&
-1849         keyObjOrHex.isPrivate  == true) {
-1850 
-1851         var keyObj = new KJUR.asn1.ASN1Util.newObject({
-1852             "seq": [
-1853                 {"int": 1},
-1854                 {"octstr": {"hex": keyObjOrHex.prvKeyHex}},
-1855                 {"tag": ['a1', true, {"bitstr": {"hex": "00" + keyObjOrHex.pubKeyHex}}]}
-1856             ]
-1857         });
-1858         var keyHex = keyObj.getEncodedHex();
-1859 
-1860         var asn1Obj = KJUR.asn1.ASN1Util.newObject({
-1861             "seq": [
-1862                 {"int": 0},
-1863                 {"seq": [
-1864                     {"oid": {"name": "ecPublicKey"}},
-1865                     {"oid": {"name": keyObjOrHex.curveName}}
-1866                 ]},
-1867                 {"octstr": {"hex": keyHex}}
-1868             ]
-1869         });
+1756         if (encAlg === undefined) encAlg = "DES-EDE3-CBC";
+1757         return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC", asn1Hex, passwd, encAlg);
+1758     }
+1759 
+1760     // x. PEM PKCS#5 encrypted private key of DSA private key object
+1761     if (formatType == "PKCS5PRV" &&
+1762         _DSA !== undefined &&
+1763         keyObjOrHex instanceof _DSA &&
+1764         (passwd !== undefined && passwd != null) &&
+1765         keyObjOrHex.isPrivate  == true) {
+1766 
+1767         var asn1Obj = _dsaprv2asn1obj(keyObjOrHex);
+1768         var asn1Hex = asn1Obj.getEncodedHex();
+1769 
+1770         if (encAlg === undefined) encAlg = "DES-EDE3-CBC";
+1771         return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA", asn1Hex, passwd, encAlg);
+1772     }
+1773 
+1774     // x. ======================================================================
+1775 
+1776     var _getEncryptedPKCS8 = function(plainKeyHex, passcode) {
+1777         var info = _getEencryptedPKCS8Info(plainKeyHex, passcode);
+1778         //alert("iv=" + info.encryptionSchemeIV);
+1779         //alert("info.ciphertext2[" + info.ciphertext.length + "=" + info.ciphertext);
+1780         var asn1Obj = new _newObject({
+1781             "seq": [
+1782                 {"seq": [
+1783                     {"oid": {"name": "pkcs5PBES2"}},
+1784                     {"seq": [
+1785                         {"seq": [
+1786                             {"oid": {"name": "pkcs5PBKDF2"}},
+1787                             {"seq": [
+1788                                 {"octstr": {"hex": info.pbkdf2Salt}},
+1789                                 {"int": info.pbkdf2Iter}
+1790                             ]}
+1791                         ]},
+1792                         {"seq": [
+1793                             {"oid": {"name": "des-EDE3-CBC"}},
+1794                             {"octstr": {"hex": info.encryptionSchemeIV}}
+1795                         ]}
+1796                     ]}
+1797                 ]},
+1798                 {"octstr": {"hex": info.ciphertext}}
+1799             ]
+1800         });
+1801         return asn1Obj.getEncodedHex();
+1802     };
+1803 
+1804     var _getEencryptedPKCS8Info = function(plainKeyHex, passcode) {
+1805         var pbkdf2Iter = 100;
+1806         var pbkdf2SaltWS = CryptoJS.lib.WordArray.random(8);
+1807         var encryptionSchemeAlg = "DES-EDE3-CBC";
+1808         var encryptionSchemeIVWS = CryptoJS.lib.WordArray.random(8);
+1809         // PBKDF2 key
+1810         var pbkdf2KeyWS = CryptoJS.PBKDF2(passcode, 
+1811                                           pbkdf2SaltWS, { "keySize": 192/32,
+1812                                                           "iterations": pbkdf2Iter });
+1813         // ENCRYPT
+1814         var plainKeyWS = CryptoJS.enc.Hex.parse(plainKeyHex);
+1815         var encryptedKeyHex = 
+1816             CryptoJS.TripleDES.encrypt(plainKeyWS, pbkdf2KeyWS, { "iv": encryptionSchemeIVWS }) + "";
+1817 
+1818         //alert("encryptedKeyHex=" + encryptedKeyHex);
+1819 
+1820         var info = {};
+1821         info.ciphertext = encryptedKeyHex;
+1822         //alert("info.ciphertext=" + info.ciphertext);
+1823         info.pbkdf2Salt = CryptoJS.enc.Hex.stringify(pbkdf2SaltWS);
+1824         info.pbkdf2Iter = pbkdf2Iter;
+1825         info.encryptionSchemeAlg = encryptionSchemeAlg;
+1826         info.encryptionSchemeIV = CryptoJS.enc.Hex.stringify(encryptionSchemeIVWS);
+1827         return info;
+1828     };
+1829 
+1830     // x. PEM PKCS#8 plain private key of RSA private key object
+1831     if (formatType == "PKCS8PRV" &&
+1832         _RSAKey != undefined &&
+1833         keyObjOrHex instanceof _RSAKey &&
+1834         keyObjOrHex.isPrivate  == true) {
+1835 
+1836         var keyObj = _rsaprv2asn1obj(keyObjOrHex);
+1837         var keyHex = keyObj.getEncodedHex();
+1838 
+1839         var asn1Obj = _newObject({
+1840             "seq": [
+1841                 {"int": 0},
+1842                 {"seq": [{"oid": {"name": "rsaEncryption"}},{"null": true}]},
+1843                 {"octstr": {"hex": keyHex}}
+1844             ]
+1845         });
+1846         var asn1Hex = asn1Obj.getEncodedHex();
+1847 
+1848         if (passwd === undefined || passwd == null) {
+1849             return hextopem(asn1Hex, "PRIVATE KEY");
+1850         } else {
+1851             var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd);
+1852             return hextopem(asn1Hex2, "ENCRYPTED PRIVATE KEY");
+1853         }
+1854     }
+1855 
+1856     // x. PEM PKCS#8 plain private key of ECDSA private key object
+1857     if (formatType == "PKCS8PRV" &&
+1858         _ECDSA !== undefined &&
+1859         keyObjOrHex instanceof _ECDSA &&
+1860         keyObjOrHex.isPrivate  == true) {
+1861 
+1862         var keyObj = new _newObject({
+1863             "seq": [
+1864                 {"int": 1},
+1865                 {"octstr": {"hex": keyObjOrHex.prvKeyHex}},
+1866                 {"tag": ['a1', true, {"bitstr": {"hex": "00" + keyObjOrHex.pubKeyHex}}]}
+1867             ]
+1868         });
+1869         var keyHex = keyObj.getEncodedHex();
 1870 
-1871         var asn1Hex = asn1Obj.getEncodedHex();
-1872         if (passwd === undefined || passwd == null) {
-1873             return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY");
-1874         } else {
-1875             var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd);
-1876             return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY");
-1877         }
-1878     }
-1879 
-1880     // x. PEM PKCS#8 plain private key of DSA private key object
-1881     if (formatType == "PKCS8PRV" &&
-1882         typeof KJUR.crypto.DSA != "undefined" &&
-1883         keyObjOrHex instanceof KJUR.crypto.DSA &&
-1884         keyObjOrHex.isPrivate  == true) {
-1885 
-1886         var keyObj = new KJUR.asn1.DERInteger({'bigint': keyObjOrHex.x});
-1887         var keyHex = keyObj.getEncodedHex();
-1888 
-1889         var asn1Obj = KJUR.asn1.ASN1Util.newObject({
-1890             "seq": [
-1891                 {"int": 0},
-1892                 {"seq": [
-1893                     {"oid": {"name": "dsa"}},
-1894                     {"seq": [
-1895                         {"int": {"bigint": keyObjOrHex.p}},
-1896                         {"int": {"bigint": keyObjOrHex.q}},
-1897                         {"int": {"bigint": keyObjOrHex.g}}
-1898                     ]}
-1899                 ]},
-1900                 {"octstr": {"hex": keyHex}}
-1901             ]
-1902         });
-1903 
-1904         var asn1Hex = asn1Obj.getEncodedHex();
-1905         if (passwd === undefined || passwd == null) {
-1906             return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY");
-1907         } else {
-1908             var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd);
-1909             return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY");
-1910         }
-1911     }
-1912 
-1913     throw "unsupported object nor format";
-1914 };
-1915 
-1916 // -- PUBLIC METHODS FOR CSR -------------------------------------------------------
-1917 
-1918 /**
-1919  * get RSAKey/DSA/ECDSA public key object from PEM formatted PKCS#10 CSR string
-1920  * @name getKeyFromCSRPEM
-1921  * @memberOf KEYUTIL
-1922  * @function
-1923  * @param {String} csrPEM PEM formatted PKCS#10 CSR string
-1924  * @return {Object} RSAKey/DSA/ECDSA public key object
-1925  * @since keyutil 1.0.5
-1926  */
-1927 KEYUTIL.getKeyFromCSRPEM = function(csrPEM) {
-1928     var csrHex = ASN1HEX.pemToHex(csrPEM, "CERTIFICATE REQUEST");
-1929     var key = KEYUTIL.getKeyFromCSRHex(csrHex);
-1930     return key;
-1931 };
-1932 
-1933 /**
-1934  * get RSAKey/DSA/ECDSA public key object from hexadecimal string of PKCS#10 CSR
-1935  * @name getKeyFromCSRHex
-1936  * @memberOf KEYUTIL
-1937  * @function
-1938  * @param {String} csrHex hexadecimal string of PKCS#10 CSR
-1939  * @return {Object} RSAKey/DSA/ECDSA public key object
-1940  * @since keyutil 1.0.5
-1941  */
-1942 KEYUTIL.getKeyFromCSRHex = function(csrHex) {
-1943     var info = KEYUTIL.parseCSRHex(csrHex);
-1944     var key = KEYUTIL.getKey(info.p8pubkeyhex, null, "pkcs8pub");
-1945     return key;
-1946 };
-1947 
-1948 /**
-1949  * parse hexadecimal string of PKCS#10 CSR (certificate signing request)
-1950  * @name parseCSRHex
-1951  * @memberOf KEYUTIL
-1952  * @function
-1953  * @param {String} csrHex hexadecimal string of PKCS#10 CSR
-1954  * @return {Array} associative array of parsed CSR
-1955  * @since keyutil 1.0.5
-1956  * @description
-1957  * Resulted associative array has following properties:
-1958  * <ul>
-1959  * <li>p8pubkeyhex - hexadecimal string of subject public key in PKCS#8</li>
-1960  * </ul>
-1961  */
-1962 KEYUTIL.parseCSRHex = function(csrHex) {
-1963     var _ASN1HEX = ASN1HEX;
-1964     var _getChildIdx = _ASN1HEX.getChildIdx;
-1965     var _getTLV = _ASN1HEX.getTLV;
-1966     var result = {};
-1967     var h = csrHex;
-1968 
-1969     // 1. sequence
-1970     if (h.substr(0, 2) != "30")
-1971         throw "malformed CSR(code:001)"; // not sequence
-1972 
-1973     var a1 = _getChildIdx(h, 0);
-1974     if (a1.length < 1)
-1975         throw "malformed CSR(code:002)"; // short length
-1976 
-1977     // 2. 2nd sequence
-1978     if (h.substr(a1[0], 2) != "30")
-1979         throw "malformed CSR(code:003)"; // not sequence
-1980 
-1981     var a2 = _getChildIdx(h, a1[0]);
-1982     if (a2.length < 3)
-1983         throw "malformed CSR(code:004)"; // 2nd seq short elem
-1984 
-1985     result.p8pubkeyhex = _getTLV(h, a2[2]);
-1986 
-1987     return result;
-1988 };
-1989 
-1990 // -- OTHER STATIC PUBLIC METHODS  -------------------------------------------------
+1871         var asn1Obj = _newObject({
+1872             "seq": [
+1873                 {"int": 0},
+1874                 {"seq": [
+1875                     {"oid": {"name": "ecPublicKey"}},
+1876                     {"oid": {"name": keyObjOrHex.curveName}}
+1877                 ]},
+1878                 {"octstr": {"hex": keyHex}}
+1879             ]
+1880         });
+1881 
+1882         var asn1Hex = asn1Obj.getEncodedHex();
+1883         if (passwd === undefined || passwd == null) {
+1884             return hextopem(asn1Hex, "PRIVATE KEY");
+1885         } else {
+1886             var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd);
+1887             return hextopem(asn1Hex2, "ENCRYPTED PRIVATE KEY");
+1888         }
+1889     }
+1890 
+1891     // x. PEM PKCS#8 plain private key of DSA private key object
+1892     if (formatType == "PKCS8PRV" &&
+1893         _DSA !== undefined &&
+1894         keyObjOrHex instanceof _DSA &&
+1895         keyObjOrHex.isPrivate  == true) {
+1896 
+1897         var keyObj = new _DERInteger({'bigint': keyObjOrHex.x});
+1898         var keyHex = keyObj.getEncodedHex();
+1899 
+1900         var asn1Obj = _newObject({
+1901             "seq": [
+1902                 {"int": 0},
+1903                 {"seq": [
+1904                     {"oid": {"name": "dsa"}},
+1905                     {"seq": [
+1906                         {"int": {"bigint": keyObjOrHex.p}},
+1907                         {"int": {"bigint": keyObjOrHex.q}},
+1908                         {"int": {"bigint": keyObjOrHex.g}}
+1909                     ]}
+1910                 ]},
+1911                 {"octstr": {"hex": keyHex}}
+1912             ]
+1913         });
+1914 
+1915         var asn1Hex = asn1Obj.getEncodedHex();
+1916         if (passwd === undefined || passwd == null) {
+1917             return hextopem(asn1Hex, "PRIVATE KEY");
+1918         } else {
+1919             var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd);
+1920             return hextopem(asn1Hex2, "ENCRYPTED PRIVATE KEY");
+1921         }
+1922     }
+1923 
+1924     throw "unsupported object nor format";
+1925 };
+1926 
+1927 // -- PUBLIC METHODS FOR CSR --------------------------------------------------
+1928 
+1929 /**
+1930  * get RSAKey/DSA/ECDSA public key object from PEM formatted PKCS#10 CSR string
+1931  * @name getKeyFromCSRPEM
+1932  * @memberOf KEYUTIL
+1933  * @function
+1934  * @param {String} csrPEM PEM formatted PKCS#10 CSR string
+1935  * @return {Object} RSAKey/DSA/ECDSA public key object
+1936  * @since keyutil 1.0.5
+1937  */
+1938 KEYUTIL.getKeyFromCSRPEM = function(csrPEM) {
+1939     var csrHex = pemtohex(csrPEM, "CERTIFICATE REQUEST");
+1940     var key = KEYUTIL.getKeyFromCSRHex(csrHex);
+1941     return key;
+1942 };
+1943 
+1944 /**
+1945  * get RSAKey/DSA/ECDSA public key object from hexadecimal string of PKCS#10 CSR
+1946  * @name getKeyFromCSRHex
+1947  * @memberOf KEYUTIL
+1948  * @function
+1949  * @param {String} csrHex hexadecimal string of PKCS#10 CSR
+1950  * @return {Object} RSAKey/DSA/ECDSA public key object
+1951  * @since keyutil 1.0.5
+1952  */
+1953 KEYUTIL.getKeyFromCSRHex = function(csrHex) {
+1954     var info = KEYUTIL.parseCSRHex(csrHex);
+1955     var key = KEYUTIL.getKey(info.p8pubkeyhex, null, "pkcs8pub");
+1956     return key;
+1957 };
+1958 
+1959 /**
+1960  * parse hexadecimal string of PKCS#10 CSR (certificate signing request)
+1961  * @name parseCSRHex
+1962  * @memberOf KEYUTIL
+1963  * @function
+1964  * @param {String} csrHex hexadecimal string of PKCS#10 CSR
+1965  * @return {Array} associative array of parsed CSR
+1966  * @since keyutil 1.0.5
+1967  * @description
+1968  * Resulted associative array has following properties:
+1969  * <ul>
+1970  * <li>p8pubkeyhex - hexadecimal string of subject public key in PKCS#8</li>
+1971  * </ul>
+1972  */
+1973 KEYUTIL.parseCSRHex = function(csrHex) {
+1974     var _ASN1HEX = ASN1HEX;
+1975     var _getChildIdx = _ASN1HEX.getChildIdx;
+1976     var _getTLV = _ASN1HEX.getTLV;
+1977     var result = {};
+1978     var h = csrHex;
+1979 
+1980     // 1. sequence
+1981     if (h.substr(0, 2) != "30")
+1982         throw "malformed CSR(code:001)"; // not sequence
+1983 
+1984     var a1 = _getChildIdx(h, 0);
+1985     if (a1.length < 1)
+1986         throw "malformed CSR(code:002)"; // short length
+1987 
+1988     // 2. 2nd sequence
+1989     if (h.substr(a1[0], 2) != "30")
+1990         throw "malformed CSR(code:003)"; // not sequence
 1991 
-1992 /**
-1993  * convert from RSAKey/KJUR.crypto.ECDSA public/private key object to RFC 7517 JSON Web Key(JWK)
-1994  * @name getJWKFromKey
-1995  * @memberOf KEYUTIL
-1996  * @function
-1997  * @static
-1998  * @param {Object} RSAKey/KJUR.crypto.ECDSA public/private key object
-1999  * @return {Object} JWK object
-2000  * @since keyutil 1.0.13 jsrsasign 5.0.14
-2001  * @description
-2002  * This static method convert from RSAKey/KJUR.crypto.ECDSA public/private key object 
-2003  * to RFC 7517 JSON Web Key(JWK)
-2004  * @example
-2005  * kp1 = KEYUTIL.generateKeypair("EC", "P-256");
-2006  * jwkPrv1 = KEYUTIL.getJWKFromKey(kp1.prvKeyObj);
-2007  * jwkPub1 = KEYUTIL.getJWKFromKey(kp1.pubKeyObj);
-2008  *
-2009  * kp2 = KEYUTIL.generateKeypair("RSA", 2048);
-2010  * jwkPrv2 = KEYUTIL.getJWKFromKey(kp2.prvKeyObj);
-2011  * jwkPub2 = KEYUTIL.getJWKFromKey(kp2.pubKeyObj);
-2012  *
-2013  * // if you need RFC 7636 JWK thumprint as kid do like this:
-2014  * jwkPub2.kid = KJUR.jws.JWS.getJWKthumbprint(jwkPub2);
-2015  */
-2016 KEYUTIL.getJWKFromKey = function(keyObj) {
-2017     var jwk = {};
-2018     if (keyObj instanceof RSAKey && keyObj.isPrivate) {
-2019 	jwk.kty = "RSA";
-2020 	jwk.n = hextob64u(keyObj.n.toString(16));
-2021 	jwk.e = hextob64u(keyObj.e.toString(16));
-2022 	jwk.d = hextob64u(keyObj.d.toString(16));
-2023 	jwk.p = hextob64u(keyObj.p.toString(16));
-2024 	jwk.q = hextob64u(keyObj.q.toString(16));
-2025 	jwk.dp = hextob64u(keyObj.dmp1.toString(16));
-2026 	jwk.dq = hextob64u(keyObj.dmq1.toString(16));
-2027 	jwk.qi = hextob64u(keyObj.coeff.toString(16));
-2028 	return jwk;
-2029     } else if (keyObj instanceof RSAKey && keyObj.isPublic) {
+1992     var a2 = _getChildIdx(h, a1[0]);
+1993     if (a2.length < 3)
+1994         throw "malformed CSR(code:004)"; // 2nd seq short elem
+1995 
+1996     result.p8pubkeyhex = _getTLV(h, a2[2]);
+1997 
+1998     return result;
+1999 };
+2000 
+2001 // -- OTHER STATIC PUBLIC METHODS  -------------------------------------------------
+2002 
+2003 /**
+2004  * convert from RSAKey/KJUR.crypto.ECDSA public/private key object to RFC 7517 JSON Web Key(JWK)
+2005  * @name getJWKFromKey
+2006  * @memberOf KEYUTIL
+2007  * @function
+2008  * @static
+2009  * @param {Object} RSAKey/KJUR.crypto.ECDSA public/private key object
+2010  * @return {Object} JWK object
+2011  * @since keyutil 1.0.13 jsrsasign 5.0.14
+2012  * @description
+2013  * This static method convert from RSAKey/KJUR.crypto.ECDSA public/private key object 
+2014  * to RFC 7517 JSON Web Key(JWK)
+2015  * @example
+2016  * kp1 = KEYUTIL.generateKeypair("EC", "P-256");
+2017  * jwkPrv1 = KEYUTIL.getJWKFromKey(kp1.prvKeyObj);
+2018  * jwkPub1 = KEYUTIL.getJWKFromKey(kp1.pubKeyObj);
+2019  *
+2020  * kp2 = KEYUTIL.generateKeypair("RSA", 2048);
+2021  * jwkPrv2 = KEYUTIL.getJWKFromKey(kp2.prvKeyObj);
+2022  * jwkPub2 = KEYUTIL.getJWKFromKey(kp2.pubKeyObj);
+2023  *
+2024  * // if you need RFC 7636 JWK thumprint as kid do like this:
+2025  * jwkPub2.kid = KJUR.jws.JWS.getJWKthumbprint(jwkPub2);
+2026  */
+2027 KEYUTIL.getJWKFromKey = function(keyObj) {
+2028     var jwk = {};
+2029     if (keyObj instanceof RSAKey && keyObj.isPrivate) {
 2030 	jwk.kty = "RSA";
 2031 	jwk.n = hextob64u(keyObj.n.toString(16));
 2032 	jwk.e = hextob64u(keyObj.e.toString(16));
-2033 	return jwk;
-2034     } else if (keyObj instanceof KJUR.crypto.ECDSA && keyObj.isPrivate) {
-2035 	var name = keyObj.getShortNISTPCurveName();
-2036 	if (name !== "P-256" && name !== "P-384")
-2037 	    throw "unsupported curve name for JWT: " + name;
-2038 	var xy = keyObj.getPublicKeyXYHex();
-2039 	jwk.kty = "EC";
-2040 	jwk.crv =  name;
-2041 	jwk.x = hextob64u(xy.x);
-2042 	jwk.y = hextob64u(xy.y);
-2043 	jwk.d = hextob64u(keyObj.prvKeyHex);
+2033 	jwk.d = hextob64u(keyObj.d.toString(16));
+2034 	jwk.p = hextob64u(keyObj.p.toString(16));
+2035 	jwk.q = hextob64u(keyObj.q.toString(16));
+2036 	jwk.dp = hextob64u(keyObj.dmp1.toString(16));
+2037 	jwk.dq = hextob64u(keyObj.dmq1.toString(16));
+2038 	jwk.qi = hextob64u(keyObj.coeff.toString(16));
+2039 	return jwk;
+2040     } else if (keyObj instanceof RSAKey && keyObj.isPublic) {
+2041 	jwk.kty = "RSA";
+2042 	jwk.n = hextob64u(keyObj.n.toString(16));
+2043 	jwk.e = hextob64u(keyObj.e.toString(16));
 2044 	return jwk;
-2045     } else if (keyObj instanceof KJUR.crypto.ECDSA && keyObj.isPublic) {
+2045     } else if (keyObj instanceof KJUR.crypto.ECDSA && keyObj.isPrivate) {
 2046 	var name = keyObj.getShortNISTPCurveName();
 2047 	if (name !== "P-256" && name !== "P-384")
 2048 	    throw "unsupported curve name for JWT: " + name;
@@ -2058,10 +2058,21 @@
 2051 	jwk.crv =  name;
 2052 	jwk.x = hextob64u(xy.x);
 2053 	jwk.y = hextob64u(xy.y);
-2054 	return jwk;
-2055     }
-2056     throw "not supported key object";
-2057 };
-2058 
-2059 
-2060 
\ No newline at end of file +2054
jwk.d = hextob64u(keyObj.prvKeyHex); +2055 return jwk; +2056 } else if (keyObj instanceof KJUR.crypto.ECDSA && keyObj.isPublic) { +2057 var name = keyObj.getShortNISTPCurveName(); +2058 if (name !== "P-256" && name !== "P-384") +2059 throw "unsupported curve name for JWT: " + name; +2060 var xy = keyObj.getPublicKeyXYHex(); +2061 jwk.kty = "EC"; +2062 jwk.crv = name; +2063 jwk.x = hextob64u(xy.x); +2064 jwk.y = hextob64u(xy.y); +2065 return jwk; +2066 } +2067 throw "not supported key object"; +2068 }; +2069 +2070 +2071
\ No newline at end of file diff --git a/api/symbols/src/nodeutil-1.0.js.html b/api/symbols/src/nodeutil-1.0.js.html index 4e3b602d..ffd063a8 100644 --- a/api/symbols/src/nodeutil-1.0.js.html +++ b/api/symbols/src/nodeutil-1.0.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
  1 /*! nodeutil-1.0.0 (c) 2015 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* nodeutil-1.0.0 (c) 2015 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * nodeutil.js - Utilities for Node
diff --git a/api/symbols/src/pkcs5pkey-1.0.js.html b/api/symbols/src/pkcs5pkey-1.0.js.html
index 29840d09..bf6ea58f 100644
--- a/api/symbols/src/pkcs5pkey-1.0.js.html
+++ b/api/symbols/src/pkcs5pkey-1.0.js.html
@@ -5,7 +5,7 @@
 	.STRN {color: #393;}
 	.REGX {color: #339;}
 	.line {border-right: 1px dotted #666; color: #666; font-style: normal;}
-	
  1 /*! pkcs5pkey-1.1.1.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* pkcs5pkey-1.1.2.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * pkcs5pkey.js - reading passcode protected PKCS#5 PEM formatted RSA private key
@@ -22,7 +22,7 @@
  15  * @fileOverview
  16  * @name pkcs5pkey-1.0.js (DEPRECATED)
  17  * @author Kenji Urushima kenji.urushima@gmail.com
- 18  * @version jsrsasign 7.2.0 pkcs5pkey 1.1.1 (2017-May-12)
+ 18  * @version jsrsasign 7.2.1 pkcs5pkey 1.1.2 (2017-Jun-03)
  19  * @since jsrsasign 2.0.0
  20  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
  21  */
@@ -270,7 +270,7 @@
 263 	 * @deprecated from pkcs5pkey 1.1.0 jsrsasign 7.1.0. please move to {@link ASN1HEX.pemToHex}
 264          */
 265         getHexFromPEM: function(sPEM, sHead) {
-266 	    return ASN1HEX.pemToHex(sPEM, sHead);
+266 	    return pemtohex(sPEM, sHead);
 267         },
 268 
 269         /**
@@ -524,7 +524,7 @@
 517         getRSAKeyFromPlainPKCS8PEM: function(pkcs8PEM) {
 518             if (pkcs8PEM.match(/ENCRYPTED/))
 519                 throw "pem shall be not ENCRYPTED";
-520             var prvKeyHex = ASN1HEX.pemToHex(pkcs8PEM, "PRIVATE KEY");
+520             var prvKeyHex = pemtohex(pkcs8PEM, "PRIVATE KEY");
 521             var rsaKey = this.getRSAKeyFromPlainPKCS8Hex(prvKeyHex);
 522             return rsaKey;
 523         },
@@ -692,7 +692,7 @@
 685          */
 686         getPlainPKCS8HexFromEncryptedPKCS8PEM: function(pkcs8PEM, passcode) {
 687             // 1. derHex - PKCS#8 private key encrypted by PBKDF2
-688             var derHex = ASN1HEX.pemToHex(pkcs8PEM, "ENCRYPTED PRIVATE KEY");
+688             var derHex = pemtohex(pkcs8PEM, "ENCRYPTED PRIVATE KEY");
 689             // 2. info - PKCS#5 PBES info
 690             var info = this.parseHexOfEncryptedPKCS8(derHex);
 691             // 3. hKey - PBKDF2 key
@@ -818,7 +818,7 @@
 811          * @since pkcs5pkey 1.0.5
 812          */
 813         getKeyFromPlainPrivatePKCS8PEM: function(prvKeyPEM) {
-814             var prvKeyHex = ASN1HEX.pemToHex(prvKeyPEM, "PRIVATE KEY");
+814             var prvKeyHex = pemtohex(prvKeyPEM, "PRIVATE KEY");
 815             var key = this.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex);
 816             return key;
 817         },
@@ -861,7 +861,7 @@
 854          * @since pkcs5pkey 1.0.4
 855          */
 856         getRSAKeyFromPublicPKCS8PEM: function(pkcs8PubPEM) {
-857             var pubKeyHex = ASN1HEX.pemToHex(pkcs8PubPEM, "PUBLIC KEY");
+857             var pubKeyHex = pemtohex(pkcs8PubPEM, "PUBLIC KEY");
 858             var rsaKey = this.getRSAKeyFromPublicPKCS8Hex(pubKeyHex);
 859             return rsaKey;
 860         },
@@ -876,7 +876,7 @@
 869          * @since pkcs5pkey 1.0.5
 870          */
 871         getKeyFromPublicPKCS8PEM: function(pkcs8PubPEM) {
-872             var pubKeyHex = ASN1HEX.pemToHex(pkcs8PubPEM, "PUBLIC KEY");
+872             var pubKeyHex = pemtohex(pkcs8PubPEM, "PUBLIC KEY");
 873             var key = this.getKeyFromPublicPKCS8Hex(pubKeyHex);
 874             return key;
 875         },
diff --git a/api/symbols/src/rsapem-1.1.js.html b/api/symbols/src/rsapem-1.1.js.html
index 798cfbba..48b9c5d5 100644
--- a/api/symbols/src/rsapem-1.1.js.html
+++ b/api/symbols/src/rsapem-1.1.js.html
@@ -5,7 +5,7 @@
 	.STRN {color: #393;}
 	.REGX {color: #339;}
 	.line {border-right: 1px dotted #666; color: #666; font-style: normal;}
-	
  1 /*! rsapem-1.2.1.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* rsapem-1.2.2.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * rsapem.js - Cryptographic Algorithm Provider class
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name rsapem-1.1.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 7.2.0 rsapem 1.2.1 (2017-May-12)
+ 19  * @version jsrsasign 7.2.1 rsapem 1.2.2 (2017-Jun-03)
  20  * @since jsrsasign 1.0
  21  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -35,194 +35,191 @@
  28  * @function
  29  * @param {String} sPEMPrivateKey PEM PKCS#1/5 s private key string
  30  * @return {String} Base64 string of private key
- 31  * @description
- 32  * removing PEM header, PEM footer and space characters including
- 33  * new lines from PEM formatted RSA private key string.
- 34  * @example
- 35  * RSAKey.pemToBase64("----BEGIN PRIVATE KEY-...") → "MIICW..."
- 36  */
- 37 RSAKey.pemToBase64 = function(sPEMPrivateKey) {
- 38     var s = sPEMPrivateKey;
- 39     s = s.replace("-----BEGIN RSA PRIVATE KEY-----", "");
- 40     s = s.replace("-----END RSA PRIVATE KEY-----", "");
- 41     s = s.replace(/[ \n]+/g, "");
- 42     return s;
- 43 };
- 44 
- 45 /**
- 46  * static method to get array of field positions from hexadecimal PKCS#5 RSA private key.<br/>
- 47  * @name getPosArrayOfChildrenFromHex
- 48  * @memberOf RSAKey
- 49  * @function
- 50  * @param {String} sPEMPrivateKey PEM PKCS#1/5 s private key string
- 51  * @return {Array} array of field positions
- 52  * @example
- 53  * RSAKey.getPosArrayOfChildrenFromHex("3082...") → [8, 32, ...]
- 54  */
- 55 RSAKey.getPosArrayOfChildrenFromHex = function(hPrivateKey) {
- 56     return ASN1HEX.getChildIdx(hPrivateKey, 0);
- 57 };
- 58 
- 59 /**
- 60  * static method to get array of hex field values from hexadecimal PKCS#5 RSA private key.<br/>
- 61  * @name getHexValueArrayOfChildrenFromHex
- 62  * @memberOf RSAKey
- 63  * @function
- 64  * @param {String} sPEMPrivateKey PEM PKCS#1/5 s private key string
- 65  * @return {Array} array of field hex value
- 66  * @example
- 67  * RSAKey.getHexValueArrayOfChildrenFromHex("3082...") → ["00", "3b42...", ...]
- 68  */
- 69 RSAKey.getHexValueArrayOfChildrenFromHex = function(hPrivateKey) {
- 70     var _ASN1HEX = ASN1HEX;
- 71     var _getV = _ASN1HEX.getV;
- 72     var a = RSAKey.getPosArrayOfChildrenFromHex(hPrivateKey);
- 73     var h_v =  _getV(hPrivateKey, a[0]);
- 74     var h_n =  _getV(hPrivateKey, a[1]);
- 75     var h_e =  _getV(hPrivateKey, a[2]);
- 76     var h_d =  _getV(hPrivateKey, a[3]);
- 77     var h_p =  _getV(hPrivateKey, a[4]);
- 78     var h_q =  _getV(hPrivateKey, a[5]);
- 79     var h_dp = _getV(hPrivateKey, a[6]);
- 80     var h_dq = _getV(hPrivateKey, a[7]);
- 81     var h_co = _getV(hPrivateKey, a[8]);
- 82     var a = new Array();
- 83     a.push(h_v, h_n, h_e, h_d, h_p, h_q, h_dp, h_dq, h_co);
- 84     return a;
- 85 };
- 86 
- 87 /**
- 88  * read PKCS#1 private key from a string<br/>
- 89  * @name readPrivateKeyFromPEMString
- 90  * @memberOf RSAKey#
- 91  * @function
- 92  * @param {String} keyPEM string of PKCS#1 private key.
- 93  */
- 94 RSAKey.prototype.readPrivateKeyFromPEMString = function(keyPEM) {
- 95     var keyB64 = RSAKey.pemToBase64(keyPEM);
- 96     var keyHex = b64tohex(keyB64) // depends base64.js
- 97     var a = RSAKey.getHexValueArrayOfChildrenFromHex(keyHex);
- 98     this.setPrivateEx(a[1],a[2],a[3],a[4],a[5],a[6],a[7],a[8]);
- 99 };
-100 
-101 /**
-102  * (DEPRECATED) read RSA private key from a ASN.1 hexadecimal string<br/>
-103  * @name readPrivateKeyFromASN1HexString
-104  * @memberOf RSAKey#
-105  * @function
-106  * @param {String} keyHex ASN.1 hexadecimal string of PKCS#1 private key.
-107  * @since rsapem 1.1.1
-108  * @deprecated since jsrsasign 7.1.0 rsapem 1.2.0, please use {@link RSAKey.readPKCS5PrvKeyHex} instead.
-109  */
-110 RSAKey.prototype.readPrivateKeyFromASN1HexString = function(keyHex) {
-111     this.readPKCS5PrvKeyHex(keyHex);
-112 };
-113 
-114 /**
-115  * read an ASN.1 hexadecimal string of PKCS#1/5 plain RSA private key<br/>
-116  * @name readPKCS5PrvKeyHex
-117  * @memberOf RSAKey#
-118  * @function
-119  * @param {String} h hexadecimal string of PKCS#1/5 plain RSA private key
-120  * @since jsrsasign 7.1.0 rsapem 1.2.0
-121  * @see {@link RSAKey.readPrivateKeyFromASN1HexString} former method
-122  */
-123 RSAKey.prototype.readPKCS5PrvKeyHex = function(h) {
-124     var a = RSAKey.getHexValueArrayOfChildrenFromHex(h);
-125     this.setPrivateEx(a[1],a[2],a[3],a[4],a[5],a[6],a[7],a[8]);
-126 };
-127 
-128 /**
-129  * read an ASN.1 hexadecimal string of PKCS#8 plain RSA private key<br/>
-130  * @name readPKCS8PrvKeyHex
-131  * @memberOf RSAKey#
-132  * @function
-133  * @param {String} h hexadecimal string of PKCS#8 plain RSA private key
-134  * @since jsrsasign 7.1.0 rsapem 1.2.0
-135  */
-136 RSAKey.prototype.readPKCS8PrvKeyHex = function(h) {
-137     var hN, hE, hD, hP, hQ, hDP, hDQ, hCO;
-138     var _ASN1HEX = ASN1HEX;
-139     var _getVbyList = _ASN1HEX.getVbyList;
+ 31  * @deprecated jsrsasign 7.2.1 rsapem 1.1.2
+ 32  * @description
+ 33  * removing PEM header, PEM footer and space characters including
+ 34  * new lines from PEM formatted RSA private key string.
+ 35  * @example
+ 36  * RSAKey.pemToBase64("----BEGIN PRIVATE KEY-...") → "MIICW..."
+ 37  */
+ 38 RSAKey.pemToBase64 = function(sPEMPrivateKey) {
+ 39     return hextob64(pemtohex(sPEMPrivateKey));
+ 40 };
+ 41 
+ 42 /**
+ 43  * static method to get array of field positions from hexadecimal PKCS#5 RSA private key.<br/>
+ 44  * @name getPosArrayOfChildrenFromHex
+ 45  * @memberOf RSAKey
+ 46  * @function
+ 47  * @param {String} sPEMPrivateKey PEM PKCS#1/5 s private key string
+ 48  * @return {Array} array of field positions
+ 49  * @example
+ 50  * RSAKey.getPosArrayOfChildrenFromHex("3082...") → [8, 32, ...]
+ 51  */
+ 52 RSAKey.getPosArrayOfChildrenFromHex = function(hPrivateKey) {
+ 53     return ASN1HEX.getChildIdx(hPrivateKey, 0);
+ 54 };
+ 55 
+ 56 /**
+ 57  * static method to get array of hex field values from hexadecimal PKCS#5 RSA private key.<br/>
+ 58  * @name getHexValueArrayOfChildrenFromHex
+ 59  * @memberOf RSAKey
+ 60  * @function
+ 61  * @param {String} sPEMPrivateKey PEM PKCS#1/5 s private key string
+ 62  * @return {Array} array of field hex value
+ 63  * @example
+ 64  * RSAKey.getHexValueArrayOfChildrenFromHex("3082...") → ["00", "3b42...", ...]
+ 65  */
+ 66 RSAKey.getHexValueArrayOfChildrenFromHex = function(hPrivateKey) {
+ 67     var _ASN1HEX = ASN1HEX;
+ 68     var _getV = _ASN1HEX.getV;
+ 69     var a = RSAKey.getPosArrayOfChildrenFromHex(hPrivateKey);
+ 70     var h_v =  _getV(hPrivateKey, a[0]);
+ 71     var h_n =  _getV(hPrivateKey, a[1]);
+ 72     var h_e =  _getV(hPrivateKey, a[2]);
+ 73     var h_d =  _getV(hPrivateKey, a[3]);
+ 74     var h_p =  _getV(hPrivateKey, a[4]);
+ 75     var h_q =  _getV(hPrivateKey, a[5]);
+ 76     var h_dp = _getV(hPrivateKey, a[6]);
+ 77     var h_dq = _getV(hPrivateKey, a[7]);
+ 78     var h_co = _getV(hPrivateKey, a[8]);
+ 79     var a = new Array();
+ 80     a.push(h_v, h_n, h_e, h_d, h_p, h_q, h_dp, h_dq, h_co);
+ 81     return a;
+ 82 };
+ 83 
+ 84 /**
+ 85  * read PKCS#1 private key from a string<br/>
+ 86  * @name readPrivateKeyFromPEMString
+ 87  * @memberOf RSAKey#
+ 88  * @function
+ 89  * @param {String} keyPEM string of PKCS#1 private key.
+ 90  */
+ 91 RSAKey.prototype.readPrivateKeyFromPEMString = function(keyPEM) {
+ 92     var keyB64 = RSAKey.pemToBase64(keyPEM);
+ 93     var keyHex = b64tohex(keyB64) // depends base64.js
+ 94     var a = RSAKey.getHexValueArrayOfChildrenFromHex(keyHex);
+ 95     this.setPrivateEx(a[1],a[2],a[3],a[4],a[5],a[6],a[7],a[8]);
+ 96 };
+ 97 
+ 98 /**
+ 99  * (DEPRECATED) read RSA private key from a ASN.1 hexadecimal string<br/>
+100  * @name readPrivateKeyFromASN1HexString
+101  * @memberOf RSAKey#
+102  * @function
+103  * @param {String} keyHex ASN.1 hexadecimal string of PKCS#1 private key.
+104  * @since rsapem 1.1.1
+105  * @deprecated since jsrsasign 7.1.0 rsapem 1.2.0, please use {@link RSAKey.readPKCS5PrvKeyHex} instead.
+106  */
+107 RSAKey.prototype.readPrivateKeyFromASN1HexString = function(keyHex) {
+108     this.readPKCS5PrvKeyHex(keyHex);
+109 };
+110 
+111 /**
+112  * read an ASN.1 hexadecimal string of PKCS#1/5 plain RSA private key<br/>
+113  * @name readPKCS5PrvKeyHex
+114  * @memberOf RSAKey#
+115  * @function
+116  * @param {String} h hexadecimal string of PKCS#1/5 plain RSA private key
+117  * @since jsrsasign 7.1.0 rsapem 1.2.0
+118  * @see {@link RSAKey.readPrivateKeyFromASN1HexString} former method
+119  */
+120 RSAKey.prototype.readPKCS5PrvKeyHex = function(h) {
+121     var a = RSAKey.getHexValueArrayOfChildrenFromHex(h);
+122     this.setPrivateEx(a[1],a[2],a[3],a[4],a[5],a[6],a[7],a[8]);
+123 };
+124 
+125 /**
+126  * read an ASN.1 hexadecimal string of PKCS#8 plain RSA private key<br/>
+127  * @name readPKCS8PrvKeyHex
+128  * @memberOf RSAKey#
+129  * @function
+130  * @param {String} h hexadecimal string of PKCS#8 plain RSA private key
+131  * @since jsrsasign 7.1.0 rsapem 1.2.0
+132  */
+133 RSAKey.prototype.readPKCS8PrvKeyHex = function(h) {
+134     var hN, hE, hD, hP, hQ, hDP, hDQ, hCO;
+135     var _ASN1HEX = ASN1HEX;
+136     var _getVbyList = _ASN1HEX.getVbyList;
+137 
+138     if (_ASN1HEX.isASN1HEX(h) === false)
+139 	throw "not ASN.1 hex string";
 140 
-141     if (_ASN1HEX.isASN1HEX(h) === false)
-142 	throw "not ASN.1 hex string";
-143 
-144     try {
-145 	hN  = _getVbyList(h, 0, [2, 0, 1], "02");
-146 	hE  = _getVbyList(h, 0, [2, 0, 2], "02");
-147 	hD  = _getVbyList(h, 0, [2, 0, 3], "02");
-148 	hP  = _getVbyList(h, 0, [2, 0, 4], "02");
-149 	hQ  = _getVbyList(h, 0, [2, 0, 5], "02");
-150 	hDP = _getVbyList(h, 0, [2, 0, 6], "02");
-151 	hDQ = _getVbyList(h, 0, [2, 0, 7], "02");
-152 	hCO = _getVbyList(h, 0, [2, 0, 8], "02");
-153     } catch(ex) {
-154 	throw "malformed PKCS#8 plain RSA private key";
-155     }
+141     try {
+142 	hN  = _getVbyList(h, 0, [2, 0, 1], "02");
+143 	hE  = _getVbyList(h, 0, [2, 0, 2], "02");
+144 	hD  = _getVbyList(h, 0, [2, 0, 3], "02");
+145 	hP  = _getVbyList(h, 0, [2, 0, 4], "02");
+146 	hQ  = _getVbyList(h, 0, [2, 0, 5], "02");
+147 	hDP = _getVbyList(h, 0, [2, 0, 6], "02");
+148 	hDQ = _getVbyList(h, 0, [2, 0, 7], "02");
+149 	hCO = _getVbyList(h, 0, [2, 0, 8], "02");
+150     } catch(ex) {
+151 	throw "malformed PKCS#8 plain RSA private key";
+152     }
+153 
+154     this.setPrivateEx(hN, hE, hD, hP, hQ, hDP, hDQ, hCO);
+155 };
 156 
-157     this.setPrivateEx(hN, hE, hD, hP, hQ, hDP, hDQ, hCO);
-158 };
-159 
-160 /**
-161  * read an ASN.1 hexadecimal string of PKCS#5 RSA public key<br/>
-162  * @name readPKCS5PubKeyHex
-163  * @memberOf RSAKey#
-164  * @function
-165  * @param {String} h hexadecimal string of PKCS#5 public key
-166  * @since jsrsasign 7.1.0 rsapem 1.2.0
-167  */
-168 RSAKey.prototype.readPKCS5PubKeyHex = function(h) {
-169     var _ASN1HEX = ASN1HEX;
-170     var _getV = _ASN1HEX.getV;
-171 
-172     if (_ASN1HEX.isASN1HEX(h) === false)
-173 	throw "keyHex is not ASN.1 hex string";
-174     var aIdx = _ASN1HEX.getChildIdx(h, 0);
-175     if (aIdx.length !== 2 ||
-176 	h.substr(aIdx[0], 2) !== "02" ||
-177 	h.substr(aIdx[1], 2) !== "02")
-178 	throw "wrong hex for PKCS#5 public key";
-179     var hN = _getV(h, aIdx[0]);
-180     var hE = _getV(h, aIdx[1]);
-181     this.setPublic(hN, hE);
-182 };
-183 
-184 /**
-185  * read an ASN.1 hexadecimal string of PKCS#8 RSA public key<br/>
-186  * @name readPKCS8PubKeyHex
-187  * @memberOf RSAKey#
-188  * @function
-189  * @param {String} h hexadecimal string of PKCS#8 public key
-190  * @since jsrsasign 7.1.0 rsapem 1.2.0
-191  */
-192 RSAKey.prototype.readPKCS8PubKeyHex = function(h) {
-193     var _ASN1HEX = ASN1HEX;
-194     if (_ASN1HEX.isASN1HEX(h) === false)
-195 	throw "not ASN.1 hex string";
-196 
-197     // 06092a864886f70d010101: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
-198     if (_ASN1HEX.getTLVbyList(h, 0, [0, 0]) !== "06092a864886f70d010101")
-199 	throw "not PKCS8 RSA public key";
-200 
-201     var p5hex = _ASN1HEX.getTLVbyList(h, 0, [1, 0]);
-202     this.readPKCS5PubKeyHex(p5hex);
-203 };
-204 
-205 /**
-206  * read an ASN.1 hexadecimal string of X.509 RSA public key certificate<br/>
-207  * @name readCertPubKeyHex
-208  * @memberOf RSAKey#
-209  * @function
-210  * @param {String} h hexadecimal string of X.509 RSA public key certificate
-211  * @param {Integer} nthPKI nth index of publicKeyInfo. (DEFAULT: 6 for X509v3)
-212  * @since jsrsasign 7.1.0 rsapem 1.2.0
-213  */
-214 RSAKey.prototype.readCertPubKeyHex = function(h, nthPKI) {
-215     var x, hPub;
-216     x = new X509();
-217     x.readCertHex(h);
-218     hPub = x.getPublicKeyHex();
-219     this.readPKCS8PubKeyHex(hPub);
-220 };
-221 
\ No newline at end of file +157
/** +158 * read an ASN.1 hexadecimal string of PKCS#5 RSA public key<br/> +159 * @name readPKCS5PubKeyHex +160 * @memberOf RSAKey# +161 * @function +162 * @param {String} h hexadecimal string of PKCS#5 public key +163 * @since jsrsasign 7.1.0 rsapem 1.2.0 +164 */ +165 RSAKey.prototype.readPKCS5PubKeyHex = function(h) { +166 var _ASN1HEX = ASN1HEX; +167 var _getV = _ASN1HEX.getV; +168 +169 if (_ASN1HEX.isASN1HEX(h) === false) +170 throw "keyHex is not ASN.1 hex string"; +171 var aIdx = _ASN1HEX.getChildIdx(h, 0); +172 if (aIdx.length !== 2 || +173 h.substr(aIdx[0], 2) !== "02" || +174 h.substr(aIdx[1], 2) !== "02") +175 throw "wrong hex for PKCS#5 public key"; +176 var hN = _getV(h, aIdx[0]); +177 var hE = _getV(h, aIdx[1]); +178 this.setPublic(hN, hE); +179 }; +180 +181 /** +182 * read an ASN.1 hexadecimal string of PKCS#8 RSA public key<br/> +183 * @name readPKCS8PubKeyHex +184 * @memberOf RSAKey# +185 * @function +186 * @param {String} h hexadecimal string of PKCS#8 public key +187 * @since jsrsasign 7.1.0 rsapem 1.2.0 +188 */ +189 RSAKey.prototype.readPKCS8PubKeyHex = function(h) { +190 var _ASN1HEX = ASN1HEX; +191 if (_ASN1HEX.isASN1HEX(h) === false) +192 throw "not ASN.1 hex string"; +193 +194 // 06092a864886f70d010101: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) +195 if (_ASN1HEX.getTLVbyList(h, 0, [0, 0]) !== "06092a864886f70d010101") +196 throw "not PKCS8 RSA public key"; +197 +198 var p5hex = _ASN1HEX.getTLVbyList(h, 0, [1, 0]); +199 this.readPKCS5PubKeyHex(p5hex); +200 }; +201 +202 /** +203 * read an ASN.1 hexadecimal string of X.509 RSA public key certificate<br/> +204 * @name readCertPubKeyHex +205 * @memberOf RSAKey# +206 * @function +207 * @param {String} h hexadecimal string of X.509 RSA public key certificate +208 * @param {Integer} nthPKI nth index of publicKeyInfo. (DEFAULT: 6 for X509v3) +209 * @since jsrsasign 7.1.0 rsapem 1.2.0 +210 */ +211 RSAKey.prototype.readCertPubKeyHex = function(h, nthPKI) { +212 var x, hPub; +213 x = new X509(); +214 x.readCertHex(h); +215 hPub = x.getPublicKeyHex(); +216 this.readPKCS8PubKeyHex(hPub); +217 }; +218
\ No newline at end of file diff --git a/api/symbols/src/rsasign-1.2.js.html b/api/symbols/src/rsasign-1.2.js.html index 2e271d0d..ce4fc593 100644 --- a/api/symbols/src/rsasign-1.2.js.html +++ b/api/symbols/src/rsasign-1.2.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
  1 /*! rsasign-1.2.7.js (c) 2012 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* rsasign-1.2.7.js (c) 2012 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * rsa-sign.js - adding signing functions to RSAKey class.
diff --git a/api/symbols/src/x509-1.1.js.html b/api/symbols/src/x509-1.1.js.html
index ec25e9a5..f0079762 100644
--- a/api/symbols/src/x509-1.1.js.html
+++ b/api/symbols/src/x509-1.1.js.html
@@ -5,7 +5,7 @@
 	.STRN {color: #393;}
 	.REGX {color: #339;}
 	.line {border-right: 1px dotted #666; color: #666; font-style: normal;}
-	
  1 /*! x509-1.1.14.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /* x509-1.1.15.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * x509.js - X509 class to read subject public key from certificate.
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name x509-1.1.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 7.2.0 x509 1.1.14 (2017-May-12)
+ 19  * @version jsrsasign 7.2.1 x509 1.1.15 (2017-Jun-03)
  20  * @since jsrsasign 1.x.x
  21  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -114,1761 +114,1759 @@
 107  * </ul>
 108  */
 109 function X509() {
-110     var _ASN1HEX = ASN1HEX;
-111     var _X509 = X509;
-112     var _getChildIdx = _ASN1HEX.getChildIdx;
-113     var _getV = _ASN1HEX.getV;
-114     var _getTLV = _ASN1HEX.getTLV;
-115     var _getVbyList = _ASN1HEX.getVbyList;
-116     var _getTLVbyList = _ASN1HEX.getTLVbyList;
-117     var _getIdxbyList = _ASN1HEX.getIdxbyList;
-118     var _getVidx = _ASN1HEX.getVidx;
-119     var _oidname = _ASN1HEX.oidname;
-120 
-121     this.hex = null;
-122     this.version = 0; // version (1: X509v1, 3: X509v3, others: unspecified)
-123     this.foffset = 0; // field index offset (-1: for X509v1, 0: for X509v3)
-124     this.aExtInfo = null;
-125 
-126     this.subjectPublicKeyRSA = null;	// DEPRECATED from jsrsasign 7.1.4
-127     this.subjectPublicKeyRSA_hN = null;	// DEPRECATED from jsrsasign 7.1.4
-128     this.subjectPublicKeyRSA_hE = null;	// DEPRECATED from jsrsasign 7.1.4
-129 
-130     // ===== get basic fields from hex =====================================
-131 
-132     /**
-133      * get format version (X.509v1 or v3 certificate)<br/>
-134      * @name getVersion
-135      * @memberOf X509#
-136      * @function
-137      * @return {Number} 1 for X509v1, 3 for X509v3, otherwise 0
-138      * @since jsrsasign 7.1.14 x509 1.1.13
-139      * @description
-140      * This method returns a format version of X.509 certificate.
-141      * It returns 1 for X.509v1 certificate and 3 for v3 certificate.
-142      * Otherwise returns 0.
-143      * This method will be automatically called in
-144      * {@link X509#readCertPEM}. After then, you can use
-145      * {@link X509.version} parameter.
-146      * @example
-147      * var x = new X509();
-148      * x.readCertPEM(sCertPEM);
-149      * version = x.getVersion();    // 1 or 3
-150      * sn = x.getSerialNumberHex(); // return string like "01ad..."
-151      */
-152     this.getVersion = function() {
-153 	if (this.hex === null || this.version !== 0) return this.version;
-154 
-155 	// check if the first item of tbsCertificate "[0] { INTEGER 2 }"
-156 	if (_getTLVbyList(this.hex, 0, [0, 0]) !==
-157 	    "a003020102") {
-158 	    this.version = 1;
-159 	    this.foffset = -1;
-160 	    return 1;
-161 	}
-162 
-163 	this.version = 3;
-164 	return 3;
-165     };
-166 
-167     /**
-168      * get hexadecimal string of serialNumber field of certificate.<br/>
-169      * @name getSerialNumberHex
-170      * @memberOf X509#
-171      * @function
-172      * @return {String} hexadecimal string of certificate serial number
-173      * @example
-174      * var x = new X509();
-175      * x.readCertPEM(sCertPEM);
-176      * var sn = x.getSerialNumberHex(); // return string like "01ad..."
-177      */
-178     this.getSerialNumberHex = function() {
-179 	return _getVbyList(this.hex, 0, [0, 1 + this.foffset], "02");
-180     };
-181 
-182     /**
-183      * get signature algorithm name in basic field
-184      * @name getSignatureAlgorithmField
-185      * @memberOf X509#
-186      * @function
-187      * @return {String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA)
-188      * @since x509 1.1.8
-189      * @description
-190      * This method will get a name of signature algorithm field of certificate:
-191      * @example
-192      * var x = new X509();
-193      * x.readCertPEM(sCertPEM);
-194      * algName = x.getSignatureAlgorithmField();
-195      */
-196     this.getSignatureAlgorithmField = function() {
-197 	return _oidname(_getVbyList(this.hex, 0, [0, 2 + this.foffset, 0], "06"));
-198     };
-199 
-200     /**
-201      * get hexadecimal string of issuer field TLV of certificate.<br/>
-202      * @name getIssuerHex
-203      * @memberOf X509#
-204      * @function
-205      * @return {String} hexadecial string of issuer DN ASN.1
-206      * @example
-207      * var x = new X509();
-208      * x.readCertPEM(sCertPEM);
-209      * var issuer = x.getIssuerHex(); // return string like "3013..."
-210      */
-211     this.getIssuerHex = function() {
-212 	return _getTLVbyList(this.hex, 0, [0, 3 + this.foffset], "30");
-213     };
-214 
-215     /**
-216      * get string of issuer field of certificate.<br/>
-217      * @name getIssuerString
-218      * @memberOf X509#
-219      * @function
-220      * @return {String} issuer DN string
-221      * @example
-222      * var x = new X509();
-223      * x.readCertPEM(sCertPEM);
-224      * var issuer = x.getIssuerString(); // return string like "/C=US/O=TEST"
-225      */
-226     this.getIssuerString = function() {
-227         return _X509.hex2dn(this.getIssuerHex());
-228     };
-229 
-230     /**
-231      * get hexadecimal string of subject field of certificate.<br/>
-232      * @name getSubjectHex
-233      * @memberOf X509#
-234      * @function
-235      * @return {String} hexadecial string of subject DN ASN.1
-236      * @example
-237      * var x = new X509();
-238      * x.readCertPEM(sCertPEM);
-239      * var subject = x.getSubjectHex(); // return string like "3013..."
-240      */
-241     this.getSubjectHex = function() {
-242 	return _getTLVbyList(this.hex, 0, [0, 5 + this.foffset], "30");
-243     };
-244 
-245     /**
-246      * get string of subject field of certificate.<br/>
-247      * @name getSubjectString
-248      * @memberOf X509#
-249      * @function
-250      * @return {String} subject DN string
-251      * @example
-252      * var x = new X509();
-253      * x.readCertPEM(sCertPEM);
-254      * var subject = x.getSubjectString(); // return string like "/C=US/O=TEST"
-255      */
-256     this.getSubjectString = function() {
-257         return _X509.hex2dn(this.getSubjectHex());
-258     };
-259 
-260     /**
-261      * get notBefore field string of certificate.<br/>
-262      * @name getNotBefore
-263      * @memberOf X509#
-264      * @function
-265      * @return {String} not before time value (ex. "151231235959Z")
-266      * @example
-267      * var x = new X509();
-268      * x.readCertPEM(sCertPEM);
-269      * var notBefore = x.getNotBefore(); // return string like "151231235959Z"
-270      */
-271     this.getNotBefore = function() {
-272         var s = _getVbyList(this.hex, 0, [0, 4 + this.foffset, 0]);
-273         s = s.replace(/(..)/g, "%$1");
-274         s = decodeURIComponent(s);
-275         return s;
-276     };
-277 
-278     /**
-279      * get notAfter field string of certificate.<br/>
-280      * @name getNotAfter
-281      * @memberOf X509#
-282      * @function
-283      * @return {String} not after time value (ex. "151231235959Z")
-284      * @example
-285      * var x = new X509();
-286      * x.readCertPEM(sCertPEM);
-287      * var notAfter = x.getNotAfter(); // return string like "151231235959Z"
-288      */
-289     this.getNotAfter = function() {
-290 	var s = _getVbyList(this.hex, 0, [0, 4 + this.foffset, 1]);
-291         s = s.replace(/(..)/g, "%$1");
-292         s = decodeURIComponent(s);
-293         return s;
-294     };
-295 
-296     /**
-297      * get a hexadecimal string of subjectPublicKeyInfo field.<br/>
-298      * @name getPublicKeyHex
-299      * @memberOf X509#
-300      * @function
-301      * @return {String} ASN.1 SEQUENCE hexadecimal string of subjectPublicKeyInfo field
-302      * @since jsrsasign 7.1.4 x509 1.1.13
-303      * @example
-304      * x = new X509();
-305      * x.readCertPEM(sCertPEM);
-306      * hSPKI = x.getPublicKeyHex(); // return string like "30820122..."
-307      */
-308     this.getPublicKeyHex = function() {
-309 	return _ASN1HEX.getTLVbyList(this.hex, 0, [0, 6 + this.foffset], "30");
-310     };
-311 
-312     /**
-313      * get a string index of subjectPublicKeyInfo field for hexadecimal string certificate.<br/>
-314      * @name getPublicKeyIdx
-315      * @memberOf X509#
-316      * @function
-317      * @return {Number} string index of subjectPublicKeyInfo field for hexadecimal string certificate.
-318      * @since jsrsasign 7.1.4 x509 1.1.13
-319      * @example
-320      * x = new X509();
-321      * x.readCertPEM(sCertPEM);
-322      * idx = x.getPublicKeyIdx(); // return string index in x.hex parameter
-323      */
-324     this.getPublicKeyIdx = function() {
-325 	return _getIdxbyList(this.hex, 0, [0, 6 + this.foffset], "30");
-326     };
-327 
-328     /**
-329      * get a RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field.<br/>
-330      * @name getPublicKey
-331      * @memberOf X509#
-332      * @function
-333      * @return {Object} RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field
-334      * @since jsrsasign 7.1.4 x509 1.1.13
-335      * @example
-336      * x = new X509();
-337      * x.readCertPEM(sCertPEM);
-338      * pubkey= x.getPublicKey();
-339      */
-340     this.getPublicKey = function() {
-341 	return KEYUTIL.getKey(this.getPublicKeyHex(), null, "pkcs8pub");
-342     };
-343 
-344     /**
-345      * get signature algorithm name from hexadecimal certificate data
-346      * @name getSignatureAlgorithmName
-347      * @memberOf X509#
-348      * @function
-349      * @param {String} hCert hexadecimal string of X.509 certificate binary
-350      * @return {String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA)
-351      * @since jsrsasign 7.2.0 x509 1.1.14
-352      * @description
-353      * This method will get signature algorithm name of certificate:
-354      * @example
-355      * var x = new X509();
-356      * x.readCertPEM(sCertPEM);
-357      * x.getSignatureAlgorithmName() → "SHA256withRSA"
-358      */
-359     this.getSignatureAlgorithmName = function() {
-360 	return _oidname(_getVbyList(this.hex, 0, [1, 0], "06"));
-361     };
-362 
-363     /**
-364      * get signature value in hexadecimal string<br/>
-365      * @name getSignatureValueHex
-366      * @memberOf X509#
-367      * @function
-368      * @return {String} signature value hexadecimal string without BitString unused bits
-369      * @since jsrsasign 7.2.0 x509 1.1.14
-370      * @description
-371      * This method will get signature value of certificate:
-372      * @example
-373      * var x = new X509();
-374      * x.readCertPEM(sCertPEM);
-375      * x.getSignatureValueHex() &rarr "8a4c47913..."
-376      */
-377     this.getSignatureValueHex = function() {
-378 	return _getVbyList(this.hex, 0, [2], "03", true);
-379     };
-380 
-381     /**
-382      * verifies signature value by public key<br/>
-383      * @name verifySignature
-384      * @memberOf X509#
-385      * @function
-386      * @param {Object} pubKey public key object
-387      * @return {Boolean} true if signature value is valid otherwise false
-388      * @since jsrsasign 7.2.0 x509 1.1.14
-389      * @description
-390      * This method verifies signature value of hexadecimal string of 
-391      * X.509 certificate by specified public key object.
-392      * @example
-393      * pubKey = KEYUTIL.getKey(pemPublicKey); // or certificate
-394      * x = new X509();
-395      * x.readCertPEM(pemCert);
-396      * x.verifySignature(pubKey) → true, false or raising exception
-397      */
-398     this.verifySignature = function(pubKey) {
-399 	var algName = this.getSignatureAlgorithmName();
-400 	var hSigVal = this.getSignatureValueHex();
-401 	var hTbsCert = _getTLVbyList(this.hex, 0, [0], "30");
-402 	
-403 	var sig = new KJUR.crypto.Signature({alg: algName});
-404 	sig.init(pubKey);
-405 	sig.updateHex(hTbsCert);
-406 	return sig.verify(hSigVal);
-407     };
-408 
-409     // ===== parse extension ======================================
-410     /**
-411      * set array of X.509v3 extesion information such as extension OID, criticality and value index.<br/>
-412      * @name parseExt
-413      * @memberOf X509#
-414      * @function
-415      * @since jsrsasign 7.2.0 x509 1.1.14
-416      * @description
-417      * This method will set an array of X.509v3 extension information having 
-418      * following parameters:
-419      * <ul>
-420      * <li>oid - extension OID (ex. 2.5.29.19)</li>
-421      * <li>critical - true or false</li>
-422      * <li>vidx - string index for extension value</li>
-423      * @example
-424      * x = new X509();
-425      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-426      *
-427      * x.aExtInfo →
-428      * [ { oid: "2.5.29,19", critical: true, vidx: 2504 }, ... ]
-429      */
-430     this.parseExt = function() {
-431 	if (this.version !== 3) return -1;
-432 	var iExtSeq = _getIdxbyList(this.hex, 0, [0, 7, 0], "30");
-433 	var aExtIdx = _getChildIdx(this.hex, iExtSeq);
-434 
-435 	this.aExtInfo = new Array();
-436 	for (var i = 0; i < aExtIdx.length; i++) {
-437 	    var item = {};
-438 	    item.critical = false;
-439 	    var a = _getChildIdx(this.hex, aExtIdx[i]);
-440 	    var offset = 0;
-441 
-442 	    if (a.length === 3) {
-443 		item.critical = true;
-444 		offset = 1;
-445 	    }
-446 
-447 	    item.oid = _ASN1HEX.hextooidstr(_getVbyList(this.hex, aExtIdx[i], [0], "06"));
-448 	    var octidx = _getIdxbyList(this.hex, aExtIdx[i], [1 + offset]);
-449 	    item.vidx = _getVidx(this.hex, octidx);
-450 	    this.aExtInfo.push(item);
-451 	}
-452     };
-453 
-454     /**
-455      * get a X.509v3 extesion information such as extension OID, criticality and value index for specified oid or name.<br/>
-456      * @name getExtInfo
-457      * @memberOf X509#
-458      * @function
-459      * @param {String} oidOrName X.509 extension oid or name (ex. keyUsage or 2.5.29.19)
-460      * @return X.509 extension information such as extension OID or value indx (see {@link X509#parseExt})
-461      * @since jsrsasign 7.2.0 x509 1.1.14
-462      * @description
-463      * This method will get an X.509v3 extension information JSON object
-464      * having extension OID, criticality and value idx for specified
-465      * extension OID or name.
-466      * If there is no such extension, this returns undefined.
-467      * @example
-468      * x = new X509();
-469      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-470      *
-471      * x.getExtInfo("keyUsage") → { oid: "2.5.29.15", critical: true, vidx: 1714 }
-472      * x.getExtInfo("unknownExt") → undefined
-473      */
-474     this.getExtInfo = function(oidOrName) {
-475 	var a = this.aExtInfo;
-476 	var oid = oidOrName;
-477 	if (! oidOrName.match(/^[0-9.]+$/)) {
-478 	    oid = KJUR.asn1.x509.OID.name2oid(oidOrName);
-479 	}
-480 	if (oid === '') return undefined;
-481 
-482 	for (var i = 0; i < a.length; i++) {
-483 	    if (a[i].oid === oid) return a[i];
-484 	}
-485 	return undefined;
-486     };
-487 
-488     /**
-489      * get BasicConstraints extension value as object in the certificate
-490      * @name getExtBasicConstraints
-491      * @memberOf X509#
-492      * @function
-493      * @param {String} hCert hexadecimal string of X.509 certificate binary
-494      * @return {Object} associative array which may have "cA" and "pathLen" parameters
-495      * @since jsrsasign 7.2.0 x509 1.1.14
-496      * @description
-497      * This method will get basic constraints extension value as object with following paramters.
-498      * <ul>
-499      * <li>cA - CA flag whether CA or not</li>
-500      * <li>pathLen - maximum intermediate certificate length</li>
-501      * </ul>
-502      * There are use cases for return values:
-503      * <ul>
-504      * <li>{cA:true, pathLen:3} - cA flag is true and pathLen is 3</li>
-505      * <li>{cA:true} - cA flag is true and no pathLen</li>
-506      * <li>{} - basic constraints has no value in case of end entity certificate</li>
-507      * <li>undefined - there is no basic constraints extension</li>
-508      * </ul>
-509      * @example
-510      * x = new X509();
-511      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-512      * x.getExtBasicConstraints() → { cA: true, pathLen: 3 };
-513      */
-514     this.getExtBasicConstraints = function() {
-515 	var info = this.getExtInfo("basicConstraints");
-516 	if (info === undefined) return info;
-517 
-518 	var hBC = _getV(this.hex, info.vidx);
-519 	if (hBC === '') return {};
-520 	if (hBC === '0101ff') return { cA: true };
-521 	if (hBC.substr(0, 8) === '0101ff02') {
-522 	    var pathLexHex = _getV(hBC, 6);
-523 	    var pathLen = parseInt(pathLexHex, 16);
-524 	    return { cA: true, pathLen: pathLen };
-525 	}
-526 	throw "basicConstraints parse error";
-527     };
-528 
+110     var _ASN1HEX = ASN1HEX,
+111 	_getChildIdx = _ASN1HEX.getChildIdx,
+112 	_getV = _ASN1HEX.getV,
+113 	_getTLV = _ASN1HEX.getTLV,
+114 	_getVbyList = _ASN1HEX.getVbyList,
+115 	_getTLVbyList = _ASN1HEX.getTLVbyList,
+116 	_getIdxbyList = _ASN1HEX.getIdxbyList,
+117 	_getVidx = _ASN1HEX.getVidx,
+118 	_oidname = _ASN1HEX.oidname,
+119 	_X509 = X509,
+120 	_pemtohex = pemtohex;
+121 
+122     this.hex = null;
+123     this.version = 0; // version (1: X509v1, 3: X509v3, others: unspecified)
+124     this.foffset = 0; // field index offset (-1: for X509v1, 0: for X509v3)
+125     this.aExtInfo = null;
+126 
+127     this.subjectPublicKeyRSA = null;	// DEPRECATED from jsrsasign 7.1.4
+128     this.subjectPublicKeyRSA_hN = null;	// DEPRECATED from jsrsasign 7.1.4
+129     this.subjectPublicKeyRSA_hE = null;	// DEPRECATED from jsrsasign 7.1.4
+130 
+131     // ===== get basic fields from hex =====================================
+132 
+133     /**
+134      * get format version (X.509v1 or v3 certificate)<br/>
+135      * @name getVersion
+136      * @memberOf X509#
+137      * @function
+138      * @return {Number} 1 for X509v1, 3 for X509v3, otherwise 0
+139      * @since jsrsasign 7.1.14 x509 1.1.13
+140      * @description
+141      * This method returns a format version of X.509 certificate.
+142      * It returns 1 for X.509v1 certificate and 3 for v3 certificate.
+143      * Otherwise returns 0.
+144      * This method will be automatically called in
+145      * {@link X509#readCertPEM}. After then, you can use
+146      * {@link X509.version} parameter.
+147      * @example
+148      * var x = new X509();
+149      * x.readCertPEM(sCertPEM);
+150      * version = x.getVersion();    // 1 or 3
+151      * sn = x.getSerialNumberHex(); // return string like "01ad..."
+152      */
+153     this.getVersion = function() {
+154 	if (this.hex === null || this.version !== 0) return this.version;
+155 
+156 	// check if the first item of tbsCertificate "[0] { INTEGER 2 }"
+157 	if (_getTLVbyList(this.hex, 0, [0, 0]) !==
+158 	    "a003020102") {
+159 	    this.version = 1;
+160 	    this.foffset = -1;
+161 	    return 1;
+162 	}
+163 
+164 	this.version = 3;
+165 	return 3;
+166     };
+167 
+168     /**
+169      * get hexadecimal string of serialNumber field of certificate.<br/>
+170      * @name getSerialNumberHex
+171      * @memberOf X509#
+172      * @function
+173      * @return {String} hexadecimal string of certificate serial number
+174      * @example
+175      * var x = new X509();
+176      * x.readCertPEM(sCertPEM);
+177      * var sn = x.getSerialNumberHex(); // return string like "01ad..."
+178      */
+179     this.getSerialNumberHex = function() {
+180 	return _getVbyList(this.hex, 0, [0, 1 + this.foffset], "02");
+181     };
+182 
+183     /**
+184      * get signature algorithm name in basic field
+185      * @name getSignatureAlgorithmField
+186      * @memberOf X509#
+187      * @function
+188      * @return {String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA)
+189      * @since x509 1.1.8
+190      * @description
+191      * This method will get a name of signature algorithm field of certificate:
+192      * @example
+193      * var x = new X509();
+194      * x.readCertPEM(sCertPEM);
+195      * algName = x.getSignatureAlgorithmField();
+196      */
+197     this.getSignatureAlgorithmField = function() {
+198 	return _oidname(_getVbyList(this.hex, 0, [0, 2 + this.foffset, 0], "06"));
+199     };
+200 
+201     /**
+202      * get hexadecimal string of issuer field TLV of certificate.<br/>
+203      * @name getIssuerHex
+204      * @memberOf X509#
+205      * @function
+206      * @return {String} hexadecial string of issuer DN ASN.1
+207      * @example
+208      * var x = new X509();
+209      * x.readCertPEM(sCertPEM);
+210      * var issuer = x.getIssuerHex(); // return string like "3013..."
+211      */
+212     this.getIssuerHex = function() {
+213 	return _getTLVbyList(this.hex, 0, [0, 3 + this.foffset], "30");
+214     };
+215 
+216     /**
+217      * get string of issuer field of certificate.<br/>
+218      * @name getIssuerString
+219      * @memberOf X509#
+220      * @function
+221      * @return {String} issuer DN string
+222      * @example
+223      * var x = new X509();
+224      * x.readCertPEM(sCertPEM);
+225      * var issuer = x.getIssuerString(); // return string like "/C=US/O=TEST"
+226      */
+227     this.getIssuerString = function() {
+228         return _X509.hex2dn(this.getIssuerHex());
+229     };
+230 
+231     /**
+232      * get hexadecimal string of subject field of certificate.<br/>
+233      * @name getSubjectHex
+234      * @memberOf X509#
+235      * @function
+236      * @return {String} hexadecial string of subject DN ASN.1
+237      * @example
+238      * var x = new X509();
+239      * x.readCertPEM(sCertPEM);
+240      * var subject = x.getSubjectHex(); // return string like "3013..."
+241      */
+242     this.getSubjectHex = function() {
+243 	return _getTLVbyList(this.hex, 0, [0, 5 + this.foffset], "30");
+244     };
+245 
+246     /**
+247      * get string of subject field of certificate.<br/>
+248      * @name getSubjectString
+249      * @memberOf X509#
+250      * @function
+251      * @return {String} subject DN string
+252      * @example
+253      * var x = new X509();
+254      * x.readCertPEM(sCertPEM);
+255      * var subject = x.getSubjectString(); // return string like "/C=US/O=TEST"
+256      */
+257     this.getSubjectString = function() {
+258         return _X509.hex2dn(this.getSubjectHex());
+259     };
+260 
+261     /**
+262      * get notBefore field string of certificate.<br/>
+263      * @name getNotBefore
+264      * @memberOf X509#
+265      * @function
+266      * @return {String} not before time value (ex. "151231235959Z")
+267      * @example
+268      * var x = new X509();
+269      * x.readCertPEM(sCertPEM);
+270      * var notBefore = x.getNotBefore(); // return string like "151231235959Z"
+271      */
+272     this.getNotBefore = function() {
+273         var s = _getVbyList(this.hex, 0, [0, 4 + this.foffset, 0]);
+274         s = s.replace(/(..)/g, "%$1");
+275         s = decodeURIComponent(s);
+276         return s;
+277     };
+278 
+279     /**
+280      * get notAfter field string of certificate.<br/>
+281      * @name getNotAfter
+282      * @memberOf X509#
+283      * @function
+284      * @return {String} not after time value (ex. "151231235959Z")
+285      * @example
+286      * var x = new X509();
+287      * x.readCertPEM(sCertPEM);
+288      * var notAfter = x.getNotAfter(); // return string like "151231235959Z"
+289      */
+290     this.getNotAfter = function() {
+291 	var s = _getVbyList(this.hex, 0, [0, 4 + this.foffset, 1]);
+292         s = s.replace(/(..)/g, "%$1");
+293         s = decodeURIComponent(s);
+294         return s;
+295     };
+296 
+297     /**
+298      * get a hexadecimal string of subjectPublicKeyInfo field.<br/>
+299      * @name getPublicKeyHex
+300      * @memberOf X509#
+301      * @function
+302      * @return {String} ASN.1 SEQUENCE hexadecimal string of subjectPublicKeyInfo field
+303      * @since jsrsasign 7.1.4 x509 1.1.13
+304      * @example
+305      * x = new X509();
+306      * x.readCertPEM(sCertPEM);
+307      * hSPKI = x.getPublicKeyHex(); // return string like "30820122..."
+308      */
+309     this.getPublicKeyHex = function() {
+310 	return _ASN1HEX.getTLVbyList(this.hex, 0, [0, 6 + this.foffset], "30");
+311     };
+312 
+313     /**
+314      * get a string index of subjectPublicKeyInfo field for hexadecimal string certificate.<br/>
+315      * @name getPublicKeyIdx
+316      * @memberOf X509#
+317      * @function
+318      * @return {Number} string index of subjectPublicKeyInfo field for hexadecimal string certificate.
+319      * @since jsrsasign 7.1.4 x509 1.1.13
+320      * @example
+321      * x = new X509();
+322      * x.readCertPEM(sCertPEM);
+323      * idx = x.getPublicKeyIdx(); // return string index in x.hex parameter
+324      */
+325     this.getPublicKeyIdx = function() {
+326 	return _getIdxbyList(this.hex, 0, [0, 6 + this.foffset], "30");
+327     };
+328 
+329     /**
+330      * get a RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field.<br/>
+331      * @name getPublicKey
+332      * @memberOf X509#
+333      * @function
+334      * @return {Object} RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field
+335      * @since jsrsasign 7.1.4 x509 1.1.13
+336      * @example
+337      * x = new X509();
+338      * x.readCertPEM(sCertPEM);
+339      * pubkey= x.getPublicKey();
+340      */
+341     this.getPublicKey = function() {
+342 	return KEYUTIL.getKey(this.getPublicKeyHex(), null, "pkcs8pub");
+343     };
+344 
+345     /**
+346      * get signature algorithm name from hexadecimal certificate data
+347      * @name getSignatureAlgorithmName
+348      * @memberOf X509#
+349      * @function
+350      * @param {String} hCert hexadecimal string of X.509 certificate binary
+351      * @return {String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA)
+352      * @since jsrsasign 7.2.0 x509 1.1.14
+353      * @description
+354      * This method will get signature algorithm name of certificate:
+355      * @example
+356      * var x = new X509();
+357      * x.readCertPEM(sCertPEM);
+358      * x.getSignatureAlgorithmName() → "SHA256withRSA"
+359      */
+360     this.getSignatureAlgorithmName = function() {
+361 	return _oidname(_getVbyList(this.hex, 0, [1, 0], "06"));
+362     };
+363 
+364     /**
+365      * get signature value in hexadecimal string<br/>
+366      * @name getSignatureValueHex
+367      * @memberOf X509#
+368      * @function
+369      * @return {String} signature value hexadecimal string without BitString unused bits
+370      * @since jsrsasign 7.2.0 x509 1.1.14
+371      * @description
+372      * This method will get signature value of certificate:
+373      * @example
+374      * var x = new X509();
+375      * x.readCertPEM(sCertPEM);
+376      * x.getSignatureValueHex() &rarr "8a4c47913..."
+377      */
+378     this.getSignatureValueHex = function() {
+379 	return _getVbyList(this.hex, 0, [2], "03", true);
+380     };
+381 
+382     /**
+383      * verifies signature value by public key<br/>
+384      * @name verifySignature
+385      * @memberOf X509#
+386      * @function
+387      * @param {Object} pubKey public key object
+388      * @return {Boolean} true if signature value is valid otherwise false
+389      * @since jsrsasign 7.2.0 x509 1.1.14
+390      * @description
+391      * This method verifies signature value of hexadecimal string of 
+392      * X.509 certificate by specified public key object.
+393      * @example
+394      * pubKey = KEYUTIL.getKey(pemPublicKey); // or certificate
+395      * x = new X509();
+396      * x.readCertPEM(pemCert);
+397      * x.verifySignature(pubKey) → true, false or raising exception
+398      */
+399     this.verifySignature = function(pubKey) {
+400 	var algName = this.getSignatureAlgorithmName();
+401 	var hSigVal = this.getSignatureValueHex();
+402 	var hTbsCert = _getTLVbyList(this.hex, 0, [0], "30");
+403 	
+404 	var sig = new KJUR.crypto.Signature({alg: algName});
+405 	sig.init(pubKey);
+406 	sig.updateHex(hTbsCert);
+407 	return sig.verify(hSigVal);
+408     };
+409 
+410     // ===== parse extension ======================================
+411     /**
+412      * set array of X.509v3 extesion information such as extension OID, criticality and value index.<br/>
+413      * @name parseExt
+414      * @memberOf X509#
+415      * @function
+416      * @since jsrsasign 7.2.0 x509 1.1.14
+417      * @description
+418      * This method will set an array of X.509v3 extension information having 
+419      * following parameters:
+420      * <ul>
+421      * <li>oid - extension OID (ex. 2.5.29.19)</li>
+422      * <li>critical - true or false</li>
+423      * <li>vidx - string index for extension value</li>
+424      * @example
+425      * x = new X509();
+426      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+427      *
+428      * x.aExtInfo →
+429      * [ { oid: "2.5.29,19", critical: true, vidx: 2504 }, ... ]
+430      */
+431     this.parseExt = function() {
+432 	if (this.version !== 3) return -1;
+433 	var iExtSeq = _getIdxbyList(this.hex, 0, [0, 7, 0], "30");
+434 	var aExtIdx = _getChildIdx(this.hex, iExtSeq);
+435 
+436 	this.aExtInfo = new Array();
+437 	for (var i = 0; i < aExtIdx.length; i++) {
+438 	    var item = {};
+439 	    item.critical = false;
+440 	    var a = _getChildIdx(this.hex, aExtIdx[i]);
+441 	    var offset = 0;
+442 
+443 	    if (a.length === 3) {
+444 		item.critical = true;
+445 		offset = 1;
+446 	    }
+447 
+448 	    item.oid = _ASN1HEX.hextooidstr(_getVbyList(this.hex, aExtIdx[i], [0], "06"));
+449 	    var octidx = _getIdxbyList(this.hex, aExtIdx[i], [1 + offset]);
+450 	    item.vidx = _getVidx(this.hex, octidx);
+451 	    this.aExtInfo.push(item);
+452 	}
+453     };
+454 
+455     /**
+456      * get a X.509v3 extesion information such as extension OID, criticality and value index for specified oid or name.<br/>
+457      * @name getExtInfo
+458      * @memberOf X509#
+459      * @function
+460      * @param {String} oidOrName X.509 extension oid or name (ex. keyUsage or 2.5.29.19)
+461      * @return X.509 extension information such as extension OID or value indx (see {@link X509#parseExt})
+462      * @since jsrsasign 7.2.0 x509 1.1.14
+463      * @description
+464      * This method will get an X.509v3 extension information JSON object
+465      * having extension OID, criticality and value idx for specified
+466      * extension OID or name.
+467      * If there is no such extension, this returns undefined.
+468      * @example
+469      * x = new X509();
+470      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+471      *
+472      * x.getExtInfo("keyUsage") → { oid: "2.5.29.15", critical: true, vidx: 1714 }
+473      * x.getExtInfo("unknownExt") → undefined
+474      */
+475     this.getExtInfo = function(oidOrName) {
+476 	var a = this.aExtInfo;
+477 	var oid = oidOrName;
+478 	if (! oidOrName.match(/^[0-9.]+$/)) {
+479 	    oid = KJUR.asn1.x509.OID.name2oid(oidOrName);
+480 	}
+481 	if (oid === '') return undefined;
+482 
+483 	for (var i = 0; i < a.length; i++) {
+484 	    if (a[i].oid === oid) return a[i];
+485 	}
+486 	return undefined;
+487     };
+488 
+489     /**
+490      * get BasicConstraints extension value as object in the certificate
+491      * @name getExtBasicConstraints
+492      * @memberOf X509#
+493      * @function
+494      * @param {String} hCert hexadecimal string of X.509 certificate binary
+495      * @return {Object} associative array which may have "cA" and "pathLen" parameters
+496      * @since jsrsasign 7.2.0 x509 1.1.14
+497      * @description
+498      * This method will get basic constraints extension value as object with following paramters.
+499      * <ul>
+500      * <li>cA - CA flag whether CA or not</li>
+501      * <li>pathLen - maximum intermediate certificate length</li>
+502      * </ul>
+503      * There are use cases for return values:
+504      * <ul>
+505      * <li>{cA:true, pathLen:3} - cA flag is true and pathLen is 3</li>
+506      * <li>{cA:true} - cA flag is true and no pathLen</li>
+507      * <li>{} - basic constraints has no value in case of end entity certificate</li>
+508      * <li>undefined - there is no basic constraints extension</li>
+509      * </ul>
+510      * @example
+511      * x = new X509();
+512      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+513      * x.getExtBasicConstraints() → { cA: true, pathLen: 3 };
+514      */
+515     this.getExtBasicConstraints = function() {
+516 	var info = this.getExtInfo("basicConstraints");
+517 	if (info === undefined) return info;
+518 
+519 	var hBC = _getV(this.hex, info.vidx);
+520 	if (hBC === '') return {};
+521 	if (hBC === '0101ff') return { cA: true };
+522 	if (hBC.substr(0, 8) === '0101ff02') {
+523 	    var pathLexHex = _getV(hBC, 6);
+524 	    var pathLen = parseInt(pathLexHex, 16);
+525 	    return { cA: true, pathLen: pathLen };
+526 	}
+527 	throw "basicConstraints parse error";
+528     };
 529 
-530     /**
-531      * get KeyUsage extension value as binary string in the certificate<br/>
-532      * @name getExtKeyUsageBin
-533      * @memberOf X509#
-534      * @function
-535      * @return {String} binary string of key usage bits (ex. '101')
-536      * @since jsrsasign 7.2.0 x509 1.1.14
-537      * @description
-538      * This method will get key usage extension value
-539      * as binary string such like '101'.
-540      * Key usage bits definition is in the RFC 5280.
-541      * If there is no key usage extension in the certificate,
-542      * it returns empty string (i.e. '').
-543      * @example
-544      * x = new X509();
-545      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-546      * x.getExtKeyUsageBin() → '101'
-547      * // 1 - digitalSignature
-548      * // 0 - nonRepudiation
-549      * // 1 - keyEncipherment
-550      */
-551     this.getExtKeyUsageBin = function() {
-552 	var info = this.getExtInfo("keyUsage");
-553 	if (info === undefined) return '';
-554 	
-555 	var hKeyUsage = _getV(this.hex, info.vidx);
-556 	if (hKeyUsage.length % 2 != 0 || hKeyUsage.length <= 2)
-557 	    throw "malformed key usage value";
-558 	var unusedBits = parseInt(hKeyUsage.substr(0, 2));
-559 	var bKeyUsage = parseInt(hKeyUsage.substr(2), 16).toString(2);
-560 	return bKeyUsage.substr(0, bKeyUsage.length - unusedBits);
-561     };
-562 
-563     /**
-564      * get KeyUsage extension value as names in the certificate<br/>
-565      * @name getExtKeyUsageString
-566      * @memberOf X509#
-567      * @function
-568      * @return {String} comma separated string of key usage
-569      * @since jsrsasign 7.2.0 x509 1.1.14
-570      * @description
-571      * This method will get key usage extension value
-572      * as comma separated string of usage names.
-573      * If there is no key usage extension in the certificate,
-574      * it returns empty string (i.e. '').
-575      * @example
-576      * x = new X509();
-577      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-578      * x.getExtKeyUsageString() → "digitalSignature,keyEncipherment"
-579      */
-580     this.getExtKeyUsageString = function() {
-581 	var bKeyUsage = this.getExtKeyUsageBin();
-582 	var a = new Array();
-583 	for (var i = 0; i < bKeyUsage.length; i++) {
-584 	    if (bKeyUsage.substr(i, 1) == "1") a.push(X509.KEYUSAGE_NAME[i]);
-585 	}
-586 	return a.join(",");
-587     };
-588 
-589     /**
-590      * get subjectKeyIdentifier value as hexadecimal string in the certificate<br/>
-591      * @name getExtSubjectKeyIdentifier
-592      * @memberOf X509#
-593      * @function
-594      * @return {String} hexadecimal string of subject key identifier or null
-595      * @since jsrsasign 7.2.0 x509 1.1.14
-596      * @description
-597      * This method will get subject key identifier extension value
-598      * as hexadecimal string.
-599      * If there is this in the certificate, it returns undefined;
-600      * @example
-601      * x = new X509();
-602      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-603      * x.getExtSubjectKeyIdentifier() → "1b3347ab...";
-604      */
-605     this.getExtSubjectKeyIdentifier = function() {
-606 	var info = this.getExtInfo("subjectKeyIdentifier");
-607 	if (info === undefined) return info;
-608 
-609 	return _getV(this.hex, info.vidx);
-610     };
-611 
-612     /**
-613      * get authorityKeyIdentifier value as JSON object in the certificate<br/>
-614      * @name getExtAuthorityKeyIdentifier
-615      * @memberOf X509#
-616      * @function
-617      * @return {Object} JSON object of authority key identifier or null
-618      * @since jsrsasign 7.2.0 x509 1.1.14
-619      * @description
-620      * This method will get authority key identifier extension value
-621      * as JSON object.
-622      * If there is this in the certificate, it returns undefined;
-623      * <br>
-624      * NOTE: Currently this method only supports keyIdentifier so that
-625      * authorityCertIssuer and authorityCertSerialNumber will not
-626      * be return in the JSON object.
-627      * @example
-628      * x = new X509();
-629      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-630      * x.getExtAuthorityKeyIdentifier() → { kid: "1234abcd..." }
-631      */
-632     this.getExtAuthorityKeyIdentifier = function() {
-633 	var info = this.getExtInfo("authorityKeyIdentifier");
-634 	if (info === undefined) return info;
-635 
-636 	var result = {};
-637 	var hAKID = _getTLV(this.hex, info.vidx);
-638 	var a = _getChildIdx(hAKID, 0);
-639 	for (var i = 0; i < a.length; i++) {
-640 	    if (hAKID.substr(a[i], 2) === "80")
-641 		result.kid = _getV(hAKID, a[i]);
-642 	}
-643 	return result;
-644     };
-645 
-646     /**
-647      * get extKeyUsage value as array of name string in the certificate<br/>
-648      * @name getExtExtKeyUsageName
-649      * @memberOf X509#
-650      * @function
-651      * @return {Object} array of extended key usage ID name or oid
-652      * @since jsrsasign 7.2.0 x509 1.1.14
-653      * @description
-654      * This method will get extended key usage extension value
-655      * as array of name or OID string.
-656      * If there is this in the certificate, it returns undefined;
-657      * <br>
-658      * NOTE: Supported extended key usage ID names are defined in
-659      * name2oidList parameter in asn1x509.js file.
-660      * @example
-661      * x = new X509();
-662      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-663      * x.getExtExtKeyUsageName() → ["serverAuth", "clientAuth", "0.1.2.3.4.5"]
-664      */
-665     this.getExtExtKeyUsageName = function() {
-666 	var info = this.getExtInfo("extKeyUsage");
-667 	if (info === undefined) return info;
-668 
-669 	var result = new Array();
-670 	
-671 	var h = _getTLV(this.hex, info.vidx);
-672 	if (h === '') return result;
-673 
-674 	var a = _getChildIdx(h, 0);
-675 	for (var i = 0; i < a.length; i++) {
-676 	    result.push(_oidname(_getV(h, a[i])));
-677 	}
-678 
-679 	return result;
-680     };
-681 
-682     /**
-683      * get subjectAltName value as array of string in the certificate
-684      * @name getExtSubjectAltName
-685      * @memberOf X509#
-686      * @function
-687      * @return {Object} array of alt names
-688      * @since jsrsasign 7.2.0 x509 1.1.14
-689      * @description
-690      * This method will get subject alt name extension value
-691      * as array of name.
-692      * If there is this in the certificate, it returns undefined;
-693      * <br>
-694      * NOTE: Currently this method supports only dNSName so that
-695      * other name type such like iPAddress or generalName will not be returned.
-696      * @example
-697      * x = new X509();
-698      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-699      * x.getExtSubjectAltName(hCert) → ["example.com", "example.org"]
-700      */
-701     this.getExtSubjectAltName = function() {
-702 	var info = this.getExtInfo("subjectAltName");
-703 	if (info === undefined) return info;
-704 
-705 	var result = new Array();
-706 	var h = _getTLV(this.hex, info.vidx);
-707 
-708 	var a = _getChildIdx(h, 0);
-709 	for (var i = 0; i < a.length; i++) {
-710 	    if (h.substr(a[i], 2) === "82") {
-711 		var fqdn = hextoutf8(_getV(h, a[i]));
-712 		result.push(fqdn);
-713 	    }
-714 	}
-715 	return result;
-716     };
-717 
-718     /**
-719      * get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate
-720      * @name getExtCRLDistributionPointsURI
-721      * @memberOf X509#
-722      * @function
-723      * @return {Object} array of fullName URIs of CDP of the certificate
-724      * @since jsrsasign 7.2.0 x509 1.1.14
-725      * @description
-726      * This method will get all fullName URIs of cRLDistributionPoints extension
-727      * in the certificate as array of URI string.
-728      * If there is this in the certificate, it returns undefined;
-729      * <br>
-730      * NOTE: Currently this method supports only fullName URI so that
-731      * other parameters will not be returned.
-732      * @example
-733      * x = new X509();
-734      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-735      * x.getExtCRLDistributionPointsURI() →
-736      * ["http://example.com/aaa.crl", "http://example.org/aaa.crl"]
-737      */
-738     this.getExtCRLDistributionPointsURI = function() {
-739 	var info = this.getExtInfo("cRLDistributionPoints");
-740 	if (info === undefined) return info;
-741 
-742 	var result = new Array();
-743 	var a = _getChildIdx(this.hex, info.vidx);
-744 	for (var i = 0; i < a.length; i++) {
-745 	    var hURI = _getVbyList(this.hex, a[i], [0, 0, 0], "86");
-746 	    var uri = hextoutf8(hURI);
-747 	    result.push(uri);
-748 	}
-749 
-750 	return result;
-751     };
-752 
-753     /**
-754      * get AuthorityInfoAccess extension value in the certificate as associative array
-755      * @name getExtAIAInfo
-756      * @memberOf X509#
-757      * @function
-758      * @return {Object} associative array of AIA extension properties
-759      * @since jsrsasign 7.2.0 x509 1.1.14
-760      * @description
-761      * This method will get authority info access value
-762      * as associate array which has following properties:
-763      * <ul>
-764      * <li>ocsp - array of string for OCSP responder URL</li>
-765      * <li>caissuer - array of string for caIssuer value (i.e. CA certificates URL)</li>
-766      * </ul>
-767      * If there is this in the certificate, it returns undefined;
-768      * @example
-769      * x = new X509();
-770      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-771      * x.getExtAIAInfo(hCert) → 
-772      * { ocsp:     ["http://ocsp.foo.com"],
-773      *   caissuer: ["http://rep.foo.com/aaa.p8m"] }
-774      */
-775     this.getExtAIAInfo = function() {
-776 	var info = this.getExtInfo("authorityInfoAccess");
-777 	if (info === undefined) return info;
-778 
-779 	var result = { ocsp: [], caissuer: [] };
-780 	var a = _getChildIdx(this.hex, info.vidx);
-781 	for (var i = 0; i < a.length; i++) {
-782 	    var hOID = _getVbyList(this.hex, a[i], [0], "06");
-783 	    var hName = _getVbyList(this.hex, a[i], [1], "86");
-784 	    if (hOID === "2b06010505073001") {
-785 		result.ocsp.push(hextoutf8(hName));
-786 	    }
-787 	    if (hOID === "2b06010505073002") {
-788 		result.caissuer.push(hextoutf8(hName));
-789 	    }
-790 	}
-791 
-792 	return result;
-793     };
-794 
-795     /**
-796      * get CertificatePolicies extension value in the certificate as array
-797      * @name getExtCertificatePolicies
-798      * @memberOf X509#
-799      * @function
-800      * @return {Object} array of PolicyInformation JSON object
-801      * @since jsrsasign 7.2.0 x509 1.1.14
-802      * @description
-803      * This method will get certificate policies value
-804      * as an array of JSON object which has following properties:
-805      * <ul>
-806      * <li>id - </li>
-807      * <li>cps - URI of certification practice statement</li>
-808      * <li>unotice - string of UserNotice explicitText</li>
-809      * </ul>
-810      * If there is this extension in the certificate,
-811      * it returns undefined;
-812      * @example
-813      * x = new X509();
-814      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-815      * x.getExtCertificatePolicies → 
-816      * [{ id: 1.2.3.4,
-817      *    cps: "http://example.com/cps",
-818      *    unotice: "explicit text" }]
-819      */
-820     this.getExtCertificatePolicies = function() {
-821 	var info = this.getExtInfo("certificatePolicies");
-822 	if (info === undefined) return info;
-823 	
-824 	var hExt = _getTLV(this.hex, info.vidx);
-825 	var result = [];
-826 
-827 	var a = _getChildIdx(hExt, 0);
-828 	for (var i = 0; i < a.length; i++) {
-829 	    var policyInfo = {};
-830 	    var a1 = _getChildIdx(hExt, a[i]);
-831 
-832 	    policyInfo.id = _oidname(_getV(hExt, a1[0]));
-833 
-834 	    if (a1.length === 2) {
-835 		var a2 = _getChildIdx(hExt, a1[1]);
-836 
-837 		for (var j = 0; j < a2.length; j++) {
-838 		    var hQualifierId = _getVbyList(hExt, a2[j], [0], "06");
-839 
-840 		    if (hQualifierId === "2b06010505070201") { // cps
-841 			policyInfo.cps = hextoutf8(_getVbyList(hExt, a2[j], [1]));
-842 		    } else if (hQualifierId === "2b06010505070202") { // unotice
-843 			policyInfo.unotice =
-844 			    hextoutf8(_getVbyList(hExt, a2[j], [1, 0]));
-845 		    }
-846 		}
-847 	    }
-848 
-849 	    result.push(policyInfo);
-850 	}
-851 
-852 	return result;
-853     }
-854 
-855     // ===== read certificate =====================================
-856     /**
-857      * read PEM formatted X.509 certificate from string.<br/>
-858      * @name readCertPEM
-859      * @memberOf X509#
-860      * @function
-861      * @param {String} sCertPEM string for PEM formatted X.509 certificate
-862      * @example
-863      * x = new X509();
-864      * x.readCertPEM(sCertPEM); // read certificate
-865      */
-866     this.readCertPEM = function(sCertPEM) {
-867         this.readCertHex(_ASN1HEX.pemToHex(sCertPEM));
-868     };
-869 
-870     /**
-871      * read a hexadecimal string of X.509 certificate<br/>
-872      * @name readCertHex
-873      * @memberOf X509#
-874      * @function
-875      * @param {String} sCertHex hexadecimal string of X.509 certificate
-876      * @since jsrsasign 7.1.4 x509 1.1.13
-877      * @description
-878      * NOTE: {@link X509#parseExt} will called internally since jsrsasign 7.2.0.
-879      * @example
-880      * x = new X509();
-881      * x.readCertHex("3082..."); // read certificate
-882      */
-883     this.readCertHex = function(sCertHex) {
-884         this.hex = sCertHex;
-885 	this.getVersion(); // set version parameter
-886 	this.parseExt();
-887 
-888 	try {
-889 	    pubkey = this.getPublicKey();
-890 	    // deprecated field settings. will remove this block after 8.0.0
-891 	    if (pubkey instanceof RSAKey) { 
-892 		this.subjectPublicKeyRSA = pubkey;
-893 		this.subjectPublicKeyRSA_hN = hextoposhex(pubkey.n.toString(16));
-894 		this.subjectPublicKeyRSA_hE = hextoposhex(pubkey.e.toString(16));
-895 	    }
-896 	} catch (ex) {};
-897     };
-898 
-899     // DEPRECATED. will remove after 8.0.0
-900     this.readCertPEMWithoutRSAInit = function(sCertPEM) {
-901         var hCert = _ASN1HEX.pemToHex(sCertPEM);
-902         var a = _X509.getPublicKeyHexArrayFromCertHex(hCert);
-903         if (typeof this.subjectPublicKeyRSA.setPublic === "function") {
-904             this.subjectPublicKeyRSA.setPublic(a[0], a[1]);
-905         }
-906         this.subjectPublicKeyRSA_hN = a[0];
-907         this.subjectPublicKeyRSA_hE = a[1];
-908         this.hex = hCert;
-909     };
-910 
-911     /**
-912      * get certificate information as string.<br/>
-913      * @name getInfo
-914      * @memberOf X509#
-915      * @function
-916      * @return {String} certificate information string
-917      * @since jsrsasign 5.0.10 x509 1.1.8
-918      * @example
-919      * x = new X509();
-920      * x.readCertPEM(certPEM);
-921      * console.log(x.getInfo());
-922      * // this shows as following
-923      * Basic Fields
-924      *   serial number: 02ac5c266a0b409b8f0b79f2ae462577
-925      *   signature algorithm: SHA1withRSA
-926      *   issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-927      *   notBefore: 061110000000Z
-928      *   notAfter: 311110000000Z
-929      *   subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-930      *   subject public key info:
-931      *     key algorithm: RSA
-932      *     n=c6cce573e6fbd4bb...
