diff --git a/ChangeLog.txt b/ChangeLog.txt index 666874ef..dd23b422 100755 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,9 +1,47 @@ ChangeLog for jsrsasign -* Changes from 10.0.5 to next release +add new CMSSignedData and TimeStamp parser and X500Name update +* Changes from 10.0.5 to 10.1.0 release + - add new CMSSignedData and TimeStamp parser + - X500.get{X500Name,GeneralName,GeneralNames} result change + - src/asn1cms.js + - new CMSParser class for CMS SignedData + - get{CMSSignedData,SignedData,HashAlgArray, + EContent,SignerInfos,SignerInfo,SignerIdentifier, + IssuerAndSerialNumber,AttributeArray, + Attribute,ESSCertID,IssuerSerial,CertificateSet} + - set{ContentType,SigningTime,MessageDigest, + SigningCertificate} + - src/asn1tsp.js + - new TSPParser class to parser RFC 3161 TSP protocol + - get{Response,Token,TSTInfo,Accuracy,MessageImprint, + PKIStatusInfo} + - setTSTInfo + - src/asn1.js + - DERObjectIdentifier class update to use new oidtohex + - src/asn1hex.js + - add ASN1HEX.{getInt,getOID,getOIDName} + - src/asn1csr.js + - CSRUtil.getParam result "subject" parameter result is changed + because of X509.getX500Name update. - src/asn1x509.js + - small update for Time class + - small update for Certificate.sign method - document fix (issue #463) + - src/base64x.js + - function "oidtohex" and "hextooid" added. + - function "ishex" added + - KJUR.lang.String.isHex now *DEPRECATED*. Please use "ishex". + - src/x509.js + - X509.getX500Name update + - X509.get{Issuer,Subject,GeneralNames,GeneralName} + - add X509.{getX500NameArray,dnarraytostr} + - src/x509crl.js + - X509CRL.getIssuer update for X509.getX500Name update + - test/qunit-do-{asn1tsp,asn1cms,asn1hex,asn1x509-newcert-veri, + base64x,x509-ext,x509crl}.html + - updated to follow above small issue fixes and updates * Changes from 10.0.4 to 10.0.5 release diff --git a/Makefile b/Makefile index 4cad678e..12a9e708 100644 --- a/Makefile +++ b/Makefile @@ -44,7 +44,7 @@ gitadd-all-doc: git add api/*.html api/symbols/*.html api/symbols/src/*.html gitadd-release: - git add ChangeLog.txt Makefile bower.json jsrsasign-*-min.js min/*.js src/*.js npm/package.json npm/lib/jsrsasign*.js npm/lib/{header,footer,lib}.js src/*.js test/qunit-do-*.html README.md npm/README.md tool/*.html npm_util/*.* npm_util/lib/*.* npm/test/t_*.js + git add ChangeLog.txt Makefile bower.json jsrsasign-*-min.js min/*.js src/*.js npm/package.json npm/lib/jsrsasign*.js npm/lib/{header,footer,lib}.js src/*.js test/qunit-do-*.html test/x509crl.html README.md npm/README.md tool/*.html npm_util/*.* npm_util/lib/*.* npm/test/t_*.js gitadd: gitadd-all-doc gitadd-release @echo done \ No newline at end of file diff --git a/README.md b/README.md index 5ba93ace..2651b6d4 100755 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ HIGHLIGHTS - no dependency to other library - no dependency to [W3C Web Cryptography API](https://www.w3.org/TR/WebCryptoAPI/) nor [OpenSSL](https://www.openssl.org/) - no dependency on newer ECMAScirpt function. So old browsers also supported. -- very popular crypto library with [0.6M+ npm downloads/month](https://npm-stat.com/charts.html?package=jsrsasign&from=2016-05-01&to=2020-10-20) +- very popular crypto library with [0.6M+ npm downloads/month](https://npm-stat.com/charts.html?package=jsrsasign&from=2016-05-01&to=2020-11-15) INSTALL ------- diff --git a/api/files.html b/api/files.html index 86c8bf92..247d2438 100644 --- a/api/files.html +++ b/api/files.html @@ -230,6 +230,8 @@

Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -376,6 +378,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • @@ -517,7 +521,7 @@

    asn1-1.0.js

    Version:
    -
    jsrsasign 10.0.1 asn1 1.0.20 (2020-Oct-11)
    +
    jsrsasign 10.1.0 asn1 1.0.21 (2020-Nov-18)
    @@ -555,7 +559,7 @@

    asn1cms-1.0.js

    Version:
    -
    jsrsasign 10.0.0 asn1cms 2.0.0 (2020-Sep-22)
    +
    jsrsasign 10.1.0 asn1cms 2.0.1 (2020-Nov-18)
    @@ -574,7 +578,7 @@

    asn1csr-1.0.js

    Version:
    -
    jsrsasign 9.1.1 asn1csr 2.0.2 (2020-Aug-26)
    +
    jsrsasign 10.1.0 asn1csr 2.0.3 (2020-Nov-18)
    @@ -593,7 +597,7 @@

    asn1hex-1.1.js

    Version:
    -
    jsrsasign 9.1.6 asn1hex 1.2.6 (2020-Sep-04)
    +
    jsrsasign 10.1.0 asn1hex 1.2.7 (2020-Nov-18)
    @@ -631,7 +635,7 @@

    asn1tsp-1.0.js

    Version:
    -
    jsrsasign 10.0.0 asn1tsp 2.0.0 (2020-Sep-22)
    +
    jsrsasign 10.1.0 asn1tsp 2.0.1 (2020-Nov-18)
    @@ -650,7 +654,7 @@

    asn1x509-1.0.js

    Version:
    -
    jsrsasign 10.0.5 asn1x509 2.1.5 (2020-Nov-04)
    +
    jsrsasign 10.1.0 asn1x509 2.1.6 (2020-Nov-18)
    @@ -669,7 +673,7 @@

    base64x-1.1.js

    Version:
    -
    jsrsasign 10.0.5 base64x 1.1.17 (2020-Nov-04)
    +
    jsrsasign 10.1.0 base64x 1.1.18 (2020-Nov-18)
    @@ -878,7 +882,7 @@

    x509-1.1.js

    Version:
    -
    jsrsasign 10.0.4 x509 2.0.8 (2020-Oct-23)
    +
    jsrsasign 10.1.0 x509 2.0.9 (2020-Nov-18)
    @@ -897,7 +901,7 @@

    x509crl.js

    Version:
    -
    jsrsasign 9.1.4 x509crl 1.0.1 (2020-Aug-26)
    +
    jsrsasign 10.1.0 x509crl 1.0.2 (2020-Nov-18)
    diff --git a/api/index.html b/api/index.html index 26642eba..5db63474 100644 --- a/api/index.html +++ b/api/index.html @@ -230,6 +230,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -376,6 +378,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • @@ -638,6 +642,12 @@

    KJUR.asn1.cms.Certificat
    +
    +

    KJUR.asn1.cms.CMSParser

    + CMS SignedData parser class +
    +
    +

    KJUR.asn1.cms.CMSUtil

    CMS utilities class @@ -1076,6 +1086,12 @@

    KJUR.asn1.tsp.TimeStampT

    +
    +

    KJUR.asn1.tsp.TSPParser

    + RFC 3161 TimeStamp protocol parser class +
    +
    +

    KJUR.asn1.tsp.TSPUtil

    TSP utilities class diff --git a/api/symbols/ASN1HEX.html b/api/symbols/ASN1HEX.html index baade533..4f2e9326 100644 --- a/api/symbols/ASN1HEX.html +++ b/api/symbols/ASN1HEX.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • @@ -624,6 +628,15 @@

    + + <static>   + +
    ASN1HEX.getInt(h, idx, errorReturn) +
    +
    get integer value from ASN.1 V(value)
    + + + <static>   @@ -660,6 +673,26 @@

    + + <static>   + +
    ASN1HEX.getOID(h, idx, errorReturn) +
    +
    get object identifier string from ASN.1 V(value)
    + + + + + <static>   + +
    ASN1HEX.getOIDName(h, idx, errorReturn) +
    +
    get object identifier name from ASN.1 V(value)
    +This static method returns object identifier name such as "sha256" +if registered.
    + + + <static>   @@ -1353,6 +1386,71 @@

    +
    + + +
    <static> + + {Number} + ASN1HEX.getInt(h, idx, errorReturn) + +
    +
    + get integer value from ASN.1 V(value)
    + + +
    + + + + 
    ASN1HEX.getInt("xxxx020103xxxxxx", 4) &rarr 3
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string
    + +
    + {Number} idx + +
    +
    string index in h to get ASN.1 DER Integer
    + +
    + {Object} errorReturn + +
    +
    (OPTION) error return value (DEFAULT: -1)
    + +
    + + + +
    +
    Since:
    +
    jsrsasign 10.1.0 asn1hex 1.2.7
    +
    + + + + +
    +
    Returns:
    + +
    {Number} DER Integer value
    + +
    + + + +
    @@ -1603,6 +1701,140 @@

    +
    + + +
    <static> + + {String} + ASN1HEX.getOID(h, idx, errorReturn) + +
    +
    + get object identifier string from ASN.1 V(value)
    + + +
    + + + + 
    ASN1HEX.getInt("xxxx06032a0304xxxxxx", 4) &rarr "1.2.3.4"
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string
    + +
    + {Number} idx + +
    +
    string index in h to get ASN.1 DER ObjectIdentifier
    + +
    + {Object} errorReturn + +
    +
    (OPTION) error return value (DEFAULT: null)
    + +
    + + + +
    +
    Since:
    +
    jsrsasign 10.1.0 asn1hex 1.2.7
    +
    + + + + +
    +
    Returns:
    + +
    {String} object identifier string (ex. "1.2.3.4")
    + +
    + + + + +
    + + +
    <static> + + {String} + ASN1HEX.getOIDName(h, idx, errorReturn) + +
    +
    + get object identifier name from ASN.1 V(value)
    +This static method returns object identifier name such as "sha256" +if registered. If not registered, it returns OID string. +(ex. "1.2.3.4") + + +
    + + + + 
    ASN1HEX.getOIDName("xxxx0609608648016503040201xxxxxx", 4) &rarr "sha256"
+ASN1HEX.getOIDName("xxxx06032a0304xxxxxx", 4) &rarr "1.2.3.4"
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string
    + +
    + {Number} idx + +
    +
    string index in h to get ASN.1 DER ObjectIdentifier
    + +
    + {Object} errorReturn + +
    +
    (OPTION) error return value (DEFAULT: null)
    + +
    + + + +
    +
    Since:
    +
    jsrsasign 10.1.0 asn1hex 1.2.7
    +
    + + + + +
    +
    Returns:
    + +
    {String} object identifier name (ex. "sha256") oir OID string
    + +
    + + + +
    diff --git a/api/symbols/Base64x.html b/api/symbols/Base64x.html index 636dcbcb..02db09c7 100644 --- a/api/symbols/Base64x.html +++ b/api/symbols/Base64x.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KEYUTIL.html b/api/symbols/KEYUTIL.html index 2f577407..d4ecb5ff 100644 --- a/api/symbols/KEYUTIL.html +++ b/api/symbols/KEYUTIL.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.ASN1Object.html b/api/symbols/KJUR.asn1.ASN1Object.html index ec7093af..50193046 100644 --- a/api/symbols/KJUR.asn1.ASN1Object.html +++ b/api/symbols/KJUR.asn1.ASN1Object.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.ASN1Util.html b/api/symbols/KJUR.asn1.ASN1Util.html index c4830a97..dbfdeeef 100644 --- a/api/symbols/KJUR.asn1.ASN1Util.html +++ b/api/symbols/KJUR.asn1.ASN1Util.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • @@ -617,7 +621,7 @@

    KJUR.asn1.ASN1Util.oidIntToHex(oidString)
    -
    get hexadecimal value of object identifier from dot noted oid value +
    get hexadecimal value of object identifier from dot noted oid value (DEPRECATED) This static method converts from object identifier value string.
    @@ -950,7 +954,7 @@

    - get hexadecimal value of object identifier from dot noted oid value + get hexadecimal value of object identifier from dot noted oid value (DEPRECATED) This static method converts from object identifier value string. to hexadecimal string representation of it. ASN1HEX.hextooidstr is a reverse function of this. @@ -977,6 +981,13 @@

    +
    +
    Deprecated:
    +
    + from jsrsasign 10.0.6. please use oidtohex +
    +
    +
    Since:
    diff --git a/api/symbols/KJUR.asn1.DERAbstractString.html b/api/symbols/KJUR.asn1.DERAbstractString.html index 717a474c..74679a8c 100644 --- a/api/symbols/KJUR.asn1.DERAbstractString.html +++ b/api/symbols/KJUR.asn1.DERAbstractString.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DERAbstractStructured.html b/api/symbols/KJUR.asn1.DERAbstractStructured.html index 67e95219..74448457 100644 --- a/api/symbols/KJUR.asn1.DERAbstractStructured.html +++ b/api/symbols/KJUR.asn1.DERAbstractStructured.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DERAbstractTime.html b/api/symbols/KJUR.asn1.DERAbstractTime.html index a625a4a4..2c88f25d 100644 --- a/api/symbols/KJUR.asn1.DERAbstractTime.html +++ b/api/symbols/KJUR.asn1.DERAbstractTime.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DERBMPString.html b/api/symbols/KJUR.asn1.DERBMPString.html index 7fc718f3..04fa1454 100644 --- a/api/symbols/KJUR.asn1.DERBMPString.html +++ b/api/symbols/KJUR.asn1.DERBMPString.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DERBitString.html b/api/symbols/KJUR.asn1.DERBitString.html index 51a1a26c..4ef88ed3 100644 --- a/api/symbols/KJUR.asn1.DERBitString.html +++ b/api/symbols/KJUR.asn1.DERBitString.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DERBoolean.html b/api/symbols/KJUR.asn1.DERBoolean.html index 285e24b1..12659fd7 100644 --- a/api/symbols/KJUR.asn1.DERBoolean.html +++ b/api/symbols/KJUR.asn1.DERBoolean.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DEREnumerated.html b/api/symbols/KJUR.asn1.DEREnumerated.html index 4432115d..753e00dd 100644 --- a/api/symbols/KJUR.asn1.DEREnumerated.html +++ b/api/symbols/KJUR.asn1.DEREnumerated.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DERGeneralizedTime.html b/api/symbols/KJUR.asn1.DERGeneralizedTime.html index 577f8a55..714b934f 100644 --- a/api/symbols/KJUR.asn1.DERGeneralizedTime.html +++ b/api/symbols/KJUR.asn1.DERGeneralizedTime.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DERIA5String.html b/api/symbols/KJUR.asn1.DERIA5String.html index af1dd0b7..6493fb3e 100644 --- a/api/symbols/KJUR.asn1.DERIA5String.html +++ b/api/symbols/KJUR.asn1.DERIA5String.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DERInteger.html b/api/symbols/KJUR.asn1.DERInteger.html index 14ac8a1a..188e4ed0 100644 --- a/api/symbols/KJUR.asn1.DERInteger.html +++ b/api/symbols/KJUR.asn1.DERInteger.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DERNull.html b/api/symbols/KJUR.asn1.DERNull.html index 870cc042..f25ebb5b 100644 --- a/api/symbols/KJUR.asn1.DERNull.html +++ b/api/symbols/KJUR.asn1.DERNull.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DERNumericString.html b/api/symbols/KJUR.asn1.DERNumericString.html index 79f2fdcb..ad1b1c46 100644 --- a/api/symbols/KJUR.asn1.DERNumericString.html +++ b/api/symbols/KJUR.asn1.DERNumericString.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DERObjectIdentifier.html b/api/symbols/KJUR.asn1.DERObjectIdentifier.html index 893982ac..d72bdc20 100644 --- a/api/symbols/KJUR.asn1.DERObjectIdentifier.html +++ b/api/symbols/KJUR.asn1.DERObjectIdentifier.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • @@ -678,6 +682,13 @@

    +
    +
    See:
    + +
    oidtohex
    + +
    +

    diff --git a/api/symbols/KJUR.asn1.DEROctetString.html b/api/symbols/KJUR.asn1.DEROctetString.html index 66d208a0..36ebfece 100644 --- a/api/symbols/KJUR.asn1.DEROctetString.html +++ b/api/symbols/KJUR.asn1.DEROctetString.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DERPrintableString.html b/api/symbols/KJUR.asn1.DERPrintableString.html index c4ad7031..630677b9 100644 --- a/api/symbols/KJUR.asn1.DERPrintableString.html +++ b/api/symbols/KJUR.asn1.DERPrintableString.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DERSequence.html b/api/symbols/KJUR.asn1.DERSequence.html index 1882706a..4c39ff06 100644 --- a/api/symbols/KJUR.asn1.DERSequence.html +++ b/api/symbols/KJUR.asn1.DERSequence.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DERSet.html b/api/symbols/KJUR.asn1.DERSet.html index 94f55e12..1c4599b0 100644 --- a/api/symbols/KJUR.asn1.DERSet.html +++ b/api/symbols/KJUR.asn1.DERSet.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DERTaggedObject.html b/api/symbols/KJUR.asn1.DERTaggedObject.html index 3f119a9c..7234f503 100644 --- a/api/symbols/KJUR.asn1.DERTaggedObject.html +++ b/api/symbols/KJUR.asn1.DERTaggedObject.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DERTeletexString.html b/api/symbols/KJUR.asn1.DERTeletexString.html index 02055765..ce035db8 100644 --- a/api/symbols/KJUR.asn1.DERTeletexString.html +++ b/api/symbols/KJUR.asn1.DERTeletexString.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DERUTCTime.html b/api/symbols/KJUR.asn1.DERUTCTime.html index 205ecacf..c494eaa7 100644 --- a/api/symbols/KJUR.asn1.DERUTCTime.html +++ b/api/symbols/KJUR.asn1.DERUTCTime.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DERUTF8String.html b/api/symbols/KJUR.asn1.DERUTF8String.html index 245194aa..8cf63c48 100644 --- a/api/symbols/KJUR.asn1.DERUTF8String.html +++ b/api/symbols/KJUR.asn1.DERUTF8String.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.DERVisibleString.html b/api/symbols/KJUR.asn1.DERVisibleString.html index d39e75e9..d8e88475 100644 --- a/api/symbols/KJUR.asn1.DERVisibleString.html +++ b/api/symbols/KJUR.asn1.DERVisibleString.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cades.CAdESUtil.html b/api/symbols/KJUR.asn1.cades.CAdESUtil.html index 1b732ca3..7ce8116a 100644 --- a/api/symbols/KJUR.asn1.cades.CAdESUtil.html +++ b/api/symbols/KJUR.asn1.cades.CAdESUtil.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cades.CompleteCertificateRefs.html b/api/symbols/KJUR.asn1.cades.CompleteCertificateRefs.html index 467602a1..1fcade4c 100644 --- a/api/symbols/KJUR.asn1.cades.CompleteCertificateRefs.html +++ b/api/symbols/KJUR.asn1.cades.CompleteCertificateRefs.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cades.OtherCertID.html b/api/symbols/KJUR.asn1.cades.OtherCertID.html index bf767eb6..01a7f2cb 100644 --- a/api/symbols/KJUR.asn1.cades.OtherCertID.html +++ b/api/symbols/KJUR.asn1.cades.OtherCertID.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cades.OtherHash.html b/api/symbols/KJUR.asn1.cades.OtherHash.html index 439481cd..72001844 100644 --- a/api/symbols/KJUR.asn1.cades.OtherHash.html +++ b/api/symbols/KJUR.asn1.cades.OtherHash.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cades.OtherHashAlgAndValue.html b/api/symbols/KJUR.asn1.cades.OtherHashAlgAndValue.html index 8126a234..f451af0b 100644 --- a/api/symbols/KJUR.asn1.cades.OtherHashAlgAndValue.html +++ b/api/symbols/KJUR.asn1.cades.OtherHashAlgAndValue.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cades.OtherHashValue.html b/api/symbols/KJUR.asn1.cades.OtherHashValue.html index 0fc0b30c..79aa2848 100644 --- a/api/symbols/KJUR.asn1.cades.OtherHashValue.html +++ b/api/symbols/KJUR.asn1.cades.OtherHashValue.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cades.SignaturePolicyId.html b/api/symbols/KJUR.asn1.cades.SignaturePolicyId.html index cb1370e3..cfe47c0b 100644 --- a/api/symbols/KJUR.asn1.cades.SignaturePolicyId.html +++ b/api/symbols/KJUR.asn1.cades.SignaturePolicyId.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cades.SignaturePolicyIdentifier.html b/api/symbols/KJUR.asn1.cades.SignaturePolicyIdentifier.html index 0b8048f6..fad1c218 100644 --- a/api/symbols/KJUR.asn1.cades.SignaturePolicyIdentifier.html +++ b/api/symbols/KJUR.asn1.cades.SignaturePolicyIdentifier.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cades.SignatureTimeStamp.html b/api/symbols/KJUR.asn1.cades.SignatureTimeStamp.html index 780bd5c4..2df21859 100644 --- a/api/symbols/KJUR.asn1.cades.SignatureTimeStamp.html +++ b/api/symbols/KJUR.asn1.cades.SignatureTimeStamp.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cades.html b/api/symbols/KJUR.asn1.cades.html index 86d5a603..d63773d3 100644 --- a/api/symbols/KJUR.asn1.cades.html +++ b/api/symbols/KJUR.asn1.cades.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.Attribute.html b/api/symbols/KJUR.asn1.cms.Attribute.html index 02e81397..2b981fab 100644 --- a/api/symbols/KJUR.asn1.cms.Attribute.html +++ b/api/symbols/KJUR.asn1.cms.Attribute.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.AttributeList.html b/api/symbols/KJUR.asn1.cms.AttributeList.html index 3d82b3b4..bcf8f670 100644 --- a/api/symbols/KJUR.asn1.cms.AttributeList.html +++ b/api/symbols/KJUR.asn1.cms.AttributeList.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.CMSParser.html b/api/symbols/KJUR.asn1.cms.CMSParser.html new file mode 100644 index 00000000..8dee304a --- /dev/null +++ b/api/symbols/KJUR.asn1.cms.CMSParser.html @@ -0,0 +1,2056 @@ + + + + + + + jsrsasign JavaScript API Reference - KJUR.asn1.cms.CMSParser + + + + + + + + + + + + +
    + +
    Class Index +| File Index
    +
    +

    Classes

    + +
    + +
    + +
    + +

    + + Class KJUR.asn1.cms.CMSParser +

    + + +

    + + + + CMS SignedData parser class + + +
    Defined in: asn1cms-1.0.js. + +

    + + + + + + + + + + + + + + + + + +
    Class Summary
    Constructor AttributesConstructor Name and Description
      +
    + KJUR.asn1.cms.CMSParser() +
    +
    class for parsing CMS SignedData
    +This is an ASN.1 parser for CMS SignedData defined in +RFC 5652 +Cryptographic Message Syntax (CMS).
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Method Summary
    Method AttributesMethod Name and Description
      +
    getAttribute(h) +
    +
    parse ASN.1 Attributes
    +This method parses ASN.1 Attribute defined in +RFC 5652 + +section 5.
    +
      +
    getAttributeArray(h) +
    +
    parse ASN.1 SET OF Attributes
    +This method parses ASN.1 SET OF Attribute defined in +RFC 5652 + +section 5.
    +
      +
    getCertificateSet(h) +
    +
    parse ASN.1 CertificateSet
    +This method parses ASN.1 IssuerSerial defined in + +RFC 5652 CMS section 10.2.3 and + +section 10.2.2.
    +
      +
    getCMSSignedData(h) +
    +
    parse ASN.1 ContentInfo with SignedData
    +This method parses ASN.1 ContentInfo with SignedData defined in +RFC 5652 +section 3 +and +section 5.
    +
      +
    getEContent(h) +
    +
    parse ASN.1 EncapsulatedContentInfo
    +This method parses ASN.1 SignedData defined in +RFC 5652 + +section 5.
    +
      +
    getESSCertID(h) +
    +
    parse ASN.1 ESSCertID
    +This method parses ASN.1 ESSCertID defined in + +RFC 5035 section 6.
    +
      +
    getHashAlgArray(h) +
    +
    parse ASN.1 DigestAlgorithmIdentifiers
    +This method parses ASN.1 SignedData defined in +RFC 5652 + +section 5.1.
    +
      +
    getIssuerAndSerialNumber(h) +
    +
    parse ASN.1 IssuerAndSerialNumber
    +This method parses ASN.1 IssuerAndSerialNumber defined in +RFC 5652 + +section 5.
    +
      +
    getIssuerSerial(h) +
    +
    parse ASN.1 IssuerSerial
    +This method parses ASN.1 IssuerSerial defined in + +RFC 5035 section 6.
    +
      +
    getSignedData(h) +
    +
    parse ASN.1 SignedData
    +This method parses ASN.1 SignedData defined in +RFC 5652 +section 5.
    +
      +
    getSignerIdentifier(h) +
    +
    parse ASN.1 SignerIdentifier
    +This method parses ASN.1 SignerIdentifier defined in +RFC 5652 + +section 5.
    +
      +
    getSignerInfo(h) +
    +
    parse ASN.1 SignerInfo
    +This method parses ASN.1 SignerInfos defined in +RFC 5652 + +section 5.
    +
      +
    getSignerInfos(h) +
    +
    parse ASN.1 SignerInfos
    +This method parses ASN.1 SignerInfos defined in +RFC 5652 + +section 5.
    +
      +
    setContentType(pAttr) +
    +
    set ContentType attribute
    +This sets an attribute as ContentType defined in +RFC 5652 + +section 5.
    +
      +
    setMessageDigest(pAttr) +
    +
    set MessageDigest attribute
    +This sets an attribute as SigningTime defined in +RFC 5652 + +section 5.
    +
      +
    setSigningCertificate(pAttr) +
    +
    set SigningCertificate attribute
    +This sets an attribute as SigningCertificate defined in + +RFC 5035 section 5.
    +
      +
    setSigningTime(pAttr) +
    +
    set SigningTime attribute
    +This sets an attribute as SigningTime defined in +RFC 5652 + +section 5.
    +
    + + + + + + + + + +
    +
    + Class Detail +
    + +
    + KJUR.asn1.cms.CMSParser() +
    + +
    + class for parsing CMS SignedData
    +This is an ASN.1 parser for CMS SignedData defined in +RFC 5652 +Cryptographic Message Syntax (CMS). +
    +ContentInfo ::= SEQUENCE {
+   contentType ContentType,
+   content [0] EXPLICIT ANY DEFINED BY contentType }
+ContentType ::= OBJECT IDENTIFIER
+SignedData ::= SEQUENCE {
+   version CMSVersion,
+   digestAlgorithms DigestAlgorithmIdentifiers,
+   encapContentInfo EncapsulatedContentInfo,
+   certificates [0] IMPLICIT CertificateSet OPTIONAL,
+   crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
+   signerInfos SignerInfos }
+SignerInfos ::= SET OF SignerInfo
+CertificateSet ::= SET OF CertificateChoices
+DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
+CertificateSet ::= SET OF CertificateChoices
+RevocationInfoChoices ::= SET OF RevocationInfoChoice
+
    + +
    + + + + + + + +
    +
    Since:
    +
    jsrsasign 10.1.0 asn1cms 2.0.1
    +
    + + + + + + +
    + + + + + + + +
    + Method Detail +
    + + +
    + + {Array} + getAttribute(h) + +
    +
    + parse ASN.1 Attributes
    +This method parses ASN.1 Attribute defined in +RFC 5652 + +section 5. +Following attribute type are supported in the +latest version: +
      +
    • contentType
      • +
    • messageDigest
      • +
    • signingTime
      • +
    • signingCertificate
      • +
    + + +
    + + + + 
    parser = new KJUR.asn1.cms.CMSParser();
+parser.getAttribute("30...") →
+{attr: "contentType", type: "tstinfo"}
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of ASN.1 Attribute
    + +
    + + + + + +
    +
    Returns:
    + +
    {Array} array of JSON object of Attribute parameter
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.cms.SignerInfo
    + +
    KJUR.asn1.cms.CMSParser#getAttributeArray
    + +
    + + +
    + + +
    + + {Array} + getAttributeArray(h) + +
    +
    + parse ASN.1 SET OF Attributes
    +This method parses ASN.1 SET OF Attribute defined in +RFC 5652 + +section 5. +This can be used for SignedAttributes and UnsignedAttributes. + + +
    + + + + 
    parser = new KJUR.asn1.cms.CMSParser();
+parser.getAttributeArray("30...") →
+[{attr: "contentType", type: "tstinfo"},
+ {attr: "messageDigest", hex: "1234abcd..."}]
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of ASN.1 SET OF Attribute
    + +
    + + + + + +
    +
    Returns:
    + +
    {Array} array of JSON object of Attribute parameter
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.cms.SignerInfo
    + +
    KJUR.asn1.cms.CMSParser#getAttribute
    + +
    + + +
    + + +
    + + {Array} + getCertificateSet(h) + +
    +
    + parse ASN.1 CertificateSet
    +This method parses ASN.1 IssuerSerial defined in + +RFC 5652 CMS section 10.2.3 and + +section 10.2.2. +
    +CertificateSet ::= SET OF CertificateChoices
+CertificateChoices ::= CHOICE {
+  certificate Certificate,
+  extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
+  v1AttrCert [1] IMPLICIT AttributeCertificateV1,       -- Obsolete
+  v2AttrCert [2] IMPLICIT AttributeCertificateV2,
+  other [3] IMPLICIT OtherCertificateFormat }
+OtherCertificateFormat ::= SEQUENCE {
+  otherCertFormat OBJECT IDENTIFIER,
+  otherCert ANY DEFINED BY otherCertFormat }
+
    +Currently only "certificate" is supported in +CertificateChoices. + + +
    + + + + 
    parser = new KJUR.asn1.cms.CMSParser();
+parser.getCertificateSet("a0...") →
+[ "-----BEGIN CERTIFICATE...", ... ]
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of ASN.1 CertificateSet
    + +
    + + + + + +
    +
    Returns:
    + +
    {Array} array of JSON object of CertificateSet parameter
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.cms.CertificateSet
    + +
    + + +
    + + +
    + + {Array} + getCMSSignedData(h) + +
    +
    + parse ASN.1 ContentInfo with SignedData
    +This method parses ASN.1 ContentInfo with SignedData defined in +RFC 5652 +section 3 +and +section 5. +The result parameter can be passed to +KJUR.asn1.cms.SignedData constructor. + + +
    + + + + 
    parser = new KJUR.asn1.cms.CMSParser();
+parser.getCMSSignedData("30...") →
+{
+  version: 1,
+  hashalgs: ["sha1"],
+  econtent: {
+    type: "data",
+    content: {hex:"616161"}
+  },
+  certs: [PEM1,...],
+  sinfos: [{
+    version: 1,
+    id: {type:'isssn',issuer:{str:'/C=US/O=T1'},serial:{int: 1}},
+    hashalg: "sha1",
+    sattrs: {array: [{
+      attr: "contentType",
+      type: '1.2.840.113549.1.7.1'
+    },{
+      attr: "messageDigest",
+      hex: 'abcd'
+    }]},
+    sigalg: "SHA1withRSA",
+    sighex: "1234abcd..."
+  }]
+}
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of ASN.1 ContentInfo with SignedData
    + +
    + + + + + +
    +
    Returns:
    + +
    {Array} array of JSON object of SignedData parameter
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.cms.SignedData
    + +
    KJUR.asn1.cms.CMSParser#getSignedData
    + +
    + + +
    + + +
    + + {Array} + getEContent(h) + +
    +
    + parse ASN.1 EncapsulatedContentInfo
    +This method parses ASN.1 SignedData defined in +RFC 5652 + +section 5. +The result parameter can be passed to +KJUR.asn1.cms.EncapsulatedContentInfo constructor. + + +
    + + + + 
    parser = new KJUR.asn1.cms.CMSParser();
+parser.getEContent("30...") →
+{type: "tstinfo", content: {hex: "30..."}}
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of ASN.1 EncapsulatedContentInfo
    + +
    + + + + + +
    +
    Returns:
    + +
    {Array} array of JSON object of EncapsulatedContentInfo parameter
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.cms.EncapsulatedContentInfo
    + +
    KJUR.asn1.cms.CMSParser#getSignedData
    + +
    + + +
    + + +
    + + {Array} + getESSCertID(h) + +
    +
    + parse ASN.1 ESSCertID
    +This method parses ASN.1 ESSCertID defined in + +RFC 5035 section 6. +
    +ESSCertID ::= SEQUENCE {
+   certHash Hash,
+   issuerSerial IssuerSerial OPTIONAL }
+IssuerSerial ::= SEQUENCE {
+   issuer GeneralNames,
+   serialNumber CertificateSerialNumber }
+
    + + +
    + + + + 
    parser = new KJUR.asn1.cms.CMSParser();
+parser.getESSCertID("30...") →
+{ hash: "12ab...",
+  issuer: {
+    array: [[{type:"C",value:"JP",ds:"prn"}],...],
+    str: "/C=JP/O=T1"
+  },
+  serial: {hex: "12ab..."} }
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of ASN.1 ESSCertID
    + +
    + + + + + +
    +
    Returns:
    + +
    {Array} array of JSON object of ESSCertID parameter
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.cms.ESSCertID
    + +
    + + +
    + + +
    + + {Array} + getHashAlgArray(h) + +
    +
    + parse ASN.1 DigestAlgorithmIdentifiers
    +This method parses ASN.1 SignedData defined in +RFC 5652 + +section 5.1. + + +
    + + + + 
    parser = new KJUR.asn1.cms.CMSParser();
+parser.getHashAlgArray("30...") → ["sha256"]
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of ASN.1 DigestAlgorithmIdentifiers
    + +
    + + + + + +
    +
    Returns:
    + +
    {Array} array of JSON object of digest algorithm names
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.cms.SignedData
    + +
    KJUR.asn1.cms.CMSParser#getSignedData
    + +
    + + +
    + + +
    + + {Array} + getIssuerAndSerialNumber(h) + +
    +
    + parse ASN.1 IssuerAndSerialNumber
    +This method parses ASN.1 IssuerAndSerialNumber defined in +RFC 5652 + +section 5. + + +
    + + + + 
    parser = new KJUR.asn1.cms.CMSParser();
+parser.getIssuerAndSerialNumber("30...") →
+{ type: "isssn",
+  issuer: {
+    array: [[{type:"C",value:"JP",ds:"prn"},...]]
+    str: '/C=US/O=T1'
+  },
+  serial: {int: 1} }
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of ASN.1 IssuerAndSerialNumber
    + +
    + + + + + +
    +
    Returns:
    + +
    {Array} array of JSON object of IssuerAndSerialNumber parameter
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.cms.SignerInfo
    + +
    KJUR.asn1.cms.CMSParser#getSignedData
    + +
    + + +
    + + +
    + + {Array} + getIssuerSerial(h) + +
    +
    + parse ASN.1 IssuerSerial
    +This method parses ASN.1 IssuerSerial defined in + +RFC 5035 section 6. +
    +IssuerSerial ::= SEQUENCE {
+   issuer GeneralNames,
+   serialNumber CertificateSerialNumber }
+
    + + +
    + + + + 
    parser = new KJUR.asn1.cms.CMSParser();
+parser.getIssuerSerial("30...") →
+{ issuer: {
+    array: [[{type:"C",value:"JP",ds:"prn"}],...],
+    str: "/C=JP/O=T1",
+  },
+  serial: {hex: "12ab..."} }
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of ASN.1 IssuerSerial
    + +
    + + + + + +
    +
    Returns:
    + +
    {Array} array of JSON object of IssuerSerial parameter
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.cms.IssuerSerial
    + +
    KJUR.asn1.x509.X500Name
    + +
    + + +
    + + +
    + + {Array} + getSignedData(h) + +
    +
    + parse ASN.1 SignedData
    +This method parses ASN.1 SignedData defined in +RFC 5652 +section 5. +The result parameter can be passed to +KJUR.asn1.cms.SignedData constructor. + + +
    + + + + 
    parser = new KJUR.asn1.cms.CMSParser();
+parser.getSignedData("30...")
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of ASN.1 SignedData
    + +
    + + + + + +
    +
    Returns:
    + +
    {Array} array of JSON object of SignedData parameter
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.cms.SignedData
    + +
    KJUR.asn1.cms.CMSParser#getSignedData
    + +
    + + +
    + + +
    + + {Array} + getSignerIdentifier(h) + +
    +
    + parse ASN.1 SignerIdentifier
    +This method parses ASN.1 SignerIdentifier defined in +RFC 5652 + +section 5. + + +
    + + + + 
    parser = new KJUR.asn1.cms.CMSParser();
+parser.getSignerIdentifier("30...") →
+{ type: "isssn",
+  issuer: {
+    array: [[{type:"C",value:"JP",ds:"prn"},...]]
+    str: '/C=US/O=T1'
+  },
+  serial: {int: 1} }
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of ASN.1 SignerIdentifier
    + +
    + + + + + +
    +
    Returns:
    + +
    {Array} array of JSON object of SignerIdentifier parameter
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.cms.SignerInfo
    + +
    KJUR.asn1.cms.SignerIdentifier
    + +
    KJUR.asn1.cms.CMSParser#getSignedData
    + +
    + + +
    + + +
    + + {Array} + getSignerInfo(h) + +
    +
    + parse ASN.1 SignerInfo
    +This method parses ASN.1 SignerInfos defined in +RFC 5652 + +section 5. +
    +SignerInfo ::= SEQUENCE {
+   version CMSVersion,
+   sid SignerIdentifier,
+   digestAlgorithm DigestAlgorithmIdentifier,
+   signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
+   signatureAlgorithm SignatureAlgorithmIdentifier,
+   signature SignatureValue,
+   unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
+
    +The result parameter can be passed to +KJUR.asn1.cms.SignerInfo constructor. + + +
    + + + + 
    parser = new KJUR.asn1.cms.CMSParser();
+parser.getSignerInfos("30...") →
+[{
+  version: 1,
+  id: {type: 'isssn', issuer: {str: '/C=US/O=T1'}, serial: {int: 1}},
+  hashalg: "sha1",
+  sattrs: {array: [{
+    attr: "contentType",
+    type: '1.2.840.113549.1.7.1'
+  },{
+    attr: "messageDigest",
+    hex: 'a1a2a3a4a5a6a7a8a9a0a1a2a3a4a5a6a7a8a9a0'
+  }]},
+  sigalg: "SHA1withRSA",
+  sighex: 'b1b2b...'
+}]
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of ASN.1 SignerInfo
    + +
    + + + + + +
    +
    Returns:
    + +
    {Array} array of JSON object of SignerInfo parameter
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.cms.SignerInfo
    + +
    KJUR.asn1.cms.CMSParser#getSignedData
    + +
    + + +
    + + +
    + + {Array} + getSignerInfos(h) + +
    +
    + parse ASN.1 SignerInfos
    +This method parses ASN.1 SignerInfos defined in +RFC 5652 + +section 5. + + +
    + + + + 
    parser = new KJUR.asn1.cms.CMSParser();
+parser.getSignerInfos("30...") →
+[{
+  version: 1,
+  id: {type: 'isssn', issuer: {str: '/C=US/O=T1'}, serial: {int: 1}},
+  hashalg: "sha1",
+  sattrs: {array: [{
+    attr: "contentType",
+    type: '1.2.840.113549.1.7.1'
+  },{
+    attr: "messageDigest",
+    hex: 'a1a2a3a4a5a6a7a8a9a0a1a2a3a4a5a6a7a8a9a0'
+  }]},
+  sigalg: "SHA1withRSA",
+  sighex: 'b1b2b...'
+}]
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of ASN.1 SignerInfos
    + +
    + + + + + +
    +
    Returns:
    + +
    {Array} array of JSON object of SignerInfos parameter
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.cms.SignerInfos
    + +
    KJUR.asn1.cms.CMSParser#getSignedData
    + +
    + + +
    + + +
    + + + setContentType(pAttr) + +
    +
    + set ContentType attribute
    +This sets an attribute as ContentType defined in +RFC 5652 + +section 5. + + +
    + + + + 
    parser = new KJUR.asn1.cms.CMSParser();
+pAttr = {
+  attr: "contentType"
+  valhex: '060b2a864886f70d0109100104'
+};
+parser.setContentInfo(pAttr);
+pAttr → {
+  attr: "contentType"
+  type: "tstinfo"
+}
    + + + + +
    +
    Parameters:
    + +
    + {Array} pAttr + +
    +
    JSON object of attribute parameter
    + +
    + + + + + + + +
    +
    See:
    + +
    KJUR.asn1.cms.CMSParser#getAttribute
    + +
    + + +
    + + +
    + + + setMessageDigest(pAttr) + +
    +
    + set MessageDigest attribute
    +This sets an attribute as SigningTime defined in +RFC 5652 + +section 5. + + +
    + + + + 
    parser = new KJUR.asn1.cms.CMSParser();
+pAttr = {
+  attr: "messageDigest"
+  valhex: '0403123456'
+};
+parser.setMessageDigest(pAttr);
+pAttr → {
+  attr: "messageDigest",
+  hex: "123456"
+}
    + + + + +
    +
    Parameters:
    + +
    + {Array} pAttr + +
    +
    JSON object of attribute parameter
    + +
    + + + + + + + +
    +
    See:
    + +
    KJUR.asn1.cms.CMSParser#getAttribute
    + +
    + + +
    + + +
    + + + setSigningCertificate(pAttr) + +
    +
    + set SigningCertificate attribute
    +This sets an attribute as SigningCertificate defined in + +RFC 5035 section 5. + + +
    + + + + 
    parser = new KJUR.asn1.cms.CMSParser();
+pAttr = {
+  attr: "signingCertificate"
+  valhex: '...'
+};
+parser.setSigningCertificate(pAttr);
+pAttr → {
+  attr: "signingCertificate",
+  array: [{
+    hash: "123456...",
+    issuer: {
+      array: [[{type:"C",value:"JP",ds:"prn"},...]],
+      str: "/C=JP/O=T1"
+    },
+    serial: {hex: "123456..."}
+  }]
+}
    + + + + +
    +
    Parameters:
    + +
    + {Array} pAttr + +
    +
    JSON object of attribute parameter
    + +
    + + + + + + + +
    +
    See:
    + +
    KJUR.asn1.cms.CMSParser#getAttribute
    + +
    + + +
    + + +
    + + + setSigningTime(pAttr) + +
    +
    + set SigningTime attribute
    +This sets an attribute as SigningTime defined in +RFC 5652 + +section 5. + + +
    + + + + 
    parser = new KJUR.asn1.cms.CMSParser();
+pAttr = {
+  attr: "signingTime"
+  valhex: '170d3230313233313233353935395a'
+};
+parser.setSigningTime(pAttr);
+pAttr → {
+  attr: "signingTime",
+  str: "2012315959Z"
+}
    + + + + +
    +
    Parameters:
    + +
    + {Array} pAttr + +
    +
    JSON object of attribute parameter
    + +
    + + + + + + + +
    +
    See:
    + +
    KJUR.asn1.cms.CMSParser#getAttribute
    + +
    + + + + + + + + + +
    +
    + + + +
    + © 2012-2020 Kenji Urushima, All rights reserved
    + + Documentation generated by JsDoc Toolkit 2.4.0 +
    + + diff --git a/api/symbols/KJUR.asn1.cms.CMSUtil.html b/api/symbols/KJUR.asn1.cms.CMSUtil.html index 7911bbde..d9b79248 100644 --- a/api/symbols/KJUR.asn1.cms.CMSUtil.html +++ b/api/symbols/KJUR.asn1.cms.CMSUtil.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.CertificateSet.html b/api/symbols/KJUR.asn1.cms.CertificateSet.html index 232af6f4..4b1d589a 100644 --- a/api/symbols/KJUR.asn1.cms.CertificateSet.html +++ b/api/symbols/KJUR.asn1.cms.CertificateSet.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.ContentInfo.html b/api/symbols/KJUR.asn1.cms.ContentInfo.html index 09d1d8de..21c03c58 100644 --- a/api/symbols/KJUR.asn1.cms.ContentInfo.html +++ b/api/symbols/KJUR.asn1.cms.ContentInfo.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.ContentType.html b/api/symbols/KJUR.asn1.cms.ContentType.html index d3add78f..ee933389 100644 --- a/api/symbols/KJUR.asn1.cms.ContentType.html +++ b/api/symbols/KJUR.asn1.cms.ContentType.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.ESSCertID.html b/api/symbols/KJUR.asn1.cms.ESSCertID.html index a3635d97..30a01bdc 100644 --- a/api/symbols/KJUR.asn1.cms.ESSCertID.html +++ b/api/symbols/KJUR.asn1.cms.ESSCertID.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.ESSCertIDv2.html b/api/symbols/KJUR.asn1.cms.ESSCertIDv2.html index 5a634f74..0dfffa7f 100644 --- a/api/symbols/KJUR.asn1.cms.ESSCertIDv2.html +++ b/api/symbols/KJUR.asn1.cms.ESSCertIDv2.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.EncapsulatedContentInfo.html b/api/symbols/KJUR.asn1.cms.EncapsulatedContentInfo.html index 68361a27..3d163335 100644 --- a/api/symbols/KJUR.asn1.cms.EncapsulatedContentInfo.html +++ b/api/symbols/KJUR.asn1.cms.EncapsulatedContentInfo.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.IssuerAndSerialNumber.html b/api/symbols/KJUR.asn1.cms.IssuerAndSerialNumber.html index a63c9950..b04f0413 100644 --- a/api/symbols/KJUR.asn1.cms.IssuerAndSerialNumber.html +++ b/api/symbols/KJUR.asn1.cms.IssuerAndSerialNumber.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • @@ -617,7 +621,7 @@ 

    // specify by X500Name and DERInteger
 o = new KJUR.asn1.cms.IssuerAndSerialNumber(
-     {issuer: {str: '/C=US/O=T1'}, serial {int: 3}});
+     {issuer: {str: '/C=US/O=T1'}, serial: {int: 3}});
 // specify by PEM certificate
 o = new KJUR.asn1.cms.IssuerAndSerialNumber({cert: certPEM});
 o = new KJUR.asn1.cms.IssuerAndSerialNumber(certPEM); // since 1.0.3
    diff --git a/api/symbols/KJUR.asn1.cms.IssuerSerial.html b/api/symbols/KJUR.asn1.cms.IssuerSerial.html index c91064c1..12ff88fd 100644 --- a/api/symbols/KJUR.asn1.cms.IssuerSerial.html +++ b/api/symbols/KJUR.asn1.cms.IssuerSerial.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.MessageDigest.html b/api/symbols/KJUR.asn1.cms.MessageDigest.html index 6515b392..099c466c 100644 --- a/api/symbols/KJUR.asn1.cms.MessageDigest.html +++ b/api/symbols/KJUR.asn1.cms.MessageDigest.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.OtherRevocationFormat.html b/api/symbols/KJUR.asn1.cms.OtherRevocationFormat.html index 42856952..14fe0891 100644 --- a/api/symbols/KJUR.asn1.cms.OtherRevocationFormat.html +++ b/api/symbols/KJUR.asn1.cms.OtherRevocationFormat.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.RevocationInfoChoice.html b/api/symbols/KJUR.asn1.cms.RevocationInfoChoice.html index a45fe129..b308c85a 100644 --- a/api/symbols/KJUR.asn1.cms.RevocationInfoChoice.html +++ b/api/symbols/KJUR.asn1.cms.RevocationInfoChoice.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.RevocationInfoChoices.html b/api/symbols/KJUR.asn1.cms.RevocationInfoChoices.html index dd64a55e..87efe035 100644 --- a/api/symbols/KJUR.asn1.cms.RevocationInfoChoices.html +++ b/api/symbols/KJUR.asn1.cms.RevocationInfoChoices.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.SignedData.html b/api/symbols/KJUR.asn1.cms.SignedData.html index 5371be52..246abc5e 100644 --- a/api/symbols/KJUR.asn1.cms.SignedData.html +++ b/api/symbols/KJUR.asn1.cms.SignedData.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.SignerIdentifier.html b/api/symbols/KJUR.asn1.cms.SignerIdentifier.html index e7dbfeb6..faba55f0 100644 --- a/api/symbols/KJUR.asn1.cms.SignerIdentifier.html +++ b/api/symbols/KJUR.asn1.cms.SignerIdentifier.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.SignerInfo.html b/api/symbols/KJUR.asn1.cms.SignerInfo.html index 64e50bc1..cbfdb52a 100644 --- a/api/symbols/KJUR.asn1.cms.SignerInfo.html +++ b/api/symbols/KJUR.asn1.cms.SignerInfo.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.SigningCertificate.html b/api/symbols/KJUR.asn1.cms.SigningCertificate.html index 379c3b55..64a73a35 100644 --- a/api/symbols/KJUR.asn1.cms.SigningCertificate.html +++ b/api/symbols/KJUR.asn1.cms.SigningCertificate.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.SigningCertificateV2.html b/api/symbols/KJUR.asn1.cms.SigningCertificateV2.html index 1058eae9..b8c836b5 100644 --- a/api/symbols/KJUR.asn1.cms.SigningCertificateV2.html +++ b/api/symbols/KJUR.asn1.cms.SigningCertificateV2.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.SigningTime.html b/api/symbols/KJUR.asn1.cms.SigningTime.html index 5be8d8a1..6c2186fc 100644 --- a/api/symbols/KJUR.asn1.cms.SigningTime.html +++ b/api/symbols/KJUR.asn1.cms.SigningTime.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.SubjectKeyIdentifier.html b/api/symbols/KJUR.asn1.cms.SubjectKeyIdentifier.html index b86ad100..89984608 100644 --- a/api/symbols/KJUR.asn1.cms.SubjectKeyIdentifier.html +++ b/api/symbols/KJUR.asn1.cms.SubjectKeyIdentifier.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.cms.html b/api/symbols/KJUR.asn1.cms.html index 6381c6d6..f7b14b53 100644 --- a/api/symbols/KJUR.asn1.cms.html +++ b/api/symbols/KJUR.asn1.cms.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.csr.CSRUtil.html b/api/symbols/KJUR.asn1.csr.CSRUtil.html index 80224559..46394678 100644 --- a/api/symbols/KJUR.asn1.csr.CSRUtil.html +++ b/api/symbols/KJUR.asn1.csr.CSRUtil.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.csr.CertificationRequest.html b/api/symbols/KJUR.asn1.csr.CertificationRequest.html index 3225f4c4..327a5be6 100644 --- a/api/symbols/KJUR.asn1.csr.CertificationRequest.html +++ b/api/symbols/KJUR.asn1.csr.CertificationRequest.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.csr.CertificationRequestInfo.html b/api/symbols/KJUR.asn1.csr.CertificationRequestInfo.html index f0e8f02d..6f43090c 100644 --- a/api/symbols/KJUR.asn1.csr.CertificationRequestInfo.html +++ b/api/symbols/KJUR.asn1.csr.CertificationRequestInfo.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.csr.html b/api/symbols/KJUR.asn1.csr.html index 2ee783f3..df1f4ef0 100644 --- a/api/symbols/KJUR.asn1.csr.html +++ b/api/symbols/KJUR.asn1.csr.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.html b/api/symbols/KJUR.asn1.html index 385f6e35..6c0b7765 100644 --- a/api/symbols/KJUR.asn1.html +++ b/api/symbols/KJUR.asn1.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.ocsp.BasicOCSPResponse.html b/api/symbols/KJUR.asn1.ocsp.BasicOCSPResponse.html index 7f0c4de3..e46835fe 100644 --- a/api/symbols/KJUR.asn1.ocsp.BasicOCSPResponse.html +++ b/api/symbols/KJUR.asn1.ocsp.BasicOCSPResponse.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.ocsp.CertID.html b/api/symbols/KJUR.asn1.ocsp.CertID.html index b897dd33..25a2a605 100644 --- a/api/symbols/KJUR.asn1.ocsp.CertID.html +++ b/api/symbols/KJUR.asn1.ocsp.CertID.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.ocsp.CertStatus.html b/api/symbols/KJUR.asn1.ocsp.CertStatus.html index ea5f3137..a6a25101 100644 --- a/api/symbols/KJUR.asn1.ocsp.CertStatus.html +++ b/api/symbols/KJUR.asn1.ocsp.CertStatus.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.ocsp.OCSPParser.html b/api/symbols/KJUR.asn1.ocsp.OCSPParser.html index 9e6cde15..acdea27c 100644 --- a/api/symbols/KJUR.asn1.ocsp.OCSPParser.html +++ b/api/symbols/KJUR.asn1.ocsp.OCSPParser.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.ocsp.OCSPRequest.html b/api/symbols/KJUR.asn1.ocsp.OCSPRequest.html index 186e80d7..a527e186 100644 --- a/api/symbols/KJUR.asn1.ocsp.OCSPRequest.html +++ b/api/symbols/KJUR.asn1.ocsp.OCSPRequest.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.ocsp.OCSPResponse.html b/api/symbols/KJUR.asn1.ocsp.OCSPResponse.html index d7e90b9b..f66df9db 100644 --- a/api/symbols/KJUR.asn1.ocsp.OCSPResponse.html +++ b/api/symbols/KJUR.asn1.ocsp.OCSPResponse.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.ocsp.OCSPUtil.html b/api/symbols/KJUR.asn1.ocsp.OCSPUtil.html index 8699c976..30503b7b 100644 --- a/api/symbols/KJUR.asn1.ocsp.OCSPUtil.html +++ b/api/symbols/KJUR.asn1.ocsp.OCSPUtil.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.ocsp.Request.html b/api/symbols/KJUR.asn1.ocsp.Request.html index c97ef236..b51fed22 100644 --- a/api/symbols/KJUR.asn1.ocsp.Request.html +++ b/api/symbols/KJUR.asn1.ocsp.Request.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.ocsp.ResponderID.html b/api/symbols/KJUR.asn1.ocsp.ResponderID.html index ae538988..479c7138 100644 --- a/api/symbols/KJUR.asn1.ocsp.ResponderID.html +++ b/api/symbols/KJUR.asn1.ocsp.ResponderID.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.ocsp.ResponseBytes.html b/api/symbols/KJUR.asn1.ocsp.ResponseBytes.html index 411a04a8..6f4ab6ba 100644 --- a/api/symbols/KJUR.asn1.ocsp.ResponseBytes.html +++ b/api/symbols/KJUR.asn1.ocsp.ResponseBytes.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.ocsp.ResponseData.html b/api/symbols/KJUR.asn1.ocsp.ResponseData.html index 70e0eec5..952c4f51 100644 --- a/api/symbols/KJUR.asn1.ocsp.ResponseData.html +++ b/api/symbols/KJUR.asn1.ocsp.ResponseData.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.ocsp.SingleResponse.html b/api/symbols/KJUR.asn1.ocsp.SingleResponse.html index bf9ee1ee..00c86701 100644 --- a/api/symbols/KJUR.asn1.ocsp.SingleResponse.html +++ b/api/symbols/KJUR.asn1.ocsp.SingleResponse.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.ocsp.SingleResponseList.html b/api/symbols/KJUR.asn1.ocsp.SingleResponseList.html index 9bdc9293..c304ebc3 100644 --- a/api/symbols/KJUR.asn1.ocsp.SingleResponseList.html +++ b/api/symbols/KJUR.asn1.ocsp.SingleResponseList.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.ocsp.TBSRequest.html b/api/symbols/KJUR.asn1.ocsp.TBSRequest.html index 85dccc23..cc1e2f00 100644 --- a/api/symbols/KJUR.asn1.ocsp.TBSRequest.html +++ b/api/symbols/KJUR.asn1.ocsp.TBSRequest.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.ocsp.html b/api/symbols/KJUR.asn1.ocsp.html index f34d7759..b7850b60 100644 --- a/api/symbols/KJUR.asn1.ocsp.html +++ b/api/symbols/KJUR.asn1.ocsp.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.tsp.AbstractTSAAdapter.html b/api/symbols/KJUR.asn1.tsp.AbstractTSAAdapter.html index 422fe279..36c171cc 100644 --- a/api/symbols/KJUR.asn1.tsp.AbstractTSAAdapter.html +++ b/api/symbols/KJUR.asn1.tsp.AbstractTSAAdapter.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.tsp.Accuracy.html b/api/symbols/KJUR.asn1.tsp.Accuracy.html index 011bb1b2..b3d3dffe 100644 --- a/api/symbols/KJUR.asn1.tsp.Accuracy.html +++ b/api/symbols/KJUR.asn1.tsp.Accuracy.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.tsp.FixedTSAAdapter.html b/api/symbols/KJUR.asn1.tsp.FixedTSAAdapter.html index 7130b8dd..fa386f08 100644 --- a/api/symbols/KJUR.asn1.tsp.FixedTSAAdapter.html +++ b/api/symbols/KJUR.asn1.tsp.FixedTSAAdapter.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.tsp.MessageImprint.html b/api/symbols/KJUR.asn1.tsp.MessageImprint.html index 16e61e79..423d5d38 100644 --- a/api/symbols/KJUR.asn1.tsp.MessageImprint.html +++ b/api/symbols/KJUR.asn1.tsp.MessageImprint.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.tsp.PKIFailureInfo.html b/api/symbols/KJUR.asn1.tsp.PKIFailureInfo.html index ae7c8fb3..d3bb7de5 100644 --- a/api/symbols/KJUR.asn1.tsp.PKIFailureInfo.html +++ b/api/symbols/KJUR.asn1.tsp.PKIFailureInfo.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.tsp.PKIFreeText.html b/api/symbols/KJUR.asn1.tsp.PKIFreeText.html index 8f207f72..1d7b7804 100644 --- a/api/symbols/KJUR.asn1.tsp.PKIFreeText.html +++ b/api/symbols/KJUR.asn1.tsp.PKIFreeText.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.tsp.PKIStatus.html b/api/symbols/KJUR.asn1.tsp.PKIStatus.html index 6a0e5085..7a9ff4a1 100644 --- a/api/symbols/KJUR.asn1.tsp.PKIStatus.html +++ b/api/symbols/KJUR.asn1.tsp.PKIStatus.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.tsp.PKIStatusInfo.html b/api/symbols/KJUR.asn1.tsp.PKIStatusInfo.html index c53443aa..a39b964d 100644 --- a/api/symbols/KJUR.asn1.tsp.PKIStatusInfo.html +++ b/api/symbols/KJUR.asn1.tsp.PKIStatusInfo.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.tsp.SimpleTSAAdapter.html b/api/symbols/KJUR.asn1.tsp.SimpleTSAAdapter.html index 5bd605a8..bc900e9f 100644 --- a/api/symbols/KJUR.asn1.tsp.SimpleTSAAdapter.html +++ b/api/symbols/KJUR.asn1.tsp.SimpleTSAAdapter.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.tsp.TSPParser.html b/api/symbols/KJUR.asn1.tsp.TSPParser.html new file mode 100644 index 00000000..8ec00d72 --- /dev/null +++ b/api/symbols/KJUR.asn1.tsp.TSPParser.html @@ -0,0 +1,1214 @@ + + + + + + + jsrsasign JavaScript API Reference - KJUR.asn1.tsp.TSPParser + + + + + + + + + + + + +
    + +
    Class Index +| File Index
    +
    +