-933      *     e=10001
-934      * X509v3 Extensions:
-935      *   keyUsage CRITICAL:
-936      *     digitalSignature,keyCertSign,cRLSign
-937      *   basicConstraints CRITICAL:
-938      *     cA=true
-939      *   subjectKeyIdentifier :
-940      *     b13ec36903f8bf4701d498261a0802ef63642bc3
-941      *   authorityKeyIdentifier :
-942      *     kid=b13ec36903f8bf4701d498261a0802ef63642bc3
-943      * signature algorithm: SHA1withRSA
-944      * signature: 1c1a0697dcd79c9f...
-945      */
-946     this.getInfo = function() {
-947 	var _X509 = X509;
-948 	var s, pubkey, aExt;
-949 	s  = "Basic Fields\n";
-950         s += "  serial number: " + this.getSerialNumberHex() + "\n";
-951 	s += "  signature algorithm: " + this.getSignatureAlgorithmField() + "\n";
-952 	s += "  issuer: " + this.getIssuerString() + "\n";
-953 	s += "  notBefore: " + this.getNotBefore() + "\n";
-954 	s += "  notAfter: " + this.getNotAfter() + "\n";
-955 	s += "  subject: " + this.getSubjectString() + "\n";
-956 	s += "  subject public key info: " + "\n";
-957 
-958 	// subject public key info
-959 	pubkey = this.getPublicKey();
-960 	s += "    key algorithm: " + pubkey.type + "\n";
-961 
-962 	if (pubkey.type === "RSA") {
-963 	    s += "    n=" + hextoposhex(pubkey.n.toString(16)).substr(0, 16) + "...\n";
-964 	    s += "    e=" + hextoposhex(pubkey.e.toString(16)) + "\n";
-965 	}
-966 
-967         s += "X509v3 Extensions:\n";
-968 
-969         aExt = this.aExtInfo;
-970         for (var i = 0; i < aExt.length; i++) {
-971 	    var info = aExt[i];
-972 
-973 	    // show extension name and critical flag
-974 	    var extName = KJUR.asn1.x509.OID.oid2name(info["oid"]);
-975 	    if (extName === '') extName = info["oid"];
-976 
-977 	    var critical = '';
-978 	    if (info["critical"] === true) critical = "CRITICAL";
-979 
-980 	    s += "  " + extName + " " + critical + ":\n";
-981 
-982 	    // show extension value if supported
-983 	    if (extName === "basicConstraints") {
-984 		var bc = this.getExtBasicConstraints();
-985 		if (bc.cA === undefined) {
-986 		    s += "    {}\n";
-987 		} else {
-988 		    s += "    cA=true";
-989 		    if (bc.pathLen !== undefined)
-990 			s += ", pathLen=" + bc.pathLen;
-991 		    s += "\n";
-992 		}
-993 	    } else if (extName === "keyUsage") {
-994 		s += "    " + this.getExtKeyUsageString() + "\n";
-995 	    } else if (extName === "subjectKeyIdentifier") {
-996 		s += "    " + this.getExtSubjectKeyIdentifier() + "\n";
-997 	    } else if (extName === "authorityKeyIdentifier") {
-998 		var akid = _X509.getExtAuthorityKeyIdentifier(this.hex);
-999 		if (akid.kid !== undefined)
-1000 		    s += "    kid=" + akid.kid + "\n";
-1001 	    } else if (extName === "extKeyUsage") {
-1002 		var eku = this.getExtExtKeyUsageName();
-1003 		s += "    " + eku.join(", ") + "\n";
-1004 	    } else if (extName === "subjectAltName") {
-1005 		var san = this.getExtSubjectAltName();
-1006 		s += "    " + san.join(", ") + "\n";
-1007 	    } else if (extName === "cRLDistributionPoints") {
-1008 		var cdp = this.getExtCRLDistributionPointsURI();
-1009 		s += "    " + cdp + "\n";
-1010 	    } else if (extName === "authorityInfoAccess") {
-1011 		var aia = this.getExtAIAInfo();
-1012 		if (aia.ocsp !== undefined)
-1013 		    s += "    ocsp: " + aia.ocsp.join(",") + "\n";
-1014 		if (aia.caissuer !== undefined)
-1015 		    s += "    caissuer: " + aia.caissuer.join(",") + "\n";
-1016 	    }
-1017         }
-1018 
-1019 	s += "signature algorithm: " + this.getSignatureAlgorithmName() + "\n";
-1020 	s += "signature: " + this.getSignatureValueHex().substr(0, 16) + "...\n";
-1021 	return s;
-1022     };
-1023 };
-1024 
-1025 /**
-1026  * get Base64 string from PEM certificate string
-1027  * @name pemToBase64
-1028  * @memberOf X509
-1029  * @function
-1030  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
-1031  * @return {String} Base64 string of PEM certificate
-1032  * @example
-1033  * b64 = X509.pemToBase64(certPEM);
-1034  */
-1035 X509.pemToBase64 = function(sCertPEM) {
-1036     var s = sCertPEM;
-1037     s = s.replace("-----BEGIN CERTIFICATE-----", "");
-1038     s = s.replace("-----END CERTIFICATE-----", "");
-1039     s = s.replace(/[ \n]+/g, "");
-1040     return s;
-1041 };
-1042 
-1043 /**
-1044  * (DEPRECATED) get a hexa decimal string from PEM certificate string
-1045  * @name pemToHex
-1046  * @memberOf X509
-1047  * @function
-1048  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
-1049  * @return {String} hexadecimal string of PEM certificate
-1050  * @deprecated from x509 1.1.11 jsrsasign 7.0.1. please move to {@link ASN1HEX.pemToHex}
-1051  * @description
-1052  * CAUTION: now X509.pemToHex deprecated and is planed to remove in jsrsasign 8.0.0.
-1053  * @example
-1054  * hex = X509.pemToHex(certPEM);
-1055  */
-1056 X509.pemToHex = function(sCertPEM) {
-1057     return ASN1HEX.pemToHex(sCertPEM);
-1058 };
-1059 
-1060 /**
-1061  * (DEPRECATED) get a string index of contents of subjectPublicKeyInfo BITSTRING value from hexadecimal certificate<br/>
-1062  * @name getSubjectPublicKeyPosFromCertHex
-1063  * @memberOf X509
-1064  * @function
-1065  * @param {String} hCert hexadecimal string of DER RSA/ECDSA/DSA X.509 certificate
-1066  * @return {Integer} string index of key contents
-1067  * @deprecated from x509 1.1.13 jsrsasign 7.1.14. This static method will be removed in 8.0.0 release.
-1068  * @example
-1069  * idx = X509.getSubjectPublicKeyPosFromCertHex("3082...");
-1070  */
-1071 // NOTE: Without BITSTRING encapsulation.
-1072 X509.getSubjectPublicKeyPosFromCertHex = function(hCert) {
-1073     var pInfo = X509.getSubjectPublicKeyInfoPosFromCertHex(hCert);
-1074     if (pInfo == -1) return -1;
-1075     var a = ASN1HEX.getChildIdx(hCert, pInfo);
-1076     if (a.length != 2) return -1;
-1077     var pBitString = a[1];
-1078     if (hCert.substr(pBitString, 2) != '03') return -1;
-1079     var pBitStringV = ASN1HEX.getVidx(hCert, pBitString);
-1080 
-1081     if (hCert.substr(pBitStringV, 2) != '00') return -1;
-1082     return pBitStringV + 2;
-1083 };
-1084 
-1085 /**
-1086  * (DEPRECATED) get a string index of subjectPublicKeyInfo field from hexadecimal certificate<br/>
-1087  * @name getSubjectPublicKeyInfoPosFromCertHex
-1088  * @memberOf X509
-1089  * @function
-1090  * @param {String} hCert hexadecimal string of DER RSA/ECDSA/DSA X.509 certificate
-1091  * @return {Integer} string index of subjectPublicKeyInfo field
-1092  * @deprecated since jsrsasign 7.1.14 x509 1.1.13. This will be removed in 8.0.0 release.
-1093  * @description
-1094  * This static method gets a string index of subjectPublicKeyInfo field from hexadecimal certificate.<br/>
-1095  * NOTE1: privateKeyUsagePeriod field of X509v2 not supported.<br/>
-1096  * NOTE2: X.509v1 and X.509v3 certificate are supported.<br/>
-1097  * @example
-1098  * idx = X509.getSubjectPublicKeyInfoPosFromCertHex("3082...");
-1099  */
-1100 X509.getSubjectPublicKeyInfoPosFromCertHex = function(hCert) {
-1101     var x = new X509();
-1102     x.readCertHex(hCert);
-1103     return x.getPublicKeyIdx();
-1104 };
-1105 
-1106 /**
-1107  * (DEPRECATED) get an array of N and E for RSA subject public key in HEX certificate<br/>
-1108  * @name getPublicKeyHexArrayFromCertHex
-1109  * @memberOf X509
-1110  * @function
-1111  * @param {String} hCert hexadecimal string of RSA X.509 certificate
-1112  * @return {Array} array of N and E parameter of RSA subject public key
-1113  * @deprecated since jsrsasign 7.1.14 x509 1.1.13. This will be removed in 8.0.0 release.
-1114  */
-1115 X509.getPublicKeyHexArrayFromCertHex = function(hCert) {
-1116     var _ASN1HEX = ASN1HEX;
-1117     var p, a, hN, hE;
-1118     p = X509.getSubjectPublicKeyPosFromCertHex(hCert);
-1119     a = _ASN1HEX.getChildIdx(hCert, p);
-1120     if (a.length != 2) return [];
-1121     hN = _ASN1HEX.getV(hCert, a[0]);
-1122     hE = _ASN1HEX.getV(hCert, a[1]);
-1123     if (hN != null && hE != null) {
-1124         return [hN, hE];
-1125     } else {
-1126         return [];
-1127     }
-1128 };
-1129 
-1130 X509.getHexTbsCertificateFromCert = function(hCert) {
-1131     var pTbsCert = ASN1HEX.getVidx(hCert, 0);
-1132     return pTbsCert;
-1133 };
-1134 
-1135 /**
-1136  * (DEPRECATED) get an array of N and E for RSA subject public key in PEM certificate<br/>
-1137  * @name getPublicKeyHexArrayFromCertPEM
-1138  * @memberOf X509
-1139  * @function
-1140  * @param {String} sCertPEM PEM string of RSA X.509 certificate
-1141  * @return {Array} array of N and E parameter of RSA subject public key
-1142  * @deprecated since jsrsasign 7.1.14 x509 1.1.13. This will be removed in 8.0.0 release.
-1143  */
-1144 X509.getPublicKeyHexArrayFromCertPEM = function(sCertPEM) {
-1145     var hCert = ASN1HEX.pemToHex(sCertPEM);
-1146     var a = X509.getPublicKeyHexArrayFromCertHex(hCert);
-1147     return a;
-1148 };
-1149 
-1150 /**
-1151  * get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name<br/>
-1152  * @name hex2dn
-1153  * @memberOf X509
-1154  * @function
-1155  * @param {String} hex hexadecimal string of ASN.1 DER distinguished name
-1156  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-1157  * @return {String} OpenSSL online format distinguished name
-1158  * @description
-1159  * This static method converts from a hexadecimal string of 
-1160  * distinguished name (DN)
-1161  * specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
-1162  * @example
-1163  * X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1
-1164  */
-1165 X509.hex2dn = function(hex, idx) {
-1166     if (idx === undefined) idx = 0;
-1167     if (hex.substr(idx, 2) !== "30") throw "malformed DN";
+530 
+531     /**
+532      * get KeyUsage extension value as binary string in the certificate<br/>
+533      * @name getExtKeyUsageBin
+534      * @memberOf X509#
+535      * @function
+536      * @return {String} binary string of key usage bits (ex. '101')
+537      * @since jsrsasign 7.2.0 x509 1.1.14
+538      * @description
+539      * This method will get key usage extension value
+540      * as binary string such like '101'.
+541      * Key usage bits definition is in the RFC 5280.
+542      * If there is no key usage extension in the certificate,
+543      * it returns empty string (i.e. '').
+544      * @example
+545      * x = new X509();
+546      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+547      * x.getExtKeyUsageBin() → '101'
+548      * // 1 - digitalSignature
+549      * // 0 - nonRepudiation
+550      * // 1 - keyEncipherment
+551      */
+552     this.getExtKeyUsageBin = function() {
+553 	var info = this.getExtInfo("keyUsage");
+554 	if (info === undefined) return '';
+555 	
+556 	var hKeyUsage = _getV(this.hex, info.vidx);
+557 	if (hKeyUsage.length % 2 != 0 || hKeyUsage.length <= 2)
+558 	    throw "malformed key usage value";
+559 	var unusedBits = parseInt(hKeyUsage.substr(0, 2));
+560 	var bKeyUsage = parseInt(hKeyUsage.substr(2), 16).toString(2);
+561 	return bKeyUsage.substr(0, bKeyUsage.length - unusedBits);
+562     };
+563 
+564     /**
+565      * get KeyUsage extension value as names in the certificate<br/>
+566      * @name getExtKeyUsageString
+567      * @memberOf X509#
+568      * @function
+569      * @return {String} comma separated string of key usage
+570      * @since jsrsasign 7.2.0 x509 1.1.14
+571      * @description
+572      * This method will get key usage extension value
+573      * as comma separated string of usage names.
+574      * If there is no key usage extension in the certificate,
+575      * it returns empty string (i.e. '').
+576      * @example
+577      * x = new X509();
+578      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+579      * x.getExtKeyUsageString() → "digitalSignature,keyEncipherment"
+580      */
+581     this.getExtKeyUsageString = function() {
+582 	var bKeyUsage = this.getExtKeyUsageBin();
+583 	var a = new Array();
+584 	for (var i = 0; i < bKeyUsage.length; i++) {
+585 	    if (bKeyUsage.substr(i, 1) == "1") a.push(X509.KEYUSAGE_NAME[i]);
+586 	}
+587 	return a.join(",");
+588     };
+589 
+590     /**
+591      * get subjectKeyIdentifier value as hexadecimal string in the certificate<br/>
+592      * @name getExtSubjectKeyIdentifier
+593      * @memberOf X509#
+594      * @function
+595      * @return {String} hexadecimal string of subject key identifier or null
+596      * @since jsrsasign 7.2.0 x509 1.1.14
+597      * @description
+598      * This method will get subject key identifier extension value
+599      * as hexadecimal string.
+600      * If there is this in the certificate, it returns undefined;
+601      * @example
+602      * x = new X509();
+603      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+604      * x.getExtSubjectKeyIdentifier() → "1b3347ab...";
+605      */
+606     this.getExtSubjectKeyIdentifier = function() {
+607 	var info = this.getExtInfo("subjectKeyIdentifier");
+608 	if (info === undefined) return info;
+609 
+610 	return _getV(this.hex, info.vidx);
+611     };
+612 
+613     /**
+614      * get authorityKeyIdentifier value as JSON object in the certificate<br/>
+615      * @name getExtAuthorityKeyIdentifier
+616      * @memberOf X509#
+617      * @function
+618      * @return {Object} JSON object of authority key identifier or null
+619      * @since jsrsasign 7.2.0 x509 1.1.14
+620      * @description
+621      * This method will get authority key identifier extension value
+622      * as JSON object.
+623      * If there is this in the certificate, it returns undefined;
+624      * <br>
+625      * NOTE: Currently this method only supports keyIdentifier so that
+626      * authorityCertIssuer and authorityCertSerialNumber will not
+627      * be return in the JSON object.
+628      * @example
+629      * x = new X509();
+630      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+631      * x.getExtAuthorityKeyIdentifier() → { kid: "1234abcd..." }
+632      */
+633     this.getExtAuthorityKeyIdentifier = function() {
+634 	var info = this.getExtInfo("authorityKeyIdentifier");
+635 	if (info === undefined) return info;
+636 
+637 	var result = {};
+638 	var hAKID = _getTLV(this.hex, info.vidx);
+639 	var a = _getChildIdx(hAKID, 0);
+640 	for (var i = 0; i < a.length; i++) {
+641 	    if (hAKID.substr(a[i], 2) === "80")
+642 		result.kid = _getV(hAKID, a[i]);
+643 	}
+644 	return result;
+645     };
+646 
+647     /**
+648      * get extKeyUsage value as array of name string in the certificate<br/>
+649      * @name getExtExtKeyUsageName
+650      * @memberOf X509#
+651      * @function
+652      * @return {Object} array of extended key usage ID name or oid
+653      * @since jsrsasign 7.2.0 x509 1.1.14
+654      * @description
+655      * This method will get extended key usage extension value
+656      * as array of name or OID string.
+657      * If there is this in the certificate, it returns undefined;
+658      * <br>
+659      * NOTE: Supported extended key usage ID names are defined in
+660      * name2oidList parameter in asn1x509.js file.
+661      * @example
+662      * x = new X509();
+663      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+664      * x.getExtExtKeyUsageName() → ["serverAuth", "clientAuth", "0.1.2.3.4.5"]
+665      */
+666     this.getExtExtKeyUsageName = function() {
+667 	var info = this.getExtInfo("extKeyUsage");
+668 	if (info === undefined) return info;
+669 
+670 	var result = new Array();
+671 	
+672 	var h = _getTLV(this.hex, info.vidx);
+673 	if (h === '') return result;
+674 
+675 	var a = _getChildIdx(h, 0);
+676 	for (var i = 0; i < a.length; i++) {
+677 	    result.push(_oidname(_getV(h, a[i])));
+678 	}
+679 
+680 	return result;
+681     };
+682 
+683     /**
+684      * get subjectAltName value as array of string in the certificate
+685      * @name getExtSubjectAltName
+686      * @memberOf X509#
+687      * @function
+688      * @return {Object} array of alt names
+689      * @since jsrsasign 7.2.0 x509 1.1.14
+690      * @description
+691      * This method will get subject alt name extension value
+692      * as array of name.
+693      * If there is this in the certificate, it returns undefined;
+694      * <br>
+695      * NOTE: Currently this method supports only dNSName so that
+696      * other name type such like iPAddress or generalName will not be returned.
+697      * @example
+698      * x = new X509();
+699      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+700      * x.getExtSubjectAltName(hCert) → ["example.com", "example.org"]
+701      */
+702     this.getExtSubjectAltName = function() {
+703 	var info = this.getExtInfo("subjectAltName");
+704 	if (info === undefined) return info;
+705 
+706 	var result = new Array();
+707 	var h = _getTLV(this.hex, info.vidx);
+708 
+709 	var a = _getChildIdx(h, 0);
+710 	for (var i = 0; i < a.length; i++) {
+711 	    if (h.substr(a[i], 2) === "82") {
+712 		var fqdn = hextoutf8(_getV(h, a[i]));
+713 		result.push(fqdn);
+714 	    }
+715 	}
+716 	return result;
+717     };
+718 
+719     /**
+720      * get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate
+721      * @name getExtCRLDistributionPointsURI
+722      * @memberOf X509#
+723      * @function
+724      * @return {Object} array of fullName URIs of CDP of the certificate
+725      * @since jsrsasign 7.2.0 x509 1.1.14
+726      * @description
+727      * This method will get all fullName URIs of cRLDistributionPoints extension
+728      * in the certificate as array of URI string.
+729      * If there is this in the certificate, it returns undefined;
+730      * <br>
+731      * NOTE: Currently this method supports only fullName URI so that
+732      * other parameters will not be returned.
+733      * @example
+734      * x = new X509();
+735      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+736      * x.getExtCRLDistributionPointsURI() →
+737      * ["http://example.com/aaa.crl", "http://example.org/aaa.crl"]
+738      */
+739     this.getExtCRLDistributionPointsURI = function() {
+740 	var info = this.getExtInfo("cRLDistributionPoints");
+741 	if (info === undefined) return info;
+742 
+743 	var result = new Array();
+744 	var a = _getChildIdx(this.hex, info.vidx);
+745 	for (var i = 0; i < a.length; i++) {
+746 	    var hURI = _getVbyList(this.hex, a[i], [0, 0, 0], "86");
+747 	    var uri = hextoutf8(hURI);
+748 	    result.push(uri);
+749 	}
+750 
+751 	return result;
+752     };
+753 
+754     /**
+755      * get AuthorityInfoAccess extension value in the certificate as associative array
+756      * @name getExtAIAInfo
+757      * @memberOf X509#
+758      * @function
+759      * @return {Object} associative array of AIA extension properties
+760      * @since jsrsasign 7.2.0 x509 1.1.14
+761      * @description
+762      * This method will get authority info access value
+763      * as associate array which has following properties:
+764      * <ul>
+765      * <li>ocsp - array of string for OCSP responder URL</li>
+766      * <li>caissuer - array of string for caIssuer value (i.e. CA certificates URL)</li>
+767      * </ul>
+768      * If there is this in the certificate, it returns undefined;
+769      * @example
+770      * x = new X509();
+771      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+772      * x.getExtAIAInfo(hCert) → 
+773      * { ocsp:     ["http://ocsp.foo.com"],
+774      *   caissuer: ["http://rep.foo.com/aaa.p8m"] }
+775      */
+776     this.getExtAIAInfo = function() {
+777 	var info = this.getExtInfo("authorityInfoAccess");
+778 	if (info === undefined) return info;
+779 
+780 	var result = { ocsp: [], caissuer: [] };
+781 	var a = _getChildIdx(this.hex, info.vidx);
+782 	for (var i = 0; i < a.length; i++) {
+783 	    var hOID = _getVbyList(this.hex, a[i], [0], "06");
+784 	    var hName = _getVbyList(this.hex, a[i], [1], "86");
+785 	    if (hOID === "2b06010505073001") {
+786 		result.ocsp.push(hextoutf8(hName));
+787 	    }
+788 	    if (hOID === "2b06010505073002") {
+789 		result.caissuer.push(hextoutf8(hName));
+790 	    }
+791 	}
+792 
+793 	return result;
+794     };
+795 
+796     /**
+797      * get CertificatePolicies extension value in the certificate as array
+798      * @name getExtCertificatePolicies
+799      * @memberOf X509#
+800      * @function
+801      * @return {Object} array of PolicyInformation JSON object
+802      * @since jsrsasign 7.2.0 x509 1.1.14
+803      * @description
+804      * This method will get certificate policies value
+805      * as an array of JSON object which has following properties:
+806      * <ul>
+807      * <li>id - </li>
+808      * <li>cps - URI of certification practice statement</li>
+809      * <li>unotice - string of UserNotice explicitText</li>
+810      * </ul>
+811      * If there is this extension in the certificate,
+812      * it returns undefined;
+813      * @example
+814      * x = new X509();
+815      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+816      * x.getExtCertificatePolicies → 
+817      * [{ id: 1.2.3.4,
+818      *    cps: "http://example.com/cps",
+819      *    unotice: "explicit text" }]
+820      */
+821     this.getExtCertificatePolicies = function() {
+822 	var info = this.getExtInfo("certificatePolicies");
+823 	if (info === undefined) return info;
+824 	
+825 	var hExt = _getTLV(this.hex, info.vidx);
+826 	var result = [];
+827 
+828 	var a = _getChildIdx(hExt, 0);
+829 	for (var i = 0; i < a.length; i++) {
+830 	    var policyInfo = {};
+831 	    var a1 = _getChildIdx(hExt, a[i]);
+832 
+833 	    policyInfo.id = _oidname(_getV(hExt, a1[0]));
+834 
+835 	    if (a1.length === 2) {
+836 		var a2 = _getChildIdx(hExt, a1[1]);
+837 
+838 		for (var j = 0; j < a2.length; j++) {
+839 		    var hQualifierId = _getVbyList(hExt, a2[j], [0], "06");
+840 
+841 		    if (hQualifierId === "2b06010505070201") { // cps
+842 			policyInfo.cps = hextoutf8(_getVbyList(hExt, a2[j], [1]));
+843 		    } else if (hQualifierId === "2b06010505070202") { // unotice
+844 			policyInfo.unotice =
+845 			    hextoutf8(_getVbyList(hExt, a2[j], [1, 0]));
+846 		    }
+847 		}
+848 	    }
+849 
+850 	    result.push(policyInfo);
+851 	}
+852 
+853 	return result;
+854     }
+855 
+856     // ===== read certificate =====================================
+857     /**
+858      * read PEM formatted X.509 certificate from string.<br/>
+859      * @name readCertPEM
+860      * @memberOf X509#
+861      * @function
+862      * @param {String} sCertPEM string for PEM formatted X.509 certificate
+863      * @example
+864      * x = new X509();
+865      * x.readCertPEM(sCertPEM); // read certificate
+866      */
+867     this.readCertPEM = function(sCertPEM) {
+868         this.readCertHex(_pemtohex(sCertPEM));
+869     };
+870 
+871     /**
+872      * read a hexadecimal string of X.509 certificate<br/>
+873      * @name readCertHex
+874      * @memberOf X509#
+875      * @function
+876      * @param {String} sCertHex hexadecimal string of X.509 certificate
+877      * @since jsrsasign 7.1.4 x509 1.1.13
+878      * @description
+879      * NOTE: {@link X509#parseExt} will called internally since jsrsasign 7.2.0.
+880      * @example
+881      * x = new X509();
+882      * x.readCertHex("3082..."); // read certificate
+883      */
+884     this.readCertHex = function(sCertHex) {
+885         this.hex = sCertHex;
+886 	this.getVersion(); // set version parameter
+887 	this.parseExt();
+888 
+889 	try {
+890 	    pubkey = this.getPublicKey();
+891 	    // deprecated field settings. will remove this block after 8.0.0
+892 	    if (pubkey instanceof RSAKey) { 
+893 		this.subjectPublicKeyRSA = pubkey;
+894 		this.subjectPublicKeyRSA_hN = hextoposhex(pubkey.n.toString(16));
+895 		this.subjectPublicKeyRSA_hE = hextoposhex(pubkey.e.toString(16));
+896 	    }
+897 	} catch (ex) {};
+898     };
+899 
+900     // DEPRECATED. will remove after 8.0.0
+901     this.readCertPEMWithoutRSAInit = function(sCertPEM) {
+902         var hCert = _pemtohex(sCertPEM);
+903         var a = _X509.getPublicKeyHexArrayFromCertHex(hCert);
+904         if (typeof this.subjectPublicKeyRSA.setPublic === "function") {
+905             this.subjectPublicKeyRSA.setPublic(a[0], a[1]);
+906         }
+907         this.subjectPublicKeyRSA_hN = a[0];
+908         this.subjectPublicKeyRSA_hE = a[1];
+909         this.hex = hCert;
+910     };
+911 
+912     /**
+913      * get certificate information as string.<br/>
+914      * @name getInfo
+915      * @memberOf X509#
+916      * @function
+917      * @return {String} certificate information string
+918      * @since jsrsasign 5.0.10 x509 1.1.8
+919      * @example
+920      * x = new X509();
+921      * x.readCertPEM(certPEM);
+922      * console.log(x.getInfo());
+923      * // this shows as following
+924      * Basic Fields
+925      *   serial number: 02ac5c266a0b409b8f0b79f2ae462577
+926      *   signature algorithm: SHA1withRSA
+927      *   issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
+928      *   notBefore: 061110000000Z
+929      *   notAfter: 311110000000Z
+930      *   subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
+931      *   subject public key info:
+932      *     key algorithm: RSA
+933      *     n=c6cce573e6fbd4bb...
+934      *     e=10001
+935      * X509v3 Extensions:
+936      *   keyUsage CRITICAL:
+937      *     digitalSignature,keyCertSign,cRLSign
+938      *   basicConstraints CRITICAL:
+939      *     cA=true
+940      *   subjectKeyIdentifier :
+941      *     b13ec36903f8bf4701d498261a0802ef63642bc3
+942      *   authorityKeyIdentifier :
+943      *     kid=b13ec36903f8bf4701d498261a0802ef63642bc3
+944      * signature algorithm: SHA1withRSA
+945      * signature: 1c1a0697dcd79c9f...
+946      */
+947     this.getInfo = function() {
+948 	var _X509 = X509;
+949 	var s, pubkey, aExt;
+950 	s  = "Basic Fields\n";
+951         s += "  serial number: " + this.getSerialNumberHex() + "\n";
+952 	s += "  signature algorithm: " + this.getSignatureAlgorithmField() + "\n";
+953 	s += "  issuer: " + this.getIssuerString() + "\n";
+954 	s += "  notBefore: " + this.getNotBefore() + "\n";
+955 	s += "  notAfter: " + this.getNotAfter() + "\n";
+956 	s += "  subject: " + this.getSubjectString() + "\n";
+957 	s += "  subject public key info: " + "\n";
+958 
+959 	// subject public key info
+960 	pubkey = this.getPublicKey();
+961 	s += "    key algorithm: " + pubkey.type + "\n";
+962 
+963 	if (pubkey.type === "RSA") {
+964 	    s += "    n=" + hextoposhex(pubkey.n.toString(16)).substr(0, 16) + "...\n";
+965 	    s += "    e=" + hextoposhex(pubkey.e.toString(16)) + "\n";
+966 	}
+967 
+968         s += "X509v3 Extensions:\n";
+969 
+970         aExt = this.aExtInfo;
+971         for (var i = 0; i < aExt.length; i++) {
+972 	    var info = aExt[i];
+973 
+974 	    // show extension name and critical flag
+975 	    var extName = KJUR.asn1.x509.OID.oid2name(info["oid"]);
+976 	    if (extName === '') extName = info["oid"];
+977 
+978 	    var critical = '';
+979 	    if (info["critical"] === true) critical = "CRITICAL";
+980 
+981 	    s += "  " + extName + " " + critical + ":\n";
+982 
+983 	    // show extension value if supported
+984 	    if (extName === "basicConstraints") {
+985 		var bc = this.getExtBasicConstraints();
+986 		if (bc.cA === undefined) {
+987 		    s += "    {}\n";
+988 		} else {
+989 		    s += "    cA=true";
+990 		    if (bc.pathLen !== undefined)
+991 			s += ", pathLen=" + bc.pathLen;
+992 		    s += "\n";
+993 		}
+994 	    } else if (extName === "keyUsage") {
+995 		s += "    " + this.getExtKeyUsageString() + "\n";
+996 	    } else if (extName === "subjectKeyIdentifier") {
+997 		s += "    " + this.getExtSubjectKeyIdentifier() + "\n";
+998 	    } else if (extName === "authorityKeyIdentifier") {
+999 		var akid = _X509.getExtAuthorityKeyIdentifier(this.hex);
+1000 		if (akid.kid !== undefined)
+1001 		    s += "    kid=" + akid.kid + "\n";
+1002 	    } else if (extName === "extKeyUsage") {
+1003 		var eku = this.getExtExtKeyUsageName();
+1004 		s += "    " + eku.join(", ") + "\n";
+1005 	    } else if (extName === "subjectAltName") {
+1006 		var san = this.getExtSubjectAltName();
+1007 		s += "    " + san.join(", ") + "\n";
+1008 	    } else if (extName === "cRLDistributionPoints") {
+1009 		var cdp = this.getExtCRLDistributionPointsURI();
+1010 		s += "    " + cdp + "\n";
+1011 	    } else if (extName === "authorityInfoAccess") {
+1012 		var aia = this.getExtAIAInfo();
+1013 		if (aia.ocsp !== undefined)
+1014 		    s += "    ocsp: " + aia.ocsp.join(",") + "\n";
+1015 		if (aia.caissuer !== undefined)
+1016 		    s += "    caissuer: " + aia.caissuer.join(",") + "\n";
+1017 	    }
+1018         }
+1019 
+1020 	s += "signature algorithm: " + this.getSignatureAlgorithmName() + "\n";
+1021 	s += "signature: " + this.getSignatureValueHex().substr(0, 16) + "...\n";
+1022 	return s;
+1023     };
+1024 };
+1025 
+1026 /**
+1027  * (DEPRECATED) get Base64 string from PEM certificate string
+1028  * @name pemToBase64
+1029  * @memberOf X509
+1030  * @function
+1031  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
+1032  * @return {String} Base64 string of PEM certificate
+1033  * @deprecated jsrsasign 7.2.1 x509 1.1.15 
+1034  * @example
+1035  * b64 = X509.pemToBase64(certPEM);
+1036  */
+1037 X509.pemToBase64 = function(sCertPEM) {
+1038     return hextob64(pemtohex(sCertPEM));
+1039 };
+1040 
+1041 /**
+1042  * (DEPRECATED) get a hexa decimal string from PEM certificate string
+1043  * @name pemToHex
+1044  * @memberOf X509
+1045  * @function
+1046  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
+1047  * @return {String} hexadecimal string of PEM certificate
+1048  * @deprecated from x509 1.1.11 jsrsasign 7.0.1. please move to {@link ASN1HEX.pemToHex}
+1049  * @description
+1050  * CAUTION: now X509.pemToHex deprecated and is planed to remove in jsrsasign 8.0.0.
+1051  * @example
+1052  * hex = X509.pemToHex(certPEM);
+1053  */
+1054 X509.pemToHex = function(sCertPEM) {
+1055     return pemtohex(sCertPEM);
+1056 };
+1057 
+1058 /**
+1059  * (DEPRECATED) get a string index of contents of subjectPublicKeyInfo BITSTRING value from hexadecimal certificate<br/>
+1060  * @name getSubjectPublicKeyPosFromCertHex
+1061  * @memberOf X509
+1062  * @function
+1063  * @param {String} hCert hexadecimal string of DER RSA/ECDSA/DSA X.509 certificate
+1064  * @return {Integer} string index of key contents
+1065  * @deprecated from x509 1.1.13 jsrsasign 7.1.14. This static method will be removed in 8.0.0 release.
+1066  * @example
+1067  * idx = X509.getSubjectPublicKeyPosFromCertHex("3082...");
+1068  */
+1069 // NOTE: Without BITSTRING encapsulation.
+1070 X509.getSubjectPublicKeyPosFromCertHex = function(hCert) {
+1071     var pInfo = X509.getSubjectPublicKeyInfoPosFromCertHex(hCert);
+1072     if (pInfo == -1) return -1;
+1073     var a = ASN1HEX.getChildIdx(hCert, pInfo);
+1074     if (a.length != 2) return -1;
+1075     var pBitString = a[1];
+1076     if (hCert.substr(pBitString, 2) != '03') return -1;
+1077     var pBitStringV = ASN1HEX.getVidx(hCert, pBitString);
+1078 
+1079     if (hCert.substr(pBitStringV, 2) != '00') return -1;
+1080     return pBitStringV + 2;
+1081 };
+1082 
+1083 /**
+1084  * (DEPRECATED) get a string index of subjectPublicKeyInfo field from hexadecimal certificate<br/>
+1085  * @name getSubjectPublicKeyInfoPosFromCertHex
+1086  * @memberOf X509
+1087  * @function
+1088  * @param {String} hCert hexadecimal string of DER RSA/ECDSA/DSA X.509 certificate
+1089  * @return {Integer} string index of subjectPublicKeyInfo field
+1090  * @deprecated since jsrsasign 7.1.14 x509 1.1.13. This will be removed in 8.0.0 release.
+1091  * @description
+1092  * This static method gets a string index of subjectPublicKeyInfo field from hexadecimal certificate.<br/>
+1093  * NOTE1: privateKeyUsagePeriod field of X509v2 not supported.<br/>
+1094  * NOTE2: X.509v1 and X.509v3 certificate are supported.<br/>
+1095  * @example
+1096  * idx = X509.getSubjectPublicKeyInfoPosFromCertHex("3082...");
+1097  */
+1098 X509.getSubjectPublicKeyInfoPosFromCertHex = function(hCert) {
+1099     var x = new X509();
+1100     x.readCertHex(hCert);
+1101     return x.getPublicKeyIdx();
+1102 };
+1103 
+1104 /**
+1105  * (DEPRECATED) get an array of N and E for RSA subject public key in HEX certificate<br/>
+1106  * @name getPublicKeyHexArrayFromCertHex
+1107  * @memberOf X509
+1108  * @function
+1109  * @param {String} hCert hexadecimal string of RSA X.509 certificate
+1110  * @return {Array} array of N and E parameter of RSA subject public key
+1111  * @deprecated since jsrsasign 7.1.14 x509 1.1.13. This will be removed in 8.0.0 release.
+1112  */
+1113 X509.getPublicKeyHexArrayFromCertHex = function(hCert) {
+1114     var _ASN1HEX = ASN1HEX;
+1115     var p, a, hN, hE;
+1116     p = X509.getSubjectPublicKeyPosFromCertHex(hCert);
+1117     a = _ASN1HEX.getChildIdx(hCert, p);
+1118     if (a.length != 2) return [];
+1119     hN = _ASN1HEX.getV(hCert, a[0]);
+1120     hE = _ASN1HEX.getV(hCert, a[1]);
+1121     if (hN != null && hE != null) {
+1122         return [hN, hE];
+1123     } else {
+1124         return [];
+1125     }
+1126 };
+1127 
+1128 X509.getHexTbsCertificateFromCert = function(hCert) {
+1129     var pTbsCert = ASN1HEX.getVidx(hCert, 0);
+1130     return pTbsCert;
+1131 };
+1132 
+1133 /**
+1134  * (DEPRECATED) get an array of N and E for RSA subject public key in PEM certificate<br/>
+1135  * @name getPublicKeyHexArrayFromCertPEM
+1136  * @memberOf X509
+1137  * @function
+1138  * @param {String} sCertPEM PEM string of RSA X.509 certificate
+1139  * @return {Array} array of N and E parameter of RSA subject public key
+1140  * @deprecated since jsrsasign 7.1.14 x509 1.1.13. This will be removed in 8.0.0 release.
+1141  */
+1142 X509.getPublicKeyHexArrayFromCertPEM = function(sCertPEM) {
+1143     var hCert = pemtohex(sCertPEM);
+1144     var a = X509.getPublicKeyHexArrayFromCertHex(hCert);
+1145     return a;
+1146 };
+1147 
+1148 /**
+1149  * get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name<br/>
+1150  * @name hex2dn
+1151  * @memberOf X509
+1152  * @function
+1153  * @param {String} hex hexadecimal string of ASN.1 DER distinguished name
+1154  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+1155  * @return {String} OpenSSL online format distinguished name
+1156  * @description
+1157  * This static method converts from a hexadecimal string of 
+1158  * distinguished name (DN)
+1159  * specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
+1160  * @example
+1161  * X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1
+1162  */
+1163 X509.hex2dn = function(hex, idx) {
+1164     if (idx === undefined) idx = 0;
+1165     if (hex.substr(idx, 2) !== "30") throw "malformed DN";
+1166 
+1167     var a = new Array();
 1168 
-1169     var a = new Array();
-1170 
-1171     var aIdx = ASN1HEX.getChildIdx(hex, idx);
-1172     for (var i = 0; i < aIdx.length; i++) {
-1173 	a.push(X509.hex2rdn(hex, aIdx[i]));
-1174     }
-1175 
-1176     a = a.map(function(s) { return s.replace("/", "\\/"); });
-1177     return "/" + a.join("/");
-1178 };
-1179 
-1180 /**
-1181  * get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN<br/>
-1182  * @name hex2rdn
-1183  * @memberOf X509
-1184  * @function
-1185  * @param {String} hex hexadecimal string of ASN.1 DER concludes relative distinguished name
-1186  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-1187  * @return {String} OpenSSL online format relative distinguished name
-1188  * @description
-1189  * This static method converts from a hexadecimal string of 
-1190  * relative distinguished name (RDN)
-1191  * specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).<br/>
-1192  * NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
-1193  * @example
-1194  * X509.hex2rdn("310a3008060355040a0c0161") → O=a
-1195  * X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b
-1196  */
-1197 X509.hex2rdn = function(hex, idx) {
-1198     if (idx === undefined) idx = 0;
-1199     if (hex.substr(idx, 2) !== "31") throw "malformed RDN";
+1169     var aIdx = ASN1HEX.getChildIdx(hex, idx);
+1170     for (var i = 0; i < aIdx.length; i++) {
+1171 	a.push(X509.hex2rdn(hex, aIdx[i]));
+1172     }
+1173 
+1174     a = a.map(function(s) { return s.replace("/", "\\/"); });
+1175     return "/" + a.join("/");
+1176 };
+1177 
+1178 /**
+1179  * get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN<br/>
+1180  * @name hex2rdn
+1181  * @memberOf X509
+1182  * @function
+1183  * @param {String} hex hexadecimal string of ASN.1 DER concludes relative distinguished name
+1184  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+1185  * @return {String} OpenSSL online format relative distinguished name
+1186  * @description
+1187  * This static method converts from a hexadecimal string of 
+1188  * relative distinguished name (RDN)
+1189  * specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).<br/>
+1190  * NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
+1191  * @example
+1192  * X509.hex2rdn("310a3008060355040a0c0161") → O=a
+1193  * X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b
+1194  */
+1195 X509.hex2rdn = function(hex, idx) {
+1196     if (idx === undefined) idx = 0;
+1197     if (hex.substr(idx, 2) !== "31") throw "malformed RDN";
+1198 
+1199     var a = new Array();
 1200 
-1201     var a = new Array();
-1202 
-1203     var aIdx = ASN1HEX.getChildIdx(hex, idx);
-1204     for (var i = 0; i < aIdx.length; i++) {
-1205 	a.push(X509.hex2attrTypeValue(hex, aIdx[i]));
-1206     }
-1207 
-1208     a = a.map(function(s) { return s.replace("+", "\\+"); });
-1209     return a.join("+");
-1210 };
-1211 
-1212 /**
-1213  * get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue<br/>
-1214  * @name hex2attrTypeValue
-1215  * @memberOf X509
-1216  * @function
-1217  * @param {String} hex hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue
-1218  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-1219  * @return {String} string representation of AttributeTypeAndValue (ex. C=US)
-1220  * @description
-1221  * This static method converts from a hexadecimal string of AttributeTypeAndValue
-1222  * specified by 'hex' and 'idx' to LDAP string representation (ex. C=US).
-1223  * @example
-1224  * X509.hex2attrTypeValue("3008060355040a0c0161") → O=a
-1225  * X509.hex2attrTypeValue("300806035504060c0161") → C=a
-1226  * X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a
-1227  */
-1228 X509.hex2attrTypeValue = function(hex, idx) {
-1229     var _ASN1HEX = ASN1HEX;
-1230     var _getV = _ASN1HEX.getV;
-1231 
-1232     if (idx === undefined) idx = 0;
-1233     if (hex.substr(idx, 2) !== "30") throw "malformed attribute type and value";
-1234 
-1235     var aIdx = _ASN1HEX.getChildIdx(hex, idx);
-1236     if (aIdx.length !== 2 || hex.substr(aIdx[0], 2) !== "06")
-1237 	"malformed attribute type and value";
-1238 
-1239     var oidHex = _getV(hex, aIdx[0]);
-1240     var oidInt = KJUR.asn1.ASN1Util.oidHexToInt(oidHex);
-1241     var atype = KJUR.asn1.x509.OID.oid2atype(oidInt);
-1242 
-1243     var hV = _getV(hex, aIdx[1]);
-1244     var rawV = hextorstr(hV);
-1245 
-1246     return atype + "=" + rawV;
-1247 };
-1248 
-1249 /**
-1250  * get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string<br/>
-1251  * @name getPublicKeyFromCertHex
-1252  * @memberOf X509
-1253  * @function
-1254  * @param {String} h hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key
-1255  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
-1256  * @since jsrasign 7.1.0 x509 1.1.11
-1257  */
-1258 X509.getPublicKeyFromCertHex = function(h) {
-1259     var x = new X509();
-1260     x.readCertHex(h);
-1261     return x.getPublicKey();
-1262 };
-1263 
-1264 /**
-1265  * get RSA/DSA/ECDSA public key object from PEM certificate string
-1266  * @name getPublicKeyFromCertPEM
-1267  * @memberOf X509
-1268  * @function
-1269  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
-1270  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
-1271  * @since x509 1.1.1
-1272  * @description
-1273  * NOTE: DSA is also supported since x509 1.1.2.
-1274  */
-1275 X509.getPublicKeyFromCertPEM = function(sCertPEM) {
-1276     var x = new X509();
-1277     x.readCertPEM(sCertPEM);
-1278     return x.getPublicKey();
-1279 };
-1280 
-1281 /**
-1282  * get public key information from PEM certificate
-1283  * @name getPublicKeyInfoPropOfCertPEM
-1284  * @memberOf X509
-1285  * @function
-1286  * @param {String} sCertPEM string of PEM formatted certificate
-1287  * @return {Hash} hash of information for public key
-1288  * @since x509 1.1.1
-1289  * @description
-1290  * Resulted associative array has following properties:<br/>
-1291  * <ul>
-1292  * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
-1293  * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
-1294  * <li>keyhex - hexadecimal string of key in the certificate</li>
-1295  * </ul>
-1296  * NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
-1297  */
-1298 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) {
-1299     var _ASN1HEX = ASN1HEX;
-1300     var _getVbyList = _ASN1HEX.getVbyList;
-1301 
-1302     var result = {};
-1303     var x, hSPKI, pubkey;
-1304     result.algparam = null;
-1305 
-1306     x = new X509();
-1307     x.readCertPEM(sCertPEM);
-1308 
-1309     hSPKI = x.getPublicKeyHex();
-1310     result.keyhex = _getVbyList(hSPKI, 0, [1], "03").substr(2);
-1311     result.algoid = _getVbyList(hSPKI, 0, [0, 0], "06");
-1312 
-1313     if (result.algoid === "2a8648ce3d0201") { // ecPublicKey
-1314 	result.algparam = _getVbyList(hSPKI, 0, [0, 1], "06");
-1315     };
-1316 
-1317     return result;
-1318 };
-1319 
-1320 /**
-1321  * (DEPRECATED) static method to get position of subjectPublicKeyInfo field from HEX certificate
-1322  * @name getPublicKeyInfoPosOfCertHEX
-1323  * @memberOf X509
-1324  * @function
-1325  * @param {String} hCert hexadecimal string of certificate
-1326  * @return {Integer} position in hexadecimal string
-1327  * @since x509 1.1.4
-1328  * @deprecated from jsrsasign 7.1.14 x509 1.1.13
-1329  * @description
-1330  * get position for SubjectPublicKeyInfo field in the hexadecimal string of
-1331  * certificate.
-1332  */
-1333 X509.getPublicKeyInfoPosOfCertHEX = function(hCert) {
-1334     var x = new X509();
-1335     x.readCertHex(hCert);
-1336     return x.getPublicKeyIdx();
-1337 };
-1338 
-1339 /**
-1340  * (DEPRECATED) get array of X.509 V3 extension value information in hex string of certificate<br/>
-1341  * @name getV3ExtInfoListOfCertHex
-1342  * @memberOf X509
-1343  * @function
-1344  * @param {String} hCert hexadecimal string of X.509 certificate binary
-1345  * @return {Array} array of result object by {@link X509.getV3ExtInfoListOfCertHex}
-1346  * @since x509 1.1.5
-1347  * @deprecated from x509 1.1.14 jsrsasign 7.2.0
-1348  * @description
-1349  * This method will get all extension information of a X.509 certificate.
-1350  * Items of resulting array has following properties:
-1351  * <ul>
-1352  * <li>posTLV - index of ASN.1 TLV for the extension. same as 'pos' argument.</li>
-1353  * <li>oid - dot noted string of extension oid (ex. 2.5.29.14)</li>
-1354  * <li>critical - critical flag value for this extension</li>
-1355  * <li>posV - index of ASN.1 TLV for the extension value.
-1356  * This is a position of a content of ENCAPSULATED OCTET STRING.</li>
-1357  * </ul>
-1358  * @example
-1359  * hCert = ASN1HEX.pemToHex(certGithubPEM);
-1360  * a = X509.getV3ExtInfoListOfCertHex(hCert);
-1361  * // Then a will be an array of like following:
-1362  * [{posTLV: 1952, oid: "2.5.29.35", critical: false, posV: 1968},
-1363  *  {posTLV: 1974, oid: "2.5.29.19", critical: true, posV: 1986}, ...]
-1364  */
-1365 X509.getV3ExtInfoListOfCertHex = function(hCert) {
-1366     var _ASN1HEX = ASN1HEX;
-1367 
-1368     // 1. find index for SEQUENCE in v3 extension field ("[3]")
-1369     var extSeqIdx = _ASN1HEX.getIdxbyList(hCert, 0, [0, 7, 0], "30");
-1370     var a4 = _ASN1HEX.getChildIdx(hCert, extSeqIdx);
-1371 
-1372     // 2. v3Extension item position
-1373     var numExt = a4.length;
-1374     var aInfo = new Array(numExt);
-1375     for (var i = 0; i < numExt; i++) {
-1376 	aInfo[i] = X509.getV3ExtItemInfo_AtObj(hCert, a4[i]);
-1377     }
-1378     return aInfo;
-1379 };
-1380 
-1381 /**
-1382  * (DEPRECATED) get X.509 V3 extension value information at the specified position<br/>
-1383  * @name getV3ExtItemInfo_AtObj
-1384  * @memberOf X509
-1385  * @function
-1386  * @param {String} hCert hexadecimal string of X.509 certificate binary
-1387  * @param {Integer} pos index of hexadecimal string for the extension
-1388  * @return {Object} properties for the extension
-1389  * @since x509 1.1.5
-1390  * @deprecated from x509 1.1.14 jsrsasign 7.2.0
-1391  * @description
-1392  * This method will get some information of a X.509 V extension
-1393  * which is referred by an index of hexadecimal string of X.509
-1394  * certificate.
-1395  * Resulting object has following properties:
-1396  * <ul>
-1397  * <li>posTLV - index of ASN.1 TLV for the extension. same as 'pos' argument.</li>
-1398  * <li>oid - dot noted string of extension oid (ex. 2.5.29.14)</li>
-1399  * <li>critical - critical flag value for this extension</li>
-1400  * <li>posV - index of ASN.1 TLV for the extension value.
-1401  * This is a position of a content of ENCAPSULATED OCTET STRING.</li>
-1402  * </ul>
-1403  * This method is used by {@link X509.getV3ExtInfoListOfCertHex} internally.
-1404  */
-1405 X509.getV3ExtItemInfo_AtObj = function(hCert, pos) {
-1406     var _ASN1HEX = ASN1HEX;
-1407     var info = {};
-1408 
-1409     // posTLV - extension TLV
-1410     info.posTLV = pos;
-1411 
-1412     var a  = _ASN1HEX.getChildIdx(hCert, pos);
-1413     if (a.length != 2 && a.length != 3)
-1414         throw "malformed X.509v3 Ext (code:001)"; // oid,(critical,)val
-1415 
-1416     // oid - extension OID
-1417     if (hCert.substr(a[0], 2) != "06")
-1418         throw "malformed X.509v3 Ext (code:002)"; // not OID "06"
-1419     var valueHex = _ASN1HEX.getV(hCert, a[0]);
-1420     info.oid = _ASN1HEX.hextooidstr(valueHex);
-1421 
-1422     // critical - extension critical flag
-1423     info.critical = false; // critical false by default
-1424     if (a.length == 3) info.critical = true;
-1425 
-1426     // posV - content TLV position of encapsulated
-1427     //        octet string of V3 extension value.
-1428     var posExtV = a[a.length - 1];
-1429     if (hCert.substr(posExtV, 2) != "04")
-1430         throw "malformed X.509v3 Ext (code:003)"; // not EncapOctet "04"
-1431     info.posV = _ASN1HEX.getVidx(hCert, posExtV);
-1432 
-1433     return info;
-1434 };
-1435 
-1436 /**
-1437  * (DEPRECATED) get X.509 V3 extension value ASN.1 TLV for specified oid or name
-1438  * @name getHexOfTLV_V3ExtValue
-1439  * @memberOf X509
-1440  * @function
-1441  * @param {String} hCert hexadecimal string of X.509 certificate binary
-1442  * @param {String} oidOrName oid or name for extension (ex. 'keyUsage' or '2.5.29.15')
-1443  * @return {String} hexadecimal string of extension ASN.1 TLV
-1444  * @since x509 1.1.6
-1445  * @deprecated from x509 1.1.14 jsrsasign 7.2.0
-1446  * @description
-1447  * This method will get X.509v3 extension value of ASN.1 TLV
-1448  * which is specifyed by extension name or oid.
-1449  * If there is no such extension in the certificate, it returns null.
-1450  * @example
-1451  * hExtValue = X509.getHexOfTLV_V3ExtValue(hCert, "keyUsage");
-1452  * // hExtValue will be such like '030205a0'.
-1453  */
-1454 X509.getHexOfTLV_V3ExtValue = function(hCert, oidOrName) {
-1455     var idx = X509.getPosOfTLV_V3ExtValue(hCert, oidOrName);
-1456     if (idx == -1) return null;
-1457     return ASN1HEX.getTLV(hCert, idx);
-1458 };
-1459 
-1460 /**
-1461  * (DEPRECATED) get X.509 V3 extension value ASN.1 V for specified oid or name
-1462  * @name getHexOfV_V3ExtValue
-1463  * @memberOf X509
-1464  * @function
-1465  * @param {String} hCert hexadecimal string of X.509 certificate binary
-1466  * @param {String} oidOrName oid or name for extension (ex. 'keyUsage' or '2.5.29.15')
-1467  * @return {String} hexadecimal string of extension ASN.1 TLV
-1468  * @since x509 1.1.6
-1469  * @deprecated from x509 1.1.14 jsrsasign 7.2.0
-1470  * @description
-1471  * This method will get X.509v3 extension value of ASN.1 value
-1472  * which is specifyed by extension name or oid.
-1473  * If there is no such extension in the certificate, it returns null.
-1474  * Available extension names and oids are defined
-1475  * in the {@link KJUR.asn1.x509.OID} class.
-1476  * @example
-1477  * hExtValue = X509.getHexOfV_V3ExtValue(hCert, "keyUsage");
-1478  * // hExtValue will be such like '05a0'.
-1479  */
-1480 X509.getHexOfV_V3ExtValue = function(hCert, oidOrName) {
-1481     var idx = X509.getPosOfTLV_V3ExtValue(hCert, oidOrName);
-1482     if (idx == -1) return null;
-1483     return ASN1HEX.getV(hCert, idx);
-1484 };
-1485 
-1486 /**
-1487  * (DEPRECATED) get index in the certificate hexa string for specified oid or name specified extension
-1488  * @name getPosOfTLV_V3ExtValue
-1489  * @memberOf X509
-1490  * @function
-1491  * @param {String} hCert hexadecimal string of X.509 certificate binary
-1492  * @param {String} oidOrName oid or name for extension (ex. 'keyUsage' or '2.5.29.15')
-1493  * @return {Integer} index in the hexadecimal string of certficate for specified extension
-1494  * @since x509 1.1.6
-1495  * @deprecated from x509 1.1.14 jsrsasign 7.2.0
-1496  * @description
-1497  * This method will get X.509v3 extension value of ASN.1 V(value)
-1498  * which is specifyed by extension name or oid.
-1499  * If there is no such extension in the certificate,
-1500  * it returns -1.
-1501  * Available extension names and oids are defined
-1502  * in the {@link KJUR.asn1.x509.OID} class.
-1503  * @example
-1504  * idx = X509.getPosOfV_V3ExtValue(hCert, "keyUsage");
-1505  * // The 'idx' will be index in the string for keyUsage value ASN.1 TLV.
-1506  */
-1507 X509.getPosOfTLV_V3ExtValue = function(hCert, oidOrName) {
-1508     var oid = oidOrName;
-1509     if (! oidOrName.match(/^[0-9.]+$/)) {
-1510 	oid = KJUR.asn1.x509.OID.name2oid(oidOrName);
-1511     }
-1512     if (oid == '') return -1;
-1513 
-1514     var infoList = X509.getV3ExtInfoListOfCertHex(hCert);
-1515     for (var i = 0; i < infoList.length; i++) {
-1516 	var info = infoList[i];
-1517 	if (info.oid == oid) return info.posV;
-1518     }
-1519     return -1;
-1520 };
-1521 
-1522 /* ======================================================================
-1523  *   Specific V3 Extensions
-1524  * ====================================================================== */
-1525 
-1526 /**
-1527  * (DEPRECATED) get BasicConstraints extension value as object in the certificate<br/>
-1528  * @name getExtBasicConstraints
-1529  * @memberOf X509
-1530  * @function
-1531  * @param {String} hCert hexadecimal string of X.509 certificate binary
-1532  * @return {Object} associative array which may have "cA" and "pathLen" parameters
-1533  * @since x509 1.1.7
-1534  * @deprecated from x509 1.1.14 jsrsasign 7.2.0 please move to {@link X509#getExtBasicConstraints}
-1535  * @description
-1536  * This method will get basic constraints extension value as object with following paramters.
-1537  * <ul>
-1538  * <li>cA - CA flag whether CA or not</li>
-1539  * <li>pathLen - maximum intermediate certificate length</li>
-1540  * </ul>
-1541  * There are use cases for return values:
-1542  * <ul>
-1543  * <li>{cA:true, pathLen:3} - cA flag is true and pathLen is 3</li>
-1544  * <li>{cA:true} - cA flag is true and no pathLen</li>
-1545  * <li>{} - basic constraints has no value in case of end entity certificate</li>
-1546  * <li>null - there is no basic constraints extension</li>
-1547  * </ul>
-1548  * @example
-1549  * obj = X509.getExtBasicConstraints(hCert);
-1550  */
-1551 X509.getExtBasicConstraints = function(hCert) {
-1552     var x = new X509();
-1553     x.readCertHex(hCert);
-1554     return x.getExtBasicConstraints();
-1555 };
-1556 
-1557 X509.KEYUSAGE_NAME = [
-1558     "digitalSignature",
-1559     "nonRepudiation",
-1560     "keyEncipherment",
-1561     "dataEncipherment",
-1562     "keyAgreement",
-1563     "keyCertSign",
-1564     "cRLSign",
-1565     "encipherOnly",
-1566     "decipherOnly"
-1567 ];
-1568 
-1569 /**
-1570  * (DEPRECATED) get KeyUsage extension value as binary string in the certificate<br/>
-1571  * @name getExtKeyUsageBin
-1572  * @memberOf X509
-1573  * @function
-1574  * @param {String} hCert hexadecimal string of X.509 certificate binary
-1575  * @return {String} binary string of key usage bits (ex. '101')
-1576  * @since x509 1.1.6
-1577  * @deprecated from x509 1.1.14 jsrsasign 7.2.0 please move to {@link X509#getExtKeyUsageBin}
-1578  * @description
-1579  * This method will get key usage extension value
-1580  * as binary string such like '101'.
-1581  * Key usage bits definition is in the RFC 5280.
-1582  * If there is no key usage extension in the certificate,
-1583  * it returns empty string (i.e. '').
-1584  * @example
-1585  * bKeyUsage = X509.getExtKeyUsageBin(hCert);
-1586  * // bKeyUsage will be such like '101'.
-1587  * // 1 - digitalSignature
-1588  * // 0 - nonRepudiation
-1589  * // 1 - keyEncipherment
-1590  */
-1591 X509.getExtKeyUsageBin = function(hCert) {
-1592     var x = new X509();
-1593     x.readCertHex(hCert);
-1594     return x.getExtKeyUsageBin();
-1595 };
-1596 
-1597 /**
-1598  * (DEPRECATED) get KeyUsage extension value as names in the certificate<br/>
-1599  * @name getExtKeyUsageString
-1600  * @memberOf X509
-1601  * @function
-1602  * @param {String} hCert hexadecimal string of X.509 certificate binary
-1603  * @return {String} comma separated string of key usage
-1604  * @since x509 1.1.6
-1605  * @deprecated from x509 1.1.14 jsrsasign 7.2.0 please move to {@link X509#getExtKeyUsageString}
-1606  * @description
-1607  * This method will get key usage extension value
-1608  * as comma separated string of usage names.
-1609  * If there is no key usage extension in the certificate,
-1610  * it returns empty string (i.e. '').
-1611  * @example
-1612  * sKeyUsage = X509.getExtKeyUsageString(hCert);
-1613  * // sKeyUsage will be such like 'digitalSignature,keyEncipherment'.
-1614  */
-1615 X509.getExtKeyUsageString = function(hCert) {
-1616     var x = new X509();
-1617     x.readCertHex(hCert);
-1618     return x.getExtKeyUsageString();
-1619 };
-1620 
-1621 /**
-1622  * (DEPRECATED) get subjectKeyIdentifier value as hexadecimal string in the certificate<br/>
-1623  * @name getExtSubjectKeyIdentifier
-1624  * @memberOf X509
-1625  * @function
-1626  * @param {String} hCert hexadecimal string of X.509 certificate binary
-1627  * @return {String} hexadecimal string of subject key identifier or null
-1628  * @since jsrsasign 5.0.10 x509 1.1.8
-1629  * @deprecated from x509 1.1.14 jsrsasign 7.2.0 please move to {@link X509#getExtSubjectKeyIdentifier}
-1630  * @description
-1631  * This method will get subject key identifier extension value
-1632  * as hexadecimal string.
-1633  * If there is no its extension in the certificate,
-1634  * it returns null.
-1635  * @example
-1636  * skid = X509.getExtSubjectKeyIdentifier(hCert);
-1637  */
-1638 X509.getExtSubjectKeyIdentifier = function(hCert) {
-1639     var x = new X509();
-1640     x.readCertHex(hCert);
-1641     return x.getExtSubjectKeyIdentifier();
-1642 };
-1643 
-1644 /**
-1645  * (DEPRECATED) get authorityKeyIdentifier value as JSON object in the certificate<br/>
-1646  * @name getExtAuthorityKeyIdentifier
-1647  * @memberOf X509
-1648  * @function
-1649  * @param {String} hCert hexadecimal string of X.509 certificate binary
-1650  * @return {Object} JSON object of authority key identifier or null
-1651  * @since jsrsasign 5.0.10 x509 1.1.8
-1652  * @deprecated from x509 1.1.14 jsrsasign 7.2.0 please move to {@link X509#getExtAuthorityKeyIdentifier}
-1653  * @description
-1654  * This method will get authority key identifier extension value
-1655  * as JSON object.
-1656  * If there is no its extension in the certificate,
-1657  * it returns null.
-1658  * <br>
-1659  * NOTE: Currently this method only supports keyIdentifier so that
-1660  * authorityCertIssuer and authorityCertSerialNumber will not
-1661  * be return in the JSON object.
-1662  * @example
-1663  * akid = X509.getExtAuthorityKeyIdentifier(hCert);
-1664  * // returns following JSON object
-1665  * { kid: "1234abcd..." }
-1666  */
-1667 X509.getExtAuthorityKeyIdentifier = function(hCert) {
-1668     var x = new X509();
-1669     x.readCertHex(hCert);
-1670     return x.getExtAuthorityKeyIdentifier();
-1671 };
-1672 
-1673 /**
-1674  * (DEPRECATED) get extKeyUsage value as array of name string in the certificate
-1675  * @name getExtExtKeyUsageName
-1676  * @memberOf X509
-1677  * @function
-1678  * @param {String} hCert hexadecimal string of X.509 certificate binary
-1679  * @return {Object} array of extended key usage ID name or oid
-1680  * @since jsrsasign 5.0.10 x509 1.1.8
-1681  * @deprecated from x509 1.1.14 jsrsasign 7.2.0 please move to {@link X509#getExtExtKeyUsageName}
-1682  * @description
-1683  * This method will get extended key usage extension value
-1684  * as array of name or OID string.
-1685  * If there is no its extension in the certificate,
-1686  * it returns null.
-1687  * <br>
-1688  * NOTE: Supported extended key usage ID names are defined in
-1689  * name2oidList parameter in asn1x509.js file.
-1690  * @example
-1691  * eku = X509.getExtExtKeyUsageName(hCert);
-1692  * // returns following array:
-1693  * ["serverAuth", "clientAuth", "0.1.2.3.4.5"]
-1694  */
-1695 X509.getExtExtKeyUsageName = function(hCert) {
-1696     var x = new X509();
-1697     x.readCertHex(hCert);
-1698     return x.getExtExtKeyUsageName();
-1699 };
-1700 
-1701 /**
-1702  * (DEPRECATED) get subjectAltName value as array of string in the certificate
-1703  * @name getExtSubjectAltName
-1704  * @memberOf X509
-1705  * @function
-1706  * @param {String} hCert hexadecimal string of X.509 certificate binary
-1707  * @return {Object} array of alt names
-1708  * @since jsrsasign 5.0.10 x509 1.1.8
-1709  * @deprecated from x509 1.1.14 jsrsasign 7.2.0 please move to {@link X509#getExtExtSubjectAltName}
-1710  * @description
-1711  * This method will get subject alt name extension value
-1712  * as array of name.
-1713  * If there is no its extension in the certificate,
-1714  * it returns null.
-1715  * <br>
-1716  * NOTE: Currently this method supports only dNSName so that
-1717  * other name type such like iPAddress or generalName will not be returned.
-1718  * @example
-1719  * san = X509.getExtSubjectAltName(hCert);
-1720  * // returns following array:
-1721  * ["example.com", "example.org"]
-1722  */
-1723 X509.getExtSubjectAltName = function(hCert) {
-1724     var x = new X509();
-1725     x.readCertHex(hCert);
-1726     return x.getExtSubjectAltName();
-1727 };
-1728 
-1729 /**
-1730  * (DEPRECATED) get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate
-1731  * @name getExtCRLDistributionPointsURI
-1732  * @memberOf X509
-1733  * @function
-1734  * @param {String} hCert hexadecimal string of X.509 certificate binary
-1735  * @return {Object} array of fullName URIs of CDP of the certificate
-1736  * @since jsrsasign 5.0.10 x509 1.1.8
-1737  * @deprecated from x509 1.1.14 jsrsasign 7.2.0 please move to {@link X509#getExtCRLDistributionPointsURI}
-1738  * @description
-1739  * This method will get all fullName URIs of cRLDistributionPoints extension
-1740  * in the certificate as array of URI string.
-1741  * If there is no its extension in the certificate,
-1742  * it returns null.
-1743  * <br>
-1744  * NOTE: Currently this method supports only fullName URI so that
-1745  * other parameters will not be returned.
-1746  * @example
-1747  * cdpuri = X509.getExtCRLDistributionPointsURI(hCert);
-1748  * // returns following array:
-1749  * ["http://example.com/aaa.crl", "http://example.org/aaa.crl"]
-1750  */
-1751 X509.getExtCRLDistributionPointsURI = function(hCert) {
-1752     var x = new X509();
-1753     x.readCertHex(hCert);
-1754     return x.getExtCRLDistributionPointsURI();
-1755 };
-1756 
-1757 /**
-1758  * (DEPRECATED) get AuthorityInfoAccess extension value in the certificate as associative array<br/>
-1759  * @name getExtAIAInfo
-1760  * @memberOf X509
-1761  * @function
-1762  * @param {String} hCert hexadecimal string of X.509 certificate binary
-1763  * @return {Object} associative array of AIA extension properties
-1764  * @since x509 1.1.6
-1765  * @deprecated from x509 1.1.14 jsrsasign 7.2.0 please move to {@link X509#getExtAIAInfo}
-1766  * @description
-1767  * This method will get authority info access value
-1768  * as associate array which has following properties:
-1769  * <ul>
-1770  * <li>ocsp - array of string for OCSP responder URL</li>
-1771  * <li>caissuer - array of string for caIssuer value (i.e. CA certificates URL)</li>
-1772  * </ul>
-1773  * If there is no key usage extension in the certificate,
-1774  * it returns null;
-1775  * @example
-1776  * oAIA = X509.getExtAIAInfo(hCert);
-1777  * // result will be such like:
-1778  * // oAIA.ocsp = ["http://ocsp.foo.com"];
-1779  * // oAIA.caissuer = ["http://rep.foo.com/aaa.p8m"];
-1780  */
-1781 X509.getExtAIAInfo = function(hCert) {
-1782     var x = new X509();
-1783     x.readCertHex(hCert);
-1784     return x.getExtAIAInfo();
-1785 };
-1786 
-1787 /**
-1788  * (DEPRECATED) get signature algorithm name from hexadecimal certificate data
-1789  * @name getSignatureAlgorithmName
-1790  * @memberOf X509
-1791  * @function
-1792  * @param {String} hCert hexadecimal string of X.509 certificate binary
-1793  * @return {String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA)
-1794  * @since x509 1.1.7
-1795  * @deprecated since jsrsasign 7.1.16 x509 1.1.14. Please move to {@link X509#getSignatureAlgorithmName}
-1796  * @description
-1797  * This method will get signature algorithm name of certificate:
-1798  * @example
-1799  * algName = X509.getSignatureAlgorithmName(hCert);
-1800  */
-1801 X509.getSignatureAlgorithmName = function(hCert) {
-1802     var x = new X509();
-1803     x.readCertHex(hCert);
-1804     return x.getSignatureAlgorithmName();
-1805 };
-1806 
-1807 /**
-1808  * (DEPRECATED) get signature value in hexadecimal string<br/>
-1809  * @name getSignatureValueHex
-1810  * @memberOf X509
-1811  * @function
-1812  * @param {String} hCert hexadecimal string of X.509 certificate binary
-1813  * @return {String} signature value hexadecimal string without BitString unused bits
-1814  * @since x509 1.1.7
-1815  * @deprecated since jsrsasign 7.1.16 x509 1.1.14. Please move to {@link X509#getSignatureValueHex}
-1816  * @description
-1817  * This method will get signature value of certificate:
-1818  * @example
-1819  * sigHex = X509.getSignatureValueHex(hCert);
-1820  */
-1821 X509.getSignatureValueHex = function(hCert) {
-1822     var x = new X509();
-1823     x.readCertHex(hCert);
-1824     return x.getSignatureValueHex();
-1825 };
-1826 
-1827 /**
-1828  * (DEPRECATED) static method to get hexadecimal string of serialNumber field of certificate.<br/>
-1829  * @name getSerialNumberHex
-1830  * @memberOf X509
-1831  * @function
-1832  * @param {String} hCert hexadecimal string of X.509 certificate binary
-1833  * @return {String} hexadecimal string of certificate serial number
-1834  * @deprecated from x509 1.1.13 jsrsasign 7.1.4. please use {@link X509#getSerialNumberHex}
-1835  * @example
-1836  * sn = X509.getSerialNumberHex("3082...");
-1837  */
-1838 X509.getSerialNumberHex = function(hCert) {
-1839     var x = new X509();
-1840     x.readCertHex(hCert);
-1841     return x.getSerialNumberHex();
-1842 };
-1843 
-1844 /**
-1845  * (DEPRECATED) verifies signature value by public key<br/>
-1846  * @name verifySignature
-1847  * @memberOf X509
-1848  * @function
-1849  * @param {String} hCert hexadecimal string of X.509 certificate binary
-1850  * @param {Object} pubKey public key object
-1851  * @return {Boolean} true if signature value is valid otherwise false
-1852  * @since jsrsasign 7.1.1 x509 1.1.12
-1853  * @deprecated from x509 1.1.14 jsrsasign 7.2.0. please use {@link X509#verifySignature}
-1854  * @description
-1855  * This method verifies signature value of hexadecimal string of 
-1856  * X.509 certificate by specified public key object.