    Classes

    + +
    + +
    + +
    + +

    + + Class KJUR.asn1.tsp.TSPParser +

    + + +

    + + + + RFC 3161 TimeStamp protocol parser class + + +
    Defined in: asn1tsp-1.0.js. + +

    + + + + + + + + + + + + + + + + + +
    Class Summary
    Constructor AttributesConstructor Name and Description
      +
    + KJUR.asn1.tsp.TSPParser() +
    +
    class for parsing RFC 3161 TimeStamp protocol data
    +This is an ASN.1 parser for +RFC 3161.
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Method Summary
    Method AttributesMethod Name and Description
      +
    getAccuracy(h) +
    +
    parse ASN.1 Accuracy
    +This method parses ASN.1 Accuracy defined in RFC 3161.
    +
      +
    getMessageImprint(h) +
    +
    parse ASN.1 MessageImprint
    +This method parses ASN.1 MessageImprint defined in RFC 3161.
    +
      +
    getPKIStatusInfo(h) +
    +
    parse ASN.1 PKIStatusInfo
    +This method parses ASN.1 PKIStatusInfo defined in RFC 3161.
    +
      +
    getResponse(h) +
    +
    parse ASN.1 TimeStampResp
    +This method parses ASN.1 TimeStampRsp defined in RFC 3161.
    +
      +
    getToken(h) +
    +
    parse ASN.1 TimeStampToken
    +This method parses ASN.1 TimeStampRsp defined in RFC 3161.
    +
      +
    getTSTInfo(h) +
    +
    parse ASN.1 TSTInfo
    +This method parses ASN.1 TSTInfo defined in RFC 3161.
    +
      +
    setTSTInfo(pCMSSignedData) +
    +
    set ASN.1 TSTInfo parameter to CMS SignedData parameter
    +This method modifies "econtent.content" of CMS SignedData parameter +to parsed TSTInfo.
    +
    + + + + + + + + + +
    +
    + Class Detail +
    + +
    + KJUR.asn1.tsp.TSPParser() +
    + +
    + class for parsing RFC 3161 TimeStamp protocol data
    +This is an ASN.1 parser for +RFC 3161. + +
    + + + + + + + +
    +
    Since:
    +
    jsrsasign 10.1.0 asn1tsp 2.0.1
    +
    + + + + + + +
    + + + + + + + +
    + Method Detail +
    + + +
    + + {Array} + getAccuracy(h) + +
    +
    + parse ASN.1 Accuracy
    +This method parses ASN.1 Accuracy defined in RFC 3161. +
    +Accuracy ::= SEQUENCE {
+   seconds        INTEGER              OPTIONAL,
+   millis     [0] INTEGER  (1..999)    OPTIONAL,
+   micros     [1] INTEGER  (1..999)    OPTIONAL  }
+
    + + +
    + + + + 
    parser = new KJUR.asn1.tsp.TSPParser();
+parser.getAccuracy("30...") → {millis: 500}
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of ASN.1 Accuracy
    + +
    + + + + + +
    +
    Returns:
    + +
    {Array} JSON object of Accuracy parameter
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.tsp.Accuracy
    + +
    + + +
    + + +
    + + {Array} + getMessageImprint(h) + +
    +
    + parse ASN.1 MessageImprint
    +This method parses ASN.1 MessageImprint defined in RFC 3161. + + +
    + + + + 
    parser = new KJUR.asn1.tsp.TSPParser();
+parser.getMessageImprint("30...") → 
+{ alg: "sha256", hash: "12ab..." }
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of ASN.1 MessageImprint
    + +
    + + + + + +
    +
    Returns:
    + +
    {Array} JSON object of MessageImprint parameter
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.tsp.MessageImprint
    + +
    + + +
    + + +
    + + {Array} + getPKIStatusInfo(h) + +
    +
    + parse ASN.1 PKIStatusInfo
    +This method parses ASN.1 PKIStatusInfo defined in RFC 3161. + + +
    + + + + 
    parser = new KJUR.asn1.tsp.TSPParser();
+parser.getPKIStatusInfo("30...") → 
+{ status: "granted" }
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of ASN.1 PKIStatusInfo
    + +
    + + + + + +
    +
    Returns:
    + +
    {Array} JSON object of PKIStatusInfo parameter
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.tsp.PKIStatusInfo
    + +
    + + +
    + + +
    + + {Array} + getResponse(h) + +
    +
    + parse ASN.1 TimeStampResp
    +This method parses ASN.1 TimeStampRsp defined in RFC 3161. +
    +TimeStampResp ::= SEQUENCE {
+  status          PKIStatusInfo,
+  timeStampToken  TimeStampToken  OPTIONAL }
+
    +When "h" is a TSP error response, +returned parameter contains "statusinfo" only. + + +
    + + + + 
    parser = new KJUR.asn1.tsp.TSPParser();
+parser.getResponse("30...") →
+{ 
+  statusinfo: 'granted',
+  ... // almost the same as CMS SignedData parameters
+  econtent: {
+    type: "tstinfo",
+    content: { // TSTInfo parameter
+      policy: '1.2.3.4.5',
+      messageImprint: {alg: 'sha256', hash: 'a1a2a3a4...'},
+      serialNumber: {'int': 3},
+      genTime: {str: '20131231235959.123Z'},
+      accuracy: {millis: 500},
+      ordering: true,
+      nonce: {int: 3}
+    }
+  },
+  ...
+}
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of ASN.1 TimeStampResp
    + +
    + + + + + +
    +
    Returns:
    + +
    {Array} JSON object of TimeStampResp parameter
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.tsp.TimeStampResp
    + +
    KJUR.asn1.tsp.TimeStampToken
    + +
    KJUR.asn1.cms.CMSParser#getCMSSignedData
    + +
    + + +
    + + +
    + + {Array} + getToken(h) + +
    +
    + parse ASN.1 TimeStampToken
    +This method parses ASN.1 TimeStampRsp defined in RFC 3161. +This method will parse "h" as CMS SigneData by +KJUR.asn1.cms.CMSParser#getCMSSignedData, then +parse and modify "econtent.content" parameter by +KJUR.asn1.tsp.TSPParser#setTSTInfo method. + + +
    + + + + 
    parser = new KJUR.asn1.tsp.TSPParser();
+parser.getToken("30...") →
+{ 
+  ... // almost the same as CMS SignedData parameters
+  econtent: {
+    type: "tstinfo",
+    content: { // TSTInfo parameter
+      policy: '1.2.3.4.5',
+      messageImprint: {alg: 'sha256', hash: 'a1a2a3a4...'},
+      serialNumber: {'int': 3},
+      genTime: {str: '20131231235959.123Z'},
+      accuracy: {millis: 500},
+      ordering: true,
+      nonce: {int: 3}
+    }
+  },
+  ...
+}
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of ASN.1 TimeStampToken
    + +
    + + + + + +
    +
    Returns:
    + +
    {Array} JSON object of TimeStampToken parameter
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.tsp.TimeStampToken
    + +
    KJUR.asn1.cms.CMSParser#getCMSSignedData
    + +
    KJUR.asn1.tsp.TSPParser#setTSTInfo
    + +
    + + +
    + + +
    + + {Array} + getTSTInfo(h) + +
    +
    + parse ASN.1 TSTInfo
    +This method parses ASN.1 TSTInfo defined in RFC 3161. +
    +TSTInfo ::= SEQUENCE  {
+   version          INTEGER  { v1(1) },
+   policy           TSAPolicyId,
+   messageImprint   MessageImprint,
+   serialNumber     INTEGER,
+   genTime          GeneralizedTime,
+   accuracy         Accuracy                 OPTIONAL,
+   ordering         BOOLEAN             DEFAULT FALSE,
+   nonce            INTEGER                  OPTIONAL,
+   tsa              [0] GeneralName          OPTIONAL,
+   extensions       [1] IMPLICIT Extensions  OPTIONAL }
+
    + + +
    + + + + 
    parser = new KJUR.asn1.tsp.TSPParser();
+parser.getTSTInfo("30...") →
+{
+  policy: '1.2.3.4.5',
+  messageImprint: {alg: 'sha256', hash: 'a1a2a3a4...'},
+  serialNumber: {'int': 3},
+  genTime: {str: '20131231235959.123Z'},
+  accuracy: {millis: 500},
+  ordering: true,
+  nonce: {int: 3}
+}
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of ASN.1 TSTInfo
    + +
    + + + + + +
    +
    Returns:
    + +
    {Array} JSON object of TSTInfo parameter
    + +
    + + + +
    +
    See:
    + +
    KJUR.asn1.tsp.TSTInfo
    + +
    + + +
    + + +
    + + + setTSTInfo(pCMSSignedData) + +
    +
    + set ASN.1 TSTInfo parameter to CMS SignedData parameter
    +This method modifies "econtent.content" of CMS SignedData parameter +to parsed TSTInfo. +
    +						
+						
+
    + + + + 
    parser = new KJUR.asn1.tsp.TSPParser();
+pCMSSignedData = { 
+  ... // almost the same as CMS SignedData parameters
+  econtent: {
+    type: "tstinfo",
+    content: { hex: "30..." }
+  },
+  ...
+};
+parser.setTSTInfo(pCMSSignedData);
+pCMSSignedData → { 
+  ... // almost the same as CMS SignedData parameters
+  econtent: {
+    type: "tstinfo",
+    content: { // TSTInfo parameter
+      policy: '1.2.3.4.5',
+      messageImprint: {alg: 'sha256', hash: 'a1a2a3a4...'},
+      serialNumber: {int: 3},
+      genTime: {str: '20131231235959.123Z'},
+      accuracy: {millis: 500},
+      ordering: true,
+      nonce: {int: 3}
+    }
+  },
+  ...
+};
    + + + + +
    +
    Parameters:
    + +
    + {Array} pCMSSignedData + +
    +
    JSON object of CMS SignedData parameter
    + +
    + + + + + + + +
    +
    See:
    + +
    KJUR.asn1.tsp.TimeStampToken
    + +
    KJUR.asn1.cms.CMSParser#getCMSSignedData
    + +
    + + + + + + + + + +
    +
    + + + +
    + © 2012-2020 Kenji Urushima, All rights reserved
    + + Documentation generated by JsDoc Toolkit 2.4.0 +
    + + diff --git a/api/symbols/KJUR.asn1.tsp.TSPUtil.html b/api/symbols/KJUR.asn1.tsp.TSPUtil.html index 7387b335..6dcaef6e 100644 --- a/api/symbols/KJUR.asn1.tsp.TSPUtil.html +++ b/api/symbols/KJUR.asn1.tsp.TSPUtil.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.tsp.TSTInfo.html b/api/symbols/KJUR.asn1.tsp.TSTInfo.html index 2c50f1f2..95fe34a0 100644 --- a/api/symbols/KJUR.asn1.tsp.TSTInfo.html +++ b/api/symbols/KJUR.asn1.tsp.TSTInfo.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.tsp.TimeStampReq.html b/api/symbols/KJUR.asn1.tsp.TimeStampReq.html index ce571ece..afb10ade 100644 --- a/api/symbols/KJUR.asn1.tsp.TimeStampReq.html +++ b/api/symbols/KJUR.asn1.tsp.TimeStampReq.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.tsp.TimeStampResp.html b/api/symbols/KJUR.asn1.tsp.TimeStampResp.html index 9bb67a14..10b4ef01 100644 --- a/api/symbols/KJUR.asn1.tsp.TimeStampResp.html +++ b/api/symbols/KJUR.asn1.tsp.TimeStampResp.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.tsp.TimeStampToken.html b/api/symbols/KJUR.asn1.tsp.TimeStampToken.html index 3cf3c080..f1530d87 100644 --- a/api/symbols/KJUR.asn1.tsp.TimeStampToken.html +++ b/api/symbols/KJUR.asn1.tsp.TimeStampToken.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.tsp.html b/api/symbols/KJUR.asn1.tsp.html index 85702846..0d0d5dfd 100644 --- a/api/symbols/KJUR.asn1.tsp.html +++ b/api/symbols/KJUR.asn1.tsp.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.AdobeTimeStamp.html b/api/symbols/KJUR.asn1.x509.AdobeTimeStamp.html index 91080b11..77ada124 100644 --- a/api/symbols/KJUR.asn1.x509.AdobeTimeStamp.html +++ b/api/symbols/KJUR.asn1.x509.AdobeTimeStamp.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.AlgorithmIdentifier.html b/api/symbols/KJUR.asn1.x509.AlgorithmIdentifier.html index 99b3ddf7..37b377cc 100644 --- a/api/symbols/KJUR.asn1.x509.AlgorithmIdentifier.html +++ b/api/symbols/KJUR.asn1.x509.AlgorithmIdentifier.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.AttributeTypeAndValue.html b/api/symbols/KJUR.asn1.x509.AttributeTypeAndValue.html index 3391ad0a..983827c1 100644 --- a/api/symbols/KJUR.asn1.x509.AttributeTypeAndValue.html +++ b/api/symbols/KJUR.asn1.x509.AttributeTypeAndValue.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.AuthorityInfoAccess.html b/api/symbols/KJUR.asn1.x509.AuthorityInfoAccess.html index 85c7b9d4..b8b5ce7c 100644 --- a/api/symbols/KJUR.asn1.x509.AuthorityInfoAccess.html +++ b/api/symbols/KJUR.asn1.x509.AuthorityInfoAccess.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.AuthorityKeyIdentifier.html b/api/symbols/KJUR.asn1.x509.AuthorityKeyIdentifier.html index 6e2cdf9c..d1d7cbed 100644 --- a/api/symbols/KJUR.asn1.x509.AuthorityKeyIdentifier.html +++ b/api/symbols/KJUR.asn1.x509.AuthorityKeyIdentifier.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.BasicConstraints.html b/api/symbols/KJUR.asn1.x509.BasicConstraints.html index 5c6242e9..d7c77e91 100644 --- a/api/symbols/KJUR.asn1.x509.BasicConstraints.html +++ b/api/symbols/KJUR.asn1.x509.BasicConstraints.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.CRL.html b/api/symbols/KJUR.asn1.x509.CRL.html index 482a02af..82f8a19a 100644 --- a/api/symbols/KJUR.asn1.x509.CRL.html +++ b/api/symbols/KJUR.asn1.x509.CRL.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.CRLDistributionPoints.html b/api/symbols/KJUR.asn1.x509.CRLDistributionPoints.html index 8788c88f..3e71851a 100644 --- a/api/symbols/KJUR.asn1.x509.CRLDistributionPoints.html +++ b/api/symbols/KJUR.asn1.x509.CRLDistributionPoints.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.CRLEntry.html b/api/symbols/KJUR.asn1.x509.CRLEntry.html index 3c833b1a..96fa294c 100644 --- a/api/symbols/KJUR.asn1.x509.CRLEntry.html +++ b/api/symbols/KJUR.asn1.x509.CRLEntry.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.CRLNumber.html b/api/symbols/KJUR.asn1.x509.CRLNumber.html index 35f5c792..f14e2886 100644 --- a/api/symbols/KJUR.asn1.x509.CRLNumber.html +++ b/api/symbols/KJUR.asn1.x509.CRLNumber.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.CRLReason.html b/api/symbols/KJUR.asn1.x509.CRLReason.html index 20b81edc..55f93e0d 100644 --- a/api/symbols/KJUR.asn1.x509.CRLReason.html +++ b/api/symbols/KJUR.asn1.x509.CRLReason.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.Certificate.html b/api/symbols/KJUR.asn1.x509.Certificate.html index 8bf4ab73..bc9f9408 100644 --- a/api/symbols/KJUR.asn1.x509.Certificate.html +++ b/api/symbols/KJUR.asn1.x509.Certificate.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.CertificatePolicies.html b/api/symbols/KJUR.asn1.x509.CertificatePolicies.html index 78d2906f..6cd73b39 100644 --- a/api/symbols/KJUR.asn1.x509.CertificatePolicies.html +++ b/api/symbols/KJUR.asn1.x509.CertificatePolicies.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.DisplayText.html b/api/symbols/KJUR.asn1.x509.DisplayText.html index 1e52b71d..812ebb33 100644 --- a/api/symbols/KJUR.asn1.x509.DisplayText.html +++ b/api/symbols/KJUR.asn1.x509.DisplayText.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.DistributionPoint.html b/api/symbols/KJUR.asn1.x509.DistributionPoint.html index 9a89b285..0ab591ff 100644 --- a/api/symbols/KJUR.asn1.x509.DistributionPoint.html +++ b/api/symbols/KJUR.asn1.x509.DistributionPoint.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.DistributionPointName.html b/api/symbols/KJUR.asn1.x509.DistributionPointName.html index c3c798b6..cc449a6c 100644 --- a/api/symbols/KJUR.asn1.x509.DistributionPointName.html +++ b/api/symbols/KJUR.asn1.x509.DistributionPointName.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.ExtKeyUsage.html b/api/symbols/KJUR.asn1.x509.ExtKeyUsage.html index 252587f6..77b67f43 100644 --- a/api/symbols/KJUR.asn1.x509.ExtKeyUsage.html +++ b/api/symbols/KJUR.asn1.x509.ExtKeyUsage.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.Extension.html b/api/symbols/KJUR.asn1.x509.Extension.html index 0616765b..a016965e 100644 --- a/api/symbols/KJUR.asn1.x509.Extension.html +++ b/api/symbols/KJUR.asn1.x509.Extension.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.Extensions.html b/api/symbols/KJUR.asn1.x509.Extensions.html index a2e23841..866880d0 100644 --- a/api/symbols/KJUR.asn1.x509.Extensions.html +++ b/api/symbols/KJUR.asn1.x509.Extensions.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.GeneralName.html b/api/symbols/KJUR.asn1.x509.GeneralName.html index 8e468de8..6b15e5bd 100644 --- a/api/symbols/KJUR.asn1.x509.GeneralName.html +++ b/api/symbols/KJUR.asn1.x509.GeneralName.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.GeneralNames.html b/api/symbols/KJUR.asn1.x509.GeneralNames.html index b97c1d6a..67bb0908 100644 --- a/api/symbols/KJUR.asn1.x509.GeneralNames.html +++ b/api/symbols/KJUR.asn1.x509.GeneralNames.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.IssuerAltName.html b/api/symbols/KJUR.asn1.x509.IssuerAltName.html index bcf1f911..b8117539 100644 --- a/api/symbols/KJUR.asn1.x509.IssuerAltName.html +++ b/api/symbols/KJUR.asn1.x509.IssuerAltName.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.KeyUsage.html b/api/symbols/KJUR.asn1.x509.KeyUsage.html index 0a28c0a4..e8151271 100644 --- a/api/symbols/KJUR.asn1.x509.KeyUsage.html +++ b/api/symbols/KJUR.asn1.x509.KeyUsage.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.NoticeReference.html b/api/symbols/KJUR.asn1.x509.NoticeReference.html index 21a611c0..629ab2e5 100644 --- a/api/symbols/KJUR.asn1.x509.NoticeReference.html +++ b/api/symbols/KJUR.asn1.x509.NoticeReference.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.OCSPNoCheck.html b/api/symbols/KJUR.asn1.x509.OCSPNoCheck.html index 37ff5f09..f7bebbc0 100644 --- a/api/symbols/KJUR.asn1.x509.OCSPNoCheck.html +++ b/api/symbols/KJUR.asn1.x509.OCSPNoCheck.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.OCSPNonce.html b/api/symbols/KJUR.asn1.x509.OCSPNonce.html index 94b0ad6e..8442c855 100644 --- a/api/symbols/KJUR.asn1.x509.OCSPNonce.html +++ b/api/symbols/KJUR.asn1.x509.OCSPNonce.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.OID.html b/api/symbols/KJUR.asn1.x509.OID.html index 12fef6e2..9130be11 100644 --- a/api/symbols/KJUR.asn1.x509.OID.html +++ b/api/symbols/KJUR.asn1.x509.OID.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.PolicyInformation.html b/api/symbols/KJUR.asn1.x509.PolicyInformation.html index 1afedaed..7d4a59e4 100644 --- a/api/symbols/KJUR.asn1.x509.PolicyInformation.html +++ b/api/symbols/KJUR.asn1.x509.PolicyInformation.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.PolicyQualifierInfo.html b/api/symbols/KJUR.asn1.x509.PolicyQualifierInfo.html index 3d536c46..1d3737ac 100644 --- a/api/symbols/KJUR.asn1.x509.PolicyQualifierInfo.html +++ b/api/symbols/KJUR.asn1.x509.PolicyQualifierInfo.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.PrivateExtension.html b/api/symbols/KJUR.asn1.x509.PrivateExtension.html index 72fa5174..69f1e286 100644 --- a/api/symbols/KJUR.asn1.x509.PrivateExtension.html +++ b/api/symbols/KJUR.asn1.x509.PrivateExtension.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.RDN.html b/api/symbols/KJUR.asn1.x509.RDN.html index a8f7a069..30df1cfc 100644 --- a/api/symbols/KJUR.asn1.x509.RDN.html +++ b/api/symbols/KJUR.asn1.x509.RDN.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.SubjectAltName.html b/api/symbols/KJUR.asn1.x509.SubjectAltName.html index 1dbd1ab2..153b3db0 100644 --- a/api/symbols/KJUR.asn1.x509.SubjectAltName.html +++ b/api/symbols/KJUR.asn1.x509.SubjectAltName.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.SubjectKeyIdentifier.html b/api/symbols/KJUR.asn1.x509.SubjectKeyIdentifier.html index 43cdcd0e..e514995e 100644 --- a/api/symbols/KJUR.asn1.x509.SubjectKeyIdentifier.html +++ b/api/symbols/KJUR.asn1.x509.SubjectKeyIdentifier.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.SubjectPublicKeyInfo.html b/api/symbols/KJUR.asn1.x509.SubjectPublicKeyInfo.html index e44bc7a3..a7abcd1c 100644 --- a/api/symbols/KJUR.asn1.x509.SubjectPublicKeyInfo.html +++ b/api/symbols/KJUR.asn1.x509.SubjectPublicKeyInfo.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.TBSCertList.html b/api/symbols/KJUR.asn1.x509.TBSCertList.html index 3b63f82d..e5a5485d 100644 --- a/api/symbols/KJUR.asn1.x509.TBSCertList.html +++ b/api/symbols/KJUR.asn1.x509.TBSCertList.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.TBSCertificate.html b/api/symbols/KJUR.asn1.x509.TBSCertificate.html index 385fd5eb..06c74e49 100644 --- a/api/symbols/KJUR.asn1.x509.TBSCertificate.html +++ b/api/symbols/KJUR.asn1.x509.TBSCertificate.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.Time.html b/api/symbols/KJUR.asn1.x509.Time.html index 960a00fa..bbf9401e 100644 --- a/api/symbols/KJUR.asn1.x509.Time.html +++ b/api/symbols/KJUR.asn1.x509.Time.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.UserNotice.html b/api/symbols/KJUR.asn1.x509.UserNotice.html index 9e64d921..a1666cc2 100644 --- a/api/symbols/KJUR.asn1.x509.UserNotice.html +++ b/api/symbols/KJUR.asn1.x509.UserNotice.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.X500Name.html b/api/symbols/KJUR.asn1.x509.X500Name.html index 8b819d2d..b0a8ea4a 100644 --- a/api/symbols/KJUR.asn1.x509.X500Name.html +++ b/api/symbols/KJUR.asn1.x509.X500Name.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.X509Util.html b/api/symbols/KJUR.asn1.x509.X509Util.html index e20074ab..f225416e 100644 --- a/api/symbols/KJUR.asn1.x509.X509Util.html +++ b/api/symbols/KJUR.asn1.x509.X509Util.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.asn1.x509.html b/api/symbols/KJUR.asn1.x509.html index ac97b6f6..880a63ac 100644 --- a/api/symbols/KJUR.asn1.x509.html +++ b/api/symbols/KJUR.asn1.x509.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.crypto.Cipher.html b/api/symbols/KJUR.crypto.Cipher.html index d88e7339..39b0ec92 100644 --- a/api/symbols/KJUR.crypto.Cipher.html +++ b/api/symbols/KJUR.crypto.Cipher.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.crypto.DSA.html b/api/symbols/KJUR.crypto.DSA.html index 39e065eb..9e56fe91 100644 --- a/api/symbols/KJUR.crypto.DSA.html +++ b/api/symbols/KJUR.crypto.DSA.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.crypto.ECDSA.html b/api/symbols/KJUR.crypto.ECDSA.html index 9355cd15..e51a2bf6 100644 --- a/api/symbols/KJUR.crypto.ECDSA.html +++ b/api/symbols/KJUR.crypto.ECDSA.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.crypto.ECParameterDB.html b/api/symbols/KJUR.crypto.ECParameterDB.html index 7f443d4a..e96d5cdf 100644 --- a/api/symbols/KJUR.crypto.ECParameterDB.html +++ b/api/symbols/KJUR.crypto.ECParameterDB.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.crypto.Mac.html b/api/symbols/KJUR.crypto.Mac.html index 8daef64b..ba059953 100644 --- a/api/symbols/KJUR.crypto.Mac.html +++ b/api/symbols/KJUR.crypto.Mac.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.crypto.MessageDigest.html b/api/symbols/KJUR.crypto.MessageDigest.html index 5775cb71..8741efb6 100644 --- a/api/symbols/KJUR.crypto.MessageDigest.html +++ b/api/symbols/KJUR.crypto.MessageDigest.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.crypto.OID.html b/api/symbols/KJUR.crypto.OID.html index 0b7c8e20..a4b6c050 100644 --- a/api/symbols/KJUR.crypto.OID.html +++ b/api/symbols/KJUR.crypto.OID.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.crypto.Signature.html b/api/symbols/KJUR.crypto.Signature.html index b360e123..d06435d6 100644 --- a/api/symbols/KJUR.crypto.Signature.html +++ b/api/symbols/KJUR.crypto.Signature.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.crypto.Util.html b/api/symbols/KJUR.crypto.Util.html index 7dd3d54c..7080e648 100644 --- a/api/symbols/KJUR.crypto.Util.html +++ b/api/symbols/KJUR.crypto.Util.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.crypto.html b/api/symbols/KJUR.crypto.html index b8d3242e..ea11bb6a 100644 --- a/api/symbols/KJUR.crypto.html +++ b/api/symbols/KJUR.crypto.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.html b/api/symbols/KJUR.html index a6c9cfb9..a10b80e0 100644 --- a/api/symbols/KJUR.html +++ b/api/symbols/KJUR.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.jws.IntDate.html b/api/symbols/KJUR.jws.IntDate.html index f4ca60f6..0b4f5056 100644 --- a/api/symbols/KJUR.jws.IntDate.html +++ b/api/symbols/KJUR.jws.IntDate.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.jws.JWS.html b/api/symbols/KJUR.jws.JWS.html index adeb6428..1845f149 100644 --- a/api/symbols/KJUR.jws.JWS.html +++ b/api/symbols/KJUR.jws.JWS.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.jws.JWSJS.html b/api/symbols/KJUR.jws.JWSJS.html index fa500f23..1feec7c6 100644 --- a/api/symbols/KJUR.jws.JWSJS.html +++ b/api/symbols/KJUR.jws.JWSJS.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.jws.html b/api/symbols/KJUR.jws.html index 49b7fe4c..42b06f16 100644 --- a/api/symbols/KJUR.jws.html +++ b/api/symbols/KJUR.jws.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/KJUR.lang.String.html b/api/symbols/KJUR.lang.String.html index 7cfa808e..d1d95662 100644 --- a/api/symbols/KJUR.lang.String.html +++ b/api/symbols/KJUR.lang.String.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • @@ -596,7 +600,7 @@

    KJUR.lang.String.isHex(s)
    -
    check whether a string is an hexadecimal string or not
    +
    check whether a string is an hexadecimal string or not (DEPRECATED)
    @@ -836,7 +840,7 @@

    - check whether a string is an hexadecimal string or not
    + check whether a string is an hexadecimal string or not (DEPRECATED)
    @@ -864,6 +868,13 @@

    +
    +
    Deprecated:
    +
    + from 10.0.6. please use ishex +
    +
    +
    Since:
    @@ -882,6 +893,13 @@

    +
    +
    See:
    + +
    ishex
    + +
    +
    diff --git a/api/symbols/RSAKey.html b/api/symbols/RSAKey.html index 19f78cc8..182d7226 100644 --- a/api/symbols/RSAKey.html +++ b/api/symbols/RSAKey.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • diff --git a/api/symbols/X509.html b/api/symbols/X509.html index 32ae6240..38c388a9 100644 --- a/api/symbols/X509.html +++ b/api/symbols/X509.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • @@ -618,6 +622,17 @@

    + +   + +
    dnarraytostr(aDN) +
    +
    convert array for X500 distinguish name to distinguish name string
    +This method converts from an array representation of +X.500 distinguished name to X.500 name string.
    + + +   @@ -1258,6 +1273,18 @@

    + +   + +
    getX500NameArray(h) +
    +
    get X.500 Name ASN.1 structure parameter array
    +This method will get Name parameter defined in + +RFC 5280 4.1.2.4.
    + + + <static>   @@ -1567,6 +1594,80 @@

    Method Detail + +
    + + {String} + dnarraytostr(aDN) + +
    +
    + convert array for X500 distinguish name to distinguish name string
    +This method converts from an array representation of +X.500 distinguished name to X.500 name string. +This supports multi-valued RDN. + + +
    + + + + 
    var x = new X509();
+x.dnarraytostr(
+  [[{type:"C",value:"JP",ds:"prn"}],
+  [{type:"O",value:"T1",ds:"prn"}]]) → "/C=JP/O=T1"
+x.dnarraytostr(
+  [[{type:"C",value:"JP",ds:"prn"}],
+  [{type:"O",value:"T1",ds:"prn"}
+   {type:"CN",value:"Bob",ds:"prn"}]]) → "/C=JP/O=T1+CN=Bob"
    + + + + +
    +
    Parameters:
    + +
    + {Array} aDN + +
    +
    array for X500 distinguish name
    + +
    + + + +
    +
    Since:
    +
    jsrsasign 10.0.6 x509 2.0.8
    +
    +

    + + + +
    +
    Returns:
    + +
    {String} distinguish name
    + +
    + + + +
    +
    See:
    + +
    X509#getX500Name
    + +
    X509#getX500NameArray
    + +
    KJUR.asn1.x509.X500Name
    + +
    + + +
    +
    @@ -3932,7 +4033,14 @@ 

    x = new X509();
 x.getGeneralName("860f687474703a2f2f6161612e636f6d2f") 
-→ {uri: "http://aaa.com/"}
    +→ {uri: "http://aaa.com/"} +x.getGeneralName("a41c30...") → +{ dn: { + array: [ + [{type:"C", value:"JP", ds:"prn"}], + [{type:"O", value:"T1", ds:"utf8"}] + ], + str: "/C=JP/O=T1" } } @@ -4004,7 +4112,15 @@ 

    x = new X509();
 x.getGeneralNames("3011860f687474703a2f2f6161612e636f6d2f")
-→ [{uri: "http://aaa.com/"}]
    +→ [{uri: "http://aaa.com/"}] + +x.getGeneralNames("301ea41c30...") → +[{ dn: { + array: [ + [{type:"C", value:"JP", ds:"prn"}], + [{type:"O", value:"T1", ds:"utf8"}] + ], + str: "/C=JP/O=T1" } }] @@ -4136,11 +4252,10 @@

    - 
    var x = new X509();
-x.readCertPEM(sCertPEM);
+					
    var x = new X509(sCertPEM);
 x.getIssuer() →
 { array: [[{type:'C',value:'JP',ds:'prn'}],...],
-  str: "30..." }
    
+  str: "/C=JP/..." }
    @@ -4164,6 +4279,13 @@

    +
    +
    See:
    + +
    X509#getX500Name
    + +
    +
    @@ -5159,11 +5281,10 @@

    - 
    var x = new X509();
-x.readCertPEM(sCertPEM);
-x.getIssuer() →
+					
    var x = new X509(sCertPEM);
+x.getSubject() →
 { array: [[{type:'C',value:'JP',ds:'prn'}],...],
-  str: "30..." }
    
+  str: "/C=JP/..." }
    @@ -5187,6 +5308,13 @@

    +
    +
    See:
    + +
    X509#getX500Name
    + +
    +
    @@ -5421,6 +5549,93 @@ 

    x = new X509();
 x.getX500Name("30...") →
+{ array: [
+    [{type:"C",value:"US",ds:"prn"}],
+    [{type:"O",value:"Sample Corp.",ds:"utf8"}],
+    [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
+  ],
+  str: "/C=US/O=Sample Corp./CN=john.smith@example.com",
+  hex: "30..."
+}
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal string of Name
    + +
    + + + +
    +
    Since:
    +
    jsrsasign 9.0.0 x509 2.0.0
    +
    + + + + +
    +
    Returns:
    + +
    {Array} array of RDN parameter array
    + +
    + + + +
    +
    See:
    + +
    X509#getX500NameArray
    + +
    X509#getRDN
    + +
    X509#getAttrTypeAndValue
    + +
    KJUR.asn1.x509.X500Name
    + +
    KJUR.asn1.x509.GeneralName
    + +
    KJUR.asn1.x509.GeneralNames
    + +
    + + +
    + + +
    + + {Array} + getX500NameArray(h) + +
    +
    + get X.500 Name ASN.1 structure parameter array
    +This method will get Name parameter defined in + +RFC 5280 4.1.2.4. +
    +Name ::= CHOICE { -- only one possibility for now --
+  rdnSequence  RDNSequence }
+RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
    + + +
    + + + + 
    x = new X509();
+x.getX500NameArray("30...") →
 [[{type:"C",value:"US",ds:"prn"}],
  [{type:"O",value:"Sample Corp.",ds:"utf8"}],
  [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]]
    @@ -5443,7 +5658,7 @@

    Since:
    -
    jsrsasign 9.0.0 x509 2.0.0
    +
    jsrsasign 10.0.6 x509 2.0.9
    diff --git a/api/symbols/X509CRL.html b/api/symbols/X509CRL.html index 14202487..2d0da640 100644 --- a/api/symbols/X509CRL.html +++ b/api/symbols/X509CRL.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • @@ -900,7 +904,8 @@ 

    crl = new X509CRL("-----BEGIN X509 CRL...");
 x.getIssuer() →
-{ array: [[{type:'C',value:'JP',ds:'prn'}],...] }
    +{ array: [[{type:'C',value:'JP',ds:'prn'}],...], + str: "/C=JP/..." } @@ -923,6 +928,8 @@

    X509#getIssuer
    +
    X509#getX500Name
    +
    KJUR.asn1.x509.X500Name
    diff --git a/api/symbols/global__.html b/api/symbols/global__.html index 6410e1b9..14eff7e6 100644 --- a/api/symbols/global__.html +++ b/api/symbols/global__.html @@ -235,6 +235,8 @@

    Classes

  • KJUR.asn1.cms.CertificateSet
    • +
  • KJUR.asn1.cms.CMSParser
    • +
  • KJUR.asn1.cms.CMSUtil
  • KJUR.asn1.cms.ContentInfo
    • @@ -381,6 +383,8 @@

    Classes

  • KJUR.asn1.tsp.TimeStampToken
    • +
  • KJUR.asn1.tsp.TSPParser
    • +
  • KJUR.asn1.tsp.TSPUtil
  • KJUR.asn1.tsp.TSTInfo
    • @@ -721,6 +725,17 @@

    + +   + +
    hextooid(h) +
    +
    get oid string from hexadecimal value of object identifier
    +This static method converts from hexadecimal object identifier value +to dot noted OID value (ex.
    + + +   @@ -801,6 +816,15 @@

    + + <static>   + +
    ishex(s) +
    +
    check whether a string is an hexadecimal string or not
    + + +   @@ -821,6 +845,16 @@

    + +   + +
    oidtohex(oidString) +
    +
    get hexadecimal value of object identifier from dot noted oid value +This static method converts from object identifier value string.
    + + +   @@ -931,6 +965,15 @@

    + +   + +
    spad(s, len, padchar) +
    +
    string padding
    + + +   @@ -2072,6 +2115,76 @@

    +
    + + +
    + + {String} + hextooid(h) + +
    +
    + get oid string from hexadecimal value of object identifier
    +This static method converts from hexadecimal object identifier value +to dot noted OID value (ex. "1.2.3.4"). +oidtohex is a reverse function of this. + +
    + Defined in: base64x-1.1.js. + + +
    + + + + 
    hextooid("550406") → "2.5.4.6"
    + + + + +
    +
    Parameters:
    + +
    + {String} h + +
    +
    hexadecimal value of object identifier
    + +
    + + + +
    +
    Since:
    +
    jsrsasign 10.1.0 base64x 1.1.18
    +
    + + + + +
    +
    Returns:
    + +
    {String} dot noted string of object identifier (ex. "1.2.3.4")
    + +
    + + + +
    +
    See:
    + +
    oidtohex
    + +
    ASN1HEX.hextooidstr
    + +
    KJUR.asn1.ASN1Util.oidIntToHex
    + +
    + +
    @@ -2551,6 +2664,66 @@

    +
    + + +
    <static> + + {Boolean} + ishex(s) + +
    +
    + check whether a string is an hexadecimal string or not
    + +
    + Defined in: base64x-1.1.js. + + +
    + + + + 
    ishex("1234") → true
+ishex("12ab") → true
+ishex("12AB") → true
+ishex("12ZY") → false
+ishex("121") → false -- odd length
    + + + + +
    +
    Parameters:
    + +
    + {String} s + +
    +
    input string
    + +
    + + + +
    +
    Since:
    +
    base64x 1.1.7 jsrsasign 5.0.13
    +
    + + + + +
    +
    Returns:
    + +
    {Boolean} true if a string "s" is an hexadecimal string otherwise false
    + +
    + + + +
    @@ -2645,6 +2818,76 @@

    +
    + + +
    + + {String} + oidtohex(oidString) + +
    +
    + get hexadecimal value of object identifier from dot noted oid value +This static method converts from object identifier value string. +to hexadecimal string representation of it. +hextooid is a reverse function of this. + +
    + Defined in: base64x-1.1.js. + + +
    + + + + 
    oidtohex("2.5.4.6") → "550406"
    + + + + +
    +
    Parameters:
    + +
    + {String} oidString + +
    +
    dot noted string of object identifier
    + +
    + + + +
    +
    Since:
    +
    jsrsasign 10.1.0 base64x 1.1.18
    +
    + + + + +
    +
    Returns:
    + +
    {String} hexadecimal value of object identifier
    + +
    + + + +
    +
    See:
    + +
    hextooid
    + +
    ASN1HEX.hextooidstr
    + +
    KJUR.asn1.ASN1Util.oidIntToHex
    + +
    + +
    @@ -3248,6 +3491,76 @@