-1857  * @example
-1858  * pubKey = KEYUTIL.getKey(pemPublicKey); // or certificate
-1859  * hCert = ASN1HEX.pemToHex(pemCert);
-1860  * isValid = X509.verifySignature(hCert, pubKey);
-1861  */
-1862 X509.verifySignature = function(hCert, pubKey) {
-1863     var x = new X509();
-1864     x.readCertHex(hCert);
-1865     return x.verifySignature(pubKey);
-1866 };
-1867 
\ No newline at end of file +1201
var aIdx = ASN1HEX.getChildIdx(hex, idx); +1202 for (var i = 0; i < aIdx.length; i++) { +1203 a.push(X509.hex2attrTypeValue(hex, aIdx[i])); +1204 } +1205 +1206 a = a.map(function(s) { return s.replace("+", "\\+"); }); +1207 return a.join("+"); +1208 }; +1209 +1210 /** +1211 * get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue<br/> +1212 * @name hex2attrTypeValue +1213 * @memberOf X509 +1214 * @function +1215 * @param {String} hex hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue +1216 * @param {Integer} idx index of hexadecimal string (DEFAULT=0) +1217 * @return {String} string representation of AttributeTypeAndValue (ex. C=US) +1218 * @description +1219 * This static method converts from a hexadecimal string of AttributeTypeAndValue +1220 * specified by 'hex' and 'idx' to LDAP string representation (ex. C=US). +1221 * @example +1222 * X509.hex2attrTypeValue("3008060355040a0c0161") → O=a +1223 * X509.hex2attrTypeValue("300806035504060c0161") → C=a +1224 * X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a +1225 */ +1226 X509.hex2attrTypeValue = function(hex, idx) { +1227 var _ASN1HEX = ASN1HEX; +1228 var _getV = _ASN1HEX.getV; +1229 +1230 if (idx === undefined) idx = 0; +1231 if (hex.substr(idx, 2) !== "30") throw "malformed attribute type and value"; +1232 +1233 var aIdx = _ASN1HEX.getChildIdx(hex, idx); +1234 if (aIdx.length !== 2 || hex.substr(aIdx[0], 2) !== "06") +1235 "malformed attribute type and value"; +1236 +1237 var oidHex = _getV(hex, aIdx[0]); +1238 var oidInt = KJUR.asn1.ASN1Util.oidHexToInt(oidHex); +1239 var atype = KJUR.asn1.x509.OID.oid2atype(oidInt); +1240 +1241 var hV = _getV(hex, aIdx[1]); +1242 var rawV = hextorstr(hV); +1243 +1244 return atype + "=" + rawV; +1245 }; +1246 +1247 /** +1248 * get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string<br/> +1249 * @name getPublicKeyFromCertHex +1250 * @memberOf X509 +1251 * @function +1252 * @param {String} h hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key +1253 * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key +1254 * @since jsrasign 7.1.0 x509 1.1.11 +1255 */ +1256 X509.getPublicKeyFromCertHex = function(h) { +1257 var x = new X509(); +1258 x.readCertHex(h); +1259 return x.getPublicKey(); +1260 }; +1261 +1262 /** +1263 * get RSA/DSA/ECDSA public key object from PEM certificate string +1264 * @name getPublicKeyFromCertPEM +1265 * @memberOf X509 +1266 * @function +1267 * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate +1268 * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key +1269 * @since x509 1.1.1 +1270 * @description +1271 * NOTE: DSA is also supported since x509 1.1.2. +1272 */ +1273 X509.getPublicKeyFromCertPEM = function(sCertPEM) { +1274 var x = new X509(); +1275 x.readCertPEM(sCertPEM); +1276 return x.getPublicKey(); +1277 }; +1278 +1279 /** +1280 * get public key information from PEM certificate +1281 * @name getPublicKeyInfoPropOfCertPEM +1282 * @memberOf X509 +1283 * @function +1284 * @param {String} sCertPEM string of PEM formatted certificate +1285 * @return {Hash} hash of information for public key +1286 * @since x509 1.1.1 +1287 * @description +1288 * Resulted associative array has following properties:<br/> +1289 * <ul> +1290 * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li> +1291 * <li>algparam - hexadecimal string of OID of ECC curve name or null</li> +1292 * <li>keyhex - hexadecimal string of key in the certificate</li> +1293 * </ul> +1294 * NOTE: X509v1 certificate is also supported since x509.js 1.1.9. +1295 */ +1296 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) { +1297 var _ASN1HEX = ASN1HEX; +1298 var _getVbyList = _ASN1HEX.getVbyList; +1299 +1300 var result = {}; +1301 var x, hSPKI, pubkey; +1302 result.algparam = null; +1303 +1304 x = new X509(); +1305 x.readCertPEM(sCertPEM); +1306 +1307 hSPKI = x.getPublicKeyHex(); +1308 result.keyhex = _getVbyList(hSPKI, 0, [1], "03").substr(2); +1309 result.algoid = _getVbyList(hSPKI, 0, [0, 0], "06"); +1310 +1311 if (result.algoid === "2a8648ce3d0201") { // ecPublicKey +1312 result.algparam = _getVbyList(hSPKI, 0, [0, 1], "06"); +1313 }; +1314 +1315 return result; +1316 }; +1317 +1318 /** +1319 * (DEPRECATED) static method to get position of subjectPublicKeyInfo field from HEX certificate +1320 * @name getPublicKeyInfoPosOfCertHEX +1321 * @memberOf X509 +1322 * @function +1323 * @param {String} hCert hexadecimal string of certificate +1324 * @return {Integer} position in hexadecimal string +1325 * @since x509 1.1.4 +1326 * @deprecated from jsrsasign 7.1.14 x509 1.1.13 +1327 * @description +1328 * get position for SubjectPublicKeyInfo field in the hexadecimal string of +1329 * certificate. +1330 */ +1331 X509.getPublicKeyInfoPosOfCertHEX = function(hCert) { +1332 var x = new X509(); +1333 x.readCertHex(hCert); +1334 return x.getPublicKeyIdx(); +1335 }; +1336 +1337 /** +1338 * (DEPRECATED) get array of X.509 V3 extension value information in hex string of certificate<br/> +1339 * @name getV3ExtInfoListOfCertHex +1340 * @memberOf X509 +1341 * @function +1342 * @param {String} hCert hexadecimal string of X.509 certificate binary +1343 * @return {Array} array of result object by {@link X509.getV3ExtInfoListOfCertHex} +1344 * @since x509 1.1.5 +1345 * @deprecated from x509 1.1.14 jsrsasign 7.2.0 +1346 * @description +1347 * This method will get all extension information of a X.509 certificate. +1348 * Items of resulting array has following properties: +1349 * <ul> +1350 * <li>posTLV - index of ASN.1 TLV for the extension. same as 'pos' argument.</li> +1351 * <li>oid - dot noted string of extension oid (ex. 2.5.29.14)</li> +1352 * <li>critical - critical flag value for this extension</li> +1353 * <li>posV - index of ASN.1 TLV for the extension value. +1354 * This is a position of a content of ENCAPSULATED OCTET STRING.</li> +1355 * </ul> +1356 * @example +1357 * hCert = pemtohex(certGithubPEM); +1358 * a = X509.getV3ExtInfoListOfCertHex(hCert); +1359 * // Then a will be an array of like following: +1360 * [{posTLV: 1952, oid: "2.5.29.35", critical: false, posV: 1968}, +1361 * {posTLV: 1974, oid: "2.5.29.19", critical: true, posV: 1986}, ...] +1362 */ +1363 X509.getV3ExtInfoListOfCertHex = function(hCert) { +1364 var _ASN1HEX = ASN1HEX; +1365 +1366 // 1. find index for SEQUENCE in v3 extension field ("[3]") +1367 var extSeqIdx = _ASN1HEX.getIdxbyList(hCert, 0, [0, 7, 0], "30"); +1368 var a4 = _ASN1HEX.getChildIdx(hCert, extSeqIdx); +1369 +1370 // 2. v3Extension item position +1371 var numExt = a4.length; +1372 var aInfo = new Array(numExt); +1373 for (var i = 0; i < numExt; i++) { +1374 aInfo[i] = X509.getV3ExtItemInfo_AtObj(hCert, a4[i]); +1375 } +1376 return aInfo; +1377 }; +1378 +1379 /** +1380 * (DEPRECATED) get X.509 V3 extension value information at the specified position<br/> +1381 * @name getV3ExtItemInfo_AtObj +1382 * @memberOf X509 +1383 * @function +1384 * @param {String} hCert hexadecimal string of X.509 certificate binary +1385 * @param {Integer} pos index of hexadecimal string for the extension +1386 * @return {Object} properties for the extension +1387 * @since x509 1.1.5 +1388 * @deprecated from x509 1.1.14 jsrsasign 7.2.0 +1389 * @description +1390 * This method will get some information of a X.509 V extension +1391 * which is referred by an index of hexadecimal string of X.509 +1392 * certificate. +1393 * Resulting object has following properties: +1394 * <ul> +1395 * <li>posTLV - index of ASN.1 TLV for the extension. same as 'pos' argument.</li> +1396 * <li>oid - dot noted string of extension oid (ex. 2.5.29.14)</li> +1397 * <li>critical - critical flag value for this extension</li> +1398 * <li>posV - index of ASN.1 TLV for the extension value. +1399 * This is a position of a content of ENCAPSULATED OCTET STRING.</li> +1400 * </ul> +1401 * This method is used by {@link X509.getV3ExtInfoListOfCertHex} internally. +1402 */ +1403 X509.getV3ExtItemInfo_AtObj = function(hCert, pos) { +1404 var _ASN1HEX = ASN1HEX; +1405 var info = {}; +1406 +1407 // posTLV - extension TLV +1408 info.posTLV = pos; +1409 +1410 var a = _ASN1HEX.getChildIdx(hCert, pos); +1411 if (a.length != 2 && a.length != 3) +1412 throw "malformed X.509v3 Ext (code:001)"; // oid,(critical,)val +1413 +1414 // oid - extension OID +1415 if (hCert.substr(a[0], 2) != "06") +1416 throw "malformed X.509v3 Ext (code:002)"; // not OID "06" +1417 var valueHex = _ASN1HEX.getV(hCert, a[0]); +1418 info.oid = _ASN1HEX.hextooidstr(valueHex); +1419 +1420 // critical - extension critical flag +1421 info.critical = false; // critical false by default +1422 if (a.length == 3) info.critical = true; +1423 +1424 // posV - content TLV position of encapsulated +1425 // octet string of V3 extension value. +1426 var posExtV = a[a.length - 1]; +1427 if (hCert.substr(posExtV, 2) != "04") +1428 throw "malformed X.509v3 Ext (code:003)"; // not EncapOctet "04" +1429 info.posV = _ASN1HEX.getVidx(hCert, posExtV); +1430 +1431 return info; +1432 }; +1433 +1434 /** +1435 * (DEPRECATED) get X.509 V3 extension value ASN.1 TLV for specified oid or name +1436 * @name getHexOfTLV_V3ExtValue +1437 * @memberOf X509 +1438 * @function +1439 * @param {String} hCert hexadecimal string of X.509 certificate binary +1440 * @param {String} oidOrName oid or name for extension (ex. 'keyUsage' or '2.5.29.15') +1441 * @return {String} hexadecimal string of extension ASN.1 TLV +1442 * @since x509 1.1.6 +1443 * @deprecated from x509 1.1.14 jsrsasign 7.2.0 +1444 * @description +1445 * This method will get X.509v3 extension value of ASN.1 TLV +1446 * which is specifyed by extension name or oid. +1447 * If there is no such extension in the certificate, it returns null. +1448 * @example +1449 * hExtValue = X509.getHexOfTLV_V3ExtValue(hCert, "keyUsage"); +1450 * // hExtValue will be such like '030205a0'. +1451 */ +1452 X509.getHexOfTLV_V3ExtValue = function(hCert, oidOrName) { +1453 var idx = X509.getPosOfTLV_V3ExtValue(hCert, oidOrName); +1454 if (idx == -1) return null; +1455 return ASN1HEX.getTLV(hCert, idx); +1456 }; +1457 +1458 /** +1459 * (DEPRECATED) get X.509 V3 extension value ASN.1 V for specified oid or name +1460 * @name getHexOfV_V3ExtValue +1461 * @memberOf X509 +1462 * @function +1463 * @param {String} hCert hexadecimal string of X.509 certificate binary +1464 * @param {String} oidOrName oid or name for extension (ex. 'keyUsage' or '2.5.29.15') +1465 * @return {String} hexadecimal string of extension ASN.1 TLV +1466 * @since x509 1.1.6 +1467 * @deprecated from x509 1.1.14 jsrsasign 7.2.0 +1468 * @description +1469 * This method will get X.509v3 extension value of ASN.1 value +1470 * which is specifyed by extension name or oid. +1471 * If there is no such extension in the certificate, it returns null. +1472 * Available extension names and oids are defined +1473 * in the {@link KJUR.asn1.x509.OID} class. +1474 * @example +1475 * hExtValue = X509.getHexOfV_V3ExtValue(hCert, "keyUsage"); +1476 * // hExtValue will be such like '05a0'. +1477 */ +1478 X509.getHexOfV_V3ExtValue = function(hCert, oidOrName) { +1479 var idx = X509.getPosOfTLV_V3ExtValue(hCert, oidOrName); +1480 if (idx == -1) return null; +1481 return ASN1HEX.getV(hCert, idx); +1482 }; +1483 +1484 /** +1485 * (DEPRECATED) get index in the certificate hexa string for specified oid or name specified extension +1486 * @name getPosOfTLV_V3ExtValue +1487 * @memberOf X509 +1488 * @function +1489 * @param {String} hCert hexadecimal string of X.509 certificate binary +1490 * @param {String} oidOrName oid or name for extension (ex. 'keyUsage' or '2.5.29.15') +1491 * @return {Integer} index in the hexadecimal string of certficate for specified extension +1492 * @since x509 1.1.6 +1493 * @deprecated from x509 1.1.14 jsrsasign 7.2.0 +1494 * @description +1495 * This method will get X.509v3 extension value of ASN.1 V(value) +1496 * which is specifyed by extension name or oid. +1497 * If there is no such extension in the certificate, +1498 * it returns -1. +1499 * Available extension names and oids are defined +1500 * in the {@link KJUR.asn1.x509.OID} class. +1501 * @example +1502 * idx = X509.getPosOfV_V3ExtValue(hCert, "keyUsage"); +1503 * // The 'idx' will be index in the string for keyUsage value ASN.1 TLV. +1504 */ +1505 X509.getPosOfTLV_V3ExtValue = function(hCert, oidOrName) { +1506 var oid = oidOrName; +1507 if (! oidOrName.match(/^[0-9.]+$/)) { +1508 oid = KJUR.asn1.x509.OID.name2oid(oidOrName); +1509 } +1510 if (oid == '') return -1; +1511 +1512 var infoList = X509.getV3ExtInfoListOfCertHex(hCert); +1513 for (var i = 0; i < infoList.length; i++) { +1514 var info = infoList[i]; +1515 if (info.oid == oid) return info.posV; +1516 } +1517 return -1; +1518 }; +1519 +1520 /* ====================================================================== +1521 * Specific V3 Extensions +1522 * ====================================================================== */ +1523 +1524 /** +1525 * (DEPRECATED) get BasicConstraints extension value as object in the certificate<br/> +1526 * @name getExtBasicConstraints +1527 * @memberOf X509 +1528 * @function +1529 * @param {String} hCert hexadecimal string of X.509 certificate binary +1530 * @return {Object} associative array which may have "cA" and "pathLen" parameters +1531 * @since x509 1.1.7 +1532 * @deprecated from x509 1.1.14 jsrsasign 7.2.0 please move to {@link X509#getExtBasicConstraints} +1533 * @description +1534 * This method will get basic constraints extension value as object with following paramters. +1535 * <ul> +1536 * <li>cA - CA flag whether CA or not</li> +1537 * <li>pathLen - maximum intermediate certificate length</li> +1538 * </ul> +1539 * There are use cases for return values: +1540 * <ul> +1541 * <li>{cA:true, pathLen:3} - cA flag is true and pathLen is 3</li> +1542 * <li>{cA:true} - cA flag is true and no pathLen</li> +1543 * <li>{} - basic constraints has no value in case of end entity certificate</li> +1544 * <li>null - there is no basic constraints extension</li> +1545 * </ul> +1546 * @example +1547 * obj = X509.getExtBasicConstraints(hCert); +1548 */ +1549 X509.getExtBasicConstraints = function(hCert) { +1550 var x = new X509(); +1551 x.readCertHex(hCert); +1552 return x.getExtBasicConstraints(); +1553 }; +1554 +1555 X509.KEYUSAGE_NAME = [ +1556 "digitalSignature", +1557 "nonRepudiation", +1558 "keyEncipherment", +1559 "dataEncipherment", +1560 "keyAgreement", +1561 "keyCertSign", +1562 "cRLSign", +1563 "encipherOnly", +1564 "decipherOnly" +1565 ]; +1566 +1567 /** +1568 * (DEPRECATED) get KeyUsage extension value as binary string in the certificate<br/> +1569 * @name getExtKeyUsageBin +1570 * @memberOf X509 +1571 * @function +1572 * @param {String} hCert hexadecimal string of X.509 certificate binary +1573 * @return {String} binary string of key usage bits (ex. '101') +1574 * @since x509 1.1.6 +1575 * @deprecated from x509 1.1.14 jsrsasign 7.2.0 please move to {@link X509#getExtKeyUsageBin} +1576 * @description +1577 * This method will get key usage extension value +1578 * as binary string such like '101'. +1579 * Key usage bits definition is in the RFC 5280. +1580 * If there is no key usage extension in the certificate, +1581 * it returns empty string (i.e. ''). +1582 * @example +1583 * bKeyUsage = X509.getExtKeyUsageBin(hCert); +1584 * // bKeyUsage will be such like '101'. +1585 * // 1 - digitalSignature +1586 * // 0 - nonRepudiation +1587 * // 1 - keyEncipherment +1588 */ +1589 X509.getExtKeyUsageBin = function(hCert) { +1590 var x = new X509(); +1591 x.readCertHex(hCert); +1592 return x.getExtKeyUsageBin(); +1593 }; +1594 +1595 /** +1596 * (DEPRECATED) get KeyUsage extension value as names in the certificate<br/> +1597 * @name getExtKeyUsageString +1598 * @memberOf X509 +1599 * @function +1600 * @param {String} hCert hexadecimal string of X.509 certificate binary +1601 * @return {String} comma separated string of key usage +1602 * @since x509 1.1.6 +1603 * @deprecated from x509 1.1.14 jsrsasign 7.2.0 please move to {@link X509#getExtKeyUsageString} +1604 * @description +1605 * This method will get key usage extension value +1606 * as comma separated string of usage names. +1607 * If there is no key usage extension in the certificate, +1608 * it returns empty string (i.e. ''). +1609 * @example +1610 * sKeyUsage = X509.getExtKeyUsageString(hCert); +1611 * // sKeyUsage will be such like 'digitalSignature,keyEncipherment'. +1612 */ +1613 X509.getExtKeyUsageString = function(hCert) { +1614 var x = new X509(); +1615 x.readCertHex(hCert); +1616 return x.getExtKeyUsageString(); +1617 }; +1618 +1619 /** +1620 * (DEPRECATED) get subjectKeyIdentifier value as hexadecimal string in the certificate<br/> +1621 * @name getExtSubjectKeyIdentifier +1622 * @memberOf X509 +1623 * @function +1624 * @param {String} hCert hexadecimal string of X.509 certificate binary +1625 * @return {String} hexadecimal string of subject key identifier or null +1626 * @since jsrsasign 5.0.10 x509 1.1.8 +1627 * @deprecated from x509 1.1.14 jsrsasign 7.2.0 please move to {@link X509#getExtSubjectKeyIdentifier} +1628 * @description +1629 * This method will get subject key identifier extension value +1630 * as hexadecimal string. +1631 * If there is no its extension in the certificate, +1632 * it returns null. +1633 * @example +1634 * skid = X509.getExtSubjectKeyIdentifier(hCert); +1635 */ +1636 X509.getExtSubjectKeyIdentifier = function(hCert) { +1637 var x = new X509(); +1638 x.readCertHex(hCert); +1639 return x.getExtSubjectKeyIdentifier(); +1640 }; +1641 +1642 /** +1643 * (DEPRECATED) get authorityKeyIdentifier value as JSON object in the certificate<br/> +1644 * @name getExtAuthorityKeyIdentifier +1645 * @memberOf X509 +1646 * @function +1647 * @param {String} hCert hexadecimal string of X.509 certificate binary +1648 * @return {Object} JSON object of authority key identifier or null +1649 * @since jsrsasign 5.0.10 x509 1.1.8 +1650 * @deprecated from x509 1.1.14 jsrsasign 7.2.0 please move to {@link X509#getExtAuthorityKeyIdentifier} +1651 * @description +1652 * This method will get authority key identifier extension value +1653 * as JSON object. +1654 * If there is no its extension in the certificate, +1655 * it returns null. +1656 * <br> +1657 * NOTE: Currently this method only supports keyIdentifier so that +1658 * authorityCertIssuer and authorityCertSerialNumber will not +1659 * be return in the JSON object. +1660 * @example +1661 * akid = X509.getExtAuthorityKeyIdentifier(hCert); +1662 * // returns following JSON object +1663 * { kid: "1234abcd..." } +1664 */ +1665 X509.getExtAuthorityKeyIdentifier = function(hCert) { +1666 var x = new X509(); +1667 x.readCertHex(hCert); +1668 return x.getExtAuthorityKeyIdentifier(); +1669 }; +1670 +1671 /** +1672 * (DEPRECATED) get extKeyUsage value as array of name string in the certificate +1673 * @name getExtExtKeyUsageName +1674 * @memberOf X509 +1675 * @function +1676 * @param {String} hCert hexadecimal string of X.509 certificate binary +1677 * @return {Object} array of extended key usage ID name or oid +1678 * @since jsrsasign 5.0.10 x509 1.1.8 +1679 * @deprecated from x509 1.1.14 jsrsasign 7.2.0 please move to {@link X509#getExtExtKeyUsageName} +1680 * @description +1681 * This method will get extended key usage extension value +1682 * as array of name or OID string. +1683 * If there is no its extension in the certificate, +1684 * it returns null. +1685 * <br> +1686 * NOTE: Supported extended key usage ID names are defined in +1687 * name2oidList parameter in asn1x509.js file. +1688 * @example +1689 * eku = X509.getExtExtKeyUsageName(hCert); +1690 * // returns following array: +1691 * ["serverAuth", "clientAuth", "0.1.2.3.4.5"] +1692 */ +1693 X509.getExtExtKeyUsageName = function(hCert) { +1694 var x = new X509(); +1695 x.readCertHex(hCert); +1696 return x.getExtExtKeyUsageName(); +1697 }; +1698 +1699 /** +1700 * (DEPRECATED) get subjectAltName value as array of string in the certificate +1701 * @name getExtSubjectAltName +1702 * @memberOf X509 +1703 * @function +1704 * @param {String} hCert hexadecimal string of X.509 certificate binary +1705 * @return {Object} array of alt names +1706 * @since jsrsasign 5.0.10 x509 1.1.8 +1707 * @deprecated from x509 1.1.14 jsrsasign 7.2.0 please move to {@link X509#getExtExtSubjectAltName} +1708 * @description +1709 * This method will get subject alt name extension value +1710 * as array of name. +1711 * If there is no its extension in the certificate, +1712 * it returns null. +1713 * <br> +1714 * NOTE: Currently this method supports only dNSName so that +1715 * other name type such like iPAddress or generalName will not be returned. +1716 * @example +1717 * san = X509.getExtSubjectAltName(hCert); +1718 * // returns following array: +1719 * ["example.com", "example.org"] +1720 */ +1721 X509.getExtSubjectAltName = function(hCert) { +1722 var x = new X509(); +1723 x.readCertHex(hCert); +1724 return x.getExtSubjectAltName(); +1725 }; +1726 +1727 /** +1728 * (DEPRECATED) get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate +1729 * @name getExtCRLDistributionPointsURI +1730 * @memberOf X509 +1731 * @function +1732 * @param {String} hCert hexadecimal string of X.509 certificate binary +1733 * @return {Object} array of fullName URIs of CDP of the certificate +1734 * @since jsrsasign 5.0.10 x509 1.1.8 +1735 * @deprecated from x509 1.1.14 jsrsasign 7.2.0 please move to {@link X509#getExtCRLDistributionPointsURI} +1736 * @description +1737 * This method will get all fullName URIs of cRLDistributionPoints extension +1738 * in the certificate as array of URI string. +1739 * If there is no its extension in the certificate, +1740 * it returns null. +1741 * <br> +1742 * NOTE: Currently this method supports only fullName URI so that +1743 * other parameters will not be returned. +1744 * @example +1745 * cdpuri = X509.getExtCRLDistributionPointsURI(hCert); +1746 * // returns following array: +1747 * ["http://example.com/aaa.crl", "http://example.org/aaa.crl"] +1748 */ +1749 X509.getExtCRLDistributionPointsURI = function(hCert) { +1750 var x = new X509(); +1751 x.readCertHex(hCert); +1752 return x.getExtCRLDistributionPointsURI(); +1753 }; +1754 +1755 /** +1756 * (DEPRECATED) get AuthorityInfoAccess extension value in the certificate as associative array<br/> +1757 * @name getExtAIAInfo +1758 * @memberOf X509 +1759 * @function +1760 * @param {String} hCert hexadecimal string of X.509 certificate binary +1761 * @return {Object} associative array of AIA extension properties +1762 * @since x509 1.1.6 +1763 * @deprecated from x509 1.1.14 jsrsasign 7.2.0 please move to {@link X509#getExtAIAInfo} +1764 * @description +1765 * This method will get authority info access value +1766 * as associate array which has following properties: +1767 * <ul> +1768 * <li>ocsp - array of string for OCSP responder URL</li> +1769 * <li>caissuer - array of string for caIssuer value (i.e. CA certificates URL)</li> +1770 * </ul> +1771 * If there is no key usage extension in the certificate, +1772 * it returns null; +1773 * @example +1774 * oAIA = X509.getExtAIAInfo(hCert); +1775 * // result will be such like: +1776 * // oAIA.ocsp = ["http://ocsp.foo.com"]; +1777 * // oAIA.caissuer = ["http://rep.foo.com/aaa.p8m"]; +1778 */ +1779 X509.getExtAIAInfo = function(hCert) { +1780 var x = new X509(); +1781 x.readCertHex(hCert); +1782 return x.getExtAIAInfo(); +1783 }; +1784 +1785 /** +1786 * (DEPRECATED) get signature algorithm name from hexadecimal certificate data +1787 * @name getSignatureAlgorithmName +1788 * @memberOf X509 +1789 * @function +1790 * @param {String} hCert hexadecimal string of X.509 certificate binary +1791 * @return {String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA) +1792 * @since x509 1.1.7 +1793 * @deprecated since jsrsasign 7.1.16 x509 1.1.14. Please move to {@link X509#getSignatureAlgorithmName} +1794 * @description +1795 * This method will get signature algorithm name of certificate: +1796 * @example +1797 * algName = X509.getSignatureAlgorithmName(hCert); +1798 */ +1799 X509.getSignatureAlgorithmName = function(hCert) { +1800 var x = new X509(); +1801 x.readCertHex(hCert); +1802 return x.getSignatureAlgorithmName(); +1803 }; +1804 +1805 /** +1806 * (DEPRECATED) get signature value in hexadecimal string<br/> +1807 * @name getSignatureValueHex +1808 * @memberOf X509 +1809 * @function +1810 * @param {String} hCert hexadecimal string of X.509 certificate binary +1811 * @return {String} signature value hexadecimal string without BitString unused bits +1812 * @since x509 1.1.7 +1813 * @deprecated since jsrsasign 7.1.16 x509 1.1.14. Please move to {@link X509#getSignatureValueHex} +1814 * @description +1815 * This method will get signature value of certificate: +1816 * @example +1817 * sigHex = X509.getSignatureValueHex(hCert); +1818 */ +1819 X509.getSignatureValueHex = function(hCert) { +1820 var x = new X509(); +1821 x.readCertHex(hCert); +1822 return x.getSignatureValueHex(); +1823 }; +1824 +1825 /** +1826 * (DEPRECATED) static method to get hexadecimal string of serialNumber field of certificate.<br/> +1827 * @name getSerialNumberHex +1828 * @memberOf X509 +1829 * @function +1830 * @param {String} hCert hexadecimal string of X.509 certificate binary +1831 * @return {String} hexadecimal string of certificate serial number +1832 * @deprecated from x509 1.1.13 jsrsasign 7.1.4. please use {@link X509#getSerialNumberHex} +1833 * @example +1834 * sn = X509.getSerialNumberHex("3082..."); +1835 */ +1836 X509.getSerialNumberHex = function(hCert) { +1837 var x = new X509(); +1838 x.readCertHex(hCert); +1839 return x.getSerialNumberHex(); +1840 }; +1841 +1842 /** +1843 * (DEPRECATED) verifies signature value by public key<br/> +1844 * @name verifySignature +1845 * @memberOf X509 +1846 * @function +1847 * @param {String} hCert hexadecimal string of X.509 certificate binary +1848 * @param {Object} pubKey public key object +1849 * @return {Boolean} true if signature value is valid otherwise false +1850 * @since jsrsasign 7.1.1 x509 1.1.12 +1851 * @deprecated from x509 1.1.14 jsrsasign 7.2.0. please use {@link X509#verifySignature} +1852 * @description +1853 * This method verifies signature value of hexadecimal string of +1854 * X.509 certificate by specified public key object. +1855 * @example +1856 * pubKey = KEYUTIL.getKey(pemPublicKey); // or certificate +1857 * hCert = pemtohex(pemCert); +1858 * isValid = X509.verifySignature(hCert, pubKey); +1859 */ +1860 X509.verifySignature = function(hCert, pubKey) { +1861 var x = new X509(); +1862 x.readCertHex(hCert); +1863 return x.verifySignature(pubKey); +1864 }; +1865
\ No newline at end of file diff --git a/bower.json b/bower.json index 67a94d57..9a18c7ec 100644 --- a/bower.json +++ b/bower.json @@ -1,6 +1,6 @@ { "name": "kjur-jsrsasign", - "version": "7.2.0", + "version": "7.2.1", "main": "jsrsasign-all-min.js", "description": "The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES, JWS and JWT in pure JavaScript.", "license": "MIT", diff --git a/jsrsasign-all-min.js b/jsrsasign-all-min.js index dceae8a4..ccd88d2b 100644 --- a/jsrsasign-all-min.js +++ b/jsrsasign-all-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(all) 7.2.0 (2017-05-21) (c) 2010-2017 Kenji Urushima | kjur.github.com/jsrsasign/license + * jsrsasign(all) 7.2.1 (2017-06-04) (c) 2010-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* @@ -227,63 +227,23 @@ ECFieldElementFp.prototype.getByteLength=function(){return Math.floor((this.toBi /*! Mike Samuel (c) 2009 | code.google.com/p/json-sans-eval */ var jsonParse=(function(){var e="(?:-?\\b(?:0|[1-9][0-9]*)(?:\\.[0-9]+)?(?:[eE][+-]?[0-9]+)?\\b)";var j='(?:[^\\0-\\x08\\x0a-\\x1f"\\\\]|\\\\(?:["/\\\\bfnrt]|u[0-9A-Fa-f]{4}))';var i='(?:"'+j+'*")';var d=new RegExp("(?:false|true|null|[\\{\\}\\[\\]]|"+e+"|"+i+")","g");var k=new RegExp("\\\\(?:([^u])|u(.{4}))","g");var g={'"':'"',"/":"/","\\":"\\",b:"\b",f:"\f",n:"\n",r:"\r",t:"\t"};function h(l,m,n){return m?g[m]:String.fromCharCode(parseInt(n,16))}var c=new String("");var a="\\";var f={"{":Object,"[":Array};var b=Object.hasOwnProperty;return function(u,q){var p=u.match(d);var x;var v=p[0];var l=false;if("{"===v){x={}}else{if("["===v){x=[]}else{x=[];l=true}}var t;var r=[x];for(var o=1-l,m=p.length;o=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); -/*! asn1-1.0.12.js (c) 2013-2016 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw"ASN.1 length too long to represent by 8x: n = "+i.toString(16)}var f=128+g;return f.toString(16)+h}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(this.s)};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(f){utc=f.getTime()+(f.getTimezoneOffset()*60000);var e=new Date(utc);return e};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";this.hTLV="0101ff"};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=(l*2))){break}if(d>=200){break}g.push(b);c=b;d++}return g};ASN1HEX.getPosArrayOfChildren_AtObj=ASN1HEX.getChildIdx;ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getNthChildIndex_AtObj=ASN1HEX.getNthChildIdx;ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){throw"checking tag doesn't match: "+e.substr(d,2)+"!="+i}}return d}f=c.shift();b=g.getChildIdx(e,d);return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getDecendantIndexByNthList=ASN1HEX.getIdxbyList;ASN1HEX.getTLVbyList=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyList(d,c,b);if(a===undefined){throw"can't find nthList object"}if(f!==undefined){if(d.substr(a,2)!=f){throw"checking tag doesn't match: "+d.substr(a,2)+"!="+f}}return e.getTLV(d,a)};ASN1HEX.getDecendantHexTLVByNthList=ASN1HEX.getTLVbyList;ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a===undefined){throw"can't find nthList object"}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getDecendantHexVByNthList=ASN1HEX.getVbyList;ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;if(e.substr(l,2)=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(e.substr(l,2)=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(e.substr(l,2)=="03"){var h=j(e,l);return g+"BITSTRING "+q(h,x)+"\n"}if(e.substr(l,2)=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(e.substr(l,2)=="05"){return g+"NULL\n"}if(e.substr(l,2)=="06"){var m=j(e,l);var a=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(a);var b=a.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+b+")\n"}else{return g+"ObjectIdentifier ("+b+")\n"}}if(e.substr(l,2)=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(e.substr(l,2)=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(e.substr(l,2)=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension.appendByNameToArray=function(e,c,b){if(e.toLowerCase()=="basicconstraints"){var d=new KJUR.asn1.x509.BasicConstraints(c);b.push(d)}else{if(e.toLowerCase()=="keyusage"){var d=new KJUR.asn1.x509.KeyUsage(c);b.push(d)}else{if(e.toLowerCase()=="crldistributionpoints"){var d=new KJUR.asn1.x509.CRLDistributionPoints(c);b.push(d)}else{if(e.toLowerCase()=="extkeyusage"){var d=new KJUR.asn1.x509.ExtKeyUsage(c);b.push(d)}else{if(e.toLowerCase()=="authoritykeyidentifier"){var d=new KJUR.asn1.x509.AuthorityKeyIdentifier(c);b.push(d)}else{if(e.toLowerCase()=="authorityinfoaccess"){var d=new KJUR.asn1.x509.AuthorityInfoAccess(c);b.push(d)}else{if(e.toLowerCase()=="subjectaltname"){var d=new KJUR.asn1.x509.SubjectAltName(c);b.push(d)}else{if(e.toLowerCase()=="issueraltname"){var d=new KJUR.asn1.x509.IssuerAltName(c);b.push(d)}else{throw"unsupported extension name: "+e}}}}}}}}};KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(b){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(c){var d=c.split("/");d.shift();for(var e=0;e0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.RDN=function(a){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=new Array();this.addByString=function(b){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:b}))};this.addByMultiValuedString=function(d){var b=KJUR.asn1.x509.RDN.parseString(d);for(var c=0;c0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(b){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);var d=null;var c=null;var a="utf8";this.setByString=function(f){var e=f.match(/^([^=]+)=(.+)$/);if(e){this.setByAttrTypeAndValueStr(e[1],e[2])}else{throw"malformed attrTypeAndValueStr: "+f}};this.setByAttrTypeAndValueStr=function(g,f){this.typeObj=KJUR.asn1.x509.OID.atype2obj(g);var e=a;if(g=="C"){e="prn"}this.valueObj=this.getValueObj(e,f)};this.getValueObj=function(f,e){if(f=="utf8"){return new KJUR.asn1.DERUTF8String({str:e})}if(f=="prn"){return new KJUR.asn1.DERPrintableString({str:e})}if(f=="tel"){return new KJUR.asn1.DERTeletexString({str:e})}if(f=="ia5"){return new KJUR.asn1.DERIA5String({str:e})}throw"unsupported directory string type: type="+f+" value="+e};this.getEncodedHex=function(){var e=new KJUR.asn1.DERSequence({array:[this.typeObj,this.valueObj]});this.TLV=e.getEncodedHex();return this.TLV};if(typeof b!="undefined"){if(typeof b.str!="undefined"){this.setByString(b.str)}}};YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(d){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var b=null;var c=null;var a=null;this.setRSAKey=function(e){if(!RSAKey.prototype.isPrototypeOf(e)){throw"argument is not RSAKey instance"}this.rsaKey=e;var g=new KJUR.asn1.DERInteger({bigint:e.n});var f=new KJUR.asn1.DERInteger({"int":e.e});var i=new KJUR.asn1.DERSequence({array:[g,f]});var h=i.getEncodedHex();this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"rsaEncryption"});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+h})};this.setRSAPEM=function(g){if(g.match(/-----BEGIN PUBLIC KEY-----/)){var n=g;n=n.replace(/^-----[^-]+-----/,"");n=n.replace(/-----[^-]+-----\s*$/,"");var m=n.replace(/\s+/g,"");var f=CryptoJS.enc.Base64.parse(m);var i=CryptoJS.enc.Hex.stringify(f);var k=RSAKey.getHexValueArrayOfChildrenFromHex(i);var h=k[1];var l=h.substr(2);var e=RSAKey.getHexValueArrayOfChildrenFromHex(l);var j=new RSAKey();j.setPublic(e[0],e[1]);this.setRSAKey(j)}else{throw"key not supported"}};this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var e=new KJUR.asn1.DERSequence({array:[this.asn1AlgId,this.asn1SubjPKey]});return e};this.getEncodedHex=function(){var e=this.getASN1Object();this.hTLV=e.getEncodedHex();return this.hTLV};this._setRSAKey=function(e){var g=KJUR.asn1.ASN1Util.newObject({seq:[{"int":{bigint:e.n}},{"int":{"int":e.e}}]});var f=g.getEncodedHex();this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"rsaEncryption"});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+f})};this._setEC=function(e){var f=new KJUR.asn1.DERObjectIdentifier({name:e.curveName});this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"ecPublicKey",asn1params:f});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+e.pubKeyHex})};this._setDSA=function(e){var f=new KJUR.asn1.ASN1Util.newObject({seq:[{"int":{bigint:e.p}},{"int":{bigint:e.q}},{"int":{bigint:e.g}}]});this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"dsa",asn1params:f});var g=new KJUR.asn1.DERInteger({bigint:e.y});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+g.getEncodedHex()})};if(typeof d!="undefined"){if(typeof RSAKey!="undefined"&&d instanceof RSAKey){this._setRSAKey(d)}else{if(typeof KJUR.crypto.ECDSA!="undefined"&&d instanceof KJUR.crypto.ECDSA){this._setEC(d)}else{if(typeof KJUR.crypto.DSA!="undefined"&&d instanceof KJUR.crypto.DSA){this._setDSA(d)}else{if(typeof d.rsakey!="undefined"){this.setRSAKey(d.rsakey)}else{if(typeof d.rsapem!="undefined"){this.setRSAPEM(d.rsapem)}}}}}}};YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(c){KJUR.asn1.x509.Time.superclass.constructor.call(this);var b=null;var a=null;this.setTimeParams=function(d){this.timeParams=d};this.getEncodedHex=function(){var d=null;if(this.timeParams!=null){if(this.type=="utc"){d=new KJUR.asn1.DERUTCTime(this.timeParams)}else{d=new KJUR.asn1.DERGeneralizedTime(this.timeParams)}}else{if(this.type=="utc"){d=new KJUR.asn1.DERUTCTime()}else{d=new KJUR.asn1.DERGeneralizedTime()}}this.TLV=d.getEncodedHex();return this.TLV};this.type="utc";if(typeof c!="undefined"){if(typeof c.type!="undefined"){this.type=c.type}else{if(typeof c.str!="undefined"){if(c.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(c.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=c}};YAHOO.lang.extend(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(b){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;this.getEncodedHex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw"algorithm not specified"}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=KJUR.asn1.x509.OID.name2obj(this.nameAlg)}var c=[this.asn1Alg];if(this.asn1Params!==null){c.push(this.asn1Params)}var d=new KJUR.asn1.DERSequence({array:c});this.hTLV=d.getEncodedHex();return this.hTLV};if(b!==undefined){if(b.name!==undefined){this.nameAlg=b.name}if(b.asn1params!==undefined){this.asn1Params=b.asn1params}if(b.paramempty!==undefined){this.paramEmpty=b.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){var a=this.nameAlg.toLowerCase();if(a.substr(-7,7)!=="withdsa"&&a.substr(-9,9)!=="withecdsa"){this.asn1Params=new KJUR.asn1.DERNull()}}};YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralName=function(d){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var c=null;var b=null;var a={rfc822:"81",dns:"82",dn:"a4",uri:"86"};this.explicit=false;this.setByParam=function(k){var j=null;var g=null;if(k===undefined){return}if(k.rfc822!==undefined){this.type="rfc822";g=new KJUR.asn1.DERIA5String({str:k[this.type]})}if(k.dns!==undefined){this.type="dns";g=new KJUR.asn1.DERIA5String({str:k[this.type]})}if(k.uri!==undefined){this.type="uri";g=new KJUR.asn1.DERIA5String({str:k[this.type]})}if(k.dn!==undefined){this.type="dn";g=new KJUR.asn1.x509.X500Name({str:k.dn})}if(k.ldapdn!==undefined){this.type="dn";g=new KJUR.asn1.x509.X500Name({ldapstr:k.ldapdn})}if(k.certissuer!==undefined){this.type="dn";this.explicit=true;var h=k.certissuer;var f=null;if(h.match(/^[0-9A-Fa-f]+$/)){f==h}if(h.indexOf("-----BEGIN ")!=-1){f=ASN1HEX.pemToHex(h)}if(f==null){throw"certissuer param not cert"}var e=new X509();e.hex=f;var i=e.getIssuerHex();g=new KJUR.asn1.ASN1Object();g.hTLV=i}if(k.certsubj!==undefined){this.type="dn";this.explicit=true;var h=k.certsubj;var f=null;if(h.match(/^[0-9A-Fa-f]+$/)){f==h}if(h.indexOf("-----BEGIN ")!=-1){f=ASN1HEX.pemToHex(h)}if(f==null){throw"certsubj param not cert"}var e=new X509();e.hex=f;var i=e.getSubjectHex();g=new KJUR.asn1.ASN1Object();g.hTLV=i}if(this.type==null){throw"unsupported type in params="+k}this.asn1Obj=new KJUR.asn1.DERTaggedObject({explicit:this.explicit,tag:a[this.type],obj:g})};this.getEncodedHex=function(){return this.asn1Obj.getEncodedHex()};if(d!==undefined){this.setByParam(d)}};YAHOO.lang.extend(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(b){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null;this.setByParamArray=function(e){for(var c=0;c0){h=new a.DERTaggedObject({obj:this.dUnsignedAttrs,tag:"a1",explicit:false})}var g=[this.dCMSVersion,this.dSignerIdentifier,this.dDigestAlgorithm,e,this.dSigAlg,this.dSig,];if(h!=null){g.push(h)}var f=new a.DERSequence({array:g});this.hTLV=f.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.SignerInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.EncapsulatedContentInfo=function(c){KJUR.asn1.cms.EncapsulatedContentInfo.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dEContentType=new a.DERObjectIdentifier({name:"data"});this.dEContent=null;this.isDetached=false;this.eContentValueHex=null;this.setContentType=function(e){if(e.match(/^[0-2][.][0-9.]+$/)){this.dEContentType=new a.DERObjectIdentifier({oid:e})}else{this.dEContentType=new a.DERObjectIdentifier({name:e})}};this.setContentValue=function(e){if(typeof e!="undefined"){if(typeof e.hex=="string"){this.eContentValueHex=e.hex}else{if(typeof e.str=="string"){this.eContentValueHex=utf8tohex(e.str)}}}};this.setContentValueHex=function(e){this.eContentValueHex=e};this.setContentValueStr=function(e){this.eContentValueHex=utf8tohex(e)};this.getEncodedHex=function(){if(typeof this.eContentValueHex!="string"){throw"eContentValue not yet set"}var g=new a.DEROctetString({hex:this.eContentValueHex});this.dEContent=new a.DERTaggedObject({obj:g,tag:"a0",explicit:true});var e=[this.dEContentType];if(!this.isDetached){e.push(this.dEContent)}var f=new a.DERSequence({array:e});this.hTLV=f.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.EncapsulatedContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.ContentInfo=function(c){KJUR.asn1.cms.ContentInfo.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dContentType=null;this.dContent=null;this.setContentType=function(e){if(typeof e=="string"){this.dContentType=d.OID.name2obj(e)}};this.getEncodedHex=function(){var f=new a.DERTaggedObject({obj:this.dContent,tag:"a0",explicit:true});var e=new a.DERSequence({array:[this.dContentType,f]});this.hTLV=e.getEncodedHex();return this.hTLV};if(typeof c!="undefined"){if(c.type){this.setContentType(c.type)}if(c.obj&&c.obj instanceof a.ASN1Object){this.dContent=c.obj}}};YAHOO.lang.extend(KJUR.asn1.cms.ContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.SignedData=function(c){KJUR.asn1.cms.SignedData.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dCMSVersion=new a.DERInteger({"int":1});this.dDigestAlgs=null;this.digestAlgNameList=[];this.dEncapContentInfo=new b.EncapsulatedContentInfo();this.dCerts=null;this.certificateList=[];this.crlList=[];this.signerInfoList=[new b.SignerInfo()];this.addCertificatesByPEM=function(e){var f=ASN1HEX.pemToHex(e);var g=new a.ASN1Object();g.hTLV=f;this.certificateList.push(g)};this.getEncodedHex=function(){if(typeof this.hTLV=="string"){return this.hTLV}if(this.dDigestAlgs==null){var k=[];for(var j=0;j0){var l=new a.DERSet({array:this.certificateList});this.dCerts=new a.DERTaggedObject({obj:l,tag:"a0",explicit:false})}}if(this.dCerts!=null){e.push(this.dCerts)}var g=new a.DERSet({array:this.signerInfoList});e.push(g);var f=new a.DERSequence({array:e});this.hTLV=f.getEncodedHex();return this.hTLV};this.getContentInfo=function(){this.getEncodedHex();var e=new b.ContentInfo({type:"signed-data",obj:this});return e};this.getContentInfoEncodedHex=function(){var e=this.getContentInfo();var f=e.getEncodedHex();return f};this.getPEM=function(){var e=this.getContentInfoEncodedHex();var f=a.ASN1Util.getPEMStringFromHex(e,"CMS");return f}};YAHOO.lang.extend(KJUR.asn1.cms.SignedData,KJUR.asn1.ASN1Object);KJUR.asn1.cms.CMSUtil=new function(){};KJUR.asn1.cms.CMSUtil.newSignedData=function(a){var h=KJUR.asn1.cms;var g=KJUR.asn1.cades;var f=new h.SignedData();f.dEncapContentInfo.setContentValue(a.content);if(typeof a.certs=="object"){for(var b=0;b0){var e=new KJUR.asn1.DERSequence({array:this.extensionsArray});var d=new KJUR.asn1.DERSet({array:[e]});var c=new KJUR.asn1.DERSequence({array:[new KJUR.asn1.DERObjectIdentifier({oid:"1.2.840.113549.1.9.14"}),d]});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a0",obj:c});this.asn1Array.push(b)}else{var b=new KJUR.asn1.DERTaggedObject({explicit:false,tag:"a0",obj:new KJUR.asn1.DERNull()});this.asn1Array.push(b)}var f=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=f.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.csr.CertificationRequestInfo,KJUR.asn1.ASN1Object);KJUR.asn1.csr.CSRUtil=new function(){};KJUR.asn1.csr.CSRUtil.newCSRPEM=function(g){var d=KJUR.asn1.csr;if(g.subject===undefined){throw"parameter subject undefined"}if(g.sbjpubkey===undefined){throw"parameter sbjpubkey undefined"}if(g.sigalg===undefined){throw"parameter sigalg undefined"}if(g.sbjprvkey===undefined){throw"parameter sbjpubkey undefined"}var b=new d.CertificationRequestInfo();b.setSubjectByParam(g.subject);b.setSubjectPublicKeyByGetKey(g.sbjpubkey);if(g.ext!==undefined&&g.ext.length!==undefined){for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b15){throw"ASN.1 length too long to represent by 8x: n = "+i.toString(16)}var f=128+g;return f.toString(16)+h}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(this.s)};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(f){utc=f.getTime()+(f.getTimezoneOffset()*60000);var e=new Date(utc);return e};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";this.hTLV="0101ff"};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=(l*2))){break}if(d>=200){break}g.push(b);c=b;d++}return g};ASN1HEX.getPosArrayOfChildren_AtObj=ASN1HEX.getChildIdx;ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getNthChildIndex_AtObj=ASN1HEX.getNthChildIdx;ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){throw"checking tag doesn't match: "+e.substr(d,2)+"!="+i}}return d}f=c.shift();b=g.getChildIdx(e,d);return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getDecendantIndexByNthList=ASN1HEX.getIdxbyList;ASN1HEX.getTLVbyList=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyList(d,c,b);if(a===undefined){throw"can't find nthList object"}if(f!==undefined){if(d.substr(a,2)!=f){throw"checking tag doesn't match: "+d.substr(a,2)+"!="+f}}return e.getTLV(d,a)};ASN1HEX.getDecendantHexTLVByNthList=ASN1HEX.getTLVbyList;ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a===undefined){throw"can't find nthList object"}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getDecendantHexVByNthList=ASN1HEX.getVbyList;ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;if(e.substr(l,2)=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(e.substr(l,2)=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(e.substr(l,2)=="03"){var h=j(e,l);return g+"BITSTRING "+q(h,x)+"\n"}if(e.substr(l,2)=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(e.substr(l,2)=="05"){return g+"NULL\n"}if(e.substr(l,2)=="06"){var m=j(e,l);var a=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(a);var b=a.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+b+")\n"}else{return g+"ObjectIdentifier ("+b+")\n"}}if(e.substr(l,2)=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(e.substr(l,2)=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(e.substr(l,2)=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u0){var m=new f({array:this.extensionsArray});var k=new c({explicit:true,tag:"a3",obj:m});this.asn1Array.push(k)}var n=new f({array:this.asn1Array});this.hTLV=n.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(d){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var f=null,a=KJUR,e=a.asn1,h=e.DERObjectIdentifier,i=e.DEROctetString,b=e.DERBitString,g=e.DERBoolean,c=e.DERSequence;this.getEncodedHex=function(){var m=new h({oid:this.oid});var l=new i({hex:this.getExtnValueHex()});var k=new Array();k.push(m);if(this.critical){k.push(new g())}k.push(l);var j=new c({array:k});return j.getEncodedHex()};this.critical=false;if(typeof d!="undefined"){if(typeof d.critical!="undefined"){this.critical=d.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension.appendByNameToArray=function(e,c,b){var g=e.toLowerCase(),f=KJUR.asn1.x509;if(g=="basicconstraints"){var d=new f.BasicConstraints(c);b.push(d)}else{if(g=="keyusage"){var d=new f.KeyUsage(c);b.push(d)}else{if(g=="crldistributionpoints"){var d=new f.CRLDistributionPoints(c);b.push(d)}else{if(g=="extkeyusage"){var d=new f.ExtKeyUsage(c);b.push(d)}else{if(g=="authoritykeyidentifier"){var d=new f.AuthorityKeyIdentifier(c);b.push(d)}else{if(g=="authorityinfoaccess"){var d=new f.AuthorityInfoAccess(c);b.push(d)}else{if(g=="subjectaltname"){var d=new f.SubjectAltName(c);b.push(d)}else{if(g=="issueraltname"){var d=new f.IssuerAltName(c);b.push(d)}else{throw"unsupported extension name: "+e}}}}}}}}};KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(e){this.asn1ExtnValue=new a.DERSequence({array:e})};this.setByOneURI=function(h){var e=new c.GeneralNames([{uri:h}]);var g=new c.DistributionPointName(e);var f=new c.DistributionPoint({dpobj:g});this.setByDPArray([f])};this.oid="2.5.29.31";if(typeof d!="undefined"){if(typeof d.array!="undefined"){this.setByDPArray(d.array)}else{if(typeof d.uri!="undefined"){this.setByOneURI(d.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(c){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,c);var b=KJUR,a=b.asn1;this.setPurposeArray=function(d){this.asn1ExtnValue=new a.DERSequence();for(var e=0;e0){var h=new b({array:this.aRevokedCert});this.asn1Array.push(h)}var i=new b({array:this.asn1Array});this.hTLV=i.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(e){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var d=null,c=null,b=KJUR,a=b.asn1;this.setCertSerial=function(f){this.sn=new a.DERInteger(f)};this.setRevocationDate=function(f){this.time=new a.x509.Time(f)};this.getEncodedHex=function(){var f=new a.DERSequence({array:[this.sn,this.time]});this.TLV=f.getEncodedHex();return this.TLV};if(e!==undefined){if(e.time!==undefined){this.setRevocationDate(e.time)}if(e.sn!==undefined){this.setCertSerial(e.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(f){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();var d=KJUR,c=d.asn1,e=c.x509,b=pemtohex;this.setByString=function(g){var h=g.split("/");h.shift();for(var j=0;j0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.RDN=function(a){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=new Array();this.addByString=function(b){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:b}))};this.addByMultiValuedString=function(d){var b=KJUR.asn1.x509.RDN.parseString(d);for(var c=0;c0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(d){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);var f=null,e=null,a="utf8",c=KJUR,b=c.asn1;this.setByString=function(h){var g=h.match(/^([^=]+)=(.+)$/);if(g){this.setByAttrTypeAndValueStr(g[1],g[2])}else{throw"malformed attrTypeAndValueStr: "+h}};this.setByAttrTypeAndValueStr=function(i,h){this.typeObj=KJUR.asn1.x509.OID.atype2obj(i);var g=a;if(i=="C"){g="prn"}this.valueObj=this.getValueObj(g,h)};this.getValueObj=function(h,g){if(h=="utf8"){return new b.DERUTF8String({str:g})}if(h=="prn"){return new b.DERPrintableString({str:g})}if(h=="tel"){return new b.DERTeletexString({str:g})}if(h=="ia5"){return new b.DERIA5String({str:g})}throw"unsupported directory string type: type="+h+" value="+g};this.getEncodedHex=function(){var g=new b.DERSequence({array:[this.typeObj,this.valueObj]});this.TLV=g.getEncodedHex();return this.TLV};if(typeof d!="undefined"){if(typeof d.str!="undefined"){this.setByString(d.str)}}};YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var m=null,l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,n=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,p=d.AlgorithmIdentifier,g=a.crypto,o=g.ECDSA,c=g.DSA;this.setRSAKey=function(q){if(!RSAKey.prototype.isPrototypeOf(q)){throw"argument is not RSAKey instance"}this.rsaKey=q;var s=new i({bigint:q.n});var r=new i({"int":q.e});var u=new j.DERSequence({array:[s,r]});var t=u.getEncodedHex();this.asn1AlgId=new j.x509.AlgorithmIdentifier({name:"rsaEncryption"});this.asn1SubjPKey=new j.DERBitString({hex:"00"+t})};this.setRSAPEM=function(t){if(t.match(/-----BEGIN PUBLIC KEY-----/)){var v=pemtohex(t);var s=RSAKey.getHexValueArrayOfChildrenFromHex(v);var r=s[1];var u=r.substr(2);var w=RSAKey.getHexValueArrayOfChildrenFromHex(u);var q=new RSAKey();q.setPublic(w[0],w[1]);this.setRSAKey(q)}else{throw"key not supported"}};this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var q=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return q};this.getEncodedHex=function(){var q=this.getASN1Object();this.hTLV=q.getEncodedHex();return this.hTLV};this._setRSAKey=function(q){var s=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var r=s.getEncodedHex();this.asn1AlgId=new p({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+r})};this._setEC=function(q){var r=new n({name:q.curveName});this.asn1AlgId=new p({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})};this._setDSA=function(q){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new p({name:"dsa",asn1params:r});var s=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+s.getEncodedHex()})};if(typeof f!="undefined"){if(typeof RSAKey!="undefined"&&f instanceof RSAKey){this._setRSAKey(f)}else{if(typeof o!="undefined"&&f instanceof o){this._setEC(f)}else{if(typeof c!="undefined"&&f instanceof c){this._setDSA(f)}else{if(f.rsakey!==undefined){this.setRSAKey(f.rsakey)}else{if(f.rsapem!==undefined){this.setRSAPEM(f.rsapem)}}}}}}};YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.getEncodedHex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.getEncodedHex();return this.TLV};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};YAHOO.lang.extend(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(d){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1;this.getEncodedHex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw"algorithm not specified"}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var e=[this.asn1Alg];if(this.asn1Params!==null){e.push(this.asn1Params)}var f=new a.DERSequence({array:e});this.hTLV=f.getEncodedHex();return this.hTLV};if(d!==undefined){if(d.name!==undefined){this.nameAlg=d.name}if(d.asn1params!==undefined){this.asn1Params=d.asn1params}if(d.paramempty!==undefined){this.paramEmpty=d.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){var c=this.nameAlg.toLowerCase();if(c.substr(-7,7)!=="withdsa"&&c.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralName=function(e){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var k=null,h=null,i={rfc822:"81",dns:"82",dn:"a4",uri:"86"},b=KJUR,f=b.asn1,d=f.DERIA5String,c=f.DERTaggedObject,j=f.ASN1Object,a=f.x509.X500Name,g=pemtohex;this.explicit=false;this.setByParam=function(r){var q=null;var n=null;if(r===undefined){return}if(r.rfc822!==undefined){this.type="rfc822";n=new d({str:r[this.type]})}if(r.dns!==undefined){this.type="dns";n=new d({str:r[this.type]})}if(r.uri!==undefined){this.type="uri";n=new d({str:r[this.type]})}if(r.dn!==undefined){this.type="dn";n=new a({str:r.dn})}if(r.ldapdn!==undefined){this.type="dn";n=new a({ldapstr:r.ldapdn})}if(r.certissuer!==undefined){this.type="dn";this.explicit=true;var o=r.certissuer;var m=null;if(o.match(/^[0-9A-Fa-f]+$/)){m==o}if(o.indexOf("-----BEGIN ")!=-1){m=g(o)}if(m==null){throw"certissuer param not cert"}var l=new X509();l.hex=m;var p=l.getIssuerHex();n=new j();n.hTLV=p}if(r.certsubj!==undefined){this.type="dn";this.explicit=true;var o=r.certsubj;var m=null;if(o.match(/^[0-9A-Fa-f]+$/)){m==o}if(o.indexOf("-----BEGIN ")!=-1){m=g(o)}if(m==null){throw"certsubj param not cert"}var l=new X509();l.hex=m;var p=l.getSubjectHex();n=new j();n.hTLV=p}if(this.type==null){throw"unsupported type in params="+r}this.asn1Obj=new c({explicit:this.explicit,tag:i[this.type],obj:n})};this.getEncodedHex=function(){return this.asn1Obj.getEncodedHex()};if(e!==undefined){this.setByParam(e)}};YAHOO.lang.extend(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e0){r=new b({obj:this.dUnsignedAttrs,tag:"a1",explicit:false})}var q=[this.dCMSVersion,this.dSignerIdentifier,this.dDigestAlgorithm,o,this.dSigAlg,this.dSig,];if(r!=null){q.push(r)}var p=new h.DERSequence({array:q});this.hTLV=p.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.SignerInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.EncapsulatedContentInfo=function(g){var c=KJUR,b=c.asn1,e=b.DERTaggedObject,a=b.DERSequence,h=b.DERObjectIdentifier,d=b.DEROctetString,f=b.cms;f.EncapsulatedContentInfo.superclass.constructor.call(this);this.dEContentType=new h({name:"data"});this.dEContent=null;this.isDetached=false;this.eContentValueHex=null;this.setContentType=function(i){if(i.match(/^[0-2][.][0-9.]+$/)){this.dEContentType=new h({oid:i})}else{this.dEContentType=new h({name:i})}};this.setContentValue=function(i){if(i!==undefined){if(typeof i.hex=="string"){this.eContentValueHex=i.hex}else{if(typeof i.str=="string"){this.eContentValueHex=utf8tohex(i.str)}}}};this.setContentValueHex=function(i){this.eContentValueHex=i};this.setContentValueStr=function(i){this.eContentValueHex=utf8tohex(i)};this.getEncodedHex=function(){if(typeof this.eContentValueHex!="string"){throw"eContentValue not yet set"}var k=new d({hex:this.eContentValueHex});this.dEContent=new e({obj:k,tag:"a0",explicit:true});var i=[this.dEContentType];if(!this.isDetached){i.push(this.dEContent)}var j=new a({array:i});this.hTLV=j.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.EncapsulatedContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.ContentInfo=function(f){var c=KJUR,b=c.asn1,d=b.DERTaggedObject,a=b.DERSequence,e=b.x509;KJUR.asn1.cms.ContentInfo.superclass.constructor.call(this);this.dContentType=null;this.dContent=null;this.setContentType=function(g){if(typeof g=="string"){this.dContentType=e.OID.name2obj(g)}};this.getEncodedHex=function(){var h=new d({obj:this.dContent,tag:"a0",explicit:true});var g=new a({array:[this.dContentType,h]});this.hTLV=g.getEncodedHex();return this.hTLV};if(f!==undefined){if(f.type){this.setContentType(f.type)}if(f.obj&&f.obj instanceof b.ASN1Object){this.dContent=f.obj}}};YAHOO.lang.extend(KJUR.asn1.cms.ContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.SignedData=function(e){var a=KJUR,h=a.asn1,j=h.ASN1Object,g=h.DERInteger,m=h.DERSet,f=h.DERSequence,b=h.DERTaggedObject,l=h.cms,i=l.EncapsulatedContentInfo,d=l.SignerInfo,n=l.ContentInfo,c=h.x509,k=c.AlgorithmIdentifier;KJUR.asn1.cms.SignedData.superclass.constructor.call(this);this.dCMSVersion=new g({"int":1});this.dDigestAlgs=null;this.digestAlgNameList=[];this.dEncapContentInfo=new i();this.dCerts=null;this.certificateList=[];this.crlList=[];this.signerInfoList=[new d()];this.addCertificatesByPEM=function(p){var q=pemtohex(p);var r=new j();r.hTLV=q;this.certificateList.push(r)};this.getEncodedHex=function(){if(typeof this.hTLV=="string"){return this.hTLV}if(this.dDigestAlgs==null){var u=[];for(var t=0;t0){var v=new m({array:this.certificateList});this.dCerts=new b({obj:v,tag:"a0",explicit:false})}}if(this.dCerts!=null){p.push(this.dCerts)}var r=new m({array:this.signerInfoList});p.push(r);var q=new f({array:p});this.hTLV=q.getEncodedHex();return this.hTLV};this.getContentInfo=function(){this.getEncodedHex();var o=new n({type:"signed-data",obj:this});return o};this.getContentInfoEncodedHex=function(){var o=this.getContentInfo();var p=o.getEncodedHex();return p};this.getPEM=function(){return hextopem(this.getContentInfoEncodedHex(),"CMS")}};YAHOO.lang.extend(KJUR.asn1.cms.SignedData,KJUR.asn1.ASN1Object);KJUR.asn1.cms.CMSUtil=new function(){};KJUR.asn1.cms.CMSUtil.newSignedData=function(d){var b=KJUR,j=b.asn1,q=j.cms,f=q.SignerInfo,n=q.SignedData,o=q.SigningTime,a=q.SigningCertificate,p=q.SigningCertificateV2,c=j.cades,e=c.SignaturePolicyIdentifier;var m=new n();m.dEncapContentInfo.setContentValue(d.content);if(typeof d.certs=="object"){for(var h=0;h0){var s=new f({array:this.extensionsArray});var r=new m({array:[s]});var q=new f({array:[new k({oid:"1.2.840.113549.1.9.14"}),r]});var p=new c({explicit:true,tag:"a0",obj:q});this.asn1Array.push(p)}else{var p=new c({explicit:false,tag:"a0",obj:new j()});this.asn1Array.push(p)}var t=new f({array:this.asn1Array});this.hTLV=t.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.csr.CertificationRequestInfo,KJUR.asn1.ASN1Object);KJUR.asn1.csr.CSRUtil=new function(){};KJUR.asn1.csr.CSRUtil.newCSRPEM=function(h){var c=KEYUTIL,b=KJUR.asn1.csr;if(h.subject===undefined){throw"parameter subject undefined"}if(h.sbjpubkey===undefined){throw"parameter sbjpubkey undefined"}if(h.sigalg===undefined){throw"parameter sigalg undefined"}if(h.sbjprvkey===undefined){throw"parameter sbjpubkey undefined"}var d=new b.CertificationRequestInfo();d.setSubjectByParam(h.subject);d.setSubjectPublicKeyByGetKey(h.sbjpubkey);if(h.ext!==undefined&&h.ext.length!==undefined){for(var e=0;e"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f=0;--p){q=q.twice2D();q.z=BigInteger.ONE;if(o.testBit(p)){if(n.testBit(p)){q=q.add2D(t)}else{q=q.add2D(s)}}else{if(n.testBit(p)){q=q.add2D(r)}}}return q}this.getBigRandom=function(i){return new BigInteger(i.bitLength(),a).mod(i.subtract(BigInteger.ONE)).add(BigInteger.ONE)};this.setNamedCurve=function(i){this.ecparams=KJUR.crypto.ECParameterDB.getByName(i);this.prvKeyHex=null;this.pubKeyHex=null;this.curveName=i};this.setPrivateKeyHex=function(i){this.isPrivate=true;this.prvKeyHex=i};this.setPublicKeyHex=function(i){this.isPublic=true;this.pubKeyHex=i};this.getPublicKeyXYHex=function(){var k=this.pubKeyHex;if(k.substr(0,2)!=="04"){throw"this method supports uncompressed format(04) only"}var j=this.ecparams.keylen/4;if(k.length!==2+j*2){throw"malformed public key hex length"}var i={};i.x=k.substr(2,j);i.y=k.substr(2+j);return i};this.getShortNISTPCurveName=function(){var i=this.curveName;if(i==="secp256r1"||i==="NIST P-256"||i==="P-256"||i==="prime256v1"){return"P-256"}if(i==="secp384r1"||i==="NIST P-384"||i==="P-384"){return"P-384"}return null};this.generateKeyPairHex=function(){var k=this.ecparams.n;var n=this.getBigRandom(k);var l=this.ecparams.G.multiply(n);var q=l.getX().toBigInteger();var o=l.getY().toBigInteger();var i=this.ecparams.keylen/4;var m=("0000000000"+n.toString(16)).slice(-i);var r=("0000000000"+q.toString(16)).slice(-i);var p=("0000000000"+o.toString(16)).slice(-i);var j="04"+r+p;this.setPrivateKeyHex(m);this.setPublicKeyHex(j);return{ecprvhex:m,ecpubhex:j}};this.signWithMessageHash=function(i){return this.signHex(i,this.prvKeyHex)};this.signHex=function(o,j){var t=new BigInteger(j,16);var l=this.ecparams.n;var q=new BigInteger(o,16);do{var m=this.getBigRandom(l);var u=this.ecparams.G;var p=u.multiply(m);var i=p.getX().toBigInteger().mod(l)}while(i.compareTo(BigInteger.ZERO)<=0);var v=m.modInverse(l).multiply(q.add(t.multiply(i))).mod(l);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(i,v)};this.sign=function(m,u){var q=u;var j=this.ecparams.n;var p=BigInteger.fromByteArrayUnsigned(m);do{var l=this.getBigRandom(j);var t=this.ecparams.G;var o=t.multiply(l);var i=o.getX().toBigInteger().mod(j)}while(i.compareTo(BigInteger.ZERO)<=0);var v=l.modInverse(j).multiply(p.add(q.multiply(i))).mod(j);return this.serializeSig(i,v)};this.verifyWithMessageHash=function(j,i){return this.verifyHex(j,i,this.pubKeyHex)};this.verifyHex=function(m,i,p){var l,j;var o=KJUR.crypto.ECDSA.parseSigHex(i);l=o.r;j=o.s;var k;k=ECPointFp.decodeFromHex(this.ecparams.curve,p);var n=new BigInteger(m,16);return this.verifyRaw(n,l,j,k)};this.verify=function(o,p,j){var l,i;if(Bitcoin.Util.isArray(p)){var n=this.parseSig(p);l=n.r;i=n.s}else{if("object"===typeof p&&p.r&&p.s){l=p.r;i=p.s}else{throw"Invalid value for signature"}}var k;if(j instanceof ECPointFp){k=j}else{if(Bitcoin.Util.isArray(j)){k=ECPointFp.decodeFrom(this.ecparams.curve,j)}else{throw"Invalid format for pubkey value, must be byte array or ECPointFp"}}var m=BigInteger.fromByteArrayUnsigned(o);return this.verifyRaw(m,l,i,k)};this.verifyRaw=function(o,i,w,m){var l=this.ecparams.n;var u=this.ecparams.G;if(i.compareTo(BigInteger.ONE)<0||i.compareTo(l)>=0){return false}if(w.compareTo(BigInteger.ONE)<0||w.compareTo(l)>=0){return false}var p=w.modInverse(l);var k=o.multiply(p).mod(l);var j=i.multiply(p).mod(l);var q=u.multiply(k).add(m.multiply(j));var t=q.getX().toBigInteger().mod(l);return t.equals(i)};this.serializeSig=function(k,j){var l=k.toByteArraySigned();var i=j.toByteArraySigned();var m=[];m.push(2);m.push(l.length);m=m.concat(l);m.push(2);m.push(i.length);m=m.concat(i);m.unshift(m.length);m.unshift(48);return m};this.parseSig=function(n){var m;if(n[0]!=48){throw new Error("Signature not a valid DERSequence")}m=2;if(n[m]!=2){throw new Error("First element in signature must be a DERInteger")}var l=n.slice(m+2,m+2+n[m+1]);m+=2+n[m+1];if(n[m]!=2){throw new Error("Second element in signature must be a DERInteger")}var i=n.slice(m+2,m+2+n[m+1]);m+=2+n[m+1];var k=BigInteger.fromByteArrayUnsigned(l);var j=BigInteger.fromByteArrayUnsigned(i);return{r:k,s:j}};this.parseSigCompact=function(m){if(m.length!==65){throw"Signature has the wrong length"}var j=m[0]-27;if(j<0||j>7){throw"Invalid signature type"}var o=this.ecparams.n;var l=BigInteger.fromByteArrayUnsigned(m.slice(1,33)).mod(o);var k=BigInteger.fromByteArrayUnsigned(m.slice(33,65)).mod(o);return{r:l,s:k,i:j}};this.readPKCS5PrvKeyHex=function(l){var n=ASN1HEX;var m=KJUR.crypto.ECDSA.getName;var p=n.getVbyList;if(n.isASN1HEX(l)===false){throw"not ASN.1 hex string"}var i,k,o;try{i=p(l,0,[2,0],"06");k=p(l,0,[1],"04");try{o=p(l,0,[3,0],"03").substr(2)}catch(j){}}catch(j){throw"malformed PKCS#1/5 plain ECC private key"}this.curveName=m(i);if(this.curveName===undefined){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(o);this.setPrivateKeyHex(k);this.isPublic=false};this.readPKCS8PrvKeyHex=function(l){var q=ASN1HEX;var i=KJUR.crypto.ECDSA.getName;var n=q.getVbyList;if(q.isASN1HEX(l)===false){throw"not ASN.1 hex string"}var j,p,m,k;try{j=n(l,0,[1,0],"06");p=n(l,0,[1,1],"06");m=n(l,0,[2,0,1],"04");try{k=n(l,0,[2,0,2,0],"03").substr(2)}catch(o){}}catch(o){throw"malformed PKCS#8 plain ECC private key"}this.curveName=i(p);if(this.curveName===undefined){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(k);this.setPrivateKeyHex(m);this.isPublic=false};this.readPKCS8PubKeyHex=function(l){var n=ASN1HEX;var m=KJUR.crypto.ECDSA.getName;var p=n.getVbyList;if(n.isASN1HEX(l)===false){throw"not ASN.1 hex string"}var k,i,o;try{k=p(l,0,[0,0],"06");i=p(l,0,[0,1],"06");o=p(l,0,[1],"03").substr(2)}catch(j){throw"malformed PKCS#8 ECC public key"}this.curveName=m(i);if(this.curveName===null){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(o)};this.readCertPubKeyHex=function(k,p){if(p!==5){p=6}var m=ASN1HEX;var l=KJUR.crypto.ECDSA.getName;var o=m.getVbyList;if(m.isASN1HEX(k)===false){throw"not ASN.1 hex string"}var i,n;try{i=o(k,0,[0,p,0,1],"06");n=o(k,0,[0,p,1],"03").substr(2)}catch(j){throw"malformed X.509 certificate ECC public key"}this.curveName=l(i);if(this.curveName===null){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(n)};if(h!==undefined){if(h.curve!==undefined){this.curveName=h.curve}}if(this.curveName===undefined){this.curveName=e}this.setNamedCurve(this.curveName);if(h!==undefined){if(h.prv!==undefined){this.setPrivateKeyHex(h.prv)}if(h.pub!==undefined){this.setPublicKeyHex(h.pub)}}};KJUR.crypto.ECDSA.parseSigHex=function(a){var b=KJUR.crypto.ECDSA.parseSigHexInHexRS(a);var d=new BigInteger(b.r,16);var c=new BigInteger(b.s,16);return{r:d,s:c}};KJUR.crypto.ECDSA.parseSigHexInHexRS=function(f){var j=ASN1HEX;var i=j.getChildIdx;var g=j.getV;if(f.substr(0,2)!="30"){throw"signature is not a ASN.1 sequence"}var h=i(f,0);if(h.length!=2){throw"number of signature ASN.1 sequence elements seem wrong"}var e=h[0];var d=h[1];if(f.substr(e,2)!="02"){throw"1st item of sequene of signature is not ASN.1 integer"}if(f.substr(d,2)!="02"){throw"2nd item of sequene of signature is not ASN.1 integer"}var c=g(f,e);var b=g(f,d);return{r:c,s:b}};KJUR.crypto.ECDSA.asn1SigToConcatSig=function(c){var d=KJUR.crypto.ECDSA.parseSigHexInHexRS(c);var b=d.r;var a=d.s;if(b.substr(0,2)=="00"&&(((b.length/2)*8)%(16*8))==8){b=b.substr(2)}if(a.substr(0,2)=="00"&&(((a.length/2)*8)%(16*8))==8){a=a.substr(2)}if((((b.length/2)*8)%(16*8))!=0){throw"unknown ECDSA sig r length error"}if((((a.length/2)*8)%(16*8))!=0){throw"unknown ECDSA sig s length error"}return b+a};KJUR.crypto.ECDSA.concatSigToASN1Sig=function(a){if((((a.length/2)*8)%(16*8))!=0){throw"unknown ECDSA concatinated r-s sig length error"}var c=a.substr(0,a.length/2);var b=a.substr(a.length/2);return KJUR.crypto.ECDSA.hexRSSigToASN1Sig(c,b)};KJUR.crypto.ECDSA.hexRSSigToASN1Sig=function(b,a){var d=new BigInteger(b,16);var c=new BigInteger(a,16);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(d,c)};KJUR.crypto.ECDSA.biRSSigToASN1Sig=function(f,d){var c=KJUR.asn1;var b=new c.DERInteger({bigint:f});var a=new c.DERInteger({bigint:d});var e=new c.DERSequence({array:[b,a]});return e.getEncodedHex()};KJUR.crypto.ECDSA.getName=function(a){if(a==="2a8648ce3d030107"){return"secp256r1"}if(a==="2b8104000a"){return"secp256k1"}if(a==="2b81040022"){return"secp384r1"}if("|secp256r1|NIST P-256|P-256|prime256v1|".indexOf(a)!==-1){return"secp256r1"}if("|secp256k1|".indexOf(a)!==-1){return"secp256k1"}if("|secp384r1|NIST P-384|P-384|".indexOf(a)!==-1){return"secp384r1"}return null}; -/*! ecparam-1.0.0.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license - */ if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.ECParameterDB=new function(){var b={};var c={};function a(d){return new BigInteger(d,16)}this.getByName=function(e){var d=e;if(typeof c[d]!="undefined"){d=c[e]}if(typeof b[d]!="undefined"){return b[d]}throw"unregistered EC curve name: "+d};this.regist=function(A,l,o,g,m,e,j,f,k,u,d,x){b[A]={};var s=a(o);var z=a(g);var y=a(m);var t=a(e);var w=a(j);var r=new ECCurveFp(s,z,y);var q=r.decodePointHex("04"+f+k);b[A]["name"]=A;b[A]["keylen"]=l;b[A]["curve"]=r;b[A]["G"]=q;b[A]["n"]=t;b[A]["h"]=w;b[A]["oid"]=d;b[A]["info"]=x;for(var v=0;v1){g=new BigInteger(i,16)}else{g=null}h=new BigInteger(j,16);this.setPrivate(c,a,e,g,h)};this.setPublic=function(c,b,a,d){this.isPublic=true;this.p=c;this.q=b;this.g=a;this.y=d;this.x=null};this.setPublicHex=function(f,e,d,g){var b,a,h,c;b=new BigInteger(f,16);a=new BigInteger(e,16);h=new BigInteger(d,16);c=new BigInteger(g,16);this.setPublic(b,a,h,c)};this.signWithMessageHash=function(d){var c=this.p;var b=this.q;var f=this.g;var i=this.y;var j=this.x;var e=KJUR.crypto.Util.getRandomBigIntegerMinToMax(BigInteger.ONE.add(BigInteger.ONE),b.subtract(BigInteger.ONE));var l=d.substr(0,b.bitLength()/4);var h=new BigInteger(l,16);var a=(f.modPow(e,c)).mod(b);var n=(e.modInverse(b).multiply(h.add(j.multiply(a)))).mod(b);var m=KJUR.asn1.ASN1Util.jsonToASN1HEX({seq:[{"int":{bigint:a}},{"int":{bigint:n}}]});return m};this.verifyWithMessageHash=function(h,f){var d=this.p;var b=this.q;var j=this.g;var l=this.y;var i=this.parseASN1Signature(f);var a=i[0];var t=i[1];var o=h.substr(0,b.bitLength()/4);var k=new BigInteger(o,16);if(BigInteger.ZERO.compareTo(a)>0||a.compareTo(b)>0){throw"invalid DSA signature"}if(BigInteger.ZERO.compareTo(t)>=0||t.compareTo(b)>0){throw"invalid DSA signature"}var m=t.modInverse(b);var e=k.multiply(m).mod(b);var c=a.multiply(m).mod(b);var n=j.modPow(e,d).multiply(l.modPow(c,d)).mod(d).mod(b);return n.compareTo(a)==0};this.parseASN1Signature=function(a){try{var d=new BigInteger(ASN1HEX.getVbyList(a,0,[0],"02"),16);var c=new BigInteger(ASN1HEX.getVbyList(a,0,[1],"02"),16);return[d,c]}catch(b){throw"malformed ASN.1 DSA signature"}};this.readPKCS5PrvKeyHex=function(c){var b,a,f,g,i;var j=ASN1HEX;var d=j.getVbyList;if(j.isASN1HEX(c)===false){throw"not ASN.1 hex string"}try{b=d(c,0,[1],"02");a=d(c,0,[2],"02");f=d(c,0,[3],"02");g=d(c,0,[4],"02");i=d(c,0,[5],"02")}catch(e){console.log("EXCEPTION:"+e);throw"malformed PKCS#1/5 plain DSA private key"}this.setPrivateHex(b,a,f,g,i)};this.readPKCS8PrvKeyHex=function(d){var f,c,b,g;var e=ASN1HEX;var i=e.getVbyList;if(e.isASN1HEX(d)===false){throw"not ASN.1 hex string"}try{f=i(d,0,[1,1,0],"02");c=i(d,0,[1,1,1],"02");b=i(d,0,[1,1,2],"02");g=i(d,0,[2,0],"02")}catch(a){console.log("EXCEPTION:"+a);throw"malformed PKCS#8 plain DSA private key"}this.setPrivateHex(f,c,b,null,g)};this.readPKCS8PubKeyHex=function(d){var f,c,b,g;var e=ASN1HEX;var i=e.getVbyList;if(e.isASN1HEX(d)===false){throw"not ASN.1 hex string"}try{f=i(d,0,[0,1,0],"02");c=i(d,0,[0,1,1],"02");b=i(d,0,[0,1,2],"02");g=i(d,0,[1,0],"02")}catch(a){console.log("EXCEPTION:"+a);throw"malformed PKCS#8 DSA public key"}this.setPublicHex(f,c,b,g)};this.readCertPubKeyHex=function(c,f){if(f!==5){f=6}var b,a,g,i;var j=ASN1HEX;var d=j.getVbyList;if(j.isASN1HEX(c)===false){throw"not ASN.1 hex string"}try{b=d(c,0,[0,f,0,1,0],"02");a=d(c,0,[0,f,0,1,1],"02");g=d(c,0,[0,f,0,1,2],"02");i=d(c,0,[0,f,1,0],"02")}catch(e){console.log("EXCEPTION:"+e);throw"malformed X.509 certificate DSA public key"}this.setPublicHex(b,a,g,i)}}; -/*! pkcs5pkey-1.1.1.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -var PKCS5PKEY=function(){var c=function(n,p,o){return i(CryptoJS.AES,n,p,o)};var d=function(n,p,o){return i(CryptoJS.TripleDES,n,p,o)};var i=function(q,v,s,o){var p=CryptoJS.enc.Hex.parse(v);var u=CryptoJS.enc.Hex.parse(s);var n=CryptoJS.enc.Hex.parse(o);var r={};r.key=u;r.iv=n;r.ciphertext=p;var t=q.decrypt(r,u,{iv:n});return CryptoJS.enc.Hex.stringify(t)};var j=function(n,p,o){return e(CryptoJS.AES,n,p,o)};var m=function(n,p,o){return e(CryptoJS.TripleDES,n,p,o)};var e=function(s,x,v,p){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(v);var o=CryptoJS.enc.Hex.parse(p);var n={};var u=s.encrypt(r,w,{iv:o});var q=CryptoJS.enc.Hex.parse(u.toString());var t=CryptoJS.enc.Base64.stringify(q);return t};var g={"AES-256-CBC":{proc:c,eproc:j,keylen:32,ivlen:16},"AES-192-CBC":{proc:c,eproc:j,keylen:24,ivlen:16},"AES-128-CBC":{proc:c,eproc:j,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:d,eproc:m,keylen:24,ivlen:8}};var b=function(n){return g[n]["proc"]};var k=function(n){var p=CryptoJS.lib.WordArray.random(n);var o=CryptoJS.enc.Hex.stringify(p);return o};var l=function(t){var u={};var o=t.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(o){u.cipher=o[1];u.ivsalt=o[2]}var n=t.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(n){u.type=n[1]}var r=-1;var v=0;if(t.indexOf("\r\n\r\n")!=-1){r=t.indexOf("\r\n\r\n");v=2}if(t.indexOf("\n\n")!=-1){r=t.indexOf("\n\n");v=1}var q=t.indexOf("-----END");if(r!=-1&&q!=-1){var p=t.substring(r+v*2,q-v);p=p.replace(/\s+/g,"");u.data=p}return u};var h=function(o,w,n){var t=n.substring(0,16);var r=CryptoJS.enc.Hex.parse(t);var p=CryptoJS.enc.Utf8.parse(w);var s=g[o]["keylen"]+g[o]["ivlen"];var v="";var u=null;for(;;){var q=CryptoJS.algo.MD5.create();if(u!=null){q.update(u)}q.update(p);q.update(r);u=q.finalize();v=v+CryptoJS.enc.Hex.stringify(u);if(v.length>=s*2){break}}var x={};x.keyhex=v.substr(0,g[o]["keylen"]*2);x.ivhex=v.substr(g[o]["keylen"]*2,g[o]["ivlen"]*2);return x};var a=function(n,t,p,u){var q=CryptoJS.enc.Base64.parse(n);var o=CryptoJS.enc.Hex.stringify(q);var s=g[t]["proc"];var r=s(o,p,u);return r};var f=function(n,q,o,s){var p=g[q]["eproc"];var r=p(n,o,s);return r};return{version:"1.0.5",getHexFromPEM:function(n,o){return ASN1HEX.pemToHex(n,o)},getDecryptedKeyHexByKeyIV:function(o,r,q,p){var n=b(r);return n(o,q,p)},parsePKCS5PEM:function(n){return l(n)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(o,n,p){return h(o,n,p)},decryptKeyB64:function(n,p,o,q){return a(n,p,o,q)},getDecryptedKeyHex:function(w,v){var o=l(w);var r=o.type;var p=o.cipher;var n=o.ivsalt;var q=o.data;var u=h(p,v,n);var t=u.keyhex;var s=a(q,p,t,n);return s},getRSAKeyFromEncryptedPKCS5PEM:function(p,o){var q=this.getDecryptedKeyHex(p,o);var n=new RSAKey();n.readPrivateKeyFromASN1HexString(q);return n},getEncryptedPKCS5PEMFromPrvKeyHex:function(q,x,r,p){if(typeof r=="undefined"||r==null){r="AES-256-CBC"}if(typeof g[r]=="undefined"){throw"PKCS5PKEY unsupported algorithm: "+r}if(typeof p=="undefined"||p==null){var t=g[r]["ivlen"];var s=k(t);p=s.toUpperCase()}var w=h(r,x,p);var v=w.keyhex;var u=f(q,r,v,p);var o=u.replace(/(.{64})/g,"$1\r\n");var n="-----BEGIN RSA PRIVATE KEY-----\r\n";n+="Proc-Type: 4,ENCRYPTED\r\n";n+="DEK-Info: "+r+","+p+"\r\n";n+="\r\n";n+=o;n+="\r\n-----END RSA PRIVATE KEY-----\r\n";return n},getEncryptedPKCS5PEMFromRSAKey:function(C,D,o,s){var A=new KJUR.asn1.DERInteger({"int":0});var v=new KJUR.asn1.DERInteger({bigint:C.n});var z=new KJUR.asn1.DERInteger({"int":C.e});var B=new KJUR.asn1.DERInteger({bigint:C.d});var t=new KJUR.asn1.DERInteger({bigint:C.p});var r=new KJUR.asn1.DERInteger({bigint:C.q});var y=new KJUR.asn1.DERInteger({bigint:C.dmp1});var u=new KJUR.asn1.DERInteger({bigint:C.dmq1});var x=new KJUR.asn1.DERInteger({bigint:C.coeff});var E=new KJUR.asn1.DERSequence({array:[A,v,z,B,t,r,y,u,x]});var w=E.getEncodedHex();return this.getEncryptedPKCS5PEMFromPrvKeyHex(w,D,o,s)},newEncryptedPKCS5PEM:function(n,o,r,s){if(typeof o=="undefined"||o==null){o=1024}if(typeof r=="undefined"||r==null){r="10001"}var p=new RSAKey();p.generate(o,r);var q=null;if(typeof s=="undefined"||s==null){q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n)}else{q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n,s)}return q},getRSAKeyFromPlainPKCS8PEM:function(p){if(p.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var o=ASN1HEX.pemToHex(p,"PRIVATE KEY");var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getRSAKeyFromPlainPKCS8Hex:function(o){var n=new RSAKey();n.readPKCS8PrvKeyHex(o);return n},parseHexOfEncryptedPKCS8:function(w){var z=ASN1HEX;var x=z.getChildIdx;var u=z.getV;var r={};var p=x(w,0);if(p.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+p.length}r.ciphertext=u(w,p[1]);var y=x(w,p[0]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+y.length}if(u(w,y[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var n=x(w,y[1]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+n.length}var o=x(w,n[1]);if(o.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+o.length}if(u(w,o[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}r.encryptionSchemeAlg="TripleDES";r.encryptionSchemeIV=u(w,o[1]);var q=x(w,n[0]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+q.length}if(u(w,q[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var v=x(w,q[1]);if(v.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+v.length}r.pbkdf2Salt=u(w,v[0]);var s=u(w,v[1]);try{r.pbkdf2Iter=parseInt(s,16)}catch(t){throw"malformed format pbkdf2Iter: "+s}return r},getPBKDF2KeyHexFromParam:function(s,n){var r=CryptoJS.enc.Hex.parse(s.pbkdf2Salt);var o=s.pbkdf2Iter;var q=CryptoJS.PBKDF2(n,r,{keySize:192/32,iterations:o});var p=CryptoJS.enc.Hex.stringify(q);return p},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(v,w){var p=ASN1HEX.pemToHex(v,"ENCRYPTED PRIVATE KEY");var n=this.parseHexOfEncryptedPKCS8(p);var s=PKCS5PKEY.getPBKDF2KeyHexFromParam(n,w);var t={};t.ciphertext=CryptoJS.enc.Hex.parse(n.ciphertext);var r=CryptoJS.enc.Hex.parse(s);var q=CryptoJS.enc.Hex.parse(n.encryptionSchemeIV);var u=CryptoJS.TripleDES.decrypt(t,r,{iv:q});var o=CryptoJS.enc.Hex.stringify(u);return o},getRSAKeyFromEncryptedPKCS8PEM:function(q,p){var o=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,p);var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getKeyFromEncryptedPKCS8PEM:function(q,o){var n=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,o);var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},parsePlainPrivatePKCS8Hex:function(q){var t=ASN1HEX;var s=t.getChildIdx;var r=t.getV;var o={};o.algparam=null;if(q.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var p=s(q,0);if(p.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(q.substr(p[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var n=s(q,p[1]);if(n.length!=2){throw"malformed PKCS8 private key(code:004)"}if(q.substr(n[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}o.algoid=r(q,n[0]);if(q.substr(n[1],2)=="06"){o.algparam=r(q,n[1])}if(q.substr(p[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}o.keyidx=t.getVidx(q,p[2]);return o},getKeyFromPlainPrivatePKCS8PEM:function(o){var n=ASN1HEX.pemToHex(o,"PRIVATE KEY");var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},getKeyFromPlainPrivatePKCS8Hex:function(n){var o=this.parsePlainPrivatePKCS8Hex(n);var p;if(o.algoid=="2a864886f70d010101"){p=new RSAKey()}else{if(o.algoid=="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(o.algoid=="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}p.readPKCS8PrvKeyHex(n);return p},getRSAKeyFromPublicPKCS8PEM:function(o){var p=ASN1HEX.pemToHex(o,"PUBLIC KEY");var n=this.getRSAKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8PEM:function(o){var p=ASN1HEX.pemToHex(o,"PUBLIC KEY");var n=this.getKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8Hex:function(o){var n;var p=ASN1HEX.getVbyList(o,0,[0,0],"06");if(p==="2a864886f70d010101"){n=new RSAKey()}else{if(p==="2a8648ce380401"){n=new KJUR.crypto.DSA()}else{if(p==="2a8648ce3d0201"){n=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}n.readPKCS8PubKeyHex(o);return n},parsePublicRawRSAKeyHex:function(p){var s=ASN1HEX;var r=s.getChildIdx;var q=s.getV;var n={};if(p.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var o=r(p,0);if(o.length!=2){throw"malformed RSA key(code:002)"}if(p.substr(o[0],2)!="02"){throw"malformed RSA key(code:003)"}n.n=q(p,o[0]);if(p.substr(o[1],2)!="02"){throw"malformed RSA key(code:004)"}n.e=q(p,o[1]);return n},parsePrivateRawRSAKeyHexAtObj:function(o,t){var s=ASN1HEX;var r=s.getChildIdx;var p=s.getV;var q=s.getIdxbyList(o,0,[2,0]);var n=r(o,q);if(n.length!==9){throw"malformed PKCS#8 plain RSA private key"}t.key={};t.key.n=p(o,n[1]);t.key.e=p(o,n[2]);t.key.d=p(o,n[3]);t.key.p=p(o,n[4]);t.key.q=p(o,n[5]);t.key.dp=p(o,n[6]);t.key.dq=p(o,n[7]);t.key.co=p(o,n[8])},parsePrivateRawECKeyHexAtObj:function(n,q){var o=q.keyidx;var p=new KJUR.crypto.ECDSA();p.readPKCS8PrvKeyHex(n);q.key=p.prvKeyHex;q.pubkey=p.pubKeyHex},parsePublicPKCS8Hex:function(r){var t=ASN1HEX;var s=t.getChildIdx;var q=t.getV;var o={};o.algparam=null;var p=s(r,0);if(p.length!=2){throw"outer DERSequence shall have 2 elements: "+p.length}var u=p[0];if(r.substr(u,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var n=s(r,u);if(n.length!=2){throw"malformed PKCS8 public key(code:002)"}if(r.substr(n[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}o.algoid=q(r,n[0]);if(r.substr(n[1],2)=="06"){o.algparam=q(r,n[1])}else{if(r.substr(n[1],2)=="30"){o.algparam={};o.algparam.p=t.getVbyList(r,n[1],[0],"02");o.algparam.q=t.getVbyList(r,n[1],[1],"02");o.algparam.g=t.getVbyList(r,n[1],[2],"02")}}if(r.substr(p[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}o.key=q(r,p[1]).substr(2);return o},getRSAKeyFromPublicPKCS8Hex:function(n){var o=new RSAKey();o.readPKCS8PubKeyHex(n);return o},}}(); -/*! keyutil-1.1.1.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(v){var w={};var q=v.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(q){w.cipher=q[1];w.ivsalt=q[2]}var p=v.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(p){w.type=p[1]}var u=-1;var x=0;if(v.indexOf("\r\n\r\n")!=-1){u=v.indexOf("\r\n\r\n");x=2}if(v.indexOf("\n\n")!=-1){u=v.indexOf("\n\n");x=1}var t=v.indexOf("-----END");if(u!=-1&&t!=-1){var r=v.substring(u+x*2,t-x);r=r.replace(/\s+/g,"");w.data=r}return w};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",getHexFromPEM:function(p,q){return ASN1HEX.pemToHex(p,q)},getDecryptedKeyHexByKeyIV:function(q,t,s,r){var p=c(t);return p(q,s,r)},parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getRSAKeyFromEncryptedPKCS5PEM:function(r,q){var s=this.getDecryptedKeyHex(r,q);var p=new RSAKey();p.readPrivateKeyFromASN1HexString(s);return p},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},getEncryptedPKCS5PEMFromRSAKey:function(D,E,r,t){var B=new KJUR.asn1.DERInteger({"int":0});var w=new KJUR.asn1.DERInteger({bigint:D.n});var A=new KJUR.asn1.DERInteger({"int":D.e});var C=new KJUR.asn1.DERInteger({bigint:D.d});var u=new KJUR.asn1.DERInteger({bigint:D.p});var s=new KJUR.asn1.DERInteger({bigint:D.q});var z=new KJUR.asn1.DERInteger({bigint:D.dmp1});var v=new KJUR.asn1.DERInteger({bigint:D.dmq1});var y=new KJUR.asn1.DERInteger({bigint:D.coeff});var F=new KJUR.asn1.DERSequence({array:[B,w,A,C,u,s,z,v,y]});var x=F.getEncodedHex();return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",x,E,r,t)},newEncryptedPKCS5PEM:function(p,q,t,u){if(typeof q=="undefined"||q==null){q=1024}if(typeof t=="undefined"||t==null){t="10001"}var r=new RSAKey();r.generate(q,t);var s=null;if(typeof u=="undefined"||u==null){s=this.getEncryptedPKCS5PEMFromRSAKey(r,p)}else{s=this.getEncryptedPKCS5PEMFromRSAKey(r,p,u)}return s},getRSAKeyFromPlainPKCS8PEM:function(r){if(r.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var q=ASN1HEX.pemToHex(r,"PRIVATE KEY");var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getRSAKeyFromPlainPKCS8Hex:function(q){var p=new RSAKey();p.readPKCS8PrvKeyHex(q);return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+A.length}if(w(y,A[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=z(y,A[1]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=z(y,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length}if(w(y,s[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=z(y,s[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=ASN1HEX.pemToHex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getRSAKeyFromEncryptedPKCS8PEM:function(s,r){var q=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,r);var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=u(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=u(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=ASN1HEX.pemToHex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}r.readPKCS8PrvKeyHex(p);return r},getRSAKeyFromPublicPKCS8PEM:function(q){var r=ASN1HEX.pemToHex(q,"PUBLIC KEY");var p=this.getRSAKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8PEM:function(q){var r=ASN1HEX.pemToHex(q,"PUBLIC KEY");var p=this.getKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=t(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=s(r,q[1]);return p},parsePrivateRawRSAKeyHexAtObj:function(q,v){var u=ASN1HEX;var t=u.getChildIdx;var r=u.getV;var s=u.getIdxbyList(q,0,[2,0]);var p=t(q,s);if(p.length!==9){throw"malformed PKCS#8 plain RSA private key"}v.key={};v.key.n=r(q,p[1]);v.key.e=r(q,p[2]);v.key.d=r(q,p[3]);v.key.p=r(q,p[4]);v.key.q=r(q,p[5]);v.key.dp=r(q,p[6]);v.key.dq=r(q,p[7]);v.key.co=r(q,p[8])},parsePrivateRawECKeyHexAtObj:function(p,s){var q=s.keyidx;var r=new KJUR.crypto.ECDSA();r.readPKCS8PrvKeyHex(p);s.key=r.prvKeyHex;s.pubkey=r.pubKeyHex},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var w=r[0];if(t.substr(w,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=u(t,w);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(t.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=s(t,r[1]).substr(2);return q},getRSAKeyFromPublicPKCS8Hex:function(p){var q=new RSAKey();q.readPKCS8PubKeyHex(p);return q},}}();KEYUTIL.getKey=function(l,k,n){var E=ASN1HEX;var I=E.getChildIdx;var t=E.getV;var d=E.getVbyList;var c=KJUR.crypto;var i=c.ECDSA;var B=c.DSA;var u=RSAKey;if(typeof u!="undefined"&&l instanceof u){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof B!="undefined"&&l instanceof B){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var K=new u();K.setPublic(l.n,l.e);return K}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var K=new u();K.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return K}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var K=new u();K.setPrivate(l.n,l.e,l.d);return K}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var K=new B();K.setPublic(l.p,l.q,l.g,l.y);return K}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var K=new B();K.setPrivate(l.p,l.q,l.g,l.y,l.x);return K}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var K=new u();K.setPublic(b64utohex(l.n),b64utohex(l.e));return K}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var K=new u();K.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return K}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var K=new u();K.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return K}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var s=j.ecparams.keylen/4;var A=("0000000000"+b64utohex(l.x)).slice(-s);var w=("0000000000"+b64utohex(l.y)).slice(-s);var v="04"+A+w;j.setPublicKeyHex(v);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var s=j.ecparams.keylen/4;var A=("0000000000"+b64utohex(l.x)).slice(-s);var w=("0000000000"+b64utohex(l.y)).slice(-s);var v="04"+A+w;var b=("0000000000"+b64utohex(l.d)).slice(-s);j.setPublicKeyHex(v);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var G=l,E=ASN1HEX,J,K;J=I(G,0);if(J.length===9){K=new u();K.readPrivateKeyFromASN1HexString(l)}else{if(J.length===6){K=new B();K.readPKCS5PrvKeyHex(G)}else{if(J.length>2&&G.substr(J[1],2)==="04"){K=new i();K.readPKCS5PrvKeyHex(G)}else{throw"unsupported PKCS#1/5 hexadecimal key"}}}return K}if(n==="pkcs8prv"){var K=KEYUTIL.getKeyFromPlainPrivatePKCS8Hex(l);return K}if(n==="pkcs8pub"){return KEYUTIL.getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){return KEYUTIL.getKeyFromPublicPKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=E.pemToHex(l,"RSA PRIVATE KEY");return KEYUTIL.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var F=E.pemToHex(l,"DSA PRIVATE KEY");var D=d(F,0,[1],"02");var C=d(F,0,[2],"02");var H=d(F,0,[3],"02");var o=d(F,0,[4],"02");var r=d(F,0,[5],"02");var K=new B();K.setPrivate(new BigInteger(D,16),new BigInteger(C,16),new BigInteger(H,16),new BigInteger(o,16),new BigInteger(r,16));return K}if(l.indexOf("-END PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(l,k)}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var F=KEYUTIL.getDecryptedKeyHex(l,k);var K=d(F,0,[1],"04");var f=d(F,0,[2,0],"06");var z=d(F,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+f}var j=new i({curve:e});j.setPublicKeyHex(z);j.setPrivateKeyHex(K);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var F=KEYUTIL.getDecryptedKeyHex(l,k);var D=d(F,0,[1],"02");var C=d(F,0,[2],"02");var H=d(F,0,[3],"02");var o=d(F,0,[4],"02");var r=d(F,0,[5],"02");var K=new B();K.setPrivate(new BigInteger(D,16),new BigInteger(C,16),new BigInteger(H,16),new BigInteger(o,16),new BigInteger(r,16));return K}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromEncryptedPKCS8PEM(l,k)}throw"not supported argument"};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(a,r,o,g,j){var v=KJUR.asn1;var u=KJUR.crypto;function p(s){var w=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return w}function q(w){var s=KJUR.asn1.ASN1Util.newObject({seq:[{"int":1},{octstr:{hex:w.prvKeyHex}},{tag:["a0",true,{oid:{name:w.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+w.pubKeyHex}}]}]});return s}function n(s){var w=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return w}if(((typeof RSAKey!="undefined"&&a instanceof RSAKey)||(typeof u.DSA!="undefined"&&a instanceof u.DSA)||(typeof u.ECDSA!="undefined"&&a instanceof u.ECDSA))&&a.isPublic==true&&(r===undefined||r=="PKCS8PUB")){var t=new KJUR.asn1.x509.SubjectPublicKeyInfo(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"PUBLIC KEY")}if(r=="PKCS1PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&(o===undefined||o==null)&&a.isPrivate==true){var t=p(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"RSA PRIVATE KEY")}if(r=="PKCS1PRV"&&typeof RSAKey!="undefined"&&a instanceof KJUR.crypto.ECDSA&&(o===undefined||o==null)&&a.isPrivate==true){var f=new KJUR.asn1.DERObjectIdentifier({name:a.curveName});var l=f.getEncodedHex();var e=q(a);var k=e.getEncodedHex();var i="";i+=v.ASN1Util.getPEMStringFromHex(l,"EC PARAMETERS");i+=v.ASN1Util.getPEMStringFromHex(k,"EC PRIVATE KEY");return i}if(r=="PKCS1PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&(o===undefined||o==null)&&a.isPrivate==true){var t=n(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"DSA PRIVATE KEY")}if(r=="PKCS5PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=p(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",m,o,g)}if(r=="PKCS5PRV"&&typeof KJUR.crypto.ECDSA!="undefined"&&a instanceof KJUR.crypto.ECDSA&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=q(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",m,o,g)}if(r=="PKCS5PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=n(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",m,o,g)}var h=function(w,s){var y=b(w,s);var x=new KJUR.asn1.ASN1Util.newObject({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:y.pbkdf2Salt}},{"int":y.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:y.encryptionSchemeIV}}]}]}]},{octstr:{hex:y.ciphertext}}]});return x.getEncodedHex()};var b=function(D,E){var x=100;var C=CryptoJS.lib.WordArray.random(8);var B="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var y=CryptoJS.PBKDF2(E,C,{keySize:192/32,iterations:x});var z=CryptoJS.enc.Hex.parse(D);var A=CryptoJS.TripleDES.encrypt(z,y,{iv:s})+"";var w={};w.ciphertext=A;w.pbkdf2Salt=CryptoJS.enc.Hex.stringify(C);w.pbkdf2Iter=x;w.encryptionSchemeAlg=B;w.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return w};if(r=="PKCS8PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&a.isPrivate==true){var d=p(a);var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}if(r=="PKCS8PRV"&&typeof KJUR.crypto.ECDSA!="undefined"&&a instanceof KJUR.crypto.ECDSA&&a.isPrivate==true){var d=new KJUR.asn1.ASN1Util.newObject({seq:[{"int":1},{octstr:{hex:a.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+a.pubKeyHex}}]}]});var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:a.curveName}}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}if(r=="PKCS8PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&a.isPrivate==true){var d=new KJUR.asn1.DERInteger({bigint:a.x});var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:a.p}},{"int":{bigint:a.q}},{"int":{bigint:a.g}}]}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}throw"unsupported object nor format"};KEYUTIL.getKeyFromCSRPEM=function(b){var a=ASN1HEX.pemToHex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var e=f(g,0);if(e.length<1){throw"malformed CSR(code:002)"}if(g.substr(e[0],2)!="30"){throw"malformed CSR(code:003)"}var a=f(g,e[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getJWKFromKey=function(d){var b={};if(d instanceof RSAKey&&d.isPrivate){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));b.d=hextob64u(d.d.toString(16));b.p=hextob64u(d.p.toString(16));b.q=hextob64u(d.q.toString(16));b.dp=hextob64u(d.dmp1.toString(16));b.dq=hextob64u(d.dmq1.toString(16));b.qi=hextob64u(d.coeff.toString(16));return b}else{if(d instanceof RSAKey&&d.isPublic){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPrivate){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);b.d=hextob64u(d.prvKeyHex);return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPublic){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);return b}}}}throw"not supported key object"}; -/*! rsapem-1.2.1.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -RSAKey.pemToBase64=function(b){var a=b;a=a.replace("-----BEGIN RSA PRIVATE KEY-----","");a=a.replace("-----END RSA PRIVATE KEY-----","");a=a.replace(/[ \n]+/g,"");return a};RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(e){var c=RSAKey.pemToBase64(e);var d=b64tohex(c);var b=RSAKey.getHexValueArrayOfChildrenFromHex(d);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPrivateKeyFromASN1HexString=function(a){this.readPKCS5PrvKeyHex(a)};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,j,l,b,a,f,d,k;var m=ASN1HEX;var g=m.getVbyList;if(m.isASN1HEX(e)===false){throw"not ASN.1 hex string"}try{c=g(e,0,[2,0,1],"02");j=g(e,0,[2,0,2],"02");l=g(e,0,[2,0,3],"02");b=g(e,0,[2,0,4],"02");a=g(e,0,[2,0,5],"02");f=g(e,0,[2,0,6],"02");d=g(e,0,[2,0,7],"02");k=g(e,0,[2,0,8],"02")}catch(i){throw"malformed PKCS#8 plain RSA private key"}this.setPrivateEx(c,j,l,b,a,f,d,k)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw"keyHex is not ASN.1 hex string"}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw"wrong hex for PKCS#5 public key"}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw"not ASN.1 hex string"}if(c.getTLVbyList(b,0,[0,0])!=="06092a864886f70d010101"){throw"not PKCS8 RSA public key"}var a=c.getTLVbyList(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; -/*! rsasign-1.2.7.js (c) 2012 Kenji Urushima | kjur.github.com/jsrsasign/license - */ +var PKCS5PKEY=function(){var c=function(n,p,o){return i(CryptoJS.AES,n,p,o)};var d=function(n,p,o){return i(CryptoJS.TripleDES,n,p,o)};var i=function(q,v,s,o){var p=CryptoJS.enc.Hex.parse(v);var u=CryptoJS.enc.Hex.parse(s);var n=CryptoJS.enc.Hex.parse(o);var r={};r.key=u;r.iv=n;r.ciphertext=p;var t=q.decrypt(r,u,{iv:n});return CryptoJS.enc.Hex.stringify(t)};var j=function(n,p,o){return e(CryptoJS.AES,n,p,o)};var m=function(n,p,o){return e(CryptoJS.TripleDES,n,p,o)};var e=function(s,x,v,p){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(v);var o=CryptoJS.enc.Hex.parse(p);var n={};var u=s.encrypt(r,w,{iv:o});var q=CryptoJS.enc.Hex.parse(u.toString());var t=CryptoJS.enc.Base64.stringify(q);return t};var g={"AES-256-CBC":{proc:c,eproc:j,keylen:32,ivlen:16},"AES-192-CBC":{proc:c,eproc:j,keylen:24,ivlen:16},"AES-128-CBC":{proc:c,eproc:j,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:d,eproc:m,keylen:24,ivlen:8}};var b=function(n){return g[n]["proc"]};var k=function(n){var p=CryptoJS.lib.WordArray.random(n);var o=CryptoJS.enc.Hex.stringify(p);return o};var l=function(t){var u={};var o=t.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(o){u.cipher=o[1];u.ivsalt=o[2]}var n=t.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(n){u.type=n[1]}var r=-1;var v=0;if(t.indexOf("\r\n\r\n")!=-1){r=t.indexOf("\r\n\r\n");v=2}if(t.indexOf("\n\n")!=-1){r=t.indexOf("\n\n");v=1}var q=t.indexOf("-----END");if(r!=-1&&q!=-1){var p=t.substring(r+v*2,q-v);p=p.replace(/\s+/g,"");u.data=p}return u};var h=function(o,w,n){var t=n.substring(0,16);var r=CryptoJS.enc.Hex.parse(t);var p=CryptoJS.enc.Utf8.parse(w);var s=g[o]["keylen"]+g[o]["ivlen"];var v="";var u=null;for(;;){var q=CryptoJS.algo.MD5.create();if(u!=null){q.update(u)}q.update(p);q.update(r);u=q.finalize();v=v+CryptoJS.enc.Hex.stringify(u);if(v.length>=s*2){break}}var x={};x.keyhex=v.substr(0,g[o]["keylen"]*2);x.ivhex=v.substr(g[o]["keylen"]*2,g[o]["ivlen"]*2);return x};var a=function(n,t,p,u){var q=CryptoJS.enc.Base64.parse(n);var o=CryptoJS.enc.Hex.stringify(q);var s=g[t]["proc"];var r=s(o,p,u);return r};var f=function(n,q,o,s){var p=g[q]["eproc"];var r=p(n,o,s);return r};return{version:"1.0.5",getHexFromPEM:function(n,o){return pemtohex(n,o)},getDecryptedKeyHexByKeyIV:function(o,r,q,p){var n=b(r);return n(o,q,p)},parsePKCS5PEM:function(n){return l(n)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(o,n,p){return h(o,n,p)},decryptKeyB64:function(n,p,o,q){return a(n,p,o,q)},getDecryptedKeyHex:function(w,v){var o=l(w);var r=o.type;var p=o.cipher;var n=o.ivsalt;var q=o.data;var u=h(p,v,n);var t=u.keyhex;var s=a(q,p,t,n);return s},getRSAKeyFromEncryptedPKCS5PEM:function(p,o){var q=this.getDecryptedKeyHex(p,o);var n=new RSAKey();n.readPrivateKeyFromASN1HexString(q);return n},getEncryptedPKCS5PEMFromPrvKeyHex:function(q,x,r,p){if(typeof r=="undefined"||r==null){r="AES-256-CBC"}if(typeof g[r]=="undefined"){throw"PKCS5PKEY unsupported algorithm: "+r}if(typeof p=="undefined"||p==null){var t=g[r]["ivlen"];var s=k(t);p=s.toUpperCase()}var w=h(r,x,p);var v=w.keyhex;var u=f(q,r,v,p);var o=u.replace(/(.{64})/g,"$1\r\n");var n="-----BEGIN RSA PRIVATE KEY-----\r\n";n+="Proc-Type: 4,ENCRYPTED\r\n";n+="DEK-Info: "+r+","+p+"\r\n";n+="\r\n";n+=o;n+="\r\n-----END RSA PRIVATE KEY-----\r\n";return n},getEncryptedPKCS5PEMFromRSAKey:function(C,D,o,s){var A=new KJUR.asn1.DERInteger({"int":0});var v=new KJUR.asn1.DERInteger({bigint:C.n});var z=new KJUR.asn1.DERInteger({"int":C.e});var B=new KJUR.asn1.DERInteger({bigint:C.d});var t=new KJUR.asn1.DERInteger({bigint:C.p});var r=new KJUR.asn1.DERInteger({bigint:C.q});var y=new KJUR.asn1.DERInteger({bigint:C.dmp1});var u=new KJUR.asn1.DERInteger({bigint:C.dmq1});var x=new KJUR.asn1.DERInteger({bigint:C.coeff});var E=new KJUR.asn1.DERSequence({array:[A,v,z,B,t,r,y,u,x]});var w=E.getEncodedHex();return this.getEncryptedPKCS5PEMFromPrvKeyHex(w,D,o,s)},newEncryptedPKCS5PEM:function(n,o,r,s){if(typeof o=="undefined"||o==null){o=1024}if(typeof r=="undefined"||r==null){r="10001"}var p=new RSAKey();p.generate(o,r);var q=null;if(typeof s=="undefined"||s==null){q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n)}else{q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n,s)}return q},getRSAKeyFromPlainPKCS8PEM:function(p){if(p.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var o=pemtohex(p,"PRIVATE KEY");var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getRSAKeyFromPlainPKCS8Hex:function(o){var n=new RSAKey();n.readPKCS8PrvKeyHex(o);return n},parseHexOfEncryptedPKCS8:function(w){var z=ASN1HEX;var x=z.getChildIdx;var u=z.getV;var r={};var p=x(w,0);if(p.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+p.length}r.ciphertext=u(w,p[1]);var y=x(w,p[0]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+y.length}if(u(w,y[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var n=x(w,y[1]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+n.length}var o=x(w,n[1]);if(o.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+o.length}if(u(w,o[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}r.encryptionSchemeAlg="TripleDES";r.encryptionSchemeIV=u(w,o[1]);var q=x(w,n[0]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+q.length}if(u(w,q[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var v=x(w,q[1]);if(v.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+v.length}r.pbkdf2Salt=u(w,v[0]);var s=u(w,v[1]);try{r.pbkdf2Iter=parseInt(s,16)}catch(t){throw"malformed format pbkdf2Iter: "+s}return r},getPBKDF2KeyHexFromParam:function(s,n){var r=CryptoJS.enc.Hex.parse(s.pbkdf2Salt);var o=s.pbkdf2Iter;var q=CryptoJS.PBKDF2(n,r,{keySize:192/32,iterations:o});var p=CryptoJS.enc.Hex.stringify(q);return p},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(v,w){var p=pemtohex(v,"ENCRYPTED PRIVATE KEY");var n=this.parseHexOfEncryptedPKCS8(p);var s=PKCS5PKEY.getPBKDF2KeyHexFromParam(n,w);var t={};t.ciphertext=CryptoJS.enc.Hex.parse(n.ciphertext);var r=CryptoJS.enc.Hex.parse(s);var q=CryptoJS.enc.Hex.parse(n.encryptionSchemeIV);var u=CryptoJS.TripleDES.decrypt(t,r,{iv:q});var o=CryptoJS.enc.Hex.stringify(u);return o},getRSAKeyFromEncryptedPKCS8PEM:function(q,p){var o=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,p);var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getKeyFromEncryptedPKCS8PEM:function(q,o){var n=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,o);var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},parsePlainPrivatePKCS8Hex:function(q){var t=ASN1HEX;var s=t.getChildIdx;var r=t.getV;var o={};o.algparam=null;if(q.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var p=s(q,0);if(p.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(q.substr(p[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var n=s(q,p[1]);if(n.length!=2){throw"malformed PKCS8 private key(code:004)"}if(q.substr(n[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}o.algoid=r(q,n[0]);if(q.substr(n[1],2)=="06"){o.algparam=r(q,n[1])}if(q.substr(p[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}o.keyidx=t.getVidx(q,p[2]);return o},getKeyFromPlainPrivatePKCS8PEM:function(o){var n=pemtohex(o,"PRIVATE KEY");var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},getKeyFromPlainPrivatePKCS8Hex:function(n){var o=this.parsePlainPrivatePKCS8Hex(n);var p;if(o.algoid=="2a864886f70d010101"){p=new RSAKey()}else{if(o.algoid=="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(o.algoid=="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}p.readPKCS8PrvKeyHex(n);return p},getRSAKeyFromPublicPKCS8PEM:function(o){var p=pemtohex(o,"PUBLIC KEY");var n=this.getRSAKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8PEM:function(o){var p=pemtohex(o,"PUBLIC KEY");var n=this.getKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8Hex:function(o){var n;var p=ASN1HEX.getVbyList(o,0,[0,0],"06");if(p==="2a864886f70d010101"){n=new RSAKey()}else{if(p==="2a8648ce380401"){n=new KJUR.crypto.DSA()}else{if(p==="2a8648ce3d0201"){n=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}n.readPKCS8PubKeyHex(o);return n},parsePublicRawRSAKeyHex:function(p){var s=ASN1HEX;var r=s.getChildIdx;var q=s.getV;var n={};if(p.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var o=r(p,0);if(o.length!=2){throw"malformed RSA key(code:002)"}if(p.substr(o[0],2)!="02"){throw"malformed RSA key(code:003)"}n.n=q(p,o[0]);if(p.substr(o[1],2)!="02"){throw"malformed RSA key(code:004)"}n.e=q(p,o[1]);return n},parsePrivateRawRSAKeyHexAtObj:function(o,t){var s=ASN1HEX;var r=s.getChildIdx;var p=s.getV;var q=s.getIdxbyList(o,0,[2,0]);var n=r(o,q);if(n.length!==9){throw"malformed PKCS#8 plain RSA private key"}t.key={};t.key.n=p(o,n[1]);t.key.e=p(o,n[2]);t.key.d=p(o,n[3]);t.key.p=p(o,n[4]);t.key.q=p(o,n[5]);t.key.dp=p(o,n[6]);t.key.dq=p(o,n[7]);t.key.co=p(o,n[8])},parsePrivateRawECKeyHexAtObj:function(n,q){var o=q.keyidx;var p=new KJUR.crypto.ECDSA();p.readPKCS8PrvKeyHex(n);q.key=p.prvKeyHex;q.pubkey=p.pubKeyHex},parsePublicPKCS8Hex:function(r){var t=ASN1HEX;var s=t.getChildIdx;var q=t.getV;var o={};o.algparam=null;var p=s(r,0);if(p.length!=2){throw"outer DERSequence shall have 2 elements: "+p.length}var u=p[0];if(r.substr(u,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var n=s(r,u);if(n.length!=2){throw"malformed PKCS8 public key(code:002)"}if(r.substr(n[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}o.algoid=q(r,n[0]);if(r.substr(n[1],2)=="06"){o.algparam=q(r,n[1])}else{if(r.substr(n[1],2)=="30"){o.algparam={};o.algparam.p=t.getVbyList(r,n[1],[0],"02");o.algparam.q=t.getVbyList(r,n[1],[1],"02");o.algparam.g=t.getVbyList(r,n[1],[2],"02")}}if(r.substr(p[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}o.key=q(r,p[1]).substr(2);return o},getRSAKeyFromPublicPKCS8Hex:function(n){var o=new RSAKey();o.readPKCS8PubKeyHex(n);return o},}}(); +var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(v){var w={};var q=v.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(q){w.cipher=q[1];w.ivsalt=q[2]}var p=v.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(p){w.type=p[1]}var u=-1;var x=0;if(v.indexOf("\r\n\r\n")!=-1){u=v.indexOf("\r\n\r\n");x=2}if(v.indexOf("\n\n")!=-1){u=v.indexOf("\n\n");x=1}var t=v.indexOf("-----END");if(u!=-1&&t!=-1){var r=v.substring(u+x*2,t-x);r=r.replace(/\s+/g,"");w.data=r}return w};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",getHexFromPEM:function(p,q){return pemtohex(p,q)},getDecryptedKeyHexByKeyIV:function(q,t,s,r){var p=c(t);return p(q,s,r)},parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getRSAKeyFromEncryptedPKCS5PEM:function(r,q){var s=this.getDecryptedKeyHex(r,q);var p=new RSAKey();p.readPrivateKeyFromASN1HexString(s);return p},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},getEncryptedPKCS5PEMFromRSAKey:function(D,E,r,t){var B=new KJUR.asn1.DERInteger({"int":0});var w=new KJUR.asn1.DERInteger({bigint:D.n});var A=new KJUR.asn1.DERInteger({"int":D.e});var C=new KJUR.asn1.DERInteger({bigint:D.d});var u=new KJUR.asn1.DERInteger({bigint:D.p});var s=new KJUR.asn1.DERInteger({bigint:D.q});var z=new KJUR.asn1.DERInteger({bigint:D.dmp1});var v=new KJUR.asn1.DERInteger({bigint:D.dmq1});var y=new KJUR.asn1.DERInteger({bigint:D.coeff});var F=new KJUR.asn1.DERSequence({array:[B,w,A,C,u,s,z,v,y]});var x=F.getEncodedHex();return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",x,E,r,t)},newEncryptedPKCS5PEM:function(p,q,t,u){if(typeof q=="undefined"||q==null){q=1024}if(typeof t=="undefined"||t==null){t="10001"}var r=new RSAKey();r.generate(q,t);var s=null;if(typeof u=="undefined"||u==null){s=this.getEncryptedPKCS5PEMFromRSAKey(r,p)}else{s=this.getEncryptedPKCS5PEMFromRSAKey(r,p,u)}return s},getRSAKeyFromPlainPKCS8PEM:function(r){if(r.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var q=pemtohex(r,"PRIVATE KEY");var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getRSAKeyFromPlainPKCS8Hex:function(q){var p=new RSAKey();p.readPKCS8PrvKeyHex(q);return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+A.length}if(w(y,A[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=z(y,A[1]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=z(y,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length}if(w(y,s[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=z(y,s[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getRSAKeyFromEncryptedPKCS8PEM:function(s,r){var q=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,r);var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=u(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=u(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}r.readPKCS8PrvKeyHex(p);return r},getRSAKeyFromPublicPKCS8PEM:function(q){var r=pemtohex(q,"PUBLIC KEY");var p=this.getRSAKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8PEM:function(q){var r=pemtohex(q,"PUBLIC KEY");var p=this.getKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=t(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=s(r,q[1]);return p},parsePrivateRawRSAKeyHexAtObj:function(q,v){var u=ASN1HEX;var t=u.getChildIdx;var r=u.getV;var s=u.getIdxbyList(q,0,[2,0]);var p=t(q,s);if(p.length!==9){throw"malformed PKCS#8 plain RSA private key"}v.key={};v.key.n=r(q,p[1]);v.key.e=r(q,p[2]);v.key.d=r(q,p[3]);v.key.p=r(q,p[4]);v.key.q=r(q,p[5]);v.key.dp=r(q,p[6]);v.key.dq=r(q,p[7]);v.key.co=r(q,p[8])},parsePrivateRawECKeyHexAtObj:function(p,s){var q=s.keyidx;var r=new KJUR.crypto.ECDSA();r.readPKCS8PrvKeyHex(p);s.key=r.prvKeyHex;s.pubkey=r.pubKeyHex},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var w=r[0];if(t.substr(w,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=u(t,w);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(t.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=s(t,r[1]).substr(2);return q},getRSAKeyFromPublicPKCS8Hex:function(p){var q=new RSAKey();q.readPKCS8PubKeyHex(p);return q},}}();KEYUTIL.getKey=function(l,k,n){var E=ASN1HEX,I=E.getChildIdx,u=E.getV,d=E.getVbyList,c=KJUR.crypto,i=c.ECDSA,B=c.DSA,v=RSAKey,J=pemtohex;if(typeof v!="undefined"&&l instanceof v){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof B!="undefined"&&l instanceof B){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var L=new v();L.setPublic(l.n,l.e);return L}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var L=new v();L.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return L}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var L=new v();L.setPrivate(l.n,l.e,l.d);return L}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var L=new B();L.setPublic(l.p,l.q,l.g,l.y);return L}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var L=new B();L.setPrivate(l.p,l.q,l.g,l.y,l.x);return L}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var L=new v();L.setPublic(b64utohex(l.n),b64utohex(l.e));return L}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var L=new v();L.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return L}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var L=new v();L.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return L}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var s=j.ecparams.keylen/4;var A=("0000000000"+b64utohex(l.x)).slice(-s);var w=("0000000000"+b64utohex(l.y)).slice(-s);var t="04"+A+w;j.setPublicKeyHex(t);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var s=j.ecparams.keylen/4;var A=("0000000000"+b64utohex(l.x)).slice(-s);var w=("0000000000"+b64utohex(l.y)).slice(-s);var t="04"+A+w;var b=("0000000000"+b64utohex(l.d)).slice(-s);j.setPublicKeyHex(t);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var G=l,E=ASN1HEX,K,L;K=I(G,0);if(K.length===9){L=new v();L.readPrivateKeyFromASN1HexString(l)}else{if(K.length===6){L=new B();L.readPKCS5PrvKeyHex(G)}else{if(K.length>2&&G.substr(K[1],2)==="04"){L=new i();L.readPKCS5PrvKeyHex(G)}else{throw"unsupported PKCS#1/5 hexadecimal key"}}}return L}if(n==="pkcs8prv"){var L=KEYUTIL.getKeyFromPlainPrivatePKCS8Hex(l);return L}if(n==="pkcs8pub"){return KEYUTIL.getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){return KEYUTIL.getKeyFromPublicPKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=J(l,"RSA PRIVATE KEY");return KEYUTIL.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var F=J(l,"DSA PRIVATE KEY");var D=d(F,0,[1],"02");var C=d(F,0,[2],"02");var H=d(F,0,[3],"02");var o=d(F,0,[4],"02");var r=d(F,0,[5],"02");var L=new B();L.setPrivate(new BigInteger(D,16),new BigInteger(C,16),new BigInteger(H,16),new BigInteger(o,16),new BigInteger(r,16));return L}if(l.indexOf("-END PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(l,k)}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var F=KEYUTIL.getDecryptedKeyHex(l,k);var L=d(F,0,[1],"04");var f=d(F,0,[2,0],"06");var z=d(F,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+f}var j=new i({curve:e});j.setPublicKeyHex(z);j.setPrivateKeyHex(L);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var F=KEYUTIL.getDecryptedKeyHex(l,k);var D=d(F,0,[1],"02");var C=d(F,0,[2],"02");var H=d(F,0,[3],"02");var o=d(F,0,[4],"02");var r=d(F,0,[5],"02");var L=new B();L.setPrivate(new BigInteger(D,16),new BigInteger(C,16),new BigInteger(H,16),new BigInteger(o,16),new BigInteger(r,16));return L}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromEncryptedPKCS8PEM(l,k)}throw"not supported argument"};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(b,C,x,l,p){var E=KJUR,j=E.asn1,y=j.DERObjectIdentifier,f=j.DERInteger,k=j.ASN1Util.newObject,a=j.x509,B=a.SubjectPublicKeyInfo,e=E.crypto,t=e.DSA,q=e.ECDSA,m=RSAKey;function z(s){var F=k({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return F}function A(F){var s=k({seq:[{"int":1},{octstr:{hex:F.prvKeyHex}},{tag:["a0",true,{oid:{name:F.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+F.pubKeyHex}}]}]});return s}function w(s){var F=k({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return F}if(((m!==undefined&&b instanceof m)||(t!==undefined&&b instanceof t)||(q!==undefined&&b instanceof q))&&b.isPublic==true&&(C===undefined||C=="PKCS8PUB")){var D=new B(b);var v=D.getEncodedHex();return hextopem(v,"PUBLIC KEY")}if(C=="PKCS1PRV"&&m!==undefined&&b instanceof m&&(x===undefined||x==null)&&b.isPrivate==true){var D=z(b);var v=D.getEncodedHex();return hextopem(v,"RSA PRIVATE KEY")}if(C=="PKCS1PRV"&&q!==undefined&&b instanceof q&&(x===undefined||x==null)&&b.isPrivate==true){var i=new y({name:b.curveName});var u=i.getEncodedHex();var h=A(b);var r=h.getEncodedHex();var o="";o+=hextopem(u,"EC PARAMETERS");o+=hextopem(r,"EC PRIVATE KEY");return o}if(C=="PKCS1PRV"&&t!==undefined&&b instanceof t&&(x===undefined||x==null)&&b.isPrivate==true){var D=w(b);var v=D.getEncodedHex();return hextopem(v,"DSA PRIVATE KEY")}if(C=="PKCS5PRV"&&m!==undefined&&b instanceof m&&(x!==undefined&&x!=null)&&b.isPrivate==true){var D=z(b);var v=D.getEncodedHex();if(l===undefined){l="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",v,x,l)}if(C=="PKCS5PRV"&&q!==undefined&&b instanceof q&&(x!==undefined&&x!=null)&&b.isPrivate==true){var D=A(b);var v=D.getEncodedHex();if(l===undefined){l="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",v,x,l)}if(C=="PKCS5PRV"&&t!==undefined&&b instanceof t&&(x!==undefined&&x!=null)&&b.isPrivate==true){var D=w(b);var v=D.getEncodedHex();if(l===undefined){l="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",v,x,l)}var n=function(F,s){var H=c(F,s);var G=new k({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:H.pbkdf2Salt}},{"int":H.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:H.encryptionSchemeIV}}]}]}]},{octstr:{hex:H.ciphertext}}]});return G.getEncodedHex()};var c=function(M,N){var G=100;var L=CryptoJS.lib.WordArray.random(8);var K="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var H=CryptoJS.PBKDF2(N,L,{keySize:192/32,iterations:G});var I=CryptoJS.enc.Hex.parse(M);var J=CryptoJS.TripleDES.encrypt(I,H,{iv:s})+"";var F={};F.ciphertext=J;F.pbkdf2Salt=CryptoJS.enc.Hex.stringify(L);F.pbkdf2Iter=G;F.encryptionSchemeAlg=K;F.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return F};if(C=="PKCS8PRV"&&m!=undefined&&b instanceof m&&b.isPrivate==true){var g=z(b);var d=g.getEncodedHex();var D=k({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var v=D.getEncodedHex();if(x===undefined||x==null){return hextopem(v,"PRIVATE KEY")}else{var r=n(v,x);return hextopem(r,"ENCRYPTED PRIVATE KEY")}}if(C=="PKCS8PRV"&&q!==undefined&&b instanceof q&&b.isPrivate==true){var g=new k({seq:[{"int":1},{octstr:{hex:b.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]}]});var d=g.getEncodedHex();var D=k({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var v=D.getEncodedHex();if(x===undefined||x==null){return hextopem(v,"PRIVATE KEY")}else{var r=n(v,x);return hextopem(r,"ENCRYPTED PRIVATE KEY")}}if(C=="PKCS8PRV"&&t!==undefined&&b instanceof t&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.getEncodedHex();var D=k({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var v=D.getEncodedHex();if(x===undefined||x==null){return hextopem(v,"PRIVATE KEY")}else{var r=n(v,x);return hextopem(r,"ENCRYPTED PRIVATE KEY")}}throw"unsupported object nor format"};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var e=f(g,0);if(e.length<1){throw"malformed CSR(code:002)"}if(g.substr(e[0],2)!="30"){throw"malformed CSR(code:003)"}var a=f(g,e[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getJWKFromKey=function(d){var b={};if(d instanceof RSAKey&&d.isPrivate){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));b.d=hextob64u(d.d.toString(16));b.p=hextob64u(d.p.toString(16));b.q=hextob64u(d.q.toString(16));b.dp=hextob64u(d.dmp1.toString(16));b.dq=hextob64u(d.dmq1.toString(16));b.qi=hextob64u(d.coeff.toString(16));return b}else{if(d instanceof RSAKey&&d.isPublic){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPrivate){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);b.d=hextob64u(d.prvKeyHex);return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPublic){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);return b}}}}throw"not supported key object"}; +RSAKey.pemToBase64=function(a){return hextob64(pemtohex(a))};RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(e){var c=RSAKey.pemToBase64(e);var d=b64tohex(c);var b=RSAKey.getHexValueArrayOfChildrenFromHex(d);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPrivateKeyFromASN1HexString=function(a){this.readPKCS5PrvKeyHex(a)};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,j,l,b,a,f,d,k;var m=ASN1HEX;var g=m.getVbyList;if(m.isASN1HEX(e)===false){throw"not ASN.1 hex string"}try{c=g(e,0,[2,0,1],"02");j=g(e,0,[2,0,2],"02");l=g(e,0,[2,0,3],"02");b=g(e,0,[2,0,4],"02");a=g(e,0,[2,0,5],"02");f=g(e,0,[2,0,6],"02");d=g(e,0,[2,0,7],"02");k=g(e,0,[2,0,8],"02")}catch(i){throw"malformed PKCS#8 plain RSA private key"}this.setPrivateEx(c,j,l,b,a,f,d,k)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw"keyHex is not ASN.1 hex string"}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw"wrong hex for PKCS#5 public key"}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw"not ASN.1 hex string"}if(c.getTLVbyList(b,0,[0,0])!=="06092a864886f70d010101"){throw"not PKCS8 RSA public key"}var a=c.getTLVbyList(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("");_RE_HEXDECONLY.compile("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}function _rsasign_signStringPSS(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)}function _rsasign_signWithMessageHashPSS(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw"invalid salt length"}}}if(c<(g+k+2)){throw"data too long"}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)}function _rsasign_verifyWithMessageHash(e,a){a=a.replace(_RE_HEXDECONLY,"");a=a.replace(/[ \n]+/g,"");var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)}function _rsasign_verifyStringPSS(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)}function _rsasign_verifyWithMessageHashPSS(f,s,l,c){var k=new BigInteger(s,16);if(k.bitLength()>this.n.bitLength()){return false}var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw"invalid salt length"}}}if(m<(h+c+2)){throw"data too long"}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw"bits beyond keysize not zero"}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q0){var c=":"+j.join(":")+":";if(c.indexOf(":"+h+":")==-1){throw"algorithm '"+h+"' not accepted in the list"}}if(h!="none"&&t===null){throw"key shall be specified to verify."}if(typeof t=="string"&&t.indexOf("-----BEGIN ")!=-1){t=KEYUTIL.getKey(t)}if(s=="RS"||s=="PS"){if(!(t instanceof RSAKey)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(s=="ES"){if(!(t instanceof KJUR.crypto.ECDSA)){throw"key shall be a ECDSA obj for ES* algs"}}if(h=="none"){}var n=null;if(m.jwsalg2sigalg[i.alg]===undefined){throw"unsupported alg name: "+h}else{n=m.jwsalg2sigalg[h]}if(n=="none"){throw"not supported"}else{if(n.substr(0,4)=="Hmac"){var k=null;if(t===undefined){throw"hexadecimal key shall be specified for HMAC"}var g=new KJUR.crypto.Mac({alg:n,pass:t});g.updateString(b);k=g.doFinal();return r==k}else{if(n.indexOf("withECDSA")!=-1){var f=null;try{f=KJUR.crypto.ECDSA.concatSigToASN1Sig(r)}catch(o){return false}var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(f)}else{var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(r)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(d,j,l){var h=KJUR.jws.JWS;var i=d.split(".");var c=i[0];var g=i[1];var m=c+"."+g;var k=b64utohex(i[2]);var f=h.readSafeJSONString(b64utoutf8(c));var e=h.readSafeJSONString(b64utoutf8(g));if(f.alg===undefined){return false}if(l.alg===undefined){throw"acceptField.alg shall be specified"}if(!h.inArray(f.alg,l.alg)){return false}if(e.iss!==undefined&&typeof l.iss==="object"){if(!h.inArray(e.iss,l.iss)){return false}}if(e.sub!==undefined&&typeof l.sub==="object"){if(!h.inArray(e.sub,l.sub)){return false}}if(e.aud!==undefined&&typeof l.aud==="object"){if(typeof e.aud=="string"){if(!h.inArray(e.aud,l.aud)){return false}}else{if(typeof e.aud=="object"){if(!h.includedArray(e.aud,l.aud)){return false}}}}var b=KJUR.jws.IntDate.getNow();if(l.verifyAt!==undefined&&typeof l.verifyAt==="number"){b=l.verifyAt}if(l.gracePeriod===undefined||typeof l.gracePeriod!=="number"){l.gracePeriod=0}if(e.exp!==undefined&&typeof e.exp=="number"){if(e.exp+l.gracePeriodj){this.aHeader.pop()}if(this.aSignature.length>j){this.aSignature.pop()}throw"addSignature failed: "+g}};this.addSignatureByHeaderKey=function(f,c){var e=b64utoutf8(this.sPayload);var d=new KJUR.jws.JWS();var g=d.generateJWSByP1PrvKey(f,e,c);this.aHeader.push(d.parsedJWS.headB64U);this.aSignature.push(d.parsedJWS.sigvalB64U)};this.addSignatureByHeaderPayloadKey=function(f,e,c){var d=new KJUR.jws.JWS();var g=d.generateJWSByP1PrvKey(f,e,c);this.aHeader.push(d.parsedJWS.headB64U);this.sPayload=d.parsedJWS.payloadB64U;this.aSignature.push(d.parsedJWS.sigvalB64U)};this.verifyAll=function(f){if(this.aHeader.length!==f.length||this.aSignature.length!==f.length){return false}for(var e=0;e0){this.aHeader=e.headers}else{throw"malformed header"}if(typeof e.payload==="string"){this.sPayload=e.payload}else{throw"malformed signatures"}if(e.signatures.length>0){this.signatures=e.signatures}else{throw"malformed signatures"}}catch(c){throw"malformed JWS-JS JSON object: "+c}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; +function X509(){var k=ASN1HEX,j=k.getChildIdx,h=k.getV,b=k.getTLV,f=k.getVbyList,c=k.getTLVbyList,g=k.getIdxbyList,d=k.getVidx,i=k.oidname,a=X509,e=pemtohex;this.hex=null;this.version=0;this.foffset=0;this.aExtInfo=null;this.subjectPublicKeyRSA=null;this.subjectPublicKeyRSA_hN=null;this.subjectPublicKeyRSA_hE=null;this.getVersion=function(){if(this.hex===null||this.version!==0){return this.version}if(c(this.hex,0,[0,0])!=="a003020102"){this.version=1;this.foffset=-1;return 1}this.version=3;return 3};this.getSerialNumberHex=function(){return f(this.hex,0,[0,1+this.foffset],"02")};this.getSignatureAlgorithmField=function(){return i(f(this.hex,0,[0,2+this.foffset,0],"06"))};this.getIssuerHex=function(){return c(this.hex,0,[0,3+this.foffset],"30")};this.getIssuerString=function(){return a.hex2dn(this.getIssuerHex())};this.getSubjectHex=function(){return c(this.hex,0,[0,5+this.foffset],"30")};this.getSubjectString=function(){return a.hex2dn(this.getSubjectHex())};this.getNotBefore=function(){var l=f(this.hex,0,[0,4+this.foffset,0]);l=l.replace(/(..)/g,"%$1");l=decodeURIComponent(l);return l};this.getNotAfter=function(){var l=f(this.hex,0,[0,4+this.foffset,1]);l=l.replace(/(..)/g,"%$1");l=decodeURIComponent(l);return l};this.getPublicKeyHex=function(){return k.getTLVbyList(this.hex,0,[0,6+this.foffset],"30")};this.getPublicKeyIdx=function(){return g(this.hex,0,[0,6+this.foffset],"30")};this.getPublicKey=function(){return KEYUTIL.getKey(this.getPublicKeyHex(),null,"pkcs8pub")};this.getSignatureAlgorithmName=function(){return i(f(this.hex,0,[1,0],"06"))};this.getSignatureValueHex=function(){return f(this.hex,0,[2],"03",true)};this.verifySignature=function(n){var o=this.getSignatureAlgorithmName();var l=this.getSignatureValueHex();var m=c(this.hex,0,[0],"30");var p=new KJUR.crypto.Signature({alg:o});p.init(n);p.updateHex(m);return p.verify(l)};this.parseExt=function(){if(this.version!==3){return -1}var p=g(this.hex,0,[0,7,0],"30");var m=j(this.hex,p);this.aExtInfo=new Array();for(var n=0;n0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.addSignatureByHeaderKey=function(h,e){var g=b64utoutf8(this.sPayload);var f=new KJUR.jws.JWS();var i=f.generateJWSByP1PrvKey(h,g,e);this.aHeader.push(f.parsedJWS.headB64U);this.aSignature.push(f.parsedJWS.sigvalB64U)};this.addSignatureByHeaderPayloadKey=function(h,g,e){var f=new KJUR.jws.JWS();var i=f.generateJWSByP1PrvKey(h,g,e);this.aHeader.push(f.parsedJWS.headB64U);this.sPayload=f.parsedJWS.payloadB64U;this.aSignature.push(f.parsedJWS.sigvalB64U)};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.signatures=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/jsrsasign-jwths-min.js b/jsrsasign-jwths-min.js index c17bd143..62da7fed 100644 --- a/jsrsasign-jwths-min.js +++ b/jsrsasign-jwths-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(jwths) 7.2.0 (2017-05-21) (c) 2010-2017 Kenji Urushima | kjur.github.com/jsrsasign/license + * jsrsasign(jwths) 7.2.1 (2017-06-04) (c) 2010-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* @@ -121,12 +121,6 @@ var rng_state;var rng_pool;var rng_pptr;function rng_seed_int(a){rng_pool[rng_pp /*! Mike Samuel (c) 2009 | code.google.com/p/json-sans-eval */ var jsonParse=(function(){var e="(?:-?\\b(?:0|[1-9][0-9]*)(?:\\.[0-9]+)?(?:[eE][+-]?[0-9]+)?\\b)";var j='(?:[^\\0-\\x08\\x0a-\\x1f"\\\\]|\\\\(?:["/\\\\bfnrt]|u[0-9A-Fa-f]{4}))';var i='(?:"'+j+'*")';var d=new RegExp("(?:false|true|null|[\\{\\}\\[\\]]|"+e+"|"+i+")","g");var k=new RegExp("\\\\(?:([^u])|u(.{4}))","g");var g={'"':'"',"/":"/","\\":"\\",b:"\b",f:"\f",n:"\n",r:"\r",t:"\t"};function h(l,m,n){return m?g[m]:String.fromCharCode(parseInt(n,16))}var c=new String("");var a="\\";var f={"{":Object,"[":Array};var b=Object.hasOwnProperty;return function(u,q){var p=u.match(d);var x;var v=p[0];var l=false;if("{"===v){x={}}else{if("["===v){x=[]}else{x=[];l=true}}var t;var r=[x];for(var o=1-l,m=p.length;o=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); -/*! base64x-1.1.11 (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -var KJUR;if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.lang=="undefined"||!KJUR.lang){KJUR.lang={}}KJUR.lang.String=function(){};function Base64x(){}function stoBA(d){var b=new Array();for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f0){var c=":"+j.join(":")+":";if(c.indexOf(":"+h+":")==-1){throw"algorithm '"+h+"' not accepted in the list"}}if(h!="none"&&t===null){throw"key shall be specified to verify."}if(typeof t=="string"&&t.indexOf("-----BEGIN ")!=-1){t=KEYUTIL.getKey(t)}if(s=="RS"||s=="PS"){if(!(t instanceof RSAKey)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(s=="ES"){if(!(t instanceof KJUR.crypto.ECDSA)){throw"key shall be a ECDSA obj for ES* algs"}}if(h=="none"){}var n=null;if(m.jwsalg2sigalg[i.alg]===undefined){throw"unsupported alg name: "+h}else{n=m.jwsalg2sigalg[h]}if(n=="none"){throw"not supported"}else{if(n.substr(0,4)=="Hmac"){var k=null;if(t===undefined){throw"hexadecimal key shall be specified for HMAC"}var g=new KJUR.crypto.Mac({alg:n,pass:t});g.updateString(b);k=g.doFinal();return r==k}else{if(n.indexOf("withECDSA")!=-1){var f=null;try{f=KJUR.crypto.ECDSA.concatSigToASN1Sig(r)}catch(o){return false}var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(f)}else{var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(r)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(d,j,l){var h=KJUR.jws.JWS;var i=d.split(".");var c=i[0];var g=i[1];var m=c+"."+g;var k=b64utohex(i[2]);var f=h.readSafeJSONString(b64utoutf8(c));var e=h.readSafeJSONString(b64utoutf8(g));if(f.alg===undefined){return false}if(l.alg===undefined){throw"acceptField.alg shall be specified"}if(!h.inArray(f.alg,l.alg)){return false}if(e.iss!==undefined&&typeof l.iss==="object"){if(!h.inArray(e.iss,l.iss)){return false}}if(e.sub!==undefined&&typeof l.sub==="object"){if(!h.inArray(e.sub,l.sub)){return false}}if(e.aud!==undefined&&typeof l.aud==="object"){if(typeof e.aud=="string"){if(!h.inArray(e.aud,l.aud)){return false}}else{if(typeof e.aud=="object"){if(!h.includedArray(e.aud,l.aud)){return false}}}}var b=KJUR.jws.IntDate.getNow();if(l.verifyAt!==undefined&&typeof l.verifyAt==="number"){b=l.verifyAt}if(l.gracePeriod===undefined||typeof l.gracePeriod!=="number"){l.gracePeriod=0}if(e.exp!==undefined&&typeof e.exp=="number"){if(e.exp+l.gracePeriod0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriod=a.length){return null}}var e="";while(++f191)&&(h<224)){e+=String.fromCharCode(((h&31)<<6)|(a[f+1]&63));++f}else{e+=String.fromCharCode(((h&15)<<12)|((a[f+1]&63)<<6)|(a[f+2]&63));f+=2}}}return e}function oaep_mgf1_str(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255]));d+=1}return b}function oaep_unpad(o,b,g,p){var e=KJUR.crypto.MessageDigest;var r=KJUR.crypto.Util;var c=null;if(!g){g="sha1"}if(typeof g==="string"){c=e.getCanonicalAlgName(g);p=e.getHashLength(c);g=function(d){return hextorstr(r.hashString(d,c))}}o=o.toByteArray();var h;for(h=0;h0&&a.length>0){this.n=parseBigInt(c,16);this.e=parseInt(a,16);this.d=parseBigInt(b,16)}else{alert("Invalid RSA private key")}}}function RSASetPrivateEx(g,d,e,c,b,a,h,f){this.isPrivate=true;this.isPublic=false;if(g==null){throw"RSASetPrivateEx N == null"}if(d==null){throw"RSASetPrivateEx E == null"}if(g.length==0){throw"RSASetPrivateEx N.length == 0"}if(d.length==0){throw"RSASetPrivateEx E.length == 0"}if(g!=null&&d!=null&&g.length>0&&d.length>0){this.n=parseBigInt(g,16);this.e=parseInt(d,16);this.d=parseBigInt(e,16);this.p=parseBigInt(c,16);this.q=parseBigInt(b,16);this.dmp1=parseBigInt(a,16);this.dmq1=parseBigInt(h,16);this.coeff=parseBigInt(f,16)}else{alert("Invalid RSA private key in RSASetPrivateEx")}}function RSAGenerate(b,i){var a=new SecureRandom();var f=b>>1;this.e=parseInt(i,16);var c=new BigInteger(i,16);for(;;){for(;;){this.p=new BigInteger(b-f,1,a);if(this.p.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.p.isProbablePrime(10)){break}}for(;;){this.q=new BigInteger(f,1,a);if(this.q.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.q.isProbablePrime(10)){break}}if(this.p.compareTo(this.q)<=0){var h=this.p;this.p=this.q;this.q=h}var g=this.p.subtract(BigInteger.ONE);var d=this.q.subtract(BigInteger.ONE);var e=g.multiply(d);if(e.gcd(c).compareTo(BigInteger.ONE)==0){this.n=this.p.multiply(this.q);this.d=c.modInverse(e);this.dmp1=this.d.mod(g);this.dmq1=this.d.mod(d);this.coeff=this.q.modInverse(this.p);break}}this.isPrivate=true}function RSADoPrivate(a){if(this.p==null||this.q==null){return a.modPow(this.d,this.n)}var c=a.mod(this.p).modPow(this.dmp1,this.p);var b=a.mod(this.q).modPow(this.dmq1,this.q);while(c.compareTo(b)<0){c=c.add(this.p)}return c.subtract(b).multiply(this.coeff).mod(this.p).multiply(this.q).add(b)}function RSADecrypt(b){var d=parseBigInt(b,16);var a=this.doPrivate(d);if(a==null){return null}return pkcs1unpad2(a,(this.n.bitLength()+7)>>3)}function RSADecryptOAEP(e,d,b){var f=parseBigInt(e,16);var a=this.doPrivate(f);if(a==null){return null}return oaep_unpad(a,(this.n.bitLength()+7)>>3,d,b)}RSAKey.prototype.doPrivate=RSADoPrivate;RSAKey.prototype.setPrivate=RSASetPrivate;RSAKey.prototype.setPrivateEx=RSASetPrivateEx;RSAKey.prototype.generate=RSAGenerate;RSAKey.prototype.decrypt=RSADecrypt;RSAKey.prototype.decryptOAEP=RSADecryptOAEP; -/*! asn1-1.0.12.js (c) 2013-2016 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw"ASN.1 length too long to represent by 8x: n = "+i.toString(16)}var f=128+g;return f.toString(16)+h}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(this.s)};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(f){utc=f.getTime()+(f.getTimezoneOffset()*60000);var e=new Date(utc);return e};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";this.hTLV="0101ff"};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=(l*2))){break}if(d>=200){break}g.push(b);c=b;d++}return g};ASN1HEX.getPosArrayOfChildren_AtObj=ASN1HEX.getChildIdx;ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getNthChildIndex_AtObj=ASN1HEX.getNthChildIdx;ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){throw"checking tag doesn't match: "+e.substr(d,2)+"!="+i}}return d}f=c.shift();b=g.getChildIdx(e,d);return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getDecendantIndexByNthList=ASN1HEX.getIdxbyList;ASN1HEX.getTLVbyList=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyList(d,c,b);if(a===undefined){throw"can't find nthList object"}if(f!==undefined){if(d.substr(a,2)!=f){throw"checking tag doesn't match: "+d.substr(a,2)+"!="+f}}return e.getTLV(d,a)};ASN1HEX.getDecendantHexTLVByNthList=ASN1HEX.getTLVbyList;ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a===undefined){throw"can't find nthList object"}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getDecendantHexVByNthList=ASN1HEX.getVbyList;ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;if(e.substr(l,2)=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(e.substr(l,2)=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(e.substr(l,2)=="03"){var h=j(e,l);return g+"BITSTRING "+q(h,x)+"\n"}if(e.substr(l,2)=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(e.substr(l,2)=="05"){return g+"NULL\n"}if(e.substr(l,2)=="06"){var m=j(e,l);var a=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(a);var b=a.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+b+")\n"}else{return g+"ObjectIdentifier ("+b+")\n"}}if(e.substr(l,2)=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(e.substr(l,2)=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(e.substr(l,2)=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b15){throw"ASN.1 length too long to represent by 8x: n = "+i.toString(16)}var f=128+g;return f.toString(16)+h}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(this.s)};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(f){utc=f.getTime()+(f.getTimezoneOffset()*60000);var e=new Date(utc);return e};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";this.hTLV="0101ff"};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=(l*2))){break}if(d>=200){break}g.push(b);c=b;d++}return g};ASN1HEX.getPosArrayOfChildren_AtObj=ASN1HEX.getChildIdx;ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getNthChildIndex_AtObj=ASN1HEX.getNthChildIdx;ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){throw"checking tag doesn't match: "+e.substr(d,2)+"!="+i}}return d}f=c.shift();b=g.getChildIdx(e,d);return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getDecendantIndexByNthList=ASN1HEX.getIdxbyList;ASN1HEX.getTLVbyList=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyList(d,c,b);if(a===undefined){throw"can't find nthList object"}if(f!==undefined){if(d.substr(a,2)!=f){throw"checking tag doesn't match: "+d.substr(a,2)+"!="+f}}return e.getTLV(d,a)};ASN1HEX.getDecendantHexTLVByNthList=ASN1HEX.getTLVbyList;ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a===undefined){throw"can't find nthList object"}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getDecendantHexVByNthList=ASN1HEX.getVbyList;ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;if(e.substr(l,2)=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(e.substr(l,2)=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(e.substr(l,2)=="03"){var h=j(e,l);return g+"BITSTRING "+q(h,x)+"\n"}if(e.substr(l,2)=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(e.substr(l,2)=="05"){return g+"NULL\n"}if(e.substr(l,2)=="06"){var m=j(e,l);var a=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(a);var b=a.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+b+")\n"}else{return g+"ObjectIdentifier ("+b+")\n"}}if(e.substr(l,2)=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(e.substr(l,2)=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(e.substr(l,2)=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}function _rsasign_signStringPSS(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)}function _rsasign_signWithMessageHashPSS(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw"invalid salt length"}}}if(c<(g+k+2)){throw"data too long"}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)}function _rsasign_verifyWithMessageHash(e,a){a=a.replace(_RE_HEXDECONLY,"");a=a.replace(/[ \n]+/g,"");var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)}function _rsasign_verifyStringPSS(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)}function _rsasign_verifyWithMessageHashPSS(f,s,l,c){var k=new BigInteger(s,16);if(k.bitLength()>this.n.bitLength()){return false}var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw"invalid salt length"}}}if(m<(h+c+2)){throw"data too long"}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw"bits beyond keysize not zero"}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q15){throw"ASN.1 length too long to represent by 8x: n = "+i.toString(16)}var f=128+g;return f.toString(16)+h}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(this.s)};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(f){utc=f.getTime()+(f.getTimezoneOffset()*60000);var e=new Date(utc);return e};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";this.hTLV="0101ff"};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||715){throw"ASN.1 length too long to represent by 8x: n = "+i.toString(16)}var f=128+g;return f.toString(16)+h}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(this.s)};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(f){utc=f.getTime()+(f.getTimezoneOffset()*60000);var e=new Date(utc);return e};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";this.hTLV="0101ff"};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||70){h=new a.DERTaggedObject({obj:this.dUnsignedAttrs,tag:"a1",explicit:false})}var g=[this.dCMSVersion,this.dSignerIdentifier,this.dDigestAlgorithm,e,this.dSigAlg,this.dSig,];if(h!=null){g.push(h)}var f=new a.DERSequence({array:g});this.hTLV=f.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.SignerInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.EncapsulatedContentInfo=function(c){KJUR.asn1.cms.EncapsulatedContentInfo.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dEContentType=new a.DERObjectIdentifier({name:"data"});this.dEContent=null;this.isDetached=false;this.eContentValueHex=null;this.setContentType=function(e){if(e.match(/^[0-2][.][0-9.]+$/)){this.dEContentType=new a.DERObjectIdentifier({oid:e})}else{this.dEContentType=new a.DERObjectIdentifier({name:e})}};this.setContentValue=function(e){if(typeof e!="undefined"){if(typeof e.hex=="string"){this.eContentValueHex=e.hex}else{if(typeof e.str=="string"){this.eContentValueHex=utf8tohex(e.str)}}}};this.setContentValueHex=function(e){this.eContentValueHex=e};this.setContentValueStr=function(e){this.eContentValueHex=utf8tohex(e)};this.getEncodedHex=function(){if(typeof this.eContentValueHex!="string"){throw"eContentValue not yet set"}var g=new a.DEROctetString({hex:this.eContentValueHex});this.dEContent=new a.DERTaggedObject({obj:g,tag:"a0",explicit:true});var e=[this.dEContentType];if(!this.isDetached){e.push(this.dEContent)}var f=new a.DERSequence({array:e});this.hTLV=f.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.EncapsulatedContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.ContentInfo=function(c){KJUR.asn1.cms.ContentInfo.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dContentType=null;this.dContent=null;this.setContentType=function(e){if(typeof e=="string"){this.dContentType=d.OID.name2obj(e)}};this.getEncodedHex=function(){var f=new a.DERTaggedObject({obj:this.dContent,tag:"a0",explicit:true});var e=new a.DERSequence({array:[this.dContentType,f]});this.hTLV=e.getEncodedHex();return this.hTLV};if(typeof c!="undefined"){if(c.type){this.setContentType(c.type)}if(c.obj&&c.obj instanceof a.ASN1Object){this.dContent=c.obj}}};YAHOO.lang.extend(KJUR.asn1.cms.ContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.SignedData=function(c){KJUR.asn1.cms.SignedData.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dCMSVersion=new a.DERInteger({"int":1});this.dDigestAlgs=null;this.digestAlgNameList=[];this.dEncapContentInfo=new b.EncapsulatedContentInfo();this.dCerts=null;this.certificateList=[];this.crlList=[];this.signerInfoList=[new b.SignerInfo()];this.addCertificatesByPEM=function(e){var f=ASN1HEX.pemToHex(e);var g=new a.ASN1Object();g.hTLV=f;this.certificateList.push(g)};this.getEncodedHex=function(){if(typeof this.hTLV=="string"){return this.hTLV}if(this.dDigestAlgs==null){var k=[];for(var j=0;j0){var l=new a.DERSet({array:this.certificateList});this.dCerts=new a.DERTaggedObject({obj:l,tag:"a0",explicit:false})}}if(this.dCerts!=null){e.push(this.dCerts)}var g=new a.DERSet({array:this.signerInfoList});e.push(g);var f=new a.DERSequence({array:e});this.hTLV=f.getEncodedHex();return this.hTLV};this.getContentInfo=function(){this.getEncodedHex();var e=new b.ContentInfo({type:"signed-data",obj:this});return e};this.getContentInfoEncodedHex=function(){var e=this.getContentInfo();var f=e.getEncodedHex();return f};this.getPEM=function(){var e=this.getContentInfoEncodedHex();var f=a.ASN1Util.getPEMStringFromHex(e,"CMS");return f}};YAHOO.lang.extend(KJUR.asn1.cms.SignedData,KJUR.asn1.ASN1Object);KJUR.asn1.cms.CMSUtil=new function(){};KJUR.asn1.cms.CMSUtil.newSignedData=function(a){var h=KJUR.asn1.cms;var g=KJUR.asn1.cades;var f=new h.SignedData();f.dEncapContentInfo.setContentValue(a.content);if(typeof a.certs=="object"){for(var b=0;b0){r=new b({obj:this.dUnsignedAttrs,tag:"a1",explicit:false})}var q=[this.dCMSVersion,this.dSignerIdentifier,this.dDigestAlgorithm,o,this.dSigAlg,this.dSig,];if(r!=null){q.push(r)}var p=new h.DERSequence({array:q});this.hTLV=p.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.SignerInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.EncapsulatedContentInfo=function(g){var c=KJUR,b=c.asn1,e=b.DERTaggedObject,a=b.DERSequence,h=b.DERObjectIdentifier,d=b.DEROctetString,f=b.cms;f.EncapsulatedContentInfo.superclass.constructor.call(this);this.dEContentType=new h({name:"data"});this.dEContent=null;this.isDetached=false;this.eContentValueHex=null;this.setContentType=function(i){if(i.match(/^[0-2][.][0-9.]+$/)){this.dEContentType=new h({oid:i})}else{this.dEContentType=new h({name:i})}};this.setContentValue=function(i){if(i!==undefined){if(typeof i.hex=="string"){this.eContentValueHex=i.hex}else{if(typeof i.str=="string"){this.eContentValueHex=utf8tohex(i.str)}}}};this.setContentValueHex=function(i){this.eContentValueHex=i};this.setContentValueStr=function(i){this.eContentValueHex=utf8tohex(i)};this.getEncodedHex=function(){if(typeof this.eContentValueHex!="string"){throw"eContentValue not yet set"}var k=new d({hex:this.eContentValueHex});this.dEContent=new e({obj:k,tag:"a0",explicit:true});var i=[this.dEContentType];if(!this.isDetached){i.push(this.dEContent)}var j=new a({array:i});this.hTLV=j.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.EncapsulatedContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.ContentInfo=function(f){var c=KJUR,b=c.asn1,d=b.DERTaggedObject,a=b.DERSequence,e=b.x509;KJUR.asn1.cms.ContentInfo.superclass.constructor.call(this);this.dContentType=null;this.dContent=null;this.setContentType=function(g){if(typeof g=="string"){this.dContentType=e.OID.name2obj(g)}};this.getEncodedHex=function(){var h=new d({obj:this.dContent,tag:"a0",explicit:true});var g=new a({array:[this.dContentType,h]});this.hTLV=g.getEncodedHex();return this.hTLV};if(f!==undefined){if(f.type){this.setContentType(f.type)}if(f.obj&&f.obj instanceof b.ASN1Object){this.dContent=f.obj}}};YAHOO.lang.extend(KJUR.asn1.cms.ContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.SignedData=function(e){var a=KJUR,h=a.asn1,j=h.ASN1Object,g=h.DERInteger,m=h.DERSet,f=h.DERSequence,b=h.DERTaggedObject,l=h.cms,i=l.EncapsulatedContentInfo,d=l.SignerInfo,n=l.ContentInfo,c=h.x509,k=c.AlgorithmIdentifier;KJUR.asn1.cms.SignedData.superclass.constructor.call(this);this.dCMSVersion=new g({"int":1});this.dDigestAlgs=null;this.digestAlgNameList=[];this.dEncapContentInfo=new i();this.dCerts=null;this.certificateList=[];this.crlList=[];this.signerInfoList=[new d()];this.addCertificatesByPEM=function(p){var q=pemtohex(p);var r=new j();r.hTLV=q;this.certificateList.push(r)};this.getEncodedHex=function(){if(typeof this.hTLV=="string"){return this.hTLV}if(this.dDigestAlgs==null){var u=[];for(var t=0;t0){var v=new m({array:this.certificateList});this.dCerts=new b({obj:v,tag:"a0",explicit:false})}}if(this.dCerts!=null){p.push(this.dCerts)}var r=new m({array:this.signerInfoList});p.push(r);var q=new f({array:p});this.hTLV=q.getEncodedHex();return this.hTLV};this.getContentInfo=function(){this.getEncodedHex();var o=new n({type:"signed-data",obj:this});return o};this.getContentInfoEncodedHex=function(){var o=this.getContentInfo();var p=o.getEncodedHex();return p};this.getPEM=function(){return hextopem(this.getContentInfoEncodedHex(),"CMS")}};YAHOO.lang.extend(KJUR.asn1.cms.SignedData,KJUR.asn1.ASN1Object);KJUR.asn1.cms.CMSUtil=new function(){};KJUR.asn1.cms.CMSUtil.newSignedData=function(d){var b=KJUR,j=b.asn1,q=j.cms,f=q.SignerInfo,n=q.SignedData,o=q.SigningTime,a=q.SigningCertificate,p=q.SigningCertificateV2,c=j.cades,e=c.SignaturePolicyIdentifier;var m=new n();m.dEncapContentInfo.setContentValue(d.content);if(typeof d.certs=="object"){for(var h=0;h0){var e=new KJUR.asn1.DERSequence({array:this.extensionsArray});var d=new KJUR.asn1.DERSet({array:[e]});var c=new KJUR.asn1.DERSequence({array:[new KJUR.asn1.DERObjectIdentifier({oid:"1.2.840.113549.1.9.14"}),d]});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a0",obj:c});this.asn1Array.push(b)}else{var b=new KJUR.asn1.DERTaggedObject({explicit:false,tag:"a0",obj:new KJUR.asn1.DERNull()});this.asn1Array.push(b)}var f=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=f.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.csr.CertificationRequestInfo,KJUR.asn1.ASN1Object);KJUR.asn1.csr.CSRUtil=new function(){};KJUR.asn1.csr.CSRUtil.newCSRPEM=function(g){var d=KJUR.asn1.csr;if(g.subject===undefined){throw"parameter subject undefined"}if(g.sbjpubkey===undefined){throw"parameter sbjpubkey undefined"}if(g.sigalg===undefined){throw"parameter sigalg undefined"}if(g.sbjprvkey===undefined){throw"parameter sbjpubkey undefined"}var b=new d.CertificationRequestInfo();b.setSubjectByParam(g.subject);b.setSubjectPublicKeyByGetKey(g.sbjpubkey);if(g.ext!==undefined&&g.ext.length!==undefined){for(var c=0;c0){var s=new f({array:this.extensionsArray});var r=new m({array:[s]});var q=new f({array:[new k({oid:"1.2.840.113549.1.9.14"}),r]});var p=new c({explicit:true,tag:"a0",obj:q});this.asn1Array.push(p)}else{var p=new c({explicit:false,tag:"a0",obj:new j()});this.asn1Array.push(p)}var t=new f({array:this.asn1Array});this.hTLV=t.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.csr.CertificationRequestInfo,KJUR.asn1.ASN1Object);KJUR.asn1.csr.CSRUtil=new function(){};KJUR.asn1.csr.CSRUtil.newCSRPEM=function(h){var c=KEYUTIL,b=KJUR.asn1.csr;if(h.subject===undefined){throw"parameter subject undefined"}if(h.sbjpubkey===undefined){throw"parameter sbjpubkey undefined"}if(h.sigalg===undefined){throw"parameter sigalg undefined"}if(h.sbjprvkey===undefined){throw"parameter sbjpubkey undefined"}var d=new b.CertificationRequestInfo();d.setSubjectByParam(h.subject);d.setSubjectPublicKeyByGetKey(h.sbjpubkey);if(h.ext!==undefined&&h.ext.length!==undefined){for(var e=0;e=(l*2))){break}if(d>=200){break}g.push(b);c=b;d++}return g};ASN1HEX.getPosArrayOfChildren_AtObj=ASN1HEX.getChildIdx;ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getNthChildIndex_AtObj=ASN1HEX.getNthChildIdx;ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){throw"checking tag doesn't match: "+e.substr(d,2)+"!="+i}}return d}f=c.shift();b=g.getChildIdx(e,d);return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getDecendantIndexByNthList=ASN1HEX.getIdxbyList;ASN1HEX.getTLVbyList=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyList(d,c,b);if(a===undefined){throw"can't find nthList object"}if(f!==undefined){if(d.substr(a,2)!=f){throw"checking tag doesn't match: "+d.substr(a,2)+"!="+f}}return e.getTLV(d,a)};ASN1HEX.getDecendantHexTLVByNthList=ASN1HEX.getTLVbyList;ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a===undefined){throw"can't find nthList object"}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getDecendantHexVByNthList=ASN1HEX.getVbyList;ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;if(e.substr(l,2)=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(e.substr(l,2)=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(e.substr(l,2)=="03"){var h=j(e,l);return g+"BITSTRING "+q(h,x)+"\n"}if(e.substr(l,2)=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(e.substr(l,2)=="05"){return g+"NULL\n"}if(e.substr(l,2)=="06"){var m=j(e,l);var a=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(a);var b=a.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+b+")\n"}else{return g+"ObjectIdentifier ("+b+")\n"}}if(e.substr(l,2)=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(e.substr(l,2)=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(e.substr(l,2)=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u=(l*2))){break}if(d>=200){break}g.push(b);c=b;d++}return g};ASN1HEX.getPosArrayOfChildren_AtObj=ASN1HEX.getChildIdx;ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getNthChildIndex_AtObj=ASN1HEX.getNthChildIdx;ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){throw"checking tag doesn't match: "+e.substr(d,2)+"!="+i}}return d}f=c.shift();b=g.getChildIdx(e,d);return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getDecendantIndexByNthList=ASN1HEX.getIdxbyList;ASN1HEX.getTLVbyList=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyList(d,c,b);if(a===undefined){throw"can't find nthList object"}if(f!==undefined){if(d.substr(a,2)!=f){throw"checking tag doesn't match: "+d.substr(a,2)+"!="+f}}return e.getTLV(d,a)};ASN1HEX.getDecendantHexTLVByNthList=ASN1HEX.getTLVbyList;ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a===undefined){throw"can't find nthList object"}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getDecendantHexVByNthList=ASN1HEX.getVbyList;ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;if(e.substr(l,2)=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(e.substr(l,2)=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(e.substr(l,2)=="03"){var h=j(e,l);return g+"BITSTRING "+q(h,x)+"\n"}if(e.substr(l,2)=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(e.substr(l,2)=="05"){return g+"NULL\n"}if(e.substr(l,2)=="06"){var m=j(e,l);var a=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(a);var b=a.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+b+")\n"}else{return g+"ObjectIdentifier ("+b+")\n"}}if(e.substr(l,2)=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(e.substr(l,2)=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(e.substr(l,2)=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension.appendByNameToArray=function(e,c,b){if(e.toLowerCase()=="basicconstraints"){var d=new KJUR.asn1.x509.BasicConstraints(c);b.push(d)}else{if(e.toLowerCase()=="keyusage"){var d=new KJUR.asn1.x509.KeyUsage(c);b.push(d)}else{if(e.toLowerCase()=="crldistributionpoints"){var d=new KJUR.asn1.x509.CRLDistributionPoints(c);b.push(d)}else{if(e.toLowerCase()=="extkeyusage"){var d=new KJUR.asn1.x509.ExtKeyUsage(c);b.push(d)}else{if(e.toLowerCase()=="authoritykeyidentifier"){var d=new KJUR.asn1.x509.AuthorityKeyIdentifier(c);b.push(d)}else{if(e.toLowerCase()=="authorityinfoaccess"){var d=new KJUR.asn1.x509.AuthorityInfoAccess(c);b.push(d)}else{if(e.toLowerCase()=="subjectaltname"){var d=new KJUR.asn1.x509.SubjectAltName(c);b.push(d)}else{if(e.toLowerCase()=="issueraltname"){var d=new KJUR.asn1.x509.IssuerAltName(c);b.push(d)}else{throw"unsupported extension name: "+e}}}}}}}}};KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(b){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(c){var d=c.split("/");d.shift();for(var e=0;e0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.RDN=function(a){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=new Array();this.addByString=function(b){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:b}))};this.addByMultiValuedString=function(d){var b=KJUR.asn1.x509.RDN.parseString(d);for(var c=0;c0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(b){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);var d=null;var c=null;var a="utf8";this.setByString=function(f){var e=f.match(/^([^=]+)=(.+)$/);if(e){this.setByAttrTypeAndValueStr(e[1],e[2])}else{throw"malformed attrTypeAndValueStr: "+f}};this.setByAttrTypeAndValueStr=function(g,f){this.typeObj=KJUR.asn1.x509.OID.atype2obj(g);var e=a;if(g=="C"){e="prn"}this.valueObj=this.getValueObj(e,f)};this.getValueObj=function(f,e){if(f=="utf8"){return new KJUR.asn1.DERUTF8String({str:e})}if(f=="prn"){return new KJUR.asn1.DERPrintableString({str:e})}if(f=="tel"){return new KJUR.asn1.DERTeletexString({str:e})}if(f=="ia5"){return new KJUR.asn1.DERIA5String({str:e})}throw"unsupported directory string type: type="+f+" value="+e};this.getEncodedHex=function(){var e=new KJUR.asn1.DERSequence({array:[this.typeObj,this.valueObj]});this.TLV=e.getEncodedHex();return this.TLV};if(typeof b!="undefined"){if(typeof b.str!="undefined"){this.setByString(b.str)}}};YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(d){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var b=null;var c=null;var a=null;this.setRSAKey=function(e){if(!RSAKey.prototype.isPrototypeOf(e)){throw"argument is not RSAKey instance"}this.rsaKey=e;var g=new KJUR.asn1.DERInteger({bigint:e.n});var f=new KJUR.asn1.DERInteger({"int":e.e});var i=new KJUR.asn1.DERSequence({array:[g,f]});var h=i.getEncodedHex();this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"rsaEncryption"});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+h})};this.setRSAPEM=function(g){if(g.match(/-----BEGIN PUBLIC KEY-----/)){var n=g;n=n.replace(/^-----[^-]+-----/,"");n=n.replace(/-----[^-]+-----\s*$/,"");var m=n.replace(/\s+/g,"");var f=CryptoJS.enc.Base64.parse(m);var i=CryptoJS.enc.Hex.stringify(f);var k=RSAKey.getHexValueArrayOfChildrenFromHex(i);var h=k[1];var l=h.substr(2);var e=RSAKey.getHexValueArrayOfChildrenFromHex(l);var j=new RSAKey();j.setPublic(e[0],e[1]);this.setRSAKey(j)}else{throw"key not supported"}};this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var e=new KJUR.asn1.DERSequence({array:[this.asn1AlgId,this.asn1SubjPKey]});return e};this.getEncodedHex=function(){var e=this.getASN1Object();this.hTLV=e.getEncodedHex();return this.hTLV};this._setRSAKey=function(e){var g=KJUR.asn1.ASN1Util.newObject({seq:[{"int":{bigint:e.n}},{"int":{"int":e.e}}]});var f=g.getEncodedHex();this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"rsaEncryption"});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+f})};this._setEC=function(e){var f=new KJUR.asn1.DERObjectIdentifier({name:e.curveName});this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"ecPublicKey",asn1params:f});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+e.pubKeyHex})};this._setDSA=function(e){var f=new KJUR.asn1.ASN1Util.newObject({seq:[{"int":{bigint:e.p}},{"int":{bigint:e.q}},{"int":{bigint:e.g}}]});this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"dsa",asn1params:f});var g=new KJUR.asn1.DERInteger({bigint:e.y});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+g.getEncodedHex()})};if(typeof d!="undefined"){if(typeof RSAKey!="undefined"&&d instanceof RSAKey){this._setRSAKey(d)}else{if(typeof KJUR.crypto.ECDSA!="undefined"&&d instanceof KJUR.crypto.ECDSA){this._setEC(d)}else{if(typeof KJUR.crypto.DSA!="undefined"&&d instanceof KJUR.crypto.DSA){this._setDSA(d)}else{if(typeof d.rsakey!="undefined"){this.setRSAKey(d.rsakey)}else{if(typeof d.rsapem!="undefined"){this.setRSAPEM(d.rsapem)}}}}}}};YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(c){KJUR.asn1.x509.Time.superclass.constructor.call(this);var b=null;var a=null;this.setTimeParams=function(d){this.timeParams=d};this.getEncodedHex=function(){var d=null;if(this.timeParams!=null){if(this.type=="utc"){d=new KJUR.asn1.DERUTCTime(this.timeParams)}else{d=new KJUR.asn1.DERGeneralizedTime(this.timeParams)}}else{if(this.type=="utc"){d=new KJUR.asn1.DERUTCTime()}else{d=new KJUR.asn1.DERGeneralizedTime()}}this.TLV=d.getEncodedHex();return this.TLV};this.type="utc";if(typeof c!="undefined"){if(typeof c.type!="undefined"){this.type=c.type}else{if(typeof c.str!="undefined"){if(c.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(c.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=c}};YAHOO.lang.extend(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(b){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;this.getEncodedHex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw"algorithm not specified"}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=KJUR.asn1.x509.OID.name2obj(this.nameAlg)}var c=[this.asn1Alg];if(this.asn1Params!==null){c.push(this.asn1Params)}var d=new KJUR.asn1.DERSequence({array:c});this.hTLV=d.getEncodedHex();return this.hTLV};if(b!==undefined){if(b.name!==undefined){this.nameAlg=b.name}if(b.asn1params!==undefined){this.asn1Params=b.asn1params}if(b.paramempty!==undefined){this.paramEmpty=b.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){var a=this.nameAlg.toLowerCase();if(a.substr(-7,7)!=="withdsa"&&a.substr(-9,9)!=="withecdsa"){this.asn1Params=new KJUR.asn1.DERNull()}}};YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralName=function(d){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var c=null;var b=null;var a={rfc822:"81",dns:"82",dn:"a4",uri:"86"};this.explicit=false;this.setByParam=function(k){var j=null;var g=null;if(k===undefined){return}if(k.rfc822!==undefined){this.type="rfc822";g=new KJUR.asn1.DERIA5String({str:k[this.type]})}if(k.dns!==undefined){this.type="dns";g=new KJUR.asn1.DERIA5String({str:k[this.type]})}if(k.uri!==undefined){this.type="uri";g=new KJUR.asn1.DERIA5String({str:k[this.type]})}if(k.dn!==undefined){this.type="dn";g=new KJUR.asn1.x509.X500Name({str:k.dn})}if(k.ldapdn!==undefined){this.type="dn";g=new KJUR.asn1.x509.X500Name({ldapstr:k.ldapdn})}if(k.certissuer!==undefined){this.type="dn";this.explicit=true;var h=k.certissuer;var f=null;if(h.match(/^[0-9A-Fa-f]+$/)){f==h}if(h.indexOf("-----BEGIN ")!=-1){f=ASN1HEX.pemToHex(h)}if(f==null){throw"certissuer param not cert"}var e=new X509();e.hex=f;var i=e.getIssuerHex();g=new KJUR.asn1.ASN1Object();g.hTLV=i}if(k.certsubj!==undefined){this.type="dn";this.explicit=true;var h=k.certsubj;var f=null;if(h.match(/^[0-9A-Fa-f]+$/)){f==h}if(h.indexOf("-----BEGIN ")!=-1){f=ASN1HEX.pemToHex(h)}if(f==null){throw"certsubj param not cert"}var e=new X509();e.hex=f;var i=e.getSubjectHex();g=new KJUR.asn1.ASN1Object();g.hTLV=i}if(this.type==null){throw"unsupported type in params="+k}this.asn1Obj=new KJUR.asn1.DERTaggedObject({explicit:this.explicit,tag:a[this.type],obj:g})};this.getEncodedHex=function(){return this.asn1Obj.getEncodedHex()};if(d!==undefined){this.setByParam(d)}};YAHOO.lang.extend(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(b){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null;this.setByParamArray=function(e){for(var c=0;c0){var m=new f({array:this.extensionsArray});var k=new c({explicit:true,tag:"a3",obj:m});this.asn1Array.push(k)}var n=new f({array:this.asn1Array});this.hTLV=n.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(d){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var f=null,a=KJUR,e=a.asn1,h=e.DERObjectIdentifier,i=e.DEROctetString,b=e.DERBitString,g=e.DERBoolean,c=e.DERSequence;this.getEncodedHex=function(){var m=new h({oid:this.oid});var l=new i({hex:this.getExtnValueHex()});var k=new Array();k.push(m);if(this.critical){k.push(new g())}k.push(l);var j=new c({array:k});return j.getEncodedHex()};this.critical=false;if(typeof d!="undefined"){if(typeof d.critical!="undefined"){this.critical=d.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension.appendByNameToArray=function(e,c,b){var g=e.toLowerCase(),f=KJUR.asn1.x509;if(g=="basicconstraints"){var d=new f.BasicConstraints(c);b.push(d)}else{if(g=="keyusage"){var d=new f.KeyUsage(c);b.push(d)}else{if(g=="crldistributionpoints"){var d=new f.CRLDistributionPoints(c);b.push(d)}else{if(g=="extkeyusage"){var d=new f.ExtKeyUsage(c);b.push(d)}else{if(g=="authoritykeyidentifier"){var d=new f.AuthorityKeyIdentifier(c);b.push(d)}else{if(g=="authorityinfoaccess"){var d=new f.AuthorityInfoAccess(c);b.push(d)}else{if(g=="subjectaltname"){var d=new f.SubjectAltName(c);b.push(d)}else{if(g=="issueraltname"){var d=new f.IssuerAltName(c);b.push(d)}else{throw"unsupported extension name: "+e}}}}}}}}};KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(e){this.asn1ExtnValue=new a.DERSequence({array:e})};this.setByOneURI=function(h){var e=new c.GeneralNames([{uri:h}]);var g=new c.DistributionPointName(e);var f=new c.DistributionPoint({dpobj:g});this.setByDPArray([f])};this.oid="2.5.29.31";if(typeof d!="undefined"){if(typeof d.array!="undefined"){this.setByDPArray(d.array)}else{if(typeof d.uri!="undefined"){this.setByOneURI(d.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(c){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,c);var b=KJUR,a=b.asn1;this.setPurposeArray=function(d){this.asn1ExtnValue=new a.DERSequence();for(var e=0;e0){var h=new b({array:this.aRevokedCert});this.asn1Array.push(h)}var i=new b({array:this.asn1Array});this.hTLV=i.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(e){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var d=null,c=null,b=KJUR,a=b.asn1;this.setCertSerial=function(f){this.sn=new a.DERInteger(f)};this.setRevocationDate=function(f){this.time=new a.x509.Time(f)};this.getEncodedHex=function(){var f=new a.DERSequence({array:[this.sn,this.time]});this.TLV=f.getEncodedHex();return this.TLV};if(e!==undefined){if(e.time!==undefined){this.setRevocationDate(e.time)}if(e.sn!==undefined){this.setCertSerial(e.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(f){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();var d=KJUR,c=d.asn1,e=c.x509,b=pemtohex;this.setByString=function(g){var h=g.split("/");h.shift();for(var j=0;j0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.RDN=function(a){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=new Array();this.addByString=function(b){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:b}))};this.addByMultiValuedString=function(d){var b=KJUR.asn1.x509.RDN.parseString(d);for(var c=0;c0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(d){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);var f=null,e=null,a="utf8",c=KJUR,b=c.asn1;this.setByString=function(h){var g=h.match(/^([^=]+)=(.+)$/);if(g){this.setByAttrTypeAndValueStr(g[1],g[2])}else{throw"malformed attrTypeAndValueStr: "+h}};this.setByAttrTypeAndValueStr=function(i,h){this.typeObj=KJUR.asn1.x509.OID.atype2obj(i);var g=a;if(i=="C"){g="prn"}this.valueObj=this.getValueObj(g,h)};this.getValueObj=function(h,g){if(h=="utf8"){return new b.DERUTF8String({str:g})}if(h=="prn"){return new b.DERPrintableString({str:g})}if(h=="tel"){return new b.DERTeletexString({str:g})}if(h=="ia5"){return new b.DERIA5String({str:g})}throw"unsupported directory string type: type="+h+" value="+g};this.getEncodedHex=function(){var g=new b.DERSequence({array:[this.typeObj,this.valueObj]});this.TLV=g.getEncodedHex();return this.TLV};if(typeof d!="undefined"){if(typeof d.str!="undefined"){this.setByString(d.str)}}};YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var m=null,l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,n=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,p=d.AlgorithmIdentifier,g=a.crypto,o=g.ECDSA,c=g.DSA;this.setRSAKey=function(q){if(!RSAKey.prototype.isPrototypeOf(q)){throw"argument is not RSAKey instance"}this.rsaKey=q;var s=new i({bigint:q.n});var r=new i({"int":q.e});var u=new j.DERSequence({array:[s,r]});var t=u.getEncodedHex();this.asn1AlgId=new j.x509.AlgorithmIdentifier({name:"rsaEncryption"});this.asn1SubjPKey=new j.DERBitString({hex:"00"+t})};this.setRSAPEM=function(t){if(t.match(/-----BEGIN PUBLIC KEY-----/)){var v=pemtohex(t);var s=RSAKey.getHexValueArrayOfChildrenFromHex(v);var r=s[1];var u=r.substr(2);var w=RSAKey.getHexValueArrayOfChildrenFromHex(u);var q=new RSAKey();q.setPublic(w[0],w[1]);this.setRSAKey(q)}else{throw"key not supported"}};this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var q=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return q};this.getEncodedHex=function(){var q=this.getASN1Object();this.hTLV=q.getEncodedHex();return this.hTLV};this._setRSAKey=function(q){var s=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var r=s.getEncodedHex();this.asn1AlgId=new p({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+r})};this._setEC=function(q){var r=new n({name:q.curveName});this.asn1AlgId=new p({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})};this._setDSA=function(q){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new p({name:"dsa",asn1params:r});var s=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+s.getEncodedHex()})};if(typeof f!="undefined"){if(typeof RSAKey!="undefined"&&f instanceof RSAKey){this._setRSAKey(f)}else{if(typeof o!="undefined"&&f instanceof o){this._setEC(f)}else{if(typeof c!="undefined"&&f instanceof c){this._setDSA(f)}else{if(f.rsakey!==undefined){this.setRSAKey(f.rsakey)}else{if(f.rsapem!==undefined){this.setRSAPEM(f.rsapem)}}}}}}};YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.getEncodedHex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.getEncodedHex();return this.TLV};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};YAHOO.lang.extend(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(d){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1;this.getEncodedHex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw"algorithm not specified"}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var e=[this.asn1Alg];if(this.asn1Params!==null){e.push(this.asn1Params)}var f=new a.DERSequence({array:e});this.hTLV=f.getEncodedHex();return this.hTLV};if(d!==undefined){if(d.name!==undefined){this.nameAlg=d.name}if(d.asn1params!==undefined){this.asn1Params=d.asn1params}if(d.paramempty!==undefined){this.paramEmpty=d.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){var c=this.nameAlg.toLowerCase();if(c.substr(-7,7)!=="withdsa"&&c.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralName=function(e){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var k=null,h=null,i={rfc822:"81",dns:"82",dn:"a4",uri:"86"},b=KJUR,f=b.asn1,d=f.DERIA5String,c=f.DERTaggedObject,j=f.ASN1Object,a=f.x509.X500Name,g=pemtohex;this.explicit=false;this.setByParam=function(r){var q=null;var n=null;if(r===undefined){return}if(r.rfc822!==undefined){this.type="rfc822";n=new d({str:r[this.type]})}if(r.dns!==undefined){this.type="dns";n=new d({str:r[this.type]})}if(r.uri!==undefined){this.type="uri";n=new d({str:r[this.type]})}if(r.dn!==undefined){this.type="dn";n=new a({str:r.dn})}if(r.ldapdn!==undefined){this.type="dn";n=new a({ldapstr:r.ldapdn})}if(r.certissuer!==undefined){this.type="dn";this.explicit=true;var o=r.certissuer;var m=null;if(o.match(/^[0-9A-Fa-f]+$/)){m==o}if(o.indexOf("-----BEGIN ")!=-1){m=g(o)}if(m==null){throw"certissuer param not cert"}var l=new X509();l.hex=m;var p=l.getIssuerHex();n=new j();n.hTLV=p}if(r.certsubj!==undefined){this.type="dn";this.explicit=true;var o=r.certsubj;var m=null;if(o.match(/^[0-9A-Fa-f]+$/)){m==o}if(o.indexOf("-----BEGIN ")!=-1){m=g(o)}if(m==null){throw"certsubj param not cert"}var l=new X509();l.hex=m;var p=l.getSubjectHex();n=new j();n.hTLV=p}if(this.type==null){throw"unsupported type in params="+r}this.asn1Obj=new c({explicit:this.explicit,tag:i[this.type],obj:n})};this.getEncodedHex=function(){return this.asn1Obj.getEncodedHex()};if(e!==undefined){this.setByParam(e)}};YAHOO.lang.extend(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f1){g=new BigInteger(i,16)}else{g=null}h=new BigInteger(j,16);this.setPrivate(c,a,e,g,h)};this.setPublic=function(c,b,a,d){this.isPublic=true;this.p=c;this.q=b;this.g=a;this.y=d;this.x=null};this.setPublicHex=function(f,e,d,g){var b,a,h,c;b=new BigInteger(f,16);a=new BigInteger(e,16);h=new BigInteger(d,16);c=new BigInteger(g,16);this.setPublic(b,a,h,c)};this.signWithMessageHash=function(d){var c=this.p;var b=this.q;var f=this.g;var i=this.y;var j=this.x;var e=KJUR.crypto.Util.getRandomBigIntegerMinToMax(BigInteger.ONE.add(BigInteger.ONE),b.subtract(BigInteger.ONE));var l=d.substr(0,b.bitLength()/4);var h=new BigInteger(l,16);var a=(f.modPow(e,c)).mod(b);var n=(e.modInverse(b).multiply(h.add(j.multiply(a)))).mod(b);var m=KJUR.asn1.ASN1Util.jsonToASN1HEX({seq:[{"int":{bigint:a}},{"int":{bigint:n}}]});return m};this.verifyWithMessageHash=function(h,f){var d=this.p;var b=this.q;var j=this.g;var l=this.y;var i=this.parseASN1Signature(f);var a=i[0];var t=i[1];var o=h.substr(0,b.bitLength()/4);var k=new BigInteger(o,16);if(BigInteger.ZERO.compareTo(a)>0||a.compareTo(b)>0){throw"invalid DSA signature"}if(BigInteger.ZERO.compareTo(t)>=0||t.compareTo(b)>0){throw"invalid DSA signature"}var m=t.modInverse(b);var e=k.multiply(m).mod(b);var c=a.multiply(m).mod(b);var n=j.modPow(e,d).multiply(l.modPow(c,d)).mod(d).mod(b);return n.compareTo(a)==0};this.parseASN1Signature=function(a){try{var d=new BigInteger(ASN1HEX.getVbyList(a,0,[0],"02"),16);var c=new BigInteger(ASN1HEX.getVbyList(a,0,[1],"02"),16);return[d,c]}catch(b){throw"malformed ASN.1 DSA signature"}};this.readPKCS5PrvKeyHex=function(c){var b,a,f,g,i;var j=ASN1HEX;var d=j.getVbyList;if(j.isASN1HEX(c)===false){throw"not ASN.1 hex string"}try{b=d(c,0,[1],"02");a=d(c,0,[2],"02");f=d(c,0,[3],"02");g=d(c,0,[4],"02");i=d(c,0,[5],"02")}catch(e){console.log("EXCEPTION:"+e);throw"malformed PKCS#1/5 plain DSA private key"}this.setPrivateHex(b,a,f,g,i)};this.readPKCS8PrvKeyHex=function(d){var f,c,b,g;var e=ASN1HEX;var i=e.getVbyList;if(e.isASN1HEX(d)===false){throw"not ASN.1 hex string"}try{f=i(d,0,[1,1,0],"02");c=i(d,0,[1,1,1],"02");b=i(d,0,[1,1,2],"02");g=i(d,0,[2,0],"02")}catch(a){console.log("EXCEPTION:"+a);throw"malformed PKCS#8 plain DSA private key"}this.setPrivateHex(f,c,b,null,g)};this.readPKCS8PubKeyHex=function(d){var f,c,b,g;var e=ASN1HEX;var i=e.getVbyList;if(e.isASN1HEX(d)===false){throw"not ASN.1 hex string"}try{f=i(d,0,[0,1,0],"02");c=i(d,0,[0,1,1],"02");b=i(d,0,[0,1,2],"02");g=i(d,0,[1,0],"02")}catch(a){console.log("EXCEPTION:"+a);throw"malformed PKCS#8 DSA public key"}this.setPublicHex(f,c,b,g)};this.readCertPubKeyHex=function(c,f){if(f!==5){f=6}var b,a,g,i;var j=ASN1HEX;var d=j.getVbyList;if(j.isASN1HEX(c)===false){throw"not ASN.1 hex string"}try{b=d(c,0,[0,f,0,1,0],"02");a=d(c,0,[0,f,0,1,1],"02");g=d(c,0,[0,f,0,1,2],"02");i=d(c,0,[0,f,1,0],"02")}catch(e){console.log("EXCEPTION:"+e);throw"malformed X.509 certificate DSA public key"}this.setPublicHex(b,a,g,i)}}; \ No newline at end of file diff --git a/min/ecdsa-modified-1.0.min.js b/min/ecdsa-modified-1.0.min.js index 67399a6b..b05f800d 100644 --- a/min/ecdsa-modified-1.0.min.js +++ b/min/ecdsa-modified-1.0.min.js @@ -1,3 +1 @@ -/*! ecdsa-modified-1.1.1.js (c) Stephan Thomas, Kenji Urushima | github.com/bitcoinjs/bitcoinjs-lib/blob/master/LICENSE - */ if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.ECDSA=function(h){var e="secp256r1";var g=null;var b=null;var f=null;var a=new SecureRandom();var d=null;this.type="EC";this.isPrivate=false;this.isPublic=false;function c(s,o,r,n){var j=Math.max(o.bitLength(),n.bitLength());var t=s.add2D(r);var q=s.curve.getInfinity();for(var p=j-1;p>=0;--p){q=q.twice2D();q.z=BigInteger.ONE;if(o.testBit(p)){if(n.testBit(p)){q=q.add2D(t)}else{q=q.add2D(s)}}else{if(n.testBit(p)){q=q.add2D(r)}}}return q}this.getBigRandom=function(i){return new BigInteger(i.bitLength(),a).mod(i.subtract(BigInteger.ONE)).add(BigInteger.ONE)};this.setNamedCurve=function(i){this.ecparams=KJUR.crypto.ECParameterDB.getByName(i);this.prvKeyHex=null;this.pubKeyHex=null;this.curveName=i};this.setPrivateKeyHex=function(i){this.isPrivate=true;this.prvKeyHex=i};this.setPublicKeyHex=function(i){this.isPublic=true;this.pubKeyHex=i};this.getPublicKeyXYHex=function(){var k=this.pubKeyHex;if(k.substr(0,2)!=="04"){throw"this method supports uncompressed format(04) only"}var j=this.ecparams.keylen/4;if(k.length!==2+j*2){throw"malformed public key hex length"}var i={};i.x=k.substr(2,j);i.y=k.substr(2+j);return i};this.getShortNISTPCurveName=function(){var i=this.curveName;if(i==="secp256r1"||i==="NIST P-256"||i==="P-256"||i==="prime256v1"){return"P-256"}if(i==="secp384r1"||i==="NIST P-384"||i==="P-384"){return"P-384"}return null};this.generateKeyPairHex=function(){var k=this.ecparams.n;var n=this.getBigRandom(k);var l=this.ecparams.G.multiply(n);var q=l.getX().toBigInteger();var o=l.getY().toBigInteger();var i=this.ecparams.keylen/4;var m=("0000000000"+n.toString(16)).slice(-i);var r=("0000000000"+q.toString(16)).slice(-i);var p=("0000000000"+o.toString(16)).slice(-i);var j="04"+r+p;this.setPrivateKeyHex(m);this.setPublicKeyHex(j);return{ecprvhex:m,ecpubhex:j}};this.signWithMessageHash=function(i){return this.signHex(i,this.prvKeyHex)};this.signHex=function(o,j){var t=new BigInteger(j,16);var l=this.ecparams.n;var q=new BigInteger(o,16);do{var m=this.getBigRandom(l);var u=this.ecparams.G;var p=u.multiply(m);var i=p.getX().toBigInteger().mod(l)}while(i.compareTo(BigInteger.ZERO)<=0);var v=m.modInverse(l).multiply(q.add(t.multiply(i))).mod(l);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(i,v)};this.sign=function(m,u){var q=u;var j=this.ecparams.n;var p=BigInteger.fromByteArrayUnsigned(m);do{var l=this.getBigRandom(j);var t=this.ecparams.G;var o=t.multiply(l);var i=o.getX().toBigInteger().mod(j)}while(i.compareTo(BigInteger.ZERO)<=0);var v=l.modInverse(j).multiply(p.add(q.multiply(i))).mod(j);return this.serializeSig(i,v)};this.verifyWithMessageHash=function(j,i){return this.verifyHex(j,i,this.pubKeyHex)};this.verifyHex=function(m,i,p){var l,j;var o=KJUR.crypto.ECDSA.parseSigHex(i);l=o.r;j=o.s;var k;k=ECPointFp.decodeFromHex(this.ecparams.curve,p);var n=new BigInteger(m,16);return this.verifyRaw(n,l,j,k)};this.verify=function(o,p,j){var l,i;if(Bitcoin.Util.isArray(p)){var n=this.parseSig(p);l=n.r;i=n.s}else{if("object"===typeof p&&p.r&&p.s){l=p.r;i=p.s}else{throw"Invalid value for signature"}}var k;if(j instanceof ECPointFp){k=j}else{if(Bitcoin.Util.isArray(j)){k=ECPointFp.decodeFrom(this.ecparams.curve,j)}else{throw"Invalid format for pubkey value, must be byte array or ECPointFp"}}var m=BigInteger.fromByteArrayUnsigned(o);return this.verifyRaw(m,l,i,k)};this.verifyRaw=function(o,i,w,m){var l=this.ecparams.n;var u=this.ecparams.G;if(i.compareTo(BigInteger.ONE)<0||i.compareTo(l)>=0){return false}if(w.compareTo(BigInteger.ONE)<0||w.compareTo(l)>=0){return false}var p=w.modInverse(l);var k=o.multiply(p).mod(l);var j=i.multiply(p).mod(l);var q=u.multiply(k).add(m.multiply(j));var t=q.getX().toBigInteger().mod(l);return t.equals(i)};this.serializeSig=function(k,j){var l=k.toByteArraySigned();var i=j.toByteArraySigned();var m=[];m.push(2);m.push(l.length);m=m.concat(l);m.push(2);m.push(i.length);m=m.concat(i);m.unshift(m.length);m.unshift(48);return m};this.parseSig=function(n){var m;if(n[0]!=48){throw new Error("Signature not a valid DERSequence")}m=2;if(n[m]!=2){throw new Error("First element in signature must be a DERInteger")}var l=n.slice(m+2,m+2+n[m+1]);m+=2+n[m+1];if(n[m]!=2){throw new Error("Second element in signature must be a DERInteger")}var i=n.slice(m+2,m+2+n[m+1]);m+=2+n[m+1];var k=BigInteger.fromByteArrayUnsigned(l);var j=BigInteger.fromByteArrayUnsigned(i);return{r:k,s:j}};this.parseSigCompact=function(m){if(m.length!==65){throw"Signature has the wrong length"}var j=m[0]-27;if(j<0||j>7){throw"Invalid signature type"}var o=this.ecparams.n;var l=BigInteger.fromByteArrayUnsigned(m.slice(1,33)).mod(o);var k=BigInteger.fromByteArrayUnsigned(m.slice(33,65)).mod(o);return{r:l,s:k,i:j}};this.readPKCS5PrvKeyHex=function(l){var n=ASN1HEX;var m=KJUR.crypto.ECDSA.getName;var p=n.getVbyList;if(n.isASN1HEX(l)===false){throw"not ASN.1 hex string"}var i,k,o;try{i=p(l,0,[2,0],"06");k=p(l,0,[1],"04");try{o=p(l,0,[3,0],"03").substr(2)}catch(j){}}catch(j){throw"malformed PKCS#1/5 plain ECC private key"}this.curveName=m(i);if(this.curveName===undefined){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(o);this.setPrivateKeyHex(k);this.isPublic=false};this.readPKCS8PrvKeyHex=function(l){var q=ASN1HEX;var i=KJUR.crypto.ECDSA.getName;var n=q.getVbyList;if(q.isASN1HEX(l)===false){throw"not ASN.1 hex string"}var j,p,m,k;try{j=n(l,0,[1,0],"06");p=n(l,0,[1,1],"06");m=n(l,0,[2,0,1],"04");try{k=n(l,0,[2,0,2,0],"03").substr(2)}catch(o){}}catch(o){throw"malformed PKCS#8 plain ECC private key"}this.curveName=i(p);if(this.curveName===undefined){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(k);this.setPrivateKeyHex(m);this.isPublic=false};this.readPKCS8PubKeyHex=function(l){var n=ASN1HEX;var m=KJUR.crypto.ECDSA.getName;var p=n.getVbyList;if(n.isASN1HEX(l)===false){throw"not ASN.1 hex string"}var k,i,o;try{k=p(l,0,[0,0],"06");i=p(l,0,[0,1],"06");o=p(l,0,[1],"03").substr(2)}catch(j){throw"malformed PKCS#8 ECC public key"}this.curveName=m(i);if(this.curveName===null){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(o)};this.readCertPubKeyHex=function(k,p){if(p!==5){p=6}var m=ASN1HEX;var l=KJUR.crypto.ECDSA.getName;var o=m.getVbyList;if(m.isASN1HEX(k)===false){throw"not ASN.1 hex string"}var i,n;try{i=o(k,0,[0,p,0,1],"06");n=o(k,0,[0,p,1],"03").substr(2)}catch(j){throw"malformed X.509 certificate ECC public key"}this.curveName=l(i);if(this.curveName===null){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(n)};if(h!==undefined){if(h.curve!==undefined){this.curveName=h.curve}}if(this.curveName===undefined){this.curveName=e}this.setNamedCurve(this.curveName);if(h!==undefined){if(h.prv!==undefined){this.setPrivateKeyHex(h.prv)}if(h.pub!==undefined){this.setPublicKeyHex(h.pub)}}};KJUR.crypto.ECDSA.parseSigHex=function(a){var b=KJUR.crypto.ECDSA.parseSigHexInHexRS(a);var d=new BigInteger(b.r,16);var c=new BigInteger(b.s,16);return{r:d,s:c}};KJUR.crypto.ECDSA.parseSigHexInHexRS=function(f){var j=ASN1HEX;var i=j.getChildIdx;var g=j.getV;if(f.substr(0,2)!="30"){throw"signature is not a ASN.1 sequence"}var h=i(f,0);if(h.length!=2){throw"number of signature ASN.1 sequence elements seem wrong"}var e=h[0];var d=h[1];if(f.substr(e,2)!="02"){throw"1st item of sequene of signature is not ASN.1 integer"}if(f.substr(d,2)!="02"){throw"2nd item of sequene of signature is not ASN.1 integer"}var c=g(f,e);var b=g(f,d);return{r:c,s:b}};KJUR.crypto.ECDSA.asn1SigToConcatSig=function(c){var d=KJUR.crypto.ECDSA.parseSigHexInHexRS(c);var b=d.r;var a=d.s;if(b.substr(0,2)=="00"&&(((b.length/2)*8)%(16*8))==8){b=b.substr(2)}if(a.substr(0,2)=="00"&&(((a.length/2)*8)%(16*8))==8){a=a.substr(2)}if((((b.length/2)*8)%(16*8))!=0){throw"unknown ECDSA sig r length error"}if((((a.length/2)*8)%(16*8))!=0){throw"unknown ECDSA sig s length error"}return b+a};KJUR.crypto.ECDSA.concatSigToASN1Sig=function(a){if((((a.length/2)*8)%(16*8))!=0){throw"unknown ECDSA concatinated r-s sig length error"}var c=a.substr(0,a.length/2);var b=a.substr(a.length/2);return KJUR.crypto.ECDSA.hexRSSigToASN1Sig(c,b)};KJUR.crypto.ECDSA.hexRSSigToASN1Sig=function(b,a){var d=new BigInteger(b,16);var c=new BigInteger(a,16);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(d,c)};KJUR.crypto.ECDSA.biRSSigToASN1Sig=function(f,d){var c=KJUR.asn1;var b=new c.DERInteger({bigint:f});var a=new c.DERInteger({bigint:d});var e=new c.DERSequence({array:[b,a]});return e.getEncodedHex()};KJUR.crypto.ECDSA.getName=function(a){if(a==="2a8648ce3d030107"){return"secp256r1"}if(a==="2b8104000a"){return"secp256k1"}if(a==="2b81040022"){return"secp384r1"}if("|secp256r1|NIST P-256|P-256|prime256v1|".indexOf(a)!==-1){return"secp256r1"}if("|secp256k1|".indexOf(a)!==-1){return"secp256k1"}if("|secp384r1|NIST P-384|P-384|".indexOf(a)!==-1){return"secp384r1"}return null}; \ No newline at end of file diff --git a/min/ecparam-1.0.min.js b/min/ecparam-1.0.min.js index 7407ef64..66da815a 100644 --- a/min/ecparam-1.0.min.js +++ b/min/ecparam-1.0.min.js @@ -1,3 +1 @@ -/*! ecparam-1.0.0.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license - */ if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.ECParameterDB=new function(){var b={};var c={};function a(d){return new BigInteger(d,16)}this.getByName=function(e){var d=e;if(typeof c[d]!="undefined"){d=c[e]}if(typeof b[d]!="undefined"){return b[d]}throw"unregistered EC curve name: "+d};this.regist=function(A,l,o,g,m,e,j,f,k,u,d,x){b[A]={};var s=a(o);var z=a(g);var y=a(m);var t=a(e);var w=a(j);var r=new ECCurveFp(s,z,y);var q=r.decodePointHex("04"+f+k);b[A]["name"]=A;b[A]["keylen"]=l;b[A]["curve"]=r;b[A]["G"]=q;b[A]["n"]=t;b[A]["h"]=w;b[A]["oid"]=d;b[A]["info"]=x;for(var v=0;v0){var c=":"+j.join(":")+":";if(c.indexOf(":"+h+":")==-1){throw"algorithm '"+h+"' not accepted in the list"}}if(h!="none"&&s===null){throw"key shall be specified to verify."}if(r=="HS"){if(typeof s!="string"&&s.length!=0&&s.length%2!=0&&!s.match(/^[0-9A-Fa-f]+/)){throw"key shall be a hexadecimal str for HS* algs"}}if(typeof s=="string"&&s.indexOf("-----BEGIN ")!=-1){s=KEYUTIL.getKey(s)}if(r=="RS"||r=="PS"){if(!(s instanceof RSAKey)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(r=="ES"){if(!(s instanceof KJUR.crypto.ECDSA)){throw"key shall be a ECDSA obj for ES* algs"}}if(h=="none"){}var m=null;if(l.jwsalg2sigalg[i.alg]===undefined){throw"unsupported alg name: "+h}else{m=l.jwsalg2sigalg[h]}if(m=="none"){throw"not supported"}else{if(m.substr(0,4)=="Hmac"){if(s===undefined){throw"hexadecimal key shall be specified for HMAC"}var g=new KJUR.crypto.Mac({alg:m,pass:hextorstr(s)});g.updateString(b);hSig2=g.doFinal();return q==hSig2}else{if(m.indexOf("withECDSA")!=-1){var f=null;try{f=KJUR.crypto.ECDSA.concatSigToASN1Sig(q)}catch(n){return false}var e=new KJUR.crypto.Signature({alg:m});e.init(s);e.updateString(b);return e.verify(f)}else{var e=new KJUR.crypto.Signature({alg:m});e.init(s);e.updateString(b);return e.verify(q)}}}};KJUR.jws.JWS.verifyJWT=function(d,j,l){var h=KJUR.jws.JWS;var i=d.split(".");var c=i[0];var g=i[1];var m=c+"."+g;var k=b64utohex(i[2]);var f=h.readSafeJSONString(b64utoutf8(c));var e=h.readSafeJSONString(b64utoutf8(g));if(f.alg===undefined){return false}if(l.alg===undefined){throw"acceptField.alg shall be specified"}if(!h.inArray(f.alg,l.alg)){return false}if(e.iss!==undefined&&typeof l.iss==="object"){if(!h.inArray(e.iss,l.iss)){return false}}if(e.sub!==undefined&&typeof l.sub==="object"){if(!h.inArray(e.sub,l.sub)){return false}}if(e.aud!==undefined&&typeof l.aud==="object"){if(typeof e.aud=="string"){if(!h.inArray(e.aud,l.aud)){return false}}else{if(typeof e.aud=="object"){if(!h.includedArray(e.aud,l.aud)){return false}}}}var b=KJUR.jws.IntDate.getNow();if(l.verifyAt!==undefined&&typeof l.verifyAt=="number"){b=l.verifyAt}if(e.exp!==undefined&&typeof e.exp=="number"){if(e.exp0){var c=":"+j.join(":")+":";if(c.indexOf(":"+h+":")==-1){throw"algorithm '"+h+"' not accepted in the list"}}if(h!="none"&&t===null){throw"key shall be specified to verify."}if(typeof t=="string"&&t.indexOf("-----BEGIN ")!=-1){t=KEYUTIL.getKey(t)}if(s=="RS"||s=="PS"){if(!(t instanceof RSAKey)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(s=="ES"){if(!(t instanceof KJUR.crypto.ECDSA)){throw"key shall be a ECDSA obj for ES* algs"}}if(h=="none"){}var n=null;if(m.jwsalg2sigalg[i.alg]===undefined){throw"unsupported alg name: "+h}else{n=m.jwsalg2sigalg[h]}if(n=="none"){throw"not supported"}else{if(n.substr(0,4)=="Hmac"){var k=null;if(t===undefined){throw"hexadecimal key shall be specified for HMAC"}var g=new KJUR.crypto.Mac({alg:n,pass:t});g.updateString(b);k=g.doFinal();return r==k}else{if(n.indexOf("withECDSA")!=-1){var f=null;try{f=KJUR.crypto.ECDSA.concatSigToASN1Sig(r)}catch(o){return false}var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(f)}else{var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(r)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(d,j,l){var h=KJUR.jws.JWS;var i=d.split(".");var c=i[0];var g=i[1];var m=c+"."+g;var k=b64utohex(i[2]);var f=h.readSafeJSONString(b64utoutf8(c));var e=h.readSafeJSONString(b64utoutf8(g));if(f.alg===undefined){return false}if(l.alg===undefined){throw"acceptField.alg shall be specified"}if(!h.inArray(f.alg,l.alg)){return false}if(e.iss!==undefined&&typeof l.iss==="object"){if(!h.inArray(e.iss,l.iss)){return false}}if(e.sub!==undefined&&typeof l.sub==="object"){if(!h.inArray(e.sub,l.sub)){return false}}if(e.aud!