    +
    + + +
    + + {String} + spad(s, len, padchar) + +
    +
    + string padding
    + +
    + Defined in: base64x-1.1.js. + + +
    + + + + 
    strpad("1234", 10, "0") → "0000001234"
+strpad("1234", 10, " ") → "      1234"
+strpad("1234", 10)      → "0000001234"
    + + + + +
    +
    Parameters:
    + +
    + {String} s + +
    +
    input string
    + +
    + {Number} len + +
    +
    output string length
    + +
    + {String} padchar + +
    +
    padding character (default is "0")
    + +
    + + + +
    +
    Since:
    +
    jsrsasign 10.1.0 base64x 1.1.18
    +
    + + + + +
    +
    Returns:
    + +
    {String} padded string
    + +
    + + + +
    diff --git a/api/symbols/src/asn1-1.0.js.html b/api/symbols/src/asn1-1.0.js.html index cbf54a77..759588d0 100644 --- a/api/symbols/src/asn1-1.0.js.html +++ b/api/symbols/src/asn1-1.0.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
      1 /* asn1-1.0.20.js (c) 2013-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
      1 /* asn1-1.0.21.js (c) 2013-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * asn1.js - ASN.1 DER encoder classes
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1-1.0.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 10.0.1 asn1 1.0.20 (2020-Oct-11)
+ 19  * @version jsrsasign 10.1.0 asn1 1.0.21 (2020-Nov-18)
  20  * @since jsrsasign 2.1
  21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -375,7 +375,7 @@
 368 };
 369 
 370 /**
-371  * get hexadecimal value of object identifier from dot noted oid value
+371  * get hexadecimal value of object identifier from dot noted oid value (DEPRECATED)
 372  * @name oidIntToHex
 373  * @memberOf KJUR.asn1.ASN1Util
 374  * @function
@@ -383,1414 +383,1388 @@
 376  * @return {String} hexadecimal value of object identifier
 377  * @since jsrsasign 4.8.3 asn1 1.0.7
 378  * @see {@link ASN1HEX.hextooidstr}
-379  * @description
-380  * This static method converts from object identifier value string.
-381  * to hexadecimal string representation of it.
-382  * {@link ASN1HEX.hextooidstr} is a reverse function of this.
-383  * @example
-384  * KJUR.asn1.ASN1Util.oidIntToHex("2.5.4.6") → "550406"
-385  */
-386 KJUR.asn1.ASN1Util.oidIntToHex = function(oidString) {
-387     var itox = function(i) {
-388         var h = i.toString(16);
-389         if (h.length == 1) h = '0' + h;
-390         return h;
-391     };
-392 
-393     var roidtox = function(roid) {
-394         var h = '';
-395         var bi = new BigInteger(roid, 10);
-396         var b = bi.toString(2);
-397         var padLen = 7 - b.length % 7;
-398         if (padLen == 7) padLen = 0;
-399         var bPad = '';
-400         for (var i = 0; i < padLen; i++) bPad += '0';
-401         b = bPad + b;
-402         for (var i = 0; i < b.length - 1; i += 7) {
-403             var b8 = b.substr(i, 7);
-404             if (i != b.length - 7) b8 = '1' + b8;
-405             h += itox(parseInt(b8, 2));
-406         }
-407         return h;
-408     };
-409     
-410     if (! oidString.match(/^[0-9.]+$/)) {
-411         throw "malformed oid string: " + oidString;
-412     }
-413     var h = '';
-414     var a = oidString.split('.');
-415     var i0 = parseInt(a[0]) * 40 + parseInt(a[1]);
-416     h += itox(i0);
-417     a.splice(0, 2);
-418     for (var i = 0; i < a.length; i++) {
-419         h += roidtox(a[i]);
-420     }
-421     return h;
-422 };
-423 
-424 
-425 // ********************************************************************
-426 //  Abstract ASN.1 Classes
+379  * @deprecated from jsrsasign 10.0.6. please use {@link oidtohex}
+380  *
+381  * @description
+382  * This static method converts from object identifier value string.
+383  * to hexadecimal string representation of it.
+384  * {@link ASN1HEX.hextooidstr} is a reverse function of this.
+385  * @example
+386  * KJUR.asn1.ASN1Util.oidIntToHex("2.5.4.6") → "550406"
+387  */
+388 KJUR.asn1.ASN1Util.oidIntToHex = function(oidString) {
+389     var itox = function(i) {
+390         var h = i.toString(16);
+391         if (h.length == 1) h = '0' + h;
+392         return h;
+393     };
+394 
+395     var roidtox = function(roid) {
+396         var h = '';
+397         var bi = new BigInteger(roid, 10);
+398         var b = bi.toString(2);
+399         var padLen = 7 - b.length % 7;
+400         if (padLen == 7) padLen = 0;
+401         var bPad = '';
+402         for (var i = 0; i < padLen; i++) bPad += '0';
+403         b = bPad + b;
+404         for (var i = 0; i < b.length - 1; i += 7) {
+405             var b8 = b.substr(i, 7);
+406             if (i != b.length - 7) b8 = '1' + b8;
+407             h += itox(parseInt(b8, 2));
+408         }
+409         return h;
+410     };
+411     
+412     if (! oidString.match(/^[0-9.]+$/)) {
+413         throw "malformed oid string: " + oidString;
+414     }
+415     var h = '';
+416     var a = oidString.split('.');
+417     var i0 = parseInt(a[0]) * 40 + parseInt(a[1]);
+418     h += itox(i0);
+419     a.splice(0, 2);
+420     for (var i = 0; i < a.length; i++) {
+421         h += roidtox(a[i]);
+422     }
+423     return h;
+424 };
+425 
+426 
 427 // ********************************************************************
-428 
+428 //  Abstract ASN.1 Classes
 429 // ********************************************************************
 430 
-431 /**
-432  * base class for ASN.1 DER encoder object<br/>
-433  * @name KJUR.asn1.ASN1Object
-434  * @class base class for ASN.1 DER encoder object
-435  * @param {Array} params JSON object parameter for constructor
-436  * @property {Boolean} isModified flag whether internal data was changed
-437  * @property {Array} params JSON object parameter for ASN.1 encode
-438  * @property {String} hTLV hexadecimal string of ASN.1 TLV
-439  * @property {String} hT hexadecimal string of ASN.1 TLV tag(T)
-440  * @property {String} hL hexadecimal string of ASN.1 TLV length(L)
-441  * @property {String} hV hexadecimal string of ASN.1 TLV value(V)
-442  *
-443  * @description
-444  * This class is ASN.1 DER object encode base class.
-445  * 
-446  * @example
-447  * new KJUR.asn1.ASN1Object({tlv: "030101"})
-448  */
-449 KJUR.asn1.ASN1Object = function(params) {
-450     var isModified = true;
-451     var hTLV = null;
-452     var hT = '00';
-453     var hL = '00';
-454     var hV = '';
-455     this.params = null;
-456 
-457     /**
-458      * get hexadecimal ASN.1 TLV length(L) bytes from TLV value(V)<br/>
-459      * @name getLengthHexFromValue
-460      * @memberOf KJUR.asn1.ASN1Object#
-461      * @function
-462      * @return {String} hexadecimal string of ASN.1 TLV length(L)
-463      */
-464     this.getLengthHexFromValue = function() {
-465         if (typeof this.hV == "undefined" || this.hV == null) {
-466             throw new Error("this.hV is null or undefined");
-467         }
-468         if (this.hV.length % 2 == 1) {
-469             throw new Error("value hex must be even length: n=" +
-470 			    hV.length + ",v=" + this.hV);
-471         }
-472         var n = this.hV.length / 2;
-473         var hN = n.toString(16);
-474         if (hN.length % 2 == 1) {
-475             hN = "0" + hN;
-476         }
-477         if (n < 128) {
-478             return hN;
-479         } else {
-480             var hNlen = hN.length / 2;
-481             if (hNlen > 15) {
-482                 throw "ASN.1 length too long to represent by 8x: n = " + n.toString(16);
-483             }
-484             var head = 128 + hNlen;
-485             return head.toString(16) + hN;
-486         }
-487     };
-488 
-489     /**
-490      * get hexadecimal string of ASN.1 TLV bytes
-491      * @name getEncodedHex
-492      * @memberOf KJUR.asn1.ASN1Object#
-493      * @function
-494      * @return {String} hexadecimal string of ASN.1 TLV
-495      */
-496     this.getEncodedHex = function() {
-497         if (this.hTLV == null || this.isModified) {
-498             this.hV = this.getFreshValueHex();
-499             this.hL = this.getLengthHexFromValue();
-500             this.hTLV = this.hT + this.hL + this.hV;
-501             this.isModified = false;
-502             //alert("first time: " + this.hTLV);
-503         }
-504         return this.hTLV;
-505     };
-506 
-507     /**
-508      * get hexadecimal string of ASN.1 TLV value(V) bytes
-509      * @name getValueHex
-510      * @memberOf KJUR.asn1.ASN1Object#
-511      * @function
-512      * @return {String} hexadecimal string of ASN.1 TLV value(V) bytes
-513      */
-514     this.getValueHex = function() {
-515         this.getEncodedHex();
-516         return this.hV;
-517     }
-518 
-519     this.getFreshValueHex = function() {
-520         return '';
-521     };
-522 
-523     this.setByParam = function(params) {
-524 	this.params = params;
-525     };
-526 
-527     if (params != undefined) {
-528 	if (params.tlv != undefined) {
-529 	    this.hTLV = params.tlv;
-530 	    this.isModified = false;
-531 	}
-532     }
-533 };
-534 
-535 // == BEGIN DERAbstractString ================================================
-536 /**
-537  * base class for ASN.1 DER string classes
-538  * @name KJUR.asn1.DERAbstractString
-539  * @class base class for ASN.1 DER string classes
-540  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-541  * @property {String} s internal string of value
-542  * @extends KJUR.asn1.ASN1Object
-543  * @description
-544  * <br/>
-545  * As for argument 'params' for constructor, you can specify one of
-546  * following properties:
-547  * <ul>
-548  * <li>str - specify initial ASN.1 value(V) by a string</li>
-549  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
-550  * </ul>
-551  * NOTE: 'params' can be omitted.
-552  */
-553 KJUR.asn1.DERAbstractString = function(params) {
-554     KJUR.asn1.DERAbstractString.superclass.constructor.call(this);
-555     var s = null;
-556     var hV = null;
-557 
-558     /**
-559      * get string value of this string object
-560      * @name getString
-561      * @memberOf KJUR.asn1.DERAbstractString#
-562      * @function
-563      * @return {String} string value of this string object
-564      */
-565     this.getString = function() {
-566         return this.s;
-567     };
-568 
-569     /**
-570      * set value by a string
-571      * @name setString
-572      * @memberOf KJUR.asn1.DERAbstractString#
-573      * @function
-574      * @param {String} newS value by a string to set
-575      * @description
-576      * This method set value by string. <br/>
-577      * NOTE: This method assumes that the argument string is
-578      * UTF-8 encoded even though ASN.1 primitive 
-579      * such as IA5String or PrintableString doesn't
-580      * support all of UTF-8 characters.
-581      * @example
-582      * o = new KJUR.asn1.DERIA5String();
-583      * o.setString("abc");
-584      * o.setString("あいう");
-585      */
-586     this.setString = function(newS) {
-587         this.hTLV = null;
-588         this.isModified = true;
-589         this.s = newS;
-590         this.hV = utf8tohex(this.s).toLowerCase();
-591     };
-592 
-593     /**
-594      * set value by a hexadecimal string
-595      * @name setStringHex
-596      * @memberOf KJUR.asn1.DERAbstractString#
-597      * @function
-598      * @param {String} newHexString value by a hexadecimal string to set
-599      */
-600     this.setStringHex = function(newHexString) {
-601         this.hTLV = null;
-602         this.isModified = true;
-603         this.s = null;
-604         this.hV = newHexString;
-605     };
-606 
-607     this.getFreshValueHex = function() {
-608         return this.hV;
-609     };
-610 
-611     if (typeof params != "undefined") {
-612         if (typeof params == "string") {
-613             this.setString(params);
-614         } else if (typeof params['str'] != "undefined") {
-615             this.setString(params['str']);
-616         } else if (typeof params['hex'] != "undefined") {
-617             this.setStringHex(params['hex']);
-618         }
-619     }
-620 };
-621 YAHOO.lang.extend(KJUR.asn1.DERAbstractString, KJUR.asn1.ASN1Object);
-622 // == END   DERAbstractString ================================================
-623 
-624 // == BEGIN DERAbstractTime ==================================================
-625 /**
-626  * base class for ASN.1 DER Generalized/UTCTime class
-627  * @name KJUR.asn1.DERAbstractTime
-628  * @class base class for ASN.1 DER Generalized/UTCTime class
-629  * @param {Array} params associative array of parameters (ex. {'str': '130430235959Z'})
-630  * @extends KJUR.asn1.ASN1Object
-631  * @description
-632  * @see KJUR.asn1.ASN1Object - superclass
-633  */
-634 KJUR.asn1.DERAbstractTime = function(params) {
-635     KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);
-636     var s = null;
-637     var date = null;
-638 
-639     // --- PRIVATE METHODS --------------------
-640     this.localDateToUTC = function(d) {
-641         var utc = d.getTime() + (d.getTimezoneOffset() * 60000);
-642         var utcDate = new Date(utc);
-643         return utcDate;
-644     };
-645 
-646     /*
-647      * format date string by Data object
-648      * @name formatDate
-649      * @memberOf KJUR.asn1.AbstractTime;
-650      * @param {Date} dateObject 
-651      * @param {string} type 'utc' or 'gen'
-652      * @param {boolean} withMillis flag for with millisections or not
-653      * @description
-654      * 'withMillis' flag is supported from asn1 1.0.6.
-655      */
-656     this.formatDate = function(dateObject, type, withMillis) {
-657         var pad = this.zeroPadding;
-658         var d = this.localDateToUTC(dateObject);
-659         var year = String(d.getFullYear());
-660         if (type == 'utc') year = year.substr(2, 2);
-661         var month = pad(String(d.getMonth() + 1), 2);
-662         var day = pad(String(d.getDate()), 2);
-663         var hour = pad(String(d.getHours()), 2);
-664         var min = pad(String(d.getMinutes()), 2);
-665         var sec = pad(String(d.getSeconds()), 2);
-666         var s = year + month + day + hour + min + sec;
-667         if (withMillis === true) {
-668             var millis = d.getMilliseconds();
-669             if (millis != 0) {
-670                 var sMillis = pad(String(millis), 3);
-671                 sMillis = sMillis.replace(/[0]+$/, "");
-672                 s = s + "." + sMillis;
-673             }
-674         }
-675         return s + "Z";
-676     };
-677 
-678     this.zeroPadding = function(s, len) {
-679         if (s.length >= len) return s;
-680         return new Array(len - s.length + 1).join('0') + s;
-681     };
-682 
-683     // --- PUBLIC METHODS --------------------
-684     /**
-685      * get string value of this string object
-686      * @name getString
-687      * @memberOf KJUR.asn1.DERAbstractTime#
-688      * @function
-689      * @return {String} string value of this time object
-690      */
-691     this.getString = function() {
-692         return this.s;
-693     };
-694 
-695     /**
-696      * set value by a string
-697      * @name setString
-698      * @memberOf KJUR.asn1.DERAbstractTime#
-699      * @function
-700      * @param {String} newS value by a string to set such like "130430235959Z"
-701      */
-702     this.setString = function(newS) {
-703         this.hTLV = null;
-704         this.isModified = true;
-705         this.s = newS;
-706         this.hV = stohex(newS);
-707     };
-708 
-709     /**
-710      * set value by a Date object
-711      * @name setByDateValue
-712      * @memberOf KJUR.asn1.DERAbstractTime#
-713      * @function
-714      * @param {Integer} year year of date (ex. 2013)
-715      * @param {Integer} month month of date between 1 and 12 (ex. 12)
-716      * @param {Integer} day day of month
-717      * @param {Integer} hour hours of date
-718      * @param {Integer} min minutes of date
-719      * @param {Integer} sec seconds of date
-720      */
-721     this.setByDateValue = function(year, month, day, hour, min, sec) {
-722         var dateObject = new Date(Date.UTC(year, month - 1, day, hour, min, sec, 0));
-723         this.setByDate(dateObject);
-724     };
-725 
-726     this.getFreshValueHex = function() {
-727         return this.hV;
-728     };
-729 };
-730 YAHOO.lang.extend(KJUR.asn1.DERAbstractTime, KJUR.asn1.ASN1Object);
-731 // == END   DERAbstractTime ==================================================
-732 
-733 // == BEGIN DERAbstractStructured ============================================
-734 /**
-735  * base class for ASN.1 DER structured class
-736  * @name KJUR.asn1.DERAbstractStructured
-737  * @class base class for ASN.1 DER structured class
-738  * @property {Array} asn1Array internal array of ASN1Object
-739  * @extends KJUR.asn1.ASN1Object
-740  * @description
-741  * @see KJUR.asn1.ASN1Object - superclass
-742  */
-743 KJUR.asn1.DERAbstractStructured = function(params) {
-744     KJUR.asn1.DERAbstractString.superclass.constructor.call(this);
-745     var asn1Array = null;
-746 
-747     /**
-748      * set value by array of ASN1Object
-749      * @name setByASN1ObjectArray
-750      * @memberOf KJUR.asn1.DERAbstractStructured#
-751      * @function
-752      * @param {array} asn1ObjectArray array of ASN1Object to set
-753      */
-754     this.setByASN1ObjectArray = function(asn1ObjectArray) {
-755         this.hTLV = null;
-756         this.isModified = true;
-757         this.asn1Array = asn1ObjectArray;
-758     };
-759 
-760     /**
-761      * append an ASN1Object to internal array
-762      * @name appendASN1Object
-763      * @memberOf KJUR.asn1.DERAbstractStructured#
-764      * @function
-765      * @param {ASN1Object} asn1Object to add
-766      */
-767     this.appendASN1Object = function(asn1Object) {
-768         this.hTLV = null;
-769         this.isModified = true;
-770         this.asn1Array.push(asn1Object);
-771     };
-772 
-773     this.asn1Array = new Array();
-774     if (typeof params != "undefined") {
-775         if (typeof params['array'] != "undefined") {
-776             this.asn1Array = params['array'];
-777         }
-778     }
-779 };
-780 YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured, KJUR.asn1.ASN1Object);
-781 
-782 
-783 // ********************************************************************
-784 //  ASN.1 Object Classes
+431 // ********************************************************************
+432 
+433 /**
+434  * base class for ASN.1 DER encoder object<br/>
+435  * @name KJUR.asn1.ASN1Object
+436  * @class base class for ASN.1 DER encoder object
+437  * @param {Array} params JSON object parameter for constructor
+438  * @property {Boolean} isModified flag whether internal data was changed
+439  * @property {Array} params JSON object parameter for ASN.1 encode
+440  * @property {String} hTLV hexadecimal string of ASN.1 TLV
+441  * @property {String} hT hexadecimal string of ASN.1 TLV tag(T)
+442  * @property {String} hL hexadecimal string of ASN.1 TLV length(L)
+443  * @property {String} hV hexadecimal string of ASN.1 TLV value(V)
+444  *
+445  * @description
+446  * This class is ASN.1 DER object encode base class.
+447  * 
+448  * @example
+449  * new KJUR.asn1.ASN1Object({tlv: "030101"})
+450  */
+451 KJUR.asn1.ASN1Object = function(params) {
+452     var isModified = true;
+453     var hTLV = null;
+454     var hT = '00';
+455     var hL = '00';
+456     var hV = '';
+457     this.params = null;
+458 
+459     /**
+460      * get hexadecimal ASN.1 TLV length(L) bytes from TLV value(V)<br/>
+461      * @name getLengthHexFromValue
+462      * @memberOf KJUR.asn1.ASN1Object#
+463      * @function
+464      * @return {String} hexadecimal string of ASN.1 TLV length(L)
+465      */
+466     this.getLengthHexFromValue = function() {
+467         if (typeof this.hV == "undefined" || this.hV == null) {
+468             throw new Error("this.hV is null or undefined");
+469         }
+470         if (this.hV.length % 2 == 1) {
+471             throw new Error("value hex must be even length: n=" +
+472 			    hV.length + ",v=" + this.hV);
+473         }
+474         var n = this.hV.length / 2;
+475         var hN = n.toString(16);
+476         if (hN.length % 2 == 1) {
+477             hN = "0" + hN;
+478         }
+479         if (n < 128) {
+480             return hN;
+481         } else {
+482             var hNlen = hN.length / 2;
+483             if (hNlen > 15) {
+484                 throw "ASN.1 length too long to represent by 8x: n = " + n.toString(16);
+485             }
+486             var head = 128 + hNlen;
+487             return head.toString(16) + hN;
+488         }
+489     };
+490 
+491     /**
+492      * get hexadecimal string of ASN.1 TLV bytes
+493      * @name getEncodedHex
+494      * @memberOf KJUR.asn1.ASN1Object#
+495      * @function
+496      * @return {String} hexadecimal string of ASN.1 TLV
+497      */
+498     this.getEncodedHex = function() {
+499         if (this.hTLV == null || this.isModified) {
+500             this.hV = this.getFreshValueHex();
+501             this.hL = this.getLengthHexFromValue();
+502             this.hTLV = this.hT + this.hL + this.hV;
+503             this.isModified = false;
+504             //alert("first time: " + this.hTLV);
+505         }
+506         return this.hTLV;
+507     };
+508 
+509     /**
+510      * get hexadecimal string of ASN.1 TLV value(V) bytes
+511      * @name getValueHex
+512      * @memberOf KJUR.asn1.ASN1Object#
+513      * @function
+514      * @return {String} hexadecimal string of ASN.1 TLV value(V) bytes
+515      */
+516     this.getValueHex = function() {
+517         this.getEncodedHex();
+518         return this.hV;
+519     }
+520 
+521     this.getFreshValueHex = function() {
+522         return '';
+523     };
+524 
+525     this.setByParam = function(params) {
+526 	this.params = params;
+527     };
+528 
+529     if (params != undefined) {
+530 	if (params.tlv != undefined) {
+531 	    this.hTLV = params.tlv;
+532 	    this.isModified = false;
+533 	}
+534     }
+535 };
+536 
+537 // == BEGIN DERAbstractString ================================================
+538 /**
+539  * base class for ASN.1 DER string classes
+540  * @name KJUR.asn1.DERAbstractString
+541  * @class base class for ASN.1 DER string classes
+542  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+543  * @property {String} s internal string of value
+544  * @extends KJUR.asn1.ASN1Object
+545  * @description
+546  * <br/>
+547  * As for argument 'params' for constructor, you can specify one of
+548  * following properties:
+549  * <ul>
+550  * <li>str - specify initial ASN.1 value(V) by a string</li>
+551  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
+552  * </ul>
+553  * NOTE: 'params' can be omitted.
+554  */
+555 KJUR.asn1.DERAbstractString = function(params) {
+556     KJUR.asn1.DERAbstractString.superclass.constructor.call(this);
+557     var s = null;
+558     var hV = null;
+559 
+560     /**
+561      * get string value of this string object
+562      * @name getString
+563      * @memberOf KJUR.asn1.DERAbstractString#
+564      * @function
+565      * @return {String} string value of this string object
+566      */
+567     this.getString = function() {
+568         return this.s;
+569     };
+570 
+571     /**
+572      * set value by a string
+573      * @name setString
+574      * @memberOf KJUR.asn1.DERAbstractString#
+575      * @function
+576      * @param {String} newS value by a string to set
+577      * @description
+578      * This method set value by string. <br/>
+579      * NOTE: This method assumes that the argument string is
+580      * UTF-8 encoded even though ASN.1 primitive 
+581      * such as IA5String or PrintableString doesn't
+582      * support all of UTF-8 characters.
+583      * @example
+584      * o = new KJUR.asn1.DERIA5String();
+585      * o.setString("abc");
+586      * o.setString("あいう");
+587      */
+588     this.setString = function(newS) {
+589         this.hTLV = null;
+590         this.isModified = true;
+591         this.s = newS;
+592         this.hV = utf8tohex(this.s).toLowerCase();
+593     };
+594 
+595     /**
+596      * set value by a hexadecimal string
+597      * @name setStringHex
+598      * @memberOf KJUR.asn1.DERAbstractString#
+599      * @function
+600      * @param {String} newHexString value by a hexadecimal string to set
+601      */
+602     this.setStringHex = function(newHexString) {
+603         this.hTLV = null;
+604         this.isModified = true;
+605         this.s = null;
+606         this.hV = newHexString;
+607     };
+608 
+609     this.getFreshValueHex = function() {
+610         return this.hV;
+611     };
+612 
+613     if (typeof params != "undefined") {
+614         if (typeof params == "string") {
+615             this.setString(params);
+616         } else if (typeof params['str'] != "undefined") {
+617             this.setString(params['str']);
+618         } else if (typeof params['hex'] != "undefined") {
+619             this.setStringHex(params['hex']);
+620         }
+621     }
+622 };
+623 YAHOO.lang.extend(KJUR.asn1.DERAbstractString, KJUR.asn1.ASN1Object);
+624 // == END   DERAbstractString ================================================
+625 
+626 // == BEGIN DERAbstractTime ==================================================
+627 /**
+628  * base class for ASN.1 DER Generalized/UTCTime class
+629  * @name KJUR.asn1.DERAbstractTime
+630  * @class base class for ASN.1 DER Generalized/UTCTime class
+631  * @param {Array} params associative array of parameters (ex. {'str': '130430235959Z'})
+632  * @extends KJUR.asn1.ASN1Object
+633  * @description
+634  * @see KJUR.asn1.ASN1Object - superclass
+635  */
+636 KJUR.asn1.DERAbstractTime = function(params) {
+637     KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);
+638     var s = null;
+639     var date = null;
+640 
+641     // --- PRIVATE METHODS --------------------
+642     this.localDateToUTC = function(d) {
+643         var utc = d.getTime() + (d.getTimezoneOffset() * 60000);
+644         var utcDate = new Date(utc);
+645         return utcDate;
+646     };
+647 
+648     /*
+649      * format date string by Data object
+650      * @name formatDate
+651      * @memberOf KJUR.asn1.AbstractTime;
+652      * @param {Date} dateObject 
+653      * @param {string} type 'utc' or 'gen'
+654      * @param {boolean} withMillis flag for with millisections or not
+655      * @description
+656      * 'withMillis' flag is supported from asn1 1.0.6.
+657      */
+658     this.formatDate = function(dateObject, type, withMillis) {
+659         var pad = this.zeroPadding;
+660         var d = this.localDateToUTC(dateObject);
+661         var year = String(d.getFullYear());
+662         if (type == 'utc') year = year.substr(2, 2);
+663         var month = pad(String(d.getMonth() + 1), 2);
+664         var day = pad(String(d.getDate()), 2);
+665         var hour = pad(String(d.getHours()), 2);
+666         var min = pad(String(d.getMinutes()), 2);
+667         var sec = pad(String(d.getSeconds()), 2);
+668         var s = year + month + day + hour + min + sec;
+669         if (withMillis === true) {
+670             var millis = d.getMilliseconds();
+671             if (millis != 0) {
+672                 var sMillis = pad(String(millis), 3);
+673                 sMillis = sMillis.replace(/[0]+$/, "");
+674                 s = s + "." + sMillis;
+675             }
+676         }
+677         return s + "Z";
+678     };
+679 
+680     this.zeroPadding = function(s, len) {
+681         if (s.length >= len) return s;
+682         return new Array(len - s.length + 1).join('0') + s;
+683     };
+684 
+685     // --- PUBLIC METHODS --------------------
+686     /**
+687      * get string value of this string object
+688      * @name getString
+689      * @memberOf KJUR.asn1.DERAbstractTime#
+690      * @function
+691      * @return {String} string value of this time object
+692      */
+693     this.getString = function() {
+694         return this.s;
+695     };
+696 
+697     /**
+698      * set value by a string
+699      * @name setString
+700      * @memberOf KJUR.asn1.DERAbstractTime#
+701      * @function
+702      * @param {String} newS value by a string to set such like "130430235959Z"
+703      */
+704     this.setString = function(newS) {
+705         this.hTLV = null;
+706         this.isModified = true;
+707         this.s = newS;
+708         this.hV = stohex(newS);
+709     };
+710 
+711     /**
+712      * set value by a Date object
+713      * @name setByDateValue
+714      * @memberOf KJUR.asn1.DERAbstractTime#
+715      * @function
+716      * @param {Integer} year year of date (ex. 2013)
+717      * @param {Integer} month month of date between 1 and 12 (ex. 12)
+718      * @param {Integer} day day of month
+719      * @param {Integer} hour hours of date
+720      * @param {Integer} min minutes of date
+721      * @param {Integer} sec seconds of date
+722      */
+723     this.setByDateValue = function(year, month, day, hour, min, sec) {
+724         var dateObject = new Date(Date.UTC(year, month - 1, day, hour, min, sec, 0));
+725         this.setByDate(dateObject);
+726     };
+727 
+728     this.getFreshValueHex = function() {
+729         return this.hV;
+730     };
+731 };
+732 YAHOO.lang.extend(KJUR.asn1.DERAbstractTime, KJUR.asn1.ASN1Object);
+733 // == END   DERAbstractTime ==================================================
+734 
+735 // == BEGIN DERAbstractStructured ============================================
+736 /**
+737  * base class for ASN.1 DER structured class
+738  * @name KJUR.asn1.DERAbstractStructured
+739  * @class base class for ASN.1 DER structured class
+740  * @property {Array} asn1Array internal array of ASN1Object
+741  * @extends KJUR.asn1.ASN1Object
+742  * @description
+743  * @see KJUR.asn1.ASN1Object - superclass
+744  */
+745 KJUR.asn1.DERAbstractStructured = function(params) {
+746     KJUR.asn1.DERAbstractString.superclass.constructor.call(this);
+747     var asn1Array = null;
+748 
+749     /**
+750      * set value by array of ASN1Object
+751      * @name setByASN1ObjectArray
+752      * @memberOf KJUR.asn1.DERAbstractStructured#
+753      * @function
+754      * @param {array} asn1ObjectArray array of ASN1Object to set
+755      */
+756     this.setByASN1ObjectArray = function(asn1ObjectArray) {
+757         this.hTLV = null;
+758         this.isModified = true;
+759         this.asn1Array = asn1ObjectArray;
+760     };
+761 
+762     /**
+763      * append an ASN1Object to internal array
+764      * @name appendASN1Object
+765      * @memberOf KJUR.asn1.DERAbstractStructured#
+766      * @function
+767      * @param {ASN1Object} asn1Object to add
+768      */
+769     this.appendASN1Object = function(asn1Object) {
+770         this.hTLV = null;
+771         this.isModified = true;
+772         this.asn1Array.push(asn1Object);
+773     };
+774 
+775     this.asn1Array = new Array();
+776     if (typeof params != "undefined") {
+777         if (typeof params['array'] != "undefined") {
+778             this.asn1Array = params['array'];
+779         }
+780     }
+781 };
+782 YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured, KJUR.asn1.ASN1Object);
+783 
+784 
 785 // ********************************************************************
-786 
+786 //  ASN.1 Object Classes
 787 // ********************************************************************
-788 /**
-789  * class for ASN.1 DER Boolean
-790  * @name KJUR.asn1.DERBoolean
-791  * @class class for ASN.1 DER Boolean
-792  * @extends KJUR.asn1.ASN1Object
-793  * @see KJUR.asn1.ASN1Object - superclass
-794  * @description
-795  * In ASN.1 DER, DER Boolean "false" shall be omitted.
-796  * However this supports boolean false for future BER support.
-797  * @example
-798  * new KJUR.asn1.DERBoolean(true)
-799  * new KJUR.asn1.DERBoolean(false)
-800  */
-801 KJUR.asn1.DERBoolean = function(params) {
-802     KJUR.asn1.DERBoolean.superclass.constructor.call(this);
-803     this.hT = "01";
-804     if (params == false)
-805 	this.hTLV = "010100";
-806     else 
-807 	this.hTLV = "0101ff";
-808 };
-809 YAHOO.lang.extend(KJUR.asn1.DERBoolean, KJUR.asn1.ASN1Object);
-810 
-811 // ********************************************************************
-812 /**
-813  * class for ASN.1 DER Integer
-814  * @name KJUR.asn1.DERInteger
-815  * @class class for ASN.1 DER Integer
-816  * @extends KJUR.asn1.ASN1Object
-817  * @description
-818  * <br/>
-819  * As for argument 'params' for constructor, you can specify one of
-820  * following properties:
-821  * <ul>
-822  * <li>int - specify initial ASN.1 value(V) by integer value</li>
-823  * <li>bigint - specify initial ASN.1 value(V) by BigInteger object</li>
-824  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
-825  * </ul>
-826  * NOTE: 'params' can be omitted.
-827  */
-828 KJUR.asn1.DERInteger = function(params) {
-829     KJUR.asn1.DERInteger.superclass.constructor.call(this);
-830     this.hT = "02";
-831 
-832     /**
-833      * set value by Tom Wu's BigInteger object
-834      * @name setByBigInteger
-835      * @memberOf KJUR.asn1.DERInteger#
-836      * @function
-837      * @param {BigInteger} bigIntegerValue to set
-838      */
-839     this.setByBigInteger = function(bigIntegerValue) {
-840         this.hTLV = null;
-841         this.isModified = true;
-842         this.hV = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(bigIntegerValue);
-843     };
-844 
-845     /**
-846      * set value by integer value
-847      * @name setByInteger
-848      * @memberOf KJUR.asn1.DERInteger
-849      * @function
-850      * @param {Integer} integer value to set
-851      */
-852     this.setByInteger = function(intValue) {
-853         var bi = new BigInteger(String(intValue), 10);
-854         this.setByBigInteger(bi);
-855     };
-856 
-857     /**
-858      * set value by integer value
-859      * @name setValueHex
-860      * @memberOf KJUR.asn1.DERInteger#
-861      * @function
-862      * @param {String} hexadecimal string of integer value
-863      * @description
-864      * <br/>
-865      * NOTE: Value shall be represented by minimum octet length of
-866      * two's complement representation.
-867      * @example
-868      * new KJUR.asn1.DERInteger(123);
-869      * new KJUR.asn1.DERInteger({'int': 123});
-870      * new KJUR.asn1.DERInteger({'hex': '1fad'});
-871      */
-872     this.setValueHex = function(newHexString) {
-873         this.hV = newHexString;
-874     };
-875 
-876     this.getFreshValueHex = function() {
-877         return this.hV;
-878     };
-879 
-880     if (typeof params != "undefined") {
-881         if (typeof params['bigint'] != "undefined") {
-882             this.setByBigInteger(params['bigint']);
-883         } else if (typeof params['int'] != "undefined") {
-884             this.setByInteger(params['int']);
-885         } else if (typeof params == "number") {
-886             this.setByInteger(params);
-887         } else if (typeof params['hex'] != "undefined") {
-888             this.setValueHex(params['hex']);
-889         }
-890     }
-891 };
-892 YAHOO.lang.extend(KJUR.asn1.DERInteger, KJUR.asn1.ASN1Object);
-893 
-894 // ********************************************************************
-895 /**
-896  * class for ASN.1 DER encoded BitString primitive
-897  * @name KJUR.asn1.DERBitString
-898  * @class class for ASN.1 DER encoded BitString primitive
-899  * @extends KJUR.asn1.ASN1Object
-900  * @description 
-901  * <br/>
-902  * As for argument 'params' for constructor, you can specify one of
-903  * following properties:
-904  * <ul>
-905  * <li>bin - specify binary string (ex. '10111')</li>
-906  * <li>array - specify array of boolean (ex. [true,false,true,true])</li>
-907  * <li>hex - specify hexadecimal string of ASN.1 value(V) including unused bits</li>
-908  * <li>obj - specify {@link KJUR.asn1.ASN1Util.newObject} 
-909  * argument for "BitString encapsulates" structure.</li>
-910  * </ul>
-911  * NOTE1: 'params' can be omitted.<br/>
-912  * NOTE2: 'obj' parameter have been supported since
-913  * asn1 1.0.11, jsrsasign 6.1.1 (2016-Sep-25).<br/>
-914  * @example
-915  * // default constructor
-916  * o = new KJUR.asn1.DERBitString();
-917  * // initialize with binary string
-918  * o = new KJUR.asn1.DERBitString({bin: "1011"});
-919  * // initialize with boolean array
-920  * o = new KJUR.asn1.DERBitString({array: [true,false,true,true]});
-921  * // initialize with hexadecimal string (04 is unused bits)
-922  * o = new KJUR.asn1.DEROctetString({hex: "04bac0"});
-923  * // initialize with ASN1Util.newObject argument for encapsulated
-924  * o = new KJUR.asn1.DERBitString({obj: {seq: [{int: 3}, {prnstr: 'aaa'}]}});
-925  * // above generates a ASN.1 data like this:
-926  * // BIT STRING, encapsulates {
-927  * //   SEQUENCE {
-928  * //     INTEGER 3
-929  * //     PrintableString 'aaa'
-930  * //     }
-931  * //   } 
-932  */
-933 KJUR.asn1.DERBitString = function(params) {
-934     if (params !== undefined && typeof params.obj !== "undefined") {
-935 	var o = KJUR.asn1.ASN1Util.newObject(params.obj);
-936 	params.hex = "00" + o.getEncodedHex();
-937     }
-938     KJUR.asn1.DERBitString.superclass.constructor.call(this);
-939     this.hT = "03";
-940 
-941     /**
-942      * set ASN.1 value(V) by a hexadecimal string including unused bits
-943      * @name setHexValueIncludingUnusedBits
-944      * @memberOf KJUR.asn1.DERBitString#
-945      * @function
-946      * @param {String} newHexStringIncludingUnusedBits
-947      */
-948     this.setHexValueIncludingUnusedBits = function(newHexStringIncludingUnusedBits) {
-949         this.hTLV = null;
-950         this.isModified = true;
-951         this.hV = newHexStringIncludingUnusedBits;
-952     };
-953 
-954     /**
-955      * set ASN.1 value(V) by unused bit and hexadecimal string of value
-956      * @name setUnusedBitsAndHexValue
-957      * @memberOf KJUR.asn1.DERBitString#
-958      * @function
-959      * @param {Integer} unusedBits
-960      * @param {String} hValue
-961      */
-962     this.setUnusedBitsAndHexValue = function(unusedBits, hValue) {
-963         if (unusedBits < 0 || 7 < unusedBits) {
-964             throw "unused bits shall be from 0 to 7: u = " + unusedBits;
-965         }
-966         var hUnusedBits = "0" + unusedBits;
-967         this.hTLV = null;
-968         this.isModified = true;
-969         this.hV = hUnusedBits + hValue;
-970     };
-971 
-972     /**
-973      * set ASN.1 DER BitString by binary string<br/>
-974      * @name setByBinaryString
-975      * @memberOf KJUR.asn1.DERBitString#
-976      * @function
-977      * @param {String} binaryString binary value string (i.e. '10111')
-978      * @description
-979      * Its unused bits will be calculated automatically by length of 
-980      * 'binaryValue'. <br/>
-981      * NOTE: Trailing zeros '0' will be ignored.
-982      * @example
-983      * o = new KJUR.asn1.DERBitString();
-984      * o.setByBooleanArray("01011");
-985      */
-986     this.setByBinaryString = function(binaryString) {
-987         binaryString = binaryString.replace(/0+$/, '');
-988         var unusedBits = 8 - binaryString.length % 8;
-989         if (unusedBits == 8) unusedBits = 0;
-990         for (var i = 0; i <= unusedBits; i++) {
-991             binaryString += '0';
-992         }
-993         var h = '';
-994         for (var i = 0; i < binaryString.length - 1; i += 8) {
-995             var b = binaryString.substr(i, 8);
-996             var x = parseInt(b, 2).toString(16);
-997             if (x.length == 1) x = '0' + x;
-998             h += x;  
-999         }
-1000         this.hTLV = null;
-1001         this.isModified = true;
-1002         this.hV = '0' + unusedBits + h;
-1003     };
-1004 
-1005     /**
-1006      * set ASN.1 TLV value(V) by an array of boolean<br/>
-1007      * @name setByBooleanArray
-1008      * @memberOf KJUR.asn1.DERBitString#
-1009      * @function
-1010      * @param {array} booleanArray array of boolean (ex. [true, false, true])
-1011      * @description
-1012      * NOTE: Trailing falses will be ignored in the ASN.1 DER Object.
-1013      * @example
-1014      * o = new KJUR.asn1.DERBitString();
-1015      * o.setByBooleanArray([false, true, false, true, true]);
-1016      */
-1017     this.setByBooleanArray = function(booleanArray) {
-1018         var s = '';
-1019         for (var i = 0; i < booleanArray.length; i++) {
-1020             if (booleanArray[i] == true) {
-1021                 s += '1';
-1022             } else {
-1023                 s += '0';
-1024             }
-1025         }
-1026         this.setByBinaryString(s);
-1027     };
-1028 
-1029     /**
-1030      * generate an array of falses with specified length<br/>
-1031      * @name newFalseArray
-1032      * @memberOf KJUR.asn1.DERBitString
-1033      * @function
-1034      * @param {Integer} nLength length of array to generate
-1035      * @return {array} array of boolean falses
-1036      * @description
-1037      * This static method may be useful to initialize boolean array.
-1038      * @example
-1039      * o = new KJUR.asn1.DERBitString();
-1040      * o.newFalseArray(3) → [false, false, false]
-1041      */
-1042     this.newFalseArray = function(nLength) {
-1043         var a = new Array(nLength);
-1044         for (var i = 0; i < nLength; i++) {
-1045             a[i] = false;
-1046         }
-1047         return a;
-1048     };
-1049 
-1050     this.getFreshValueHex = function() {
-1051         return this.hV;
-1052     };
-1053 
-1054     if (typeof params != "undefined") {
-1055         if (typeof params == "string" && params.toLowerCase().match(/^[0-9a-f]+$/)) {
-1056             this.setHexValueIncludingUnusedBits(params);
-1057         } else if (typeof params['hex'] != "undefined") {
-1058             this.setHexValueIncludingUnusedBits(params['hex']);
-1059         } else if (typeof params['bin'] != "undefined") {
-1060             this.setByBinaryString(params['bin']);
-1061         } else if (typeof params['array'] != "undefined") {
-1062             this.setByBooleanArray(params['array']);
-1063         }
-1064     }
-1065 };
-1066 YAHOO.lang.extend(KJUR.asn1.DERBitString, KJUR.asn1.ASN1Object);
-1067 
-1068 // ********************************************************************
-1069 /**
-1070  * class for ASN.1 DER OctetString<br/>
-1071  * @name KJUR.asn1.DEROctetString
-1072  * @class class for ASN.1 DER OctetString
-1073  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1074  * @extends KJUR.asn1.DERAbstractString
-1075  * @description
-1076  * This class provides ASN.1 OctetString simple type.<br/>
-1077  * Supported "params" attributes are:
-1078  * <ul>
-1079  * <li>str - to set a string as a value</li>
-1080  * <li>hex - to set a hexadecimal string as a value</li>
-1081  * <li>obj - to set a encapsulated ASN.1 value by JSON object 
-1082  * which is defined in {@link KJUR.asn1.ASN1Util.newObject}</li>
-1083  * </ul>
-1084  * NOTE: A parameter 'obj' have been supported 
-1085  * for "OCTET STRING, encapsulates" structure.
-1086  * since asn1 1.0.11, jsrsasign 6.1.1 (2016-Sep-25).
-1087  * @see KJUR.asn1.DERAbstractString - superclass
-1088  * @example
-1089  * // default constructor
-1090  * o = new KJUR.asn1.DEROctetString();
-1091  * // initialize with string
-1092  * o = new KJUR.asn1.DEROctetString({str: "aaa"});
-1093  * // initialize with hexadecimal string
-1094  * o = new KJUR.asn1.DEROctetString({hex: "616161"});
-1095  * // initialize with ASN1Util.newObject argument 
-1096  * o = new KJUR.asn1.DEROctetString({obj: {seq: [{int: 3}, {prnstr: 'aaa'}]}});
-1097  * // above generates a ASN.1 data like this:
-1098  * // OCTET STRING, encapsulates {
-1099  * //   SEQUENCE {
-1100  * //     INTEGER 3
-1101  * //     PrintableString 'aaa'
-1102  * //     }
-1103  * //   } 
-1104  */
-1105 KJUR.asn1.DEROctetString = function(params) {
-1106     if (params !== undefined && typeof params.obj !== "undefined") {
-1107 	var o = KJUR.asn1.ASN1Util.newObject(params.obj);
-1108 	params.hex = o.getEncodedHex();
-1109     }
-1110     KJUR.asn1.DEROctetString.superclass.constructor.call(this, params);
-1111     this.hT = "04";
-1112 };
-1113 YAHOO.lang.extend(KJUR.asn1.DEROctetString, KJUR.asn1.DERAbstractString);
-1114 
-1115 // ********************************************************************
-1116 /**
-1117  * class for ASN.1 DER Null
-1118  * @name KJUR.asn1.DERNull
-1119  * @class class for ASN.1 DER Null
-1120  * @extends KJUR.asn1.ASN1Object
-1121  * @description
-1122  * @see KJUR.asn1.ASN1Object - superclass
-1123  */
-1124 KJUR.asn1.DERNull = function() {
-1125     KJUR.asn1.DERNull.superclass.constructor.call(this);
-1126     this.hT = "05";
-1127     this.hTLV = "0500";
-1128 };
-1129 YAHOO.lang.extend(KJUR.asn1.DERNull, KJUR.asn1.ASN1Object);
-1130 
-1131 // ********************************************************************
-1132 /**
-1133  * class for ASN.1 DER ObjectIdentifier
-1134  * @name KJUR.asn1.DERObjectIdentifier
-1135  * @class class for ASN.1 DER ObjectIdentifier
-1136  * @param {Object} JSON object or string of parameters (ex. {'oid': '2.5.4.5'})
-1137  * @extends KJUR.asn1.ASN1Object
-1138  * @description
-1139  * <br/>
-1140  * As for argument 'params' for constructor, you can specify one of
-1141  * following properties:
-1142  * <ul>
-1143  * <li>oid - specify initial ASN.1 value(V) by a oid string (ex. 2.5.4.13)</li>
-1144  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
-1145  * </ul>
-1146  * NOTE: 'params' can be omitted.
-1147  * @example
-1148  * new DERObjectIdentifier({"name": "sha1"})
-1149  * new DERObjectIdentifier({"oid": "1.2.3.4"})
-1150  * new DERObjectIdentifier({"hex": "2d..."})
-1151  * new DERObjectIdentifier("1.2.3.4")
-1152  * new DERObjectIdentifier("SHA1withRSA")
-1153  */
-1154 KJUR.asn1.DERObjectIdentifier = function(params) {
-1155     var itox = function(i) {
-1156         var h = i.toString(16);
-1157         if (h.length == 1) h = '0' + h;
-1158         return h;
-1159     };
-1160     var roidtox = function(roid) {
-1161         var h = '';
-1162         var bi = new BigInteger(roid, 10);
-1163         var b = bi.toString(2);
-1164         var padLen = 7 - b.length % 7;
-1165         if (padLen == 7) padLen = 0;
-1166         var bPad = '';
-1167         for (var i = 0; i < padLen; i++) bPad += '0';
-1168         b = bPad + b;
-1169         for (var i = 0; i < b.length - 1; i += 7) {
-1170             var b8 = b.substr(i, 7);
-1171             if (i != b.length - 7) b8 = '1' + b8;
-1172             h += itox(parseInt(b8, 2));
-1173         }
-1174         return h;
-1175     }
-1176 
-1177     KJUR.asn1.DERObjectIdentifier.superclass.constructor.call(this);
-1178     this.hT = "06";
-1179 
-1180     /**
-1181      * set value by a hexadecimal string
-1182      * @name setValueHex
-1183      * @memberOf KJUR.asn1.DERObjectIdentifier#
-1184      * @function
-1185      * @param {String} newHexString hexadecimal value of OID bytes
-1186      */
-1187     this.setValueHex = function(newHexString) {
-1188         this.hTLV = null;
-1189         this.isModified = true;
-1190         this.s = null;
-1191         this.hV = newHexString;
-1192     };
-1193 
-1194     /**
-1195      * set value by a OID string<br/>
-1196      * @name setValueOidString
-1197      * @memberOf KJUR.asn1.DERObjectIdentifier#
-1198      * @function
-1199      * @param {String} oidString OID string (ex. 2.5.4.13)
-1200      * @example
-1201      * o = new KJUR.asn1.DERObjectIdentifier();
-1202      * o.setValueOidString("2.5.4.13");
-1203      */
-1204     this.setValueOidString = function(oidString) {
-1205         if (! oidString.match(/^[0-9.]+$/)) {
-1206             throw new Error("malformed oid string: " + oidString);
-1207         }
-1208         var h = '';
-1209         var a = oidString.split('.');
-1210         var i0 = parseInt(a[0]) * 40 + parseInt(a[1]);
-1211         h += itox(i0);
-1212         a.splice(0, 2);
-1213         for (var i = 0; i < a.length; i++) {
-1214             h += roidtox(a[i]);
-1215         }
-1216         this.hTLV = null;
-1217         this.isModified = true;
-1218         this.s = null;
-1219         this.hV = h;
-1220     };
-1221 
-1222     /**
-1223      * set value by a OID name
-1224      * @name setValueName
-1225      * @memberOf KJUR.asn1.DERObjectIdentifier#
-1226      * @function
-1227      * @param {String} oidName OID name (ex. 'serverAuth')
-1228      * @since 1.0.1
-1229      * @description
-1230      * OID name shall be defined in 'KJUR.asn1.x509.OID.name2oidList'.
-1231      * Otherwise raise error.
-1232      * @example
-1233      * o = new KJUR.asn1.DERObjectIdentifier();
-1234      * o.setValueName("serverAuth");
-1235      */
-1236     this.setValueName = function(oidName) {
-1237 	var oid = KJUR.asn1.x509.OID.name2oid(oidName);
-1238 	if (oid !== '') {
-1239             this.setValueOidString(oid);
-1240         } else {
-1241             throw new Error("DERObjectIdentifier oidName undefined: " + oidName);
-1242         }
-1243     };
-1244 
-1245     this.setValueNameOrOid = function(nameOrOid) {
-1246 	if (nameOrOid.match(/^[0-2].[0-9.]+$/)) {
-1247 	    this.setValueOidString(nameOrOid);
-1248 	} else {
-1249 	    this.setValueName(nameOrOid);
-1250 	}
-1251     }
-1252 
-1253     this.getFreshValueHex = function() {
-1254         return this.hV;
-1255     };
-1256 
-1257     this.setByParam = function(params) {
-1258         if (typeof params === "string") {
-1259 	    this.setValueNameOrOid(params);
-1260         } else if (params.oid !== undefined) {
-1261 	    this.setValueNameOrOid(params.oid);
-1262         } else if (params.name !== undefined) {
-1263             this.setValueNameOrOid(params.name);
-1264         } else if (params.hex !== undefined) {
-1265             this.setValueHex(params.hex);
-1266         }
-1267     };
-1268 
-1269     if (params !== undefined) this.setByParam(params);
-1270 };
-1271 YAHOO.lang.extend(KJUR.asn1.DERObjectIdentifier, KJUR.asn1.ASN1Object);
-1272 
-1273 // ********************************************************************
-1274 /**
-1275  * class for ASN.1 DER Enumerated
-1276  * @name KJUR.asn1.DEREnumerated
-1277  * @class class for ASN.1 DER Enumerated
-1278  * @extends KJUR.asn1.ASN1Object
-1279  * @description
-1280  * <br/>
-1281  * As for argument 'params' for constructor, you can specify one of
-1282  * following properties:
-1283  * <ul>
-1284  * <li>int - specify initial ASN.1 value(V) by integer value</li>
-1285  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
-1286  * </ul>
-1287  * NOTE: 'params' can be omitted.
-1288  * @example
-1289  * new KJUR.asn1.DEREnumerated(123);
-1290  * new KJUR.asn1.DEREnumerated({int: 123});
-1291  * new KJUR.asn1.DEREnumerated({hex: '1fad'});
-1292  */
-1293 KJUR.asn1.DEREnumerated = function(params) {
-1294     KJUR.asn1.DEREnumerated.superclass.constructor.call(this);
-1295     this.hT = "0a";
-1296 
-1297     /**
-1298      * set value by Tom Wu's BigInteger object
-1299      * @name setByBigInteger
-1300      * @memberOf KJUR.asn1.DEREnumerated#
-1301      * @function
-1302      * @param {BigInteger} bigIntegerValue to set
-1303      */
-1304     this.setByBigInteger = function(bigIntegerValue) {
-1305         this.hTLV = null;
-1306         this.isModified = true;
-1307         this.hV = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(bigIntegerValue);
-1308     };
-1309 
-1310     /**
-1311      * set value by integer value
-1312      * @name setByInteger
-1313      * @memberOf KJUR.asn1.DEREnumerated#
-1314      * @function
-1315      * @param {Integer} integer value to set
-1316      */
-1317     this.setByInteger = function(intValue) {
-1318         var bi = new BigInteger(String(intValue), 10);
-1319         this.setByBigInteger(bi);
-1320     };
-1321 
-1322     /**
-1323      * set value by integer value
-1324      * @name setValueHex
-1325      * @memberOf KJUR.asn1.DEREnumerated#
-1326      * @function
-1327      * @param {String} hexadecimal string of integer value
-1328      * @description
-1329      * <br/>
-1330      * NOTE: Value shall be represented by minimum octet length of
-1331      * two's complement representation.
-1332      */
-1333     this.setValueHex = function(newHexString) {
-1334         this.hV = newHexString;
-1335     };
-1336 
-1337     this.getFreshValueHex = function() {
-1338         return this.hV;
-1339     };
-1340 
-1341     if (typeof params != "undefined") {
-1342         if (typeof params['int'] != "undefined") {
-1343             this.setByInteger(params['int']);
-1344         } else if (typeof params == "number") {
-1345             this.setByInteger(params);
-1346         } else if (typeof params['hex'] != "undefined") {
-1347             this.setValueHex(params['hex']);
-1348         }
-1349     }
-1350 };
-1351 YAHOO.lang.extend(KJUR.asn1.DEREnumerated, KJUR.asn1.ASN1Object);
-1352 
-1353 // ********************************************************************
-1354 /**
-1355  * class for ASN.1 DER UTF8String
-1356  * @name KJUR.asn1.DERUTF8String
-1357  * @class class for ASN.1 DER UTF8String
-1358  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1359  * @extends KJUR.asn1.DERAbstractString
-1360  * @description
-1361  * @see KJUR.asn1.DERAbstractString - superclass
-1362  */
-1363 KJUR.asn1.DERUTF8String = function(params) {
-1364     KJUR.asn1.DERUTF8String.superclass.constructor.call(this, params);
-1365     this.hT = "0c";
-1366 };
-1367 YAHOO.lang.extend(KJUR.asn1.DERUTF8String, KJUR.asn1.DERAbstractString);
-1368 
-1369 // ********************************************************************
-1370 /**
-1371  * class for ASN.1 DER NumericString
-1372  * @name KJUR.asn1.DERNumericString
-1373  * @class class for ASN.1 DER NumericString
-1374  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1375  * @extends KJUR.asn1.DERAbstractString
-1376  * @description
-1377  * @see KJUR.asn1.DERAbstractString - superclass
-1378  */
-1379 KJUR.asn1.DERNumericString = function(params) {
-1380     KJUR.asn1.DERNumericString.superclass.constructor.call(this, params);