==undefined&&typeof l.aud==="object"){if(typeof e.aud=="string"){if(!h.inArray(e.aud,l.aud)){return false}}else{if(typeof e.aud=="object"){if(!h.includedArray(e.aud,l.aud)){return false}}}}var b=KJUR.jws.IntDate.getNow();if(l.verifyAt!==undefined&&typeof l.verifyAt==="number"){b=l.verifyAt}if(l.gracePeriod===undefined||typeof l.gracePeriod!=="number"){l.gracePeriod=0}if(e.exp!==undefined&&typeof e.exp=="number"){if(e.exp+l.gracePeriod0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodj){this.aHeader.pop()}if(this.aSignature.length>j){this.aSignature.pop()}throw"addSignature failed: "+g}};this.addSignatureByHeaderKey=function(f,c){var e=b64utoutf8(this.sPayload);var d=new KJUR.jws.JWS();var g=d.generateJWSByP1PrvKey(f,e,c);this.aHeader.push(d.parsedJWS.headB64U);this.aSignature.push(d.parsedJWS.sigvalB64U)};this.addSignatureByHeaderPayloadKey=function(f,e,c){var d=new KJUR.jws.JWS();var g=d.generateJWSByP1PrvKey(f,e,c);this.aHeader.push(d.parsedJWS.headB64U);this.sPayload=d.parsedJWS.payloadB64U;this.aSignature.push(d.parsedJWS.sigvalB64U)};this.verifyAll=function(f){if(this.aHeader.length!==f.length||this.aSignature.length!==f.length){return false}for(var e=0;e0){this.aHeader=e.headers}else{throw"malformed header"}if(typeof e.payload==="string"){this.sPayload=e.payload}else{throw"malformed signatures"}if(e.signatures.length>0){this.signatures=e.signatures}else{throw"malformed signatures"}}catch(c){throw"malformed JWS-JS JSON object: "+c}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; \ No newline at end of file +if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.jws=="undefined"||!KJUR.jws){KJUR.jws={}}KJUR.jws.JWSJS=function(){var c=KJUR,b=c.jws,a=b.JWS,d=a.readSafeJSONString;this.aHeader=[];this.sPayload="";this.aSignature=[];this.init=function(){this.aHeader=[];this.sPayload=undefined;this.aSignature=[]};this.initWithJWS=function(f){this.init();var e=f.split(".");if(e.length!=3){throw"malformed input JWS"}this.aHeader.push(e[0]);this.sPayload=e[1];this.aSignature.push(e[2])};this.addSignature=function(e,h,m,k){if(this.sPayload===undefined||this.sPayload===null){throw"there's no JSON-JS signature to add."}var l=this.aHeader.length;if(this.aHeader.length!=this.aSignature.length){throw"aHeader.length != aSignature.length"}try{var f=KJUR.jws.JWS.sign(e,h,this.sPayload,m,k);var j=f.split(".");var n=j[0];var g=j[2];this.aHeader.push(j[0]);this.aSignature.push(j[2])}catch(i){if(this.aHeader.length>l){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.addSignatureByHeaderKey=function(h,e){var g=b64utoutf8(this.sPayload);var f=new KJUR.jws.JWS();var i=f.generateJWSByP1PrvKey(h,g,e);this.aHeader.push(f.parsedJWS.headB64U);this.aSignature.push(f.parsedJWS.sigvalB64U)};this.addSignatureByHeaderPayloadKey=function(h,g,e){var f=new KJUR.jws.JWS();var i=f.generateJWSByP1PrvKey(h,g,e);this.aHeader.push(f.parsedJWS.headB64U);this.sPayload=f.parsedJWS.payloadB64U;this.aSignature.push(f.parsedJWS.sigvalB64U)};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.signatures=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; \ No newline at end of file diff --git a/min/keyutil-1.0.min.js b/min/keyutil-1.0.min.js index c8044e4a..73a9ebeb 100644 --- a/min/keyutil-1.0.min.js +++ b/min/keyutil-1.0.min.js @@ -1,3 +1 @@ -/*! keyutil-1.1.1.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(v){var w={};var q=v.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(q){w.cipher=q[1];w.ivsalt=q[2]}var p=v.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(p){w.type=p[1]}var u=-1;var x=0;if(v.indexOf("\r\n\r\n")!=-1){u=v.indexOf("\r\n\r\n");x=2}if(v.indexOf("\n\n")!=-1){u=v.indexOf("\n\n");x=1}var t=v.indexOf("-----END");if(u!=-1&&t!=-1){var r=v.substring(u+x*2,t-x);r=r.replace(/\s+/g,"");w.data=r}return w};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",getHexFromPEM:function(p,q){return ASN1HEX.pemToHex(p,q)},getDecryptedKeyHexByKeyIV:function(q,t,s,r){var p=c(t);return p(q,s,r)},parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getRSAKeyFromEncryptedPKCS5PEM:function(r,q){var s=this.getDecryptedKeyHex(r,q);var p=new RSAKey();p.readPrivateKeyFromASN1HexString(s);return p},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},getEncryptedPKCS5PEMFromRSAKey:function(D,E,r,t){var B=new KJUR.asn1.DERInteger({"int":0});var w=new KJUR.asn1.DERInteger({bigint:D.n});var A=new KJUR.asn1.DERInteger({"int":D.e});var C=new KJUR.asn1.DERInteger({bigint:D.d});var u=new KJUR.asn1.DERInteger({bigint:D.p});var s=new KJUR.asn1.DERInteger({bigint:D.q});var z=new KJUR.asn1.DERInteger({bigint:D.dmp1});var v=new KJUR.asn1.DERInteger({bigint:D.dmq1});var y=new KJUR.asn1.DERInteger({bigint:D.coeff});var F=new KJUR.asn1.DERSequence({array:[B,w,A,C,u,s,z,v,y]});var x=F.getEncodedHex();return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",x,E,r,t)},newEncryptedPKCS5PEM:function(p,q,t,u){if(typeof q=="undefined"||q==null){q=1024}if(typeof t=="undefined"||t==null){t="10001"}var r=new RSAKey();r.generate(q,t);var s=null;if(typeof u=="undefined"||u==null){s=this.getEncryptedPKCS5PEMFromRSAKey(r,p)}else{s=this.getEncryptedPKCS5PEMFromRSAKey(r,p,u)}return s},getRSAKeyFromPlainPKCS8PEM:function(r){if(r.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var q=ASN1HEX.pemToHex(r,"PRIVATE KEY");var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getRSAKeyFromPlainPKCS8Hex:function(q){var p=new RSAKey();p.readPKCS8PrvKeyHex(q);return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+A.length}if(w(y,A[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=z(y,A[1]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=z(y,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length}if(w(y,s[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=z(y,s[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=ASN1HEX.pemToHex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getRSAKeyFromEncryptedPKCS8PEM:function(s,r){var q=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,r);var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=u(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=u(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=ASN1HEX.pemToHex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}r.readPKCS8PrvKeyHex(p);return r},getRSAKeyFromPublicPKCS8PEM:function(q){var r=ASN1HEX.pemToHex(q,"PUBLIC KEY");var p=this.getRSAKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8PEM:function(q){var r=ASN1HEX.pemToHex(q,"PUBLIC KEY");var p=this.getKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=t(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=s(r,q[1]);return p},parsePrivateRawRSAKeyHexAtObj:function(q,v){var u=ASN1HEX;var t=u.getChildIdx;var r=u.getV;var s=u.getIdxbyList(q,0,[2,0]);var p=t(q,s);if(p.length!==9){throw"malformed PKCS#8 plain RSA private key"}v.key={};v.key.n=r(q,p[1]);v.key.e=r(q,p[2]);v.key.d=r(q,p[3]);v.key.p=r(q,p[4]);v.key.q=r(q,p[5]);v.key.dp=r(q,p[6]);v.key.dq=r(q,p[7]);v.key.co=r(q,p[8])},parsePrivateRawECKeyHexAtObj:function(p,s){var q=s.keyidx;var r=new KJUR.crypto.ECDSA();r.readPKCS8PrvKeyHex(p);s.key=r.prvKeyHex;s.pubkey=r.pubKeyHex},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var w=r[0];if(t.substr(w,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=u(t,w);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(t.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=s(t,r[1]).substr(2);return q},getRSAKeyFromPublicPKCS8Hex:function(p){var q=new RSAKey();q.readPKCS8PubKeyHex(p);return q},}}();KEYUTIL.getKey=function(l,k,n){var E=ASN1HEX;var I=E.getChildIdx;var t=E.getV;var d=E.getVbyList;var c=KJUR.crypto;var i=c.ECDSA;var B=c.DSA;var u=RSAKey;if(typeof u!="undefined"&&l instanceof u){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof B!="undefined"&&l instanceof B){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var K=new u();K.setPublic(l.n,l.e);return K}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var K=new u();K.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return K}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var K=new u();K.setPrivate(l.n,l.e,l.d);return K}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var K=new B();K.setPublic(l.p,l.q,l.g,l.y);return K}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var K=new B();K.setPrivate(l.p,l.q,l.g,l.y,l.x);return K}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var K=new u();K.setPublic(b64utohex(l.n),b64utohex(l.e));return K}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var K=new u();K.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return K}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var K=new u();K.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return K}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var s=j.ecparams.keylen/4;var A=("0000000000"+b64utohex(l.x)).slice(-s);var w=("0000000000"+b64utohex(l.y)).slice(-s);var v="04"+A+w;j.setPublicKeyHex(v);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var s=j.ecparams.keylen/4;var A=("0000000000"+b64utohex(l.x)).slice(-s);var w=("0000000000"+b64utohex(l.y)).slice(-s);var v="04"+A+w;var b=("0000000000"+b64utohex(l.d)).slice(-s);j.setPublicKeyHex(v);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var G=l,E=ASN1HEX,J,K;J=I(G,0);if(J.length===9){K=new u();K.readPrivateKeyFromASN1HexString(l)}else{if(J.length===6){K=new B();K.readPKCS5PrvKeyHex(G)}else{if(J.length>2&&G.substr(J[1],2)==="04"){K=new i();K.readPKCS5PrvKeyHex(G)}else{throw"unsupported PKCS#1/5 hexadecimal key"}}}return K}if(n==="pkcs8prv"){var K=KEYUTIL.getKeyFromPlainPrivatePKCS8Hex(l);return K}if(n==="pkcs8pub"){return KEYUTIL.getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){return KEYUTIL.getKeyFromPublicPKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=E.pemToHex(l,"RSA PRIVATE KEY");return KEYUTIL.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var F=E.pemToHex(l,"DSA PRIVATE KEY");var D=d(F,0,[1],"02");var C=d(F,0,[2],"02");var H=d(F,0,[3],"02");var o=d(F,0,[4],"02");var r=d(F,0,[5],"02");var K=new B();K.setPrivate(new BigInteger(D,16),new BigInteger(C,16),new BigInteger(H,16),new BigInteger(o,16),new BigInteger(r,16));return K}if(l.indexOf("-END PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(l,k)}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var F=KEYUTIL.getDecryptedKeyHex(l,k);var K=d(F,0,[1],"04");var f=d(F,0,[2,0],"06");var z=d(F,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+f}var j=new i({curve:e});j.setPublicKeyHex(z);j.setPrivateKeyHex(K);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var F=KEYUTIL.getDecryptedKeyHex(l,k);var D=d(F,0,[1],"02");var C=d(F,0,[2],"02");var H=d(F,0,[3],"02");var o=d(F,0,[4],"02");var r=d(F,0,[5],"02");var K=new B();K.setPrivate(new BigInteger(D,16),new BigInteger(C,16),new BigInteger(H,16),new BigInteger(o,16),new BigInteger(r,16));return K}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromEncryptedPKCS8PEM(l,k)}throw"not supported argument"};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(a,r,o,g,j){var v=KJUR.asn1;var u=KJUR.crypto;function p(s){var w=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return w}function q(w){var s=KJUR.asn1.ASN1Util.newObject({seq:[{"int":1},{octstr:{hex:w.prvKeyHex}},{tag:["a0",true,{oid:{name:w.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+w.pubKeyHex}}]}]});return s}function n(s){var w=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return w}if(((typeof RSAKey!="undefined"&&a instanceof RSAKey)||(typeof u.DSA!="undefined"&&a instanceof u.DSA)||(typeof u.ECDSA!="undefined"&&a instanceof u.ECDSA))&&a.isPublic==true&&(r===undefined||r=="PKCS8PUB")){var t=new KJUR.asn1.x509.SubjectPublicKeyInfo(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"PUBLIC KEY")}if(r=="PKCS1PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&(o===undefined||o==null)&&a.isPrivate==true){var t=p(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"RSA PRIVATE KEY")}if(r=="PKCS1PRV"&&typeof RSAKey!="undefined"&&a instanceof KJUR.crypto.ECDSA&&(o===undefined||o==null)&&a.isPrivate==true){var f=new KJUR.asn1.DERObjectIdentifier({name:a.curveName});var l=f.getEncodedHex();var e=q(a);var k=e.getEncodedHex();var i="";i+=v.ASN1Util.getPEMStringFromHex(l,"EC PARAMETERS");i+=v.ASN1Util.getPEMStringFromHex(k,"EC PRIVATE KEY");return i}if(r=="PKCS1PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&(o===undefined||o==null)&&a.isPrivate==true){var t=n(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"DSA PRIVATE KEY")}if(r=="PKCS5PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=p(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",m,o,g)}if(r=="PKCS5PRV"&&typeof KJUR.crypto.ECDSA!="undefined"&&a instanceof KJUR.crypto.ECDSA&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=q(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",m,o,g)}if(r=="PKCS5PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=n(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",m,o,g)}var h=function(w,s){var y=b(w,s);var x=new KJUR.asn1.ASN1Util.newObject({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:y.pbkdf2Salt}},{"int":y.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:y.encryptionSchemeIV}}]}]}]},{octstr:{hex:y.ciphertext}}]});return x.getEncodedHex()};var b=function(D,E){var x=100;var C=CryptoJS.lib.WordArray.random(8);var B="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var y=CryptoJS.PBKDF2(E,C,{keySize:192/32,iterations:x});var z=CryptoJS.enc.Hex.parse(D);var A=CryptoJS.TripleDES.encrypt(z,y,{iv:s})+"";var w={};w.ciphertext=A;w.pbkdf2Salt=CryptoJS.enc.Hex.stringify(C);w.pbkdf2Iter=x;w.encryptionSchemeAlg=B;w.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return w};if(r=="PKCS8PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&a.isPrivate==true){var d=p(a);var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}if(r=="PKCS8PRV"&&typeof KJUR.crypto.ECDSA!="undefined"&&a instanceof KJUR.crypto.ECDSA&&a.isPrivate==true){var d=new KJUR.asn1.ASN1Util.newObject({seq:[{"int":1},{octstr:{hex:a.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+a.pubKeyHex}}]}]});var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:a.curveName}}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}if(r=="PKCS8PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&a.isPrivate==true){var d=new KJUR.asn1.DERInteger({bigint:a.x});var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:a.p}},{"int":{bigint:a.q}},{"int":{bigint:a.g}}]}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}throw"unsupported object nor format"};KEYUTIL.getKeyFromCSRPEM=function(b){var a=ASN1HEX.pemToHex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var e=f(g,0);if(e.length<1){throw"malformed CSR(code:002)"}if(g.substr(e[0],2)!="30"){throw"malformed CSR(code:003)"}var a=f(g,e[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getJWKFromKey=function(d){var b={};if(d instanceof RSAKey&&d.isPrivate){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));b.d=hextob64u(d.d.toString(16));b.p=hextob64u(d.p.toString(16));b.q=hextob64u(d.q.toString(16));b.dp=hextob64u(d.dmp1.toString(16));b.dq=hextob64u(d.dmq1.toString(16));b.qi=hextob64u(d.coeff.toString(16));return b}else{if(d instanceof RSAKey&&d.isPublic){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPrivate){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);b.d=hextob64u(d.prvKeyHex);return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPublic){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);return b}}}}throw"not supported key object"}; \ No newline at end of file +var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(v){var w={};var q=v.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(q){w.cipher=q[1];w.ivsalt=q[2]}var p=v.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(p){w.type=p[1]}var u=-1;var x=0;if(v.indexOf("\r\n\r\n")!=-1){u=v.indexOf("\r\n\r\n");x=2}if(v.indexOf("\n\n")!=-1){u=v.indexOf("\n\n");x=1}var t=v.indexOf("-----END");if(u!=-1&&t!=-1){var r=v.substring(u+x*2,t-x);r=r.replace(/\s+/g,"");w.data=r}return w};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",getHexFromPEM:function(p,q){return pemtohex(p,q)},getDecryptedKeyHexByKeyIV:function(q,t,s,r){var p=c(t);return p(q,s,r)},parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getRSAKeyFromEncryptedPKCS5PEM:function(r,q){var s=this.getDecryptedKeyHex(r,q);var p=new RSAKey();p.readPrivateKeyFromASN1HexString(s);return p},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},getEncryptedPKCS5PEMFromRSAKey:function(D,E,r,t){var B=new KJUR.asn1.DERInteger({"int":0});var w=new KJUR.asn1.DERInteger({bigint:D.n});var A=new KJUR.asn1.DERInteger({"int":D.e});var C=new KJUR.asn1.DERInteger({bigint:D.d});var u=new KJUR.asn1.DERInteger({bigint:D.p});var s=new KJUR.asn1.DERInteger({bigint:D.q});var z=new KJUR.asn1.DERInteger({bigint:D.dmp1});var v=new KJUR.asn1.DERInteger({bigint:D.dmq1});var y=new KJUR.asn1.DERInteger({bigint:D.coeff});var F=new KJUR.asn1.DERSequence({array:[B,w,A,C,u,s,z,v,y]});var x=F.getEncodedHex();return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",x,E,r,t)},newEncryptedPKCS5PEM:function(p,q,t,u){if(typeof q=="undefined"||q==null){q=1024}if(typeof t=="undefined"||t==null){t="10001"}var r=new RSAKey();r.generate(q,t);var s=null;if(typeof u=="undefined"||u==null){s=this.getEncryptedPKCS5PEMFromRSAKey(r,p)}else{s=this.getEncryptedPKCS5PEMFromRSAKey(r,p,u)}return s},getRSAKeyFromPlainPKCS8PEM:function(r){if(r.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var q=pemtohex(r,"PRIVATE KEY");var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getRSAKeyFromPlainPKCS8Hex:function(q){var p=new RSAKey();p.readPKCS8PrvKeyHex(q);return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+A.length}if(w(y,A[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=z(y,A[1]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=z(y,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length}if(w(y,s[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=z(y,s[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getRSAKeyFromEncryptedPKCS8PEM:function(s,r){var q=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,r);var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=u(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=u(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}r.readPKCS8PrvKeyHex(p);return r},getRSAKeyFromPublicPKCS8PEM:function(q){var r=pemtohex(q,"PUBLIC KEY");var p=this.getRSAKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8PEM:function(q){var r=pemtohex(q,"PUBLIC KEY");var p=this.getKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=t(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=s(r,q[1]);return p},parsePrivateRawRSAKeyHexAtObj:function(q,v){var u=ASN1HEX;var t=u.getChildIdx;var r=u.getV;var s=u.getIdxbyList(q,0,[2,0]);var p=t(q,s);if(p.length!==9){throw"malformed PKCS#8 plain RSA private key"}v.key={};v.key.n=r(q,p[1]);v.key.e=r(q,p[2]);v.key.d=r(q,p[3]);v.key.p=r(q,p[4]);v.key.q=r(q,p[5]);v.key.dp=r(q,p[6]);v.key.dq=r(q,p[7]);v.key.co=r(q,p[8])},parsePrivateRawECKeyHexAtObj:function(p,s){var q=s.keyidx;var r=new KJUR.crypto.ECDSA();r.readPKCS8PrvKeyHex(p);s.key=r.prvKeyHex;s.pubkey=r.pubKeyHex},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var w=r[0];if(t.substr(w,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=u(t,w);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(t.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=s(t,r[1]).substr(2);return q},getRSAKeyFromPublicPKCS8Hex:function(p){var q=new RSAKey();q.readPKCS8PubKeyHex(p);return q},}}();KEYUTIL.getKey=function(l,k,n){var E=ASN1HEX,I=E.getChildIdx,u=E.getV,d=E.getVbyList,c=KJUR.crypto,i=c.ECDSA,B=c.DSA,v=RSAKey,J=pemtohex;if(typeof v!="undefined"&&l instanceof v){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof B!="undefined"&&l instanceof B){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var L=new v();L.setPublic(l.n,l.e);return L}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var L=new v();L.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return L}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var L=new v();L.setPrivate(l.n,l.e,l.d);return L}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var L=new B();L.setPublic(l.p,l.q,l.g,l.y);return L}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var L=new B();L.setPrivate(l.p,l.q,l.g,l.y,l.x);return L}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var L=new v();L.setPublic(b64utohex(l.n),b64utohex(l.e));return L}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var L=new v();L.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return L}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var L=new v();L.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return L}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var s=j.ecparams.keylen/4;var A=("0000000000"+b64utohex(l.x)).slice(-s);var w=("0000000000"+b64utohex(l.y)).slice(-s);var t="04"+A+w;j.setPublicKeyHex(t);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var s=j.ecparams.keylen/4;var A=("0000000000"+b64utohex(l.x)).slice(-s);var w=("0000000000"+b64utohex(l.y)).slice(-s);var t="04"+A+w;var b=("0000000000"+b64utohex(l.d)).slice(-s);j.setPublicKeyHex(t);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var G=l,E=ASN1HEX,K,L;K=I(G,0);if(K.length===9){L=new v();L.readPrivateKeyFromASN1HexString(l)}else{if(K.length===6){L=new B();L.readPKCS5PrvKeyHex(G)}else{if(K.length>2&&G.substr(K[1],2)==="04"){L=new i();L.readPKCS5PrvKeyHex(G)}else{throw"unsupported PKCS#1/5 hexadecimal key"}}}return L}if(n==="pkcs8prv"){var L=KEYUTIL.getKeyFromPlainPrivatePKCS8Hex(l);return L}if(n==="pkcs8pub"){return KEYUTIL.getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){return KEYUTIL.getKeyFromPublicPKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=J(l,"RSA PRIVATE KEY");return KEYUTIL.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var F=J(l,"DSA PRIVATE KEY");var D=d(F,0,[1],"02");var C=d(F,0,[2],"02");var H=d(F,0,[3],"02");var o=d(F,0,[4],"02");var r=d(F,0,[5],"02");var L=new B();L.setPrivate(new BigInteger(D,16),new BigInteger(C,16),new BigInteger(H,16),new BigInteger(o,16),new BigInteger(r,16));return L}if(l.indexOf("-END PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(l,k)}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var F=KEYUTIL.getDecryptedKeyHex(l,k);var L=d(F,0,[1],"04");var f=d(F,0,[2,0],"06");var z=d(F,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+f}var j=new i({curve:e});j.setPublicKeyHex(z);j.setPrivateKeyHex(L);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var F=KEYUTIL.getDecryptedKeyHex(l,k);var D=d(F,0,[1],"02");var C=d(F,0,[2],"02");var H=d(F,0,[3],"02");var o=d(F,0,[4],"02");var r=d(F,0,[5],"02");var L=new B();L.setPrivate(new BigInteger(D,16),new BigInteger(C,16),new BigInteger(H,16),new BigInteger(o,16),new BigInteger(r,16));return L}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromEncryptedPKCS8PEM(l,k)}throw"not supported argument"};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(b,C,x,l,p){var E=KJUR,j=E.asn1,y=j.DERObjectIdentifier,f=j.DERInteger,k=j.ASN1Util.newObject,a=j.x509,B=a.SubjectPublicKeyInfo,e=E.crypto,t=e.DSA,q=e.ECDSA,m=RSAKey;function z(s){var F=k({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return F}function A(F){var s=k({seq:[{"int":1},{octstr:{hex:F.prvKeyHex}},{tag:["a0",true,{oid:{name:F.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+F.pubKeyHex}}]}]});return s}function w(s){var F=k({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return F}if(((m!==undefined&&b instanceof m)||(t!==undefined&&b instanceof t)||(q!==undefined&&b instanceof q))&&b.isPublic==true&&(C===undefined||C=="PKCS8PUB")){var D=new B(b);var v=D.getEncodedHex();return hextopem(v,"PUBLIC KEY")}if(C=="PKCS1PRV"&&m!==undefined&&b instanceof m&&(x===undefined||x==null)&&b.isPrivate==true){var D=z(b);var v=D.getEncodedHex();return hextopem(v,"RSA PRIVATE KEY")}if(C=="PKCS1PRV"&&q!==undefined&&b instanceof q&&(x===undefined||x==null)&&b.isPrivate==true){var i=new y({name:b.curveName});var u=i.getEncodedHex();var h=A(b);var r=h.getEncodedHex();var o="";o+=hextopem(u,"EC PARAMETERS");o+=hextopem(r,"EC PRIVATE KEY");return o}if(C=="PKCS1PRV"&&t!==undefined&&b instanceof t&&(x===undefined||x==null)&&b.isPrivate==true){var D=w(b);var v=D.getEncodedHex();return hextopem(v,"DSA PRIVATE KEY")}if(C=="PKCS5PRV"&&m!==undefined&&b instanceof m&&(x!==undefined&&x!=null)&&b.isPrivate==true){var D=z(b);var v=D.getEncodedHex();if(l===undefined){l="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",v,x,l)}if(C=="PKCS5PRV"&&q!==undefined&&b instanceof q&&(x!==undefined&&x!=null)&&b.isPrivate==true){var D=A(b);var v=D.getEncodedHex();if(l===undefined){l="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",v,x,l)}if(C=="PKCS5PRV"&&t!==undefined&&b instanceof t&&(x!==undefined&&x!=null)&&b.isPrivate==true){var D=w(b);var v=D.getEncodedHex();if(l===undefined){l="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",v,x,l)}var n=function(F,s){var H=c(F,s);var G=new k({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:H.pbkdf2Salt}},{"int":H.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:H.encryptionSchemeIV}}]}]}]},{octstr:{hex:H.ciphertext}}]});return G.getEncodedHex()};var c=function(M,N){var G=100;var L=CryptoJS.lib.WordArray.random(8);var K="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var H=CryptoJS.PBKDF2(N,L,{keySize:192/32,iterations:G});var I=CryptoJS.enc.Hex.parse(M);var J=CryptoJS.TripleDES.encrypt(I,H,{iv:s})+"";var F={};F.ciphertext=J;F.pbkdf2Salt=CryptoJS.enc.Hex.stringify(L);F.pbkdf2Iter=G;F.encryptionSchemeAlg=K;F.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return F};if(C=="PKCS8PRV"&&m!=undefined&&b instanceof m&&b.isPrivate==true){var g=z(b);var d=g.getEncodedHex();var D=k({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var v=D.getEncodedHex();if(x===undefined||x==null){return hextopem(v,"PRIVATE KEY")}else{var r=n(v,x);return hextopem(r,"ENCRYPTED PRIVATE KEY")}}if(C=="PKCS8PRV"&&q!==undefined&&b instanceof q&&b.isPrivate==true){var g=new k({seq:[{"int":1},{octstr:{hex:b.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]}]});var d=g.getEncodedHex();var D=k({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var v=D.getEncodedHex();if(x===undefined||x==null){return hextopem(v,"PRIVATE KEY")}else{var r=n(v,x);return hextopem(r,"ENCRYPTED PRIVATE KEY")}}if(C=="PKCS8PRV"&&t!==undefined&&b instanceof t&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.getEncodedHex();var D=k({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var v=D.getEncodedHex();if(x===undefined||x==null){return hextopem(v,"PRIVATE KEY")}else{var r=n(v,x);return hextopem(r,"ENCRYPTED PRIVATE KEY")}}throw"unsupported object nor format"};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var e=f(g,0);if(e.length<1){throw"malformed CSR(code:002)"}if(g.substr(e[0],2)!="30"){throw"malformed CSR(code:003)"}var a=f(g,e[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getJWKFromKey=function(d){var b={};if(d instanceof RSAKey&&d.isPrivate){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));b.d=hextob64u(d.d.toString(16));b.p=hextob64u(d.p.toString(16));b.q=hextob64u(d.q.toString(16));b.dp=hextob64u(d.dmp1.toString(16));b.dq=hextob64u(d.dmq1.toString(16));b.qi=hextob64u(d.coeff.toString(16));return b}else{if(d instanceof RSAKey&&d.isPublic){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPrivate){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);b.d=hextob64u(d.prvKeyHex);return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPublic){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);return b}}}}throw"not supported key object"}; \ No newline at end of file diff --git a/min/pkcs5pkey-1.0.min.js b/min/pkcs5pkey-1.0.min.js index 1310be9c..225654a8 100644 --- a/min/pkcs5pkey-1.0.min.js +++ b/min/pkcs5pkey-1.0.min.js @@ -1,3 +1 @@ -/*! pkcs5pkey-1.1.1.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -var PKCS5PKEY=function(){var c=function(n,p,o){return i(CryptoJS.AES,n,p,o)};var d=function(n,p,o){return i(CryptoJS.TripleDES,n,p,o)};var i=function(q,v,s,o){var p=CryptoJS.enc.Hex.parse(v);var u=CryptoJS.enc.Hex.parse(s);var n=CryptoJS.enc.Hex.parse(o);var r={};r.key=u;r.iv=n;r.ciphertext=p;var t=q.decrypt(r,u,{iv:n});return CryptoJS.enc.Hex.stringify(t)};var j=function(n,p,o){return e(CryptoJS.AES,n,p,o)};var m=function(n,p,o){return e(CryptoJS.TripleDES,n,p,o)};var e=function(s,x,v,p){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(v);var o=CryptoJS.enc.Hex.parse(p);var n={};var u=s.encrypt(r,w,{iv:o});var q=CryptoJS.enc.Hex.parse(u.toString());var t=CryptoJS.enc.Base64.stringify(q);return t};var g={"AES-256-CBC":{proc:c,eproc:j,keylen:32,ivlen:16},"AES-192-CBC":{proc:c,eproc:j,keylen:24,ivlen:16},"AES-128-CBC":{proc:c,eproc:j,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:d,eproc:m,keylen:24,ivlen:8}};var b=function(n){return g[n]["proc"]};var k=function(n){var p=CryptoJS.lib.WordArray.random(n);var o=CryptoJS.enc.Hex.stringify(p);return o};var l=function(t){var u={};var o=t.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(o){u.cipher=o[1];u.ivsalt=o[2]}var n=t.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(n){u.type=n[1]}var r=-1;var v=0;if(t.indexOf("\r\n\r\n")!=-1){r=t.indexOf("\r\n\r\n");v=2}if(t.indexOf("\n\n")!=-1){r=t.indexOf("\n\n");v=1}var q=t.indexOf("-----END");if(r!=-1&&q!=-1){var p=t.substring(r+v*2,q-v);p=p.replace(/\s+/g,"");u.data=p}return u};var h=function(o,w,n){var t=n.substring(0,16);var r=CryptoJS.enc.Hex.parse(t);var p=CryptoJS.enc.Utf8.parse(w);var s=g[o]["keylen"]+g[o]["ivlen"];var v="";var u=null;for(;;){var q=CryptoJS.algo.MD5.create();if(u!=null){q.update(u)}q.update(p);q.update(r);u=q.finalize();v=v+CryptoJS.enc.Hex.stringify(u);if(v.length>=s*2){break}}var x={};x.keyhex=v.substr(0,g[o]["keylen"]*2);x.ivhex=v.substr(g[o]["keylen"]*2,g[o]["ivlen"]*2);return x};var a=function(n,t,p,u){var q=CryptoJS.enc.Base64.parse(n);var o=CryptoJS.enc.Hex.stringify(q);var s=g[t]["proc"];var r=s(o,p,u);return r};var f=function(n,q,o,s){var p=g[q]["eproc"];var r=p(n,o,s);return r};return{version:"1.0.5",getHexFromPEM:function(n,o){return ASN1HEX.pemToHex(n,o)},getDecryptedKeyHexByKeyIV:function(o,r,q,p){var n=b(r);return n(o,q,p)},parsePKCS5PEM:function(n){return l(n)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(o,n,p){return h(o,n,p)},decryptKeyB64:function(n,p,o,q){return a(n,p,o,q)},getDecryptedKeyHex:function(w,v){var o=l(w);var r=o.type;var p=o.cipher;var n=o.ivsalt;var q=o.data;var u=h(p,v,n);var t=u.keyhex;var s=a(q,p,t,n);return s},getRSAKeyFromEncryptedPKCS5PEM:function(p,o){var q=this.getDecryptedKeyHex(p,o);var n=new RSAKey();n.readPrivateKeyFromASN1HexString(q);return n},getEncryptedPKCS5PEMFromPrvKeyHex:function(q,x,r,p){if(typeof r=="undefined"||r==null){r="AES-256-CBC"}if(typeof g[r]=="undefined"){throw"PKCS5PKEY unsupported algorithm: "+r}if(typeof p=="undefined"||p==null){var t=g[r]["ivlen"];var s=k(t);p=s.toUpperCase()}var w=h(r,x,p);var v=w.keyhex;var u=f(q,r,v,p);var o=u.replace(/(.{64})/g,"$1\r\n");var n="-----BEGIN RSA PRIVATE KEY-----\r\n";n+="Proc-Type: 4,ENCRYPTED\r\n";n+="DEK-Info: "+r+","+p+"\r\n";n+="\r\n";n+=o;n+="\r\n-----END RSA PRIVATE KEY-----\r\n";return n},getEncryptedPKCS5PEMFromRSAKey:function(C,D,o,s){var A=new KJUR.asn1.DERInteger({"int":0});var v=new KJUR.asn1.DERInteger({bigint:C.n});var z=new KJUR.asn1.DERInteger({"int":C.e});var B=new KJUR.asn1.DERInteger({bigint:C.d});var t=new KJUR.asn1.DERInteger({bigint:C.p});var r=new KJUR.asn1.DERInteger({bigint:C.q});var y=new KJUR.asn1.DERInteger({bigint:C.dmp1});var u=new KJUR.asn1.DERInteger({bigint:C.dmq1});var x=new KJUR.asn1.DERInteger({bigint:C.coeff});var E=new KJUR.asn1.DERSequence({array:[A,v,z,B,t,r,y,u,x]});var w=E.getEncodedHex();return this.getEncryptedPKCS5PEMFromPrvKeyHex(w,D,o,s)},newEncryptedPKCS5PEM:function(n,o,r,s){if(typeof o=="undefined"||o==null){o=1024}if(typeof r=="undefined"||r==null){r="10001"}var p=new RSAKey();p.generate(o,r);var q=null;if(typeof s=="undefined"||s==null){q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n)}else{q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n,s)}return q},getRSAKeyFromPlainPKCS8PEM:function(p){if(p.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var o=ASN1HEX.pemToHex(p,"PRIVATE KEY");var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getRSAKeyFromPlainPKCS8Hex:function(o){var n=new RSAKey();n.readPKCS8PrvKeyHex(o);return n},parseHexOfEncryptedPKCS8:function(w){var z=ASN1HEX;var x=z.getChildIdx;var u=z.getV;var r={};var p=x(w,0);if(p.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+p.length}r.ciphertext=u(w,p[1]);var y=x(w,p[0]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+y.length}if(u(w,y[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var n=x(w,y[1]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+n.length}var o=x(w,n[1]);if(o.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+o.length}if(u(w,o[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}r.encryptionSchemeAlg="TripleDES";r.encryptionSchemeIV=u(w,o[1]);var q=x(w,n[0]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+q.length}if(u(w,q[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var v=x(w,q[1]);if(v.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+v.length}r.pbkdf2Salt=u(w,v[0]);var s=u(w,v[1]);try{r.pbkdf2Iter=parseInt(s,16)}catch(t){throw"malformed format pbkdf2Iter: "+s}return r},getPBKDF2KeyHexFromParam:function(s,n){var r=CryptoJS.enc.Hex.parse(s.pbkdf2Salt);var o=s.pbkdf2Iter;var q=CryptoJS.PBKDF2(n,r,{keySize:192/32,iterations:o});var p=CryptoJS.enc.Hex.stringify(q);return p},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(v,w){var p=ASN1HEX.pemToHex(v,"ENCRYPTED PRIVATE KEY");var n=this.parseHexOfEncryptedPKCS8(p);var s=PKCS5PKEY.getPBKDF2KeyHexFromParam(n,w);var t={};t.ciphertext=CryptoJS.enc.Hex.parse(n.ciphertext);var r=CryptoJS.enc.Hex.parse(s);var q=CryptoJS.enc.Hex.parse(n.encryptionSchemeIV);var u=CryptoJS.TripleDES.decrypt(t,r,{iv:q});var o=CryptoJS.enc.Hex.stringify(u);return o},getRSAKeyFromEncryptedPKCS8PEM:function(q,p){var o=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,p);var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getKeyFromEncryptedPKCS8PEM:function(q,o){var n=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,o);var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},parsePlainPrivatePKCS8Hex:function(q){var t=ASN1HEX;var s=t.getChildIdx;var r=t.getV;var o={};o.algparam=null;if(q.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var p=s(q,0);if(p.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(q.substr(p[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var n=s(q,p[1]);if(n.length!=2){throw"malformed PKCS8 private key(code:004)"}if(q.substr(n[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}o.algoid=r(q,n[0]);if(q.substr(n[1],2)=="06"){o.algparam=r(q,n[1])}if(q.substr(p[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}o.keyidx=t.getVidx(q,p[2]);return o},getKeyFromPlainPrivatePKCS8PEM:function(o){var n=ASN1HEX.pemToHex(o,"PRIVATE KEY");var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},getKeyFromPlainPrivatePKCS8Hex:function(n){var o=this.parsePlainPrivatePKCS8Hex(n);var p;if(o.algoid=="2a864886f70d010101"){p=new RSAKey()}else{if(o.algoid=="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(o.algoid=="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}p.readPKCS8PrvKeyHex(n);return p},getRSAKeyFromPublicPKCS8PEM:function(o){var p=ASN1HEX.pemToHex(o,"PUBLIC KEY");var n=this.getRSAKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8PEM:function(o){var p=ASN1HEX.pemToHex(o,"PUBLIC KEY");var n=this.getKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8Hex:function(o){var n;var p=ASN1HEX.getVbyList(o,0,[0,0],"06");if(p==="2a864886f70d010101"){n=new RSAKey()}else{if(p==="2a8648ce380401"){n=new KJUR.crypto.DSA()}else{if(p==="2a8648ce3d0201"){n=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}n.readPKCS8PubKeyHex(o);return n},parsePublicRawRSAKeyHex:function(p){var s=ASN1HEX;var r=s.getChildIdx;var q=s.getV;var n={};if(p.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var o=r(p,0);if(o.length!=2){throw"malformed RSA key(code:002)"}if(p.substr(o[0],2)!="02"){throw"malformed RSA key(code:003)"}n.n=q(p,o[0]);if(p.substr(o[1],2)!="02"){throw"malformed RSA key(code:004)"}n.e=q(p,o[1]);return n},parsePrivateRawRSAKeyHexAtObj:function(o,t){var s=ASN1HEX;var r=s.getChildIdx;var p=s.getV;var q=s.getIdxbyList(o,0,[2,0]);var n=r(o,q);if(n.length!==9){throw"malformed PKCS#8 plain RSA private key"}t.key={};t.key.n=p(o,n[1]);t.key.e=p(o,n[2]);t.key.d=p(o,n[3]);t.key.p=p(o,n[4]);t.key.q=p(o,n[5]);t.key.dp=p(o,n[6]);t.key.dq=p(o,n[7]);t.key.co=p(o,n[8])},parsePrivateRawECKeyHexAtObj:function(n,q){var o=q.keyidx;var p=new KJUR.crypto.ECDSA();p.readPKCS8PrvKeyHex(n);q.key=p.prvKeyHex;q.pubkey=p.pubKeyHex},parsePublicPKCS8Hex:function(r){var t=ASN1HEX;var s=t.getChildIdx;var q=t.getV;var o={};o.algparam=null;var p=s(r,0);if(p.length!=2){throw"outer DERSequence shall have 2 elements: "+p.length}var u=p[0];if(r.substr(u,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var n=s(r,u);if(n.length!=2){throw"malformed PKCS8 public key(code:002)"}if(r.substr(n[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}o.algoid=q(r,n[0]);if(r.substr(n[1],2)=="06"){o.algparam=q(r,n[1])}else{if(r.substr(n[1],2)=="30"){o.algparam={};o.algparam.p=t.getVbyList(r,n[1],[0],"02");o.algparam.q=t.getVbyList(r,n[1],[1],"02");o.algparam.g=t.getVbyList(r,n[1],[2],"02")}}if(r.substr(p[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}o.key=q(r,p[1]).substr(2);return o},getRSAKeyFromPublicPKCS8Hex:function(n){var o=new RSAKey();o.readPKCS8PubKeyHex(n);return o},}}(); \ No newline at end of file +var PKCS5PKEY=function(){var c=function(n,p,o){return i(CryptoJS.AES,n,p,o)};var d=function(n,p,o){return i(CryptoJS.TripleDES,n,p,o)};var i=function(q,v,s,o){var p=CryptoJS.enc.Hex.parse(v);var u=CryptoJS.enc.Hex.parse(s);var n=CryptoJS.enc.Hex.parse(o);var r={};r.key=u;r.iv=n;r.ciphertext=p;var t=q.decrypt(r,u,{iv:n});return CryptoJS.enc.Hex.stringify(t)};var j=function(n,p,o){return e(CryptoJS.AES,n,p,o)};var m=function(n,p,o){return e(CryptoJS.TripleDES,n,p,o)};var e=function(s,x,v,p){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(v);var o=CryptoJS.enc.Hex.parse(p);var n={};var u=s.encrypt(r,w,{iv:o});var q=CryptoJS.enc.Hex.parse(u.toString());var t=CryptoJS.enc.Base64.stringify(q);return t};var g={"AES-256-CBC":{proc:c,eproc:j,keylen:32,ivlen:16},"AES-192-CBC":{proc:c,eproc:j,keylen:24,ivlen:16},"AES-128-CBC":{proc:c,eproc:j,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:d,eproc:m,keylen:24,ivlen:8}};var b=function(n){return g[n]["proc"]};var k=function(n){var p=CryptoJS.lib.WordArray.random(n);var o=CryptoJS.enc.Hex.stringify(p);return o};var l=function(t){var u={};var o=t.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(o){u.cipher=o[1];u.ivsalt=o[2]}var n=t.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(n){u.type=n[1]}var r=-1;var v=0;if(t.indexOf("\r\n\r\n")!=-1){r=t.indexOf("\r\n\r\n");v=2}if(t.indexOf("\n\n")!=-1){r=t.indexOf("\n\n");v=1}var q=t.indexOf("-----END");if(r!=-1&&q!=-1){var p=t.substring(r+v*2,q-v);p=p.replace(/\s+/g,"");u.data=p}return u};var h=function(o,w,n){var t=n.substring(0,16);var r=CryptoJS.enc.Hex.parse(t);var p=CryptoJS.enc.Utf8.parse(w);var s=g[o]["keylen"]+g[o]["ivlen"];var v="";var u=null;for(;;){var q=CryptoJS.algo.MD5.create();if(u!=null){q.update(u)}q.update(p);q.update(r);u=q.finalize();v=v+CryptoJS.enc.Hex.stringify(u);if(v.length>=s*2){break}}var x={};x.keyhex=v.substr(0,g[o]["keylen"]*2);x.ivhex=v.substr(g[o]["keylen"]*2,g[o]["ivlen"]*2);return x};var a=function(n,t,p,u){var q=CryptoJS.enc.Base64.parse(n);var o=CryptoJS.enc.Hex.stringify(q);var s=g[t]["proc"];var r=s(o,p,u);return r};var f=function(n,q,o,s){var p=g[q]["eproc"];var r=p(n,o,s);return r};return{version:"1.0.5",getHexFromPEM:function(n,o){return pemtohex(n,o)},getDecryptedKeyHexByKeyIV:function(o,r,q,p){var n=b(r);return n(o,q,p)},parsePKCS5PEM:function(n){return l(n)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(o,n,p){return h(o,n,p)},decryptKeyB64:function(n,p,o,q){return a(n,p,o,q)},getDecryptedKeyHex:function(w,v){var o=l(w);var r=o.type;var p=o.cipher;var n=o.ivsalt;var q=o.data;var u=h(p,v,n);var t=u.keyhex;var s=a(q,p,t,n);return s},getRSAKeyFromEncryptedPKCS5PEM:function(p,o){var q=this.getDecryptedKeyHex(p,o);var n=new RSAKey();n.readPrivateKeyFromASN1HexString(q);return n},getEncryptedPKCS5PEMFromPrvKeyHex:function(q,x,r,p){if(typeof r=="undefined"||r==null){r="AES-256-CBC"}if(typeof g[r]=="undefined"){throw"PKCS5PKEY unsupported algorithm: "+r}if(typeof p=="undefined"||p==null){var t=g[r]["ivlen"];var s=k(t);p=s.toUpperCase()}var w=h(r,x,p);var v=w.keyhex;var u=f(q,r,v,p);var o=u.replace(/(.{64})/g,"$1\r\n");var n="-----BEGIN RSA PRIVATE KEY-----\r\n";n+="Proc-Type: 4,ENCRYPTED\r\n";n+="DEK-Info: "+r+","+p+"\r\n";n+="\r\n";n+=o;n+="\r\n-----END RSA PRIVATE KEY-----\r\n";return n},getEncryptedPKCS5PEMFromRSAKey:function(C,D,o,s){var A=new KJUR.asn1.DERInteger({"int":0});var v=new KJUR.asn1.DERInteger({bigint:C.n});var z=new KJUR.asn1.DERInteger({"int":C.e});var B=new KJUR.asn1.DERInteger({bigint:C.d});var t=new KJUR.asn1.DERInteger({bigint:C.p});var r=new KJUR.asn1.DERInteger({bigint:C.q});var y=new KJUR.asn1.DERInteger({bigint:C.dmp1});var u=new KJUR.asn1.DERInteger({bigint:C.dmq1});var x=new KJUR.asn1.DERInteger({bigint:C.coeff});var E=new KJUR.asn1.DERSequence({array:[A,v,z,B,t,r,y,u,x]});var w=E.getEncodedHex();return this.getEncryptedPKCS5PEMFromPrvKeyHex(w,D,o,s)},newEncryptedPKCS5PEM:function(n,o,r,s){if(typeof o=="undefined"||o==null){o=1024}if(typeof r=="undefined"||r==null){r="10001"}var p=new RSAKey();p.generate(o,r);var q=null;if(typeof s=="undefined"||s==null){q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n)}else{q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n,s)}return q},getRSAKeyFromPlainPKCS8PEM:function(p){if(p.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var o=pemtohex(p,"PRIVATE KEY");var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getRSAKeyFromPlainPKCS8Hex:function(o){var n=new RSAKey();n.readPKCS8PrvKeyHex(o);return n},parseHexOfEncryptedPKCS8:function(w){var z=ASN1HEX;var x=z.getChildIdx;var u=z.getV;var r={};var p=x(w,0);if(p.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+p.length}r.ciphertext=u(w,p[1]);var y=x(w,p[0]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+y.length}if(u(w,y[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var n=x(w,y[1]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+n.length}var o=x(w,n[1]);if(o.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+o.length}if(u(w,o[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}r.encryptionSchemeAlg="TripleDES";r.encryptionSchemeIV=u(w,o[1]);var q=x(w,n[0]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+q.length}if(u(w,q[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var v=x(w,q[1]);if(v.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+v.length}r.pbkdf2Salt=u(w,v[0]);var s=u(w,v[1]);try{r.pbkdf2Iter=parseInt(s,16)}catch(t){throw"malformed format pbkdf2Iter: "+s}return r},getPBKDF2KeyHexFromParam:function(s,n){var r=CryptoJS.enc.Hex.parse(s.pbkdf2Salt);var o=s.pbkdf2Iter;var q=CryptoJS.PBKDF2(n,r,{keySize:192/32,iterations:o});var p=CryptoJS.enc.Hex.stringify(q);return p},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(v,w){var p=pemtohex(v,"ENCRYPTED PRIVATE KEY");var n=this.parseHexOfEncryptedPKCS8(p);var s=PKCS5PKEY.getPBKDF2KeyHexFromParam(n,w);var t={};t.ciphertext=CryptoJS.enc.Hex.parse(n.ciphertext);var r=CryptoJS.enc.Hex.parse(s);var q=CryptoJS.enc.Hex.parse(n.encryptionSchemeIV);var u=CryptoJS.TripleDES.decrypt(t,r,{iv:q});var o=CryptoJS.enc.Hex.stringify(u);return o},getRSAKeyFromEncryptedPKCS8PEM:function(q,p){var o=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,p);var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getKeyFromEncryptedPKCS8PEM:function(q,o){var n=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,o);var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},parsePlainPrivatePKCS8Hex:function(q){var t=ASN1HEX;var s=t.getChildIdx;var r=t.getV;var o={};o.algparam=null;if(q.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var p=s(q,0);if(p.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(q.substr(p[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var n=s(q,p[1]);if(n.length!=2){throw"malformed PKCS8 private key(code:004)"}if(q.substr(n[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}o.algoid=r(q,n[0]);if(q.substr(n[1],2)=="06"){o.algparam=r(q,n[1])}if(q.substr(p[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}o.keyidx=t.getVidx(q,p[2]);return o},getKeyFromPlainPrivatePKCS8PEM:function(o){var n=pemtohex(o,"PRIVATE KEY");var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},getKeyFromPlainPrivatePKCS8Hex:function(n){var o=this.parsePlainPrivatePKCS8Hex(n);var p;if(o.algoid=="2a864886f70d010101"){p=new RSAKey()}else{if(o.algoid=="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(o.algoid=="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}p.readPKCS8PrvKeyHex(n);return p},getRSAKeyFromPublicPKCS8PEM:function(o){var p=pemtohex(o,"PUBLIC KEY");var n=this.getRSAKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8PEM:function(o){var p=pemtohex(o,"PUBLIC KEY");var n=this.getKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8Hex:function(o){var n;var p=ASN1HEX.getVbyList(o,0,[0,0],"06");if(p==="2a864886f70d010101"){n=new RSAKey()}else{if(p==="2a8648ce380401"){n=new KJUR.crypto.DSA()}else{if(p==="2a8648ce3d0201"){n=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}n.readPKCS8PubKeyHex(o);return n},parsePublicRawRSAKeyHex:function(p){var s=ASN1HEX;var r=s.getChildIdx;var q=s.getV;var n={};if(p.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var o=r(p,0);if(o.length!=2){throw"malformed RSA key(code:002)"}if(p.substr(o[0],2)!="02"){throw"malformed RSA key(code:003)"}n.n=q(p,o[0]);if(p.substr(o[1],2)!="02"){throw"malformed RSA key(code:004)"}n.e=q(p,o[1]);return n},parsePrivateRawRSAKeyHexAtObj:function(o,t){var s=ASN1HEX;var r=s.getChildIdx;var p=s.getV;var q=s.getIdxbyList(o,0,[2,0]);var n=r(o,q);if(n.length!==9){throw"malformed PKCS#8 plain RSA private key"}t.key={};t.key.n=p(o,n[1]);t.key.e=p(o,n[2]);t.key.d=p(o,n[3]);t.key.p=p(o,n[4]);t.key.q=p(o,n[5]);t.key.dp=p(o,n[6]);t.key.dq=p(o,n[7]);t.key.co=p(o,n[8])},parsePrivateRawECKeyHexAtObj:function(n,q){var o=q.keyidx;var p=new KJUR.crypto.ECDSA();p.readPKCS8PrvKeyHex(n);q.key=p.prvKeyHex;q.pubkey=p.pubKeyHex},parsePublicPKCS8Hex:function(r){var t=ASN1HEX;var s=t.getChildIdx;var q=t.getV;var o={};o.algparam=null;var p=s(r,0);if(p.length!=2){throw"outer DERSequence shall have 2 elements: "+p.length}var u=p[0];if(r.substr(u,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var n=s(r,u);if(n.length!=2){throw"malformed PKCS8 public key(code:002)"}if(r.substr(n[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}o.algoid=q(r,n[0]);if(r.substr(n[1],2)=="06"){o.algparam=q(r,n[1])}else{if(r.substr(n[1],2)=="30"){o.algparam={};o.algparam.p=t.getVbyList(r,n[1],[0],"02");o.algparam.q=t.getVbyList(r,n[1],[1],"02");o.algparam.g=t.getVbyList(r,n[1],[2],"02")}}if(r.substr(p[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}o.key=q(r,p[1]).substr(2);return o},getRSAKeyFromPublicPKCS8Hex:function(n){var o=new RSAKey();o.readPKCS8PubKeyHex(n);return o},}}(); \ No newline at end of file diff --git a/min/rsapem-1.1.min.js b/min/rsapem-1.1.min.js index 01de2dd1..a4cf5930 100644 --- a/min/rsapem-1.1.min.js +++ b/min/rsapem-1.1.min.js @@ -1,3 +1 @@ -/*! rsapem-1.2.1.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -RSAKey.pemToBase64=function(b){var a=b;a=a.replace("-----BEGIN RSA PRIVATE KEY-----","");a=a.replace("-----END RSA PRIVATE KEY-----","");a=a.replace(/[ \n]+/g,"");return a};RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(e){var c=RSAKey.pemToBase64(e);var d=b64tohex(c);var b=RSAKey.getHexValueArrayOfChildrenFromHex(d);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPrivateKeyFromASN1HexString=function(a){this.readPKCS5PrvKeyHex(a)};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,j,l,b,a,f,d,k;var m=ASN1HEX;var g=m.getVbyList;if(m.isASN1HEX(e)===false){throw"not ASN.1 hex string"}try{c=g(e,0,[2,0,1],"02");j=g(e,0,[2,0,2],"02");l=g(e,0,[2,0,3],"02");b=g(e,0,[2,0,4],"02");a=g(e,0,[2,0,5],"02");f=g(e,0,[2,0,6],"02");d=g(e,0,[2,0,7],"02");k=g(e,0,[2,0,8],"02")}catch(i){throw"malformed PKCS#8 plain RSA private key"}this.setPrivateEx(c,j,l,b,a,f,d,k)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw"keyHex is not ASN.1 hex string"}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw"wrong hex for PKCS#5 public key"}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw"not ASN.1 hex string"}if(c.getTLVbyList(b,0,[0,0])!=="06092a864886f70d010101"){throw"not PKCS8 RSA public key"}var a=c.getTLVbyList(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; \ No newline at end of file +RSAKey.pemToBase64=function(a){return hextob64(pemtohex(a))};RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(e){var c=RSAKey.pemToBase64(e);var d=b64tohex(c);var b=RSAKey.getHexValueArrayOfChildrenFromHex(d);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPrivateKeyFromASN1HexString=function(a){this.readPKCS5PrvKeyHex(a)};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,j,l,b,a,f,d,k;var m=ASN1HEX;var g=m.getVbyList;if(m.isASN1HEX(e)===false){throw"not ASN.1 hex string"}try{c=g(e,0,[2,0,1],"02");j=g(e,0,[2,0,2],"02");l=g(e,0,[2,0,3],"02");b=g(e,0,[2,0,4],"02");a=g(e,0,[2,0,5],"02");f=g(e,0,[2,0,6],"02");d=g(e,0,[2,0,7],"02");k=g(e,0,[2,0,8],"02")}catch(i){throw"malformed PKCS#8 plain RSA private key"}this.setPrivateEx(c,j,l,b,a,f,d,k)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw"keyHex is not ASN.1 hex string"}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw"wrong hex for PKCS#5 public key"}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw"not ASN.1 hex string"}if(c.getTLVbyList(b,0,[0,0])!=="06092a864886f70d010101"){throw"not PKCS8 RSA public key"}var a=c.getTLVbyList(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; \ No newline at end of file diff --git a/min/rsasign-1.2.min.js b/min/rsasign-1.2.min.js index 11f98b14..5d3311bf 100644 --- a/min/rsasign-1.2.min.js +++ b/min/rsasign-1.2.min.js @@ -1,3 +1 @@ -/*! rsasign-1.2.7.js (c) 2012 Kenji Urushima | kjur.github.com/jsrsasign/license - */ var _RE_HEXDECONLY=new RegExp("");_RE_HEXDECONLY.compile("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}function _rsasign_signStringPSS(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)}function _rsasign_signWithMessageHashPSS(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw"invalid salt length"}}}if(c<(g+k+2)){throw"data too long"}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)}function _rsasign_verifyWithMessageHash(e,a){a=a.replace(_RE_HEXDECONLY,"");a=a.replace(/[ \n]+/g,"");var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)}function _rsasign_verifyStringPSS(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)}function _rsasign_verifyWithMessageHashPSS(f,s,l,c){var k=new BigInteger(s,16);if(k.bitLength()>this.n.bitLength()){return false}var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw"invalid salt length"}}}if(m<(h+c+2)){throw"data too long"}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw"bits beyond keysize not zero"}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); -/*! asn1-1.0.12.js (c) 2013-2016 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw"ASN.1 length too long to represent by 8x: n = "+i.toString(16)}var f=128+g;return f.toString(16)+h}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(this.s)};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(f){utc=f.getTime()+(f.getTimezoneOffset()*60000);var e=new Date(utc);return e};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";this.hTLV="0101ff"};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=(l*2))){break}if(d>=200){break}g.push(b);c=b;d++}return g};ASN1HEX.getPosArrayOfChildren_AtObj=ASN1HEX.getChildIdx;ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getNthChildIndex_AtObj=ASN1HEX.getNthChildIdx;ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){throw"checking tag doesn't match: "+e.substr(d,2)+"!="+i}}return d}f=c.shift();b=g.getChildIdx(e,d);return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getDecendantIndexByNthList=ASN1HEX.getIdxbyList;ASN1HEX.getTLVbyList=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyList(d,c,b);if(a===undefined){throw"can't find nthList object"}if(f!==undefined){if(d.substr(a,2)!=f){throw"checking tag doesn't match: "+d.substr(a,2)+"!="+f}}return e.getTLV(d,a)};ASN1HEX.getDecendantHexTLVByNthList=ASN1HEX.getTLVbyList;ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a===undefined){throw"can't find nthList object"}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getDecendantHexVByNthList=ASN1HEX.getVbyList;ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;if(e.substr(l,2)=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(e.substr(l,2)=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(e.substr(l,2)=="03"){var h=j(e,l);return g+"BITSTRING "+q(h,x)+"\n"}if(e.substr(l,2)=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(e.substr(l,2)=="05"){return g+"NULL\n"}if(e.substr(l,2)=="06"){var m=j(e,l);var a=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(a);var b=a.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+b+")\n"}else{return g+"ObjectIdentifier ("+b+")\n"}}if(e.substr(l,2)=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(e.substr(l,2)=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(e.substr(l,2)=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension.appendByNameToArray=function(e,c,b){if(e.toLowerCase()=="basicconstraints"){var d=new KJUR.asn1.x509.BasicConstraints(c);b.push(d)}else{if(e.toLowerCase()=="keyusage"){var d=new KJUR.asn1.x509.KeyUsage(c);b.push(d)}else{if(e.toLowerCase()=="crldistributionpoints"){var d=new KJUR.asn1.x509.CRLDistributionPoints(c);b.push(d)}else{if(e.toLowerCase()=="extkeyusage"){var d=new KJUR.asn1.x509.ExtKeyUsage(c);b.push(d)}else{if(e.toLowerCase()=="authoritykeyidentifier"){var d=new KJUR.asn1.x509.AuthorityKeyIdentifier(c);b.push(d)}else{if(e.toLowerCase()=="authorityinfoaccess"){var d=new KJUR.asn1.x509.AuthorityInfoAccess(c);b.push(d)}else{if(e.toLowerCase()=="subjectaltname"){var d=new KJUR.asn1.x509.SubjectAltName(c);b.push(d)}else{if(e.toLowerCase()=="issueraltname"){var d=new KJUR.asn1.x509.IssuerAltName(c);b.push(d)}else{throw"unsupported extension name: "+e}}}}}}}}};KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(b){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(c){var d=c.split("/");d.shift();for(var e=0;e0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.RDN=function(a){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=new Array();this.addByString=function(b){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:b}))};this.addByMultiValuedString=function(d){var b=KJUR.asn1.x509.RDN.parseString(d);for(var c=0;c0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(b){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);var d=null;var c=null;var a="utf8";this.setByString=function(f){var e=f.match(/^([^=]+)=(.+)$/);if(e){this.setByAttrTypeAndValueStr(e[1],e[2])}else{throw"malformed attrTypeAndValueStr: "+f}};this.setByAttrTypeAndValueStr=function(g,f){this.typeObj=KJUR.asn1.x509.OID.atype2obj(g);var e=a;if(g=="C"){e="prn"}this.valueObj=this.getValueObj(e,f)};this.getValueObj=function(f,e){if(f=="utf8"){return new KJUR.asn1.DERUTF8String({str:e})}if(f=="prn"){return new KJUR.asn1.DERPrintableString({str:e})}if(f=="tel"){return new KJUR.asn1.DERTeletexString({str:e})}if(f=="ia5"){return new KJUR.asn1.DERIA5String({str:e})}throw"unsupported directory string type: type="+f+" value="+e};this.getEncodedHex=function(){var e=new KJUR.asn1.DERSequence({array:[this.typeObj,this.valueObj]});this.TLV=e.getEncodedHex();return this.TLV};if(typeof b!="undefined"){if(typeof b.str!="undefined"){this.setByString(b.str)}}};YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(d){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var b=null;var c=null;var a=null;this.setRSAKey=function(e){if(!RSAKey.prototype.isPrototypeOf(e)){throw"argument is not RSAKey instance"}this.rsaKey=e;var g=new KJUR.asn1.DERInteger({bigint:e.n});var f=new KJUR.asn1.DERInteger({"int":e.e});var i=new KJUR.asn1.DERSequence({array:[g,f]});var h=i.getEncodedHex();this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"rsaEncryption"});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+h})};this.setRSAPEM=function(g){if(g.match(/-----BEGIN PUBLIC KEY-----/)){var n=g;n=n.replace(/^-----[^-]+-----/,"");n=n.replace(/-----[^-]+-----\s*$/,"");var m=n.replace(/\s+/g,"");var f=CryptoJS.enc.Base64.parse(m);var i=CryptoJS.enc.Hex.stringify(f);var k=RSAKey.getHexValueArrayOfChildrenFromHex(i);var h=k[1];var l=h.substr(2);var e=RSAKey.getHexValueArrayOfChildrenFromHex(l);var j=new RSAKey();j.setPublic(e[0],e[1]);this.setRSAKey(j)}else{throw"key not supported"}};this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var e=new KJUR.asn1.DERSequence({array:[this.asn1AlgId,this.asn1SubjPKey]});return e};this.getEncodedHex=function(){var e=this.getASN1Object();this.hTLV=e.getEncodedHex();return this.hTLV};this._setRSAKey=function(e){var g=KJUR.asn1.ASN1Util.newObject({seq:[{"int":{bigint:e.n}},{"int":{"int":e.e}}]});var f=g.getEncodedHex();this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"rsaEncryption"});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+f})};this._setEC=function(e){var f=new KJUR.asn1.DERObjectIdentifier({name:e.curveName});this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"ecPublicKey",asn1params:f});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+e.pubKeyHex})};this._setDSA=function(e){var f=new KJUR.asn1.ASN1Util.newObject({seq:[{"int":{bigint:e.p}},{"int":{bigint:e.q}},{"int":{bigint:e.g}}]});this.asn1AlgId=new KJUR.asn1.x509.AlgorithmIdentifier({name:"dsa",asn1params:f});var g=new KJUR.asn1.DERInteger({bigint:e.y});this.asn1SubjPKey=new KJUR.asn1.DERBitString({hex:"00"+g.getEncodedHex()})};if(typeof d!="undefined"){if(typeof RSAKey!="undefined"&&d instanceof RSAKey){this._setRSAKey(d)}else{if(typeof KJUR.crypto.ECDSA!="undefined"&&d instanceof KJUR.crypto.ECDSA){this._setEC(d)}else{if(typeof KJUR.crypto.DSA!="undefined"&&d instanceof KJUR.crypto.DSA){this._setDSA(d)}else{if(typeof d.rsakey!="undefined"){this.setRSAKey(d.rsakey)}else{if(typeof d.rsapem!="undefined"){this.setRSAPEM(d.rsapem)}}}}}}};YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(c){KJUR.asn1.x509.Time.superclass.constructor.call(this);var b=null;var a=null;this.setTimeParams=function(d){this.timeParams=d};this.getEncodedHex=function(){var d=null;if(this.timeParams!=null){if(this.type=="utc"){d=new KJUR.asn1.DERUTCTime(this.timeParams)}else{d=new KJUR.asn1.DERGeneralizedTime(this.timeParams)}}else{if(this.type=="utc"){d=new KJUR.asn1.DERUTCTime()}else{d=new KJUR.asn1.DERGeneralizedTime()}}this.TLV=d.getEncodedHex();return this.TLV};this.type="utc";if(typeof c!="undefined"){if(typeof c.type!="undefined"){this.type=c.type}else{if(typeof c.str!="undefined"){if(c.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(c.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=c}};YAHOO.lang.extend(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(b){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;this.getEncodedHex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw"algorithm not specified"}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=KJUR.asn1.x509.OID.name2obj(this.nameAlg)}var c=[this.asn1Alg];if(this.asn1Params!==null){c.push(this.asn1Params)}var d=new KJUR.asn1.DERSequence({array:c});this.hTLV=d.getEncodedHex();return this.hTLV};if(b!==undefined){if(b.name!==undefined){this.nameAlg=b.name}if(b.asn1params!==undefined){this.asn1Params=b.asn1params}if(b.paramempty!==undefined){this.paramEmpty=b.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){var a=this.nameAlg.toLowerCase();if(a.substr(-7,7)!=="withdsa"&&a.substr(-9,9)!=="withecdsa"){this.asn1Params=new KJUR.asn1.DERNull()}}};YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralName=function(d){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var c=null;var b=null;var a={rfc822:"81",dns:"82",dn:"a4",uri:"86"};this.explicit=false;this.setByParam=function(k){var j=null;var g=null;if(k===undefined){return}if(k.rfc822!==undefined){this.type="rfc822";g=new KJUR.asn1.DERIA5String({str:k[this.type]})}if(k.dns!==undefined){this.type="dns";g=new KJUR.asn1.DERIA5String({str:k[this.type]})}if(k.uri!==undefined){this.type="uri";g=new KJUR.asn1.DERIA5String({str:k[this.type]})}if(k.dn!==undefined){this.type="dn";g=new KJUR.asn1.x509.X500Name({str:k.dn})}if(k.ldapdn!==undefined){this.type="dn";g=new KJUR.asn1.x509.X500Name({ldapstr:k.ldapdn})}if(k.certissuer!==undefined){this.type="dn";this.explicit=true;var h=k.certissuer;var f=null;if(h.match(/^[0-9A-Fa-f]+$/)){f==h}if(h.indexOf("-----BEGIN ")!=-1){f=ASN1HEX.pemToHex(h)}if(f==null){throw"certissuer param not cert"}var e=new X509();e.hex=f;var i=e.getIssuerHex();g=new KJUR.asn1.ASN1Object();g.hTLV=i}if(k.certsubj!==undefined){this.type="dn";this.explicit=true;var h=k.certsubj;var f=null;if(h.match(/^[0-9A-Fa-f]+$/)){f==h}if(h.indexOf("-----BEGIN ")!=-1){f=ASN1HEX.pemToHex(h)}if(f==null){throw"certsubj param not cert"}var e=new X509();e.hex=f;var i=e.getSubjectHex();g=new KJUR.asn1.ASN1Object();g.hTLV=i}if(this.type==null){throw"unsupported type in params="+k}this.asn1Obj=new KJUR.asn1.DERTaggedObject({explicit:this.explicit,tag:a[this.type],obj:g})};this.getEncodedHex=function(){return this.asn1Obj.getEncodedHex()};if(d!==undefined){this.setByParam(d)}};YAHOO.lang.extend(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(b){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null;this.setByParamArray=function(e){for(var c=0;c0){h=new a.DERTaggedObject({obj:this.dUnsignedAttrs,tag:"a1",explicit:false})}var g=[this.dCMSVersion,this.dSignerIdentifier,this.dDigestAlgorithm,e,this.dSigAlg,this.dSig,];if(h!=null){g.push(h)}var f=new a.DERSequence({array:g});this.hTLV=f.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.SignerInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.EncapsulatedContentInfo=function(c){KJUR.asn1.cms.EncapsulatedContentInfo.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dEContentType=new a.DERObjectIdentifier({name:"data"});this.dEContent=null;this.isDetached=false;this.eContentValueHex=null;this.setContentType=function(e){if(e.match(/^[0-2][.][0-9.]+$/)){this.dEContentType=new a.DERObjectIdentifier({oid:e})}else{this.dEContentType=new a.DERObjectIdentifier({name:e})}};this.setContentValue=function(e){if(typeof e!="undefined"){if(typeof e.hex=="string"){this.eContentValueHex=e.hex}else{if(typeof e.str=="string"){this.eContentValueHex=utf8tohex(e.str)}}}};this.setContentValueHex=function(e){this.eContentValueHex=e};this.setContentValueStr=function(e){this.eContentValueHex=utf8tohex(e)};this.getEncodedHex=function(){if(typeof this.eContentValueHex!="string"){throw"eContentValue not yet set"}var g=new a.DEROctetString({hex:this.eContentValueHex});this.dEContent=new a.DERTaggedObject({obj:g,tag:"a0",explicit:true});var e=[this.dEContentType];if(!this.isDetached){e.push(this.dEContent)}var f=new a.DERSequence({array:e});this.hTLV=f.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.EncapsulatedContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.ContentInfo=function(c){KJUR.asn1.cms.ContentInfo.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dContentType=null;this.dContent=null;this.setContentType=function(e){if(typeof e=="string"){this.dContentType=d.OID.name2obj(e)}};this.getEncodedHex=function(){var f=new a.DERTaggedObject({obj:this.dContent,tag:"a0",explicit:true});var e=new a.DERSequence({array:[this.dContentType,f]});this.hTLV=e.getEncodedHex();return this.hTLV};if(typeof c!="undefined"){if(c.type){this.setContentType(c.type)}if(c.obj&&c.obj instanceof a.ASN1Object){this.dContent=c.obj}}};YAHOO.lang.extend(KJUR.asn1.cms.ContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.SignedData=function(c){KJUR.asn1.cms.SignedData.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dCMSVersion=new a.DERInteger({"int":1});this.dDigestAlgs=null;this.digestAlgNameList=[];this.dEncapContentInfo=new b.EncapsulatedContentInfo();this.dCerts=null;this.certificateList=[];this.crlList=[];this.signerInfoList=[new b.SignerInfo()];this.addCertificatesByPEM=function(e){var f=ASN1HEX.pemToHex(e);var g=new a.ASN1Object();g.hTLV=f;this.certificateList.push(g)};this.getEncodedHex=function(){if(typeof this.hTLV=="string"){return this.hTLV}if(this.dDigestAlgs==null){var k=[];for(var j=0;j0){var l=new a.DERSet({array:this.certificateList});this.dCerts=new a.DERTaggedObject({obj:l,tag:"a0",explicit:false})}}if(this.dCerts!=null){e.push(this.dCerts)}var g=new a.DERSet({array:this.signerInfoList});e.push(g);var f=new a.DERSequence({array:e});this.hTLV=f.getEncodedHex();return this.hTLV};this.getContentInfo=function(){this.getEncodedHex();var e=new b.ContentInfo({type:"signed-data",obj:this});return e};this.getContentInfoEncodedHex=function(){var e=this.getContentInfo();var f=e.getEncodedHex();return f};this.getPEM=function(){var e=this.getContentInfoEncodedHex();var f=a.ASN1Util.getPEMStringFromHex(e,"CMS");return f}};YAHOO.lang.extend(KJUR.asn1.cms.SignedData,KJUR.asn1.ASN1Object);KJUR.asn1.cms.CMSUtil=new function(){};KJUR.asn1.cms.CMSUtil.newSignedData=function(a){var h=KJUR.asn1.cms;var g=KJUR.asn1.cades;var f=new h.SignedData();f.dEncapContentInfo.setContentValue(a.content);if(typeof a.certs=="object"){for(var b=0;b0){var e=new KJUR.asn1.DERSequence({array:this.extensionsArray});var d=new KJUR.asn1.DERSet({array:[e]});var c=new KJUR.asn1.DERSequence({array:[new KJUR.asn1.DERObjectIdentifier({oid:"1.2.840.113549.1.9.14"}),d]});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a0",obj:c});this.asn1Array.push(b)}else{var b=new KJUR.asn1.DERTaggedObject({explicit:false,tag:"a0",obj:new KJUR.asn1.DERNull()});this.asn1Array.push(b)}var f=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=f.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.csr.CertificationRequestInfo,KJUR.asn1.ASN1Object);KJUR.asn1.csr.CSRUtil=new function(){};KJUR.asn1.csr.CSRUtil.newCSRPEM=function(g){var d=KJUR.asn1.csr;if(g.subject===undefined){throw"parameter subject undefined"}if(g.sbjpubkey===undefined){throw"parameter sbjpubkey undefined"}if(g.sigalg===undefined){throw"parameter sigalg undefined"}if(g.sbjprvkey===undefined){throw"parameter sbjpubkey undefined"}var b=new d.CertificationRequestInfo();b.setSubjectByParam(g.subject);b.setSubjectPublicKeyByGetKey(g.sbjpubkey);if(g.ext!==undefined&&g.ext.length!==undefined){for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b15){throw"ASN.1 length too long to represent by 8x: n = "+i.toString(16)}var f=128+g;return f.toString(16)+h}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(this.s)};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(f){utc=f.getTime()+(f.getTimezoneOffset()*60000);var e=new Date(utc);return e};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";this.hTLV="0101ff"};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=(l*2))){break}if(d>=200){break}g.push(b);c=b;d++}return g};ASN1HEX.getPosArrayOfChildren_AtObj=ASN1HEX.getChildIdx;ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getNthChildIndex_AtObj=ASN1HEX.getNthChildIdx;ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){throw"checking tag doesn't match: "+e.substr(d,2)+"!="+i}}return d}f=c.shift();b=g.getChildIdx(e,d);return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getDecendantIndexByNthList=ASN1HEX.getIdxbyList;ASN1HEX.getTLVbyList=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyList(d,c,b);if(a===undefined){throw"can't find nthList object"}if(f!==undefined){if(d.substr(a,2)!=f){throw"checking tag doesn't match: "+d.substr(a,2)+"!="+f}}return e.getTLV(d,a)};ASN1HEX.getDecendantHexTLVByNthList=ASN1HEX.getTLVbyList;ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a===undefined){throw"can't find nthList object"}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getDecendantHexVByNthList=ASN1HEX.getVbyList;ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;if(e.substr(l,2)=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(e.substr(l,2)=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(e.substr(l,2)=="03"){var h=j(e,l);return g+"BITSTRING "+q(h,x)+"\n"}if(e.substr(l,2)=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(e.substr(l,2)=="05"){return g+"NULL\n"}if(e.substr(l,2)=="06"){var m=j(e,l);var a=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(a);var b=a.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+b+")\n"}else{return g+"ObjectIdentifier ("+b+")\n"}}if(e.substr(l,2)=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(e.substr(l,2)=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(e.substr(l,2)=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(e.substr(l,2)=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u0){var m=new f({array:this.extensionsArray});var k=new c({explicit:true,tag:"a3",obj:m});this.asn1Array.push(k)}var n=new f({array:this.asn1Array});this.hTLV=n.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(d){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var f=null,a=KJUR,e=a.asn1,h=e.DERObjectIdentifier,i=e.DEROctetString,b=e.DERBitString,g=e.DERBoolean,c=e.DERSequence;this.getEncodedHex=function(){var m=new h({oid:this.oid});var l=new i({hex:this.getExtnValueHex()});var k=new Array();k.push(m);if(this.critical){k.push(new g())}k.push(l);var j=new c({array:k});return j.getEncodedHex()};this.critical=false;if(typeof d!="undefined"){if(typeof d.critical!="undefined"){this.critical=d.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension.appendByNameToArray=function(e,c,b){var g=e.toLowerCase(),f=KJUR.asn1.x509;if(g=="basicconstraints"){var d=new f.BasicConstraints(c);b.push(d)}else{if(g=="keyusage"){var d=new f.KeyUsage(c);b.push(d)}else{if(g=="crldistributionpoints"){var d=new f.CRLDistributionPoints(c);b.push(d)}else{if(g=="extkeyusage"){var d=new f.ExtKeyUsage(c);b.push(d)}else{if(g=="authoritykeyidentifier"){var d=new f.AuthorityKeyIdentifier(c);b.push(d)}else{if(g=="authorityinfoaccess"){var d=new f.AuthorityInfoAccess(c);b.push(d)}else{if(g=="subjectaltname"){var d=new f.SubjectAltName(c);b.push(d)}else{if(g=="issueraltname"){var d=new f.IssuerAltName(c);b.push(d)}else{throw"unsupported extension name: "+e}}}}}}}}};KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(e){this.asn1ExtnValue=new a.DERSequence({array:e})};this.setByOneURI=function(h){var e=new c.GeneralNames([{uri:h}]);var g=new c.DistributionPointName(e);var f=new c.DistributionPoint({dpobj:g});this.setByDPArray([f])};this.oid="2.5.29.31";if(typeof d!="undefined"){if(typeof d.array!="undefined"){this.setByDPArray(d.array)}else{if(typeof d.uri!="undefined"){this.setByOneURI(d.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(c){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,c);var b=KJUR,a=b.asn1;this.setPurposeArray=function(d){this.asn1ExtnValue=new a.DERSequence();for(var e=0;e0){var h=new b({array:this.aRevokedCert});this.asn1Array.push(h)}var i=new b({array:this.asn1Array});this.hTLV=i.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(e){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var d=null,c=null,b=KJUR,a=b.asn1;this.setCertSerial=function(f){this.sn=new a.DERInteger(f)};this.setRevocationDate=function(f){this.time=new a.x509.Time(f)};this.getEncodedHex=function(){var f=new a.DERSequence({array:[this.sn,this.time]});this.TLV=f.getEncodedHex();return this.TLV};if(e!==undefined){if(e.time!==undefined){this.setRevocationDate(e.time)}if(e.sn!==undefined){this.setCertSerial(e.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(f){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();var d=KJUR,c=d.asn1,e=c.x509,b=pemtohex;this.setByString=function(g){var h=g.split("/");h.shift();for(var j=0;j0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.RDN=function(a){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=new Array();this.addByString=function(b){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:b}))};this.addByMultiValuedString=function(d){var b=KJUR.asn1.x509.RDN.parseString(d);for(var c=0;c0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(d){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);var f=null,e=null,a="utf8",c=KJUR,b=c.asn1;this.setByString=function(h){var g=h.match(/^([^=]+)=(.+)$/);if(g){this.setByAttrTypeAndValueStr(g[1],g[2])}else{throw"malformed attrTypeAndValueStr: "+h}};this.setByAttrTypeAndValueStr=function(i,h){this.typeObj=KJUR.asn1.x509.OID.atype2obj(i);var g=a;if(i=="C"){g="prn"}this.valueObj=this.getValueObj(g,h)};this.getValueObj=function(h,g){if(h=="utf8"){return new b.DERUTF8String({str:g})}if(h=="prn"){return new b.DERPrintableString({str:g})}if(h=="tel"){return new b.DERTeletexString({str:g})}if(h=="ia5"){return new b.DERIA5String({str:g})}throw"unsupported directory string type: type="+h+" value="+g};this.getEncodedHex=function(){var g=new b.DERSequence({array:[this.typeObj,this.valueObj]});this.TLV=g.getEncodedHex();return this.TLV};if(typeof d!="undefined"){if(typeof d.str!="undefined"){this.setByString(d.str)}}};YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var m=null,l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,n=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,p=d.AlgorithmIdentifier,g=a.crypto,o=g.ECDSA,c=g.DSA;this.setRSAKey=function(q){if(!RSAKey.prototype.isPrototypeOf(q)){throw"argument is not RSAKey instance"}this.rsaKey=q;var s=new i({bigint:q.n});var r=new i({"int":q.e});var u=new j.DERSequence({array:[s,r]});var t=u.getEncodedHex();this.asn1AlgId=new j.x509.AlgorithmIdentifier({name:"rsaEncryption"});this.asn1SubjPKey=new j.DERBitString({hex:"00"+t})};this.setRSAPEM=function(t){if(t.match(/-----BEGIN PUBLIC KEY-----/)){var v=pemtohex(t);var s=RSAKey.getHexValueArrayOfChildrenFromHex(v);var r=s[1];var u=r.substr(2);var w=RSAKey.getHexValueArrayOfChildrenFromHex(u);var q=new RSAKey();q.setPublic(w[0],w[1]);this.setRSAKey(q)}else{throw"key not supported"}};this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var q=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return q};this.getEncodedHex=function(){var q=this.getASN1Object();this.hTLV=q.getEncodedHex();return this.hTLV};this._setRSAKey=function(q){var s=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var r=s.getEncodedHex();this.asn1AlgId=new p({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+r})};this._setEC=function(q){var r=new n({name:q.curveName});this.asn1AlgId=new p({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})};this._setDSA=function(q){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new p({name:"dsa",asn1params:r});var s=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+s.getEncodedHex()})};if(typeof f!="undefined"){if(typeof RSAKey!="undefined"&&f instanceof RSAKey){this._setRSAKey(f)}else{if(typeof o!="undefined"&&f instanceof o){this._setEC(f)}else{if(typeof c!="undefined"&&f instanceof c){this._setDSA(f)}else{if(f.rsakey!==undefined){this.setRSAKey(f.rsakey)}else{if(f.rsapem!==undefined){this.setRSAPEM(f.rsapem)}}}}}}};YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.getEncodedHex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.getEncodedHex();return this.TLV};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};YAHOO.lang.extend(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(d){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1;this.getEncodedHex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw"algorithm not specified"}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var e=[this.asn1Alg];if(this.asn1Params!==null){e.push(this.asn1Params)}var f=new a.DERSequence({array:e});this.hTLV=f.getEncodedHex();return this.hTLV};if(d!==undefined){if(d.name!==undefined){this.nameAlg=d.name}if(d.asn1params!==undefined){this.asn1Params=d.asn1params}if(d.paramempty!==undefined){this.paramEmpty=d.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){var c=this.nameAlg.toLowerCase();if(c.substr(-7,7)!=="withdsa"&&c.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralName=function(e){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var k=null,h=null,i={rfc822:"81",dns:"82",dn:"a4",uri:"86"},b=KJUR,f=b.asn1,d=f.DERIA5String,c=f.DERTaggedObject,j=f.ASN1Object,a=f.x509.X500Name,g=pemtohex;this.explicit=false;this.setByParam=function(r){var q=null;var n=null;if(r===undefined){return}if(r.rfc822!==undefined){this.type="rfc822";n=new d({str:r[this.type]})}if(r.dns!==undefined){this.type="dns";n=new d({str:r[this.type]})}if(r.uri!==undefined){this.type="uri";n=new d({str:r[this.type]})}if(r.dn!==undefined){this.type="dn";n=new a({str:r.dn})}if(r.ldapdn!==undefined){this.type="dn";n=new a({ldapstr:r.ldapdn})}if(r.certissuer!==undefined){this.type="dn";this.explicit=true;var o=r.certissuer;var m=null;if(o.match(/^[0-9A-Fa-f]+$/)){m==o}if(o.indexOf("-----BEGIN ")!=-1){m=g(o)}if(m==null){throw"certissuer param not cert"}var l=new X509();l.hex=m;var p=l.getIssuerHex();n=new j();n.hTLV=p}if(r.certsubj!==undefined){this.type="dn";this.explicit=true;var o=r.certsubj;var m=null;if(o.match(/^[0-9A-Fa-f]+$/)){m==o}if(o.indexOf("-----BEGIN ")!=-1){m=g(o)}if(m==null){throw"certsubj param not cert"}var l=new X509();l.hex=m;var p=l.getSubjectHex();n=new j();n.hTLV=p}if(this.type==null){throw"unsupported type in params="+r}this.asn1Obj=new c({explicit:this.explicit,tag:i[this.type],obj:n})};this.getEncodedHex=function(){return this.asn1Obj.getEncodedHex()};if(e!==undefined){this.setByParam(e)}};YAHOO.lang.extend(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e0){r=new b({obj:this.dUnsignedAttrs,tag:"a1",explicit:false})}var q=[this.dCMSVersion,this.dSignerIdentifier,this.dDigestAlgorithm,o,this.dSigAlg,this.dSig,];if(r!=null){q.push(r)}var p=new h.DERSequence({array:q});this.hTLV=p.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.SignerInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.EncapsulatedContentInfo=function(g){var c=KJUR,b=c.asn1,e=b.DERTaggedObject,a=b.DERSequence,h=b.DERObjectIdentifier,d=b.DEROctetString,f=b.cms;f.EncapsulatedContentInfo.superclass.constructor.call(this);this.dEContentType=new h({name:"data"});this.dEContent=null;this.isDetached=false;this.eContentValueHex=null;this.setContentType=function(i){if(i.match(/^[0-2][.][0-9.]+$/)){this.dEContentType=new h({oid:i})}else{this.dEContentType=new h({name:i})}};this.setContentValue=function(i){if(i!==undefined){if(typeof i.hex=="string"){this.eContentValueHex=i.hex}else{if(typeof i.str=="string"){this.eContentValueHex=utf8tohex(i.str)}}}};this.setContentValueHex=function(i){this.eContentValueHex=i};this.setContentValueStr=function(i){this.eContentValueHex=utf8tohex(i)};this.getEncodedHex=function(){if(typeof this.eContentValueHex!="string"){throw"eContentValue not yet set"}var k=new d({hex:this.eContentValueHex});this.dEContent=new e({obj:k,tag:"a0",explicit:true});var i=[this.dEContentType];if(!this.isDetached){i.push(this.dEContent)}var j=new a({array:i});this.hTLV=j.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.EncapsulatedContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.ContentInfo=function(f){var c=KJUR,b=c.asn1,d=b.DERTaggedObject,a=b.DERSequence,e=b.x509;KJUR.asn1.cms.ContentInfo.superclass.constructor.call(this);this.dContentType=null;this.dContent=null;this.setContentType=function(g){if(typeof g=="string"){this.dContentType=e.OID.name2obj(g)}};this.getEncodedHex=function(){var h=new d({obj:this.dContent,tag:"a0",explicit:true});var g=new a({array:[this.dContentType,h]});this.hTLV=g.getEncodedHex();return this.hTLV};if(f!==undefined){if(f.type){this.setContentType(f.type)}if(f.obj&&f.obj instanceof b.ASN1Object){this.dContent=f.obj}}};YAHOO.lang.extend(KJUR.asn1.cms.ContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.SignedData=function(e){var a=KJUR,h=a.asn1,j=h.ASN1Object,g=h.DERInteger,m=h.DERSet,f=h.DERSequence,b=h.DERTaggedObject,l=h.cms,i=l.EncapsulatedContentInfo,d=l.SignerInfo,n=l.ContentInfo,c=h.x509,k=c.AlgorithmIdentifier;KJUR.asn1.cms.SignedData.superclass.constructor.call(this);this.dCMSVersion=new g({"int":1});this.dDigestAlgs=null;this.digestAlgNameList=[];this.dEncapContentInfo=new i();this.dCerts=null;this.certificateList=[];this.crlList=[];this.signerInfoList=[new d()];this.addCertificatesByPEM=function(p){var q=pemtohex(p);var r=new j();r.hTLV=q;this.certificateList.push(r)};this.getEncodedHex=function(){if(typeof this.hTLV=="string"){return this.hTLV}if(this.dDigestAlgs==null){var u=[];for(var t=0;t0){var v=new m({array:this.certificateList});this.dCerts=new b({obj:v,tag:"a0",explicit:false})}}if(this.dCerts!=null){p.push(this.dCerts)}var r=new m({array:this.signerInfoList});p.push(r);var q=new f({array:p});this.hTLV=q.getEncodedHex();return this.hTLV};this.getContentInfo=function(){this.getEncodedHex();var o=new n({type:"signed-data",obj:this});return o};this.getContentInfoEncodedHex=function(){var o=this.getContentInfo();var p=o.getEncodedHex();return p};this.getPEM=function(){return hextopem(this.getContentInfoEncodedHex(),"CMS")}};YAHOO.lang.extend(KJUR.asn1.cms.SignedData,KJUR.asn1.ASN1Object);KJUR.asn1.cms.CMSUtil=new function(){};KJUR.asn1.cms.CMSUtil.newSignedData=function(d){var b=KJUR,j=b.asn1,q=j.cms,f=q.SignerInfo,n=q.SignedData,o=q.SigningTime,a=q.SigningCertificate,p=q.SigningCertificateV2,c=j.cades,e=c.SignaturePolicyIdentifier;var m=new n();m.dEncapContentInfo.setContentValue(d.content);if(typeof d.certs=="object"){for(var h=0;h0){var s=new f({array:this.extensionsArray});var r=new m({array:[s]});var q=new f({array:[new k({oid:"1.2.840.113549.1.9.14"}),r]});var p=new c({explicit:true,tag:"a0",obj:q});this.asn1Array.push(p)}else{var p=new c({explicit:false,tag:"a0",obj:new j()});this.asn1Array.push(p)}var t=new f({array:this.asn1Array});this.hTLV=t.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.csr.CertificationRequestInfo,KJUR.asn1.ASN1Object);KJUR.asn1.csr.CSRUtil=new function(){};KJUR.asn1.csr.CSRUtil.newCSRPEM=function(h){var c=KEYUTIL,b=KJUR.asn1.csr;if(h.subject===undefined){throw"parameter subject undefined"}if(h.sbjpubkey===undefined){throw"parameter sbjpubkey undefined"}if(h.sigalg===undefined){throw"parameter sigalg undefined"}if(h.sbjprvkey===undefined){throw"parameter sbjpubkey undefined"}var d=new b.CertificationRequestInfo();d.setSubjectByParam(h.subject);d.setSubjectPublicKeyByGetKey(h.sbjpubkey);if(h.ext!==undefined&&h.ext.length!==undefined){for(var e=0;e"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f=0;--p){q=q.twice2D();q.z=BigInteger.ONE;if(o.testBit(p)){if(n.testBit(p)){q=q.add2D(t)}else{q=q.add2D(s)}}else{if(n.testBit(p)){q=q.add2D(r)}}}return q}this.getBigRandom=function(i){return new BigInteger(i.bitLength(),a).mod(i.subtract(BigInteger.ONE)).add(BigInteger.ONE)};this.setNamedCurve=function(i){this.ecparams=KJUR.crypto.ECParameterDB.getByName(i);this.prvKeyHex=null;this.pubKeyHex=null;this.curveName=i};this.setPrivateKeyHex=function(i){this.isPrivate=true;this.prvKeyHex=i};this.setPublicKeyHex=function(i){this.isPublic=true;this.pubKeyHex=i};this.getPublicKeyXYHex=function(){var k=this.pubKeyHex;if(k.substr(0,2)!=="04"){throw"this method supports uncompressed format(04) only"}var j=this.ecparams.keylen/4;if(k.length!==2+j*2){throw"malformed public key hex length"}var i={};i.x=k.substr(2,j);i.y=k.substr(2+j);return i};this.getShortNISTPCurveName=function(){var i=this.curveName;if(i==="secp256r1"||i==="NIST P-256"||i==="P-256"||i==="prime256v1"){return"P-256"}if(i==="secp384r1"||i==="NIST P-384"||i==="P-384"){return"P-384"}return null};this.generateKeyPairHex=function(){var k=this.ecparams.n;var n=this.getBigRandom(k);var l=this.ecparams.G.multiply(n);var q=l.getX().toBigInteger();var o=l.getY().toBigInteger();var i=this.ecparams.keylen/4;var m=("0000000000"+n.toString(16)).slice(-i);var r=("0000000000"+q.toString(16)).slice(-i);var p=("0000000000"+o.toString(16)).slice(-i);var j="04"+r+p;this.setPrivateKeyHex(m);this.setPublicKeyHex(j);return{ecprvhex:m,ecpubhex:j}};this.signWithMessageHash=function(i){return this.signHex(i,this.prvKeyHex)};this.signHex=function(o,j){var t=new BigInteger(j,16);var l=this.ecparams.n;var q=new BigInteger(o,16);do{var m=this.getBigRandom(l);var u=this.ecparams.G;var p=u.multiply(m);var i=p.getX().toBigInteger().mod(l)}while(i.compareTo(BigInteger.ZERO)<=0);var v=m.modInverse(l).multiply(q.add(t.multiply(i))).mod(l);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(i,v)};this.sign=function(m,u){var q=u;var j=this.ecparams.n;var p=BigInteger.fromByteArrayUnsigned(m);do{var l=this.getBigRandom(j);var t=this.ecparams.G;var o=t.multiply(l);var i=o.getX().toBigInteger().mod(j)}while(i.compareTo(BigInteger.ZERO)<=0);var v=l.modInverse(j).multiply(p.add(q.multiply(i))).mod(j);return this.serializeSig(i,v)};this.verifyWithMessageHash=function(j,i){return this.verifyHex(j,i,this.pubKeyHex)};this.verifyHex=function(m,i,p){var l,j;var o=KJUR.crypto.ECDSA.parseSigHex(i);l=o.r;j=o.s;var k;k=ECPointFp.decodeFromHex(this.ecparams.curve,p);var n=new BigInteger(m,16);return this.verifyRaw(n,l,j,k)};this.verify=function(o,p,j){var l,i;if(Bitcoin.Util.isArray(p)){var n=this.parseSig(p);l=n.r;i=n.s}else{if("object"===typeof p&&p.r&&p.s){l=p.r;i=p.s}else{throw"Invalid value for signature"}}var k;if(j instanceof ECPointFp){k=j}else{if(Bitcoin.Util.isArray(j)){k=ECPointFp.decodeFrom(this.ecparams.curve,j)}else{throw"Invalid format for pubkey value, must be byte array or ECPointFp"}}var m=BigInteger.fromByteArrayUnsigned(o);return this.verifyRaw(m,l,i,k)};this.verifyRaw=function(o,i,w,m){var l=this.ecparams.n;var u=this.ecparams.G;if(i.compareTo(BigInteger.ONE)<0||i.compareTo(l)>=0){return false}if(w.compareTo(BigInteger.ONE)<0||w.compareTo(l)>=0){return false}var p=w.modInverse(l);var k=o.multiply(p).mod(l);var j=i.multiply(p).mod(l);var q=u.multiply(k).add(m.multiply(j));var t=q.getX().toBigInteger().mod(l);return t.equals(i)};this.serializeSig=function(k,j){var l=k.toByteArraySigned();var i=j.toByteArraySigned();var m=[];m.push(2);m.push(l.length);m=m.concat(l);m.push(2);m.push(i.length);m=m.concat(i);m.unshift(m.length);m.unshift(48);return m};this.parseSig=function(n){var m;if(n[0]!=48){throw new Error("Signature not a valid DERSequence")}m=2;if(n[m]!=2){throw new Error("First element in signature must be a DERInteger")}var l=n.slice(m+2,m+2+n[m+1]);m+=2+n[m+1];if(n[m]!=2){throw new Error("Second element in signature must be a DERInteger")}var i=n.slice(m+2,m+2+n[m+1]);m+=2+n[m+1];var k=BigInteger.fromByteArrayUnsigned(l);var j=BigInteger.fromByteArrayUnsigned(i);return{r:k,s:j}};this.parseSigCompact=function(m){if(m.length!==65){throw"Signature has the wrong length"}var j=m[0]-27;if(j<0||j>7){throw"Invalid signature type"}var o=this.ecparams.n;var l=BigInteger.fromByteArrayUnsigned(m.slice(1,33)).mod(o);var k=BigInteger.fromByteArrayUnsigned(m.slice(33,65)).mod(o);return{r:l,s:k,i:j}};this.readPKCS5PrvKeyHex=function(l){var n=ASN1HEX;var m=KJUR.crypto.ECDSA.getName;var p=n.getVbyList;if(n.isASN1HEX(l)===false){throw"not ASN.1 hex string"}var i,k,o;try{i=p(l,0,[2,0],"06");k=p(l,0,[1],"04");try{o=p(l,0,[3,0],"03").substr(2)}catch(j){}}catch(j){throw"malformed PKCS#1/5 plain ECC private key"}this.curveName=m(i);if(this.curveName===undefined){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(o);this.setPrivateKeyHex(k);this.isPublic=false};this.readPKCS8PrvKeyHex=function(l){var q=ASN1HEX;var i=KJUR.crypto.ECDSA.getName;var n=q.getVbyList;if(q.isASN1HEX(l)===false){throw"not ASN.1 hex string"}var j,p,m,k;try{j=n(l,0,[1,0],"06");p=n(l,0,[1,1],"06");m=n(l,0,[2,0,1],"04");try{k=n(l,0,[2,0,2,0],"03").substr(2)}catch(o){}}catch(o){throw"malformed PKCS#8 plain ECC private key"}this.curveName=i(p);if(this.curveName===undefined){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(k);this.setPrivateKeyHex(m);this.isPublic=false};this.readPKCS8PubKeyHex=function(l){var n=ASN1HEX;var m=KJUR.crypto.ECDSA.getName;var p=n.getVbyList;if(n.isASN1HEX(l)===false){throw"not ASN.1 hex string"}var k,i,o;try{k=p(l,0,[0,0],"06");i=p(l,0,[0,1],"06");o=p(l,0,[1],"03").substr(2)}catch(j){throw"malformed PKCS#8 ECC public key"}this.curveName=m(i);if(this.curveName===null){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(o)};this.readCertPubKeyHex=function(k,p){if(p!==5){p=6}var m=ASN1HEX;var l=KJUR.crypto.ECDSA.getName;var o=m.getVbyList;if(m.isASN1HEX(k)===false){throw"not ASN.1 hex string"}var i,n;try{i=o(k,0,[0,p,0,1],"06");n=o(k,0,[0,p,1],"03").substr(2)}catch(j){throw"malformed X.509 certificate ECC public key"}this.curveName=l(i);if(this.curveName===null){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(n)};if(h!==undefined){if(h.curve!==undefined){this.curveName=h.curve}}if(this.curveName===undefined){this.curveName=e}this.setNamedCurve(this.curveName);if(h!==undefined){if(h.prv!==undefined){this.setPrivateKeyHex(h.prv)}if(h.pub!==undefined){this.setPublicKeyHex(h.pub)}}};KJUR.crypto.ECDSA.parseSigHex=function(a){var b=KJUR.crypto.ECDSA.parseSigHexInHexRS(a);var d=new BigInteger(b.r,16);var c=new BigInteger(b.s,16);return{r:d,s:c}};KJUR.crypto.ECDSA.parseSigHexInHexRS=function(f){var j=ASN1HEX;var i=j.getChildIdx;var g=j.getV;if(f.substr(0,2)!="30"){throw"signature is not a ASN.1 sequence"}var h=i(f,0);if(h.length!=2){throw"number of signature ASN.1 sequence elements seem wrong"}var e=h[0];var d=h[1];if(f.substr(e,2)!="02"){throw"1st item of sequene of signature is not ASN.1 integer"}if(f.substr(d,2)!="02"){throw"2nd item of sequene of signature is not ASN.1 integer"}var c=g(f,e);var b=g(f,d);return{r:c,s:b}};KJUR.crypto.ECDSA.asn1SigToConcatSig=function(c){var d=KJUR.crypto.ECDSA.parseSigHexInHexRS(c);var b=d.r;var a=d.s;if(b.substr(0,2)=="00"&&(((b.length/2)*8)%(16*8))==8){b=b.substr(2)}if(a.substr(0,2)=="00"&&(((a.length/2)*8)%(16*8))==8){a=a.substr(2)}if((((b.length/2)*8)%(16*8))!=0){throw"unknown ECDSA sig r length error"}if((((a.length/2)*8)%(16*8))!=0){throw"unknown ECDSA sig s length error"}return b+a};KJUR.crypto.ECDSA.concatSigToASN1Sig=function(a){if((((a.length/2)*8)%(16*8))!=0){throw"unknown ECDSA concatinated r-s sig length error"}var c=a.substr(0,a.length/2);var b=a.substr(a.length/2);return KJUR.crypto.ECDSA.hexRSSigToASN1Sig(c,b)};KJUR.crypto.ECDSA.hexRSSigToASN1Sig=function(b,a){var d=new BigInteger(b,16);var c=new BigInteger(a,16);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(d,c)};KJUR.crypto.ECDSA.biRSSigToASN1Sig=function(f,d){var c=KJUR.asn1;var b=new c.DERInteger({bigint:f});var a=new c.DERInteger({bigint:d});var e=new c.DERSequence({array:[b,a]});return e.getEncodedHex()};KJUR.crypto.ECDSA.getName=function(a){if(a==="2a8648ce3d030107"){return"secp256r1"}if(a==="2b8104000a"){return"secp256k1"}if(a==="2b81040022"){return"secp384r1"}if("|secp256r1|NIST P-256|P-256|prime256v1|".indexOf(a)!==-1){return"secp256r1"}if("|secp256k1|".indexOf(a)!==-1){return"secp256k1"}if("|secp384r1|NIST P-384|P-384|".indexOf(a)!==-1){return"secp384r1"}return null}; -/*! ecparam-1.0.0.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license - */ if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.ECParameterDB=new function(){var b={};var c={};function a(d){return new BigInteger(d,16)}this.getByName=function(e){var d=e;if(typeof c[d]!="undefined"){d=c[e]}if(typeof b[d]!="undefined"){return b[d]}throw"unregistered EC curve name: "+d};this.regist=function(A,l,o,g,m,e,j,f,k,u,d,x){b[A]={};var s=a(o);var z=a(g);var y=a(m);var t=a(e);var w=a(j);var r=new ECCurveFp(s,z,y);var q=r.decodePointHex("04"+f+k);b[A]["name"]=A;b[A]["keylen"]=l;b[A]["curve"]=r;b[A]["G"]=q;b[A]["n"]=t;b[A]["h"]=w;b[A]["oid"]=d;b[A]["info"]=x;for(var v=0;v1){g=new BigInteger(i,16)}else{g=null}h=new BigInteger(j,16);this.setPrivate(c,a,e,g,h)};this.setPublic=function(c,b,a,d){this.isPublic=true;this.p=c;this.q=b;this.g=a;this.y=d;this.x=null};this.setPublicHex=function(f,e,d,g){var b,a,h,c;b=new BigInteger(f,16);a=new BigInteger(e,16);h=new BigInteger(d,16);c=new BigInteger(g,16);this.setPublic(b,a,h,c)};this.signWithMessageHash=function(d){var c=this.p;var b=this.q;var f=this.g;var i=this.y;var j=this.x;var e=KJUR.crypto.Util.getRandomBigIntegerMinToMax(BigInteger.ONE.add(BigInteger.ONE),b.subtract(BigInteger.ONE));var l=d.substr(0,b.bitLength()/4);var h=new BigInteger(l,16);var a=(f.modPow(e,c)).mod(b);var n=(e.modInverse(b).multiply(h.add(j.multiply(a)))).mod(b);var m=KJUR.asn1.ASN1Util.jsonToASN1HEX({seq:[{"int":{bigint:a}},{"int":{bigint:n}}]});return m};this.verifyWithMessageHash=function(h,f){var d=this.p;var b=this.q;var j=this.g;var l=this.y;var i=this.parseASN1Signature(f);var a=i[0];var t=i[1];var o=h.substr(0,b.bitLength()/4);var k=new BigInteger(o,16);if(BigInteger.ZERO.compareTo(a)>0||a.compareTo(b)>0){throw"invalid DSA signature"}if(BigInteger.ZERO.compareTo(t)>=0||t.compareTo(b)>0){throw"invalid DSA signature"}var m=t.modInverse(b);var e=k.multiply(m).mod(b);var c=a.multiply(m).mod(b);var n=j.modPow(e,d).multiply(l.modPow(c,d)).mod(d).mod(b);return n.compareTo(a)==0};this.parseASN1Signature=function(a){try{var d=new BigInteger(ASN1HEX.getVbyList(a,0,[0],"02"),16);var c=new BigInteger(ASN1HEX.getVbyList(a,0,[1],"02"),16);return[d,c]}catch(b){throw"malformed ASN.1 DSA signature"}};this.readPKCS5PrvKeyHex=function(c){var b,a,f,g,i;var j=ASN1HEX;var d=j.getVbyList;if(j.isASN1HEX(c)===false){throw"not ASN.1 hex string"}try{b=d(c,0,[1],"02");a=d(c,0,[2],"02");f=d(c,0,[3],"02");g=d(c,0,[4],"02");i=d(c,0,[5],"02")}catch(e){console.log("EXCEPTION:"+e);throw"malformed PKCS#1/5 plain DSA private key"}this.setPrivateHex(b,a,f,g,i)};this.readPKCS8PrvKeyHex=function(d){var f,c,b,g;var e=ASN1HEX;var i=e.getVbyList;if(e.isASN1HEX(d)===false){throw"not ASN.1 hex string"}try{f=i(d,0,[1,1,0],"02");c=i(d,0,[1,1,1],"02");b=i(d,0,[1,1,2],"02");g=i(d,0,[2,0],"02")}catch(a){console.log("EXCEPTION:"+a);throw"malformed PKCS#8 plain DSA private key"}this.setPrivateHex(f,c,b,null,g)};this.readPKCS8PubKeyHex=function(d){var f,c,b,g;var e=ASN1HEX;var i=e.getVbyList;if(e.isASN1HEX(d)===false){throw"not ASN.1 hex string"}try{f=i(d,0,[0,1,0],"02");c=i(d,0,[0,1,1],"02");b=i(d,0,[0,1,2],"02");g=i(d,0,[1,0],"02")}catch(a){console.log("EXCEPTION:"+a);throw"malformed PKCS#8 DSA public key"}this.setPublicHex(f,c,b,g)};this.readCertPubKeyHex=function(c,f){if(f!==5){f=6}var b,a,g,i;var j=ASN1HEX;var d=j.getVbyList;if(j.isASN1HEX(c)===false){throw"not ASN.1 hex string"}try{b=d(c,0,[0,f,0,1,0],"02");a=d(c,0,[0,f,0,1,1],"02");g=d(c,0,[0,f,0,1,2],"02");i=d(c,0,[0,f,1,0],"02")}catch(e){console.log("EXCEPTION:"+e);throw"malformed X.509 certificate DSA public key"}this.setPublicHex(b,a,g,i)}}; -/*! pkcs5pkey-1.1.1.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -var PKCS5PKEY=function(){var c=function(n,p,o){return i(CryptoJS.AES,n,p,o)};var d=function(n,p,o){return i(CryptoJS.TripleDES,n,p,o)};var i=function(q,v,s,o){var p=CryptoJS.enc.Hex.parse(v);var u=CryptoJS.enc.Hex.parse(s);var n=CryptoJS.enc.Hex.parse(o);var r={};r.key=u;r.iv=n;r.ciphertext=p;var t=q.decrypt(r,u,{iv:n});return CryptoJS.enc.Hex.stringify(t)};var j=function(n,p,o){return e(CryptoJS.AES,n,p,o)};var m=function(n,p,o){return e(CryptoJS.TripleDES,n,p,o)};var e=function(s,x,v,p){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(v);var o=CryptoJS.enc.Hex.parse(p);var n={};var u=s.encrypt(r,w,{iv:o});var q=CryptoJS.enc.Hex.parse(u.toString());var t=CryptoJS.enc.Base64.stringify(q);return t};var g={"AES-256-CBC":{proc:c,eproc:j,keylen:32,ivlen:16},"AES-192-CBC":{proc:c,eproc:j,keylen:24,ivlen:16},"AES-128-CBC":{proc:c,eproc:j,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:d,eproc:m,keylen:24,ivlen:8}};var b=function(n){return g[n]["proc"]};var k=function(n){var p=CryptoJS.lib.WordArray.random(n);var o=CryptoJS.enc.Hex.stringify(p);return o};var l=function(t){var u={};var o=t.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(o){u.cipher=o[1];u.ivsalt=o[2]}var n=t.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(n){u.type=n[1]}var r=-1;var v=0;if(t.indexOf("\r\n\r\n")!=-1){r=t.indexOf("\r\n\r\n");v=2}if(t.indexOf("\n\n")!=-1){r=t.indexOf("\n\n");v=1}var q=t.indexOf("-----END");if(r!=-1&&q!=-1){var p=t.substring(r+v*2,q-v);p=p.replace(/\s+/g,"");u.data=p}return u};var h=function(o,w,n){var t=n.substring(0,16);var r=CryptoJS.enc.Hex.parse(t);var p=CryptoJS.enc.Utf8.parse(w);var s=g[o]["keylen"]+g[o]["ivlen"];var v="";var u=null;for(;;){var q=CryptoJS.algo.MD5.create();if(u!=null){q.update(u)}q.update(p);q.update(r);u=q.finalize();v=v+CryptoJS.enc.Hex.stringify(u);if(v.length>=s*2){break}}var x={};x.keyhex=v.substr(0,g[o]["keylen"]*2);x.ivhex=v.substr(g[o]["keylen"]*2,g[o]["ivlen"]*2);return x};var a=function(n,t,p,u){var q=CryptoJS.enc.Base64.parse(n);var o=CryptoJS.enc.Hex.stringify(q);var s=g[t]["proc"];var r=s(o,p,u);return r};var f=function(n,q,o,s){var p=g[q]["eproc"];var r=p(n,o,s);return r};return{version:"1.0.5",getHexFromPEM:function(n,o){return ASN1HEX.pemToHex(n,o)},getDecryptedKeyHexByKeyIV:function(o,r,q,p){var n=b(r);return n(o,q,p)},parsePKCS5PEM:function(n){return l(n)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(o,n,p){return h(o,n,p)},decryptKeyB64:function(n,p,o,q){return a(n,p,o,q)},getDecryptedKeyHex:function(w,v){var o=l(w);var r=o.type;var p=o.cipher;var n=o.ivsalt;var q=o.data;var u=h(p,v,n);var t=u.keyhex;var s=a(q,p,t,n);return s},getRSAKeyFromEncryptedPKCS5PEM:function(p,o){var q=this.getDecryptedKeyHex(p,o);var n=new RSAKey();n.readPrivateKeyFromASN1HexString(q);return n},getEncryptedPKCS5PEMFromPrvKeyHex:function(q,x,r,p){if(typeof r=="undefined"||r==null){r="AES-256-CBC"}if(typeof g[r]=="undefined"){throw"PKCS5PKEY unsupported algorithm: "+r}if(typeof p=="undefined"||p==null){var t=g[r]["ivlen"];var s=k(t);p=s.toUpperCase()}var w=h(r,x,p);var v=w.keyhex;var u=f(q,r,v,p);var o=u.replace(/(.{64})/g,"$1\r\n");var n="-----BEGIN RSA PRIVATE KEY-----\r\n";n+="Proc-Type: 4,ENCRYPTED\r\n";n+="DEK-Info: "+r+","+p+"\r\n";n+="\r\n";n+=o;n+="\r\n-----END RSA PRIVATE KEY-----\r\n";return n},getEncryptedPKCS5PEMFromRSAKey:function(C,D,o,s){var A=new KJUR.asn1.DERInteger({"int":0});var v=new KJUR.asn1.DERInteger({bigint:C.n});var z=new KJUR.asn1.DERInteger({"int":C.e});var B=new KJUR.asn1.DERInteger({bigint:C.d});var t=new KJUR.asn1.DERInteger({bigint:C.p});var r=new KJUR.asn1.DERInteger({bigint:C.q});var y=new KJUR.asn1.DERInteger({bigint:C.dmp1});var u=new KJUR.asn1.DERInteger({bigint:C.dmq1});var x=new KJUR.asn1.DERInteger({bigint:C.coeff});var E=new KJUR.asn1.DERSequence({array:[A,v,z,B,t,r,y,u,x]});var w=E.getEncodedHex();return this.getEncryptedPKCS5PEMFromPrvKeyHex(w,D,o,s)},newEncryptedPKCS5PEM:function(n,o,r,s){if(typeof o=="undefined"||o==null){o=1024}if(typeof r=="undefined"||r==null){r="10001"}var p=new RSAKey();p.generate(o,r);var q=null;if(typeof s=="undefined"||s==null){q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n)}else{q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n,s)}return q},getRSAKeyFromPlainPKCS8PEM:function(p){if(p.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var o=ASN1HEX.pemToHex(p,"PRIVATE KEY");var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getRSAKeyFromPlainPKCS8Hex:function(o){var n=new RSAKey();n.readPKCS8PrvKeyHex(o);return n},parseHexOfEncryptedPKCS8:function(w){var z=ASN1HEX;var x=z.getChildIdx;var u=z.getV;var r={};var p=x(w,0);if(p.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+p.length}r.ciphertext=u(w,p[1]);var y=x(w,p[0]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+y.length}if(u(w,y[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var n=x(w,y[1]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+n.length}var o=x(w,n[1]);if(o.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+o.length}if(u(w,o[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}r.encryptionSchemeAlg="TripleDES";r.encryptionSchemeIV=u(w,o[1]);var q=x(w,n[0]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+q.length}if(u(w,q[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var v=x(w,q[1]);if(v.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+v.length}r.pbkdf2Salt=u(w,v[0]);var s=u(w,v[1]);try{r.pbkdf2Iter=parseInt(s,16)}catch(t){throw"malformed format pbkdf2Iter: "+s}return r},getPBKDF2KeyHexFromParam:function(s,n){var r=CryptoJS.enc.Hex.parse(s.pbkdf2Salt);var o=s.pbkdf2Iter;var q=CryptoJS.PBKDF2(n,r,{keySize:192/32,iterations:o});var p=CryptoJS.enc.Hex.stringify(q);return p},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(v,w){var p=ASN1HEX.pemToHex(v,"ENCRYPTED PRIVATE KEY");var n=this.parseHexOfEncryptedPKCS8(p);var s=PKCS5PKEY.getPBKDF2KeyHexFromParam(n,w);var t={};t.ciphertext=CryptoJS.enc.Hex.parse(n.ciphertext);var r=CryptoJS.enc.Hex.parse(s);var q=CryptoJS.enc.Hex.parse(n.encryptionSchemeIV);var u=CryptoJS.TripleDES.decrypt(t,r,{iv:q});var o=CryptoJS.enc.Hex.stringify(u);return o},getRSAKeyFromEncryptedPKCS8PEM:function(q,p){var o=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,p);var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getKeyFromEncryptedPKCS8PEM:function(q,o){var n=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,o);var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},parsePlainPrivatePKCS8Hex:function(q){var t=ASN1HEX;var s=t.getChildIdx;var r=t.getV;var o={};o.algparam=null;if(q.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var p=s(q,0);if(p.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(q.substr(p[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var n=s(q,p[1]);if(n.length!=2){throw"malformed PKCS8 private key(code:004)"}if(q.substr(n[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}o.algoid=r(q,n[0]);if(q.substr(n[1],2)=="06"){o.algparam=r(q,n[1])}if(q.substr(p[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}o.keyidx=t.getVidx(q,p[2]);return o},getKeyFromPlainPrivatePKCS8PEM:function(o){var n=ASN1HEX.pemToHex(o,"PRIVATE KEY");var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},getKeyFromPlainPrivatePKCS8Hex:function(n){var o=this.parsePlainPrivatePKCS8Hex(n);var p;if(o.algoid=="2a864886f70d010101"){p=new RSAKey()}else{if(o.algoid=="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(o.algoid=="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}p.readPKCS8PrvKeyHex(n);return p},getRSAKeyFromPublicPKCS8PEM:function(o){var p=ASN1HEX.pemToHex(o,"PUBLIC KEY");var n=this.getRSAKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8PEM:function(o){var p=ASN1HEX.pemToHex(o,"PUBLIC KEY");var n=this.getKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8Hex:function(o){var n;var p=ASN1HEX.getVbyList(o,0,[0,0],"06");if(p==="2a864886f70d010101"){n=new RSAKey()}else{if(p==="2a8648ce380401"){n=new KJUR.crypto.DSA()}else{if(p==="2a8648ce3d0201"){n=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}n.readPKCS8PubKeyHex(o);return n},parsePublicRawRSAKeyHex:function(p){var s=ASN1HEX;var r=s.getChildIdx;var q=s.getV;var n={};if(p.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var o=r(p,0);if(o.length!=2){throw"malformed RSA key(code:002)"}if(p.substr(o[0],2)!="02"){throw"malformed RSA key(code:003)"}n.n=q(p,o[0]);if(p.substr(o[1],2)!="02"){throw"malformed RSA key(code:004)"}n.e=q(p,o[1]);return n},parsePrivateRawRSAKeyHexAtObj:function(o,t){var s=ASN1HEX;var r=s.getChildIdx;var p=s.getV;var q=s.getIdxbyList(o,0,[2,0]);var n=r(o,q);if(n.length!==9){throw"malformed PKCS#8 plain RSA private key"}t.key={};t.key.n=p(o,n[1]);t.key.e=p(o,n[2]);t.key.d=p(o,n[3]);t.key.p=p(o,n[4]);t.key.q=p(o,n[5]);t.key.dp=p(o,n[6]);t.key.dq=p(o,n[7]);t.key.co=p(o,n[8])},parsePrivateRawECKeyHexAtObj:function(n,q){var o=q.keyidx;var p=new KJUR.crypto.ECDSA();p.readPKCS8PrvKeyHex(n);q.key=p.prvKeyHex;q.pubkey=p.pubKeyHex},parsePublicPKCS8Hex:function(r){var t=ASN1HEX;var s=t.getChildIdx;var q=t.getV;var o={};o.algparam=null;var p=s(r,0);if(p.length!=2){throw"outer DERSequence shall have 2 elements: "+p.length}var u=p[0];if(r.substr(u,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var n=s(r,u);if(n.length!=2){throw"malformed PKCS8 public key(code:002)"}if(r.substr(n[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}o.algoid=q(r,n[0]);if(r.substr(n[1],2)=="06"){o.algparam=q(r,n[1])}else{if(r.substr(n[1],2)=="30"){o.algparam={};o.algparam.p=t.getVbyList(r,n[1],[0],"02");o.algparam.q=t.getVbyList(r,n[1],[1],"02");o.algparam.g=t.getVbyList(r,n[1],[2],"02")}}if(r.substr(p[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}o.key=q(r,p[1]).substr(2);return o},getRSAKeyFromPublicPKCS8Hex:function(n){var o=new RSAKey();o.readPKCS8PubKeyHex(n);return o},}}(); -/*! keyutil-1.1.1.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(v){var w={};var q=v.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(q){w.cipher=q[1];w.ivsalt=q[2]}var p=v.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(p){w.type=p[1]}var u=-1;var x=0;if(v.indexOf("\r\n\r\n")!=-1){u=v.indexOf("\r\n\r\n");x=2}if(v.indexOf("\n\n")!=-1){u=v.indexOf("\n\n");x=1}var t=v.indexOf("-----END");if(u!=-1&&t!=-1){var r=v.substring(u+x*2,t-x);r=r.replace(/\s+/g,"");w.data=r}return w};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",getHexFromPEM:function(p,q){return ASN1HEX.pemToHex(p,q)},getDecryptedKeyHexByKeyIV:function(q,t,s,r){var p=c(t);return p(q,s,r)},parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getRSAKeyFromEncryptedPKCS5PEM:function(r,q){var s=this.getDecryptedKeyHex(r,q);var p=new RSAKey();p.readPrivateKeyFromASN1HexString(s);return p},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},getEncryptedPKCS5PEMFromRSAKey:function(D,E,r,t){var B=new KJUR.asn1.DERInteger({"int":0});var w=new KJUR.asn1.DERInteger({bigint:D.n});var A=new KJUR.asn1.DERInteger({"int":D.e});var C=new KJUR.asn1.DERInteger({bigint:D.d});var u=new KJUR.asn1.DERInteger({bigint:D.p});var s=new KJUR.asn1.DERInteger({bigint:D.q});var z=new KJUR.asn1.DERInteger({bigint:D.dmp1});var v=new KJUR.asn1.DERInteger({bigint:D.dmq1});var y=new KJUR.asn1.DERInteger({bigint:D.coeff});var F=new KJUR.asn1.DERSequence({array:[B,w,A,C,u,s,z,v,y]});var x=F.getEncodedHex();return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",x,E,r,t)},newEncryptedPKCS5PEM:function(p,q,t,u){if(typeof q=="undefined"||q==null){q=1024}if(typeof t=="undefined"||t==null){t="10001"}var r=new RSAKey();r.generate(q,t);var s=null;if(typeof u=="undefined"||u==null){s=this.getEncryptedPKCS5PEMFromRSAKey(r,p)}else{s=this.getEncryptedPKCS5PEMFromRSAKey(r,p,u)}return s},getRSAKeyFromPlainPKCS8PEM:function(r){if(r.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var q=ASN1HEX.pemToHex(r,"PRIVATE KEY");var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getRSAKeyFromPlainPKCS8Hex:function(q){var p=new RSAKey();p.readPKCS8PrvKeyHex(q);return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+A.length}if(w(y,A[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=z(y,A[1]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=z(y,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length}if(w(y,s[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=z(y,s[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=ASN1HEX.pemToHex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getRSAKeyFromEncryptedPKCS8PEM:function(s,r){var q=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,r);var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=u(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=u(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=ASN1HEX.pemToHex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}r.readPKCS8PrvKeyHex(p);return r},getRSAKeyFromPublicPKCS8PEM:function(q){var r=ASN1HEX.pemToHex(q,"PUBLIC KEY");var p=this.getRSAKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8PEM:function(q){var r=ASN1HEX.pemToHex(q,"PUBLIC KEY");var p=this.getKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=t(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=s(r,q[1]);return p},parsePrivateRawRSAKeyHexAtObj:function(q,v){var u=ASN1HEX;var t=u.getChildIdx;var r=u.getV;var s=u.getIdxbyList(q,0,[2,0]);var p=t(q,s);if(p.length!==9){throw"malformed PKCS#8 plain RSA private key"}v.key={};v.key.n=r(q,p[1]);v.key.e=r(q,p[2]);v.key.d=r(q,p[3]);v.key.p=r(q,p[4]);v.key.q=r(q,p[5]);v.key.dp=r(q,p[6]);v.key.dq=r(q,p[7]);v.key.co=r(q,p[8])},parsePrivateRawECKeyHexAtObj:function(p,s){var q=s.keyidx;var r=new KJUR.crypto.ECDSA();r.readPKCS8PrvKeyHex(p);s.key=r.prvKeyHex;s.pubkey=r.pubKeyHex},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var w=r[0];if(t.substr(w,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=u(t,w);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(t.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=s(t,r[1]).substr(2);return q},getRSAKeyFromPublicPKCS8Hex:function(p){var q=new RSAKey();q.readPKCS8PubKeyHex(p);return q},}}();KEYUTIL.getKey=function(l,k,n){var E=ASN1HEX;var I=E.getChildIdx;var t=E.getV;var d=E.getVbyList;var c=KJUR.crypto;var i=c.ECDSA;var B=c.DSA;var u=RSAKey;if(typeof u!="undefined"&&l instanceof u){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof B!="undefined"&&l instanceof B){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var K=new u();K.setPublic(l.n,l.e);return K}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var K=new u();K.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return K}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var K=new u();K.setPrivate(l.n,l.e,l.d);return K}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var K=new B();K.setPublic(l.p,l.q,l.g,l.y);return K}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var K=new B();K.setPrivate(l.p,l.q,l.g,l.y,l.x);return K}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var K=new u();K.setPublic(b64utohex(l.n),b64utohex(l.e));return K}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var K=new u();K.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return K}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var K=new u();K.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return K}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var s=j.ecparams.keylen/4;var A=("0000000000"+b64utohex(l.x)).slice(-s);var w=("0000000000"+b64utohex(l.y)).slice(-s);var v="04"+A+w;j.setPublicKeyHex(v);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var s=j.ecparams.keylen/4;var A=("0000000000"+b64utohex(l.x)).slice(-s);var w=("0000000000"+b64utohex(l.y)).slice(-s);var v="04"+A+w;var b=("0000000000"+b64utohex(l.d)).slice(-s);j.setPublicKeyHex(v);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var G=l,E=ASN1HEX,J,K;J=I(G,0);if(J.length===9){K=new u();K.readPrivateKeyFromASN1HexString(l)}else{if(J.length===6){K=new B();K.readPKCS5PrvKeyHex(G)}else{if(J.length>2&&G.substr(J[1],2)==="04"){K=new i();K.readPKCS5PrvKeyHex(G)}else{throw"unsupported PKCS#1/5 hexadecimal key"}}}return K}if(n==="pkcs8prv"){var K=KEYUTIL.getKeyFromPlainPrivatePKCS8Hex(l);return K}if(n==="pkcs8pub"){return KEYUTIL.getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){return KEYUTIL.getKeyFromPublicPKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=E.pemToHex(l,"RSA PRIVATE KEY");return KEYUTIL.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var F=E.pemToHex(l,"DSA PRIVATE KEY");var D=d(F,0,[1],"02");var C=d(F,0,[2],"02");var H=d(F,0,[3],"02");var o=d(F,0,[4],"02");var r=d(F,0,[5],"02");var K=new B();K.setPrivate(new BigInteger(D,16),new BigInteger(C,16),new BigInteger(H,16),new BigInteger(o,16),new BigInteger(r,16));return K}if(l.indexOf("-END PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(l,k)}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var F=KEYUTIL.getDecryptedKeyHex(l,k);var K=d(F,0,[1],"04");var f=d(F,0,[2,0],"06");var z=d(F,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+f}var j=new i({curve:e});j.setPublicKeyHex(z);j.setPrivateKeyHex(K);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var F=KEYUTIL.getDecryptedKeyHex(l,k);var D=d(F,0,[1],"02");var C=d(F,0,[2],"02");var H=d(F,0,[3],"02");var o=d(F,0,[4],"02");var r=d(F,0,[5],"02");var K=new B();K.setPrivate(new BigInteger(D,16),new BigInteger(C,16),new BigInteger(H,16),new BigInteger(o,16),new BigInteger(r,16));return K}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromEncryptedPKCS8PEM(l,k)}throw"not supported argument"};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(a,r,o,g,j){var v=KJUR.asn1;var u=KJUR.crypto;function p(s){var w=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return w}function q(w){var s=KJUR.asn1.ASN1Util.newObject({seq:[{"int":1},{octstr:{hex:w.prvKeyHex}},{tag:["a0",true,{oid:{name:w.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+w.pubKeyHex}}]}]});return s}function n(s){var w=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return w}if(((typeof RSAKey!="undefined"&&a instanceof RSAKey)||(typeof u.DSA!="undefined"&&a instanceof u.DSA)||(typeof u.ECDSA!="undefined"&&a instanceof u.ECDSA))&&a.isPublic==true&&(r===undefined||r=="PKCS8PUB")){var t=new KJUR.asn1.x509.SubjectPublicKeyInfo(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"PUBLIC KEY")}if(r=="PKCS1PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&(o===undefined||o==null)&&a.isPrivate==true){var t=p(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"RSA PRIVATE KEY")}if(r=="PKCS1PRV"&&typeof RSAKey!="undefined"&&a instanceof KJUR.crypto.ECDSA&&(o===undefined||o==null)&&a.isPrivate==true){var f=new KJUR.asn1.DERObjectIdentifier({name:a.curveName});var l=f.getEncodedHex();var e=q(a);var k=e.getEncodedHex();var i="";i+=v.ASN1Util.getPEMStringFromHex(l,"EC PARAMETERS");i+=v.ASN1Util.getPEMStringFromHex(k,"EC PRIVATE KEY");return i}if(r=="PKCS1PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&(o===undefined||o==null)&&a.isPrivate==true){var t=n(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"DSA PRIVATE KEY")}if(r=="PKCS5PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=p(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",m,o,g)}if(r=="PKCS5PRV"&&typeof KJUR.crypto.ECDSA!="undefined"&&a instanceof KJUR.crypto.ECDSA&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=q(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",m,o,g)}if(r=="PKCS5PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=n(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",m,o,g)}var h=function(w,s){var y=b(w,s);var x=new KJUR.asn1.ASN1Util.newObject({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:y.pbkdf2Salt}},{"int":y.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:y.encryptionSchemeIV}}]}]}]},{octstr:{hex:y.ciphertext}}]});return x.getEncodedHex()};var b=function(D,E){var x=100;var C=CryptoJS.lib.WordArray.random(8);var B="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var y=CryptoJS.PBKDF2(E,C,{keySize:192/32,iterations:x});var z=CryptoJS.enc.Hex.parse(D);var A=CryptoJS.TripleDES.encrypt(z,y,{iv:s})+"";var w={};w.ciphertext=A;w.pbkdf2Salt=CryptoJS.enc.Hex.stringify(C);w.pbkdf2Iter=x;w.encryptionSchemeAlg=B;w.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return w};if(r=="PKCS8PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&a.isPrivate==true){var d=p(a);var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}if(r=="PKCS8PRV"&&typeof KJUR.crypto.ECDSA!="undefined"&&a instanceof KJUR.crypto.ECDSA&&a.isPrivate==true){var d=new KJUR.asn1.ASN1Util.newObject({seq:[{"int":1},{octstr:{hex:a.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+a.pubKeyHex}}]}]});var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:a.curveName}}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}if(r=="PKCS8PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&a.isPrivate==true){var d=new KJUR.asn1.DERInteger({bigint:a.x});var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:a.p}},{"int":{bigint:a.q}},{"int":{bigint:a.g}}]}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}throw"unsupported object nor format"};KEYUTIL.getKeyFromCSRPEM=function(b){var a=ASN1HEX.pemToHex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var e=f(g,0);if(e.length<1){throw"malformed CSR(code:002)"}if(g.substr(e[0],2)!="30"){throw"malformed CSR(code:003)"}var a=f(g,e[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getJWKFromKey=function(d){var b={};if(d instanceof RSAKey&&d.isPrivate){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));b.d=hextob64u(d.d.toString(16));b.p=hextob64u(d.p.toString(16));b.q=hextob64u(d.q.toString(16));b.dp=hextob64u(d.dmp1.toString(16));b.dq=hextob64u(d.dmq1.toString(16));b.qi=hextob64u(d.coeff.toString(16));return b}else{if(d instanceof RSAKey&&d.isPublic){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPrivate){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);b.d=hextob64u(d.prvKeyHex);return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPublic){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);return b}}}}throw"not supported key object"}; -/*! rsapem-1.2.1.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -RSAKey.pemToBase64=function(b){var a=b;a=a.replace("-----BEGIN RSA PRIVATE KEY-----","");a=a.replace("-----END RSA PRIVATE KEY-----","");a=a.replace(/[ \n]+/g,"");return a};RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(e){var c=RSAKey.pemToBase64(e);var d=b64tohex(c);var b=RSAKey.getHexValueArrayOfChildrenFromHex(d);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPrivateKeyFromASN1HexString=function(a){this.readPKCS5PrvKeyHex(a)};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,j,l,b,a,f,d,k;var m=ASN1HEX;var g=m.getVbyList;if(m.isASN1HEX(e)===false){throw"not ASN.1 hex string"}try{c=g(e,0,[2,0,1],"02");j=g(e,0,[2,0,2],"02");l=g(e,0,[2,0,3],"02");b=g(e,0,[2,0,4],"02");a=g(e,0,[2,0,5],"02");f=g(e,0,[2,0,6],"02");d=g(e,0,[2,0,7],"02");k=g(e,0,[2,0,8],"02")}catch(i){throw"malformed PKCS#8 plain RSA private key"}this.setPrivateEx(c,j,l,b,a,f,d,k)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw"keyHex is not ASN.1 hex string"}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw"wrong hex for PKCS#5 public key"}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw"not ASN.1 hex string"}if(c.getTLVbyList(b,0,[0,0])!=="06092a864886f70d010101"){throw"not PKCS8 RSA public key"}var a=c.getTLVbyList(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; -/*! rsasign-1.2.7.js (c) 2012 Kenji Urushima | kjur.github.com/jsrsasign/license - */ +var PKCS5PKEY=function(){var c=function(n,p,o){return i(CryptoJS.AES,n,p,o)};var d=function(n,p,o){return i(CryptoJS.TripleDES,n,p,o)};var i=function(q,v,s,o){var p=CryptoJS.enc.Hex.parse(v);var u=CryptoJS.enc.Hex.parse(s);var n=CryptoJS.enc.Hex.parse(o);var r={};r.key=u;r.iv=n;r.ciphertext=p;var t=q.decrypt(r,u,{iv:n});return CryptoJS.enc.Hex.stringify(t)};var j=function(n,p,o){return e(CryptoJS.AES,n,p,o)};var m=function(n,p,o){return e(CryptoJS.TripleDES,n,p,o)};var e=function(s,x,v,p){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(v);var o=CryptoJS.enc.Hex.parse(p);var n={};var u=s.encrypt(r,w,{iv:o});var q=CryptoJS.enc.Hex.parse(u.toString());var t=CryptoJS.enc.Base64.stringify(q);return t};var g={"AES-256-CBC":{proc:c,eproc:j,keylen:32,ivlen:16},"AES-192-CBC":{proc:c,eproc:j,keylen:24,ivlen:16},"AES-128-CBC":{proc:c,eproc:j,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:d,eproc:m,keylen:24,ivlen:8}};var b=function(n){return g[n]["proc"]};var k=function(n){var p=CryptoJS.lib.WordArray.random(n);var o=CryptoJS.enc.Hex.stringify(p);return o};var l=function(t){var u={};var o=t.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(o){u.cipher=o[1];u.ivsalt=o[2]}var n=t.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(n){u.type=n[1]}var r=-1;var v=0;if(t.indexOf("\r\n\r\n")!=-1){r=t.indexOf("\r\n\r\n");v=2}if(t.indexOf("\n\n")!=-1){r=t.indexOf("\n\n");v=1}var q=t.indexOf("-----END");if(r!=-1&&q!=-1){var p=t.substring(r+v*2,q-v);p=p.replace(/\s+/g,"");u.data=p}return u};var h=function(o,w,n){var t=n.substring(0,16);var r=CryptoJS.enc.Hex.parse(t);var p=CryptoJS.enc.Utf8.parse(w);var s=g[o]["keylen"]+g[o]["ivlen"];var v="";var u=null;for(;;){var q=CryptoJS.algo.MD5.create();if(u!=null){q.update(u)}q.update(p);q.update(r);u=q.finalize();v=v+CryptoJS.enc.Hex.stringify(u);if(v.length>=s*2){break}}var x={};x.keyhex=v.substr(0,g[o]["keylen"]*2);x.ivhex=v.substr(g[o]["keylen"]*2,g[o]["ivlen"]*2);return x};var a=function(n,t,p,u){var q=CryptoJS.enc.Base64.parse(n);var o=CryptoJS.enc.Hex.stringify(q);var s=g[t]["proc"];var r=s(o,p,u);return r};var f=function(n,q,o,s){var p=g[q]["eproc"];var r=p(n,o,s);return r};return{version:"1.0.5",getHexFromPEM:function(n,o){return pemtohex(n,o)},getDecryptedKeyHexByKeyIV:function(o,r,q,p){var n=b(r);return n(o,q,p)},parsePKCS5PEM:function(n){return l(n)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(o,n,p){return h(o,n,p)},decryptKeyB64:function(n,p,o,q){return a(n,p,o,q)},getDecryptedKeyHex:function(w,v){var o=l(w);var r=o.type;var p=o.cipher;var n=o.ivsalt;var q=o.data;var u=h(p,v,n);var t=u.keyhex;var s=a(q,p,t,n);return s},getRSAKeyFromEncryptedPKCS5PEM:function(p,o){var q=this.getDecryptedKeyHex(p,o);var n=new RSAKey();n.readPrivateKeyFromASN1HexString(q);return n},getEncryptedPKCS5PEMFromPrvKeyHex:function(q,x,r,p){if(typeof r=="undefined"||r==null){r="AES-256-CBC"}if(typeof g[r]=="undefined"){throw"PKCS5PKEY unsupported algorithm: "+r}if(typeof p=="undefined"||p==null){var t=g[r]["ivlen"];var s=k(t);p=s.toUpperCase()}var w=h(r,x,p);var v=w.keyhex;var u=f(q,r,v,p);var o=u.replace(/(.{64})/g,"$1\r\n");var n="-----BEGIN RSA PRIVATE KEY-----\r\n";n+="Proc-Type: 4,ENCRYPTED\r\n";n+="DEK-Info: "+r+","+p+"\r\n";n+="\r\n";n+=o;n+="\r\n-----END RSA PRIVATE KEY-----\r\n";return n},getEncryptedPKCS5PEMFromRSAKey:function(C,D,o,s){var A=new KJUR.asn1.DERInteger({"int":0});var v=new KJUR.asn1.DERInteger({bigint:C.n});var z=new KJUR.asn1.DERInteger({"int":C.e});var B=new KJUR.asn1.DERInteger({bigint:C.d});var t=new KJUR.asn1.DERInteger({bigint:C.p});var r=new KJUR.asn1.DERInteger({bigint:C.q});var y=new KJUR.asn1.DERInteger({bigint:C.dmp1});var u=new KJUR.asn1.DERInteger({bigint:C.dmq1});var x=new KJUR.asn1.DERInteger({bigint:C.coeff});var E=new KJUR.asn1.DERSequence({array:[A,v,z,B,t,r,y,u,x]});var w=E.getEncodedHex();return this.getEncryptedPKCS5PEMFromPrvKeyHex(w,D,o,s)},newEncryptedPKCS5PEM:function(n,o,r,s){if(typeof o=="undefined"||o==null){o=1024}if(typeof r=="undefined"||r==null){r="10001"}var p=new RSAKey();p.generate(o,r);var q=null;if(typeof s=="undefined"||s==null){q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n)}else{q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n,s)}return q},getRSAKeyFromPlainPKCS8PEM:function(p){if(p.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var o=pemtohex(p,"PRIVATE KEY");var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getRSAKeyFromPlainPKCS8Hex:function(o){var n=new RSAKey();n.readPKCS8PrvKeyHex(o);return n},parseHexOfEncryptedPKCS8:function(w){var z=ASN1HEX;var x=z.getChildIdx;var u=z.getV;var r={};var p=x(w,0);if(p.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+p.length}r.ciphertext=u(w,p[1]);var y=x(w,p[0]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+y.length}if(u(w,y[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var n=x(w,y[1]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+n.length}var o=x(w,n[1]);if(o.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+o.length}if(u(w,o[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}r.encryptionSchemeAlg="TripleDES";r.encryptionSchemeIV=u(w,o[1]);var q=x(w,n[0]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+q.length}if(u(w,q[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var v=x(w,q[1]);if(v.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+v.length}r.pbkdf2Salt=u(w,v[0]);var s=u(w,v[1]);try{r.pbkdf2Iter=parseInt(s,16)}catch(t){throw"malformed format pbkdf2Iter: "+s}return r},getPBKDF2KeyHexFromParam:function(s,n){var r=CryptoJS.enc.Hex.parse(s.pbkdf2Salt);var o=s.pbkdf2Iter;var q=CryptoJS.PBKDF2(n,r,{keySize:192/32,iterations:o});var p=CryptoJS.enc.Hex.stringify(q);return p},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(v,w){var p=pemtohex(v,"ENCRYPTED PRIVATE KEY");var n=this.parseHexOfEncryptedPKCS8(p);var s=PKCS5PKEY.getPBKDF2KeyHexFromParam(n,w);var t={};t.ciphertext=CryptoJS.enc.Hex.parse(n.ciphertext);var r=CryptoJS.enc.Hex.parse(s);var q=CryptoJS.enc.Hex.parse(n.encryptionSchemeIV);var u=CryptoJS.TripleDES.decrypt(t,r,{iv:q});var o=CryptoJS.enc.Hex.stringify(u);return o},getRSAKeyFromEncryptedPKCS8PEM:function(q,p){var o=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,p);var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getKeyFromEncryptedPKCS8PEM:function(q,o){var n=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,o);var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},parsePlainPrivatePKCS8Hex:function(q){var t=ASN1HEX;var s=t.getChildIdx;var r=t.getV;var o={};o.algparam=null;if(q.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var p=s(q,0);if(p.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(q.substr(p[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var n=s(q,p[1]);if(n.length!=2){throw"malformed PKCS8 private key(code:004)"}if(q.substr(n[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}o.algoid=r(q,n[0]);if(q.substr(n[1],2)=="06"){o.algparam=r(q,n[1])}if(q.substr(p[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}o.keyidx=t.getVidx(q,p[2]);return o},getKeyFromPlainPrivatePKCS8PEM:function(o){var n=pemtohex(o,"PRIVATE KEY");var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},getKeyFromPlainPrivatePKCS8Hex:function(n){var o=this.parsePlainPrivatePKCS8Hex(n);var p;if(o.algoid=="2a864886f70d010101"){p=new RSAKey()}else{if(o.algoid=="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(o.algoid=="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}p.readPKCS8PrvKeyHex(n);return p},getRSAKeyFromPublicPKCS8PEM:function(o){var p=pemtohex(o,"PUBLIC KEY");var n=this.getRSAKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8PEM:function(o){var p=pemtohex(o,"PUBLIC KEY");var n=this.getKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8Hex:function(o){var n;var p=ASN1HEX.getVbyList(o,0,[0,0],"06");if(p==="2a864886f70d010101"){n=new RSAKey()}else{if(p==="2a8648ce380401"){n=new KJUR.crypto.DSA()}else{if(p==="2a8648ce3d0201"){n=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}n.readPKCS8PubKeyHex(o);return n},parsePublicRawRSAKeyHex:function(p){var s=ASN1HEX;var r=s.getChildIdx;var q=s.getV;var n={};if(p.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var o=r(p,0);if(o.length!=2){throw"malformed RSA key(code:002)"}if(p.substr(o[0],2)!="02"){throw"malformed RSA key(code:003)"}n.n=q(p,o[0]);if(p.substr(o[1],2)!="02"){throw"malformed RSA key(code:004)"}n.e=q(p,o[1]);return n},parsePrivateRawRSAKeyHexAtObj:function(o,t){var s=ASN1HEX;var r=s.getChildIdx;var p=s.getV;var q=s.getIdxbyList(o,0,[2,0]);var n=r(o,q);if(n.length!==9){throw"malformed PKCS#8 plain RSA private key"}t.key={};t.key.n=p(o,n[1]);t.key.e=p(o,n[2]);t.key.d=p(o,n[3]);t.key.p=p(o,n[4]);t.key.q=p(o,n[5]);t.key.dp=p(o,n[6]);t.key.dq=p(o,n[7]);t.key.co=p(o,n[8])},parsePrivateRawECKeyHexAtObj:function(n,q){var o=q.keyidx;var p=new KJUR.crypto.ECDSA();p.readPKCS8PrvKeyHex(n);q.key=p.prvKeyHex;q.pubkey=p.pubKeyHex},parsePublicPKCS8Hex:function(r){var t=ASN1HEX;var s=t.getChildIdx;var q=t.getV;var o={};o.algparam=null;var p=s(r,0);if(p.length!=2){throw"outer DERSequence shall have 2 elements: "+p.length}var u=p[0];if(r.substr(u,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var n=s(r,u);if(n.length!=2){throw"malformed PKCS8 public key(code:002)"}if(r.substr(n[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}o.algoid=q(r,n[0]);if(r.substr(n[1],2)=="06"){o.algparam=q(r,n[1])}else{if(r.substr(n[1],2)=="30"){o.algparam={};o.algparam.p=t.getVbyList(r,n[1],[0],"02");o.algparam.q=t.getVbyList(r,n[1],[1],"02");o.algparam.g=t.getVbyList(r,n[1],[2],"02")}}if(r.substr(p[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}o.key=q(r,p[1]).substr(2);return o},getRSAKeyFromPublicPKCS8Hex:function(n){var o=new RSAKey();o.readPKCS8PubKeyHex(n);return o},}}(); +var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(v){var w={};var q=v.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(q){w.cipher=q[1];w.ivsalt=q[2]}var p=v.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(p){w.type=p[1]}var u=-1;var x=0;if(v.indexOf("\r\n\r\n")!=-1){u=v.indexOf("\r\n\r\n");x=2}if(v.indexOf("\n\n")!=-1){u=v.indexOf("\n\n");x=1}var t=v.indexOf("-----END");if(u!=-1&&t!=-1){var r=v.substring(u+x*2,t-x);r=r.replace(/\s+/g,"");w.data=r}return w};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",getHexFromPEM:function(p,q){return pemtohex(p,q)},getDecryptedKeyHexByKeyIV:function(q,t,s,r){var p=c(t);return p(q,s,r)},parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getRSAKeyFromEncryptedPKCS5PEM:function(r,q){var s=this.getDecryptedKeyHex(r,q);var p=new RSAKey();p.readPrivateKeyFromASN1HexString(s);return p},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},getEncryptedPKCS5PEMFromRSAKey:function(D,E,r,t){var B=new KJUR.asn1.DERInteger({"int":0});var w=new KJUR.asn1.DERInteger({bigint:D.n});var A=new KJUR.asn1.DERInteger({"int":D.e});var C=new KJUR.asn1.DERInteger({bigint:D.d});var u=new KJUR.asn1.DERInteger({bigint:D.p});var s=new KJUR.asn1.DERInteger({bigint:D.q});var z=new KJUR.asn1.DERInteger({bigint:D.dmp1});var v=new KJUR.asn1.DERInteger({bigint:D.dmq1});var y=new KJUR.asn1.DERInteger({bigint:D.coeff});var F=new KJUR.asn1.DERSequence({array:[B,w,A,C,u,s,z,v,y]});var x=F.getEncodedHex();return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",x,E,r,t)},newEncryptedPKCS5PEM:function(p,q,t,u){if(typeof q=="undefined"||q==null){q=1024}if(typeof t=="undefined"||t==null){t="10001"}var r=new RSAKey();r.generate(q,t);var s=null;if(typeof u=="undefined"||u==null){s=this.getEncryptedPKCS5PEMFromRSAKey(r,p)}else{s=this.getEncryptedPKCS5PEMFromRSAKey(r,p,u)}return s},getRSAKeyFromPlainPKCS8PEM:function(r){if(r.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var q=pemtohex(r,"PRIVATE KEY");var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getRSAKeyFromPlainPKCS8Hex:function(q){var p=new RSAKey();p.readPKCS8PrvKeyHex(q);return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+A.length}if(w(y,A[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=z(y,A[1]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=z(y,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length}if(w(y,s[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=z(y,s[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getRSAKeyFromEncryptedPKCS8PEM:function(s,r){var q=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,r);var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=u(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=u(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}r.readPKCS8PrvKeyHex(p);return r},getRSAKeyFromPublicPKCS8PEM:function(q){var r=pemtohex(q,"PUBLIC KEY");var p=this.getRSAKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8PEM:function(q){var r=pemtohex(q,"PUBLIC KEY");var p=this.getKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=t(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=s(r,q[1]);return p},parsePrivateRawRSAKeyHexAtObj:function(q,v){var u=ASN1HEX;var t=u.getChildIdx;var r=u.getV;var s=u.getIdxbyList(q,0,[2,0]);var p=t(q,s);if(p.length!==9){throw"malformed PKCS#8 plain RSA private key"}v.key={};v.key.n=r(q,p[1]);v.key.e=r(q,p[2]);v.key.d=r(q,p[3]);v.key.p=r(q,p[4]);v.key.q=r(q,p[5]);v.key.dp=r(q,p[6]);v.key.dq=r(q,p[7]);v.key.co=r(q,p[8])},parsePrivateRawECKeyHexAtObj:function(p,s){var q=s.keyidx;var r=new KJUR.crypto.ECDSA();r.readPKCS8PrvKeyHex(p);s.key=r.prvKeyHex;s.pubkey=r.pubKeyHex},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var w=r[0];if(t.substr(w,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=u(t,w);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(t.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=s(t,r[1]).substr(2);return q},getRSAKeyFromPublicPKCS8Hex:function(p){var q=new RSAKey();q.readPKCS8PubKeyHex(p);return q},}}();KEYUTIL.getKey=function(l,k,n){var E=ASN1HEX,I=E.getChildIdx,u=E.getV,d=E.getVbyList,c=KJUR.crypto,i=c.ECDSA,B=c.DSA,v=RSAKey,J=pemtohex;if(typeof v!="undefined"&&l instanceof v){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof B!="undefined"&&l instanceof B){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var L=new v();L.setPublic(l.n,l.e);return L}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var L=new v();L.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return L}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var L=new v();L.setPrivate(l.n,l.e,l.d);return L}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var L=new B();L.setPublic(l.p,l.q,l.g,l.y);return L}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var L=new B();L.setPrivate(l.p,l.q,l.g,l.y,l.x);return L}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var L=new v();L.setPublic(b64utohex(l.n),b64utohex(l.e));return L}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var L=new v();L.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return L}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var L=new v();L.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return L}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var s=j.ecparams.keylen/4;var A=("0000000000"+b64utohex(l.x)).slice(-s);var w=("0000000000"+b64utohex(l.y)).slice(-s);var t="04"+A+w;j.setPublicKeyHex(t);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var s=j.ecparams.keylen/4;var A=("0000000000"+b64utohex(l.x)).slice(-s);var w=("0000000000"+b64utohex(l.y)).slice(-s);var t="04"+A+w;var b=("0000000000"+b64utohex(l.d)).slice(-s);j.setPublicKeyHex(t);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var G=l,E=ASN1HEX,K,L;K=I(G,0);if(K.length===9){L=new v();L.readPrivateKeyFromASN1HexString(l)}else{if(K.length===6){L=new B();L.readPKCS5PrvKeyHex(G)}else{if(K.length>2&&G.substr(K[1],2)==="04"){L=new i();L.readPKCS5PrvKeyHex(G)}else{throw"unsupported PKCS#1/5 hexadecimal key"}}}return L}if(n==="pkcs8prv"){var L=KEYUTIL.getKeyFromPlainPrivatePKCS8Hex(l);return L}if(n==="pkcs8pub"){return KEYUTIL.getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){return KEYUTIL.getKeyFromPublicPKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=J(l,"RSA PRIVATE KEY");return KEYUTIL.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var F=J(l,"DSA PRIVATE KEY");var D=d(F,0,[1],"02");var C=d(F,0,[2],"02");var H=d(F,0,[3],"02");var o=d(F,0,[4],"02");var r=d(F,0,[5],"02");var L=new B();L.setPrivate(new BigInteger(D,16),new BigInteger(C,16),new BigInteger(H,16),new BigInteger(o,16),new BigInteger(r,16));return L}if(l.indexOf("-END PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(l,k)}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var F=KEYUTIL.getDecryptedKeyHex(l,k);var L=d(F,0,[1],"04");var f=d(F,0,[2,0],"06");var z=d(F,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+f}var j=new i({curve:e});j.setPublicKeyHex(z);j.setPrivateKeyHex(L);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var F=KEYUTIL.getDecryptedKeyHex(l,k);var D=d(F,0,[1],"02");var C=d(F,0,[2],"02");var H=d(F,0,[3],"02");var o=d(F,0,[4],"02");var r=d(F,0,[5],"02");var L=new B();L.setPrivate(new BigInteger(D,16),new BigInteger(C,16),new BigInteger(H,16),new BigInteger(o,16),new BigInteger(r,16));return L}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromEncryptedPKCS8PEM(l,k)}throw"not supported argument"};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(b,C,x,l,p){var E=KJUR,j=E.asn1,y=j.DERObjectIdentifier,f=j.DERInteger,k=j.ASN1Util.newObject,a=j.x509,B=a.SubjectPublicKeyInfo,e=E.crypto,t=e.DSA,q=e.ECDSA,m=RSAKey;function z(s){var F=k({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return F}function A(F){var s=k({seq:[{"int":1},{octstr:{hex:F.prvKeyHex}},{tag:["a0",true,{oid:{name:F.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+F.pubKeyHex}}]}]});return s}function w(s){var F=k({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return F}if(((m!==undefined&&b instanceof m)||(t!==undefined&&b instanceof t)||(q!==undefined&&b instanceof q))&&b.isPublic==true&&(C===undefined||C=="PKCS8PUB")){var D=new B(b);var v=D.getEncodedHex();return hextopem(v,"PUBLIC KEY")}if(C=="PKCS1PRV"&&m!==undefined&&b instanceof m&&(x===undefined||x==null)&&b.isPrivate==true){var D=z(b);var v=D.getEncodedHex();return hextopem(v,"RSA PRIVATE KEY")}if(C=="PKCS1PRV"&&q!==undefined&&b instanceof q&&(x===undefined||x==null)&&b.isPrivate==true){var i=new y({name:b.curveName});var u=i.getEncodedHex();var h=A(b);var r=h.getEncodedHex();var o="";o+=hextopem(u,"EC PARAMETERS");o+=hextopem(r,"EC PRIVATE KEY");return o}if(C=="PKCS1PRV"&&t!==undefined&&b instanceof t&&(x===undefined||x==null)&&b.isPrivate==true){var D=w(b);var v=D.getEncodedHex();return hextopem(v,"DSA PRIVATE KEY")}if(C=="PKCS5PRV"&&m!==undefined&&b instanceof m&&(x!==undefined&&x!=null)&&b.isPrivate==true){var D=z(b);var v=D.getEncodedHex();if(l===undefined){l="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",v,x,l)}if(C=="PKCS5PRV"&&q!==undefined&&b instanceof q&&(x!==undefined&&x!=null)&&b.isPrivate==true){var D=A(b);var v=D.getEncodedHex();if(l===undefined){l="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",v,x,l)}if(C=="PKCS5PRV"&&t!==undefined&&b instanceof t&&(x!==undefined&&x!=null)&&b.isPrivate==true){var D=w(b);var v=D.getEncodedHex();if(l===undefined){l="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",v,x,l)}var n=function(F,s){var H=c(F,s);var G=new k({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:H.pbkdf2Salt}},{"int":H.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:H.encryptionSchemeIV}}]}]}]},{octstr:{hex:H.ciphertext}}]});return G.getEncodedHex()};var c=function(M,N){var G=100;var L=CryptoJS.lib.WordArray.random(8);var K="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var H=CryptoJS.PBKDF2(N,L,{keySize:192/32,iterations:G});var I=CryptoJS.enc.Hex.parse(M);var J=CryptoJS.TripleDES.encrypt(I,H,{iv:s})+"";var F={};F.ciphertext=J;F.pbkdf2Salt=CryptoJS.enc.Hex.stringify(L);F.pbkdf2Iter=G;F.encryptionSchemeAlg=K;F.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return F};if(C=="PKCS8PRV"&&m!=undefined&&b instanceof m&&b.isPrivate==true){var g=z(b);var d=g.getEncodedHex();var D=k({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var v=D.getEncodedHex();if(x===undefined||x==null){return hextopem(v,"PRIVATE KEY")}else{var r=n(v,x);return hextopem(r,"ENCRYPTED PRIVATE KEY")}}if(C=="PKCS8PRV"&&q!==undefined&&b instanceof q&&b.isPrivate==true){var g=new k({seq:[{"int":1},{octstr:{hex:b.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]}]});var d=g.getEncodedHex();var D=k({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var v=D.getEncodedHex();if(x===undefined||x==null){return hextopem(v,"PRIVATE KEY")}else{var r=n(v,x);return hextopem(r,"ENCRYPTED PRIVATE KEY")}}if(C=="PKCS8PRV"&&t!==undefined&&b instanceof t&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.getEncodedHex();var D=k({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var v=D.getEncodedHex();if(x===undefined||x==null){return hextopem(v,"PRIVATE KEY")}else{var r=n(v,x);return hextopem(r,"ENCRYPTED PRIVATE KEY")}}throw"unsupported object nor format"};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var e=f(g,0);if(e.length<1){throw"malformed CSR(code:002)"}if(g.substr(e[0],2)!="30"){throw"malformed CSR(code:003)"}var a=f(g,e[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getJWKFromKey=function(d){var b={};if(d instanceof RSAKey&&d.isPrivate){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));b.d=hextob64u(d.d.toString(16));b.p=hextob64u(d.p.toString(16));b.q=hextob64u(d.q.toString(16));b.dp=hextob64u(d.dmp1.toString(16));b.dq=hextob64u(d.dmq1.toString(16));b.qi=hextob64u(d.coeff.toString(16));return b}else{if(d instanceof RSAKey&&d.isPublic){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPrivate){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);b.d=hextob64u(d.prvKeyHex);return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPublic){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);return b}}}}throw"not supported key object"}; +RSAKey.pemToBase64=function(a){return hextob64(pemtohex(a))};RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(e){var c=RSAKey.pemToBase64(e);var d=b64tohex(c);var b=RSAKey.getHexValueArrayOfChildrenFromHex(d);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPrivateKeyFromASN1HexString=function(a){this.readPKCS5PrvKeyHex(a)};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,j,l,b,a,f,d,k;var m=ASN1HEX;var g=m.getVbyList;if(m.isASN1HEX(e)===false){throw"not ASN.1 hex string"}try{c=g(e,0,[2,0,1],"02");j=g(e,0,[2,0,2],"02");l=g(e,0,[2,0,3],"02");b=g(e,0,[2,0,4],"02");a=g(e,0,[2,0,5],"02");f=g(e,0,[2,0,6],"02");d=g(e,0,[2,0,7],"02");k=g(e,0,[2,0,8],"02")}catch(i){throw"malformed PKCS#8 plain RSA private key"}this.setPrivateEx(c,j,l,b,a,f,d,k)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw"keyHex is not ASN.1 hex string"}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw"wrong hex for PKCS#5 public key"}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw"not ASN.1 hex string"}if(c.getTLVbyList(b,0,[0,0])!=="06092a864886f70d010101"){throw"not PKCS8 RSA public key"}var a=c.getTLVbyList(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("");_RE_HEXDECONLY.compile("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}function _rsasign_signStringPSS(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)}function _rsasign_signWithMessageHashPSS(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw"invalid salt length"}}}if(c<(g+k+2)){throw"data too long"}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)}function _rsasign_verifyWithMessageHash(e,a){a=a.replace(_RE_HEXDECONLY,"");a=a.replace(/[ \n]+/g,"");var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)}function _rsasign_verifyStringPSS(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)}function _rsasign_verifyWithMessageHashPSS(f,s,l,c){var k=new BigInteger(s,16);if(k.bitLength()>this.n.bitLength()){return false}var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw"invalid salt length"}}}if(m<(h+c+2)){throw"data too long"}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw"bits beyond keysize not zero"}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q0){var c=":"+j.join(":")+":";if(c.indexOf(":"+h+":")==-1){throw"algorithm '"+h+"' not accepted in the list"}}if(h!="none"&&t===null){throw"key shall be specified to verify."}if(typeof t=="string"&&t.indexOf("-----BEGIN ")!=-1){t=KEYUTIL.getKey(t)}if(s=="RS"||s=="PS"){if(!(t instanceof RSAKey)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(s=="ES"){if(!(t instanceof KJUR.crypto.ECDSA)){throw"key shall be a ECDSA obj for ES* algs"}}if(h=="none"){}var n=null;if(m.jwsalg2sigalg[i.alg]===undefined){throw"unsupported alg name: "+h}else{n=m.jwsalg2sigalg[h]}if(n=="none"){throw"not supported"}else{if(n.substr(0,4)=="Hmac"){var k=null;if(t===undefined){throw"hexadecimal key shall be specified for HMAC"}var g=new KJUR.crypto.Mac({alg:n,pass:t});g.updateString(b);k=g.doFinal();return r==k}else{if(n.indexOf("withECDSA")!=-1){var f=null;try{f=KJUR.crypto.ECDSA.concatSigToASN1Sig(r)}catch(o){return false}var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(f)}else{var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(r)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(d,j,l){var h=KJUR.jws.JWS;var i=d.split(".");var c=i[0];var g=i[1];var m=c+"."+g;var k=b64utohex(i[2]);var f=h.readSafeJSONString(b64utoutf8(c));var e=h.readSafeJSONString(b64utoutf8(g));if(f.alg===undefined){return false}if(l.alg===undefined){throw"acceptField.alg shall be specified"}if(!h.inArray(f.alg,l.alg)){return false}if(e.iss!==undefined&&typeof l.iss==="object"){if(!h.inArray(e.iss,l.iss)){return false}}if(e.sub!==undefined&&typeof l.sub==="object"){if(!h.inArray(e.sub,l.sub)){return false}}if(e.aud!==undefined&&typeof l.aud==="object"){if(typeof e.aud=="string"){if(!h.inArray(e.aud,l.aud)){return false}}else{if(typeof e.aud=="object"){if(!h.includedArray(e.aud,l.aud)){return false}}}}var b=KJUR.jws.IntDate.getNow();if(l.verifyAt!==undefined&&typeof l.verifyAt==="number"){b=l.verifyAt}if(l.gracePeriod===undefined||typeof l.gracePeriod!=="number"){l.gracePeriod=0}if(e.exp!==undefined&&typeof e.exp=="number"){if(e.exp+l.gracePeriodj){this.aHeader.pop()}if(this.aSignature.length>j){this.aSignature.pop()}throw"addSignature failed: "+g}};this.addSignatureByHeaderKey=function(f,c){var e=b64utoutf8(this.sPayload);var d=new KJUR.jws.JWS();var g=d.generateJWSByP1PrvKey(f,e,c);this.aHeader.push(d.parsedJWS.headB64U);this.aSignature.push(d.parsedJWS.sigvalB64U)};this.addSignatureByHeaderPayloadKey=function(f,e,c){var d=new KJUR.jws.JWS();var g=d.generateJWSByP1PrvKey(f,e,c);this.aHeader.push(d.parsedJWS.headB64U);this.sPayload=d.parsedJWS.payloadB64U;this.aSignature.push(d.parsedJWS.sigvalB64U)};this.verifyAll=function(f){if(this.aHeader.length!==f.length||this.aSignature.length!==f.length){return false}for(var e=0;e0){this.aHeader=e.headers}else{throw"malformed header"}if(typeof e.payload==="string"){this.sPayload=e.payload}else{throw"malformed signatures"}if(e.signatures.length>0){this.signatures=e.signatures}else{throw"malformed signatures"}}catch(c){throw"malformed JWS-JS JSON object: "+c}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; +function X509(){var k=ASN1HEX,j=k.getChildIdx,h=k.getV,b=k.getTLV,f=k.getVbyList,c=k.getTLVbyList,g=k.getIdxbyList,d=k.getVidx,i=k.oidname,a=X509,e=pemtohex;this.hex=null;this.version=0;this.foffset=0;this.aExtInfo=null;this.subjectPublicKeyRSA=null;this.subjectPublicKeyRSA_hN=null;this.subjectPublicKeyRSA_hE=null;this.getVersion=function(){if(this.hex===null||this.version!==0){return this.version}if(c(this.hex,0,[0,0])!=="a003020102"){this.version=1;this.foffset=-1;return 1}this.version=3;return 3};this.getSerialNumberHex=function(){return f(this.hex,0,[0,1+this.foffset],"02")};this.getSignatureAlgorithmField=function(){return i(f(this.hex,0,[0,2+this.foffset,0],"06"))};this.getIssuerHex=function(){return c(this.hex,0,[0,3+this.foffset],"30")};this.getIssuerString=function(){return a.hex2dn(this.getIssuerHex())};this.getSubjectHex=function(){return c(this.hex,0,[0,5+this.foffset],"30")};this.getSubjectString=function(){return a.hex2dn(this.getSubjectHex())};this.getNotBefore=function(){var l=f(this.hex,0,[0,4+this.foffset,0]);l=l.replace(/(..)/g,"%$1");l=decodeURIComponent(l);return l};this.getNotAfter=function(){var l=f(this.hex,0,[0,4+this.foffset,1]);l=l.replace(/(..)/g,"%$1");l=decodeURIComponent(l);return l};this.getPublicKeyHex=function(){return k.getTLVbyList(this.hex,0,[0,6+this.foffset],"30")};this.getPublicKeyIdx=function(){return g(this.hex,0,[0,6+this.foffset],"30")};this.getPublicKey=function(){return KEYUTIL.getKey(this.getPublicKeyHex(),null,"pkcs8pub")};this.getSignatureAlgorithmName=function(){return i(f(this.hex,0,[1,0],"06"))};this.getSignatureValueHex=function(){return f(this.hex,0,[2],"03",true)};this.verifySignature=function(n){var o=this.getSignatureAlgorithmName();var l=this.getSignatureValueHex();var m=c(this.hex,0,[0],"30");var p=new KJUR.crypto.Signature({alg:o});p.init(n);p.updateHex(m);return p.verify(l)};this.parseExt=function(){if(this.version!==3){return -1}var p=g(this.hex,0,[0,7,0],"30");var m=j(this.hex,p);this.aExtInfo=new Array();for(var n=0;n0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.addSignatureByHeaderKey=function(h,e){var g=b64utoutf8(this.sPayload);var f=new KJUR.jws.JWS();var i=f.generateJWSByP1PrvKey(h,g,e);this.aHeader.push(f.parsedJWS.headB64U);this.aSignature.push(f.parsedJWS.sigvalB64U)};this.addSignatureByHeaderPayloadKey=function(h,g,e){var f=new KJUR.jws.JWS();var i=f.generateJWSByP1PrvKey(h,g,e);this.aHeader.push(f.parsedJWS.headB64U);this.sPayload=f.parsedJWS.payloadB64U;this.aSignature.push(f.parsedJWS.sigvalB64U)};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.signatures=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; exports.SecureRandom = SecureRandom; exports.rng_seed_time = rng_seed_time; @@ -337,6 +297,8 @@ exports.rstrtohex = rstrtohex; exports.hextob64 = hextob64; exports.hextob64nl = hextob64nl; exports.b64nltohex = b64nltohex; +exports.hextopem = hextopem; +exports.pemtohex = pemtohex; exports.hextoArrayBuffer = hextoArrayBuffer; exports.ArrayBuffertohex = ArrayBuffertohex; exports.zulutomsec = zulutomsec; diff --git a/npm/package.json b/npm/package.json index 6d22fd7f..3fa1fa3e 100755 --- a/npm/package.json +++ b/npm/package.json @@ -1,6 +1,6 @@ { "name": "jsrsasign", - "version": "7.2.0", + "version": "7.2.1", "description": "opensource free pure JavaScript cryptographic library supports RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp and CAdES and JSON Web Signature(JWS)/Token(JWT)/Key(JWK).", "main": "lib/jsrsasign.js", "scripts": { diff --git a/src/asn1-1.0.js b/src/asn1-1.0.js index a16fc6e7..b4a15d95 100644 --- a/src/asn1-1.0.js +++ b/src/asn1-1.0.js @@ -1,9 +1,9 @@ -/*! asn1-1.0.12.js (c) 2013-2016 Kenji Urushima | kjur.github.com/jsrsasign/license +/* asn1-1.0.13.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * asn1.js - ASN.1 DER encoder classes * - * Copyright (c) 2013-2016 Kenji Urushima (kenji.urushima@gmail.com) + * Copyright (c) 2013-2017 Kenji Urushima (kenji.urushima@gmail.com) * * This software is licensed under the terms of the MIT License. * http://kjur.github.com/jsrsasign/license @@ -16,7 +16,7 @@ * @fileOverview * @name asn1-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version asn1 1.0.12 (2016-Nov-19) + * @version asn1 1.0.13 (2017-Jun-02) * @since jsrsasign 2.1 * @license MIT License */ @@ -150,12 +150,7 @@ KJUR.asn1.ASN1Util = new function() { * -----END PRIVATE KEY----- */ this.getPEMStringFromHex = function(dataHex, pemHeader) { - var dataB64 = hextob64(dataHex); - var pemBody = dataB64.replace(/(.{64})/g, "$1\r\n"); - pemBody = pemBody.replace(/\r\n$/, ''); - return "-----BEGIN " + pemHeader + "-----\r\n" + - pemBody + - "\r\n-----END " + pemHeader + "-----\r\n"; + return hextopem(dataHex, pemHeader); }; /** @@ -209,7 +204,27 @@ KJUR.asn1.ASN1Util = new function() { * ]}); */ this.newObject = function(param) { - var ns1 = KJUR.asn1; + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERBoolean = _KJUR_asn1.DERBoolean, + _DERInteger = _KJUR_asn1.DERInteger, + _DERBitString = _KJUR_asn1.DERBitString, + _DEROctetString = _KJUR_asn1.DEROctetString, + _DERNull = _KJUR_asn1.DERNull, + _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, + _DEREnumerated = _KJUR_asn1.DEREnumerated, + _DERUTF8String = _KJUR_asn1.DERUTF8String, + _DERNumericString = _KJUR_asn1.DERNumericString, + _DERPrintableString = _KJUR_asn1.DERPrintableString, + _DERTeletexString = _KJUR_asn1.DERTeletexString, + _DERIA5String = _KJUR_asn1.DERIA5String, + _DERUTCTime = _KJUR_asn1.DERUTCTime, + _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime, + _DERSequence = _KJUR_asn1.DERSequence, + _DERSet = _KJUR_asn1.DERSet, + _DERTaggedObject = _KJUR_asn1.DERTaggedObject, + _newObject = _KJUR_asn1.ASN1Util.newObject; + var keys = Object.keys(param); if (keys.length != 1) throw "key of param shall be only one."; @@ -218,47 +233,49 @@ KJUR.asn1.ASN1Util = new function() { if (":bool:int:bitstr:octstr:null:oid:enum:utf8str:numstr:prnstr:telstr:ia5str:utctime:gentime:seq:set:tag:".indexOf(":" + key + ":") == -1) throw "undefined key: " + key; - if (key == "bool") return new ns1.DERBoolean(param[key]); - if (key == "int") return new ns1.DERInteger(param[key]); - if (key == "bitstr") return new ns1.DERBitString(param[key]); - if (key == "octstr") return new ns1.DEROctetString(param[key]); - if (key == "null") return new ns1.DERNull(param[key]); - if (key == "oid") return new ns1.DERObjectIdentifier(param[key]); - if (key == "enum") return new ns1.DEREnumerated(param[key]); - if (key == "utf8str") return new ns1.DERUTF8String(param[key]); - if (key == "numstr") return new ns1.DERNumericString(param[key]); - if (key == "prnstr") return new ns1.DERPrintableString(param[key]); - if (key == "telstr") return new ns1.DERTeletexString(param[key]); - if (key == "ia5str") return new ns1.DERIA5String(param[key]); - if (key == "utctime") return new ns1.DERUTCTime(param[key]); - if (key == "gentime") return new ns1.DERGeneralizedTime(param[key]); + if (key == "bool") return new _DERBoolean(param[key]); + if (key == "int") return new _DERInteger(param[key]); + if (key == "bitstr") return new _DERBitString(param[key]); + if (key == "octstr") return new _DEROctetString(param[key]); + if (key == "null") return new _DERNull(param[key]); + if (key == "oid") return new _DERObjectIdentifier(param[key]); + if (key == "enum") return new _DEREnumerated(param[key]); + if (key == "utf8str") return new _DERUTF8String(param[key]); + if (key == "numstr") return new _DERNumericString(param[key]); + if (key == "prnstr") return new _DERPrintableString(param[key]); + if (key == "telstr") return new _DERTeletexString(param[key]); + if (key == "ia5str") return new _DERIA5String(param[key]); + if (key == "utctime") return new _DERUTCTime(param[key]); + if (key == "gentime") return new _DERGeneralizedTime(param[key]); if (key == "seq") { var paramList = param[key]; var a = []; for (var i = 0; i < paramList.length; i++) { - var asn1Obj = ns1.ASN1Util.newObject(paramList[i]); + var asn1Obj = _newObject(paramList[i]); a.push(asn1Obj); } - return new ns1.DERSequence({'array': a}); + return new _DERSequence({'array': a}); } if (key == "set") { var paramList = param[key]; var a = []; for (var i = 0; i < paramList.length; i++) { - var asn1Obj = ns1.ASN1Util.newObject(paramList[i]); + var asn1Obj = _newObject(paramList[i]); a.push(asn1Obj); } - return new ns1.DERSet({'array': a}); + return new _DERSet({'array': a}); } if (key == "tag") { var tagParam = param[key]; if (Object.prototype.toString.call(tagParam) === '[object Array]' && tagParam.length == 3) { - var obj = ns1.ASN1Util.newObject(tagParam[2]); - return new ns1.DERTaggedObject({tag: tagParam[0], explicit: tagParam[1], obj: obj}); + var obj = _newObject(tagParam[2]); + return new _DERTaggedObject({tag: tagParam[0], + explicit: tagParam[1], + obj: obj}); } else { var newParam = {}; if (tagParam.explicit !== undefined) @@ -267,8 +284,8 @@ KJUR.asn1.ASN1Util = new function() { newParam.tag = tagParam.tag; if (tagParam.obj === undefined) throw "obj shall be specified for 'tag'."; - newParam.obj = ns1.ASN1Util.newObject(tagParam.obj); - return new ns1.DERTaggedObject(newParam); + newParam.obj = _newObject(tagParam.obj); + return new _DERTaggedObject(newParam); } } }; diff --git a/src/asn1cades-1.0.js b/src/asn1cades-1.0.js index 319d9175..d111ab26 100755 --- a/src/asn1cades-1.0.js +++ b/src/asn1cades-1.0.js @@ -1,4 +1,4 @@ -/*! asn1cades-1.0.2.js (c) 2014-2017 Kenji Urushima | kjur.github.com/jsrsasign/license +/* asn1cades-1.0.3.js (c) 2014-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * asn1cades.js - ASN.1 DER encoder classes for RFC 5126 CAdES long term signature @@ -16,7 +16,7 @@ * @fileOverview * @name asn1cades-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 7.2.0 asn1cades 1.0.2 (2017-May-12) + * @version jsrsasign 7.2.1 asn1cades 1.0.3 (2017-Jun-03) * @since jsrsasign 4.7.0 * @license MIT License */ @@ -247,17 +247,22 @@ if (typeof KJUR.asn1.cades == "undefined" || !KJUR.asn1.cades) KJUR.asn1.cades = * utf8String UTF8String (SIZE (1..200)) } */ KJUR.asn1.cades.SignaturePolicyIdentifier = function(params) { - KJUR.asn1.cades.SignaturePolicyIdentifier.superclass.constructor.call(this); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, + _DERSequence = _KJUR_asn1.DERSequence, + _KJUR_asn1_cades = _KJUR_asn1.cades, + _OtherHashAlgAndValue = _KJUR_asn1_cades.OtherHashAlgAndValue; + + _KJUR_asn1_cades.SignaturePolicyIdentifier.superclass.constructor.call(this); this.attrTypeOid = "1.2.840.113549.1.9.16.2.15"; - var nA = KJUR.asn1; - var nC = KJUR.asn1.cades; - if (typeof params != "undefined") { + if (params !== undefined) { if (typeof params.oid == "string" && typeof params.hash == "object") { - var dOid = new nA.DERObjectIdentifier({oid: params.oid}); - var dHash = new nC.OtherHashAlgAndValue(params.hash); - var seq = new nA.DERSequence({array: [dOid, dHash]}); + var dOid = new _DERObjectIdentifier({oid: params.oid}); + var dHash = new _OtherHashAlgAndValue(params.hash); + var seq = new _DERSequence({array: [dOid, dHash]}); this.valueList = [seq]; } } @@ -281,23 +286,31 @@ YAHOO.lang.extend(KJUR.asn1.cades.SignaturePolicyIdentifier, *
*/ KJUR.asn1.cades.OtherHashAlgAndValue = function(params) { - KJUR.asn1.cades.OtherHashAlgAndValue.superclass.constructor.call(this); - var nA = KJUR.asn1; - var nX = KJUR.asn1.x509; + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERSequence = _KJUR_asn1.DERSequence, + _DEROctetString = _KJUR_asn1.DEROctetString, + _KJUR_asn1_x509 = _KJUR_asn1.x509, + _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, + _KJUR_asn1_cades = _KJUR_asn1.cades, + _OtherHashAlgAndValue = _KJUR_asn1_cades.OtherHashAlgAndValue; + + _OtherHashAlgAndValue.superclass.constructor.call(this); + this.dAlg = null; this.dHash = null; this.getEncodedHex = function() { - var seq = new nA.DERSequence({array: [this.dAlg, this.dHash]}); + var seq = new _DERSequence({array: [this.dAlg, this.dHash]}); this.hTLV = seq.getEncodedHex(); return this.hTLV; }; - if (typeof params != "undefined") { + if (params !== undefined) { if (typeof params.alg == "string" && typeof params.hash == "string") { - this.dAlg = new nX.AlgorithmIdentifier({name: params.alg}); - this.dHash = new nA.DEROctetString({hex: params.hash}); + this.dAlg = new _AlgorithmIdentifier({name: params.alg}); + this.dHash = new _DEROctetString({hex: params.hash}); } } }; @@ -318,29 +331,34 @@ YAHOO.lang.extend(KJUR.asn1.cades.OtherHashAlgAndValue, KJUR.asn1.ASN1Object); *
*/ KJUR.asn1.cades.SignatureTimeStamp = function(params) { - KJUR.asn1.cades.SignatureTimeStamp.superclass.constructor.call(this); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _ASN1Object = _KJUR_asn1.ASN1Object, + _KJUR_asn1_x509 = _KJUR_asn1.x509, + _KJUR_asn1_cades = _KJUR_asn1.cades; + + _KJUR_asn1_cades.SignatureTimeStamp.superclass.constructor.call(this); this.attrTypeOid = "1.2.840.113549.1.9.16.2.14"; this.tstHex = null; - var nA = KJUR.asn1; - if (typeof params != "undefined") { - if (typeof params.res != "undefined") { + if (params !== undefined) { + if (params.res !== undefined) { if (typeof params.res == "string" && params.res.match(/^[0-9A-Fa-f]+$/)) { - } else if (params.res instanceof KJUR.asn1.ASN1Object) { + } else if (params.res instanceof _ASN1Object) { } else { throw "res param shall be ASN1Object or hex string"; } } - if (typeof params.tst != "undefined") { + if (params.tst !== undefined) { if (typeof params.tst == "string" && params.tst.match(/^[0-9A-Fa-f]+$/)) { - var d = new nA.ASN1Object(); + var d = new _ASN1Object(); this.tstHex = params.tst; d.hTLV = this.tstHex; d.getEncodedHex(); this.valueList = [d]; - } else if (params.tst instanceof KJUR.asn1.ASN1Object) { + } else if (params.tst instanceof _ASN1Object) { } else { throw "tst param shall be ASN1Object or hex string"; } @@ -367,10 +385,12 @@ YAHOO.lang.extend(KJUR.asn1.cades.SignatureTimeStamp, * o = new KJUR.asn1.cades.CompleteCertificateRefs([certPEM1,certPEM2]); */ KJUR.asn1.cades.CompleteCertificateRefs = function(params) { - KJUR.asn1.cades.CompleteCertificateRefs.superclass.constructor.call(this); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _KJUR_asn1_cades = _KJUR_asn1.cades; + + _KJUR_asn1_cades.CompleteCertificateRefs.superclass.constructor.call(this); this.attrTypeOid = "1.2.840.113549.1.9.16.2.21"; - var nA = KJUR.asn1; - var nD = KJUR.asn1.cades; /** * set value by array @@ -384,12 +404,12 @@ KJUR.asn1.cades.CompleteCertificateRefs = function(params) { this.setByArray = function(a) { this.valueList = []; for (var i = 0; i < a.length; i++) { - var o = new nD.OtherCertID(a[i]); + var o = new _KJUR_asn1_cades.OtherCertID(a[i]); this.valueList.push(o); } }; - if (typeof params != "undefined") { + if (params !== undefined) { if (typeof params == "object" && typeof params.length == "number") { this.setByArray(params); @@ -417,10 +437,13 @@ YAHOO.lang.extend(KJUR.asn1.cades.CompleteCertificateRefs, * o = new KJUR.asn1.cades.OtherCertID({cert:certPEM, hasis: false}); */ KJUR.asn1.cades.OtherCertID = function(params) { - KJUR.asn1.cades.OtherCertID.superclass.constructor.call(this); - var nA = KJUR.asn1; - var nC = KJUR.asn1.cms; - var nD = KJUR.asn1.cades; + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _KJUR_asn1_cms = _KJUR_asn1.cms, + _KJUR_asn1_cades = _KJUR_asn1.cades; + + _KJUR_asn1_cades.OtherCertID.superclass.constructor.call(this); + this.hasIssuerSerial = true; this.dOtherCertHash = null; this.dIssuerSerial = null; @@ -438,9 +461,10 @@ KJUR.asn1.cades.OtherCertID = function(params) { * which depends on hasIssuerSerial flag. */ this.setByCertPEM = function(certPEM) { - this.dOtherCertHash = new nD.OtherHash(certPEM); + this.dOtherCertHash = new _KJUR_asn1_cades.OtherHash(certPEM); if (this.hasIssuerSerial) - this.dIssuerSerial = new nC.IssuerAndSerialNumber(certPEM); + this.dIssuerSerial = + new _KJUR_asn1_cms.IssuerAndSerialNumber(certPEM); }; this.getEncodedHex = function() { @@ -450,12 +474,12 @@ KJUR.asn1.cades.OtherCertID = function(params) { var a = [this.dOtherCertHash]; if (this.dIssuerSerial != null) a.push(this.dIssuerSerial); - var seq = new nA.DERSequence({array: a}); + var seq = new _KJUR_asn1.DERSequence({array: a}); this.hTLV = seq.getEncodedHex(); return this.hTLV; }; - if (typeof params != "undefined") { + if (params !== undefined) { if (typeof params == "string" && params.indexOf("-----BEGIN ") != -1) { this.setByCertPEM(params); @@ -492,9 +516,15 @@ YAHOO.lang.extend(KJUR.asn1.cades.OtherCertID, KJUR.asn1.ASN1Object); * o = new KJUR.asn1.cades.OtherHash({cert: certPEM}); */ KJUR.asn1.cades.OtherHash = function(params) { - KJUR.asn1.cades.OtherHash.superclass.constructor.call(this); - var nA = KJUR.asn1; - var nD = KJUR.asn1.cades; + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _KJUR_asn1_cms = _KJUR_asn1.cms, + _KJUR_asn1_cades = _KJUR_asn1.cades, + _OtherHashAlgAndValue = _KJUR_asn1_cades.OtherHashAlgAndValue, + _hashHex = _KJUR.crypto.Util.hashHex; + + _KJUR_asn1_cades.OtherHash.superclass.constructor.call(this); + this.alg = 'sha256'; this.dOtherHash = null; @@ -513,10 +543,10 @@ KJUR.asn1.cades.OtherHash = function(params) { this.setByCertPEM = function(certPEM) { if (certPEM.indexOf("-----BEGIN ") == -1) throw "certPEM not to seem PEM format"; - var hex = ASN1HEX.pemToHex(certPEM); - var hash = KJUR.crypto.Util.hashHex(hex, this.alg); + var hex = pemtohex(certPEM); + var hash = _hashHex(hex, this.alg); this.dOtherHash = - new nD.OtherHashAlgAndValue({alg: this.alg, hash: hash}); + new _OtherHashAlgAndValue({alg: this.alg, hash: hash}); }; this.getEncodedHex = function() { @@ -525,12 +555,12 @@ KJUR.asn1.cades.OtherHash = function(params) { return this.dOtherHash.getEncodedHex(); }; - if (typeof params != "undefined") { + if (params !== undefined) { if (typeof params == "string") { if (params.indexOf("-----BEGIN ") != -1) { this.setByCertPEM(params); } else if (params.match(/^[0-9A-Fa-f]+$/)) { - this.dOtherHash = new nA.DEROctetString({hex: params}); + this.dOtherHash = new _KJUR_asn1.DEROctetString({hex: params}); } else { throw "unsupported string value for params"; } @@ -540,7 +570,7 @@ KJUR.asn1.cades.OtherHash = function(params) { this.alg = params.alg; this.setByCertPEM(params.cert); } else { - this.dOtherHash = new nD.OtherHashAlgAndValue(params); + this.dOtherHash = new _OtherHashAlgAndValue(params); } } } @@ -590,15 +620,19 @@ KJUR.asn1.cades.CAdESUtil.addSigTS = function(dCMS, siIdx, sigTSHex) { * sd = info.obj; */ KJUR.asn1.cades.CAdESUtil.parseSignedDataForAddingUnsigned = function(hex) { - var _ASN1HEX = ASN1HEX; - var _getChildIdx = _ASN1HEX.getChildIdx; - var _getTLV = _ASN1HEX.getTLV; - var _getTLVbyList = _ASN1HEX.getTLVbyList; - var _getIdxbyList = _ASN1HEX.getIdxbyList; + var _ASN1HEX = ASN1HEX, + _getChildIdx = _ASN1HEX.getChildIdx, + _getTLV = _ASN1HEX.getTLV, + _getTLVbyList = _ASN1HEX.getTLVbyList, + _getIdxbyList = _ASN1HEX.getIdxbyList, + _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _ASN1Object = _KJUR_asn1.ASN1Object, + _KJUR_asn1_cms = _KJUR_asn1.cms, + _SignedData = _KJUR_asn1_cms.SignedData, + _KJUR_asn1_cades = _KJUR_asn1.cades, + _CAdESUtil = _KJUR_asn1_cades.CAdESUtil; - var nA = KJUR.asn1; - var nC = KJUR.asn1.cms; - var nU = KJUR.asn1.cades.CAdESUtil; var r = {}; // 1. not oid signed-data then error @@ -650,27 +684,27 @@ KJUR.asn1.cades.CAdESUtil.parseSignedDataForAddingUnsigned = function(hex) { for (var i = 0; i < aSIIndex.length; i++) { var iSI = aSIIndex[i]; - var pSI = nU.parseSignerInfoForAddingUnsigned(hex, iSI, i); + var pSI = _CAdESUtil.parseSignerInfoForAddingUnsigned(hex, iSI, i); r.si[i] = pSI; } // x. obj(SignedData) var tmp = null; - r.obj = new nC.SignedData(); + r.obj = new _SignedData(); - tmp = new nA.ASN1Object(); + tmp = new _ASN1Object(); tmp.hTLV = r.version; r.obj.dCMSVersion = tmp; - tmp = new nA.ASN1Object(); + tmp = new _ASN1Object(); tmp.hTLV = r.algs; r.obj.dDigestAlgs = tmp; - tmp = new nA.ASN1Object(); + tmp = new _ASN1Object(); tmp.hTLV = r.encapcontent; r.obj.dEncapContentInfo = tmp; - tmp = new nA.ASN1Object(); + tmp = new _ASN1Object(); tmp.hTLV = r.certs; r.obj.dCerts = tmp; @@ -710,13 +744,17 @@ KJUR.asn1.cades.CAdESUtil.parseSignedDataForAddingUnsigned = function(hex) { * for CAdES-T and not for CAdES-C. */ KJUR.asn1.cades.CAdESUtil.parseSignerInfoForAddingUnsigned = function(hex, iSI, nth) { - var _ASN1HEX = ASN1HEX; - var _getChildIdx = _ASN1HEX.getChildIdx; - var _getTLV = _ASN1HEX.getTLV; - var _getV = _ASN1HEX.getV; + var _ASN1HEX = ASN1HEX, + _getChildIdx = _ASN1HEX.getChildIdx, + _getTLV = _ASN1HEX.getTLV, + _getV = _ASN1HEX.getV, + _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _ASN1Object = _KJUR_asn1.ASN1Object, + _KJUR_asn1_cms = _KJUR_asn1.cms, + _AttributeList = _KJUR_asn1_cms.AttributeList, + _SignerInfo = _KJUR_asn1_cms.SignerInfo; - var nA = KJUR.asn1; - var nC = KJUR.asn1.cms; var r = {}; var aSIChildIdx = _getChildIdx(hex, iSI); //alert(aSIChildIdx.join("=")); @@ -751,33 +789,33 @@ KJUR.asn1.cades.CAdESUtil.parseSignerInfoForAddingUnsigned = function(hex, iSI, // 7. obj(SignerInfo) var tmp = null; - r.obj = new nC.SignerInfo(); + r.obj = new _SignerInfo(); - tmp = new nA.ASN1Object(); + tmp = new _ASN1Object(); tmp.hTLV = r.version; r.obj.dCMSVersion = tmp; - tmp = new nA.ASN1Object(); + tmp = new _ASN1Object(); tmp.hTLV = r.si; r.obj.dSignerIdentifier = tmp; - tmp = new nA.ASN1Object(); + tmp = new _ASN1Object(); tmp.hTLV = r.digalg; r.obj.dDigestAlgorithm = tmp; - tmp = new nA.ASN1Object(); + tmp = new _ASN1Object(); tmp.hTLV = r.sattrs; r.obj.dSignedAttrs = tmp; - tmp = new nA.ASN1Object(); + tmp = new _ASN1Object(); tmp.hTLV = r.sigalg; r.obj.dSigAlg = tmp; - tmp = new nA.ASN1Object(); + tmp = new _ASN1Object(); tmp.hTLV = r.sig; r.obj.dSig = tmp; - r.obj.dUnsignedAttrs = new nC.AttributeList(); + r.obj.dUnsignedAttrs = new _AttributeList(); return r; }; diff --git a/src/asn1cms-1.0.js b/src/asn1cms-1.0.js index 86183f03..d42136e8 100755 --- a/src/asn1cms-1.0.js +++ b/src/asn1cms-1.0.js @@ -1,4 +1,4 @@ -/*! asn1cms-1.0.3.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license +/* asn1cms-1.0.4.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * asn1cms.js - ASN.1 DER encoder classes for Cryptographic Message Syntax(CMS) @@ -16,7 +16,7 @@ * @fileOverview * @name asn1cms-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version 1.0.3 (2017-Jan-14) + * @version 1.0.4 (2017-May-30) * @since jsrsasign 4.2.4 * @license MIT License */ @@ -91,21 +91,24 @@ if (typeof KJUR.asn1.cms == "undefined" || !KJUR.asn1.cms) KJUR.asn1.cms = {}; *
*/ KJUR.asn1.cms.Attribute = function(params) { - KJUR.asn1.cms.Attribute.superclass.constructor.call(this); - var valueList = []; // array of values + var valueList = [], // array of values + _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1; + + _KJUR_asn1.cms.Attribute.superclass.constructor.call(this); this.getEncodedHex = function() { var attrTypeASN1, attrValueASN1, seq; - attrTypeASN1 = new KJUR.asn1.DERObjectIdentifier({"oid": this.attrTypeOid}); + attrTypeASN1 = new _KJUR_asn1.DERObjectIdentifier({"oid": this.attrTypeOid}); - attrValueASN1 = new KJUR.asn1.DERSet({"array": this.valueList}); + attrValueASN1 = new _KJUR_asn1.DERSet({"array": this.valueList}); try { attrValueASN1.getEncodedHex(); } catch (ex) { throw "fail valueSet.getEncodedHex in Attribute(1)/" + ex; } - seq = new KJUR.asn1.DERSequence({"array": [attrTypeASN1, attrValueASN1]}); + seq = new _KJUR_asn1.DERSequence({"array": [attrTypeASN1, attrValueASN1]}); try { this.hTLV = seq.getEncodedHex(); } catch (ex) { @@ -137,12 +140,16 @@ YAHOO.lang.extend(KJUR.asn1.cms.Attribute, KJUR.asn1.ASN1Object); * o = new KJUR.asn1.cms.ContentType({oid: '1.2.840.113549.1.9.16.1.4'}); */ KJUR.asn1.cms.ContentType = function(params) { - KJUR.asn1.cms.ContentType.superclass.constructor.call(this); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1; + + _KJUR_asn1.cms.ContentType.superclass.constructor.call(this); + this.attrTypeOid = "1.2.840.113549.1.9.3"; var contentTypeASN1 = null; if (typeof params != "undefined") { - var contentTypeASN1 = new KJUR.asn1.DERObjectIdentifier(params); + var contentTypeASN1 = new _KJUR_asn1.DERObjectIdentifier(params); this.valueList = [contentTypeASN1]; } }; @@ -167,20 +174,25 @@ YAHOO.lang.extend(KJUR.asn1.cms.ContentType, KJUR.asn1.cms.Attribute); * o = new KJUR.asn1.cms.MessageDigest({hex: 'a1a2a3a4...'}); */ KJUR.asn1.cms.MessageDigest = function(params) { - KJUR.asn1.cms.MessageDigest.superclass.constructor.call(this); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DEROctetString = _KJUR_asn1.DEROctetString, + _KJUR_asn1_cms = _KJUR_asn1.cms; + + _KJUR_asn1_cms.MessageDigest.superclass.constructor.call(this); this.attrTypeOid = "1.2.840.113549.1.9.4"; - if (typeof params != "undefined") { - if (params.eciObj instanceof KJUR.asn1.cms.EncapsulatedContentInfo && - typeof params.hashAlg == "string") { + if (params !== undefined) { + if (params.eciObj instanceof _KJUR_asn1_cms.EncapsulatedContentInfo && + typeof params.hashAlg === "string") { var dataHex = params.eciObj.eContentValueHex; var hashAlg = params.hashAlg; - var hashValueHex = KJUR.crypto.Util.hashHex(dataHex, hashAlg); - var dAttrValue1 = new KJUR.asn1.DEROctetString({hex: hashValueHex}); + var hashValueHex = _KJUR.crypto.Util.hashHex(dataHex, hashAlg); + var dAttrValue1 = new _DEROctetString({hex: hashValueHex}); dAttrValue1.getEncodedHex(); this.valueList = [dAttrValue1]; } else { - var dAttrValue1 = new KJUR.asn1.DEROctetString(params); + var dAttrValue1 = new _DEROctetString(params); dAttrValue1.getEncodedHex(); this.valueList = [dAttrValue1]; } @@ -213,11 +225,14 @@ YAHOO.lang.extend(KJUR.asn1.cms.MessageDigest, KJUR.asn1.cms.Attribute); * o = new KJUR.asn1.cms.SigningTime({str: '140517093800Z'}); // specified UTCTime */ KJUR.asn1.cms.SigningTime = function(params) { - KJUR.asn1.cms.SigningTime.superclass.constructor.call(this); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1; + + _KJUR_asn1.cms.SigningTime.superclass.constructor.call(this); this.attrTypeOid = "1.2.840.113549.1.9.5"; - if (typeof params != "undefined") { - var asn1 = new KJUR.asn1.x509.Time(params); + if (params !== undefined) { + var asn1 = new _KJUR_asn1.x509.Time(params); try { asn1.getEncodedHex(); } catch (ex) { @@ -255,34 +270,38 @@ YAHOO.lang.extend(KJUR.asn1.cms.SigningTime, KJUR.asn1.cms.Attribute); * o = new KJUR.asn1.cms.SigningCertificate({array: [certPEM]}); */ KJUR.asn1.cms.SigningCertificate = function(params) { - KJUR.asn1.cms.SigningCertificate.superclass.constructor.call(this); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERSequence = _KJUR_asn1.DERSequence, + _KJUR_asn1_cms = _KJUR_asn1.cms, + _KJUR_crypto = _KJUR.crypto; + + _KJUR_asn1_cms.SigningCertificate.superclass.constructor.call(this); this.attrTypeOid = "1.2.840.113549.1.9.16.2.12"; - var nA = KJUR.asn1; - var nC = KJUR.asn1.cms; - var nY = KJUR.crypto; this.setCerts = function(listPEM) { var list = []; for (var i = 0; i < listPEM.length; i++) { - var hex = ASN1HEX.pemToHex(listPEM[i]); - var certHashHex = nY.Util.hashHex(hex, 'sha1'); - var dCertHash = new nA.DEROctetString({hex: certHashHex}); + var hex = pemtohex(listPEM[i]); + var certHashHex = _KJUR.crypto.Util.hashHex(hex, 'sha1'); + var dCertHash = + new _KJUR_asn1.DEROctetString({hex: certHashHex}); dCertHash.getEncodedHex(); var dIssuerSerial = - new nC.IssuerAndSerialNumber({cert: listPEM[i]}); + new _KJUR_asn1_cms.IssuerAndSerialNumber({cert: listPEM[i]}); dIssuerSerial.getEncodedHex(); var dESSCertID = - new nA.DERSequence({array: [dCertHash, dIssuerSerial]}); + new _DERSequence({array: [dCertHash, dIssuerSerial]}); dESSCertID.getEncodedHex(); list.push(dESSCertID); } - var dValue = new nA.DERSequence({array: list}); + var dValue = new _DERSequence({array: list}); dValue.getEncodedHex(); this.valueList = [dValue]; }; - if (typeof params != "undefined") { + if (params !== undefined) { if (typeof params.array == "object") { this.setCerts(params.array); } @@ -324,44 +343,46 @@ YAHOO.lang.extend(KJUR.asn1.cms.SigningCertificate, KJUR.asn1.cms.Attribute); * hashAlg: 'sha512'}); */ KJUR.asn1.cms.SigningCertificateV2 = function(params) { - KJUR.asn1.cms.SigningCertificateV2.superclass.constructor.call(this); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERSequence = _KJUR_asn1.DERSequence, + _KJUR_asn1_x509 = _KJUR_asn1.x509, + _KJUR_asn1_cms = _KJUR_asn1.cms, + _KJUR_crypto = _KJUR.crypto; + + _KJUR_asn1_cms.SigningCertificateV2.superclass.constructor.call(this); this.attrTypeOid = "1.2.840.113549.1.9.16.2.47"; - var nA = KJUR.asn1; - var nX = KJUR.asn1.x509; - var nC = KJUR.asn1.cms; - var nY = KJUR.crypto; this.setCerts = function(listPEM, hashAlg) { var list = []; for (var i = 0; i < listPEM.length; i++) { - var hex = ASN1HEX.pemToHex(listPEM[i]); + var hex = pemtohex(listPEM[i]); var a = []; - if (hashAlg != "sha256") - a.push(new nX.AlgorithmIdentifier({name: hashAlg})); + if (hashAlg !== "sha256") + a.push(new _KJUR_asn1_x509.AlgorithmIdentifier({name: hashAlg})); - var certHashHex = nY.Util.hashHex(hex, hashAlg); - var dCertHash = new nA.DEROctetString({hex: certHashHex}); + var certHashHex = _KJUR_crypto.Util.hashHex(hex, hashAlg); + var dCertHash = new _KJUR_asn1.DEROctetString({hex: certHashHex}); dCertHash.getEncodedHex(); a.push(dCertHash); var dIssuerSerial = - new nC.IssuerAndSerialNumber({cert: listPEM[i]}); + new _KJUR_asn1_cms.IssuerAndSerialNumber({cert: listPEM[i]}); dIssuerSerial.getEncodedHex(); a.push(dIssuerSerial); - var dESSCertIDv2 = - new nA.DERSequence({array: a}); + var dESSCertIDv2 = new _DERSequence({array: a}); dESSCertIDv2.getEncodedHex(); list.push(dESSCertIDv2); } - var dValue = new nA.DERSequence({array: list}); + var dValue = new _DERSequence({array: list}); dValue.getEncodedHex(); this.valueList = [dValue]; }; - if (typeof params != "undefined") { + if (params !== undefined) { if (typeof params.array == "object") { var hashAlg = "sha256"; // sha2 default if (typeof params.hashAlg == "string") @@ -395,48 +416,54 @@ YAHOO.lang.extend(KJUR.asn1.cms.SigningCertificateV2, KJUR.asn1.cms.Attribute); * o = new KJUR.asn1.cms.IssuerAndSerialNumber(certPEM); // since 1.0.3 */ KJUR.asn1.cms.IssuerAndSerialNumber = function(params) { - KJUR.asn1.cms.IssuerAndSerialNumber.superclass.constructor.call(this); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERInteger = _KJUR_asn1.DERInteger, + _KJUR_asn1_cms = _KJUR_asn1.cms, + _KJUR_asn1_x509 = _KJUR_asn1.x509, + _X500Name = _KJUR_asn1_x509.X500Name, + _X509 = X509; + + _KJUR_asn1_cms.IssuerAndSerialNumber.superclass.constructor.call(this); var dIssuer = null; var dSerial = null; - var nA = KJUR.asn1; - var nX = nA.x509; /* * @since asn1cms 1.0.1 */ this.setByCertPEM = function(certPEM) { - var certHex = ASN1HEX.pemToHex(certPEM); - var x = new X509(); + var certHex = pemtohex(certPEM); + var x = new _X509(); x.hex = certHex; var issuerTLVHex = x.getIssuerHex(); - this.dIssuer = new nX.X500Name(); + this.dIssuer = new _X500Name(); this.dIssuer.hTLV = issuerTLVHex; var serialVHex = x.getSerialNumberHex(); - this.dSerial = new nA.DERInteger({hex: serialVHex}); + this.dSerial = new _DERInteger({hex: serialVHex}); }; this.getEncodedHex = function() { - var seq = new KJUR.asn1.DERSequence({"array": [this.dIssuer, - this.dSerial]}); + var seq = new _KJUR_asn1.DERSequence({"array": [this.dIssuer, + this.dSerial]}); this.hTLV = seq.getEncodedHex(); return this.hTLV; }; - if (typeof params != "undefined") { + if (params !== undefined) { if (typeof params == "string" && params.indexOf("-----BEGIN ") != -1) { this.setByCertPEM(params); } if (params.issuer && params.serial) { - if (params.issuer instanceof KJUR.asn1.x509.X500Name) { + if (params.issuer instanceof _X500Name) { this.dIssuer = params.issuer; } else { - this.dIssuer = new KJUR.asn1.x509.X500Name(params.issuer); + this.dIssuer = new _X500Name(params.issuer); } - if (params.serial instanceof KJUR.asn1.DERInteger) { + if (params.serial instanceof _DERInteger) { this.dSerial = params.serial; } else { - this.dSerial = new KJUR.asn1.DERInteger(params.serial); + this.dSerial = new _DERInteger(params.serial); } } if (typeof params.cert == "string") { @@ -470,12 +497,16 @@ YAHOO.lang.extend(KJUR.asn1.cms.IssuerAndSerialNumber, KJUR.asn1.ASN1Object); * hex = o.getEncodedHex(); // get hex encoded ASN.1 data */ KJUR.asn1.cms.AttributeList = function(params) { - KJUR.asn1.cms.AttributeList.superclass.constructor.call(this); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _KJUR_asn1_cms = _KJUR_asn1.cms; + + _KJUR_asn1_cms.AttributeList.superclass.constructor.call(this); this.list = new Array(); this.sortFlag = true; this.add = function(item) { - if (item instanceof KJUR.asn1.cms.Attribute) { + if (item instanceof _KJUR_asn1_cms.Attribute) { this.list.push(item); } }; @@ -492,13 +523,13 @@ KJUR.asn1.cms.AttributeList = function(params) { this.getEncodedHex = function() { if (typeof this.hTLV == "string") return this.hTLV; - var set = new KJUR.asn1.DERSet({array: this.list, - sortflag: this.sortFlag}); + var set = new _KJUR_asn1.DERSet({array: this.list, + sortflag: this.sortFlag}); this.hTLV = set.getEncodedHex(); return this.hTLV; }; - if (typeof params != "undefined") { + if (params !== undefined) { if (typeof params.sortflag != "undefined" && params.sortflag == false) this.sortFlag = false; @@ -533,18 +564,29 @@ YAHOO.lang.extend(KJUR.asn1.cms.AttributeList, KJUR.asn1.ASN1Object); * o.sign(privteKeyParam, "SHA1withRSA"); */ KJUR.asn1.cms.SignerInfo = function(params) { - KJUR.asn1.cms.SignerInfo.superclass.constructor.call(this); - var nA = KJUR.asn1; - var nC = KJUR.asn1.cms; - var nX = KJUR.asn1.x509; - - this.dCMSVersion = new nA.DERInteger({'int': 1}); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERTaggedObject = _KJUR_asn1.DERTaggedObject, + _KJUR_asn1_cms = _KJUR_asn1.cms, + _AttributeList = _KJUR_asn1_cms.AttributeList, + _ContentType = _KJUR_asn1_cms.ContentType, + _EncapsulatedContentInfo = _KJUR_asn1_cms.EncapsulatedContentInfo, + _MessageDigest = _KJUR_asn1_cms.MessageDigest, + _SignedData = _KJUR_asn1_cms.SignedData, + _KJUR_asn1_x509 = _KJUR_asn1.x509, + _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, + _KJUR_crypto = _KJUR.crypto, + _KEYUTIL = KEYUTIL; + + _KJUR_asn1_cms.SignerInfo.superclass.constructor.call(this); + + this.dCMSVersion = new _KJUR_asn1.DERInteger({'int': 1}); this.dSignerIdentifier = null; this.dDigestAlgorithm = null; - this.dSignedAttrs = new nC.AttributeList(); + this.dSignedAttrs = new _AttributeList(); this.dSigAlg = null; this.dSig = null; - this.dUnsignedAttrs = new nC.AttributeList(); + this.dUnsignedAttrs = new _AttributeList(); this.setSignerIdentifier = function(params) { if (typeof params == "string" && @@ -554,7 +596,7 @@ KJUR.asn1.cms.SignerInfo = function(params) { var certPEM = params; this.dSignerIdentifier = - new nC.IssuerAndSerialNumber({cert: params}); + new _KJUR_asn1_cms.IssuerAndSerialNumber({cert: params}); } }; @@ -585,36 +627,36 @@ KJUR.asn1.cms.SignerInfo = function(params) { * hashAlg: 'sha256'}); */ this.setForContentAndHash = function(params) { - if (typeof params != "undefined") { - if (params.eciObj instanceof KJUR.asn1.cms.EncapsulatedContentInfo) { - this.dSignedAttrs.add(new nC.ContentType({oid: '1.2.840.113549.1.7.1'})); - this.dSignedAttrs.add(new nC.MessageDigest({eciObj: params.eciObj, - hashAlg: params.hashAlg})); + if (params !== undefined) { + if (params.eciObj instanceof _EncapsulatedContentInfo) { + this.dSignedAttrs.add(new _ContentType({oid: '1.2.840.113549.1.7.1'})); + this.dSignedAttrs.add(new _MessageDigest({eciObj: params.eciObj, + hashAlg: params.hashAlg})); } - if (typeof params.sdObj != "undefined" && - params.sdObj instanceof KJUR.asn1.cms.SignedData) { + if (params.sdObj !== undefined && + params.sdObj instanceof _SignedData) { if (params.sdObj.digestAlgNameList.join(":").indexOf(params.hashAlg) == -1) { params.sdObj.digestAlgNameList.push(params.hashAlg); } } if (typeof params.hashAlg == "string") { - this.dDigestAlgorithm = new nX.AlgorithmIdentifier({name: params.hashAlg}); + this.dDigestAlgorithm = new _AlgorithmIdentifier({name: params.hashAlg}); } } }; this.sign = function(keyParam, sigAlg) { // set algorithm - this.dSigAlg = new nX.AlgorithmIdentifier({name: sigAlg}); + this.dSigAlg = new _AlgorithmIdentifier({name: sigAlg}); // set signature var data = this.dSignedAttrs.getEncodedHex(); - var prvKey = KEYUTIL.getKey(keyParam); - var sig = new KJUR.crypto.Signature({alg: sigAlg}); + var prvKey = _KEYUTIL.getKey(keyParam); + var sig = new _KJUR_crypto.Signature({alg: sigAlg}); sig.init(prvKey); sig.updateHex(data); var sigValHex = sig.sign(); - this.dSig = new nA.DEROctetString({hex: sigValHex}); + this.dSig = new _KJUR_asn1.DEROctetString({hex: sigValHex}); }; /* @@ -628,16 +670,16 @@ KJUR.asn1.cms.SignerInfo = function(params) { this.getEncodedHex = function() { //alert("sattrs.hTLV=" + this.dSignedAttrs.hTLV); - if (this.dSignedAttrs instanceof KJUR.asn1.cms.AttributeList && + if (this.dSignedAttrs instanceof _AttributeList && this.dSignedAttrs.length() == 0) { throw "SignedAttrs length = 0 (empty)"; } - var sa = new nA.DERTaggedObject({obj: this.dSignedAttrs, - tag: 'a0', explicit: false}); + var sa = new _DERTaggedObject({obj: this.dSignedAttrs, + tag: 'a0', explicit: false}); var ua = null;; if (this.dUnsignedAttrs.length() > 0) { - ua = new nA.DERTaggedObject({obj: this.dUnsignedAttrs, - tag: 'a1', explicit: false}); + ua = new _DERTaggedObject({obj: this.dUnsignedAttrs, + tag: 'a1', explicit: false}); } var items = [ @@ -650,7 +692,7 @@ KJUR.asn1.cms.SignerInfo = function(params) { ]; if (ua != null) items.push(ua); - var seq = new nA.DERSequence({array: items}); + var seq = new _KJUR_asn1.DERSequence({array: items}); this.hTLV = seq.getEncodedHex(); return this.hTLV; }; @@ -681,25 +723,31 @@ YAHOO.lang.extend(KJUR.asn1.cms.SignerInfo, KJUR.asn1.ASN1Object); * o.isDetached = true; // false as default */ KJUR.asn1.cms.EncapsulatedContentInfo = function(params) { - KJUR.asn1.cms.EncapsulatedContentInfo.superclass.constructor.call(this); - var nA = KJUR.asn1; - var nC = KJUR.asn1.cms; - var nX = KJUR.asn1.x509; - this.dEContentType = new nA.DERObjectIdentifier({name: 'data'}); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERTaggedObject = _KJUR_asn1.DERTaggedObject, + _DERSequence = _KJUR_asn1.DERSequence, + _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, + _DEROctetString = _KJUR_asn1.DEROctetString, + _KJUR_asn1_cms = _KJUR_asn1.cms; + + _KJUR_asn1_cms.EncapsulatedContentInfo.superclass.constructor.call(this); + + this.dEContentType = new _DERObjectIdentifier({name: 'data'}); this.dEContent = null; this.isDetached = false; this.eContentValueHex = null; this.setContentType = function(nameOrOid) { if (nameOrOid.match(/^[0-2][.][0-9.]+$/)) { - this.dEContentType = new nA.DERObjectIdentifier({oid: nameOrOid}); + this.dEContentType = new _DERObjectIdentifier({oid: nameOrOid}); } else { - this.dEContentType = new nA.DERObjectIdentifier({name: nameOrOid}); + this.dEContentType = new _DERObjectIdentifier({name: nameOrOid}); } }; this.setContentValue = function(params) { - if (typeof params != "undefined") { + if (params !