-1381     this.hT = "12";
-1382 };
-1383 YAHOO.lang.extend(KJUR.asn1.DERNumericString, KJUR.asn1.DERAbstractString);
-1384 
-1385 // ********************************************************************
-1386 /**
-1387  * class for ASN.1 DER PrintableString
-1388  * @name KJUR.asn1.DERPrintableString
-1389  * @class class for ASN.1 DER PrintableString
-1390  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1391  * @extends KJUR.asn1.DERAbstractString
-1392  * @description
-1393  * @see KJUR.asn1.DERAbstractString - superclass
-1394  */
-1395 KJUR.asn1.DERPrintableString = function(params) {
-1396     KJUR.asn1.DERPrintableString.superclass.constructor.call(this, params);
-1397     this.hT = "13";
-1398 };
-1399 YAHOO.lang.extend(KJUR.asn1.DERPrintableString, KJUR.asn1.DERAbstractString);
-1400 
-1401 // ********************************************************************
-1402 /**
-1403  * class for ASN.1 DER TeletexString
-1404  * @name KJUR.asn1.DERTeletexString
-1405  * @class class for ASN.1 DER TeletexString
-1406  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1407  * @extends KJUR.asn1.DERAbstractString
-1408  * @description
-1409  * @see KJUR.asn1.DERAbstractString - superclass
-1410  */
-1411 KJUR.asn1.DERTeletexString = function(params) {
-1412     KJUR.asn1.DERTeletexString.superclass.constructor.call(this, params);
-1413     this.hT = "14";
-1414 };
-1415 YAHOO.lang.extend(KJUR.asn1.DERTeletexString, KJUR.asn1.DERAbstractString);
-1416 
-1417 // ********************************************************************
-1418 /**
-1419  * class for ASN.1 DER IA5String
-1420  * @name KJUR.asn1.DERIA5String
-1421  * @class class for ASN.1 DER IA5String
-1422  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1423  * @extends KJUR.asn1.DERAbstractString
-1424  * @description
-1425  * @see KJUR.asn1.DERAbstractString - superclass
-1426  */
-1427 KJUR.asn1.DERIA5String = function(params) {
-1428     KJUR.asn1.DERIA5String.superclass.constructor.call(this, params);
-1429     this.hT = "16";
-1430 };
-1431 YAHOO.lang.extend(KJUR.asn1.DERIA5String, KJUR.asn1.DERAbstractString);
-1432 
-1433 // ********************************************************************
-1434 /**
-1435  * class for ASN.1 DER VisibleString
-1436  * @name KJUR.asn1.DERVisibleString
-1437  * @class class for ASN.1 DER VisibleString
-1438  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1439  * @extends KJUR.asn1.DERAbstractString
-1440  * @since jsrsasign 8.0.23 asn1 1.0.15
-1441  * @description
-1442  * @see KJUR.asn1.DERAbstractString - superclass
-1443  */
-1444 KJUR.asn1.DERVisibleString = function(params) {
-1445     KJUR.asn1.DERIA5String.superclass.constructor.call(this, params);
-1446     this.hT = "1a";
-1447 };
-1448 YAHOO.lang.extend(KJUR.asn1.DERVisibleString, KJUR.asn1.DERAbstractString);
-1449 
-1450 // ********************************************************************
-1451 /**
-1452  * class for ASN.1 DER BMPString
-1453  * @name KJUR.asn1.DERBMPString
-1454  * @class class for ASN.1 DER BMPString
-1455  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1456  * @extends KJUR.asn1.DERAbstractString
-1457  * @since jsrsasign 8.0.23 asn1 1.0.15
-1458  * @description
-1459  * @see KJUR.asn1.DERAbstractString - superclass
-1460  */
-1461 KJUR.asn1.DERBMPString = function(params) {
-1462     KJUR.asn1.DERBMPString.superclass.constructor.call(this, params);
-1463     this.hT = "1e";
-1464 };
-1465 YAHOO.lang.extend(KJUR.asn1.DERBMPString, KJUR.asn1.DERAbstractString);
-1466 
-1467 // ********************************************************************
-1468 /**
-1469  * class for ASN.1 DER UTCTime
-1470  * @name KJUR.asn1.DERUTCTime
-1471  * @class class for ASN.1 DER UTCTime
-1472  * @param {Array} params associative array of parameters (ex. {'str': '130430235959Z'})
-1473  * @extends KJUR.asn1.DERAbstractTime
-1474  * @description
-1475  * <br/>
-1476  * As for argument 'params' for constructor, you can specify one of
-1477  * following properties:
-1478  * <ul>
-1479  * <li>str - specify initial ASN.1 value(V) by a string (ex.'130430235959Z')</li>
-1480  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
-1481  * <li>date - specify Date object.</li>
-1482  * </ul>
-1483  * NOTE: 'params' can be omitted.
-1484  * <h4>EXAMPLES</h4>
-1485  * @example
-1486  * d1 = new KJUR.asn1.DERUTCTime();
-1487  * d1.setString('130430125959Z');
-1488  *
-1489  * d2 = new KJUR.asn1.DERUTCTime({'str': '130430125959Z'});
-1490  * d3 = new KJUR.asn1.DERUTCTime({'date': new Date(Date.UTC(2015, 0, 31, 0, 0, 0, 0))});
-1491  * d4 = new KJUR.asn1.DERUTCTime('130430125959Z');
-1492  */
-1493 KJUR.asn1.DERUTCTime = function(params) {
-1494     KJUR.asn1.DERUTCTime.superclass.constructor.call(this, params);
-1495     this.hT = "17";
-1496 
-1497     /**
-1498      * set value by a Date object<br/>
-1499      * @name setByDate
-1500      * @memberOf KJUR.asn1.DERUTCTime#
-1501      * @function
-1502      * @param {Date} dateObject Date object to set ASN.1 value(V)
-1503      * @example
-1504      * o = new KJUR.asn1.DERUTCTime();
-1505      * o.setByDate(new Date("2016/12/31"));
-1506      */
-1507     this.setByDate = function(dateObject) {
-1508         this.hTLV = null;
-1509         this.isModified = true;
-1510         this.date = dateObject;
-1511         this.s = this.formatDate(this.date, 'utc');
-1512         this.hV = stohex(this.s);
-1513     };
-1514 
-1515     this.getFreshValueHex = function() {
-1516         if (typeof this.date == "undefined" && typeof this.s == "undefined") {
-1517             this.date = new Date();
-1518             this.s = this.formatDate(this.date, 'utc');
-1519             this.hV = stohex(this.s);
-1520         }
-1521         return this.hV;
-1522     };
-1523 
-1524     if (params !== undefined) {
-1525         if (params.str !== undefined) {
-1526             this.setString(params.str);
-1527         } else if (typeof params == "string" && params.match(/^[0-9]{12}Z$/)) {
-1528             this.setString(params);
-1529         } else if (params.hex !== undefined) {
-1530             this.setStringHex(params.hex);
-1531         } else if (params.date !== undefined) {
-1532             this.setByDate(params.date);
-1533         }
-1534     }
-1535 };
-1536 YAHOO.lang.extend(KJUR.asn1.DERUTCTime, KJUR.asn1.DERAbstractTime);
+788 
+789 // ********************************************************************
+790 /**
+791  * class for ASN.1 DER Boolean
+792  * @name KJUR.asn1.DERBoolean
+793  * @class class for ASN.1 DER Boolean
+794  * @extends KJUR.asn1.ASN1Object
+795  * @see KJUR.asn1.ASN1Object - superclass
+796  * @description
+797  * In ASN.1 DER, DER Boolean "false" shall be omitted.
+798  * However this supports boolean false for future BER support.
+799  * @example
+800  * new KJUR.asn1.DERBoolean(true)
+801  * new KJUR.asn1.DERBoolean(false)
+802  */
+803 KJUR.asn1.DERBoolean = function(params) {
+804     KJUR.asn1.DERBoolean.superclass.constructor.call(this);
+805     this.hT = "01";
+806     if (params == false)
+807 	this.hTLV = "010100";
+808     else 
+809 	this.hTLV = "0101ff";
+810 };
+811 YAHOO.lang.extend(KJUR.asn1.DERBoolean, KJUR.asn1.ASN1Object);
+812 
+813 // ********************************************************************
+814 /**
+815  * class for ASN.1 DER Integer
+816  * @name KJUR.asn1.DERInteger
+817  * @class class for ASN.1 DER Integer
+818  * @extends KJUR.asn1.ASN1Object
+819  * @description
+820  * <br/>
+821  * As for argument 'params' for constructor, you can specify one of
+822  * following properties:
+823  * <ul>
+824  * <li>int - specify initial ASN.1 value(V) by integer value</li>
+825  * <li>bigint - specify initial ASN.1 value(V) by BigInteger object</li>
+826  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
+827  * </ul>
+828  * NOTE: 'params' can be omitted.
+829  */
+830 KJUR.asn1.DERInteger = function(params) {
+831     KJUR.asn1.DERInteger.superclass.constructor.call(this);
+832     this.hT = "02";
+833 
+834     /**
+835      * set value by Tom Wu's BigInteger object
+836      * @name setByBigInteger
+837      * @memberOf KJUR.asn1.DERInteger#
+838      * @function
+839      * @param {BigInteger} bigIntegerValue to set
+840      */
+841     this.setByBigInteger = function(bigIntegerValue) {
+842         this.hTLV = null;
+843         this.isModified = true;
+844         this.hV = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(bigIntegerValue);
+845     };
+846 
+847     /**
+848      * set value by integer value
+849      * @name setByInteger
+850      * @memberOf KJUR.asn1.DERInteger
+851      * @function
+852      * @param {Integer} integer value to set
+853      */
+854     this.setByInteger = function(intValue) {
+855         var bi = new BigInteger(String(intValue), 10);
+856         this.setByBigInteger(bi);
+857     };
+858 
+859     /**
+860      * set value by integer value
+861      * @name setValueHex
+862      * @memberOf KJUR.asn1.DERInteger#
+863      * @function
+864      * @param {String} hexadecimal string of integer value
+865      * @description
+866      * <br/>
+867      * NOTE: Value shall be represented by minimum octet length of
+868      * two's complement representation.
+869      * @example
+870      * new KJUR.asn1.DERInteger(123);
+871      * new KJUR.asn1.DERInteger({'int': 123});
+872      * new KJUR.asn1.DERInteger({'hex': '1fad'});
+873      */
+874     this.setValueHex = function(newHexString) {
+875         this.hV = newHexString;
+876     };
+877 
+878     this.getFreshValueHex = function() {
+879         return this.hV;
+880     };
+881 
+882     if (typeof params != "undefined") {
+883         if (typeof params['bigint'] != "undefined") {
+884             this.setByBigInteger(params['bigint']);
+885         } else if (typeof params['int'] != "undefined") {
+886             this.setByInteger(params['int']);
+887         } else if (typeof params == "number") {
+888             this.setByInteger(params);
+889         } else if (typeof params['hex'] != "undefined") {
+890             this.setValueHex(params['hex']);
+891         }
+892     }
+893 };
+894 YAHOO.lang.extend(KJUR.asn1.DERInteger, KJUR.asn1.ASN1Object);
+895 
+896 // ********************************************************************
+897 /**
+898  * class for ASN.1 DER encoded BitString primitive
+899  * @name KJUR.asn1.DERBitString
+900  * @class class for ASN.1 DER encoded BitString primitive
+901  * @extends KJUR.asn1.ASN1Object
+902  * @description 
+903  * <br/>
+904  * As for argument 'params' for constructor, you can specify one of
+905  * following properties:
+906  * <ul>
+907  * <li>bin - specify binary string (ex. '10111')</li>
+908  * <li>array - specify array of boolean (ex. [true,false,true,true])</li>
+909  * <li>hex - specify hexadecimal string of ASN.1 value(V) including unused bits</li>
+910  * <li>obj - specify {@link KJUR.asn1.ASN1Util.newObject} 
+911  * argument for "BitString encapsulates" structure.</li>
+912  * </ul>
+913  * NOTE1: 'params' can be omitted.<br/>
+914  * NOTE2: 'obj' parameter have been supported since
+915  * asn1 1.0.11, jsrsasign 6.1.1 (2016-Sep-25).<br/>
+916  * @example
+917  * // default constructor
+918  * o = new KJUR.asn1.DERBitString();
+919  * // initialize with binary string
+920  * o = new KJUR.asn1.DERBitString({bin: "1011"});
+921  * // initialize with boolean array
+922  * o = new KJUR.asn1.DERBitString({array: [true,false,true,true]});
+923  * // initialize with hexadecimal string (04 is unused bits)
+924  * o = new KJUR.asn1.DEROctetString({hex: "04bac0"});
+925  * // initialize with ASN1Util.newObject argument for encapsulated
+926  * o = new KJUR.asn1.DERBitString({obj: {seq: [{int: 3}, {prnstr: 'aaa'}]}});
+927  * // above generates a ASN.1 data like this:
+928  * // BIT STRING, encapsulates {
+929  * //   SEQUENCE {
+930  * //     INTEGER 3
+931  * //     PrintableString 'aaa'
+932  * //     }
+933  * //   } 
+934  */
+935 KJUR.asn1.DERBitString = function(params) {
+936     if (params !== undefined && typeof params.obj !== "undefined") {
+937 	var o = KJUR.asn1.ASN1Util.newObject(params.obj);
+938 	params.hex = "00" + o.getEncodedHex();
+939     }
+940     KJUR.asn1.DERBitString.superclass.constructor.call(this);
+941     this.hT = "03";
+942 
+943     /**
+944      * set ASN.1 value(V) by a hexadecimal string including unused bits
+945      * @name setHexValueIncludingUnusedBits
+946      * @memberOf KJUR.asn1.DERBitString#
+947      * @function
+948      * @param {String} newHexStringIncludingUnusedBits
+949      */
+950     this.setHexValueIncludingUnusedBits = function(newHexStringIncludingUnusedBits) {
+951         this.hTLV = null;
+952         this.isModified = true;
+953         this.hV = newHexStringIncludingUnusedBits;
+954     };
+955 
+956     /**
+957      * set ASN.1 value(V) by unused bit and hexadecimal string of value
+958      * @name setUnusedBitsAndHexValue
+959      * @memberOf KJUR.asn1.DERBitString#
+960      * @function
+961      * @param {Integer} unusedBits
+962      * @param {String} hValue
+963      */
+964     this.setUnusedBitsAndHexValue = function(unusedBits, hValue) {
+965         if (unusedBits < 0 || 7 < unusedBits) {
+966             throw "unused bits shall be from 0 to 7: u = " + unusedBits;
+967         }
+968         var hUnusedBits = "0" + unusedBits;
+969         this.hTLV = null;
+970         this.isModified = true;
+971         this.hV = hUnusedBits + hValue;
+972     };
+973 
+974     /**
+975      * set ASN.1 DER BitString by binary string<br/>
+976      * @name setByBinaryString
+977      * @memberOf KJUR.asn1.DERBitString#
+978      * @function
+979      * @param {String} binaryString binary value string (i.e. '10111')
+980      * @description
+981      * Its unused bits will be calculated automatically by length of 
+982      * 'binaryValue'. <br/>
+983      * NOTE: Trailing zeros '0' will be ignored.
+984      * @example
+985      * o = new KJUR.asn1.DERBitString();
+986      * o.setByBooleanArray("01011");
+987      */
+988     this.setByBinaryString = function(binaryString) {
+989         binaryString = binaryString.replace(/0+$/, '');
+990         var unusedBits = 8 - binaryString.length % 8;
+991         if (unusedBits == 8) unusedBits = 0;
+992         for (var i = 0; i <= unusedBits; i++) {
+993             binaryString += '0';
+994         }
+995         var h = '';
+996         for (var i = 0; i < binaryString.length - 1; i += 8) {
+997             var b = binaryString.substr(i, 8);
+998             var x = parseInt(b, 2).toString(16);
+999             if (x.length == 1) x = '0' + x;
+1000             h += x;  
+1001         }
+1002         this.hTLV = null;
+1003         this.isModified = true;
+1004         this.hV = '0' + unusedBits + h;
+1005     };
+1006 
+1007     /**
+1008      * set ASN.1 TLV value(V) by an array of boolean<br/>
+1009      * @name setByBooleanArray
+1010      * @memberOf KJUR.asn1.DERBitString#
+1011      * @function
+1012      * @param {array} booleanArray array of boolean (ex. [true, false, true])
+1013      * @description
+1014      * NOTE: Trailing falses will be ignored in the ASN.1 DER Object.
+1015      * @example
+1016      * o = new KJUR.asn1.DERBitString();
+1017      * o.setByBooleanArray([false, true, false, true, true]);
+1018      */
+1019     this.setByBooleanArray = function(booleanArray) {
+1020         var s = '';
+1021         for (var i = 0; i < booleanArray.length; i++) {
+1022             if (booleanArray[i] == true) {
+1023                 s += '1';
+1024             } else {
+1025                 s += '0';
+1026             }
+1027         }
+1028         this.setByBinaryString(s);
+1029     };
+1030 
+1031     /**
+1032      * generate an array of falses with specified length<br/>
+1033      * @name newFalseArray
+1034      * @memberOf KJUR.asn1.DERBitString
+1035      * @function
+1036      * @param {Integer} nLength length of array to generate
+1037      * @return {array} array of boolean falses
+1038      * @description
+1039      * This static method may be useful to initialize boolean array.
+1040      * @example
+1041      * o = new KJUR.asn1.DERBitString();
+1042      * o.newFalseArray(3) → [false, false, false]
+1043      */
+1044     this.newFalseArray = function(nLength) {
+1045         var a = new Array(nLength);
+1046         for (var i = 0; i < nLength; i++) {
+1047             a[i] = false;
+1048         }
+1049         return a;
+1050     };
+1051 
+1052     this.getFreshValueHex = function() {
+1053         return this.hV;
+1054     };
+1055 
+1056     if (typeof params != "undefined") {
+1057         if (typeof params == "string" && params.toLowerCase().match(/^[0-9a-f]+$/)) {
+1058             this.setHexValueIncludingUnusedBits(params);
+1059         } else if (typeof params['hex'] != "undefined") {
+1060             this.setHexValueIncludingUnusedBits(params['hex']);
+1061         } else if (typeof params['bin'] != "undefined") {
+1062             this.setByBinaryString(params['bin']);
+1063         } else if (typeof params['array'] != "undefined") {
+1064             this.setByBooleanArray(params['array']);
+1065         }
+1066     }
+1067 };
+1068 YAHOO.lang.extend(KJUR.asn1.DERBitString, KJUR.asn1.ASN1Object);
+1069 
+1070 // ********************************************************************
+1071 /**
+1072  * class for ASN.1 DER OctetString<br/>
+1073  * @name KJUR.asn1.DEROctetString
+1074  * @class class for ASN.1 DER OctetString
+1075  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1076  * @extends KJUR.asn1.DERAbstractString
+1077  * @description
+1078  * This class provides ASN.1 OctetString simple type.<br/>
+1079  * Supported "params" attributes are:
+1080  * <ul>
+1081  * <li>str - to set a string as a value</li>
+1082  * <li>hex - to set a hexadecimal string as a value</li>
+1083  * <li>obj - to set a encapsulated ASN.1 value by JSON object 
+1084  * which is defined in {@link KJUR.asn1.ASN1Util.newObject}</li>
+1085  * </ul>
+1086  * NOTE: A parameter 'obj' have been supported 
+1087  * for "OCTET STRING, encapsulates" structure.
+1088  * since asn1 1.0.11, jsrsasign 6.1.1 (2016-Sep-25).
+1089  * @see KJUR.asn1.DERAbstractString - superclass
+1090  * @example
+1091  * // default constructor
+1092  * o = new KJUR.asn1.DEROctetString();
+1093  * // initialize with string
+1094  * o = new KJUR.asn1.DEROctetString({str: "aaa"});
+1095  * // initialize with hexadecimal string
+1096  * o = new KJUR.asn1.DEROctetString({hex: "616161"});
+1097  * // initialize with ASN1Util.newObject argument 
+1098  * o = new KJUR.asn1.DEROctetString({obj: {seq: [{int: 3}, {prnstr: 'aaa'}]}});
+1099  * // above generates a ASN.1 data like this:
+1100  * // OCTET STRING, encapsulates {
+1101  * //   SEQUENCE {
+1102  * //     INTEGER 3
+1103  * //     PrintableString 'aaa'
+1104  * //     }
+1105  * //   } 
+1106  */
+1107 KJUR.asn1.DEROctetString = function(params) {
+1108     if (params !== undefined && typeof params.obj !== "undefined") {
+1109 	var o = KJUR.asn1.ASN1Util.newObject(params.obj);
+1110 	params.hex = o.getEncodedHex();
+1111     }
+1112     KJUR.asn1.DEROctetString.superclass.constructor.call(this, params);
+1113     this.hT = "04";
+1114 };
+1115 YAHOO.lang.extend(KJUR.asn1.DEROctetString, KJUR.asn1.DERAbstractString);
+1116 
+1117 // ********************************************************************
+1118 /**
+1119  * class for ASN.1 DER Null
+1120  * @name KJUR.asn1.DERNull
+1121  * @class class for ASN.1 DER Null
+1122  * @extends KJUR.asn1.ASN1Object
+1123  * @description
+1124  * @see KJUR.asn1.ASN1Object - superclass
+1125  */
+1126 KJUR.asn1.DERNull = function() {
+1127     KJUR.asn1.DERNull.superclass.constructor.call(this);
+1128     this.hT = "05";
+1129     this.hTLV = "0500";
+1130 };
+1131 YAHOO.lang.extend(KJUR.asn1.DERNull, KJUR.asn1.ASN1Object);
+1132 
+1133 // ********************************************************************
+1134 /**
+1135  * class for ASN.1 DER ObjectIdentifier
+1136  * @name KJUR.asn1.DERObjectIdentifier
+1137  * @class class for ASN.1 DER ObjectIdentifier
+1138  * @param {Object} JSON object or string of parameters (ex. {'oid': '2.5.4.5'})
+1139  * @extends KJUR.asn1.ASN1Object
+1140  * @see oidtohex
+1141  * 
+1142  * @description
+1143  * <br/>
+1144  * As for argument 'params' for constructor, you can specify one of
+1145  * following properties:
+1146  * <ul>
+1147  * <li>oid - specify initial ASN.1 value(V) by a oid string (ex. 2.5.4.13)</li>
+1148  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
+1149  * </ul>
+1150  * NOTE: 'params' can be omitted.
+1151  * @example
+1152  * new DERObjectIdentifier({"name": "sha1"})
+1153  * new DERObjectIdentifier({"oid": "1.2.3.4"})
+1154  * new DERObjectIdentifier({"hex": "2d..."})
+1155  * new DERObjectIdentifier("1.2.3.4")
+1156  * new DERObjectIdentifier("SHA1withRSA")
+1157  */
+1158 KJUR.asn1.DERObjectIdentifier = function(params) {
+1159     KJUR.asn1.DERObjectIdentifier.superclass.constructor.call(this);
+1160     this.hT = "06";
+1161 
+1162     /**
+1163      * set value by a hexadecimal string
+1164      * @name setValueHex
+1165      * @memberOf KJUR.asn1.DERObjectIdentifier#
+1166      * @function
+1167      * @param {String} newHexString hexadecimal value of OID bytes
+1168      */
+1169     this.setValueHex = function(newHexString) {
+1170         this.hTLV = null;
+1171         this.isModified = true;
+1172         this.s = null;
+1173         this.hV = newHexString;
+1174     };
+1175 
+1176     /**
+1177      * set value by a OID string<br/>
+1178      * @name setValueOidString
+1179      * @memberOf KJUR.asn1.DERObjectIdentifier#
+1180      * @function
+1181      * @param {String} oidString OID string (ex. 2.5.4.13)
+1182      * @example
+1183      * o = new KJUR.asn1.DERObjectIdentifier();
+1184      * o.setValueOidString("2.5.4.13");
+1185      */
+1186     this.setValueOidString = function(oidString) {
+1187 	var h = oidtohex(oidString);
+1188 	if (h == null)
+1189             throw new Error("malformed oid string: " + oidString);
+1190         this.hTLV = null;
+1191         this.isModified = true;
+1192         this.s = null;
+1193         this.hV = h;
+1194     };
+1195 
+1196     /**
+1197      * set value by a OID name
+1198      * @name setValueName
+1199      * @memberOf KJUR.asn1.DERObjectIdentifier#
+1200      * @function
+1201      * @param {String} oidName OID name (ex. 'serverAuth')
+1202      * @since 1.0.1
+1203      * @description
+1204      * OID name shall be defined in 'KJUR.asn1.x509.OID.name2oidList'.
+1205      * Otherwise raise error.
+1206      * @example
+1207      * o = new KJUR.asn1.DERObjectIdentifier();
+1208      * o.setValueName("serverAuth");
+1209      */
+1210     this.setValueName = function(oidName) {
+1211 	var oid = KJUR.asn1.x509.OID.name2oid(oidName);
+1212 	if (oid !== '') {
+1213             this.setValueOidString(oid);
+1214         } else {
+1215             throw new Error("DERObjectIdentifier oidName undefined: " + oidName);
+1216         }
+1217     };
+1218 
+1219     this.setValueNameOrOid = function(nameOrOid) {
+1220 	if (nameOrOid.match(/^[0-2].[0-9.]+$/)) {
+1221 	    this.setValueOidString(nameOrOid);
+1222 	} else {
+1223 	    this.setValueName(nameOrOid);
+1224 	}
+1225     }
+1226 
+1227     this.getFreshValueHex = function() {
+1228         return this.hV;
+1229     };
+1230 
+1231     this.setByParam = function(params) {
+1232         if (typeof params === "string") {
+1233 	    this.setValueNameOrOid(params);
+1234         } else if (params.oid !== undefined) {
+1235 	    this.setValueNameOrOid(params.oid);
+1236         } else if (params.name !== undefined) {
+1237             this.setValueNameOrOid(params.name);
+1238         } else if (params.hex !== undefined) {
+1239             this.setValueHex(params.hex);
+1240         }
+1241     };
+1242 
+1243     if (params !== undefined) this.setByParam(params);
+1244 };
+1245 YAHOO.lang.extend(KJUR.asn1.DERObjectIdentifier, KJUR.asn1.ASN1Object);
+1246 
+1247 // ********************************************************************
+1248 /**
+1249  * class for ASN.1 DER Enumerated
+1250  * @name KJUR.asn1.DEREnumerated
+1251  * @class class for ASN.1 DER Enumerated
+1252  * @extends KJUR.asn1.ASN1Object
+1253  * @description
+1254  * <br/>
+1255  * As for argument 'params' for constructor, you can specify one of
+1256  * following properties:
+1257  * <ul>
+1258  * <li>int - specify initial ASN.1 value(V) by integer value</li>
+1259  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
+1260  * </ul>
+1261  * NOTE: 'params' can be omitted.
+1262  * @example
+1263  * new KJUR.asn1.DEREnumerated(123);
+1264  * new KJUR.asn1.DEREnumerated({int: 123});
+1265  * new KJUR.asn1.DEREnumerated({hex: '1fad'});
+1266  */
+1267 KJUR.asn1.DEREnumerated = function(params) {
+1268     KJUR.asn1.DEREnumerated.superclass.constructor.call(this);
+1269     this.hT = "0a";
+1270 
+1271     /**
+1272      * set value by Tom Wu's BigInteger object
+1273      * @name setByBigInteger
+1274      * @memberOf KJUR.asn1.DEREnumerated#
+1275      * @function
+1276      * @param {BigInteger} bigIntegerValue to set
+1277      */
+1278     this.setByBigInteger = function(bigIntegerValue) {
+1279         this.hTLV = null;
+1280         this.isModified = true;
+1281         this.hV = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(bigIntegerValue);
+1282     };
+1283 
+1284     /**
+1285      * set value by integer value
+1286      * @name setByInteger
+1287      * @memberOf KJUR.asn1.DEREnumerated#
+1288      * @function
+1289      * @param {Integer} integer value to set
+1290      */
+1291     this.setByInteger = function(intValue) {
+1292         var bi = new BigInteger(String(intValue), 10);
+1293         this.setByBigInteger(bi);
+1294     };
+1295 
+1296     /**
+1297      * set value by integer value
+1298      * @name setValueHex
+1299      * @memberOf KJUR.asn1.DEREnumerated#
+1300      * @function
+1301      * @param {String} hexadecimal string of integer value
+1302      * @description
+1303      * <br/>
+1304      * NOTE: Value shall be represented by minimum octet length of
+1305      * two's complement representation.
+1306      */
+1307     this.setValueHex = function(newHexString) {
+1308         this.hV = newHexString;
+1309     };
+1310 
+1311     this.getFreshValueHex = function() {
+1312         return this.hV;
+1313     };
+1314 
+1315     if (typeof params != "undefined") {
+1316         if (typeof params['int'] != "undefined") {
+1317             this.setByInteger(params['int']);
+1318         } else if (typeof params == "number") {
+1319             this.setByInteger(params);
+1320         } else if (typeof params['hex'] != "undefined") {
+1321             this.setValueHex(params['hex']);
+1322         }
+1323     }
+1324 };
+1325 YAHOO.lang.extend(KJUR.asn1.DEREnumerated, KJUR.asn1.ASN1Object);
+1326 
+1327 // ********************************************************************
+1328 /**
+1329  * class for ASN.1 DER UTF8String
+1330  * @name KJUR.asn1.DERUTF8String
+1331  * @class class for ASN.1 DER UTF8String
+1332  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1333  * @extends KJUR.asn1.DERAbstractString
+1334  * @description
+1335  * @see KJUR.asn1.DERAbstractString - superclass
+1336  */
+1337 KJUR.asn1.DERUTF8String = function(params) {
+1338     KJUR.asn1.DERUTF8String.superclass.constructor.call(this, params);
+1339     this.hT = "0c";
+1340 };
+1341 YAHOO.lang.extend(KJUR.asn1.DERUTF8String, KJUR.asn1.DERAbstractString);
+1342 
+1343 // ********************************************************************
+1344 /**
+1345  * class for ASN.1 DER NumericString
+1346  * @name KJUR.asn1.DERNumericString
+1347  * @class class for ASN.1 DER NumericString
+1348  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1349  * @extends KJUR.asn1.DERAbstractString
+1350  * @description
+1351  * @see KJUR.asn1.DERAbstractString - superclass
+1352  */
+1353 KJUR.asn1.DERNumericString = function(params) {
+1354     KJUR.asn1.DERNumericString.superclass.constructor.call(this, params);
+1355     this.hT = "12";
+1356 };
+1357 YAHOO.lang.extend(KJUR.asn1.DERNumericString, KJUR.asn1.DERAbstractString);
+1358 
+1359 // ********************************************************************
+1360 /**
+1361  * class for ASN.1 DER PrintableString
+1362  * @name KJUR.asn1.DERPrintableString
+1363  * @class class for ASN.1 DER PrintableString
+1364  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1365  * @extends KJUR.asn1.DERAbstractString
+1366  * @description
+1367  * @see KJUR.asn1.DERAbstractString - superclass
+1368  */
+1369 KJUR.asn1.DERPrintableString = function(params) {
+1370     KJUR.asn1.DERPrintableString.superclass.constructor.call(this, params);
+1371     this.hT = "13";
+1372 };
+1373 YAHOO.lang.extend(KJUR.asn1.DERPrintableString, KJUR.asn1.DERAbstractString);
+1374 
+1375 // ********************************************************************
+1376 /**
+1377  * class for ASN.1 DER TeletexString
+1378  * @name KJUR.asn1.DERTeletexString
+1379  * @class class for ASN.1 DER TeletexString
+1380  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1381  * @extends KJUR.asn1.DERAbstractString
+1382  * @description
+1383  * @see KJUR.asn1.DERAbstractString - superclass
+1384  */
+1385 KJUR.asn1.DERTeletexString = function(params) {
+1386     KJUR.asn1.DERTeletexString.superclass.constructor.call(this, params);
+1387     this.hT = "14";
+1388 };
+1389 YAHOO.lang.extend(KJUR.asn1.DERTeletexString, KJUR.asn1.DERAbstractString);
+1390 
+1391 // ********************************************************************
+1392 /**
+1393  * class for ASN.1 DER IA5String
+1394  * @name KJUR.asn1.DERIA5String
+1395  * @class class for ASN.1 DER IA5String
+1396  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1397  * @extends KJUR.asn1.DERAbstractString
+1398  * @description
+1399  * @see KJUR.asn1.DERAbstractString - superclass
+1400  */
+1401 KJUR.asn1.DERIA5String = function(params) {
+1402     KJUR.asn1.DERIA5String.superclass.constructor.call(this, params);
+1403     this.hT = "16";
+1404 };
+1405 YAHOO.lang.extend(KJUR.asn1.DERIA5String, KJUR.asn1.DERAbstractString);
+1406 
+1407 // ********************************************************************
+1408 /**
+1409  * class for ASN.1 DER VisibleString
+1410  * @name KJUR.asn1.DERVisibleString
+1411  * @class class for ASN.1 DER VisibleString
+1412  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1413  * @extends KJUR.asn1.DERAbstractString
+1414  * @since jsrsasign 8.0.23 asn1 1.0.15
+1415  * @description
+1416  * @see KJUR.asn1.DERAbstractString - superclass
+1417  */
+1418 KJUR.asn1.DERVisibleString = function(params) {
+1419     KJUR.asn1.DERIA5String.superclass.constructor.call(this, params);
+1420     this.hT = "1a";
+1421 };
+1422 YAHOO.lang.extend(KJUR.asn1.DERVisibleString, KJUR.asn1.DERAbstractString);
+1423 
+1424 // ********************************************************************
+1425 /**
+1426  * class for ASN.1 DER BMPString
+1427  * @name KJUR.asn1.DERBMPString
+1428  * @class class for ASN.1 DER BMPString
+1429  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1430  * @extends KJUR.asn1.DERAbstractString
+1431  * @since jsrsasign 8.0.23 asn1 1.0.15
+1432  * @description
+1433  * @see KJUR.asn1.DERAbstractString - superclass
+1434  */
+1435 KJUR.asn1.DERBMPString = function(params) {
+1436     KJUR.asn1.DERBMPString.superclass.constructor.call(this, params);
+1437     this.hT = "1e";
+1438 };
+1439 YAHOO.lang.extend(KJUR.asn1.DERBMPString, KJUR.asn1.DERAbstractString);
+1440 
+1441 // ********************************************************************
+1442 /**
+1443  * class for ASN.1 DER UTCTime
+1444  * @name KJUR.asn1.DERUTCTime
+1445  * @class class for ASN.1 DER UTCTime
+1446  * @param {Array} params associative array of parameters (ex. {'str': '130430235959Z'})
+1447  * @extends KJUR.asn1.DERAbstractTime
+1448  * @description
+1449  * <br/>
+1450  * As for argument 'params' for constructor, you can specify one of
+1451  * following properties:
+1452  * <ul>
+1453  * <li>str - specify initial ASN.1 value(V) by a string (ex.'130430235959Z')</li>
+1454  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
+1455  * <li>date - specify Date object.</li>
+1456  * </ul>
+1457  * NOTE: 'params' can be omitted.
+1458  * <h4>EXAMPLES</h4>
+1459  * @example
+1460  * d1 = new KJUR.asn1.DERUTCTime();
+1461  * d1.setString('130430125959Z');
+1462  *
+1463  * d2 = new KJUR.asn1.DERUTCTime({'str': '130430125959Z'});
+1464  * d3 = new KJUR.asn1.DERUTCTime({'date': new Date(Date.UTC(2015, 0, 31, 0, 0, 0, 0))});
+1465  * d4 = new KJUR.asn1.DERUTCTime('130430125959Z');
+1466  */
+1467 KJUR.asn1.DERUTCTime = function(params) {
+1468     KJUR.asn1.DERUTCTime.superclass.constructor.call(this, params);
+1469     this.hT = "17";
+1470 
+1471     /**
+1472      * set value by a Date object<br/>
+1473      * @name setByDate
+1474      * @memberOf KJUR.asn1.DERUTCTime#
+1475      * @function
+1476      * @param {Date} dateObject Date object to set ASN.1 value(V)
+1477      * @example
+1478      * o = new KJUR.asn1.DERUTCTime();
+1479      * o.setByDate(new Date("2016/12/31"));
+1480      */
+1481     this.setByDate = function(dateObject) {
+1482         this.hTLV = null;
+1483         this.isModified = true;
+1484         this.date = dateObject;
+1485         this.s = this.formatDate(this.date, 'utc');
+1486         this.hV = stohex(this.s);
+1487     };
+1488 
+1489     this.getFreshValueHex = function() {
+1490         if (typeof this.date == "undefined" && typeof this.s == "undefined") {
+1491             this.date = new Date();
+1492             this.s = this.formatDate(this.date, 'utc');
+1493             this.hV = stohex(this.s);
+1494         }
+1495         return this.hV;
+1496     };
+1497 
+1498     if (params !== undefined) {
+1499         if (params.str !== undefined) {
+1500             this.setString(params.str);
+1501         } else if (typeof params == "string" && params.match(/^[0-9]{12}Z$/)) {
+1502             this.setString(params);
+1503         } else if (params.hex !== undefined) {
+1504             this.setStringHex(params.hex);
+1505         } else if (params.date !== undefined) {
+1506             this.setByDate(params.date);
+1507         }
+1508     }
+1509 };
+1510 YAHOO.lang.extend(KJUR.asn1.DERUTCTime, KJUR.asn1.DERAbstractTime);
+1511 
+1512 // ********************************************************************
+1513 /**
+1514  * class for ASN.1 DER GeneralizedTime
+1515  * @name KJUR.asn1.DERGeneralizedTime
+1516  * @class class for ASN.1 DER GeneralizedTime
+1517  * @param {Array} params associative array of parameters (ex. {'str': '20130430235959Z'})
+1518  * @property {Boolean} withMillis flag to show milliseconds or not
+1519  * @extends KJUR.asn1.DERAbstractTime
+1520  * @description
+1521  * <br/>
+1522  * As for argument 'params' for constructor, you can specify one of
+1523  * following properties:
+1524  * <ul>
+1525  * <li>str - specify initial ASN.1 value(V) by a string (ex.'20130430235959Z')</li>
+1526  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
+1527  * <li>date - specify Date object.</li>
+1528  * <li>millis - specify flag to show milliseconds (from 1.0.6)</li>
+1529  * </ul>
+1530  * NOTE1: 'params' can be omitted.
+1531  * NOTE2: 'withMillis' property is supported from asn1 1.0.6.
+1532  */
+1533 KJUR.asn1.DERGeneralizedTime = function(params) {
+1534     KJUR.asn1.DERGeneralizedTime.superclass.constructor.call(this, params);
+1535     this.hT = "18";
+1536     this.withMillis = false;
 1537 
-1538 // ********************************************************************
-1539 /**
-1540  * class for ASN.1 DER GeneralizedTime
-1541  * @name KJUR.asn1.DERGeneralizedTime
-1542  * @class class for ASN.1 DER GeneralizedTime
-1543  * @param {Array} params associative array of parameters (ex. {'str': '20130430235959Z'})
-1544  * @property {Boolean} withMillis flag to show milliseconds or not
-1545  * @extends KJUR.asn1.DERAbstractTime
-1546  * @description
-1547  * <br/>
-1548  * As for argument 'params' for constructor, you can specify one of
-1549  * following properties:
-1550  * <ul>
-1551  * <li>str - specify initial ASN.1 value(V) by a string (ex.'20130430235959Z')</li>
-1552  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
-1553  * <li>date - specify Date object.</li>
-1554  * <li>millis - specify flag to show milliseconds (from 1.0.6)</li>
-1555  * </ul>
-1556  * NOTE1: 'params' can be omitted.
-1557  * NOTE2: 'withMillis' property is supported from asn1 1.0.6.
-1558  */
-1559 KJUR.asn1.DERGeneralizedTime = function(params) {
-1560     KJUR.asn1.DERGeneralizedTime.superclass.constructor.call(this, params);
-1561     this.hT = "18";
-1562     this.withMillis = false;
-1563 
-1564     /**
-1565      * set value by a Date object
-1566      * @name setByDate
-1567      * @memberOf KJUR.asn1.DERGeneralizedTime#
-1568      * @function
-1569      * @param {Date} dateObject Date object to set ASN.1 value(V)
-1570      * @example
-1571      * When you specify UTC time, use 'Date.UTC' method like this:<br/>
-1572      * o1 = new DERUTCTime();
-1573      * o1.setByDate(date);
-1574      *
-1575      * date = new Date(Date.UTC(2015, 0, 31, 23, 59, 59, 0)); #2015JAN31 23:59:59
-1576      */
-1577     this.setByDate = function(dateObject) {
-1578         this.hTLV = null;
-1579         this.isModified = true;
-1580         this.date = dateObject;
-1581         this.s = this.formatDate(this.date, 'gen', this.withMillis);
-1582         this.hV = stohex(this.s);
-1583     };
+1538     /**
+1539      * set value by a Date object
+1540      * @name setByDate
+1541      * @memberOf KJUR.asn1.DERGeneralizedTime#
+1542      * @function
+1543      * @param {Date} dateObject Date object to set ASN.1 value(V)
+1544      * @example
+1545      * When you specify UTC time, use 'Date.UTC' method like this:<br/>
+1546      * o1 = new DERUTCTime();
+1547      * o1.setByDate(date);
+1548      *
+1549      * date = new Date(Date.UTC(2015, 0, 31, 23, 59, 59, 0)); #2015JAN31 23:59:59
+1550      */
+1551     this.setByDate = function(dateObject) {
+1552         this.hTLV = null;
+1553         this.isModified = true;
+1554         this.date = dateObject;
+1555         this.s = this.formatDate(this.date, 'gen', this.withMillis);
+1556         this.hV = stohex(this.s);
+1557     };
+1558 
+1559     this.getFreshValueHex = function() {
+1560         if (this.date === undefined && this.s === undefined) {
+1561             this.date = new Date();
+1562             this.s = this.formatDate(this.date, 'gen', this.withMillis);
+1563             this.hV = stohex(this.s);
+1564         }
+1565         return this.hV;
+1566     };
+1567 
+1568     if (params !== undefined) {
+1569         if (params.str !== undefined) {
+1570             this.setString(params.str);
+1571         } else if (typeof params == "string" && params.match(/^[0-9]{14}Z$/)) {
+1572             this.setString(params);
+1573         } else if (params.hex !== undefined) {
+1574             this.setStringHex(params.hex);
+1575         } else if (params.date !== undefined) {
+1576             this.setByDate(params.date);
+1577         }
+1578         if (params.millis === true) {
+1579             this.withMillis = true;
+1580         }
+1581     }
+1582 };
+1583 YAHOO.lang.extend(KJUR.asn1.DERGeneralizedTime, KJUR.asn1.DERAbstractTime);
 1584 
-1585     this.getFreshValueHex = function() {
-1586         if (this.date === undefined && this.s === undefined) {
-1587             this.date = new Date();
-1588             this.s = this.formatDate(this.date, 'gen', this.withMillis);
-1589             this.hV = stohex(this.s);
-1590         }
-1591         return this.hV;
-1592     };
-1593 
-1594     if (params !== undefined) {
-1595         if (params.str !== undefined) {
-1596             this.setString(params.str);
-1597         } else if (typeof params == "string" && params.match(/^[0-9]{14}Z$/)) {
-1598             this.setString(params);
-1599         } else if (params.hex !== undefined) {
-1600             this.setStringHex(params.hex);
-1601         } else if (params.date !== undefined) {
-1602             this.setByDate(params.date);
-1603         }
-1604         if (params.millis === true) {
-1605             this.withMillis = true;
-1606         }
-1607     }
-1608 };
-1609 YAHOO.lang.extend(KJUR.asn1.DERGeneralizedTime, KJUR.asn1.DERAbstractTime);
-1610 
-1611 // ********************************************************************
-1612 /**
-1613  * class for ASN.1 DER Sequence
-1614  * @name KJUR.asn1.DERSequence
-1615  * @class class for ASN.1 DER Sequence
-1616  * @extends KJUR.asn1.DERAbstractStructured
-1617  * @description
-1618  * <br/>
-1619  * As for argument 'params' for constructor, you can specify one of
-1620  * following properties:
-1621  * <ul>
-1622  * <li>array - specify array of ASN1Object to set elements of content</li>
-1623  * </ul>
-1624  * NOTE: 'params' can be omitted.
-1625  */
-1626 KJUR.asn1.DERSequence = function(params) {
-1627     KJUR.asn1.DERSequence.superclass.constructor.call(this, params);
-1628     this.hT = "30";
-1629     this.getFreshValueHex = function() {
-1630         var h = '';
-1631         for (var i = 0; i < this.asn1Array.length; i++) {
-1632             var asn1Obj = this.asn1Array[i];
-1633             h += asn1Obj.getEncodedHex();
-1634         }
-1635         this.hV = h;
-1636         return this.hV;
-1637     };
-1638 };
-1639 YAHOO.lang.extend(KJUR.asn1.DERSequence, KJUR.asn1.DERAbstractStructured);
-1640 
-1641 // ********************************************************************
-1642 /**
-1643  * class for ASN.1 DER Set
-1644  * @name KJUR.asn1.DERSet
-1645  * @class class for ASN.1 DER Set
-1646  * @extends KJUR.asn1.DERAbstractStructured
-1647  * @description
-1648  * <br/>
-1649  * As for argument 'params' for constructor, you can specify one of
-1650  * following properties:
-1651  * <ul>
-1652  * <li>array - specify array of ASN1Object to set elements of content</li>
-1653  * <li>sortflag - flag for sort (default: true). ASN.1 BER is not sorted in 'SET OF'.</li>
-1654  * </ul>
-1655  * NOTE1: 'params' can be omitted.<br/>
-1656  * NOTE2: sortflag is supported since 1.0.5.
-1657  */
-1658 KJUR.asn1.DERSet = function(params) {
-1659     KJUR.asn1.DERSet.superclass.constructor.call(this, params);
-1660     this.hT = "31";
-1661     this.sortFlag = true; // item shall be sorted only in ASN.1 DER
-1662     this.getFreshValueHex = function() {
-1663         var a = new Array();
-1664         for (var i = 0; i < this.asn1Array.length; i++) {
-1665             var asn1Obj = this.asn1Array[i];
-1666             a.push(asn1Obj.getEncodedHex());
-1667         }
-1668         if (this.sortFlag == true) a.sort();
-1669         this.hV = a.join('');
-1670         return this.hV;
-1671     };
-1672 
-1673     if (typeof params != "undefined") {
-1674         if (typeof params.sortflag != "undefined" &&
-1675             params.sortflag == false)
-1676             this.sortFlag = false;
-1677     }
-1678 };
-1679 YAHOO.lang.extend(KJUR.asn1.DERSet, KJUR.asn1.DERAbstractStructured);
-1680 
-1681 // ********************************************************************
-1682 /**
-1683  * class for ASN.1 DER TaggedObject
-1684  * @name KJUR.asn1.DERTaggedObject
-1685  * @class class for ASN.1 DER TaggedObject
-1686  * @extends KJUR.asn1.ASN1Object
-1687  *
-1688  * @description
-1689  * <br/>
-1690  * Parameter 'tagNoNex' is ASN.1 tag(T) value for this object.
-1691  * For example, if you find '[1]' tag in a ASN.1 dump, 
-1692  * 'tagNoHex' will be 'a1'.
-1693  * <br/>
-1694  * As for optional argument 'params' for constructor, you can specify *ANY* of
-1695  * following properties:
-1696  * <ul>
-1697  * <li>tag - specify tag (default is 'a0' which means [0])</li>
-1698  * <li>explicit - specify true if this is explicit tag otherwise false 
-1699  *     (default is 'true').</li>
-1700  * <li>obj - specify ASN1Object which is tagged</li>
-1701  * <li>tage - specify tag with explicit</li>
-1702  * <li>tagi - specify tag with implicit</li>
-1703  * </ul>
-1704  *
-1705  * @example
-1706  * new KJUR.asn1.DERTaggedObject({
-1707  *  tage:'a0', obj: new KJUR.asn1.DERInteger({int: 3}) // explicit
-1708  * }) 
-1709  * new KJUR.asn1.DERTaggedObject({
-1710  *  tagi:'a0', obj: new KJUR.asn1.DERInteger({int: 3}) // implicit
-1711  * }) 
-1712  * new KJUR.asn1.DERTaggedObject({
-1713  *  tag:'a0', explicit: true, obj: new KJUR.asn1.DERInteger({int: 3}) // explicit
-1714  * }) 
-1715  *
-1716  * // to hexadecimal
-1717  * d1 = new KJUR.asn1.DERUTF8String({str':'a'})
-1718  * d2 = new KJUR.asn1.DERTaggedObject({'obj': d1});
-1719  * hex = d2.getEncodedHex();
-1720  */
-1721 KJUR.asn1.DERTaggedObject = function(params) {
-1722     KJUR.asn1.DERTaggedObject.superclass.constructor.call(this);
-1723 
-1724     var _KJUR_asn1 = KJUR.asn1;
-1725 
-1726     this.hT = "a0";
-1727     this.hV = '';
-1728     this.isExplicit = true;
-1729     this.asn1Object = null;
-1730 
-1731     /**
-1732      * set value by an ASN1Object
-1733      * @name setString
-1734      * @memberOf KJUR.asn1.DERTaggedObject#
-1735      * @function
-1736      * @param {Boolean} isExplicitFlag flag for explicit/implicit tag
-1737      * @param {Integer} tagNoHex hexadecimal string of ASN.1 tag
-1738      * @param {ASN1Object} asn1Object ASN.1 to encapsulate
-1739      */
-1740     this.setASN1Object = function(isExplicitFlag, tagNoHex, asn1Object) {
-1741         this.hT = tagNoHex;
-1742         this.isExplicit = isExplicitFlag;
-1743         this.asn1Object = asn1Object;
-1744         if (this.isExplicit) {
-1745             this.hV = this.asn1Object.getEncodedHex();
-1746             this.hTLV = null;
-1747             this.isModified = true;
-1748         } else {
-1749             this.hV = null;
-1750             this.hTLV = asn1Object.getEncodedHex();
-1751             this.hTLV = this.hTLV.replace(/^../, tagNoHex);
-1752             this.isModified = false;
-1753         }
-1754     };
-1755 
-1756     this.getFreshValueHex = function() {
-1757         return this.hV;
+1585 // ********************************************************************
+1586 /**
+1587  * class for ASN.1 DER Sequence
+1588  * @name KJUR.asn1.DERSequence
+1589  * @class class for ASN.1 DER Sequence
+1590  * @extends KJUR.asn1.DERAbstractStructured
+1591  * @description
+1592  * <br/>
+1593  * As for argument 'params' for constructor, you can specify one of
+1594  * following properties:
+1595  * <ul>
+1596  * <li>array - specify array of ASN1Object to set elements of content</li>
+1597  * </ul>
+1598  * NOTE: 'params' can be omitted.
+1599  */
+1600 KJUR.asn1.DERSequence = function(params) {
+1601     KJUR.asn1.DERSequence.superclass.constructor.call(this, params);
+1602     this.hT = "30";
+1603     this.getFreshValueHex = function() {
+1604         var h = '';
+1605         for (var i = 0; i < this.asn1Array.length; i++) {
+1606             var asn1Obj = this.asn1Array[i];
+1607             h += asn1Obj.getEncodedHex();
+1608         }
+1609         this.hV = h;
+1610         return this.hV;
+1611     };
+1612 };
+1613 YAHOO.lang.extend(KJUR.asn1.DERSequence, KJUR.asn1.DERAbstractStructured);
+1614 
+1615 // ********************************************************************
+1616 /**
+1617  * class for ASN.1 DER Set
+1618  * @name KJUR.asn1.DERSet
+1619  * @class class for ASN.1 DER Set
+1620  * @extends KJUR.asn1.DERAbstractStructured
+1621  * @description
+1622  * <br/>
+1623  * As for argument 'params' for constructor, you can specify one of
+1624  * following properties:
+1625  * <ul>
+1626  * <li>array - specify array of ASN1Object to set elements of content</li>
+1627  * <li>sortflag - flag for sort (default: true). ASN.1 BER is not sorted in 'SET OF'.</li>
+1628  * </ul>
+1629  * NOTE1: 'params' can be omitted.<br/>
+1630  * NOTE2: sortflag is supported since 1.0.5.
+1631  */
+1632 KJUR.asn1.DERSet = function(params) {
+1633     KJUR.asn1.DERSet.superclass.constructor.call(this, params);
+1634     this.hT = "31";
+1635     this.sortFlag = true; // item shall be sorted only in ASN.1 DER
+1636     this.getFreshValueHex = function() {
+1637         var a = new Array();
+1638         for (var i = 0; i < this.asn1Array.length; i++) {
+1639             var asn1Obj = this.asn1Array[i];
+1640             a.push(asn1Obj.getEncodedHex());
+1641         }
+1642         if (this.sortFlag == true) a.sort();
+1643         this.hV = a.join('');
+1644         return this.hV;
+1645     };
+1646 
+1647     if (typeof params != "undefined") {
+1648         if (typeof params.sortflag != "undefined" &&
+1649             params.sortflag == false)
+1650             this.sortFlag = false;
+1651     }
+1652 };
+1653 YAHOO.lang.extend(KJUR.asn1.DERSet, KJUR.asn1.DERAbstractStructured);
+1654 
+1655 // ********************************************************************
+1656 /**
+1657  * class for ASN.1 DER TaggedObject
+1658  * @name KJUR.asn1.DERTaggedObject
+1659  * @class class for ASN.1 DER TaggedObject
+1660  * @extends KJUR.asn1.ASN1Object
+1661  *
+1662  * @description
+1663  * <br/>
+1664  * Parameter 'tagNoNex' is ASN.1 tag(T) value for this object.
+1665  * For example, if you find '[1]' tag in a ASN.1 dump, 
+1666  * 'tagNoHex' will be 'a1'.
+1667  * <br/>
+1668  * As for optional argument 'params' for constructor, you can specify *ANY* of
+1669  * following properties:
+1670  * <ul>
+1671  * <li>tag - specify tag (default is 'a0' which means [0])</li>
+1672  * <li>explicit - specify true if this is explicit tag otherwise false 
+1673  *     (default is 'true').</li>
+1674  * <li>obj - specify ASN1Object which is tagged</li>
+1675  * <li>tage - specify tag with explicit</li>
+1676  * <li>tagi - specify tag with implicit</li>
+1677  * </ul>
+1678  *
+1679  * @example
+1680  * new KJUR.asn1.DERTaggedObject({
+1681  *  tage:'a0', obj: new KJUR.asn1.DERInteger({int: 3}) // explicit
+1682  * }) 
+1683  * new KJUR.asn1.DERTaggedObject({
+1684  *  tagi:'a0', obj: new KJUR.asn1.DERInteger({int: 3}) // implicit
+1685  * }) 
+1686  * new KJUR.asn1.DERTaggedObject({
+1687  *  tag:'a0', explicit: true, obj: new KJUR.asn1.DERInteger({int: 3}) // explicit
+1688  * }) 
+1689  *
+1690  * // to hexadecimal
+1691  * d1 = new KJUR.asn1.DERUTF8String({str':'a'})
+1692  * d2 = new KJUR.asn1.DERTaggedObject({'obj': d1});
+1693  * hex = d2.getEncodedHex();
+1694  */
+1695 KJUR.asn1.DERTaggedObject = function(params) {
+1696     KJUR.asn1.DERTaggedObject.superclass.constructor.call(this);
+1697 
+1698     var _KJUR_asn1 = KJUR.asn1;
+1699 
+1700     this.hT = "a0";
+1701     this.hV = '';
+1702     this.isExplicit = true;
+1703     this.asn1Object = null;
+1704 
+1705     /**
+1706      * set value by an ASN1Object
+1707      * @name setString
+1708      * @memberOf KJUR.asn1.DERTaggedObject#
+1709      * @function
+1710      * @param {Boolean} isExplicitFlag flag for explicit/implicit tag
+1711      * @param {Integer} tagNoHex hexadecimal string of ASN.1 tag
+1712      * @param {ASN1Object} asn1Object ASN.1 to encapsulate
+1713      */
+1714     this.setASN1Object = function(isExplicitFlag, tagNoHex, asn1Object) {
+1715         this.hT = tagNoHex;
+1716         this.isExplicit = isExplicitFlag;
+1717         this.asn1Object = asn1Object;
+1718         if (this.isExplicit) {
+1719             this.hV = this.asn1Object.getEncodedHex();
+1720             this.hTLV = null;
+1721             this.isModified = true;
+1722         } else {
+1723             this.hV = null;
+1724             this.hTLV = asn1Object.getEncodedHex();
+1725             this.hTLV = this.hTLV.replace(/^../, tagNoHex);
+1726             this.isModified = false;
+1727         }
+1728     };
+1729 
+1730     this.getFreshValueHex = function() {
+1731         return this.hV;
+1732     };
+1733 
+1734     this.setByParam = function(params) {
+1735         if (params.tag != undefined) {
+1736             this.hT = params.tag;
+1737         }
+1738         if (params.explicit != undefined) {
+1739             this.isExplicit = params.explicit;
+1740         }
+1741 	if (params.tage != undefined) {
+1742 	    this.hT = params.tage;
+1743             this.isExplicit = true;
+1744 	}
+1745 	if (params.tagi != undefined) {
+1746 	    this.hT = params.tagi;
+1747             this.isExplicit = false;
+1748 	}
+1749         if (params.obj != undefined) {
+1750 	    if (params.obj instanceof _KJUR_asn1.ASN1Object) {
+1751 		this.asn1Object = params.obj;
+1752 		this.setASN1Object(this.isExplicit, this.hT, this.asn1Object);
+1753 	    } else if (typeof params.obj == "object") {
+1754 		this.asn1Object = _KJUR_asn1.ASN1Util.newObject(params.obj);
+1755 		this.setASN1Object(this.isExplicit, this.hT, this.asn1Object);
+1756 	    }
+1757         }
 1758     };
 1759 
-1760     this.setByParam = function(params) {
-1761         if (params.tag != undefined) {
-1762             this.hT = params.tag;
-1763         }
-1764         if (params.explicit != undefined) {
-1765             this.isExplicit = params.explicit;
-1766         }
-1767 	if (params.tage != undefined) {
-1768 	    this.hT = params.tage;
-1769             this.isExplicit = true;
-1770 	}
-1771 	if (params.tagi != undefined) {
-1772 	    this.hT = params.tagi;
-1773             this.isExplicit = false;
-1774 	}
-1775         if (params.obj != undefined) {
-1776 	    if (params.obj instanceof _KJUR_asn1.ASN1Object) {
-1777 		this.asn1Object = params.obj;
-1778 		this.setASN1Object(this.isExplicit, this.hT, this.asn1Object);
-1779 	    } else if (typeof params.obj == "object") {
-1780 		this.asn1Object = _KJUR_asn1.ASN1Util.newObject(params.obj);
-1781 		this.setASN1Object(this.isExplicit, this.hT, this.asn1Object);
-1782 	    }
-1783         }
-1784     };
-1785 
-1786     if (params != undefined) this.setByParam(params);
-1787 };
-1788 YAHOO.lang.extend(KJUR.asn1.DERTaggedObject, KJUR.asn1.ASN1Object);
-1789 
    