== undefined) { if (typeof params.hex == "string") { this.eContentValueHex = params.hex; } else if (typeof params.str == "string") { @@ -721,14 +769,14 @@ KJUR.asn1.cms.EncapsulatedContentInfo = function(params) { throw "eContentValue not yet set"; } - var dValue = new nA.DEROctetString({hex: this.eContentValueHex}); - this.dEContent = new nA.DERTaggedObject({obj: dValue, - tag: 'a0', - explicit: true}); + var dValue = new _DEROctetString({hex: this.eContentValueHex}); + this.dEContent = new _DERTaggedObject({obj: dValue, + tag: 'a0', + explicit: true}); var a = [this.dEContentType]; if (! this.isDetached) a.push(this.dEContent); - var seq = new nA.DERSequence({array: a}); + var seq = new _DERSequence({array: a}); this.hTLV = seq.getEncodedHex(); return this.hTLV; }; @@ -758,30 +806,38 @@ YAHOO.lang.extend(KJUR.asn1.cms.EncapsulatedContentInfo, KJUR.asn1.ASN1Object); * o = new KJUR.asn1.cms.ContentInfo({type: 'data', obj: seq}); */ KJUR.asn1.cms.ContentInfo = function(params) { + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERTaggedObject = _KJUR_asn1.DERTaggedObject, + _DERSequence = _KJUR_asn1.DERSequence, + _KJUR_asn1_x509 = _KJUR_asn1.x509; + KJUR.asn1.cms.ContentInfo.superclass.constructor.call(this); - var nA = KJUR.asn1; - var nC = KJUR.asn1.cms; - var nX = KJUR.asn1.x509; this.dContentType = null; this.dContent = null; this.setContentType = function(params) { if (typeof params == "string") { - this.dContentType = nX.OID.name2obj(params); + this.dContentType = _KJUR_asn1_x509.OID.name2obj(params); } }; this.getEncodedHex = function() { - var dContent0 = new nA.DERTaggedObject({obj: this.dContent, tag: 'a0', explicit: true}); - var seq = new nA.DERSequence({array: [this.dContentType, dContent0]}); + var dContent0 = new _DERTaggedObject({obj: this.dContent, + tag: 'a0', + explicit: true}); + var seq = new _DERSequence({array: [this.dContentType, dContent0]}); this.hTLV = seq.getEncodedHex(); return this.hTLV; }; - if (typeof params != "undefined") { - if (params.type) this.setContentType(params.type); - if (params.obj && params.obj instanceof nA.ASN1Object) this.dContent = params.obj; + if (params !== undefined) { + if (params.type) + this.setContentType(params.type); + if (params.obj && + params.obj instanceof _KJUR_asn1.ASN1Object) + this.dContent = params.obj; } }; YAHOO.lang.extend(KJUR.asn1.cms.ContentInfo, KJUR.asn1.ASN1Object); @@ -822,23 +878,34 @@ YAHOO.lang.extend(KJUR.asn1.cms.ContentInfo, KJUR.asn1.ASN1Object); * hex = sd.getContentInfoEncodedHex(); */ KJUR.asn1.cms.SignedData = function(params) { + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _ASN1Object = _KJUR_asn1.ASN1Object, + _DERInteger = _KJUR_asn1.DERInteger, + _DERSet = _KJUR_asn1.DERSet, + _DERSequence = _KJUR_asn1.DERSequence, + _DERTaggedObject = _KJUR_asn1.DERTaggedObject, + _KJUR_asn1_cms = _KJUR_asn1.cms, + _EncapsulatedContentInfo = _KJUR_asn1_cms.EncapsulatedContentInfo, + _SignerInfo = _KJUR_asn1_cms.SignerInfo, + _ContentInfo = _KJUR_asn1_cms.ContentInfo, + _KJUR_asn1_x509 = _KJUR_asn1.x509, + _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier; + KJUR.asn1.cms.SignedData.superclass.constructor.call(this); - var nA = KJUR.asn1; - var nC = KJUR.asn1.cms; - var nX = KJUR.asn1.x509; - this.dCMSVersion = new nA.DERInteger({'int': 1}); + this.dCMSVersion = new _DERInteger({'int': 1}); this.dDigestAlgs = null; this.digestAlgNameList = []; - this.dEncapContentInfo = new nC.EncapsulatedContentInfo(); + this.dEncapContentInfo = new _EncapsulatedContentInfo(); this.dCerts = null; this.certificateList = []; this.crlList = []; - this.signerInfoList = [new nC.SignerInfo()]; + this.signerInfoList = [new _SignerInfo()]; this.addCertificatesByPEM = function(certPEM) { - var hex = ASN1HEX.pemToHex(certPEM); - var o = new nA.ASN1Object(); + var hex = pemtohex(certPEM); + var o = new _ASN1Object(); o.hTLV = hex; this.certificateList.push(o); }; @@ -850,10 +917,10 @@ KJUR.asn1.cms.SignedData = function(params) { var digestAlgList = []; for (var i = 0; i < this.digestAlgNameList.length; i++) { var name = this.digestAlgNameList[i]; - var o = new nX.AlgorithmIdentifier({name: name}); + var o = new _AlgorithmIdentifier({name: name}); digestAlgList.push(o); } - this.dDigestAlgs = new nA.DERSet({array: digestAlgList}); + this.dDigestAlgs = new _DERSet({array: digestAlgList}); } var a = [this.dCMSVersion, @@ -862,26 +929,26 @@ KJUR.asn1.cms.SignedData = function(params) { if (this.dCerts == null) { if (this.certificateList.length > 0) { - var o1 = new nA.DERSet({array: this.certificateList}); + var o1 = new _DERSet({array: this.certificateList}); this.dCerts - = new nA.DERTaggedObject({obj: o1, - tag: 'a0', - explicit: false}); + = new _DERTaggedObject({obj: o1, + tag: 'a0', + explicit: false}); } } if (this.dCerts != null) a.push(this.dCerts); - var dSignerInfos = new nA.DERSet({array: this.signerInfoList}); + var dSignerInfos = new _DERSet({array: this.signerInfoList}); a.push(dSignerInfos); - var seq = new nA.DERSequence({array: a}); + var seq = new _DERSequence({array: a}); this.hTLV = seq.getEncodedHex(); return this.hTLV; }; this.getContentInfo = function() { this.getEncodedHex(); - var ci = new nC.ContentInfo({type: 'signed-data', obj: this}); + var ci = new _ContentInfo({type: 'signed-data', obj: this}); return ci; }; @@ -892,9 +959,7 @@ KJUR.asn1.cms.SignedData = function(params) { }; this.getPEM = function() { - var hex = this.getContentInfoEncodedHex(); - var pem = nA.ASN1Util.getPEMStringFromHex(hex, "CMS"); - return pem; + return hextopem(this.getContentInfoEncodedHex(), "CMS"); }; }; YAHOO.lang.extend(KJUR.asn1.cms.SignedData, KJUR.asn1.ASN1Object); @@ -933,9 +998,18 @@ KJUR.asn1.cms.CMSUtil = new function() { * }); */ KJUR.asn1.cms.CMSUtil.newSignedData = function(param) { - var nC = KJUR.asn1.cms; - var nE = KJUR.asn1.cades; - var sd = new nC.SignedData(); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _KJUR_asn1_cms = _KJUR_asn1.cms, + _SignerInfo = _KJUR_asn1_cms.SignerInfo, + _SignedData = _KJUR_asn1_cms.SignedData, + _SigningTime = _KJUR_asn1_cms.SigningTime, + _SigningCertificate = _KJUR_asn1_cms.SigningCertificate, + _SigningCertificateV2 = _KJUR_asn1_cms.SigningCertificateV2, + _KJUR_asn1_cades = _KJUR_asn1.cades, + _SignaturePolicyIdentifier = _KJUR_asn1_cades.SignaturePolicyIdentifier; + + var sd = new _SignedData(); sd.dEncapContentInfo.setContentValue(param.content); @@ -948,29 +1022,29 @@ KJUR.asn1.cms.CMSUtil.newSignedData = function(param) { sd.signerInfoList = []; for (var i = 0; i < param.signerInfos.length; i++) { var siParam = param.signerInfos[i]; - var si = new nC.SignerInfo(); + var si = new _SignerInfo(); si.setSignerIdentifier(siParam.signerCert); - si.setForContentAndHash({sdObj: sd, - eciObj: sd.dEncapContentInfo, + si.setForContentAndHash({sdObj: sd, + eciObj: sd.dEncapContentInfo, hashAlg: siParam.hashAlg}); for (attrName in siParam.sAttr) { var attrParam = siParam.sAttr[attrName]; if (attrName == "SigningTime") { - var attr = new nC.SigningTime(attrParam); + var attr = new _SigningTime(attrParam); si.dSignedAttrs.add(attr); } if (attrName == "SigningCertificate") { - var attr = new nC.SigningCertificate(attrParam); + var attr = new _SigningCertificate(attrParam); si.dSignedAttrs.add(attr); } if (attrName == "SigningCertificateV2") { - var attr = new nC.SigningCertificateV2(attrParam); + var attr = new _SigningCertificateV2(attrParam); si.dSignedAttrs.add(attr); } if (attrName == "SignaturePolicyIdentifier") { - var attr = new nE.SignaturePolicyIdentifier(attrParam); + var attr = new _SignaturePolicyIdentifier(attrParam); si.dSignedAttrs.add(attr); } } diff --git a/src/asn1csr-1.0.js b/src/asn1csr-1.0.js index 1277d796..1a489252 100644 --- a/src/asn1csr-1.0.js +++ b/src/asn1csr-1.0.js @@ -1,4 +1,4 @@ -/*! asn1csr-1.0.4.js (c) 2015-2017 Kenji Urushima | kjur.github.com/jsrsasign/license +/* asn1csr-1.0.5.js (c) 2015-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * asn1csr.js - ASN.1 DER encoder classes for PKCS#10 CSR @@ -16,7 +16,7 @@ * @fileOverview * @name asn1csr-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 7.2.0 asn1csr 1.0.4 (2017-May-21) + * @version jsrsasign 7.2.1 asn1csr 1.0.5 (2017-Jun-03) * @since jsrsasign 4.9.0 * @license MIT License */ @@ -76,7 +76,15 @@ if (typeof KJUR.asn1.csr == "undefined" || !KJUR.asn1.csr) KJUR.asn1.csr = {}; * // attributes [0] Attributes{{ CRIAttributes }} } */ KJUR.asn1.csr.CertificationRequest = function(params) { - KJUR.asn1.csr.CertificationRequest.superclass.constructor.call(this); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERBitString = _KJUR_asn1.DERBitString, + _DERSequence = _KJUR_asn1.DERSequence, + _KJUR_asn1_csr = _KJUR_asn1.csr, + _KJUR_asn1_x509 = _KJUR_asn1.x509; + + _KJUR_asn1_csr.CertificationRequest.superclass.constructor.call(this); + var asn1CSRInfo = null; var asn1SignatureAlg = null; var asn1Sig = null; @@ -100,17 +108,17 @@ KJUR.asn1.csr.CertificationRequest = function(params) { if (this.prvKey == null) this.prvKey = prvKeyObj; this.asn1SignatureAlg = - new KJUR.asn1.x509.AlgorithmIdentifier({'name': sigAlgName}); + new _KJUR_asn1_x509.AlgorithmIdentifier({'name': sigAlgName}); - sig = new KJUR.crypto.Signature({'alg': sigAlgName}); + sig = new _KJUR.crypto.Signature({'alg': sigAlgName}); sig.initSign(this.prvKey); sig.updateHex(this.asn1CSRInfo.getEncodedHex()); this.hexSig = sig.sign(); - this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig}); - var seq = new KJUR.asn1.DERSequence({'array': [this.asn1CSRInfo, - this.asn1SignatureAlg, - this.asn1Sig]}); + this.asn1Sig = new _DERBitString({'hex': '00' + this.hexSig}); + var seq = new _DERSequence({'array': [this.asn1CSRInfo, + this.asn1SignatureAlg, + this.asn1Sig]}); this.hTLV = seq.getEncodedHex(); this.isModified = false; }; @@ -134,9 +142,7 @@ KJUR.asn1.csr.CertificationRequest = function(params) { * // -----END CERTIFICATE REQUEST----- */ this.getPEMString = function() { - var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(this.getEncodedHex(), - "CERTIFICATE REQUEST"); - return pem; + return hextopem(this.getEncodedHex(), "CERTIFICATE REQUEST"); }; this.getEncodedHex = function() { @@ -144,10 +150,8 @@ KJUR.asn1.csr.CertificationRequest = function(params) { throw "not signed yet"; }; - if (typeof params != "undefined") { - if (typeof params['csrinfo'] != "undefined") { - this.asn1CSRInfo = params['csrinfo']; - } + if (params !== undefined && params.csrinfo !== undefined) { + this.asn1CSRInfo = params.csrinfo; } }; YAHOO.lang.extend(KJUR.asn1.csr.CertificationRequest, KJUR.asn1.ASN1Object); @@ -175,12 +179,26 @@ YAHOO.lang.extend(KJUR.asn1.csr.CertificationRequest, KJUR.asn1.ASN1Object); * csri.setSubjectPublicKeyByGetKey(pubKeyObj); */ KJUR.asn1.csr.CertificationRequestInfo = function(params) { - KJUR.asn1.csr.CertificationRequestInfo.superclass.constructor.call(this); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERInteger = _KJUR_asn1.DERInteger, + _DERSequence = _KJUR_asn1.DERSequence, + _DERSet = _KJUR_asn1.DERSet, + _DERNull = _KJUR_asn1.DERNull, + _DERTaggedObject = _KJUR_asn1.DERTaggedObject, + _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, + _KJUR_asn1_csr = _KJUR_asn1.csr, + _KJUR_asn1_x509 = _KJUR_asn1.x509, + _X500Name = _KJUR_asn1_x509.X500Name, + _Extension = _KJUR_asn1_x509.Extension, + _KEYUTIL = KEYUTIL; + + _KJUR_asn1_csr.CertificationRequestInfo.superclass.constructor.call(this); this._initialize = function() { this.asn1Array = new Array(); - this.asn1Version = new KJUR.asn1.DERInteger({'int': 0}); + this.asn1Version = new _DERInteger({'int': 0}); this.asn1Subject = null; this.asn1SubjPKey = null; this.extensionsArray = new Array(); @@ -198,7 +216,7 @@ KJUR.asn1.csr.CertificationRequestInfo = function(params) { * @see KJUR.asn1.x509.X500Name */ this.setSubjectByParam = function(x500NameParam) { - this.asn1Subject = new KJUR.asn1.x509.X500Name(x500NameParam); + this.asn1Subject = new _X500Name(x500NameParam); }; /** @@ -216,8 +234,9 @@ KJUR.asn1.csr.CertificationRequestInfo = function(params) { * @see KEYUTIL.getKey */ this.setSubjectPublicKeyByGetKey = function(keyParam) { - var keyObj = KEYUTIL.getKey(keyParam); - this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObj); + var keyObj = _KEYUTIL.getKey(keyParam); + this.asn1SubjPKey = + new _KJUR_asn1_x509.SubjectPublicKeyInfo(keyObj); }; /** @@ -239,9 +258,9 @@ KJUR.asn1.csr.CertificationRequestInfo = function(params) { * o.appendExtensionByName('AuthorityInfoAccess', {array: [{accessMethod:{oid:...},accessLocation:{uri:...}}]}); */ this.appendExtensionByName = function(name, extParams) { - KJUR.asn1.x509.Extension.appendByNameToArray(name, - extParams, - this.extensionsArray); + _Extension.appendByNameToArray(name, + extParams, + this.extensionsArray); }; this.getEncodedHex = function() { @@ -253,28 +272,28 @@ KJUR.asn1.csr.CertificationRequestInfo = function(params) { // extensionRequest if (this.extensionsArray.length > 0) { - var extSeq = new KJUR.asn1.DERSequence({array: this.extensionsArray}); - var extSet = new KJUR.asn1.DERSet({array: [extSeq]}); - var extSeq2 = new KJUR.asn1.DERSequence({array: [ - new KJUR.asn1.DERObjectIdentifier({oid: "1.2.840.113549.1.9.14"}), + var extSeq = new _DERSequence({array: this.extensionsArray}); + var extSet = new _DERSet({array: [extSeq]}); + var extSeq2 = new _DERSequence({array: [ + new _DERObjectIdentifier({oid: "1.2.840.113549.1.9.14"}), extSet ]}); - var extTagObj = new KJUR.asn1.DERTaggedObject({ + var extTagObj = new _DERTaggedObject({ explicit: true, tag: 'a0', obj: extSeq2 }); this.asn1Array.push(extTagObj); } else { - var extTagObj = new KJUR.asn1.DERTaggedObject({ + var extTagObj = new _DERTaggedObject({ explicit: false, tag: 'a0', - obj: new KJUR.asn1.DERNull() + obj: new _DERNull() }); this.asn1Array.push(extTagObj); } - var o = new KJUR.asn1.DERSequence({"array": this.asn1Array}); + var o = new _DERSequence({"array": this.asn1Array}); this.hTLV = o.getEncodedHex(); this.isModified = false; return this.hTLV; @@ -355,14 +374,15 @@ KJUR.asn1.csr.CSRUtil = new function() { * }); */ KJUR.asn1.csr.CSRUtil.newCSRPEM = function(param) { - var ns1 = KJUR.asn1.csr; + var _KEYUTIL = KEYUTIL, + _KJUR_asn1_csr = KJUR.asn1.csr; if (param.subject === undefined) throw "parameter subject undefined"; if (param.sbjpubkey === undefined) throw "parameter sbjpubkey undefined"; if (param.sigalg === undefined) throw "parameter sigalg undefined"; if (param.sbjprvkey === undefined) throw "parameter sbjpubkey undefined"; - var csri = new ns1.CertificationRequestInfo(); + var csri = new _KJUR_asn1_csr.CertificationRequestInfo(); csri.setSubjectByParam(param.subject); csri.setSubjectPublicKeyByGetKey(param.sbjpubkey); @@ -374,8 +394,8 @@ KJUR.asn1.csr.CSRUtil.newCSRPEM = function(param) { } } - var csr = new ns1.CertificationRequest({'csrinfo': csri}); - var prvKey = KEYUTIL.getKey(param.sbjprvkey); + var csr = new _KJUR_asn1_csr.CertificationRequest({'csrinfo': csri}); + var prvKey = _KEYUTIL.getKey(param.sbjprvkey); csr.sign(param.sigalg, prvKey); var pem = csr.getPEMString(); @@ -416,7 +436,7 @@ KJUR.asn1.csr.CSRUtil.getInfo = function(sPEM) { if (sPEM.indexOf("-----BEGIN CERTIFICATE REQUEST") == -1) throw "argument is not PEM file"; - var hex = ASN1HEX.pemToHex(sPEM, "CERTIFICATE REQUEST"); + var hex = pemtohex(sPEM, "CERTIFICATE REQUEST"); result.subject.hex = _getTLVbyList(hex, 0, [0, 1]); result.subject.name = X509.hex2dn(result.subject.hex); diff --git a/src/asn1hex-1.1.js b/src/asn1hex-1.1.js index d0328058..56582ab4 100644 --- a/src/asn1hex-1.1.js +++ b/src/asn1hex-1.1.js @@ -1,4 +1,4 @@ -/*! asn1hex-1.1.11.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license +/* asn1hex-1.1.12.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * asn1hex.js - Hexadecimal represented ASN.1 string library @@ -16,7 +16,7 @@ * @fileOverview * @name asn1hex-1.1.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version asn1hex 1.1.11 (2017-May-11) + * @version asn1hex 1.1.12 (2017-Jun-03) * @license MIT License */ @@ -658,7 +658,7 @@ ASN1HEX.hextooidstr = function(hex) { * INTEGER 01 * INTEGER 02 * // 5) ASN.1 DUMP FOR X.509 CERTIFICATE - * ASN1HEX.dump(ASN1HEX.pemToHex(certPEM)) + * ASN1HEX.dump(pemtohex(certPEM)) * ↓ * SEQUENCE * SEQUENCE @@ -876,7 +876,7 @@ ASN1HEX.oidname = function(oidDotOrHex) { }; /** - * get hexacedimal string from PEM format data
+ * (DEPRECATED) get hexacedimal string from PEM format data
* @name pemToHex * @memberOf ASN1HEX * @function @@ -884,6 +884,7 @@ ASN1HEX.oidname = function(oidDotOrHex) { * @param {String} sHead PEM header string without BEGIN/END(OPTION) * @return {String} hexadecimal string data of PEM contents * @since jsrsasign 7.0.1 asn1hex 1.1.9 + * @deprecated since jsrsasign 7.2.1 asn1hex 1.1.12. Please move to {@link pemtohex} * @description * This static method gets a hexacedimal string of contents * from PEM format data. You can explicitly specify PEM header @@ -899,17 +900,5 @@ ASN1HEX.oidname = function(oidDotOrHex) { * ASN1HEX.pemToHex(" \r\n-----BEGIN DSA PRIVATE KEY...") → "3082..." */ ASN1HEX.pemToHex = function(s, sHead) { - if (s.indexOf("-----BEGIN ") == -1) - throw "can't find PEM header: " + sHead; - - if (sHead !== undefined) { - s = s.replace("-----BEGIN " + sHead + "-----", ""); - s = s.replace("-----END " + sHead + "-----", ""); - } else { - s = s.replace(/-----BEGIN [^-]+-----/, ''); - s = s.replace(/-----END [^-]+-----/, ''); - } - var sB64 = s.replace(/\s+/g, ''); - var dataHex = b64tohex(sB64); - return dataHex; + return pemtohex(s, sHead); }; diff --git a/src/asn1ocsp-1.0.js b/src/asn1ocsp-1.0.js index 9a437b23..2cae2bd1 100755 --- a/src/asn1ocsp-1.0.js +++ b/src/asn1ocsp-1.0.js @@ -1,4 +1,4 @@ -/*! asn1ocsp-1.0.2.js (c) 2016 Kenji Urushima | kjur.github.com/jsrsasign/license +/* asn1ocsp-1.0.3.js (c) 2016 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * asn1ocsp.js - ASN.1 DER encoder classes for OCSP protocol @@ -16,7 +16,7 @@ * @fileOverview * @name asn1ocsp-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 7.2.0 asn1ocsp 1.0.2 (2017-May-12) + * @version jsrsasign 7.2.1 asn1ocsp 1.0.3 (2017-Jun-03) * @since jsrsasign 6.1.0 * @license MIT License */ @@ -84,9 +84,22 @@ KJUR.asn1.ocsp.DEFAULT_HASH = "sha1"; * o = new KJUR.asn1.ocsp.CertID({namehash: "1a...", keyhash: "ad...", serial: "1234", alg: "sha256"}); */ KJUR.asn1.ocsp.CertID = function(params) { - KJUR.asn1.ocsp.CertID.superclass.constructor.call(this); - var nA = KJUR.asn1; - var nX = KJUR.asn1.x509; + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DEROctetString = _KJUR_asn1.DEROctetString, + _DERInteger = _KJUR_asn1.DERInteger, + _DERSequence = _KJUR_asn1.DERSequence, + _KJUR_asn1_x509 = _KJUR_asn1.x509, + _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, + _KJUR_asn1_ocsp = _KJUR_asn1.ocsp, + _DEFAULT_HASH = _KJUR_asn1_ocsp.DEFAULT_HASH, + _KJUR_crypto = _KJUR.crypto, + _hashHex = _KJUR_crypto.Util.hashHex, + _X509 = X509, + _ASN1HEX = ASN1HEX; + + _KJUR_asn1_ocsp.CertID.superclass.constructor.call(this); + this.dHashAlg = null; this.dIssuerNameHash = null; this.dIssuerKeyHash = null; @@ -109,12 +122,11 @@ KJUR.asn1.ocsp.CertID = function(params) { */ this.setByValue = function(issuerNameHashHex, issuerKeyHashHex, serialNumberHex, algName) { - if (algName === undefined) - algName = KJUR.asn1.ocsp.DEFAULT_HASH; - this.dHashAlg = new nX.AlgorithmIdentifier({name: algName}); - this.dIssuerNameHash = new nA.DEROctetString({hex: issuerNameHashHex}); - this.dIssuerKeyHash = new nA.DEROctetString({hex: issuerKeyHashHex}); - this.dSerialNumber = new nA.DERInteger({hex: serialNumberHex}); + if (algName === undefined) algName = _DEFAULT_HASH; + this.dHashAlg = new _AlgorithmIdentifier({name: algName}); + this.dIssuerNameHash = new _DEROctetString({hex: issuerNameHashHex}); + this.dIssuerKeyHash = new _DEROctetString({hex: issuerKeyHashHex}); + this.dSerialNumber = new _DERInteger({hex: serialNumberHex}); }; /** @@ -132,19 +144,19 @@ KJUR.asn1.ocsp.CertID = function(params) { * o.setByCert("-----BEGIN...", "-----BEGIN...", "sha256"); */ this.setByCert = function(issuerCert, subjectCert, algName) { - if (algName === undefined) - algName = KJUR.asn1.ocsp.DEFAULT_HASH; + if (algName === undefined) algName = _DEFAULT_HASH; - var xSbj = new X509(); + var xSbj = new _X509(); xSbj.readCertPEM(subjectCert); - var xIss = new X509(); + var xIss = new _X509(); xIss.readCertPEM(issuerCert); - var kiPropIss = X509.getPublicKeyInfoPropOfCertPEM(issuerCert); - var issuerKeyHex = kiPropIss.keyhex; + + var hISS_SPKI = xIss.getPublicKeyHex(); + var issuerKeyHex = _ASN1HEX.getTLVbyList(hISS_SPKI, 0, [1, 0], "30"); var serialNumberHex = xSbj.getSerialNumberHex(); - var issuerNameHashHex = KJUR.crypto.Util.hashHex(xIss.getSubjectHex(), algName); - var issuerKeyHashHex = KJUR.crypto.Util.hashHex(issuerKeyHex, algName); + var issuerNameHashHex = _hashHex(xIss.getSubjectHex(), algName); + var issuerKeyHashHex = _hashHex(issuerKeyHex, algName); this.setByValue(issuerNameHashHex, issuerKeyHashHex, serialNumberHex, algName); this.hoge = xSbj.getSerialNumberHex(); @@ -159,23 +171,23 @@ KJUR.asn1.ocsp.CertID = function(params) { var a = [this.dHashAlg, this.dIssuerNameHash, this.dIssuerKeyHash, this.dSerialNumber]; - var seq = new nA.DERSequence({array: a}); + var seq = new _DERSequence({array: a}); this.hTLV = seq.getEncodedHex(); return this.hTLV; }; - if (typeof params !== "undefined") { + if (params !== undefined) { var p = params; - if (typeof p.issuerCert !== "undefined" && - typeof p.subjectCert !== "undefined") { - var alg = KJUR.asn1.ocsp.DEFAULT_HASH; - if (typeof p.alg === "undefined") alg = undefined; + if (p.issuerCert !== undefined && + p.subjectCert !== undefined) { + var alg = _DEFAULT_HASH; + if (p.alg === undefined) alg = undefined; this.setByCert(p.issuerCert, p.subjectCert, alg); - } else if (typeof p.namehash !== "undefined" && - typeof p.keyhash !== "undefined" && - typeof p.serial !== "undefined") { - var alg = KJUR.asn1.ocsp.DEFAULT_HASH; - if (typeof p.alg === "undefined") alg = undefined; + } else if (p.namehash !== undefined && + p.keyhash !== undefined && + p.serial !== undefined) { + var alg = _DEFAULT_HASH; + if (p.alg === undefined) alg = undefined; this.setByValue(p.namehash, p.keyhash, p.serial, alg); } else { throw "invalid constructor arguments"; @@ -211,7 +223,12 @@ YAHOO.lang.extend(KJUR.asn1.ocsp.CertID, KJUR.asn1.ASN1Object); * o = new KJUR.asn1.ocsp.Request({namehash: "1a...", keyhash: "ad...", serial: "1234", alg: "sha256"}); */ KJUR.asn1.ocsp.Request = function(params) { - KJUR.asn1.ocsp.Request.superclass.constructor.call(this); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERSequence = _KJUR_asn1.DERSequence, + _KJUR_asn1_ocsp = _KJUR_asn1.ocsp; + + _KJUR_asn1_ocsp.Request.superclass.constructor.call(this); this.dReqCert = null; this.dExt = null; @@ -226,13 +243,13 @@ KJUR.asn1.ocsp.Request = function(params) { // 2. singleRequestExtensions (not supported yet) // 3. construct SEQUENCE - var seq = new KJUR.asn1.DERSequence({array: a}); + var seq = new _DERSequence({array: a}); this.hTLV = seq.getEncodedHex(); return this.hTLV; }; if (typeof params !== "undefined") { - var o = new KJUR.asn1.ocsp.CertID(params); + var o = new _KJUR_asn1_ocsp.CertID(params); this.dReqCert = o; } }; @@ -265,7 +282,12 @@ YAHOO.lang.extend(KJUR.asn1.ocsp.Request, KJUR.asn1.ASN1Object); * ]}); */ KJUR.asn1.ocsp.TBSRequest = function(params) { - KJUR.asn1.ocsp.TBSRequest.superclass.constructor.call(this); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERSequence = _KJUR_asn1.DERSequence, + _KJUR_asn1_ocsp = _KJUR_asn1.ocsp; + + _KJUR_asn1_ocsp.TBSRequest.superclass.constructor.call(this); this.version = 0; this.dRequestorName = null; this.dRequestList = []; @@ -288,7 +310,7 @@ KJUR.asn1.ocsp.TBSRequest = function(params) { this.setRequestListByParam = function(aParams) { var a = []; for (var i = 0; i < aParams.length; i++) { - var dReq = new KJUR.asn1.ocsp.Request(aParams[0]); + var dReq = new _KJUR_asn1_ocsp.Request(aParams[0]); a.push(dReq); } this.dRequestList = a; @@ -307,7 +329,7 @@ KJUR.asn1.ocsp.TBSRequest = function(params) { // 3. requestList var seqRequestList = - new KJUR.asn1.DERSequence({array: this.dRequestList}); + new _DERSequence({array: this.dRequestList}); a.push(seqRequestList); // 4. requestExtensions @@ -315,13 +337,13 @@ KJUR.asn1.ocsp.TBSRequest = function(params) { throw "requestExtensions not supported"; // 5. construct SEQUENCE - var seq = new KJUR.asn1.DERSequence({array: a}); + var seq = new _DERSequence({array: a}); this.hTLV = seq.getEncodedHex(); return this.hTLV; }; - if (typeof params !== "undefined") { - if (typeof params.reqList !== "undefined") + if (params !== undefined) { + if (params.reqList !== undefined) this.setRequestListByParam(params.reqList); } }; @@ -354,7 +376,12 @@ YAHOO.lang.extend(KJUR.asn1.ocsp.TBSRequest, KJUR.asn1.ASN1Object); * ]}); */ KJUR.asn1.ocsp.OCSPRequest = function(params) { - KJUR.asn1.ocsp.OCSPRequest.superclass.constructor.call(this); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERSequence = _KJUR_asn1.DERSequence, + _KJUR_asn1_ocsp = _KJUR_asn1.ocsp; + + _KJUR_asn1_ocsp.OCSPRequest.superclass.constructor.call(this); this.dTbsRequest = null; this.dOptionalSignature = null; @@ -373,14 +400,14 @@ KJUR.asn1.ocsp.OCSPRequest = function(params) { throw "optionalSignature not supported"; // 3. construct SEQUENCE - var seq = new KJUR.asn1.DERSequence({array: a}); + var seq = new _DERSequence({array: a}); this.hTLV = seq.getEncodedHex(); return this.hTLV; }; - if (typeof params !== "undefined") { - if (typeof params.reqList !== "undefined") { - var o = new KJUR.asn1.ocsp.TBSRequest(params); + if (params !== undefined) { + if (params.reqList !== undefined) { + var o = new _KJUR_asn1_ocsp.TBSRequest(params); this.dTbsRequest = o; } } @@ -417,9 +444,13 @@ KJUR.asn1.ocsp.OCSPUtil = {}; * hReq = KJUR.asn1.ocsp.OCSPUtil.getRequestHex("-----BEGIN...", "-----BEGIN..."); */ KJUR.asn1.ocsp.OCSPUtil.getRequestHex = function(issuerCert, subjectCert, alg) { - if (alg === undefined) alg = KJUR.asn1.ocsp.DEFAULT_HASH; + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _KJUR_asn1_ocsp = _KJUR_asn1.ocsp; + + if (alg === undefined) alg = _KJUR_asn1_ocsp.DEFAULT_HASH; var param = {alg: alg, issuerCert: issuerCert, subjectCert: subjectCert}; - var o = new KJUR.asn1.ocsp.OCSPRequest({reqList: [param]}); + var o = new _KJUR_asn1_ocsp.OCSPRequest({reqList: [param]}); return o.getEncodedHex(); }; diff --git a/src/asn1tsp-1.0.js b/src/asn1tsp-1.0.js index 70631743..902a0042 100755 --- a/src/asn1tsp-1.0.js +++ b/src/asn1tsp-1.0.js @@ -1,4 +1,4 @@ -/*! asn1tsp-1.0.2.js (c) 2014-2017 Kenji Urushima | kjur.github.com/jsrsasign/license +/* asn1tsp-1.0.3.js (c) 2014-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * asn1tsp.js - ASN.1 DER encoder classes for RFC 3161 Time Stamp Protocol @@ -16,7 +16,7 @@ * @fileOverview * @name asn1tsp-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 7.2.0 asn1tsp 1.0.2 (2017-May-12) + * @version jsrsasign 7.2.1 asn1tsp 1.0.3 (2017-Jun-03) * @since jsrsasign 4.5.1 * @license MIT License */ @@ -80,8 +80,14 @@ if (typeof KJUR.asn1.tsp == "undefined" || !KJUR.asn1.tsp) KJUR.asn1.tsp = {}; * micros: 500}); */ KJUR.asn1.tsp.Accuracy = function(params) { - KJUR.asn1.tsp.Accuracy.superclass.constructor.call(this); - var nA = KJUR.asn1; + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERInteger = _KJUR_asn1.DERInteger, + _DERSequence = _KJUR_asn1.DERSequence, + _DERTaggedObject = _KJUR_asn1.DERTaggedObject; + + _KJUR_asn1.tsp.Accuracy.superclass.constructor.call(this); + this.seconds = null; this.millis = null; this.micros = null; @@ -93,29 +99,29 @@ KJUR.asn1.tsp.Accuracy = function(params) { var a = []; if (this.seconds != null) { - dSeconds = new nA.DERInteger({'int': this.seconds}); + dSeconds = new _DERInteger({'int': this.seconds}); a.push(dSeconds); } if (this.millis != null) { - var dMillis = new nA.DERInteger({'int': this.millis}); - dTagMillis = new nA.DERTaggedObject({obj: dMillis, - tag: '80', - explicit: false}); + var dMillis = new _DERInteger({'int': this.millis}); + dTagMillis = new _DERTaggedObject({obj: dMillis, + tag: '80', + explicit: false}); a.push(dTagMillis); } if (this.micros != null) { - var dMicros = new nA.DERInteger({'int': this.micros}); - dTagMicros = new nA.DERTaggedObject({obj: dMicros, - tag: '81', - explicit: false}); + var dMicros = new _DERInteger({'int': this.micros}); + dTagMicros = new _DERTaggedObject({obj: dMicros, + tag: '81', + explicit: false}); a.push(dTagMicros); } - var seq = new nA.DERSequence({array: a}); + var seq = new _DERSequence({array: a}); this.hTLV = seq.getEncodedHex(); return this.hTLV; }; - if (typeof params != "undefined") { + if (params !== undefined) { if (typeof params.seconds == "number") this.seconds = params.seconds; if (typeof params.millis == "number") this.millis = params.millis; if (typeof params.micros == "number") this.micros = params.micros; @@ -141,25 +147,31 @@ YAHOO.lang.extend(KJUR.asn1.tsp.Accuracy, KJUR.asn1.ASN1Object); * hashValue: '1f3dea...'}); */ KJUR.asn1.tsp.MessageImprint = function(params) { - KJUR.asn1.tsp.MessageImprint.superclass.constructor.call(this); - var nA = KJUR.asn1; - var nX = KJUR.asn1.x509; + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERSequence = _KJUR_asn1.DERSequence, + _DEROctetString = _KJUR_asn1.DEROctetString, + _KJUR_asn1_x509 = _KJUR_asn1.x509, + _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier; + + _KJUR_asn1.tsp.MessageImprint.superclass.constructor.call(this); + this.dHashAlg = null; this.dHashValue = null; this.getEncodedHex = function() { if (typeof this.hTLV == "string") return this.hTLV; var seq = - new nA.DERSequence({array: [this.dHashAlg, this.dHashValue]}); + new _DERSequence({array: [this.dHashAlg, this.dHashValue]}); return seq.getEncodedHex(); }; - if (typeof params != "undefined") { + if (params !== undefined) { if (typeof params.hashAlg == "string") { - this.dHashAlg = new nX.AlgorithmIdentifier({name: params.hashAlg}); + this.dHashAlg = new _AlgorithmIdentifier({name: params.hashAlg}); } if (typeof params.hashValue == "string") { - this.dHashValue = new nA.DEROctetString({hex: params.hashValue}); + this.dHashValue = new _DEROctetString({hex: params.hashValue}); } } }; @@ -184,22 +196,30 @@ YAHOO.lang.extend(KJUR.asn1.tsp.MessageImprint, KJUR.asn1.ASN1Object); *
*/ KJUR.asn1.tsp.TimeStampReq = function(params) { - KJUR.asn1.tsp.TimeStampReq.superclass.constructor.call(this); - var nA = KJUR.asn1; - var nT = KJUR.asn1.tsp; - this.dVersion = new nA.DERInteger({'int': 1}); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERSequence = _KJUR_asn1.DERSequence, + _DERInteger = _KJUR_asn1.DERInteger, + _DERBoolean = _KJUR_asn1.DERBoolean, + _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, + _KJUR_asn1_tsp = _KJUR_asn1.tsp, + _MessageImprint = _KJUR_asn1_tsp.MessageImprint; + + _KJUR_asn1_tsp.TimeStampReq.superclass.constructor.call(this); + + this.dVersion = new _DERInteger({'int': 1}); this.dMessageImprint = null; this.dPolicy = null; this.dNonce = null; this.certReq = true; this.setMessageImprint = function(params) { - if (params instanceof KJUR.asn1.tsp.MessageImprint) { + if (params instanceof _MessageImprint) { this.dMessageImprint = params; return; } if (typeof params == "object") { - this.dMessageImprint = new nT.MessageImprint(params); + this.dMessageImprint = new _MessageImprint(params); } }; @@ -210,22 +230,22 @@ KJUR.asn1.tsp.TimeStampReq = function(params) { var a = [this.dVersion, this.dMessageImprint]; if (this.dPolicy != null) a.push(this.dPolicy); if (this.dNonce != null) a.push(this.dNonce); - if (this.certReq) a.push(new nA.DERBoolean()); + if (this.certReq) a.push(new _DERBoolean()); - var seq = new nA.DERSequence({array: a}); + var seq = new _DERSequence({array: a}); this.hTLV = seq.getEncodedHex(); return this.hTLV; }; - if (typeof params != "undefined") { + if (params !== undefined) { if (typeof params.mi == "object") { this.setMessageImprint(params.mi); } if (typeof params.policy == "object") { - this.dPolicy = new nA.DERObjectIdentifier(params.policy); + this.dPolicy = new _DERObjectIdentifier(params.policy); } if (typeof params.nonce == "object") { - this.dNonce = new nA.DERInteger(params.nonce); + this.dNonce = new _DERInteger(params.nonce); } if (typeof params.certreq == "boolean") { this.certReq = params.certreq; @@ -267,12 +287,21 @@ YAHOO.lang.extend(KJUR.asn1.tsp.TimeStampReq, KJUR.asn1.ASN1Object); * }); */ KJUR.asn1.tsp.TSTInfo = function(params) { - KJUR.asn1.tsp.TSTInfo.superclass.constructor.call(this); - var nA = KJUR.asn1; - var nX = KJUR.asn1.x509; - var nT = KJUR.asn1.tsp; - - this.dVersion = new nA.DERInteger({'int': 1}); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERSequence = _KJUR_asn1.DERSequence, + _DERInteger = _KJUR_asn1.DERInteger, + _DERBoolean = _KJUR_asn1.DERBoolean, + _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime, + _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, + _KJUR_asn1_tsp = _KJUR_asn1.tsp, + _MessageImprint = _KJUR_asn1_tsp.MessageImprint, + _Accuracy = _KJUR_asn1_tsp.Accuracy, + _X500Name = _KJUR_asn1.x509.X500Name; + + _KJUR_asn1_tsp.TSTInfo.superclass.constructor.call(this); + + this.dVersion = new _DERInteger({'int': 1}); this.dPolicy = null; this.dMessageImprint = null; this.dSerialNumber = null; @@ -305,38 +334,38 @@ KJUR.asn1.tsp.TSTInfo = function(params) { if (this.dNonce != null) a.push(this.dNonce); if (this.dTsa != null) a.push(this.dTsa); - var seq = new nA.DERSequence({array: a}); + var seq = new _DERSequence({array: a}); this.hTLV = seq.getEncodedHex(); return this.hTLV; }; - if (typeof params != "undefined") { + if (params !== undefined) { if (typeof params.policy == "string") { if (! params.policy.match(/^[0-9.]+$/)) throw "policy shall be oid like 0.1.4.134"; - this.dPolicy = new nA.DERObjectIdentifier({oid: params.policy}); + this.dPolicy = new _DERObjectIdentifier({oid: params.policy}); } - if (typeof params.messageImprint != "undefined") { - this.dMessageImprint = new nT.MessageImprint(params.messageImprint); + if (params.messageImprint !== undefined) { + this.dMessageImprint = new _MessageImprint(params.messageImprint); } - if (typeof params.serialNumber != "undefined") { - this.dSerialNumber = new nA.DERInteger(params.serialNumber); + if (params.serialNumber !== undefined) { + this.dSerialNumber = new _DERInteger(params.serialNumber); } - if (typeof params.genTime != "undefined") { - this.dGenTime = new nA.DERGeneralizedTime(params.genTime); + if (params.genTime !== undefined) { + this.dGenTime = new _DERGeneralizedTime(params.genTime); } - if (typeof params.accuracy != "undefind") { - this.dAccuracy = new nT.Accuracy(params.accuracy); + if (params.accuracy !== undefined) { + this.dAccuracy = new _Accuracy(params.accuracy); } - if (typeof params.ordering != "undefined" && + if (params.ordering !== undefined && params.ordering == true) { - this.dOrdering = new nA.DERBoolean(); + this.dOrdering = new _DERBoolean(); } - if (typeof params.nonce != "undefined") { - this.dNonce = new nA.DERInteger(params.nonce); + if (params.nonce !== undefined) { + this.dNonce = new _DERInteger(params.nonce); } - if (typeof params.tsa != "undefined") { - this.dTsa = new nX.X500Name(params.tsa); + if (params.tsa !== undefined) { + this.dTsa = new _X500Name(params.tsa); } } }; @@ -357,9 +386,15 @@ YAHOO.lang.extend(KJUR.asn1.tsp.TSTInfo, KJUR.asn1.ASN1Object); *
*/ KJUR.asn1.tsp.TimeStampResp = function(params) { - KJUR.asn1.tsp.TimeStampResp.superclass.constructor.call(this); - var nA = KJUR.asn1; - var nT = KJUR.asn1.tsp; + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERSequence = _KJUR_asn1.DERSequence, + _ASN1Object = _KJUR_asn1.ASN1Object, + _KJUR_asn1_tsp = _KJUR_asn1.tsp, + _PKIStatusInfo = _KJUR_asn1_tsp.PKIStatusInfo; + + _KJUR_asn1_tsp.TimeStampResp.superclass.constructor.call(this); + this.dStatus = null; this.dTST = null; @@ -368,17 +403,17 @@ KJUR.asn1.tsp.TimeStampResp = function(params) { throw "status shall be specified"; var a = [this.dStatus]; if (this.dTST != null) a.push(this.dTST); - var seq = new nA.DERSequence({array: a}); + var seq = new _DERSequence({array: a}); this.hTLV = seq.getEncodedHex(); return this.hTLV; }; - if (typeof params != "undefined") { + if (params !== undefined) { if (typeof params.status == "object") { - this.dStatus = new nT.PKIStatusInfo(params.status); + this.dStatus = new _PKIStatusInfo(params.status); } - if (typeof params.tst != "undefined" && - params.tst instanceof KJUR.asn1.ASN1Object) { + if (params.tst !== undefined && + params.tst instanceof _ASN1Object) { this.dTST = params.tst.getContentInfo(); } } @@ -403,9 +438,16 @@ YAHOO.lang.extend(KJUR.asn1.tsp.TimeStampResp, KJUR.asn1.ASN1Object); *
*/ KJUR.asn1.tsp.PKIStatusInfo = function(params) { - KJUR.asn1.tsp.PKIStatusInfo.superclass.constructor.call(this); - var nA = KJUR.asn1; - var nT = KJUR.asn1.tsp; + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERSequence = _KJUR_asn1.DERSequence, + _KJUR_asn1_tsp = _KJUR_asn1.tsp, + _PKIStatus = _KJUR_asn1_tsp.PKIStatus, + _PKIFreeText = _KJUR_asn1_tsp.PKIFreeText, + _PKIFailureInfo = _KJUR_asn1_tsp.PKIFailureInfo; + + _KJUR_asn1_tsp.PKIStatusInfo.superclass.constructor.call(this); + this.dStatus = null; this.dStatusString = null; this.dFailureInfo = null; @@ -416,22 +458,22 @@ KJUR.asn1.tsp.PKIStatusInfo = function(params) { var a = [this.dStatus]; if (this.dStatusString != null) a.push(this.dStatusString); if (this.dFailureInfo != null) a.push(this.dFailureInfo); - var seq = new nA.DERSequence({array: a}); + var seq = new _DERSequence({array: a}); this.hTLV = seq.getEncodedHex(); return this.hTLV; }; - if (typeof params != "undefined") { + if (params !== undefined) { if (typeof params.status == "object") { // param for int - this.dStatus = new nT.PKIStatus(params.status); + this.dStatus = new _PKIStatus(params.status); } if (typeof params.statstr == "object") { // array of str this.dStatusString = - new nT.PKIFreeText({array: params.statstr}); + new _PKIFreeText({array: params.statstr}); } if (typeof params.failinfo == "object") { this.dFailureInfo = - new nT.PKIFailureInfo(params.failinfo); // param for bitstr + new _PKIFailureInfo(params.failinfo); // param for bitstr } }; }; @@ -456,9 +498,14 @@ YAHOO.lang.extend(KJUR.asn1.tsp.PKIStatusInfo, KJUR.asn1.ASN1Object); *
*/ KJUR.asn1.tsp.PKIStatus = function(params) { - KJUR.asn1.tsp.PKIStatus.superclass.constructor.call(this); - var nA = KJUR.asn1; - var nT = KJUR.asn1.tsp; + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERInteger = _KJUR_asn1.DERInteger, + _KJUR_asn1_tsp = _KJUR_asn1.tsp, + _PKIStatus = _KJUR_asn1_tsp.PKIStatus; + + _KJUR_asn1_tsp.PKIStatus.superclass.constructor.call(this); + var dStatus = null; this.getEncodedHex = function() { @@ -466,15 +513,15 @@ KJUR.asn1.tsp.PKIStatus = function(params) { return this.hTLV; }; - if (typeof params != "undefined") { - if (typeof params.name != "undefined") { - var list = nT.PKIStatus.valueList; - if (typeof list[params.name] == "undefined") + if (params !== undefined) { + if (params.name !== undefined) { + var list = _PKIStatus.valueList; + if (list[params.name] === undefined) throw "name undefined: " + params.name; this.dStatus = - new nA.DERInteger({'int': list[params.name]}); + new _DERInteger({'int': list[params.name]}); } else { - this.dStatus = new nA.DERInteger(params); + this.dStatus = new _DERInteger(params); } } }; @@ -503,21 +550,27 @@ KJUR.asn1.tsp.PKIStatus.valueList = { *
*/ KJUR.asn1.tsp.PKIFreeText = function(params) { - KJUR.asn1.tsp.PKIFreeText.superclass.constructor.call(this); - var nA = KJUR.asn1; + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERSequence = _KJUR_asn1.DERSequence, + _DERUTF8String = _KJUR_asn1.DERUTF8String, + _KJUR_asn1_tsp = _KJUR_asn1.tsp; + + _KJUR_asn1_tsp.PKIFreeText.superclass.constructor.call(this); + this.textList = []; this.getEncodedHex = function() { var a = []; for (var i = 0; i < this.textList.length; i++) { - a.push(new nA.DERUTF8String({str: this.textList[i]})); + a.push(new _DERUTF8String({str: this.textList[i]})); } - var seq = new nA.DERSequence({array: a}); + var seq = new _DERSequence({array: a}); this.hTLV = seq.getEncodedHex(); return this.hTLV; }; - if (typeof params != "undefined") { + if (params !== undefined) { if (typeof params.array == "object") { this.textList = params.array; } @@ -546,25 +599,30 @@ YAHOO.lang.extend(KJUR.asn1.tsp.PKIFreeText, KJUR.asn1.ASN1Object); *
*/ KJUR.asn1.tsp.PKIFailureInfo = function(params) { - KJUR.asn1.tsp.PKIFailureInfo.superclass.constructor.call(this); - var nA = KJUR.asn1; - var nT = KJUR.asn1.tsp; + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERBitString = _KJUR_asn1.DERBitString, + _KJUR_asn1_tsp = _KJUR_asn1.tsp, + _PKIFailureInfo = _KJUR_asn1_tsp.PKIFailureInfo; + + _PKIFailureInfo.superclass.constructor.call(this); + this.value = null; this.getEncodedHex = function() { if (this.value == null) throw "value shall be specified"; var binValue = new Number(this.value).toString(2); - var dValue = new nA.DERBitString(); + var dValue = new _DERBitString(); dValue.setByBinaryString(binValue); this.hTLV = dValue.getEncodedHex(); return this.hTLV; }; - if (typeof params != "undefined") { + if (params !== undefined) { if (typeof params.name == "string") { - var list = nT.PKIFailureInfo.valueList; - if (typeof list[params.name] == "undefined") + var list = _PKIFailureInfo.valueList; + if (list[params.name] === undefined) throw "name undefined: " + params.name; this.value = list[params.name]; } else if (typeof params['int'] == "number") { @@ -610,13 +668,18 @@ KJUR.asn1.tsp.AbstractTSAAdapter = function(params) { * @description */ KJUR.asn1.tsp.SimpleTSAAdapter = function(initParams) { - KJUR.asn1.tsp.SimpleTSAAdapter.superclass.constructor.call(this); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _KJUR_asn1_tsp = _KJUR_asn1.tsp, + _hashHex = _KJUR.crypto.Util.hashHex; + + _KJUR_asn1_tsp.SimpleTSAAdapter.superclass.constructor.call(this); this.params = null; this.serial = 0; this.getTSTHex = function(msgHex, hashAlg) { // messageImprint - var hashHex = KJUR.crypto.Util.hashHex(msgHex, hashAlg); + var hashHex = _hashHex(msgHex, hashAlg); this.params.tstInfo.messageImprint = {hashAlg: hashAlg, hashValue: hashHex}; @@ -628,11 +691,11 @@ KJUR.asn1.tsp.SimpleTSAAdapter = function(initParams) { this.params.tstInfo.nonce = {'int': nonceValue}; var obj = - KJUR.asn1.tsp.TSPUtil.newTimeStampToken(this.params); + _KJUR_asn1_tsp.TSPUtil.newTimeStampToken(this.params); return obj.getContentInfoEncodedHex(); }; - if (typeof initParams != "undefined") { + if (initParams !== undefined) { this.params = initParams; } }; @@ -658,21 +721,26 @@ YAHOO.lang.extend(KJUR.asn1.tsp.SimpleTSAAdapter, * Those values are provided by initial parameters. */ KJUR.asn1.tsp.FixedTSAAdapter = function(initParams) { - KJUR.asn1.tsp.FixedTSAAdapter.superclass.constructor.call(this); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _KJUR_asn1_tsp = _KJUR_asn1.tsp, + _hashHex = _KJUR.crypto.Util.hashHex; //o + + _KJUR_asn1_tsp.FixedTSAAdapter.superclass.constructor.call(this); this.params = null; this.getTSTHex = function(msgHex, hashAlg) { // fixed serialNumber // fixed nonce - var hashHex = KJUR.crypto.Util.hashHex(msgHex, hashAlg); + var hashHex = _hashHex(msgHex, hashAlg); this.params.tstInfo.messageImprint = {hashAlg: hashAlg, hashValue: hashHex}; var obj = - KJUR.asn1.tsp.TSPUtil.newTimeStampToken(this.params); + _KJUR_asn1_tsp.TSPUtil.newTimeStampToken(this.params); return obj.getContentInfoEncodedHex(); }; - if (typeof initParams != "undefined") { + if (initParams !== undefined) { this.params = initParams; } }; @@ -699,11 +767,15 @@ KJUR.asn1.tsp.TSPUtil = new function() { * @example */ KJUR.asn1.tsp.TSPUtil.newTimeStampToken = function(param) { - var nC = KJUR.asn1.cms; - var nT = KJUR.asn1.tsp; - var sd = new nC.SignedData(); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _KJUR_asn1_cms = _KJUR_asn1.cms, + _KJUR_asn1_tsp = _KJUR_asn1.tsp, + _TSTInfo = _KJUR_asn1.tsp.TSTInfo; + + var sd = new _KJUR_asn1_cms.SignedData(); - var dTSTInfo = new nT.TSTInfo(param.tstInfo); + var dTSTInfo = new _TSTInfo(param.tstInfo); var tstInfoHex = dTSTInfo.getEncodedHex(); sd.dEncapContentInfo.setContentValue({hex: tstInfoHex}); sd.dEncapContentInfo.setContentType('tstinfo'); @@ -720,7 +792,7 @@ KJUR.asn1.tsp.TSPUtil.newTimeStampToken = function(param) { eciObj: sd.dEncapContentInfo, hashAlg: param.hashAlg}); var signingCertificate = - new nC.SigningCertificate({array: [param.signerCert]}); + new _KJUR_asn1_cms.SigningCertificate({array: [param.signerCert]}); si.dSignedAttrs.add(signingCertificate); si.sign(param.signerPrvKey, param.sigAlg); diff --git a/src/asn1x509-1.0.js b/src/asn1x509-1.0.js index aab7dc79..2f59103c 100644 --- a/src/asn1x509-1.0.js +++ b/src/asn1x509-1.0.js @@ -1,4 +1,4 @@ -/*! asn1x509-1.0.23.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license +/* asn1x509-1.0.24.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate @@ -16,7 +16,7 @@ * @fileOverview * @name asn1x509-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version 1.0.23 (2017-Apr-30) + * @version 1.0.24 (2017-May-28) * @since jsrsasign 2.1 * @license MIT License */ @@ -117,12 +117,17 @@ if (typeof KJUR.asn1.x509 == "undefined" || !KJUR.asn1.x509) KJUR.asn1.x509 = {} */ KJUR.asn1.x509.Certificate = function(params) { KJUR.asn1.x509.Certificate.superclass.constructor.call(this); - var asn1TBSCert = null; - var asn1SignatureAlg = null; - var asn1Sig = null; - var hexSig = null; - var prvKey = null; - var rsaPrvKey = null; // DEPRECATED + var asn1TBSCert = null, + asn1SignatureAlg = null, + asn1Sig = null, + hexSig = null, + prvKey = null, + rsaPrvKey = null, // DEPRECATED + _KJUR = KJUR, + _KJUR_crypto = _KJUR.crypto, + _KJUR_asn1 = _KJUR.asn1, + _DERSequence = _KJUR_asn1.DERSequence, + _DERBitString = _KJUR_asn1.DERBitString; /** * (DEPRECATED) set PKCS#5 encrypted RSA PEM private key as CA key @@ -165,11 +170,11 @@ KJUR.asn1.x509.Certificate = function(params) { sig.updateHex(this.asn1TBSCert.getEncodedHex()); this.hexSig = sig.sign(); - this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig}); + this.asn1Sig = new _DERBitString({'hex': '00' + this.hexSig}); - var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCert, - this.asn1SignatureAlg, - this.asn1Sig]}); + var seq = new _DERSequence({'array': [this.asn1TBSCert, + this.asn1SignatureAlg, + this.asn1Sig]}); this.hTLV = seq.getEncodedHex(); this.isModified = false; }; @@ -188,11 +193,11 @@ KJUR.asn1.x509.Certificate = function(params) { this.setSignatureHex = function(sigHex) { this.asn1SignatureAlg = this.asn1TBSCert.asn1SignatureAlg; this.hexSig = sigHex; - this.asn1Sig = new KJUR.asn1.DERBitString({'hex': '00' + this.hexSig}); + this.asn1Sig = new _DERBitString({'hex': '00' + this.hexSig}); - var seq = new KJUR.asn1.DERSequence({'array': [this.asn1TBSCert, - this.asn1SignatureAlg, - this.asn1Sig]}); + var seq = new _DERSequence({'array': [this.asn1TBSCert, + this.asn1SignatureAlg, + this.asn1Sig]}); this.hTLV = seq.getEncodedHex(); this.isModified = false; }; @@ -215,11 +220,10 @@ KJUR.asn1.x509.Certificate = function(params) { * var sPEM = cert.getPEMString(); */ this.getPEMString = function() { - var hCert = this.getEncodedHex(); - var wCert = CryptoJS.enc.Hex.parse(hCert); - var b64Cert = CryptoJS.enc.Base64.stringify(wCert); - var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n"); - return "-----BEGIN CERTIFICATE-----\r\n" + pemBody + "\r\n-----END CERTIFICATE-----\r\n"; + var pemBody = hextob64nl(this.getEncodedHex()); + return "-----BEGIN CERTIFICATE-----\r\n" + + pemBody + + "\r\n-----END CERTIFICATE-----\r\n"; }; if (params !== undefined) { @@ -262,11 +266,21 @@ YAHOO.lang.extend(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object); KJUR.asn1.x509.TBSCertificate = function(params) { KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERSequence = _KJUR_asn1.DERSequence, + _DERInteger = _KJUR_asn1.DERInteger, + _DERTaggedObject = _KJUR_asn1.DERTaggedObject, + _KJUR_asn1_x509 = _KJUR_asn1.x509, + _Time = _KJUR_asn1_x509.Time, + _X500Name = _KJUR_asn1_x509.X500Name, + _SubjectPublicKeyInfo = _KJUR_asn1_x509.SubjectPublicKeyInfo; + this._initialize = function() { this.asn1Array = new Array(); this.asn1Version = - new KJUR.asn1.DERTaggedObject({'obj': new KJUR.asn1.DERInteger({'int': 2})}); + new _DERTaggedObject({'obj': new _DERInteger({'int': 2})}); this.asn1SerialNumber = null; this.asn1SignatureAlg = null; this.asn1Issuer = null; @@ -288,7 +302,7 @@ KJUR.asn1.x509.TBSCertificate = function(params) { * tbsc.setSerialNumberByParam({'int': 3}); */ this.setSerialNumberByParam = function(intParam) { - this.asn1SerialNumber = new KJUR.asn1.DERInteger(intParam); + this.asn1SerialNumber = new _DERInteger(intParam); }; /** @@ -302,7 +316,7 @@ KJUR.asn1.x509.TBSCertificate = function(params) { * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'}); */ this.setSignatureAlgByParam = function(algIdParam) { - this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam); + this.asn1SignatureAlg = new _KJUR_asn1_x509.AlgorithmIdentifier(algIdParam); }; /** @@ -317,7 +331,7 @@ KJUR.asn1.x509.TBSCertificate = function(params) { * @see KJUR.asn1.x509.X500Name */ this.setIssuerByParam = function(x500NameParam) { - this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam); + this.asn1Issuer = new _X500Name(x500NameParam); }; /** @@ -332,7 +346,7 @@ KJUR.asn1.x509.TBSCertificate = function(params) { * @see KJUR.asn1.x509.Time */ this.setNotBeforeByParam = function(timeParam) { - this.asn1NotBefore = new KJUR.asn1.x509.Time(timeParam); + this.asn1NotBefore = new _Time(timeParam); }; /** @@ -347,7 +361,7 @@ KJUR.asn1.x509.TBSCertificate = function(params) { * @see KJUR.asn1.x509.Time */ this.setNotAfterByParam = function(timeParam) { - this.asn1NotAfter = new KJUR.asn1.x509.Time(timeParam); + this.asn1NotAfter = new _Time(timeParam); }; /** @@ -362,7 +376,7 @@ KJUR.asn1.x509.TBSCertificate = function(params) { * @see KJUR.asn1.x509.X500Name */ this.setSubjectByParam = function(x500NameParam) { - this.asn1Subject = new KJUR.asn1.x509.X500Name(x500NameParam); + this.asn1Subject = new _X500Name(x500NameParam); }; /** @@ -378,7 +392,7 @@ KJUR.asn1.x509.TBSCertificate = function(params) { * @see KJUR.asn1.x509.SubjectPublicKeyInfo */ this.setSubjectPublicKeyByParam = function(subjPKeyParam) { - this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(subjPKeyParam); + this.asn1SubjPKey = new _SubjectPublicKeyInfo(subjPKeyParam); }; /** @@ -398,7 +412,7 @@ KJUR.asn1.x509.TBSCertificate = function(params) { */ this.setSubjectPublicKeyByGetKey = function(keyParam) { var keyObj = KEYUTIL.getKey(keyParam); - this.asn1SubjPKey = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObj); + this.asn1SubjPKey = new _SubjectPublicKeyInfo(keyObj); }; /** @@ -445,7 +459,7 @@ KJUR.asn1.x509.TBSCertificate = function(params) { if (this.asn1NotBefore == null || this.asn1NotAfter == null) throw "notBefore and/or notAfter not set"; var asn1Validity = - new KJUR.asn1.DERSequence({'array':[this.asn1NotBefore, this.asn1NotAfter]}); + new _DERSequence({'array':[this.asn1NotBefore, this.asn1NotAfter]}); this.asn1Array = new Array(); @@ -458,14 +472,14 @@ KJUR.asn1.x509.TBSCertificate = function(params) { this.asn1Array.push(this.asn1SubjPKey); if (this.extensionsArray.length > 0) { - var extSeq = new KJUR.asn1.DERSequence({"array": this.extensionsArray}); - var extTagObj = new KJUR.asn1.DERTaggedObject({'explicit': true, - 'tag': 'a3', - 'obj': extSeq}); + var extSeq = new _DERSequence({"array": this.extensionsArray}); + var extTagObj = new _DERTaggedObject({'explicit': true, + 'tag': 'a3', + 'obj': extSeq}); this.asn1Array.push(extTagObj); } - var o = new KJUR.asn1.DERSequence({"array": this.asn1Array}); + var o = new _DERSequence({"array": this.asn1Array}); this.hTLV = o.getEncodedHex(); this.isModified = false; return this.hTLV; @@ -494,19 +508,26 @@ YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate, KJUR.asn1.ASN1Object); */ KJUR.asn1.x509.Extension = function(params) { KJUR.asn1.x509.Extension.superclass.constructor.call(this); - var asn1ExtnValue = null; + var asn1ExtnValue = null, + _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, + _DEROctetString = _KJUR_asn1.DEROctetString, + _DERBitString = _KJUR_asn1.DERBitString, + _DERBoolean = _KJUR_asn1.DERBoolean, + _DERSequence = _KJUR_asn1.DERSequence; this.getEncodedHex = function() { - var asn1Oid = new KJUR.asn1.DERObjectIdentifier({'oid': this.oid}); + var asn1Oid = new _DERObjectIdentifier({'oid': this.oid}); var asn1EncapExtnValue = - new KJUR.asn1.DEROctetString({'hex': this.getExtnValueHex()}); + new _DEROctetString({'hex': this.getExtnValueHex()}); var asn1Array = new Array(); asn1Array.push(asn1Oid); - if (this.critical) asn1Array.push(new KJUR.asn1.DERBoolean()); + if (this.critical) asn1Array.push(new _DERBoolean()); asn1Array.push(asn1EncapExtnValue); - var asn1Seq = new KJUR.asn1.DERSequence({'array': asn1Array}); + var asn1Seq = new _DERSequence({'array': asn1Array}); return asn1Seq.getEncodedHex(); }; @@ -538,29 +559,32 @@ YAHOO.lang.extend(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object); * KJUR.asn1.x509.Extension.appendByNameToArray("KeyUsage", {'bin':'11'}, a); */ KJUR.asn1.x509.Extension.appendByNameToArray = function(name, extParams, a) { - if (name.toLowerCase() == "basicconstraints") { - var extObj = new KJUR.asn1.x509.BasicConstraints(extParams); + var _lowname = name.toLowerCase(), + _KJUR_asn1_x509 = KJUR.asn1.x509; + + if (_lowname == "basicconstraints") { + var extObj = new _KJUR_asn1_x509.BasicConstraints(extParams); a.push(extObj); - } else if (name.toLowerCase() == "keyusage") { - var extObj = new KJUR.asn1.x509.KeyUsage(extParams); + } else if (_lowname == "keyusage") { + var extObj = new _KJUR_asn1_x509.KeyUsage(extParams); a.push(extObj); - } else if (name.toLowerCase() == "crldistributionpoints") { - var extObj = new KJUR.asn1.x509.CRLDistributionPoints(extParams); + } else if (_lowname == "crldistributionpoints") { + var extObj = new _KJUR_asn1_x509.CRLDistributionPoints(extParams); a.push(extObj); - } else if (name.toLowerCase() == "extkeyusage") { - var extObj = new KJUR.asn1.x509.ExtKeyUsage(extParams); + } else if (_lowname == "extkeyusage") { + var extObj = new _KJUR_asn1_x509.ExtKeyUsage(extParams); a.push(extObj); - } else if (name.toLowerCase() == "authoritykeyidentifier") { - var extObj = new KJUR.asn1.x509.AuthorityKeyIdentifier(extParams); + } else if (_lowname == "authoritykeyidentifier") { + var extObj = new _KJUR_asn1_x509.AuthorityKeyIdentifier(extParams); a.push(extObj); - } else if (name.toLowerCase() == "authorityinfoaccess") { - var extObj = new KJUR.asn1.x509.AuthorityInfoAccess(extParams); + } else if (_lowname == "authorityinfoaccess") { + var extObj = new _KJUR_asn1_x509.AuthorityInfoAccess(extParams); a.push(extObj); - } else if (name.toLowerCase() == "subjectaltname") { - var extObj = new KJUR.asn1.x509.SubjectAltName(extParams); + } else if (_lowname == "subjectaltname") { + var extObj = new _KJUR_asn1_x509.SubjectAltName(extParams); a.push(extObj); - } else if (name.toLowerCase() == "issueraltname") { - var extObj = new KJUR.asn1.x509.IssuerAltName(extParams); + } else if (_lowname == "issueraltname") { + var extObj = new _KJUR_asn1_x509.IssuerAltName(extParams); a.push(extObj); } else { throw "unsupported extension name: " + name; @@ -666,19 +690,22 @@ YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension); */ KJUR.asn1.x509.CRLDistributionPoints = function(params) { KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _KJUR_asn1_x509 = _KJUR_asn1.x509; this.getExtnValueHex = function() { return this.asn1ExtnValue.getEncodedHex(); }; this.setByDPArray = function(dpArray) { - this.asn1ExtnValue = new KJUR.asn1.DERSequence({'array': dpArray}); + this.asn1ExtnValue = new _KJUR_asn1.DERSequence({'array': dpArray}); }; this.setByOneURI = function(uri) { - var gn1 = new KJUR.asn1.x509.GeneralNames([{'uri': uri}]); - var dpn1 = new KJUR.asn1.x509.DistributionPointName(gn1); - var dp1 = new KJUR.asn1.x509.DistributionPoint({'dpobj': dpn1}); + var gn1 = new _KJUR_asn1_x509.GeneralNames([{'uri': uri}]); + var dpn1 = new _KJUR_asn1_x509.DistributionPointName(gn1); + var dp1 = new _KJUR_asn1_x509.DistributionPoint({'dpobj': dpn1}); this.setByDPArray([dp1]); }; @@ -714,11 +741,13 @@ YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension */ KJUR.asn1.x509.ExtKeyUsage = function(params) { KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1; this.setPurposeArray = function(purposeArray) { - this.asn1ExtnValue = new KJUR.asn1.DERSequence(); + this.asn1ExtnValue = new _KJUR_asn1.DERSequence(); for (var i = 0; i < purposeArray.length; i++) { - var o = new KJUR.asn1.DERObjectIdentifier(purposeArray[i]); + var o = new _KJUR_asn1.DERObjectIdentifier(purposeArray[i]); this.asn1ExtnValue.appendASN1Object(o); } }; @@ -762,6 +791,10 @@ YAHOO.lang.extend(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension); */ KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) { KJUR.asn1.x509.AuthorityKeyIdentifier.superclass.constructor.call(this, params); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERTaggedObject = _KJUR_asn1.DERTaggedObject; + this.asn1KID = null; this.asn1CertIssuer = null; this.asn1CertSN = null; @@ -769,19 +802,19 @@ KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) { this.getExtnValueHex = function() { var a = new Array(); if (this.asn1KID) - a.push(new KJUR.asn1.DERTaggedObject({'explicit': false, - 'tag': '80', - 'obj': this.asn1KID})); + a.push(new _DERTaggedObject({'explicit': false, + 'tag': '80', + 'obj': this.asn1KID})); if (this.asn1CertIssuer) - a.push(new KJUR.asn1.DERTaggedObject({'explicit': false, - 'tag': 'a1', - 'obj': this.asn1CertIssuer})); + a.push(new _DERTaggedObject({'explicit': false, + 'tag': 'a1', + 'obj': this.asn1CertIssuer})); if (this.asn1CertSN) - a.push(new KJUR.asn1.DERTaggedObject({'explicit': false, - 'tag': '82', - 'obj': this.asn1CertSN})); + a.push(new _DERTaggedObject({'explicit': false, + 'tag': '82', + 'obj': this.asn1CertSN})); - var asn1Seq = new KJUR.asn1.DERSequence({'array': a}); + var asn1Seq = new _KJUR_asn1.DERSequence({'array': a}); this.asn1ExtnValue = asn1Seq; return this.asn1ExtnValue.getEncodedHex(); }; @@ -878,14 +911,18 @@ KJUR.asn1.x509.AuthorityInfoAccess = function(params) { KJUR.asn1.x509.AuthorityInfoAccess.superclass.constructor.call(this, params); this.setAccessDescriptionArray = function(accessDescriptionArray) { - var array = new Array(); + var array = new Array(), + _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERSequence = _KJUR_asn1.DERSequence; + for (var i = 0; i < accessDescriptionArray.length; i++) { - var o = new KJUR.asn1.DERObjectIdentifier(accessDescriptionArray[i].accessMethod); - var gn = new KJUR.asn1.x509.GeneralName(accessDescriptionArray[i].accessLocation); - var accessDescription = new KJUR.asn1.DERSequence({'array':[o, gn]}); + var o = new _KJUR_asn1.DERObjectIdentifier(accessDescriptionArray[i].accessMethod); + var gn = new _KJUR_asn1.x509.GeneralName(accessDescriptionArray[i].accessLocation); + var accessDescription = new _DERSequence({'array':[o, gn]}); array.push(accessDescription); } - this.asn1ExtnValue = new KJUR.asn1.DERSequence({'array':array}); + this.asn1ExtnValue = new _DERSequence({'array':array}); }; this.getExtnValueHex = function() { @@ -1040,11 +1077,11 @@ YAHOO.lang.extend(KJUR.asn1.x509.IssuerAltName, KJUR.asn1.x509.Extension); KJUR.asn1.x509.CRL = function(params) { KJUR.asn1.x509.CRL.superclass.constructor.call(this); - var asn1TBSCertList = null; - var asn1SignatureAlg = null; - var asn1Sig = null; - var hexSig = null; - var rsaPrvKey = null; + var asn1TBSCertList = null, + asn1SignatureAlg = null, + asn1Sig = null, + hexSig = null, + rsaPrvKey = null; /** * set PKCS#5 encrypted RSA PEM private key as CA key @@ -1110,11 +1147,10 @@ KJUR.asn1.x509.CRL = function(params) { * var sPEM = cert.getPEMString(); */ this.getPEMString = function() { - var hCert = this.getEncodedHex(); - var wCert = CryptoJS.enc.Hex.parse(hCert); - var b64Cert = CryptoJS.enc.Base64.stringify(wCert); - var pemBody = b64Cert.replace(/(.{64})/g, "$1\r\n"); - return "-----BEGIN X509 CRL-----\r\n" + pemBody + "\r\n-----END X509 CRL-----\r\n"; + var pemBody = hextob64nl(this.getEncodedHex()); + return "-----BEGIN X509 CRL-----\r\n" + + pemBody + + "\r\n-----END X509 CRL-----\r\n"; }; if (typeof params != "undefined") { @@ -1168,7 +1204,12 @@ YAHOO.lang.extend(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object); */ KJUR.asn1.x509.TBSCertList = function(params) { KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this); - var aRevokedCert = null; + var aRevokedCert = null, + _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERSequence = _KJUR_asn1.DERSequence, + _KJUR_asn1_x509 = _KJUR_asn1.x509, + _Time = _KJUR_asn1_x509.Time; /** * set signature algorithm field by parameter @@ -1181,7 +1222,8 @@ KJUR.asn1.x509.TBSCertList = function(params) { * tbsc.setSignatureAlgByParam({'name': 'SHA1withRSA'}); */ this.setSignatureAlgByParam = function(algIdParam) { - this.asn1SignatureAlg = new KJUR.asn1.x509.AlgorithmIdentifier(algIdParam); + this.asn1SignatureAlg = + new _KJUR_asn1_x509.AlgorithmIdentifier(algIdParam); }; /** @@ -1196,7 +1238,7 @@ KJUR.asn1.x509.TBSCertList = function(params) { * @see KJUR.asn1.x509.X500Name */ this.setIssuerByParam = function(x500NameParam) { - this.asn1Issuer = new KJUR.asn1.x509.X500Name(x500NameParam); + this.asn1Issuer = new _KJUR_asn1_x509.X500Name(x500NameParam); }; /** @@ -1211,7 +1253,7 @@ KJUR.asn1.x509.TBSCertList = function(params) { * @see KJUR.asn1.x509.Time */ this.setThisUpdateByParam = function(timeParam) { - this.asn1ThisUpdate = new KJUR.asn1.x509.Time(timeParam); + this.asn1ThisUpdate = new _Time(timeParam); }; /** @@ -1226,7 +1268,7 @@ KJUR.asn1.x509.TBSCertList = function(params) { * @see KJUR.asn1.x509.Time */ this.setNextUpdateByParam = function(timeParam) { - this.asn1NextUpdate = new KJUR.asn1.x509.Time(timeParam); + this.asn1NextUpdate = new _Time(timeParam); }; /** @@ -1243,9 +1285,11 @@ KJUR.asn1.x509.TBSCertList = function(params) { */ this.addRevokedCert = function(snParam, timeParam) { var param = {}; - if (snParam != undefined && snParam != null) param['sn'] = snParam; - if (timeParam != undefined && timeParam != null) param['time'] = timeParam; - var o = new KJUR.asn1.x509.CRLEntry(param); + if (snParam != undefined && snParam != null) + param['sn'] = snParam; + if (timeParam != undefined && timeParam != null) + param['time'] = timeParam; + var o = new _KJUR_asn1_x509.CRLEntry(param); this.aRevokedCert.push(o); }; @@ -1259,11 +1303,11 @@ KJUR.asn1.x509.TBSCertList = function(params) { if (this.asn1NextUpdate != null) this.asn1Array.push(this.asn1NextUpdate); if (this.aRevokedCert.length > 0) { - var seq = new KJUR.asn1.DERSequence({'array': this.aRevokedCert}); + var seq = new _DERSequence({'array': this.aRevokedCert}); this.asn1Array.push(seq); } - var o = new KJUR.asn1.DERSequence({"array": this.asn1Array}); + var o = new _DERSequence({"array": this.asn1Array}); this.hTLV = o.getEncodedHex(); this.isModified = false; return this.hTLV; @@ -1301,8 +1345,10 @@ YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object); */ KJUR.asn1.x509.CRLEntry = function(params) { KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this); - var sn = null; - var time = null; + var sn = null, + time = null, + _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1; /** * set DERInteger parameter for serial number of revoked certificate @@ -1315,7 +1361,7 @@ KJUR.asn1.x509.CRLEntry = function(params) { * entry.setCertSerial({'int': 3}); */ this.setCertSerial = function(intParam) { - this.sn = new KJUR.asn1.DERInteger(intParam); + this.sn = new _KJUR_asn1.DERInteger(intParam); }; /** @@ -1329,21 +1375,21 @@ KJUR.asn1.x509.CRLEntry = function(params) { * entry.setRevocationDate({'str': '130508235959Z'}); */ this.setRevocationDate = function(timeParam) { - this.time = new KJUR.asn1.x509.Time(timeParam); + this.time = new _KJUR_asn1.x509.Time(timeParam); }; this.getEncodedHex = function() { - var o = new KJUR.asn1.DERSequence({"array": [this.sn, this.time]}); + var o = new _KJUR_asn1.DERSequence({"array": [this.sn, this.time]}); this.TLV = o.getEncodedHex(); return this.TLV; }; - if (typeof params != "undefined") { - if (typeof params['time'] != "undefined") { - this.setRevocationDate(params['time']); + if (params !== undefined) { + if (params.time !== undefined) { + this.setRevocationDate(params.time); } - if (typeof params['sn'] != "undefined") { - this.setCertSerial(params['sn']); + if (params.sn !== undefined) { + this.setCertSerial(params.sn); } } }; @@ -1391,6 +1437,10 @@ YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object); KJUR.asn1.x509.X500Name = function(params) { KJUR.asn1.x509.X500Name.superclass.constructor.call(this); this.asn1Array = new Array(); + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _KJUR_asn1_x509 = _KJUR_asn1.x509, + _pemtohex = pemtohex; /** * set DN by OpenSSL oneline distinguished name string
@@ -1407,7 +1457,7 @@ KJUR.asn1.x509.X500Name = function(params) { var a = dnStr.split('/'); a.shift(); for (var i = 0; i < a.length; i++) { - this.asn1Array.push(new KJUR.asn1.x509.RDN({'str':a[i]})); + this.asn1Array.push(new _KJUR_asn1_x509.RDN({'str':a[i]})); } }; @@ -1424,7 +1474,7 @@ KJUR.asn1.x509.X500Name = function(params) { * name.setByLdapString("CN=foo@example.com,OU=bbb,O=aaa,C=US"); */ this.setByLdapString = function(dnStr) { - var oneline = KJUR.asn1.x509.X500Name.ldapToOneline(dnStr); + var oneline = _KJUR_asn1_x509.X500Name.ldapToOneline(dnStr); this.setByString(oneline); }; @@ -1455,7 +1505,7 @@ KJUR.asn1.x509.X500Name = function(params) { this.getEncodedHex = function() { if (typeof this.hTLV == "string") return this.hTLV; - var o = new KJUR.asn1.DERSequence({"array": this.asn1Array}); + var o = new _KJUR_asn1.DERSequence({"array": this.asn1Array}); this.hTLV = o.getEncodedHex(); return this.hTLV; }; @@ -1474,12 +1524,12 @@ KJUR.asn1.x509.X500Name = function(params) { if (params.certissuer !== undefined) { var x = new X509(); - x.hex = ASN1HEX.pemToHex(params.certissuer); + x.hex = _pemtohex(params.certissuer); this.hTLV = x.getIssuerHex(); } if (params.certsubject !== undefined) { var x = new X509(); - x.hex = ASN1HEX.pemToHex(params.certsubject); + x.hex = _pemtohex(params.certsubject); this.hTLV = x.getSubjectHex(); } } @@ -1728,9 +1778,11 @@ KJUR.asn1.x509.RDN.parseString = function(s) { */ KJUR.asn1.x509.AttributeTypeAndValue = function(params) { KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this); - var typeObj = null; - var valueObj = null; - var defaultDSType = "utf8"; + var typeObj = null, + valueObj = null, + defaultDSType = "utf8", + _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1; this.setByString = function(attrTypeAndValueStr) { var matchResult = attrTypeAndValueStr.match(/^([^=]+)=(.+)$/); @@ -1749,15 +1801,15 @@ KJUR.asn1.x509.AttributeTypeAndValue = function(params) { }; this.getValueObj = function(dsType, valueStr) { - if (dsType == "utf8") return new KJUR.asn1.DERUTF8String({"str": valueStr}); - if (dsType == "prn") return new KJUR.asn1.DERPrintableString({"str": valueStr}); - if (dsType == "tel") return new KJUR.asn1.DERTeletexString({"str": valueStr}); - if (dsType == "ia5") return new KJUR.asn1.DERIA5String({"str": valueStr}); + if (dsType == "utf8") return new _KJUR_asn1.DERUTF8String({"str": valueStr}); + if (dsType == "prn") return new _KJUR_asn1.DERPrintableString({"str": valueStr}); + if (dsType == "tel") return new _KJUR_asn1.DERTeletexString({"str": valueStr}); + if (dsType == "ia5") return new _KJUR_asn1.DERIA5String({"str": valueStr}); throw "unsupported directory string type: type=" + dsType + " value=" + valueStr; }; this.getEncodedHex = function() { - var o = new KJUR.asn1.DERSequence({"array": [this.typeObj, this.valueObj]}); + var o = new _KJUR_asn1.DERSequence({"array": [this.typeObj, this.valueObj]}); this.TLV = o.getEncodedHex(); return this.TLV; }; @@ -1801,9 +1853,21 @@ YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object); */ KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) { KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this); - var asn1AlgId = null; - var asn1SubjPKey = null; - var rsaKey = null; + var asn1AlgId = null, + asn1SubjPKey = null, + rsaKey = null, + _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERInteger = _KJUR_asn1.DERInteger, + _DERBitString = _KJUR_asn1.DERBitString, + _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, + _DERSequence = _KJUR_asn1.DERSequence, + _newObject = _KJUR_asn1.ASN1Util.newObject, + _KJUR_asn1_x509 = _KJUR_asn1.x509, + _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, + _KJUR_crypto = _KJUR.crypto, + _KJUR_crypto_ECDSA = _KJUR_crypto.ECDSA, + _KJUR_crypto_DSA = _KJUR_crypto.DSA; /** * (DEPRECATED) set RSAKey object as subject public key @@ -1820,12 +1884,12 @@ KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) { if (! RSAKey.prototype.isPrototypeOf(rsaKey)) throw "argument is not RSAKey instance"; this.rsaKey = rsaKey; - var asn1RsaN = new KJUR.asn1.DERInteger({'bigint': rsaKey.n}); - var asn1RsaE = new KJUR.asn1.DERInteger({'int': rsaKey.e}); - var asn1RsaPub = new KJUR.asn1.DERSequence({'array': [asn1RsaN, asn1RsaE]}); + var asn1RsaN = new _DERInteger({'bigint': rsaKey.n}); + var asn1RsaE = new _DERInteger({'int': rsaKey.e}); + var asn1RsaPub = new _KJUR_asn1.DERSequence({'array': [asn1RsaN, asn1RsaE]}); var rsaKeyHex = asn1RsaPub.getEncodedHex(); - this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'}); - this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex}); + this.asn1AlgId = new _KJUR_asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'}); + this.asn1SubjPKey = new _KJUR_asn1.DERBitString({'hex':'00'+rsaKeyHex}); }; /** @@ -1841,12 +1905,7 @@ KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) { */ this.setRSAPEM = function(rsaPubPEM) { if (rsaPubPEM.match(/-----BEGIN PUBLIC KEY-----/)) { - var s = rsaPubPEM; - s = s.replace(/^-----[^-]+-----/, ''); - s = s.replace(/-----[^-]+-----\s*$/, ''); - var rsaB64 = s.replace(/\s+/g, ''); - var rsaWA = CryptoJS.enc.Base64.parse(rsaB64); - var rsaP8Hex = CryptoJS.enc.Hex.stringify(rsaWA); + var rsaP8Hex = pemtohex(rsaPubPEM); var a = RSAKey.getHexValueArrayOfChildrenFromHex(rsaP8Hex); var hBitStrVal = a[1]; var rsaHex = hBitStrVal.substr(2); @@ -1865,8 +1924,8 @@ KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) { this.getASN1Object = function() { if (this.asn1AlgId == null || this.asn1SubjPKey == null) throw "algId and/or subjPubKey not set"; - var o = new KJUR.asn1.DERSequence({'array': - [this.asn1AlgId, this.asn1SubjPKey]}); + var o = new _DERSequence({'array': + [this.asn1AlgId, this.asn1SubjPKey]}); return o; }; @@ -1877,48 +1936,49 @@ KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) { }; this._setRSAKey = function(key) { - var asn1RsaPub = KJUR.asn1.ASN1Util.newObject({ + var asn1RsaPub = _newObject({ 'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}] }); var rsaKeyHex = asn1RsaPub.getEncodedHex(); - this.asn1AlgId = new KJUR.asn1.x509.AlgorithmIdentifier({'name':'rsaEncryption'}); - this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex':'00'+rsaKeyHex}); + this.asn1AlgId = new _AlgorithmIdentifier({'name':'rsaEncryption'}); + this.asn1SubjPKey = new _DERBitString({'hex':'00'+rsaKeyHex}); }; this._setEC = function(key) { - var asn1Params = new KJUR.asn1.DERObjectIdentifier({'name': key.curveName}); + var asn1Params = new _DERObjectIdentifier({'name': key.curveName}); this.asn1AlgId = - new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'ecPublicKey', - 'asn1params': asn1Params}); - this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + key.pubKeyHex}); + new _AlgorithmIdentifier({'name': 'ecPublicKey', + 'asn1params': asn1Params}); + this.asn1SubjPKey = new _DERBitString({'hex': '00' + key.pubKeyHex}); }; this._setDSA = function(key) { - var asn1Params = new KJUR.asn1.ASN1Util.newObject({ + var asn1Params = new _newObject({ 'seq': [{'int': {'bigint': key.p}}, {'int': {'bigint': key.q}}, {'int': {'bigint': key.g}}] }); this.asn1AlgId = - new KJUR.asn1.x509.AlgorithmIdentifier({'name': 'dsa', - 'asn1params': asn1Params}); - var pubInt = new KJUR.asn1.DERInteger({'bigint': key.y}); - this.asn1SubjPKey = new KJUR.asn1.DERBitString({'hex': '00' + pubInt.getEncodedHex()}); + new _AlgorithmIdentifier({'name': 'dsa', + 'asn1params': asn1Params}); + var pubInt = new _DERInteger({'bigint': key.y}); + this.asn1SubjPKey = + new _DERBitString({'hex': '00' + pubInt.getEncodedHex()}); }; if (typeof params != "undefined") { if (typeof RSAKey != 'undefined' && params instanceof RSAKey) { this._setRSAKey(params); - } else if (typeof KJUR.crypto.ECDSA != 'undefined' && - params instanceof KJUR.crypto.ECDSA) { + } else if (typeof _KJUR_crypto_ECDSA != 'undefined' && + params instanceof _KJUR_crypto_ECDSA) { this._setEC(params); - } else if (typeof KJUR.crypto.DSA != 'undefined' && - params instanceof KJUR.crypto.DSA) { + } else if (typeof _KJUR_crypto_DSA != 'undefined' && + params instanceof _KJUR_crypto_DSA) { this._setDSA(params); - } else if (typeof params['rsakey'] != "undefined") { - this.setRSAKey(params['rsakey']); - } else if (typeof params['rsapem'] != "undefined") { - this.setRSAPEM(params['rsapem']); + } else if (params.rsakey !== undefined) { + this.setRSAKey(params.rsakey); + } else if (params.rsapem !== undefined) { + this.setRSAPEM(params.rsapem); } } }; @@ -1939,8 +1999,12 @@ YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object); */ KJUR.asn1.x509.Time = function(params) { KJUR.asn1.x509.Time.superclass.constructor.call(this); - var type = null; - var timeParams = null; + var type = null, + timeParams = null, + _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERUTCTime = _KJUR_asn1.DERUTCTime, + _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime; this.setTimeParams = function(timeParams) { this.timeParams = timeParams; @@ -1951,15 +2015,15 @@ KJUR.asn1.x509.Time = function(params) { if (this.timeParams != null) { if (this.type == "utc") { - o = new KJUR.asn1.DERUTCTime(this.timeParams); + o = new _DERUTCTime(this.timeParams); } else { - o = new KJUR.asn1.DERGeneralizedTime(this.timeParams); + o = new _DERGeneralizedTime(this.timeParams); } } else { if (this.type == "utc") { - o = new KJUR.asn1.DERUTCTime(); + o = new _DERUTCTime(); } else { - o = new KJUR.asn1.DERGeneralizedTime(); + o = new _DERGeneralizedTime(); } } this.TLV = o.getEncodedHex(); @@ -1967,11 +2031,11 @@ KJUR.asn1.x509.Time = function(params) { }; this.type = "utc"; - if (typeof params != "undefined") { - if (typeof params.type != "undefined") { + if (params !== undefined) { + if (params.type !== undefined) { this.type = params.type; } else { - if (typeof params.str != "undefined") { + if (params.str !== undefined) { if (params.str.match(/^[0-9]{12}Z$/)) this.type = "utc"; if (params.str.match(/^[0-9]{14}Z$/)) this.type = "gen"; } @@ -2015,18 +2079,20 @@ KJUR.asn1.x509.AlgorithmIdentifier = function(params) { this.asn1Alg = null; this.asn1Params = null; this.paramEmpty = false; + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1; this.getEncodedHex = function() { if (this.nameAlg === null && this.asn1Alg === null) { throw "algorithm not specified"; } if (this.nameAlg !== null && this.asn1Alg === null) { - this.asn1Alg = KJUR.asn1.x509.OID.name2obj(this.nameAlg); + this.asn1Alg = _KJUR_asn1.x509.OID.name2obj(this.nameAlg); } var a = [this.asn1Alg]; if (this.asn1Params !== null) a.push(this.asn1Params); - var o = new KJUR.asn1.DERSequence({'array': a}); + var o = new _KJUR_asn1.DERSequence({'array': a}); this.hTLV = o.getEncodedHex(); return this.hTLV; }; @@ -2051,7 +2117,7 @@ KJUR.asn1.x509.AlgorithmIdentifier = function(params) { var lcNameAlg = this.nameAlg.toLowerCase(); if (lcNameAlg.substr(-7, 7) !== "withdsa" && lcNameAlg.substr(-9, 9) !== "withecdsa") { - this.asn1Params = new KJUR.asn1.DERNull(); + this.asn1Params = new _KJUR_asn1.DERNull(); } } }; @@ -2103,9 +2169,17 @@ YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object); */ KJUR.asn1.x509.GeneralName = function(params) { KJUR.asn1.x509.GeneralName.superclass.constructor.call(this); - var asn1Obj = null; - var type = null; - var pTag = {rfc822: '81', dns: '82', dn: 'a4', uri: '86'}; + var asn1Obj = null, + type = null, + pTag = {rfc822: '81', dns: '82', dn: 'a4', uri: '86'}, + _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERIA5String = _KJUR_asn1.DERIA5String, + _DERTaggedObject = _KJUR_asn1.DERTaggedObject, + _ASN1Object = _KJUR_asn1.ASN1Object, + _X500Name = _KJUR_asn1.x509.X500Name, + _pemtohex = pemtohex; + this.explicit = false; this.setByParam = function(params) { @@ -2116,27 +2190,27 @@ KJUR.asn1.x509.GeneralName = function(params) { if (params.rfc822 !== undefined) { this.type = 'rfc822'; - v = new KJUR.asn1.DERIA5String({str: params[this.type]}); + v = new _DERIA5String({str: params[this.type]}); } if (params.dns !== undefined) { this.type = 'dns'; - v = new KJUR.asn1.DERIA5String({str: params[this.type]}); + v = new _DERIA5String({str: params[this.type]}); } if (params.uri !== undefined) { this.type = 'uri'; - v = new KJUR.asn1.DERIA5String({str: params[this.type]}); + v = new _DERIA5String({str: params[this.type]}); } if (params.dn !== undefined) { this.type = 'dn'; - v = new KJUR.asn1.x509.X500Name({str: params.dn}); + v = new _X500Name({str: params.dn}); } if (params.ldapdn !== undefined) { this.type = 'dn'; - v = new KJUR.asn1.x509.X500Name({ldapstr: params.ldapdn}); + v = new _X500Name({ldapstr: params.ldapdn}); } if (params.certissuer !== undefined) { @@ -2150,14 +2224,14 @@ KJUR.asn1.x509.GeneralName = function(params) { } if (certStr.indexOf("-----BEGIN ") != -1) { - certHex = ASN1HEX.pemToHex(certStr); + certHex = _pemtohex(certStr); } if (certHex == null) throw "certissuer param not cert"; var x = new X509(); x.hex = certHex; var dnHex = x.getIssuerHex(); - v = new KJUR.asn1.ASN1Object(); + v = new _ASN1Object(); v.hTLV = dnHex; } @@ -2170,21 +2244,21 @@ KJUR.asn1.x509.GeneralName = function(params) { certHex == certStr; } if (certStr.indexOf("-----BEGIN ") != -1) { - certHex = ASN1HEX.pemToHex(certStr); + certHex = _pemtohex(certStr); } if (certHex == null) throw "certsubj param not cert"; var x = new X509(); x.hex = certHex; var dnHex = x.getSubjectHex(); - v = new KJUR.asn1.ASN1Object(); + v = new _ASN1Object(); v.hTLV = dnHex; } if (this.type == null) throw "unsupported type in params=" + params; - this.asn1Obj = new KJUR.asn1.DERTaggedObject({'explicit': this.explicit, - 'tag': pTag[this.type], - 'obj': v}); + this.asn1Obj = new _DERTaggedObject({'explicit': this.explicit, + 'tag': pTag[this.type], + 'obj': v}); }; this.getEncodedHex = function() { @@ -2212,7 +2286,9 @@ YAHOO.lang.extend(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object); */ KJUR.asn1.x509.GeneralNames = function(paramsArray) { KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this); - var asn1Array = null; + var asn1Array = null, + _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1; /** * set a array of {@link KJUR.asn1.x509.GeneralName} parameters
@@ -2229,13 +2305,13 @@ KJUR.asn1.x509.GeneralNames = function(paramsArray) { */ this.setByParamArray = function(paramsArray) { for (var i = 0; i < paramsArray.length; i++) { - var o = new KJUR.asn1.x509.GeneralName(paramsArray[i]); + var o = new _KJUR_asn1.x509.GeneralName(paramsArray[i]); this.asn1Array.push(o); } }; this.getEncodedHex = function() { - var o = new KJUR.asn1.DERSequence({'array': this.asn1Array}); + var o = new _KJUR_asn1.DERSequence({'array': this.asn1Array}); return o.getEncodedHex(); }; @@ -2276,23 +2352,26 @@ YAHOO.lang.extend(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object); */ KJUR.asn1.x509.DistributionPointName = function(gnOrRdn) { KJUR.asn1.x509.DistributionPointName.superclass.constructor.call(this); - var asn1Obj = null; - var type = null; - var tag = null; - var asn1V = null; + var asn1Obj = null, + type = null, + tag = null, + asn1V = null, + _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERTaggedObject = _KJUR_asn1.DERTaggedObject; this.getEncodedHex = function() { if (this.type != "full") throw "currently type shall be 'full': " + this.type; - this.asn1Obj = new KJUR.asn1.DERTaggedObject({'explicit': false, - 'tag': this.tag, - 'obj': this.asn1V}); + this.asn1Obj = new _DERTaggedObject({'explicit': false, + 'tag': this.tag, + 'obj': this.asn1V}); this.hTLV = this.asn1Obj.getEncodedHex(); return this.hTLV; }; - if (typeof gnOrRdn != "undefined") { - if (KJUR.asn1.x509.GeneralNames.prototype.isPrototypeOf(gnOrRdn)) { + if (gnOrRdn !== undefined) { + if (_KJUR_asn1.x509.GeneralNames.prototype.isPrototypeOf(gnOrRdn)) { this.type = "full"; this.tag = "a0"; this.asn1V = gnOrRdn; @@ -2333,23 +2412,25 @@ YAHOO.lang.extend(KJUR.asn1.x509.DistributionPointName, KJUR.asn1.ASN1Object); */ KJUR.asn1.x509.DistributionPoint = function(params) { KJUR.asn1.x509.DistributionPoint.superclass.constructor.call(this); - var asn1DP = null; + var asn1DP = null, + _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1; this.getEncodedHex = function() { - var seq = new KJUR.asn1.DERSequence(); + var seq = new _KJUR_asn1.DERSequence(); if (this.asn1DP != null) { - var o1 = new KJUR.asn1.DERTaggedObject({'explicit': true, - 'tag': 'a0', - 'obj': this.asn1DP}); + var o1 = new _KJUR_asn1.DERTaggedObject({'explicit': true, + 'tag': 'a0', + 'obj': this.asn1DP}); seq.appendASN1Object(o1); } this.hTLV = seq.getEncodedHex(); return this.hTLV; }; - if (typeof params != "undefined") { - if (typeof params['dpobj'] != "undefined") { - this.asn1DP = params['dpobj']; + if (params !== undefined) { + if (params.dpobj !== undefined) { + this.asn1DP = params.dpobj; } } }; @@ -2623,37 +2704,34 @@ KJUR.asn1.x509.OID.name2oid = function(name) { }; /** - * X.509 certificate and CRL utilities class + * X.509 certificate and CRL utilities class
* @name KJUR.asn1.x509.X509Util * @class X.509 certificate and CRL utilities class + * @deprecated jsrsasign 7.2.1 asn1x509 1.0.24 */ KJUR.asn1.x509.X509Util = new function() { + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERInteger = _KJUR_asn1.DERInteger, + _DERSequence = _KJUR_asn1.DERSequence, + _ASN1Util = _KJUR_asn1.ASN1Util; + /** * get PKCS#8 PEM public key string from RSAKey object * @name getPKCS8PubKeyPEMfromRSAKey * @memberOf KJUR.asn1.x509.X509Util * @function * @param {RSAKey} rsaKey RSA public key of {@link RSAKey} object + * @deprecated jsrsasign 7.2.1 asn1x509 1.0.24 use {@link KEYUTIL.getPEM} * @description * @example * var pem = KJUR.asn1.x509.X509Util.getPKCS8PubKeyPEMfromRSAKey(pubKey); */ this.getPKCS8PubKeyPEMfromRSAKey = function(rsaKey) { - var pem = null; - var hN = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(rsaKey.n); - var hE = KJUR.asn1.ASN1Util.integerToByteHex(rsaKey.e); - var iN = new KJUR.asn1.DERInteger({hex: hN}); - var iE = new KJUR.asn1.DERInteger({hex: hE}); - var asn1PubKey = new KJUR.asn1.DERSequence({array: [iN, iE]}); - var hPubKey = asn1PubKey.getEncodedHex(); - var o1 = new KJUR.asn1.x509.AlgorithmIdentifier({name: 'rsaEncryption'}); - var o2 = new KJUR.asn1.DERBitString({hex: '00' + hPubKey}); - var seq = new KJUR.asn1.DERSequence({array: [o1, o2]}); - var hP8 = seq.getEncodedHex(); - var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(hP8, "PUBLIC KEY"); - return pem; + return KEYUTIL.getPEM(rsaKey); }; }; + /** * issue a certificate in PEM format * @name newCertPEM @@ -2727,8 +2805,10 @@ KJUR.asn1.x509.X509Util = new function() { * }); */ KJUR.asn1.x509.X509Util.newCertPEM = function(param) { - var ns1 = KJUR.asn1.x509; - var o = new ns1.TBSCertificate(); + var _KJUR_asn1_x509 = KJUR.asn1.x509, + _TBSCertificate = _KJUR_asn1_x509.TBSCertificate, + _Certificate = _KJUR_asn1_x509.Certificate; + var o = new _TBSCertificate(); if (param.serial !== undefined) o.setSerialNumberByParam(param.serial); @@ -2786,12 +2866,12 @@ KJUR.asn1.x509.X509Util.newCertPEM = function(param) { } else { caKey = KEYUTIL.getKey.apply(null, param.cakey); } - cert = new ns1.Certificate({'tbscertobj': o, 'prvkeyobj': caKey}); + cert = new _Certificate({'tbscertobj': o, 'prvkeyobj': caKey}); cert.sign(); } if (param.sighex) { - cert = new ns1.Certificate({'tbscertobj': o}); + cert = new _Certificate({'tbscertobj': o}); cert.setSignatureHex(param.sighex); } diff --git a/src/base64x-1.1.js b/src/base64x-1.1.js index db63c02c..ad5185b5 100644 --- a/src/base64x-1.1.js +++ b/src/base64x-1.1.js @@ -1,9 +1,9 @@ -/*! base64x-1.1.11 (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license +/* base64x-1.1.12 (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * base64x.js - Base64url and supplementary functions for Tom Wu's base64.js library * - * version: 1.1.11 (2017-May-20) + * version: 1.1.12 (2017-Jun-03) * * Copyright (c) 2012-2017 Kenji Urushima (kenji.urushima@gmail.com) * @@ -21,7 +21,7 @@ * @fileOverview * @name base64x-1.1.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 7.2.0 base64x 1.1.11 (2017-May-20) + * @version jsrsasign 7.2.1 base64x 1.1.12 (2017-Jun-03) * @since jsrsasign 2.1 * @license MIT License */ @@ -84,6 +84,8 @@ function Base64x() { // ==== string / byte array ================================ /** * convert a string to an array of character codes + * @name stoBA + * @function * @param {String} s * @return {Array of Numbers} */ @@ -97,6 +99,8 @@ function stoBA(s) { /** * convert an array of character codes to a string + * @name BAtos + * @function * @param {Array of Numbers} a array of character codes * @return {String} s */ @@ -111,6 +115,8 @@ function BAtos(a) { // ==== byte array / hex ================================ /** * convert an array of bytes(Number) to hexadecimal string.
+ * @name BAtohex + * @function * @param {Array of Numbers} a array of bytes * @return {String} hexadecimal string */ @@ -128,6 +134,8 @@ function BAtohex(a) { /** * convert a ASCII string to a hexadecimal string of ASCII codes.
* NOTE: This can't be used for non ASCII characters. + * @name stohex + * @function * @param {s} s ASCII string * @return {String} hexadecimal string */ @@ -139,6 +147,8 @@ function stohex(s) { /** * convert a ASCII string to a Base64 encoded string.
* NOTE: This can't be used for non ASCII characters. + * @name stob64 + * @function * @param {s} s ASCII string * @return {String} Base64 encoded string */ @@ -150,6 +160,8 @@ function stob64(s) { /** * convert a ASCII string to a Base64URL encoded string.
* NOTE: This can't be used for non ASCII characters. + * @name stob64u + * @function * @param {s} s ASCII string * @return {String} Base64URL encoded string */ @@ -160,6 +172,8 @@ function stob64u(s) { /** * convert a Base64URL encoded string to a ASCII string.
* NOTE: This can't be used for Base64URL encoded non ASCII characters. + * @name b64utos + * @function * @param {s} s Base64URL encoded string * @return {String} ASCII string */ @@ -170,6 +184,8 @@ function b64utos(s) { // ==== base64 / base64url ================================ /** * convert a Base64 encoded string to a Base64URL encoded string.
+ * @name b64tob64u + * @function * @param {String} s Base64 encoded string * @return {String} Base64URL encoded string * @example @@ -184,6 +200,8 @@ function b64tob64u(s) { /** * convert a Base64URL encoded string to a Base64 encoded string.
+ * @name b64utob64 + * @function * @param {String} s Base64URL encoded string * @return {String} Base64 encoded string * @example @@ -200,6 +218,8 @@ function b64utob64(s) { // ==== hex / base64url ================================ /** * convert a hexadecimal string to a Base64URL encoded string.
+ * @name hextob64u + * @function * @param {String} s hexadecimal string * @return {String} Base64URL encoded string * @description @@ -214,6 +234,8 @@ function hextob64u(s) { /** * convert a Base64URL encoded string to a hexadecimal string.
+ * @name b64utohex + * @function * @param {String} s Base64URL encoded string * @return {String} hexadecimal string */ @@ -225,6 +247,8 @@ function b64utohex(s) { /** * convert a UTF-8 encoded string including CJK or Latin to a Base64URL encoded string.
+ * @name utf8tob64u + * @function * @param {String} s UTF-8 encoded string * @return {String} Base64URL encoded string * @since 1.1 @@ -232,6 +256,8 @@ function b64utohex(s) { /** * convert a Base64URL encoded string to a UTF-8 encoded string including CJK or Latin.
+ * @name b64utoutf8 + * @function * @param {String} s Base64URL encoded string * @return {String} UTF-8 encoded string * @since 1.1 @@ -260,6 +286,8 @@ if (typeof Buffer === 'function') { // ==== utf8 / base64url ================================ /** * convert a UTF-8 encoded string including CJK or Latin to a Base64 encoded string.
+ * @name utf8tob64 + * @function * @param {String} s UTF-8 encoded string * @return {String} Base64 encoded string * @since 1.1.1 @@ -270,6 +298,8 @@ function utf8tob64(s) { /** * convert a Base64 encoded string to a UTF-8 encoded string including CJK or Latin.
+ * @name b64toutf8 + * @function * @param {String} s Base64 encoded string * @return {String} UTF-8 encoded string * @since 1.1.1 @@ -281,6 +311,8 @@ function b64toutf8(s) { // ==== utf8 / hex ================================ /** * convert a UTF-8 encoded string including CJK or Latin to a hexadecimal encoded string.
+ * @name utf8tohex + * @function * @param {String} s UTF-8 encoded string * @return {String} hexadecimal encoded string * @since 1.1.1 @@ -293,6 +325,8 @@ function utf8tohex(s) { * convert a hexadecimal encoded string to a UTF-8 encoded string including CJK or Latin.
* Note that when input is improper hexadecimal string as UTF-8 string, this function returns * 'null'. + * @name hextoutf8 + * @function * @param {String} s hexadecimal encoded string * @return {String} UTF-8 encoded string or null * @since 1.1.1 @@ -303,6 +337,8 @@ function hextoutf8(s) { /** * convert a hexadecimal encoded string to raw string including non printable characters.
+ * @name hextorstr + * @function * @param {String} s hexadecimal encoded string * @return {String} raw string * @since 1.1.2 @@ -319,6 +355,8 @@ function hextorstr(sHex) { /** * convert a raw string including non printable characters to hexadecimal encoded string.
+ * @name rstrtohex + * @function * @param {String} s raw string * @return {String} hexadecimal encoded string * @since 1.1.2 @@ -337,6 +375,8 @@ function rstrtohex(s) { /** * convert a hexadecimal string to Base64 encoded string
+ * @name hextob64 + * @function * @param {String} s hexadecimal string * @return {String} resulted Base64 encoded string * @since base64x 1.1.3 @@ -352,6 +392,8 @@ function hextob64(s) { /** * convert a hexadecimal string to Base64 encoded string with new lines
+ * @name hextob64nl + * @function * @param {String} s hexadecimal string * @return {String} resulted Base64 encoded string with new lines * @since base64x 1.1.3 @@ -374,6 +416,8 @@ function hextob64nl(s) { /** * convert a Base64 encoded string with new lines to a hexadecimal string
+ * @name b64nltohex + * @function * @param {String} s Base64 encoded string with new lines * @return {String} hexadecimal string * @since base64x 1.1.3 @@ -396,10 +440,74 @@ function b64nltohex(s) { return hex; } +// ==== hex / pem ========================================= + +/** + * get PEM string from hexadecimal data and header string + * @name hextopem + * @function + * @param {String} dataHex hexadecimal string of PEM body + * @param {String} pemHeader PEM header string (ex. 'RSA PRIVATE KEY') + * @return {String} PEM formatted string of input data + * @since jsrasign 7.2.1 base64x 1.1.12 + * @description + * This function converts a hexadecimal string to a PEM string with + * a specified header. Its line break will be CRLF("\r\n"). + * @example + * hextopem('616161', 'RSA PRIVATE KEY') → + * -----BEGIN PRIVATE KEY----- + * YWFh + * -----END PRIVATE KEY----- + */ +function hextopem(dataHex, pemHeader) { + var pemBody = hextob64nl(dataHex); + return "-----BEGIN " + pemHeader + "-----\r\n" + + pemBody + + "\r\n-----END " + pemHeader + "-----\r\n"; +} + +/** + * get hexacedimal string from PEM format data
+ * @name pemtohex + * @function + * @param {String} s PEM formatted string + * @param {String} sHead PEM header string without BEGIN/END(OPTION) + * @return {String} hexadecimal string data of PEM contents + * @since jsrsasign 7.2.1 base64x 1.1.12 + * @description + * This static method gets a hexacedimal string of contents + * from PEM format data. You can explicitly specify PEM header + * by sHead argument. + * Any space characters such as white space or new line + * will be omitted.