\ No newline at end of file
+1760         if (params != undefined) this.setByParam(params);
+1761 };
+1762 YAHOO.lang.extend(KJUR.asn1.DERTaggedObject, KJUR.asn1.ASN1Object);
+1763
    \ No newline at end of file diff --git a/api/symbols/src/asn1cms-1.0.js.html b/api/symbols/src/asn1cms-1.0.js.html index ea5486ac..93553492 100644 --- a/api/symbols/src/asn1cms-1.0.js.html +++ b/api/symbols/src/asn1cms-1.0.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
      1 /* asn1cms-2.0.0.js (c) 2013-2020 Kenji Urushima | kjur.github.io/jsrsasign/license
+	
      1 /* asn1cms-2.0.1.js (c) 2013-2020 Kenji Urushima | kjur.github.io/jsrsasign/license
   2  */
   3 /*
   4  * asn1cms.js - ASN.1 DER encoder and verifier classes for Cryptographic Message Syntax(CMS)
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1cms-1.0.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 10.0.0 asn1cms 2.0.0 (2020-Sep-22)
+ 19  * @version jsrsasign 10.1.0 asn1cms 2.0.1 (2020-Nov-18)
  20  * @since jsrsasign 4.2.4
  21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -867,7 +867,7 @@
 860  * @example
 861  * // specify by X500Name and DERInteger
 862  * o = new KJUR.asn1.cms.IssuerAndSerialNumber(
-863  *      {issuer: {str: '/C=US/O=T1'}, serial {int: 3}});
+863  *      {issuer: {str: '/C=US/O=T1'}, serial: {int: 3}});
 864  * // specify by PEM certificate
 865  * o = new KJUR.asn1.cms.IssuerAndSerialNumber({cert: certPEM});
 866  * o = new KJUR.asn1.cms.IssuerAndSerialNumber(certPEM); // since 1.0.3
@@ -2246,4 +2246,818 @@
 2239     
 2240     return result;
 2241 };
-2242 
    