+ * NOTE: Now {@link KEYUTIL.getHexFromPEM} and {@link X509.pemToHex} + * have been deprecated since jsrsasign 7.2.1. + * Please use this method instead. + * @example + * pemtohex("-----BEGIN PUBLIC KEY...") → "3082..." + * pemtohex("-----BEGIN CERTIFICATE...", "CERTIFICATE") → "3082..." + * pemtohex(" \r\n-----BEGIN DSA PRIVATE KEY...") → "3082..." + */ +function pemtohex(s, sHead) { + if (s.indexOf("-----BEGIN ") == -1) + throw "can't find PEM header: " + sHead; + + if (sHead !== undefined) { + s = s.replace("-----BEGIN " + sHead + "-----", ""); + s = s.replace("-----END " + sHead + "-----", ""); + } else { + s = s.replace(/-----BEGIN [^-]+-----/, ''); + s = s.replace(/-----END [^-]+-----/, ''); + } + return b64nltohex(s); +} + // ==== hex / ArrayBuffer ================================= /** * convert a ArrayBuffer to a hexadecimal string
+ * @name hextoArrayBuffer + * @function * @param {String} hex hexadecimal string * @return {ArrayBuffer} ArrayBuffer * @since jsrsasign 6.1.4 base64x 1.1.8 @@ -431,6 +539,8 @@ function hextoArrayBuffer(hex) { /** * convert a ArrayBuffer to a hexadecimal string
+ * @name ArrayBuffertohex + * @function * @param {ArrayBuffer} buffer ArrayBuffer * @return {String} hexadecimal string * @since jsrsasign 6.1.4 base64x 1.1.8 @@ -610,6 +720,8 @@ function datetozulu(d, flagUTCTime, flagMilli) { // ==== URIComponent / hex ================================ /** * convert a URLComponent string such like "%67%68" to a hexadecimal string.
+ * @name uricmptohex + * @function * @param {String} s URIComponent string such like "%67%68" * @return {String} hexadecimal string * @since 1.1 @@ -620,6 +732,8 @@ function uricmptohex(s) { /** * convert a hexadecimal string to a URLComponent string such like "%67%68".
+ * @name hextouricmp + * @function * @param {String} s hexadecimal string * @return {String} URIComponent string such like "%67%68" * @since 1.1 @@ -635,6 +749,8 @@ function hextouricmp(s) { * converted to "%xx" format by builtin 'encodeURIComponent()' function. * However this 'encodeURIComponentAll()' function will convert * all of characters into "%xx" format. + * @name encodeURIComponentAll + * @function * @param {String} s hexadecimal string * @return {String} URIComponent string such like "%67%68" * @since 1.1 @@ -657,6 +773,8 @@ function encodeURIComponentAll(u8) { /** * convert all DOS new line("\r\n") to UNIX new line("\n") in * a String "s". + * @name newline_toUnix + * @function * @param {String} s string * @return {String} converted string */ @@ -668,6 +786,8 @@ function newline_toUnix(s) { /** * convert all UNIX new line("\r\n") to DOS new line("\n") in * a String "s". + * @name newline_toDos + * @function * @param {String} s string * @return {String} converted string */ @@ -800,6 +920,8 @@ KJUR.lang.String.isIntegerArray = function(s) { /** * canonicalize hexadecimal string of positive integer
+ * @name hextoposhex + * @function * @param {String} s hexadecimal string * @return {String} canonicalized hexadecimal string of positive integer * @since base64x 1.1.10 jsrsasign 7.1.4 @@ -826,6 +948,8 @@ function hextoposhex(s) { /** * convert string of integer array to hexadecimal string.
+ * @name intarystrtohex + * @function * @param {String} s string of integer array * @return {String} hexadecimal string * @since base64x 1.1.6 jsrsasign 5.0.2 @@ -859,6 +983,8 @@ function intarystrtohex(s) { /** * find index of string where two string differs + * @name strdiffidx + * @function * @param {String} s1 string to compare * @param {String} s2 string to compare * @return {Number} string index of where character differs. Return -1 if same. diff --git a/src/crypto-1.1.js b/src/crypto-1.1.js index 30d641cf..b0c5f4fb 100644 --- a/src/crypto-1.1.js +++ b/src/crypto-1.1.js @@ -1,4 +1,4 @@ -/*! crypto-1.1.12.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license +/* crypto-1.1.12.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * crypto.js - Cryptographic Algorithm Provider class diff --git a/src/dsa-2.0.js b/src/dsa-2.0.js index c26ca890..1263df15 100755 --- a/src/dsa-2.0.js +++ b/src/dsa-2.0.js @@ -1,4 +1,4 @@ -/*! dsa-2.1.1.js (c) 2016-2017 Kenji Urushimma | kjur.github.com/jsrsasign/license +/* dsa-2.1.1.js (c) 2016-2017 Kenji Urushimma | kjur.github.com/jsrsasign/license */ /* * dsa.js - new DSA class diff --git a/src/ecdsa-modified-1.0.js b/src/ecdsa-modified-1.0.js index a9905f5b..0c9821a1 100644 --- a/src/ecdsa-modified-1.0.js +++ b/src/ecdsa-modified-1.0.js @@ -1,4 +1,4 @@ -/*! ecdsa-modified-1.1.1.js (c) Stephan Thomas, Kenji Urushima | github.com/bitcoinjs/bitcoinjs-lib/blob/master/LICENSE +/* ecdsa-modified-1.1.1.js (c) Stephan Thomas, Kenji Urushima | github.com/bitcoinjs/bitcoinjs-lib/blob/master/LICENSE */ /* * ecdsa-modified.js - modified Bitcoin.ECDSA class diff --git a/src/ecparam-1.0.js b/src/ecparam-1.0.js index a2d2e5cb..72d61a8a 100644 --- a/src/ecparam-1.0.js +++ b/src/ecparam-1.0.js @@ -1,4 +1,4 @@ -/*! ecparam-1.0.0.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license +/* ecparam-1.0.0.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * ecparam.js - Elliptic Curve Cryptography Curve Parameter Definition class diff --git a/src/jws-3.2.js b/src/jws-3.2.js deleted file mode 100755 index d69aabe4..00000000 --- a/src/jws-3.2.js +++ /dev/null @@ -1,1003 +0,0 @@ -/*! jws-3.2.4 (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -/* - * jws.js - JSON Web Signature(JWS) and JSON Web Token(JWT) Class - * - * version: 3.2.4 (2015 Aug 30) - * - * Copyright (c) 2010-2015 Kenji Urushima (kenji.urushima@gmail.com) - * - * This software is licensed under the terms of the MIT License. - * http://kjur.github.com/jsrsasign/license/ - * - * The above copyright and license notice shall be - * included in all copies or substantial portions of the Software. - */ - -/** - * @fileOverview - * @name jws-3.2.js - * @author Kenji Urushima kenji.urushima@gmail.com - * @version 3.2.4 (2015-Aug-30) - * @since jsjws 1.0, jsrsasign 4.8.0 - * @license MIT License - */ - -if (typeof KJUR == "undefined" || !KJUR) KJUR = {}; - -/** - * kjur's JSON Web Signature/Token(JWS/JWT) library name space - *

- * This namespace privides following JWS/JWS related classes. - *

    - *
  • {@link KJUR.jws.JWS} - JSON Web Signature/Token(JWS/JWT) class
  • - *
  • {@link KJUR.jws.JWSJS} - JWS JSON Serialization(JWSJS) class
  • - *
  • {@link KJUR.jws.IntDate} - UNIX origin time utility class
  • - *
- * NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2. - *

- * @name KJUR.jws - * @namespace - */ -if (typeof KJUR.jws == "undefined" || !KJUR.jws) KJUR.jws = {}; - -/** - * JSON Web Signature(JWS) class.
- * @name KJUR.jws.JWS - * @class JSON Web Signature(JWS) class - * @property {Dictionary} parsedJWS This property is set after JWS signature verification.
- * Following "parsedJWS_*" properties can be accessed as "parsedJWS.*" because of - * JsDoc restriction. - * @property {String} parsedJWS_headB64U string of Encrypted JWS Header - * @property {String} parsedJWS_payloadB64U string of Encrypted JWS Payload - * @property {String} parsedJWS_sigvalB64U string of Encrypted JWS signature value - * @property {String} parsedJWS_si string of Signature Input - * @property {String} parsedJWS_sigvalH hexadecimal string of JWS signature value - * @property {String} parsedJWS_sigvalBI BigInteger(defined in jsbn.js) object of JWS signature value - * @property {String} parsedJWS_headS string of decoded JWS Header - * @property {String} parsedJWS_headS string of decoded JWS Payload - * @requires base64x.js, json-sans-eval.js and jsrsasign library - * @see 'jwjws'(JWS JavaScript Library) home page http://kjur.github.com/jsjws/ - * @see 'jwrsasign'(RSA Sign JavaScript Library) home page http://kjur.github.com/jsrsasign/ - * @see IETF I-D JSON Web Algorithms (JWA) - * @since jsjws 1.0 - * @description - *

Supported Algorithms

- * Here is supported algorithm names for {@link KJUR.jws.JWS.sign} and {@link KJUR.jws.JWS.verify} - * methods. - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - *
alg valuespec requirementjsjws support
HS256REQUIREDSUPPORTED
HS384OPTIONALSUPPORTED
HS512OPTIONALSUPPORTED
RS256RECOMMENDEDSUPPORTED
RS384OPTIONALSUPPORTED
RS512OPTIONALSUPPORTED
ES256RECOMMENDED+SUPPORTED
ES384OPTIONALSUPPORTED
ES512OPTIONAL-
PS256OPTIONALSUPPORTED
PS384OPTIONALSUPPORTED
PS512OPTIONALSUPPORTED
noneREQUIREDSUPPORTED(signature generation only)
- * NOTE1: HS384 is supported since jsjws 3.0.2 with jsrsasign 4.1.4.
- */ -KJUR.jws.JWS = function() { - var ns1 = KJUR.jws.JWS; - - // === utility ============================================================= - - /** - * parse JWS string and set public property 'parsedJWS' dictionary.
- * @name parseJWS - * @memberOf KJUR.jws.JWS - * @function - * @param {String} sJWS JWS signature string to be parsed. - * @throws if sJWS is not comma separated string such like "Header.Payload.Signature". - * @throws if JWS Header is a malformed JSON string. - * @since jws 1.1 - */ - this.parseJWS = function(sJWS, sigValNotNeeded) { - if ((this.parsedJWS !== undefined) && - (sigValNotNeeded || (this.parsedJWS.sigvalH !== undefined))) { - return; - } - if (sJWS.match(/^([^.]+)\.([^.]+)\.([^.]+)$/) == null) { - throw "JWS signature is not a form of 'Head.Payload.SigValue'."; - } - var b6Head = RegExp.$1; - var b6Payload = RegExp.$2; - var b6SigVal = RegExp.$3; - var sSI = b6Head + "." + b6Payload; - this.parsedJWS = {}; - this.parsedJWS.headB64U = b6Head; - this.parsedJWS.payloadB64U = b6Payload; - this.parsedJWS.sigvalB64U = b6SigVal; - this.parsedJWS.si = sSI; - - if (!sigValNotNeeded) { - var hSigVal = b64utohex(b6SigVal); - var biSigVal = parseBigInt(hSigVal, 16); - this.parsedJWS.sigvalH = hSigVal; - this.parsedJWS.sigvalBI = biSigVal; - } - - var sHead = b64utoutf8(b6Head); - var sPayload = b64utoutf8(b6Payload); - this.parsedJWS.headS = sHead; - this.parsedJWS.payloadS = sPayload; - - if (! ns1.isSafeJSONString(sHead, this.parsedJWS, 'headP')) - throw "malformed JSON string for JWS Head: " + sHead; - }; - - // ==== JWS Validation ========================================================= - function _getSignatureInputByString(sHead, sPayload) { - return utf8tob64u(sHead) + "." + utf8tob64u(sPayload); - }; - - function _getHashBySignatureInput(sSignatureInput, sHashAlg) { - var hashfunc = function(s) { return KJUR.crypto.Util.hashString(s, sHashAlg); }; - if (hashfunc == null) throw "hash function not defined in jsrsasign: " + sHashAlg; - return hashfunc(sSignatureInput); - }; - - function _jws_verifySignature(sHead, sPayload, hSig, hN, hE) { - var sSignatureInput = _getSignatureInputByString(sHead, sPayload); - var biSig = parseBigInt(hSig, 16); - return _rsasign_verifySignatureWithArgs(sSignatureInput, biSig, hN, hE); - }; - - /** - * verify JWS signature with naked RSA public key.
- * This only supports "RS256" and "RS512" algorithm. - * @name verifyJWSByNE - * @memberOf KJUR.jws.JWS - * @function - * @param {String} sJWS JWS signature string to be verified - * @param {String} hN hexadecimal string for modulus of RSA public key - * @param {String} hE hexadecimal string for public exponent of RSA public key - * @return {String} returns 1 when JWS signature is valid, otherwise returns 0 - * @throws if sJWS is not comma separated string such like "Header.Payload.Signature". - * @throws if JWS Header is a malformed JSON string. - * @deprecated from 3.0.0 please move to {@link KJUR.jws.JWS.verify} - */ - this.verifyJWSByNE = function(sJWS, hN, hE) { - this.parseJWS(sJWS); - return _rsasign_verifySignatureWithArgs(this.parsedJWS.si, this.parsedJWS.sigvalBI, hN, hE); - }; - - /** - * verify JWS signature with RSA public key.
- * This only supports "RS256", "RS512", "PS256" and "PS512" algorithms. - * @name verifyJWSByKey - * @memberOf KJUR.jws.JWS - * @function - * @param {String} sJWS JWS signature string to be verified - * @param {RSAKey} key RSA public key - * @return {Boolean} returns true when JWS signature is valid, otherwise returns false - * @throws if sJWS is not comma separated string such like "Header.Payload.Signature". - * @throws if JWS Header is a malformed JSON string. - * @deprecated from 3.0.0 please move to {@link KJUR.jws.JWS.verify} - */ - this.verifyJWSByKey = function(sJWS, key) { - this.parseJWS(sJWS); - var hashAlg = _jws_getHashAlgFromParsedHead(this.parsedJWS.headP); - var isPSS = this.parsedJWS.headP['alg'].substr(0, 2) == "PS"; - - if (key.hashAndVerify) { - return key.hashAndVerify(hashAlg, - new Buffer(this.parsedJWS.si, 'utf8').toString('base64'), - b64utob64(this.parsedJWS.sigvalB64U), - 'base64', - isPSS); - } else if (isPSS) { - return key.verifyStringPSS(this.parsedJWS.si, - this.parsedJWS.sigvalH, hashAlg); - } else { - return key.verifyString(this.parsedJWS.si, - this.parsedJWS.sigvalH); - } - }; - - /** - * verify JWS signature by PEM formatted X.509 certificate.
- * This only supports "RS256" and "RS512" algorithm. - * @name verifyJWSByPemX509Cert - * @memberOf KJUR.jws.JWS - * @function - * @param {String} sJWS JWS signature string to be verified - * @param {String} sPemX509Cert string of PEM formatted X.509 certificate - * @return {String} returns 1 when JWS signature is valid, otherwise returns 0 - * @throws if sJWS is not comma separated string such like "Header.Payload.Signature". - * @throws if JWS Header is a malformed JSON string. - * @since 1.1 - * @deprecated from 3.0.0 please move to {@link KJUR.jws.JWS.verify} - */ - this.verifyJWSByPemX509Cert = function(sJWS, sPemX509Cert) { - this.parseJWS(sJWS); - var x509 = new X509(); - x509.readCertPEM(sPemX509Cert); - return x509.subjectPublicKeyRSA.verifyString(this.parsedJWS.si, this.parsedJWS.sigvalH); - }; - - // ==== JWS Generation ========================================================= - function _jws_getHashAlgFromParsedHead(head) { - var sigAlg = head["alg"]; - var hashAlg = ""; - - if (sigAlg != "RS256" && sigAlg != "RS512" && - sigAlg != "PS256" && sigAlg != "PS512") - throw "JWS signature algorithm not supported: " + sigAlg; - if (sigAlg.substr(2) == "256") hashAlg = "sha256"; - if (sigAlg.substr(2) == "512") hashAlg = "sha512"; - return hashAlg; - }; - - function _jws_getHashAlgFromHead(sHead) { - return _jws_getHashAlgFromParsedHead(jsonParse(sHead)); - }; - - function _jws_generateSignatureValueBySI_NED(sHead, sPayload, sSI, hN, hE, hD) { - var rsa = new RSAKey(); - rsa.setPrivate(hN, hE, hD); - - var hashAlg = _jws_getHashAlgFromHead(sHead); - var sigValue = rsa.signString(sSI, hashAlg); - return sigValue; - }; - - function _jws_generateSignatureValueBySI_Key(sHead, sPayload, sSI, key, head) { - var hashAlg = null; - if (typeof head == "undefined") { - hashAlg = _jws_getHashAlgFromHead(sHead); - } else { - hashAlg = _jws_getHashAlgFromParsedHead(head); - } - - var isPSS = head['alg'].substr(0, 2) == "PS"; - - if (key.hashAndSign) { - return b64tob64u(key.hashAndSign(hashAlg, sSI, 'binary', 'base64', isPSS)); - } else if (isPSS) { - return hextob64u(key.signStringPSS(sSI, hashAlg)); - } else { - return hextob64u(key.signString(sSI, hashAlg)); - } - }; - - function _jws_generateSignatureValueByNED(sHead, sPayload, hN, hE, hD) { - var sSI = _getSignatureInputByString(sHead, sPayload); - return _jws_generateSignatureValueBySI_NED(sHead, sPayload, sSI, hN, hE, hD); - }; - - /** - * generate JWS signature by Header, Payload and a naked RSA private key.
- * This only supports "RS256" and "RS512" algorithm. - * @name generateJWSByNED - * @memberOf KJUR.jws.JWS - * @function - * @param {String} sHead string of JWS Header - * @param {String} sPayload string of JWS Payload - * @param {String} hN hexadecimal string for modulus of RSA public key - * @param {String} hE hexadecimal string for public exponent of RSA public key - * @param {String} hD hexadecimal string for private exponent of RSA private key - * @return {String} JWS signature string - * @throws if sHead is a malformed JSON string. - * @throws if supported signature algorithm was not specified in JSON Header. - * @deprecated from 3.0.0 please move to {@link KJUR.jws.JWS.sign} - */ - this.generateJWSByNED = function(sHead, sPayload, hN, hE, hD) { - if (! ns1.isSafeJSONString(sHead)) throw "JWS Head is not safe JSON string: " + sHead; - var sSI = _getSignatureInputByString(sHead, sPayload); - var hSigValue = _jws_generateSignatureValueBySI_NED(sHead, sPayload, sSI, hN, hE, hD); - var b64SigValue = hextob64u(hSigValue); - - this.parsedJWS = {}; - this.parsedJWS.headB64U = sSI.split(".")[0]; - this.parsedJWS.payloadB64U = sSI.split(".")[1]; - this.parsedJWS.sigvalB64U = b64SigValue; - - return sSI + "." + b64SigValue; - }; - - /** - * generate JWS signature by Header, Payload and a RSA private key.
- * This only supports "RS256", "RS512", "PS256" and "PS512" algorithms. - * @name generateJWSByKey - * @memberOf KJUR.jws.JWS - * @function - * @param {String} sHead string of JWS Header - * @param {String} sPayload string of JWS Payload - * @param {RSAKey} RSA private key - * @return {String} JWS signature string - * @throws if sHead is a malformed JSON string. - * @throws if supported signature algorithm was not specified in JSON Header. - * @deprecated from 3.0.0 please move to {@link KJUR.jws.JWS.sign} - */ - this.generateJWSByKey = function(sHead, sPayload, key) { - var obj = {}; - if (! ns1.isSafeJSONString(sHead, obj, 'headP')) - throw "JWS Head is not safe JSON string: " + sHead; - var sSI = _getSignatureInputByString(sHead, sPayload); - var b64SigValue = _jws_generateSignatureValueBySI_Key(sHead, sPayload, sSI, key, obj.headP); - - this.parsedJWS = {}; - this.parsedJWS.headB64U = sSI.split(".")[0]; - this.parsedJWS.payloadB64U = sSI.split(".")[1]; - this.parsedJWS.sigvalB64U = b64SigValue; - - return sSI + "." + b64SigValue; - }; - - // === sign with PKCS#1 RSA private key ===================================================== - function _jws_generateSignatureValueBySI_PemPrvKey(sHead, sPayload, sSI, sPemPrvKey) { - var rsa = new RSAKey(); - rsa.readPrivateKeyFromPEMString(sPemPrvKey); - var hashAlg = _jws_getHashAlgFromHead(sHead); - var sigValue = rsa.signString(sSI, hashAlg); - return sigValue; - }; - - /** - * generate JWS signature by Header, Payload and a PEM formatted PKCS#1 RSA private key.
- * This only supports "RS256" and "RS512" algorithm. - * @name generateJWSByP1PrvKey - * @memberOf KJUR.jws.JWS - * @function - * @param {String} sHead string of JWS Header - * @param {String} sPayload string of JWS Payload - * @param {String} string for sPemPrvKey PEM formatted PKCS#1 RSA private key
- * Heading and trailing space characters in PEM key will be ignored. - * @return {String} JWS signature string - * @throws if sHead is a malformed JSON string. - * @throws if supported signature algorithm was not specified in JSON Header. - * @since 1.1 - * @deprecated from 3.0.0 please move to {@link KJUR.jws.JWS.sign} - */ - this.generateJWSByP1PrvKey = function(sHead, sPayload, sPemPrvKey) { - if (! ns1.isSafeJSONString(sHead)) throw "JWS Head is not safe JSON string: " + sHead; - var sSI = _getSignatureInputByString(sHead, sPayload); - var hSigValue = _jws_generateSignatureValueBySI_PemPrvKey(sHead, sPayload, sSI, sPemPrvKey); - var b64SigValue = hextob64u(hSigValue); - - this.parsedJWS = {}; - this.parsedJWS.headB64U = sSI.split(".")[0]; - this.parsedJWS.payloadB64U = sSI.split(".")[1]; - this.parsedJWS.sigvalB64U = b64SigValue; - - return sSI + "." + b64SigValue; - }; -}; - -// === major static method ======================================================== - -/** - * generate JWS signature by specified key
- * @name sign - * @memberOf KJUR.jws.JWS - * @function - * @static - * @param {String} alg JWS algorithm name to sign and force set to sHead or null - * @param {String} sHead string of JWS Header - * @param {String} sPayload string of JWS Payload - * @param {String} key string of private key or key object to sign - * @param {String} pass (OPTION)passcode to use encrypted private key - * @return {String} JWS signature string - * @since jws 3.0.0 - * @see jsrsasign KJUR.crypto.Signature method - * @see jsrsasign KJUR.crypto.Mac method - * @description - * This method supports following algorithms. - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - *
alg valuespec requirementjsjws support
HS256REQUIREDSUPPORTED
HS384OPTIONAL-
HS512OPTIONALSUPPORTED
RS256RECOMMENDEDSUPPORTED
RS384OPTIONALSUPPORTED
RS512OPTIONALSUPPORTED
ES256RECOMMENDED+SUPPORTED
ES384OPTIONALSUPPORTED
ES512OPTIONAL-
PS256OPTIONALSUPPORTED
PS384OPTIONALSUPPORTED
PS512OPTIONALSUPPORTED
noneREQUIREDSUPPORTED(signature generation only)
- *
- *
NOTE1: - *
salt length of RSAPSS signature is the same as the hash algorithm length - * because of IETF JOSE ML discussion. - *
NOTE2: - *
The reason of HS384 unsupport is - * CryptoJS HmacSHA384 bug. - *
- */ -KJUR.jws.JWS.sign = function(alg, sHeader, sPayload, key, pass) { - var ns1 = KJUR.jws.JWS; - - if (! ns1.isSafeJSONString(sHeader)) - throw "JWS Head is not safe JSON string: " + sHeader; - - var pHeader = ns1.readSafeJSONString(sHeader); - - // 1. use alg if defined in sHeader - if ((alg == '' || alg == null) && - pHeader['alg'] !== undefined) { - alg = pHeader['alg']; - } - - // 2. set alg in sHeader if undefined - if ((alg != '' && alg != null) && - pHeader['alg'] === undefined) { - pHeader['alg'] = alg; - sHeader = JSON.stringify(pHeader); - } - - // 3. set signature algorithm like SHA1withRSA - var sigAlg = null; - if (ns1.jwsalg2sigalg[alg] === undefined) { - throw "unsupported alg name: " + alg; - } else { - sigAlg = ns1.jwsalg2sigalg[alg]; - } - - var uHeader = utf8tob64u(sHeader); - var uPayload = utf8tob64u(sPayload); - var uSignatureInput = uHeader + "." + uPayload - - // 4. sign - var hSig = ""; - if (sigAlg.substr(0, 4) == "Hmac") { - if (key === undefined) - throw "hexadecimal key shall be specified for HMAC"; - var mac = new KJUR.crypto.Mac({'alg': sigAlg, 'pass': hextorstr(key)}); - mac.updateString(uSignatureInput); - hSig = mac.doFinal(); - } else if (sigAlg.indexOf("withECDSA") != -1) { - var sig = new KJUR.crypto.Signature({'alg': sigAlg}); - sig.init(key, pass); - sig.updateString(uSignatureInput); - hASN1Sig = sig.sign(); - hSig = KJUR.crypto.ECDSA.asn1SigToConcatSig(hASN1Sig); - } else if (sigAlg != "none") { - var sig = new KJUR.crypto.Signature({'alg': sigAlg}); - sig.init(key, pass); - sig.updateString(uSignatureInput); - hSig = sig.sign(); - } - - var uSig = hextob64u(hSig); - return uSignatureInput + "." + uSig; -}; - -/** - * verify JWS signature by specified key or certificate
- * @name verify - * @memberOf KJUR.jws.JWS - * @function - * @static - * @param {String} sJWS string of JWS signature to verify - * @param {Object} key string of public key, certificate or key object to verify - * @param {String} acceptAlgs array of algorithm name strings (OPTION) - * @return {Boolean} true if the signature is valid otherwise false - * @since jws 3.0.0 - * @see jsrsasign KJUR.crypto.Signature method - * @see jsrsasign KJUR.crypto.Mac method - * @description - *

- * This method verifies a JSON Web Signature Compact Serialization string by the validation - * algorithm as described in - * - * the section 5 of Internet Draft draft-jones-json-web-signature-04. - *

- *

- * Since 3.2.0 strict key checking has been provided against a JWS algorithm - * in a JWS header. - *

    - *
  • In case 'alg' is 'HS*' in the JWS header, - * 'key' shall be hexadecimal string for Hmac{256,384,512} shared secret key. - * Otherwise it raise an error.
  • - *
  • In case 'alg' is 'RS*' or 'PS*' in the JWS header, - * 'key' shall be a RSAKey object or a PEM string of - * X.509 RSA public key certificate or PKCS#8 RSA public key. - * Otherwise it raise an error.
  • - *
  • In case 'alg' is 'ES*' in the JWS header, - * 'key' shall be a KJUR.crypto.ECDSA object or a PEM string of - * X.509 ECC public key certificate or PKCS#8 ECC public key. - * Otherwise it raise an error.
  • - *
  • In case 'alg' is 'none' in the JWS header, - * validation not supported after jsjws 3.1.0.
  • - *
- *

- *

- * NOTE1: The argument 'acceptAlgs' is supported since 3.2.0. - * Strongly recommended to provide acceptAlgs to mitigate - * signature replacement attacks.
- *

- * @example - * // 1) verify a RS256 JWS signature by a certificate string. - * var isValid = KJUR.jws.JWS.verify('eyJh...', '-----BEGIN...', ['RS256']); - * - * // 2) verify a HS256 JWS signature by a certificate string. - * var isValid = KJUR.jws.JWS.verify('eyJh...', '6f62ad...', ['HS256']); - * - * // 3) verify a ES256 JWS signature by a KJUR.crypto.ECDSA key object. - * var pubkey = KEYUTIL.getKey('-----BEGIN CERT...'); - * var isValid = KJUR.jws.JWS.verify('eyJh...', pubkey); - */ -KJUR.jws.JWS.verify = function(sJWS, key, acceptAlgs) { - var jws = KJUR.jws.JWS; - var a = sJWS.split("."); - var uHeader = a[0]; - var uPayload = a[1]; - var uSignatureInput = uHeader + "." + uPayload; - var hSig = b64utohex(a[2]); - - // 1. parse JWS header - var pHeader = jws.readSafeJSONString(b64utoutf8(a[0])); - var alg = null; - var algType = null; // HS|RS|PS|ES|no - if (pHeader.alg === undefined) { - throw "algorithm not specified in header"; - } else { - alg = pHeader.alg; - algType = alg.substr(0, 2); - } - - // 2. check whether alg is acceptable algorithms - if (acceptAlgs != null && - Object.prototype.toString.call(acceptAlgs) === '[object Array]' && - acceptAlgs.length > 0) { - var acceptAlgStr = ":" + acceptAlgs.join(":") + ":"; - if (acceptAlgStr.indexOf(":" + alg + ":") == -1) { - throw "algorithm '" + alg + "' not accepted in the list"; - } - } - - // 3. check whether key is a proper key for alg. - if (alg != "none" && key === null) { - throw "key shall be specified to verify."; - } - - // 3.1. check whether key is hexstr if alg is HS*. - if (algType == "HS") { - if (typeof key != "string" && - key.length != 0 && - key.length % 2 != 0 && - ! key.match(/^[0-9A-Fa-f]+/)) { - throw "key shall be a hexadecimal str for HS* algs"; - } - } - - // 3.2. convert key object if key is a public key or cert PEM string - if (typeof key == "string" && - key.indexOf("-----BEGIN ") != -1) { - key = KEYUTIL.getKey(key); - } - - // 3.3. check whether key is RSAKey obj if alg is RS* or PS*. - if (algType == "RS" || algType == "PS") { - if (!(key instanceof RSAKey)) { - throw "key shall be a RSAKey obj for RS* and PS* algs"; - } - } - - // 3.4. check whether key is ECDSA obj if alg is ES*. - if (algType == "ES") { - if (!(key instanceof KJUR.crypto.ECDSA)) { - throw "key shall be a ECDSA obj for ES* algs"; - } - } - - // 3.5. check when alg is 'none' - if (alg == "none") { - } - - // 4. check whether alg is supported alg in jsjws. - var sigAlg = null; - if (jws.jwsalg2sigalg[pHeader.alg] === undefined) { - throw "unsupported alg name: " + alg; - } else { - sigAlg = jws.jwsalg2sigalg[alg]; - } - - // 5. verify - if (sigAlg == "none") { - throw "not supported"; - } else if (sigAlg.substr(0, 4) == "Hmac") { - if (key === undefined) - throw "hexadecimal key shall be specified for HMAC"; - var mac = new KJUR.crypto.Mac({'alg': sigAlg, 'pass': hextorstr(key)}); - mac.updateString(uSignatureInput); - hSig2 = mac.doFinal(); - return hSig == hSig2; - } else if (sigAlg.indexOf("withECDSA") != -1) { - var hASN1Sig = null; - try { - hASN1Sig = KJUR.crypto.ECDSA.concatSigToASN1Sig(hSig); - } catch (ex) { - return false; - } - var sig = new KJUR.crypto.Signature({'alg': sigAlg}); - sig.init(key) - sig.updateString(uSignatureInput); - return sig.verify(hASN1Sig); - } else { - var sig = new KJUR.crypto.Signature({'alg': sigAlg}); - sig.init(key) - sig.updateString(uSignatureInput); - return sig.verify(hSig); - } -}; - -/** - * @name verifyJWT - * @memberOf KJUR.jws.JWS - * @function - * @static - * @param {String} sJWT string of JSON Web Token(JWT) to verify - * @param {Object} key string of public key, certificate or key object to verify - * @param {Array} acceptField associative array of acceptable fields (OPTION) - * @return {Boolean} true if the JWT token is valid otherwise false - * @since jws 3.2.3 jsrsasign 4.8.0 - * @description - * This method verifies a - * RFC 7519 - * JSON Web Token(JWT). - * It will verify following: - *
    - *
  • Header.alg - *
      - *
    • alg is specified in JWT header.
    • - *
    • alg is included in acceptField.alg array. (MANDATORY)
    • - *
    • alg is proper for key.
    • - *
    - *
  • - *
  • Payload.iss (issuer) - Payload.iss is included in acceptField.iss array if specified. (OPTION)
  • - *
  • Payload.sub (subject) - Payload.sub is included in acceptField.sub array if specified. (OPTION)
  • - *
  • Payload.aud (audience) - Payload.aud is included in acceptField.aud array or - * the same as value if specified. (OPTION)
  • - *
  • Time validity - *
      - *
    • If acceptField.verifyAt as number of UNIX origin time is specifed for validation time, - * this method will verify at the time for it, otherwise current time will be used to verify.
    • - *
    • Payload.exp (expire) - Validation time is smaller than Payloead.exp.
    • - *
    • Payload.nbf (not before) - Validation time is greater than Payloead.nbf.
    • - *
    • Payload.iat (issued at) - Validation time is greater than Payloead.iat.
    • - *
    - *
  • - *
  • Payload.jti (JWT id) - Payload.jti is included in acceptField.jti if specified. (OPTION)
  • - *
  • JWS signature of JWS is valid for specified key.
  • - *
- * - * @example - * // simple validation for HS256 - * isValid = KJUR.jws.JWS.verifyJWT("eyJhbG...", "616161", {alg: ["HS256"]}), - * - * // full validation for RS or PS - * pubkey = KEYUTIL.getKey('-----BEGIN CERT...'); - * isValid = KJUR.jws.JWS.verifyJWT('eyJh...', pubkey, { - * alg: ['RS256', 'RS512', 'PS256', 'PS512'], - * iss: ['http://foo.com'], - * sub: ['mailto:john@foo.com', 'mailto:alice@foo.com'], - * verifyAt: KJUR.jws.IntDate.get('20150520235959Z'), - * aud: ['http://foo.com'], // aud: 'http://foo.com' is fine too. - * jti: 'id123456' - * }); - */ -KJUR.jws.JWS.verifyJWT = function(sJWT, key, acceptField) { - var ns1 = KJUR.jws.JWS; - - // 1. parse JWT - var a = sJWT.split("."); - var uHeader = a[0]; - var uPayload = a[1]; - var uSignatureInput = uHeader + "." + uPayload; - var hSig = b64utohex(a[2]); - - // 2. parse JWS header - var pHeader = ns1.readSafeJSONString(b64utoutf8(uHeader)); - - // 3. parse JWS payload - var pPayload = ns1.readSafeJSONString(b64utoutf8(uPayload)); - - // 4. algorithm ('alg' in header) check - if (pHeader.alg === undefined) return false; - if (acceptField.alg === undefined) - throw "acceptField.alg shall be specified"; - if (! ns1.inArray(pHeader.alg, acceptField.alg)) return false; - - // 5. issuer ('iss' in payload) check - if (pPayload.iss !== undefined && typeof acceptField.iss === "object") { - if (! ns1.inArray(pPayload.iss, acceptField.iss)) return false; - } - - // 6. subject ('sub' in payload) check - if (pPayload.sub !== undefined && typeof acceptField.sub === "object") { - if (! ns1.inArray(pPayload.sub, acceptField.sub)) return false; - } - - // 7. audience ('aud' in payload) check - if (pPayload.aud !== undefined && typeof acceptField.aud === "object") { - if (typeof pPayload.aud == "string") { - if (! ns1.inArray(pPayload.aud, acceptField.aud)) - return false; - } else if (typeof pPayload.aud == "object") { - if (! ns1.includedArray(pPayload.aud, acceptField.aud)) - return false; - } - } - - // 8. time validity (nbf < now < exp) && (iat <= now) - var now = KJUR.jws.IntDate.getNow(); - if (acceptField.verifyAt !== undefined && typeof acceptField.verifyAt == "number") { - now = acceptField.verifyAt; - } - - // 8.1 expired time 'exp' check - if (pPayload.exp !== undefined && typeof pPayload.exp == "number") { - if (pPayload.exp < now) return false; - } - - // 8.2 not before time 'nbf' check - if (pPayload.nbf !== undefined && typeof pPayload.nbf == "number") { - if (now < pPayload.nbf) return false; - } - - // 8.3 issued at time 'iat' check - if (pPayload.iat !== undefined && typeof pPayload.iat == "number") { - if (now < pPayload.iat) return false; - } - - // 9 JWT id 'jti' check - if (pPayload.jti !== undefined && acceptField.jti !== undefined) { - if (pPayload.jti !== acceptField.jti) return false; - } - - // 10 JWS signature check - if (! KJUR.jws.JWS.verify(sJWT, key, acceptField.alg)) return false; - - // 11 passed all check - return true; -}; - -/** - * check whether array is included by another array - * @name includedArray - * @memberOf KJUR.jws.JWS - * @function - * @static - * @param {Array} a1 check whether set a1 is included by a2 - * @param {Array} a2 check whether set a1 is included by a2 - * @return {Boolean} check whether set a1 is included by a2 - * @since jws 3.2.3 - * This method verifies whether an array is included by another array. - * It doesn't care about item ordering in a array. - * @example - * KJUR.jws.JWS.includedArray(['b'], ['b', 'c', 'a']) => true - * KJUR.jws.JWS.includedArray(['a', 'b'], ['b', 'c', 'a']) => true - * KJUR.jws.JWS.includedArray(['a', 'b'], ['b', 'c']) => false - */ -KJUR.jws.JWS.includedArray = function(a1, a2) { - var inArray = KJUR.jws.JWS.inArray; - if (a1 === null) return false; - if (typeof a1 !== "object") return false; - if (typeof a1.length !== "number") return false; - - for (var i = 0; i < a1.length; i++) { - if (! inArray(a1[i], a2)) return false; - } - return true; -}; - -/** - * check whether item is included by array - * @name inArray - * @memberOf KJUR.jws.JWS - * @function - * @static - * @param {String} item check whether item is included by array - * @param {Array} a check whether item is included by array - * @return {Boolean} check whether item is included by array - * @since jws 3.2.3 - * This method verifies whether an item is included by an array. - * It doesn't care about item ordering in an array. - * @example - * KJUR.jws.JWS.inArray('b', ['b', 'c', 'a']) => true - * KJUR.jws.JWS.inArray('a', ['b', 'c', 'a']) => true - * KJUR.jws.JWS.inArray('a', ['b', 'c']) => false - */ -KJUR.jws.JWS.inArray = function(item, a) { - if (a === null) return false; - if (typeof a !== "object") return false; - if (typeof a.length !== "number") return false; - for (var i = 0; i < a.length; i++) { - if (a[i] == item) return true; - } - return false; -}; - -/* - * @since jws 3.0.0 - */ -KJUR.jws.JWS.jwsalg2sigalg = { - "HS256": "HmacSHA256", - "HS384": "HmacSHA384", - "HS512": "HmacSHA512", - "RS256": "SHA256withRSA", - "RS384": "SHA384withRSA", - "RS512": "SHA512withRSA", - "ES256": "SHA256withECDSA", - "ES384": "SHA384withECDSA", - //"ES512": "SHA512withECDSA", // unsupported because of jsrsasign's bug - "PS256": "SHA256withRSAandMGF1", - "PS384": "SHA384withRSAandMGF1", - "PS512": "SHA512withRSAandMGF1", - "none": "none", -}; - -// === utility static method ====================================================== - -/** - * check whether a String "s" is a safe JSON string or not.
- * If a String "s" is a malformed JSON string or an other object type - * this returns 0, otherwise this returns 1. - * @name isSafeJSONString - * @memberOf KJUR.jws.JWS - * @function - * @static - * @param {String} s JSON string - * @return {Number} 1 or 0 - */ -KJUR.jws.JWS.isSafeJSONString = function(s, h, p) { - var o = null; - try { - o = jsonParse(s); - if (typeof o != "object") return 0; - if (o.constructor === Array) return 0; - if (h) h[p] = o; - return 1; - } catch (ex) { - return 0; - } -}; - -/** - * read a String "s" as JSON object if it is safe.
- * If a String "s" is a malformed JSON string or not JSON string, - * this returns null, otherwise returns JSON object. - * @name readSafeJSONString - * @memberOf KJUR.jws.JWS - * @function - * @static - * @param {String} s JSON string - * @return {Object} JSON object or null - * @since 1.1.1 - */ -KJUR.jws.JWS.readSafeJSONString = function(s) { - var o = null; - try { - o = jsonParse(s); - if (typeof o != "object") return null; - if (o.constructor === Array) return null; - return o; - } catch (ex) { - return null; - } -}; - -/** - * get Encoed Signature Value from JWS string.
- * @name getEncodedSignatureValueFromJWS - * @memberOf KJUR.jws.JWS - * @function - * @static - * @param {String} sJWS JWS signature string to be verified - * @return {String} string of Encoded Signature Value - * @throws if sJWS is not comma separated string such like "Header.Payload.Signature". - */ -KJUR.jws.JWS.getEncodedSignatureValueFromJWS = function(sJWS) { - if (sJWS.match(/^[^.]+\.[^.]+\.([^.]+)$/) == null) { - throw "JWS signature is not a form of 'Head.Payload.SigValue'."; - } - return RegExp.$1; -}; - -/** - * IntDate class for time representation for JSON Web Token(JWT) - * @class KJUR.jws.IntDate class - * @name KJUR.jws.IntDate - * @since jws 3.0.1 - * @description - * Utility class for IntDate which is integer representation of UNIX origin time - * used in JSON Web Token(JWT). - */ -KJUR.jws.IntDate = function() { -}; - -/** - * @name get - * @memberOf KJUR.jws.IntDate - * @function - * @static - * @param {String} s string of time representation - * @return {Integer} UNIX origin time in seconds for argument 's' - * @since jws 3.0.1 - * @throws "unsupported format: s" when malformed format - * @description - * This method will accept following representation of time. - *
    - *
  • now - current time
  • - *
  • now + 1hour - after 1 hour from now
  • - *
  • now + 1day - after 1 day from now
  • - *
  • now + 1month - after 30 days from now
  • - *
  • now + 1year - after 365 days from now
  • - *
  • YYYYmmDDHHMMSSZ - UTC time (ex. 20130828235959Z)
  • - *
  • number - UNIX origin time (seconds from 1970-01-01 00:00:00) (ex. 1377714748)
  • - *
- */ -KJUR.jws.IntDate.get = function(s) { - if (s == "now") { - return KJUR.jws.IntDate.getNow(); - } else if (s == "now + 1hour") { - return KJUR.jws.IntDate.getNow() + 60 * 60; - } else if (s == "now + 1day") { - return KJUR.jws.IntDate.getNow() + 60 * 60 * 24; - } else if (s == "now + 1month") { - return KJUR.jws.IntDate.getNow() + 60 * 60 * 24 * 30; - } else if (s == "now + 1year") { - return KJUR.jws.IntDate.getNow() + 60 * 60 * 24 * 365; - } else if (s.match(/Z$/)) { - return KJUR.jws.IntDate.getZulu(s); - } else if (s.match(/^[0-9]+$/)) { - return parseInt(s); - } - throw "unsupported format: " + s; -}; - -KJUR.jws.IntDate.getZulu = function(s) { - if (a = s.match(/(\d{4})(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z/)) { - var year = parseInt(RegExp.$1); - var month = parseInt(RegExp.$2) - 1; - var day = parseInt(RegExp.$3); - var hour = parseInt(RegExp.$4); - var min = parseInt(RegExp.$5); - var sec = parseInt(RegExp.$6); - var d = new Date(Date.UTC(year, month, day, hour, min, sec)); - return ~~(d / 1000); - } - throw "unsupported format: " + s; -}; - -/* - * @since jws 3.0.1 - */ -KJUR.jws.IntDate.getNow = function() { - var d = ~~(new Date() / 1000); - return d; -}; - -/* - * @since jws 3.0.1 - */ -KJUR.jws.IntDate.intDate2UTCString = function(intDate) { - var d = new Date(intDate * 1000); - return d.toUTCString(); -}; - -/* - * @since jws 3.0.1 - */ -KJUR.jws.IntDate.intDate2Zulu = function(intDate) { - var d = new Date(intDate * 1000); - var year = ("0000" + d.getUTCFullYear()).slice(-4); - var mon = ("00" + (d.getUTCMonth() + 1)).slice(-2); - var day = ("00" + d.getUTCDate()).slice(-2); - var hour = ("00" + d.getUTCHours()).slice(-2); - var min = ("00" + d.getUTCMinutes()).slice(-2); - var sec = ("00" + d.getUTCSeconds()).slice(-2); - return year + mon + day + hour + min + sec + "Z"; -}; diff --git a/src/jws-3.3.js b/src/jws-3.3.js index a099ff92..45ffd915 100644 --- a/src/jws-3.3.js +++ b/src/jws-3.3.js @@ -1,10 +1,8 @@ -/*! jws-3.3.6 (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license +/* jws-3.3.7 (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * jws.js - JSON Web Signature(JWS) and JSON Web Token(JWT) Class * - * version: 3.3.6 (2017 Apr 15) - * * Copyright (c) 2010-2017 Kenji Urushima (kenji.urushima@gmail.com) * * This software is licensed under the terms of the MIT License. @@ -18,7 +16,7 @@ * @fileOverview * @name jws-3.3.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version 3.3.6 (2017-Apr-15) + * @version jsrsasign 7.2.1 jws 3.3.7 (2017-Jun-03) * @since jsjws 1.0, jsrsasign 4.8.0 * @license MIT License */ @@ -115,7 +113,9 @@ if (typeof KJUR.jws == "undefined" || !KJUR.jws) KJUR.jws = {}; * }); */ KJUR.jws.JWS = function() { - var ns1 = KJUR.jws.JWS; + var _KJUR = KJUR, + _KJUR_jws_JWS = _KJUR.jws.JWS, + _isSafeJSONString = _KJUR_jws_JWS.isSafeJSONString; // === utility ============================================================= @@ -134,7 +134,7 @@ KJUR.jws.JWS = function() { (sigValNotNeeded || (this.parsedJWS.sigvalH !== undefined))) { return; } - var matchResult = sJWS.match(/^([^.]+)\.([^.]+)\.([^.]+)$/); + var matchResult = sJWS.match(/^([^.]+)\.([^.]+)\.([^.]+)$/); if (matchResult == null) { throw "JWS signature is not a form of 'Head.Payload.SigValue'."; } @@ -160,7 +160,7 @@ KJUR.jws.JWS = function() { this.parsedJWS.headS = sHead; this.parsedJWS.payloadS = sPayload; - if (! ns1.isSafeJSONString(sHead, this.parsedJWS, 'headP')) + if (! _isSafeJSONString(sHead, this.parsedJWS, 'headP')) throw "malformed JSON string for JWS Head: " + sHead; }; }; @@ -234,7 +234,18 @@ KJUR.jws.JWS = function() { * sJWS = KJUR.jws.JWS.sign(null, '{alg:"HS256",cty:"JWT"}', '{age:21}', "aaa"); */ KJUR.jws.JWS.sign = function(alg, spHeader, spPayload, key, pass) { - var ns1 = KJUR.jws.JWS; + var _KJUR = KJUR, + _KJUR_jws = _KJUR.jws, + _KJUR_jws_JWS = _KJUR_jws.JWS, + _readSafeJSONString = _KJUR_jws_JWS.readSafeJSONString, + _isSafeJSONString = _KJUR_jws_JWS.isSafeJSONString, + _KJUR_crypto = _KJUR.crypto, + _ECDSA = _KJUR_crypto.ECDSA, + _Mac = _KJUR_crypto.Mac, + _Signature = _KJUR_crypto.Signature, + _RSAKey = RSAKey, + _JSON = JSON; + var sHeader, pHeader, sPayload; // 1. check signatureInput(Header, Payload) is string or object @@ -243,19 +254,19 @@ KJUR.jws.JWS.sign = function(alg, spHeader, spPayload, key, pass) { if (typeof spHeader == 'object') { pHeader = spHeader; - sHeader = JSON.stringify(pHeader); + sHeader = _JSON.stringify(pHeader); } if (typeof spHeader == 'string') { sHeader = spHeader; - if (! ns1.isSafeJSONString(sHeader)) + if (! _isSafeJSONString(sHeader)) throw "JWS Head is not safe JSON string: " + sHeader; - pHeader = ns1.readSafeJSONString(sHeader); + pHeader = _readSafeJSONString(sHeader); } sPayload = spPayload; - if (typeof spPayload == 'object') sPayload = JSON.stringify(spPayload); + if (typeof spPayload == 'object') sPayload = _JSON.stringify(spPayload); // 2. use alg if defined in sHeader if ((alg == '' || alg == null) && @@ -267,7 +278,7 @@ KJUR.jws.JWS.sign = function(alg, spHeader, spPayload, key, pass) { if ((alg != '' && alg != null) && pHeader['alg'] === undefined) { pHeader['alg'] = alg; - sHeader = JSON.stringify(pHeader); + sHeader = _JSON.stringify(pHeader); } // 4. check explicit algorithm doesn't match with JWS header. @@ -276,10 +287,10 @@ KJUR.jws.JWS.sign = function(alg, spHeader, spPayload, key, pass) { // 5. set signature algorithm like SHA1withRSA var sigAlg = null; - if (ns1.jwsalg2sigalg[alg] === undefined) { + if (_KJUR_jws_JWS.jwsalg2sigalg[alg] === undefined) { throw "unsupported alg name: " + alg; } else { - sigAlg = ns1.jwsalg2sigalg[alg]; + sigAlg = _KJUR_jws_JWS.jwsalg2sigalg[alg]; } var uHeader = utf8tob64u(sHeader); @@ -291,17 +302,17 @@ KJUR.jws.JWS.sign = function(alg, spHeader, spPayload, key, pass) { if (key === undefined) throw "mac key shall be specified for HS* alg"; //alert("sigAlg=" + sigAlg); - var mac = new KJUR.crypto.Mac({'alg': sigAlg, 'prov': 'cryptojs', 'pass': key}); + var mac = new _Mac({'alg': sigAlg, 'prov': 'cryptojs', 'pass': key}); mac.updateString(uSignatureInput); hSig = mac.doFinal(); } else if (sigAlg.indexOf("withECDSA") != -1) { - var sig = new KJUR.crypto.Signature({'alg': sigAlg}); + var sig = new _Signature({'alg': sigAlg}); sig.init(key, pass); sig.updateString(uSignatureInput); hASN1Sig = sig.sign(); hSig = KJUR.crypto.ECDSA.asn1SigToConcatSig(hASN1Sig); } else if (sigAlg != "none") { - var sig = new KJUR.crypto.Signature({'alg': sigAlg}); + var sig = new _Signature({'alg': sigAlg}); sig.init(key, pass); sig.updateString(uSignatureInput); hSig = sig.sign(); @@ -380,7 +391,16 @@ KJUR.jws.JWS.sign = function(alg, spHeader, spPayload, key, pass) { * var isValid = KJUR.jws.JWS.verify('eyJh...', pubkey); */ KJUR.jws.JWS.verify = function(sJWS, key, acceptAlgs) { - var jws = KJUR.jws.JWS; + var _KJUR = KJUR, + _KJUR_jws = _KJUR.jws, + _KJUR_jws_JWS = _KJUR_jws.JWS, + _readSafeJSONString = _KJUR_jws_JWS.readSafeJSONString, + _KJUR_crypto = _KJUR.crypto, + _ECDSA = _KJUR_crypto.ECDSA, + _Mac = _KJUR_crypto.Mac, + _Signature = _KJUR_crypto.Signature, + _RSAKey = RSAKey; + var a = sJWS.split("."); var uHeader = a[0]; var uPayload = a[1]; @@ -388,7 +408,7 @@ KJUR.jws.JWS.verify = function(sJWS, key, acceptAlgs) { var hSig = b64utohex(a[2]); // 1. parse JWS header - var pHeader = jws.readSafeJSONString(b64utoutf8(a[0])); + var pHeader = _readSafeJSONString(b64utoutf8(a[0])); var alg = null; var algType = null; // HS|RS|PS|ES|no if (pHeader.alg === undefined) { @@ -424,14 +444,14 @@ KJUR.jws.JWS.verify = function(sJWS, key, acceptAlgs) { // 3.3. check whether key is RSAKey obj if alg is RS* or PS*. if (algType == "RS" || algType == "PS") { - if (!(key instanceof RSAKey)) { + if (!(key instanceof _RSAKey)) { throw "key shall be a RSAKey obj for RS* and PS* algs"; } } // 3.4. check whether key is ECDSA obj if alg is ES*. if (algType == "ES") { - if (!(key instanceof KJUR.crypto.ECDSA)) { + if (!(key instanceof _ECDSA)) { throw "key shall be a ECDSA obj for ES* algs"; } } @@ -442,10 +462,10 @@ KJUR.jws.JWS.verify = function(sJWS, key, acceptAlgs) { // 4. check whether alg is supported alg in jsjws. var sigAlg = null; - if (jws.jwsalg2sigalg[pHeader.alg] === undefined) { + if (_KJUR_jws_JWS.jwsalg2sigalg[pHeader.alg] === undefined) { throw "unsupported alg name: " + alg; } else { - sigAlg = jws.jwsalg2sigalg[alg]; + sigAlg = _KJUR_jws_JWS.jwsalg2sigalg[alg]; } // 5. verify @@ -456,7 +476,7 @@ KJUR.jws.JWS.verify = function(sJWS, key, acceptAlgs) { if (key === undefined) throw "hexadecimal key shall be specified for HMAC"; //try { - var mac = new KJUR.crypto.Mac({'alg': sigAlg, 'pass': key}); + var mac = new _Mac({'alg': sigAlg, 'pass': key}); mac.updateString(uSignatureInput); hSig2 = mac.doFinal(); //} catch(ex) {}; @@ -464,16 +484,16 @@ KJUR.jws.JWS.verify = function(sJWS, key, acceptAlgs) { } else if (sigAlg.indexOf("withECDSA") != -1) { var hASN1Sig = null; try { - hASN1Sig = KJUR.crypto.ECDSA.concatSigToASN1Sig(hSig); + hASN1Sig = _ECDSA.concatSigToASN1Sig(hSig); } catch (ex) { return false; } - var sig = new KJUR.crypto.Signature({'alg': sigAlg}); + var sig = new _Signature({'alg': sigAlg}); sig.init(key) sig.updateString(uSignatureInput); return sig.verify(hASN1Sig); } else { - var sig = new KJUR.crypto.Signature({'alg': sigAlg}); + var sig = new _Signature({'alg': sigAlg}); sig.init(key) sig.updateString(uSignatureInput); return sig.verify(hSig); @@ -633,7 +653,12 @@ KJUR.jws.JWS.parse = function(sJWS) { * }); */ KJUR.jws.JWS.verifyJWT = function(sJWT, key, acceptField) { - var ns1 = KJUR.jws.JWS; + var _KJUR = KJUR, + _KJUR_jws = _KJUR.jws, + _KJUR_jws_JWS = _KJUR_jws.JWS, + _readSafeJSONString = _KJUR_jws_JWS.readSafeJSONString, + _inArray = _KJUR_jws_JWS.inArray, + _includedArray = _KJUR_jws_JWS.includedArray; // 1. parse JWT var a = sJWT.split("."); @@ -643,41 +668,41 @@ KJUR.jws.JWS.verifyJWT = function(sJWT, key, acceptField) { var hSig = b64utohex(a[2]); // 2. parse JWS header - var pHeader = ns1.readSafeJSONString(b64utoutf8(uHeader)); + var pHeader = _readSafeJSONString(b64utoutf8(uHeader)); // 3. parse JWS payload - var pPayload = ns1.readSafeJSONString(b64utoutf8(uPayload)); + var pPayload = _readSafeJSONString(b64utoutf8(uPayload)); // 4. algorithm ('alg' in header) check if (pHeader.alg === undefined) return false; if (acceptField.alg === undefined) throw "acceptField.alg shall be specified"; - if (! ns1.inArray(pHeader.alg, acceptField.alg)) return false; + if (! _inArray(pHeader.alg, acceptField.alg)) return false; // 5. issuer ('iss' in payload) check if (pPayload.iss !== undefined && typeof acceptField.iss === "object") { - if (! ns1.inArray(pPayload.iss, acceptField.iss)) return false; + if (! _inArray(pPayload.iss, acceptField.iss)) return false; } // 6. subject ('sub' in payload) check if (pPayload.sub !== undefined && typeof acceptField.sub === "object") { - if (! ns1.inArray(pPayload.sub, acceptField.sub)) return false; + if (! _inArray(pPayload.sub, acceptField.sub)) return false; } // 7. audience ('aud' in payload) check if (pPayload.aud !== undefined && typeof acceptField.aud === "object") { if (typeof pPayload.aud == "string") { - if (! ns1.inArray(pPayload.aud, acceptField.aud)) + if (! _inArray(pPayload.aud, acceptField.aud)) return false; } else if (typeof pPayload.aud == "object") { - if (! ns1.includedArray(pPayload.aud, acceptField.aud)) + if (! _includedArray(pPayload.aud, acceptField.aud)) return false; } } // 8. time validity // (nbf - gracePeriod < now < exp + gracePeriod) && (iat - gracePeriod < now) - var now = KJUR.jws.IntDate.getNow(); + var now = _KJUR_jws.IntDate.getNow(); if (acceptField.verifyAt !== undefined && typeof acceptField.verifyAt === "number") { now = acceptField.verifyAt; } @@ -707,7 +732,7 @@ KJUR.jws.JWS.verifyJWT = function(sJWT, key, acceptField) { } // 10 JWS signature check - if (! KJUR.jws.JWS.verify(sJWT, key, acceptField.alg)) return false; + if (! _KJUR_jws_JWS.verify(sJWT, key, acceptField.alg)) return false; // 11 passed all check return true; @@ -731,13 +756,13 @@ KJUR.jws.JWS.verifyJWT = function(sJWT, key, acceptField) { * KJUR.jws.JWS.includedArray(['a', 'b'], ['b', 'c']) => false */ KJUR.jws.JWS.includedArray = function(a1, a2) { - var inArray = KJUR.jws.JWS.inArray; + var _inArray = KJUR.jws.JWS.inArray; if (a1 === null) return false; if (typeof a1 !== "object") return false; if (typeof a1.length !== "number") return false; for (var i = 0; i < a1.length; i++) { - if (! inArray(a1[i], a2)) return false; + if (! _inArray(a1[i], a2)) return false; } return true; }; @@ -951,18 +976,22 @@ KJUR.jws.IntDate = {}; * */ KJUR.jws.IntDate.get = function(s) { + var _KJUR_jws_IntDate = KJUR.jws.IntDate, + _getNow = _KJUR_jws_IntDate.getNow, + _getZulu = _KJUR_jws_IntDate.getZulu; + if (s == "now") { - return KJUR.jws.IntDate.getNow(); + return _getNow(); } else if (s == "now + 1hour") { - return KJUR.jws.IntDate.getNow() + 60 * 60; + return _getNow() + 60 * 60; } else if (s == "now + 1day") { - return KJUR.jws.IntDate.getNow() + 60 * 60 * 24; + return _getNow() + 60 * 60 * 24; } else if (s == "now + 1month") { - return KJUR.jws.IntDate.getNow() + 60 * 60 * 24 * 30; + return _getNow() + 60 * 60 * 24 * 30; } else if (s == "now + 1year") { - return KJUR.jws.IntDate.getNow() + 60 * 60 * 24 * 365; + return _getNow() + 60 * 60 * 24 * 365; } else if (s.match(/Z$/)) { - return KJUR.jws.IntDate.getZulu(s); + return _getZulu(s); } else if (s.match(/^[0-9]+$/)) { return parseInt(s); } @@ -1047,13 +1076,13 @@ KJUR.jws.IntDate.intDate2UTCString = function(intDate) { * KJUR.jws.IntDate.intDate2UTCString(1478...) => "20151012...Z" */ KJUR.jws.IntDate.intDate2Zulu = function(intDate) { - var d = new Date(intDate * 1000); - var year = ("0000" + d.getUTCFullYear()).slice(-4); - var mon = ("00" + (d.getUTCMonth() + 1)).slice(-2); - var day = ("00" + d.getUTCDate()).slice(-2); - var hour = ("00" + d.getUTCHours()).slice(-2); - var min = ("00" + d.getUTCMinutes()).slice(-2); - var sec = ("00" + d.getUTCSeconds()).slice(-2); + var d = new Date(intDate * 1000), + year = ("0000" + d.getUTCFullYear()).slice(-4), + mon = ("00" + (d.getUTCMonth() + 1)).slice(-2), + day = ("00" + d.getUTCDate()).slice(-2), + hour = ("00" + d.getUTCHours()).slice(-2), + min = ("00" + d.getUTCMinutes()).slice(-2), + sec = ("00" + d.getUTCSeconds()).slice(-2); return year + mon + day + hour + min + sec + "Z"; }; diff --git a/src/jwsjs-2.0.js b/src/jwsjs-2.0.js index dd2f5bee..ec726206 100755 --- a/src/jwsjs-2.0.js +++ b/src/jwsjs-2.0.js @@ -1,11 +1,9 @@ -/*! jwsjs-2.1.0 (c) 2010-2016 Kenji Urushima | kjur.github.com/jsrsasign/license +/* jwsjs-2.1.1 (c) 2010-2016 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * jwsjs.js - JSON Web Signature JSON Serialization (JWSJS) Class * - * version: 2.1.0 (2016 Sep 6) - * - * Copyright (c) 2010-2016 Kenji Urushima (kenji.urushima@gmail.com) + * Copyright (c) 2010-2017 Kenji Urushima (kenji.urushima@gmail.com) * * This software is licensed under the terms of the MIT License. * http://kjur.github.com/jsrsasign/license/ @@ -18,7 +16,7 @@ * @fileOverview * @name jwsjs-2.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version 2.1.0 (2016 Sep 6) + * @version jsrsasign 7.2.1 jwsjs 2.1.1 (2017-Jun-03) * @since jsjws 1.2, jsrsasign 4.8.0 * @license MIT License */ @@ -71,14 +69,16 @@ if (typeof KJUR.jws == "undefined" || !KJUR.jws) KJUR.jws = {}; * */ KJUR.jws.JWSJS = function() { - var ns1 = KJUR.jws.JWS; - var nJWS = KJUR.jws.JWS; + var _KJUR = KJUR, + _KJUR_jws = _KJUR.jws, + _KJUR_jws_JWS = _KJUR_jws.JWS, + _readSafeJSONString = _KJUR_jws_JWS.readSafeJSONString; this.aHeader = []; this.sPayload = ""; this.aSignature = []; - // == initialize =================================================================== + // == initialize ========================================================== /** * (re-)initialize this object.
* @name init @@ -113,7 +113,7 @@ KJUR.jws.JWSJS = function() { this.aSignature.push(a[2]); }; - // == add signature =================================================================== + // == add signature ======================================================= /** * add a signature to existing JWS-JS by algorithm, header and key.
* @name addSignature @@ -200,7 +200,7 @@ KJUR.jws.JWSJS = function() { this.aSignature.push(jws.parsedJWS.sigvalB64U); }; - // == verify signature =================================================================== + // == verify signature ==================================================== /** * verify all signature of JWS-JS object by array of key and acceptAlgs.
* @name verifyAll @@ -253,7 +253,7 @@ KJUR.jws.JWSJS = function() { var sJWS = sHeader + "." + this.sPayload + "." + sSignature; var result = false; try { - result = nJWS.verify(sJWS, key, acceptAlgs); + result = _KJUR_jws_JWS.verify(sJWS, key, acceptAlgs); } catch (ex) { return false; } @@ -323,7 +323,7 @@ KJUR.jws.JWSJS = function() { */ this.readJWSJS = function(spJWSJS) { if (typeof spJWSJS === "string") { - var oJWSJS = ns1.readSafeJSONString(spJWSJS); + var oJWSJS = _readSafeJSONString(spJWSJS); if (oJWSJS == null) throw "argument is not safe JSON object string"; this.aHeader = oJWSJS.headers; @@ -352,7 +352,7 @@ KJUR.jws.JWSJS = function() { } }; - // == utility =================================================================== + // == utility ============================================================= /** * get JSON object for this JWS-JS object.
* @name getJSON diff --git a/src/keyutil-1.0.js b/src/keyutil-1.0.js index a2679b8c..b9dc35a1 100644 --- a/src/keyutil-1.0.js +++ b/src/keyutil-1.0.js @@ -1,4 +1,4 @@ -/*! keyutil-1.1.1.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license +/* keyutil-1.1.2.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * keyutil.js - key utility for PKCS#1/5/8 PEM, RSA/DSA/ECDSA key object @@ -15,7 +15,7 @@ * @fileOverview * @name keyutil-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 7.2.0 keyutil 1.1.1 (2017-May-21) + * @version jsrsasign 7.2.1 keyutil 1.1.2 (2017-Jun-03) * @since jsrsasign 4.1.4 * @license MIT License */ @@ -289,7 +289,7 @@ var KEYUTIL = function() { * @deprecated from keyutil 1.1.0 jsrsasign 7.0.1. please move to {@link ASN1HEX.pemToHex} */ getHexFromPEM: function(sPEM, sHead) { - return ASN1HEX.pemToHex(sPEM, sHead); + return pemtohex(sPEM, sHead); }, /** @@ -550,7 +550,7 @@ var KEYUTIL = function() { getRSAKeyFromPlainPKCS8PEM: function(pkcs8PEM) { if (pkcs8PEM.match(/ENCRYPTED/)) throw "pem shall be not ENCRYPTED"; - var prvKeyHex = ASN1HEX.pemToHex(pkcs8PEM, "PRIVATE KEY"); + var prvKeyHex = pemtohex(pkcs8PEM, "PRIVATE KEY"); var rsaKey = this.getRSAKeyFromPlainPKCS8Hex(prvKeyHex); return rsaKey; }, @@ -719,7 +719,7 @@ var KEYUTIL = function() { */ getPlainPKCS8HexFromEncryptedPKCS8PEM: function(pkcs8PEM, passcode) { // 1. derHex - PKCS#8 private key encrypted by PBKDF2 - var derHex = ASN1HEX.pemToHex(pkcs8PEM, "ENCRYPTED PRIVATE KEY"); + var derHex = pemtohex(pkcs8PEM, "ENCRYPTED PRIVATE KEY"); // 2. info - PKCS#5 PBES info var info = this.parseHexOfEncryptedPKCS8(derHex); // 3. hKey - PBKDF2 key @@ -846,7 +846,7 @@ var KEYUTIL = function() { * @since pkcs5pkey 1.0.5 */ getKeyFromPlainPrivatePKCS8PEM: function(prvKeyPEM) { - var prvKeyHex = ASN1HEX.pemToHex(prvKeyPEM, "PRIVATE KEY"); + var prvKeyHex = pemtohex(prvKeyPEM, "PRIVATE KEY"); var key = this.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex); return key; }, @@ -890,7 +890,7 @@ var KEYUTIL = function() { * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}. */ getRSAKeyFromPublicPKCS8PEM: function(pkcs8PubPEM) { - var pubKeyHex = ASN1HEX.pemToHex(pkcs8PubPEM, "PUBLIC KEY"); + var pubKeyHex = pemtohex(pkcs8PubPEM, "PUBLIC KEY"); var rsaKey = this.getRSAKeyFromPublicPKCS8Hex(pubKeyHex); return rsaKey; }, @@ -906,7 +906,7 @@ var KEYUTIL = function() { * @deprecated From jsrsasign 4.2.1 please use {@link KEYUTIL.getKey#}. */ getKeyFromPublicPKCS8PEM: function(pkcs8PubPEM) { - var pubKeyHex = ASN1HEX.pemToHex(pkcs8PubPEM, "PUBLIC KEY"); + var pubKeyHex = pemtohex(pkcs8PubPEM, "PUBLIC KEY"); var key = this.getKeyFromPublicPKCS8Hex(pubKeyHex); return key; }, @@ -1204,14 +1204,15 @@ var KEYUTIL = function() { * keyObj = KEYUTIL.getKey({n: "75ab..", e: "010001"}); */ KEYUTIL.getKey = function(param, passcode, hextype) { - var _ASN1HEX = ASN1HEX; - var _getChildIdx = _ASN1HEX.getChildIdx; - var _getV = _ASN1HEX.getV; - var _getVbyList = _ASN1HEX.getVbyList; - var _KJUR_crypto = KJUR.crypto; - var _KJUR_crypto_ECDSA = _KJUR_crypto.ECDSA; - var _KJUR_crypto_DSA = _KJUR_crypto.DSA; - var _RSAKey = RSAKey; + var _ASN1HEX = ASN1HEX, + _getChildIdx = _ASN1HEX.getChildIdx, + _getV = _ASN1HEX.getV, + _getVbyList = _ASN1HEX.getVbyList, + _KJUR_crypto = KJUR.crypto, + _KJUR_crypto_ECDSA = _KJUR_crypto.ECDSA, + _KJUR_crypto_DSA = _KJUR_crypto.DSA, + _RSAKey = RSAKey, + _pemtohex = pemtohex; // 1. by key RSAKey/KJUR.crypto.ECDSA/KJUR.crypto.DSA object if (typeof _RSAKey != 'undefined' && param instanceof _RSAKey) @@ -1426,7 +1427,7 @@ KEYUTIL.getKey = function(param, passcode, hextype) { // getKey("-----BEGIN RSA PRIVATE KEY-...") if (param.indexOf("-END RSA PRIVATE KEY-") != -1 && param.indexOf("4,ENCRYPTED") == -1) { - var hex = _ASN1HEX.pemToHex(param, "RSA PRIVATE KEY"); + var hex = _pemtohex(param, "RSA PRIVATE KEY"); return KEYUTIL.getKey(hex, null, "pkcs5prv"); } @@ -1434,7 +1435,7 @@ KEYUTIL.getKey = function(param, passcode, hextype) { if (param.indexOf("-END DSA PRIVATE KEY-") != -1 && param.indexOf("4,ENCRYPTED") == -1) { - var hKey = _ASN1HEX.pemToHex(param, "DSA PRIVATE KEY"); + var hKey = _pemtohex(param, "DSA PRIVATE KEY"); var p = _getVbyList(hKey, 0, [1], "02"); var q = _getVbyList(hKey, 0, [2], "02"); var g = _getVbyList(hKey, 0, [3], "02"); @@ -1613,11 +1614,20 @@ KEYUTIL.generateKeypair = function(alg, keylenOrCurve) { * with PBKDF2_HmacSHA1_3DES */ KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) { - var ns1 = KJUR.asn1; - var ns2 = KJUR.crypto; + var _KJUR = KJUR, + _KJUR_asn1 = _KJUR.asn1, + _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, + _DERInteger = _KJUR_asn1.DERInteger, + _newObject = _KJUR_asn1.ASN1Util.newObject, + _KJUR_asn1_x509 = _KJUR_asn1.x509, + _SubjectPublicKeyInfo = _KJUR_asn1_x509.SubjectPublicKeyInfo, + _KJUR_crypto = _KJUR.crypto, + _DSA = _KJUR_crypto.DSA, + _ECDSA = _KJUR_crypto.ECDSA, + _RSAKey = RSAKey; function _rsaprv2asn1obj(keyObjOrHex) { - var asn1Obj = KJUR.asn1.ASN1Util.newObject({ + var asn1Obj = _newObject({ "seq": [ {"int": 0 }, {"int": {"bigint": keyObjOrHex.n}}, @@ -1634,7 +1644,7 @@ KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) { }; function _ecdsaprv2asn1obj(keyObjOrHex) { - var asn1Obj2 = KJUR.asn1.ASN1Util.newObject({ + var asn1Obj2 = _newObject({ "seq": [ {"int": 1 }, {"octstr": {"hex": keyObjOrHex.prvKeyHex}}, @@ -1646,7 +1656,7 @@ KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) { }; function _dsaprv2asn1obj(keyObjOrHex) { - var asn1Obj = KJUR.asn1.ASN1Util.newObject({ + var asn1Obj = _newObject({ "seq": [ {"int": 0 }, {"int": {"bigint": keyObjOrHex.p}}, @@ -1662,66 +1672,67 @@ KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) { // 1. public key // x. PEM PKCS#8 public key of RSA/ECDSA/DSA public key object - if (((typeof RSAKey != "undefined" && keyObjOrHex instanceof RSAKey) || - (typeof ns2.DSA != "undefined" && keyObjOrHex instanceof ns2.DSA) || - (typeof ns2.ECDSA != "undefined" && keyObjOrHex instanceof ns2.ECDSA)) && + if (((_RSAKey !== undefined && keyObjOrHex instanceof _RSAKey) || + (_DSA !== undefined && keyObjOrHex instanceof _DSA) || + (_ECDSA !== undefined && keyObjOrHex instanceof _ECDSA)) && keyObjOrHex.isPublic == true && (formatType === undefined || formatType == "PKCS8PUB")) { - var asn1Obj = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObjOrHex); + var asn1Obj = new _SubjectPublicKeyInfo(keyObjOrHex); var asn1Hex = asn1Obj.getEncodedHex(); - return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PUBLIC KEY"); + return hextopem(asn1Hex, "PUBLIC KEY"); } // 2. private // x. PEM PKCS#1 plain private key of RSA private key object if (formatType == "PKCS1PRV" && - typeof RSAKey != "undefined" && - keyObjOrHex instanceof RSAKey && + _RSAKey !== undefined && + keyObjOrHex instanceof _RSAKey && (passwd === undefined || passwd == null) && keyObjOrHex.isPrivate == true) { var asn1Obj = _rsaprv2asn1obj(keyObjOrHex); var asn1Hex = asn1Obj.getEncodedHex(); - return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "RSA PRIVATE KEY"); + return hextopem(asn1Hex, "RSA PRIVATE KEY"); } // x. PEM PKCS#1 plain private key of ECDSA private key object if (formatType == "PKCS1PRV" && - typeof RSAKey != "undefined" && - keyObjOrHex instanceof KJUR.crypto.ECDSA && + _ECDSA !== undefined && + keyObjOrHex instanceof _ECDSA && (passwd === undefined || passwd == null) && keyObjOrHex.isPrivate == true) { - var asn1Obj1 = new KJUR.asn1.DERObjectIdentifier({'name': keyObjOrHex.curveName}); + var asn1Obj1 = + new _DERObjectIdentifier({'name': keyObjOrHex.curveName}); var asn1Hex1 = asn1Obj1.getEncodedHex(); var asn1Obj2 = _ecdsaprv2asn1obj(keyObjOrHex); var asn1Hex2 = asn1Obj2.getEncodedHex(); var s = ""; - s += ns1.ASN1Util.getPEMStringFromHex(asn1Hex1, "EC PARAMETERS"); - s += ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "EC PRIVATE KEY"); + s += hextopem(asn1Hex1, "EC PARAMETERS"); + s += hextopem(asn1Hex2, "EC PRIVATE KEY"); return s; } // x. PEM PKCS#1 plain private key of DSA private key object if (formatType == "PKCS1PRV" && - typeof KJUR.crypto.DSA != "undefined" && - keyObjOrHex instanceof KJUR.crypto.DSA && + _DSA !== undefined && + keyObjOrHex instanceof _DSA && (passwd === undefined || passwd == null) && keyObjOrHex.isPrivate == true) { var asn1Obj = _dsaprv2asn1obj(keyObjOrHex); var asn1Hex = asn1Obj.getEncodedHex(); - return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "DSA PRIVATE KEY"); + return hextopem(asn1Hex, "DSA PRIVATE KEY"); } // 3. private // x. PEM PKCS#5 encrypted private key of RSA private key object if (formatType == "PKCS5PRV" && - typeof RSAKey != "undefined" && - keyObjOrHex instanceof RSAKey && + _RSAKey !== undefined && + keyObjOrHex instanceof _RSAKey && (passwd !== undefined && passwd != null) && keyObjOrHex.isPrivate == true) { @@ -1734,8 +1745,8 @@ KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) { // x. PEM PKCS#5 encrypted private key of ECDSA private key object if (formatType == "PKCS5PRV" && - typeof KJUR.crypto.ECDSA != "undefined" && - keyObjOrHex instanceof KJUR.crypto.ECDSA && + _ECDSA !== undefined && + keyObjOrHex instanceof _ECDSA && (passwd !== undefined && passwd != null) && keyObjOrHex.isPrivate == true) { @@ -1748,8 +1759,8 @@ KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) { // x. PEM PKCS#5 encrypted private key of DSA private key object if (formatType == "PKCS5PRV" && - typeof KJUR.crypto.DSA != "undefined" && - keyObjOrHex instanceof KJUR.crypto.DSA && + _DSA !== undefined && + keyObjOrHex instanceof _DSA && (passwd !== undefined && passwd != null) && keyObjOrHex.isPrivate == true) { @@ -1766,7 +1777,7 @@ KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) { var info = _getEencryptedPKCS8Info(plainKeyHex, passcode); //alert("iv=" + info.encryptionSchemeIV); //alert("info.ciphertext2[" + info.ciphertext.length + "=" + info.ciphertext); - var asn1Obj = new KJUR.asn1.ASN1Util.newObject({ + var asn1Obj = new _newObject({ "seq": [ {"seq": [ {"oid": {"name": "pkcs5PBES2"}}, @@ -1818,14 +1829,14 @@ KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) { // x. PEM PKCS#8 plain private key of RSA private key object if (formatType == "PKCS8PRV" && - typeof RSAKey != "undefined" && - keyObjOrHex instanceof RSAKey && + _RSAKey != undefined && + keyObjOrHex instanceof _RSAKey && keyObjOrHex.isPrivate == true) { var keyObj = _rsaprv2asn1obj(keyObjOrHex); var keyHex = keyObj.getEncodedHex(); - var asn1Obj = KJUR.asn1.ASN1Util.newObject({ + var asn1Obj = _newObject({ "seq": [ {"int": 0}, {"seq": [{"oid": {"name": "rsaEncryption"}},{"null": true}]}, @@ -1835,20 +1846,20 @@ KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) { var asn1Hex = asn1Obj.getEncodedHex(); if (passwd === undefined || passwd == null) { - return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY"); + return hextopem(asn1Hex, "PRIVATE KEY"); } else { var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd); - return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY"); + return hextopem(asn1Hex2, "ENCRYPTED PRIVATE KEY"); } } // x. PEM PKCS#8 plain private key of ECDSA private key object if (formatType == "PKCS8PRV" && - typeof KJUR.crypto.ECDSA != "undefined" && - keyObjOrHex instanceof KJUR.crypto.ECDSA && + _ECDSA !== undefined && + keyObjOrHex instanceof _ECDSA && keyObjOrHex.isPrivate == true) { - var keyObj = new KJUR.asn1.ASN1Util.newObject({ + var keyObj = new _newObject({ "seq": [ {"int": 1}, {"octstr": {"hex": keyObjOrHex.prvKeyHex}}, @@ -1857,7 +1868,7 @@ KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) { }); var keyHex = keyObj.getEncodedHex(); - var asn1Obj = KJUR.asn1.ASN1Util.newObject({ + var asn1Obj = _newObject({ "seq": [ {"int": 0}, {"seq": [ @@ -1870,23 +1881,23 @@ KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) { var asn1Hex = asn1Obj.getEncodedHex(); if (passwd === undefined || passwd == null) { - return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY"); + return hextopem(asn1Hex, "PRIVATE KEY"); } else { var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd); - return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY"); + return hextopem(asn1Hex2, "ENCRYPTED PRIVATE KEY"); } } // x. PEM PKCS#8 plain private key of DSA private key object if (formatType == "PKCS8PRV" && - typeof KJUR.crypto.DSA != "undefined" && - keyObjOrHex instanceof KJUR.crypto.DSA && + _DSA !== undefined && + keyObjOrHex instanceof _DSA && keyObjOrHex.isPrivate == true) { - var keyObj = new KJUR.asn1.DERInteger({'bigint': keyObjOrHex.x}); + var keyObj = new _DERInteger({'bigint': keyObjOrHex.x}); var keyHex = keyObj.getEncodedHex(); - var asn1Obj = KJUR.asn1.ASN1Util.newObject({ + var asn1Obj = _newObject({ "seq": [ {"int": 0}, {"seq": [ @@ -1903,17 +1914,17 @@ KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) { var asn1Hex = asn1Obj.getEncodedHex(); if (passwd === undefined || passwd == null) { - return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY"); + return hextopem(asn1Hex, "PRIVATE KEY"); } else { var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd); - return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY"); + return hextopem(asn1Hex2, "ENCRYPTED PRIVATE KEY"); } } throw "unsupported object nor format"; }; -// -- PUBLIC METHODS FOR CSR ------------------------------------------------------- +// -- PUBLIC METHODS FOR CSR -------------------------------------------------- /** * get RSAKey/DSA/ECDSA public key object from PEM formatted PKCS#10 CSR string @@ -1925,7 +1936,7 @@ KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) { * @since keyutil 1.0.5 */ KEYUTIL.getKeyFromCSRPEM = function(csrPEM) { - var csrHex = ASN1HEX.pemToHex(csrPEM, "CERTIFICATE REQUEST"); + var csrHex = pemtohex(csrPEM, "CERTIFICATE REQUEST"); var key = KEYUTIL.getKeyFromCSRHex(csrHex); return key; }; diff --git a/src/nodeutil-1.0.js b/src/nodeutil-1.0.js index f4feac49..d433b6f6 100644 --- a/src/nodeutil-1.0.js +++ b/src/nodeutil-1.0.js @@ -1,4 +1,4 @@ -/*! nodeutil-1.0.0 (c) 2015 Kenji Urushima | kjur.github.com/jsrsasign/license +/* nodeutil-1.0.0 (c) 2015 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * nodeutil.js - Utilities for Node diff --git a/src/pkcs5pkey-1.0.js b/src/pkcs5pkey-1.0.js index ee06d61d..d5abd7b8 100644 --- a/src/pkcs5pkey-1.0.js +++ b/src/pkcs5pkey-1.0.js @@ -1,4 +1,4 @@ -/*! pkcs5pkey-1.1.1.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license +/* pkcs5pkey-1.1.2.js (c) 2013-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * pkcs5pkey.js - reading passcode protected PKCS#5 PEM formatted RSA private key @@ -15,7 +15,7 @@ * @fileOverview * @name pkcs5pkey-1.0.js (DEPRECATED) * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 7.2.0 pkcs5pkey 1.1.1 (2017-May-12) + * @version jsrsasign 7.2.1 pkcs5pkey 1.1.2 (2017-Jun-03) * @since jsrsasign 2.0.0 * @license MIT License */ @@ -263,7 +263,7 @@ var PKCS5PKEY = function() { * @deprecated from pkcs5pkey 1.1.0 jsrsasign 7.1.0. please move to {@link ASN1HEX.pemToHex} */ getHexFromPEM: function(sPEM, sHead) { - return ASN1HEX.pemToHex(sPEM, sHead); + return pemtohex(sPEM, sHead); }, /** @@ -517,7 +517,7 @@ var PKCS5PKEY = function() { getRSAKeyFromPlainPKCS8PEM: function(pkcs8PEM) { if (pkcs8PEM.match(/ENCRYPTED/)) throw "pem shall be not ENCRYPTED"; - var prvKeyHex = ASN1HEX.pemToHex(pkcs8PEM, "PRIVATE KEY"); + var prvKeyHex = pemtohex(pkcs8PEM, "PRIVATE KEY"); var rsaKey = this.getRSAKeyFromPlainPKCS8Hex(prvKeyHex); return rsaKey; }, @@ -685,7 +685,7 @@ var PKCS5PKEY = function() { */ getPlainPKCS8HexFromEncryptedPKCS8PEM: function(pkcs8PEM, passcode) { // 1. derHex - PKCS#8 private key encrypted by PBKDF2 - var derHex = ASN1HEX.pemToHex(pkcs8PEM, "ENCRYPTED PRIVATE KEY"); + var derHex = pemtohex(pkcs8PEM, "ENCRYPTED PRIVATE KEY"); // 2. info - PKCS#5 PBES info var info = this.parseHexOfEncryptedPKCS8(derHex); // 3. hKey - PBKDF2 key @@ -811,7 +811,7 @@ var PKCS5PKEY = function() { * @since pkcs5pkey 1.0.5 */ getKeyFromPlainPrivatePKCS8PEM: function(prvKeyPEM) { - var prvKeyHex = ASN1HEX.pemToHex(prvKeyPEM, "PRIVATE KEY"); + var prvKeyHex = pemtohex(prvKeyPEM, "PRIVATE KEY"); var key = this.getKeyFromPlainPrivatePKCS8Hex(prvKeyHex); return key; }, @@ -854,7 +854,7 @@ var PKCS5PKEY = function() { * @since pkcs5pkey 1.0.4 */ getRSAKeyFromPublicPKCS8PEM: function(pkcs8PubPEM) { - var pubKeyHex = ASN1HEX.pemToHex(pkcs8PubPEM, "PUBLIC KEY"); + var pubKeyHex = pemtohex(pkcs8PubPEM, "PUBLIC KEY"); var rsaKey = this.getRSAKeyFromPublicPKCS8Hex(pubKeyHex); return rsaKey; }, @@ -869,7 +869,7 @@ var PKCS5PKEY = function() { * @since pkcs5pkey 1.0.5 */ getKeyFromPublicPKCS8PEM: function(pkcs8PubPEM) { - var pubKeyHex = ASN1HEX.pemToHex(pkcs8PubPEM, "PUBLIC KEY"); + var pubKeyHex = pemtohex(pkcs8PubPEM, "PUBLIC KEY"); var key = this.getKeyFromPublicPKCS8Hex(pubKeyHex); return key; }, diff --git a/src/rsapem-1.1.js b/src/rsapem-1.1.js index 0d501e28..4b4c66ce 100644 --- a/src/rsapem-1.1.js +++ b/src/rsapem-1.1.js @@ -1,4 +1,4 @@ -/*! rsapem-1.2.1.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license +/* rsapem-1.2.2.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * rsapem.js - Cryptographic Algorithm Provider class @@ -16,7 +16,7 @@ * @fileOverview * @name rsapem-1.1.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 7.2.0 rsapem 1.2.1 (2017-May-12) + * @version jsrsasign 7.2.1 rsapem 1.2.2 (2017-Jun-03) * @since jsrsasign 1.0 * @license MIT License */ @@ -28,6 +28,7 @@ * @function * @param {String} sPEMPrivateKey PEM PKCS#1/5 s private key string * @return {String} Base64 string of private key + * @deprecated jsrsasign 7.2.1 rsapem 1.1.2 * @description * removing PEM header, PEM footer and space characters including * new lines from PEM formatted RSA private key string. @@ -35,11 +36,7 @@ * RSAKey.pemToBase64("----BEGIN PRIVATE KEY-...") → "MIICW..." */ RSAKey.pemToBase64 = function(sPEMPrivateKey) { - var s = sPEMPrivateKey; - s = s.replace("-----BEGIN RSA PRIVATE KEY-----", ""); - s = s.replace("-----END RSA PRIVATE KEY-----", ""); - s = s.replace(/[ \n]+/g, ""); - return s; + return hextob64(pemtohex(sPEMPrivateKey)); }; /** diff --git a/src/rsasign-1.2.js b/src/rsasign-1.2.js index 1a3c3cb5..fe0c6aeb 100644 --- a/src/rsasign-1.2.js +++ b/src/rsasign-1.2.js @@ -1,4 +1,4 @@ -/*! rsasign-1.2.7.js (c) 2012 Kenji Urushima | kjur.github.com/jsrsasign/license +/* rsasign-1.2.7.js (c) 2012 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * rsa-sign.js - adding signing functions to RSAKey class. diff --git a/src/x509-1.1.js b/src/x509-1.1.js index 3ae238b6..01f67ad4 100644 --- a/src/x509-1.1.js +++ b/src/x509-1.1.js @@ -1,4 +1,4 @@ -/*! x509-1.1.14.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license +/* x509-1.1.15.js (c) 2012-2017 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * x509.js - X509 class to read subject public key from certificate. @@ -16,7 +16,7 @@ * @fileOverview * @name x509-1.1.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 7.2.0 x509 1.1.14 (2017-May-12) + * @version jsrsasign 7.2.1 x509 1.1.15 (2017-Jun-03) * @since jsrsasign 1.x.x * @license MIT License */ @@ -107,16 +107,17 @@ * */ function X509() { - var _ASN1HEX = ASN1HEX; - var _X509 = X509; - var _getChildIdx = _ASN1HEX.getChildIdx; - var _getV = _ASN1HEX.getV; - var _getTLV = _ASN1HEX.getTLV; - var _getVbyList = _ASN1HEX.getVbyList; - var _getTLVbyList = _ASN1HEX.getTLVbyList; - var _getIdxbyList = _ASN1HEX.getIdxbyList; - var _getVidx = _ASN1HEX.getVidx; - var _oidname = _ASN1HEX.oidname; + var _ASN1HEX = ASN1HEX, + _getChildIdx = _ASN1HEX.getChildIdx, + _getV = _ASN1HEX.getV, + _getTLV = _ASN1HEX.getTLV, + _getVbyList = _ASN1HEX.getVbyList, + _getTLVbyList = _ASN1HEX.getTLVbyList, + _getIdxbyList = _ASN1HEX.getIdxbyList, + _getVidx = _ASN1HEX.getVidx, + _oidname = _ASN1HEX.oidname, + _X509 = X509, + _pemtohex = pemtohex; this.hex = null; this.version = 0; // version (1: X509v1, 3: X509v3, others: unspecified) @@ -864,7 +865,7 @@ function X509() { * x.readCertPEM(sCertPEM); // read certificate */ this.readCertPEM = function(sCertPEM) { - this.readCertHex(_ASN1HEX.pemToHex(sCertPEM)); + this.readCertHex(_pemtohex(sCertPEM)); }; /** @@ -898,7 +899,7 @@ function X509() { // DEPRECATED. will remove after 8.0.0 this.readCertPEMWithoutRSAInit = function(sCertPEM) { - var hCert = _ASN1HEX.pemToHex(sCertPEM); + var hCert = _pemtohex(sCertPEM); var a = _X509.getPublicKeyHexArrayFromCertHex(hCert); if (typeof this.subjectPublicKeyRSA.setPublic === "function") { this.subjectPublicKeyRSA.setPublic(a[0], a[1]); @@ -1023,21 +1024,18 @@ function X509() { }; /** - * get Base64 string from PEM certificate string + * (DEPRECATED) get Base64 string from PEM certificate string * @name pemToBase64 * @memberOf X509 * @function * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate * @return {String} Base64 string of PEM certificate + * @deprecated jsrsasign 7.2.1 x509 1.1.15 * @example * b64 = X509.pemToBase64(certPEM); */ X509.pemToBase64 = function(sCertPEM) { - var s = sCertPEM; - s = s.replace("-----BEGIN CERTIFICATE-----", ""); - s = s.replace("-----END CERTIFICATE-----", ""); - s = s.replace(/[ \n]+/g, ""); - return s; + return hextob64(pemtohex(sCertPEM)); }; /** @@ -1054,7 +1052,7 @@ X509.pemToBase64 = function(sCertPEM) { * hex = X509.pemToHex(certPEM); */ X509.pemToHex = function(sCertPEM) { - return ASN1HEX.pemToHex(sCertPEM); + return pemtohex(sCertPEM); }; /** @@ -1142,7 +1140,7 @@ X509.getHexTbsCertificateFromCert = function(hCert) { * @deprecated since jsrsasign 7.1.14 x509 1.1.13. This will be removed in 8.0.0 release. */ X509.getPublicKeyHexArrayFromCertPEM = function(sCertPEM) { - var hCert = ASN1HEX.pemToHex(sCertPEM); + var hCert = pemtohex(sCertPEM); var a = X509.getPublicKeyHexArrayFromCertHex(hCert); return a; }; @@ -1356,7 +1354,7 @@ X509.getPublicKeyInfoPosOfCertHEX = function(hCert) { * This is a position of a content of ENCAPSULATED OCTET STRING. * * @example - * hCert = ASN1HEX.pemToHex(certGithubPEM); + * hCert = pemtohex(certGithubPEM); * a = X509.getV3ExtInfoListOfCertHex(hCert); * // Then a will be an array of like following: * [{posTLV: 1952, oid: "2.5.29.35", critical: false, posV: 1968}, @@ -1856,7 +1854,7 @@ X509.getSerialNumberHex = function(hCert) { * X.509 certificate by specified public key object. * @example * pubKey = KEYUTIL.getKey(pemPublicKey); // or certificate - * hCert = ASN1HEX.pemToHex(pemCert); + * hCert = pemtohex(pemCert); * isValid = X509.verifySignature(hCert, pubKey); */ X509.verifySignature = function(hCert, pubKey) { diff --git a/test/qunit-do-asn1x509-multirdn.html b/test/qunit-do-asn1x509-multirdn.html index bb46ddea..2f874cbd 100644 --- a/test/qunit-do-asn1x509-multirdn.html +++ b/test/qunit-do-asn1x509-multirdn.html @@ -7,6 +7,7 @@ + diff --git a/test/qunit-do-asn1x509.html b/test/qunit-do-asn1x509.html index 47f25f5a..68711af7 100755 --- a/test/qunit-do-asn1x509.html +++ b/test/qunit-do-asn1x509.html @@ -468,7 +468,7 @@ equal(e.getEncodedHex(), "3012020103170d3133303531343233353935395a", "constructor/1"); }); -test("X509Util.getPKCS8PubKeyPEMfromRSAKey", function() { +test("(DEPRECATED) X509Util.getPKCS8PubKeyPEMfromRSAKey", function() { var s = "" + "-----BEGIN PUBLIC KEY-----\r\n" + "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOtpGHibL8Ue+MXPPufkcrNES40rCT5L\r\n" + diff --git a/test/qunit-do-keyutil-csr.html b/test/qunit-do-keyutil-csr.html index 94d7b79e..deb9a7e5 100755 --- a/test/qunit-do-keyutil-csr.html +++ b/test/qunit-do-keyutil-csr.html @@ -37,6 +37,7 @@ + diff --git a/test/qunit-do-keyutil-des.html b/test/qunit-do-keyutil-des.html index 73a49ef2..005a97dc 100755 --- a/test/qunit-do-keyutil-des.html +++ b/test/qunit-do-keyutil-des.html @@ -36,6 +36,7 @@ + diff --git a/test/qunit-do-keyutil-dsa.html b/test/qunit-do-keyutil-dsa.html index 6d93f7f6..0af184e8 100755 --- a/test/qunit-do-keyutil-dsa.html +++ b/test/qunit-do-keyutil-dsa.html @@ -47,6 +47,7 @@ + diff --git a/test/qunit-do-keyutil-ec.html b/test/qunit-do-keyutil-ec.html index 48b4503e..76117f85 100755 --- a/test/qunit-do-keyutil-ec.html +++ b/test/qunit-do-keyutil-ec.html @@ -47,6 +47,7 @@ + diff --git a/test/qunit-do-keyutil-eprv.html b/test/qunit-do-keyutil-eprv.html index 20d9bff7..144189dd 100755 --- a/test/qunit-do-keyutil-eprv.html +++ b/test/qunit-do-keyutil-eprv.html @@ -38,6 +38,7 @@ + diff --git a/test/qunit-do-keyutil-getkey.html b/test/qunit-do-keyutil-getkey.html index d9ca0709..b54c9b79 100644 --- a/test/qunit-do-keyutil-getkey.html +++ b/test/qunit-do-keyutil-getkey.html @@ -35,6 +35,7 @@ + diff --git a/test/qunit-do-keyutil-pub.html b/test/qunit-do-keyutil-pub.html index b3fba148..b06b96f9 100755 --- a/test/qunit-do-keyutil-pub.html +++ b/test/qunit-do-keyutil-pub.html @@ -38,6 +38,7 @@ + diff --git a/test/qunit-do-keyutil-rsa.html b/test/qunit-do-keyutil-rsa.html index 6f33ed30..f295123a 100755 --- a/test/qunit-do-keyutil-rsa.html +++ b/test/qunit-do-keyutil-rsa.html @@ -46,6 +46,7 @@ + @@ -61,7 +62,7 @@ $(document).ready(function(){ -// ======= TEST =================================================================================== +// ======= TEST =============================================================== var Z1PRVP5HEX = "3082013a020100024100e8664dd2b40529121568f3b39bc97a62e7ba3c09babdc4f0dcd8df90eb790b9bb645a2b70e3112747b4d3c41b51424895115fef88f79d43eae5b1a4e3518fd590203010001024078bbc54c646795e9a623cb0f912c7f9f6861711560e57bade21ded2f7d9579f86272fab9e71ab27282c2760c404dae6ac8a3ab852cf6bcd562f9aff8247a264d022100fe9bd450866b3255614fde976a76ac0b1d5830dda64f5359b946d8512bc1239f022100e9ab680f5f05dbb0f4311b0e6f4368f4874a1238979d8bc600c35c6f20707c07022100d549cb698dc17d4fe30e5a84f3ade860033c1eeb7f67d286465c9fd817d45b3702201849b4bb44493b989d092da2c675df46eb790b83ce5e95d4b2e79b88017b2fa902207d261a96256d49b020cb1d587ecde127e093a4d2b34cdbff171f34125b5857a9"; var Z1PRVP8HEX = "30820154020100300d06092a864886f70d01010105000482013e3082013a020100024100e8664dd2b40529121568f3b39bc97a62e7ba3c09babdc4f0dcd8df90eb790b9bb645a2b70e3112747b4d3c41b51424895115fef88f79d43eae5b1a4e3518fd590203010001024078bbc54c646795e9a623cb0f912c7f9f6861711560e57bade21ded2f7d9579f86272fab9e71ab27282c2760c404dae6ac8a3ab852cf6bcd562f9aff8247a264d022100fe9bd450866b3255614fde976a76ac0b1d5830dda64f5359b946d8512bc1239f022100e9ab680f5f05dbb0f4311b0e6f4368f4874a1238979d8bc600c35c6f20707c07022100d549cb698dc17d4fe30e5a84f3ade860033c1eeb7f67d286465c9fd817d45b3702201849b4bb44493b989d092da2c675df46eb790b83ce5e95d4b2e79b88017b2fa902207d261a96256d49b020cb1d587ecde127e093a4d2b34cdbff171f34125b5857a9"; // z1.prv.p8p.der diff --git a/test/qunit-do-keyutil.html b/test/qunit-do-keyutil.html index ad63d92c..460ba8ec 100755 --- a/test/qunit-do-keyutil.html +++ b/test/qunit-do-keyutil.html @@ -38,6 +38,7 @@ + diff --git a/test/qunit-do-pkcs5-eprv.html b/test/qunit-do-pkcs5-eprv.html index 4481b237..31e426ff 100755 --- a/test/qunit-do-pkcs5-eprv.html +++ b/test/qunit-do-pkcs5-eprv.html @@ -38,6 +38,7 @@ + diff --git a/test/qunit-do-pkcs5-pub.html b/test/qunit-do-pkcs5-pub.html index f987b0f9..a27b5dbe 100755 --- a/test/qunit-do-pkcs5-pub.html +++ b/test/qunit-do-pkcs5-pub.html @@ -38,6 +38,7 @@ + diff --git a/test/qunit-do-pkcs5.html b/test/qunit-do-pkcs5.html index cb7e964b..a5daf4a9 100755 --- a/test/qunit-do-pkcs5.html +++ b/test/qunit-do-pkcs5.html @@ -36,6 +36,7 @@ + diff --git a/test/qunit-do-rsapem.html b/test/qunit-do-rsapem.html index 6d1696e2..e9f9e4df 100755 --- a/test/qunit-do-rsapem.html +++ b/test/qunit-do-rsapem.html @@ -14,6 +14,7 @@ + diff --git a/test/qunit-do-rsasign.html b/test/qunit-do-rsasign.html index 1dd45eaa..211b4335 100755 --- a/test/qunit-do-rsasign.html +++ b/test/qunit-do-rsasign.html @@ -33,6 +33,7 @@ +