\ No newline at end of file
+2242 
+2243     /**
+2244  * class for parsing CMS SignedData<br/>
+2245  * @name KJUR.asn1.cms.CMSParser
+2246  * @class CMS SignedData parser class
+2247  * @since jsrsasign 10.1.0 asn1cms 2.0.1
+2248  *
+2249  * @description
+2250  * This is an ASN.1 parser for CMS SignedData defined in
+2251  * <a href="https://tools.ietf.org/html/rfc5652">RFC 5652
+2252  * Cryptographic Message Syntax (CMS)</a>.
+2253  * <pre>
+2254  * ContentInfo ::= SEQUENCE {
+2255  *    contentType ContentType,
+2256  *    content [0] EXPLICIT ANY DEFINED BY contentType }
+2257  * ContentType ::= OBJECT IDENTIFIER
+2258  * SignedData ::= SEQUENCE {
+2259  *    version CMSVersion,
+2260  *    digestAlgorithms DigestAlgorithmIdentifiers,
+2261  *    encapContentInfo EncapsulatedContentInfo,
+2262  *    certificates [0] IMPLICIT CertificateSet OPTIONAL,
+2263  *    crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
+2264  *    signerInfos SignerInfos }
+2265  * SignerInfos ::= SET OF SignerInfo
+2266  * CertificateSet ::= SET OF CertificateChoices
+2267  * DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
+2268  * CertificateSet ::= SET OF CertificateChoices
+2269  * RevocationInfoChoices ::= SET OF RevocationInfoChoice
+2270  * </pre>
+2271  */
+2272 KJUR.asn1.cms.CMSParser = function() {
+2273     var _Error = Error,
+2274 	_X509 = X509,
+2275 	_x509obj = new _X509(),
+2276 	_ASN1HEX = ASN1HEX,
+2277 	_getV = _ASN1HEX.getV,
+2278 	_getTLV = _ASN1HEX.getTLV,
+2279 	_getIdxbyList = _ASN1HEX.getIdxbyList,
+2280 	_getTLVbyList = _ASN1HEX.getTLVbyList,
+2281 	_getTLVbyListEx = _ASN1HEX.getTLVbyListEx,
+2282 	_getVbyList = _ASN1HEX.getVbyList,
+2283 	_getChildIdx = _ASN1HEX.getChildIdx;
+2284 
+2285     /**
+2286      * parse ASN.1 ContentInfo with SignedData<br/>
+2287      * @name getCMSSignedData
+2288      * @memberOf KJUR.asn1.cms.CMSParser#
+2289      * @function
+2290      * @param {String} h hexadecimal string of ASN.1 ContentInfo with SignedData
+2291      * @return {Array} array of JSON object of SignedData parameter
+2292      * @see KJUR.asn1.cms.SignedData
+2293      * @see KJUR.asn1.cms.CMSParser#getSignedData
+2294      *
+2295      * @description
+2296      * This method parses ASN.1 ContentInfo with SignedData defined in 
+2297      * RFC 5652 
+2298      * <a href="https://tools.ietf.org/html/rfc5652#section-3">section 3</a>
+2299      * and 
+2300      * <a href="https://tools.ietf.org/html/rfc5652#section-5">section 5</a>.
+2301      * The result parameter can be passed to
+2302      * {@link KJUR.asn1.cms.SignedData} constructor.
+2303      * 
+2304      * @example
+2305      * parser = new KJUR.asn1.cms.CMSParser();
+2306      * parser.getCMSSignedData("30...") →
+2307      * {
+2308      *   version: 1,
+2309      *   hashalgs: ["sha1"],
+2310      *   econtent: {
+2311      *     type: "data",
+2312      *     content: {hex:"616161"}
+2313      *   },
+2314      *   certs: [PEM1,...],
+2315      *   sinfos: [{
+2316      *     version: 1,
+2317      *     id: {type:'isssn',issuer:{str:'/C=US/O=T1'},serial:{int: 1}},
+2318      *     hashalg: "sha1",
+2319      *     sattrs: {array: [{
+2320      *       attr: "contentType",
+2321      *       type: '1.2.840.113549.1.7.1'
+2322      *     },{
+2323      *       attr: "messageDigest",
+2324      *       hex: 'abcd'
+2325      *     }]},
+2326      *     sigalg: "SHA1withRSA",
+2327      *     sighex: "1234abcd..."
+2328      *   }]
+2329      * }
+2330      */
+2331     this.getCMSSignedData = function(h) {
+2332 	var hSignedData = _getTLVbyList(h, 0, [1, 0]);
+2333 	var pResult = this.getSignedData(hSignedData);
+2334 	return pResult;
+2335     };
+2336 
+2337     /**
+2338      * parse ASN.1 SignedData<br/>
+2339      * @name getSignedData
+2340      * @memberOf KJUR.asn1.cms.CMSParser#
+2341      * @function
+2342      * @param {String} h hexadecimal string of ASN.1 SignedData
+2343      * @return {Array} array of JSON object of SignedData parameter
+2344      * @see KJUR.asn1.cms.SignedData
+2345      * @see KJUR.asn1.cms.CMSParser#getSignedData
+2346      *
+2347      * @description
+2348      * This method parses ASN.1 SignedData defined in 
+2349      * RFC 5652 
+2350      * <a href="https://tools.ietf.org/html/rfc5652#section-5">section 5</a>.
+2351      * The result parameter can be passed to
+2352      * {@link KJUR.asn1.cms.SignedData} constructor.
+2353      * 
+2354      * @example
+2355      * parser = new KJUR.asn1.cms.CMSParser();
+2356      * parser.getSignedData("30...")
+2357      */
+2358     this.getSignedData = function(h) {
+2359 	var aIdx = _getChildIdx(h, 0);
+2360 	var pResult = {};
+2361 
+2362 	var hVersion = _getV(h, aIdx[0]);
+2363 	var iVersion = parseInt(hVersion, 16);
+2364 	pResult.version = iVersion;
+2365 	
+2366 	var hHashAlgs = _getTLV(h, aIdx[1]);
+2367 	pResult.hashalgs = this.getHashAlgArray(hHashAlgs);
+2368 
+2369 	var hEContent = _getTLV(h, aIdx[2]);
+2370 	pResult.econtent = this.getEContent(hEContent);
+2371 
+2372 	var hCerts = _getTLVbyListEx(h, 0, ["[0]"]);
+2373 	if (hCerts != null) {
+2374 	    pResult.certs = this.getCertificateSet(hCerts);
+2375 	}
+2376 
+2377 	// RevocationInfoChoices not supported yet
+2378 	var hRevInfos = _getTLVbyListEx(h, 0, ["[1]"]);
+2379 	if (hRevInfos != null) {
+2380 	}
+2381 
+2382 	var hSignerInfos = _getTLVbyListEx(h, 0, [3]);
+2383 	pResult.sinfos = this.getSignerInfos(hSignerInfos);
+2384 
+2385 	return pResult;
+2386     };
+2387 
+2388     /**
+2389      * parse ASN.1 DigestAlgorithmIdentifiers<br/>
+2390      * @name getHashAlgArray
+2391      * @memberOf KJUR.asn1.cms.CMSParser#
+2392      * @function
+2393      * @param {String} h hexadecimal string of ASN.1 DigestAlgorithmIdentifiers
+2394      * @return {Array} array of JSON object of digest algorithm names
+2395      * @see KJUR.asn1.cms.SignedData
+2396      * @see KJUR.asn1.cms.CMSParser#getSignedData
+2397      *
+2398      * @description
+2399      * This method parses ASN.1 SignedData defined in 
+2400      * RFC 5652 
+2401      * <a href="https://tools.ietf.org/html/rfc5652#section-5.1">
+2402      * section 5.1</a>.
+2403      * 
+2404      * @example
+2405      * parser = new KJUR.asn1.cms.CMSParser();
+2406      * parser.getHashAlgArray("30...") → ["sha256"]
+2407      */
+2408     this.getHashAlgArray = function(h) {
+2409 	var aIdx = _getChildIdx(h, 0);
+2410 	var x = new _X509();
+2411 	var a = [];
+2412 	for (var i = 0; i < aIdx.length; i++) {
+2413 	    var hAlg = _getTLV(h, aIdx[i]);
+2414 	    var sAlg = x.getAlgorithmIdentifierName(hAlg);
+2415 	    a.push(sAlg);
+2416 	}
+2417 	return a;
+2418     };
+2419 
+2420     /**
+2421      * parse ASN.1 EncapsulatedContentInfo<br/>
+2422      * @name getEContent
+2423      * @memberOf KJUR.asn1.cms.CMSParser#
+2424      * @function
+2425      * @param {String} h hexadecimal string of ASN.1 EncapsulatedContentInfo
+2426      * @return {Array} array of JSON object of EncapsulatedContentInfo parameter
+2427      * @see KJUR.asn1.cms.EncapsulatedContentInfo
+2428      * @see KJUR.asn1.cms.CMSParser#getSignedData
+2429      *
+2430      * @description
+2431      * This method parses ASN.1 SignedData defined in 
+2432      * RFC 5652 
+2433      * <a href="https://tools.ietf.org/html/rfc5652#section-5.1">
+2434      * section 5</a>.
+2435      * The result parameter can be passed to
+2436      * {@link KJUR.asn1.cms.EncapsulatedContentInfo} constructor.
+2437      * 
+2438      * @example
+2439      * parser = new KJUR.asn1.cms.CMSParser();
+2440      * parser.getEContent("30...") →
+2441      * {type: "tstinfo", content: {hex: "30..."}}
+2442      */
+2443     this.getEContent = function(h) {
+2444 	var pResult = {};
+2445 	var hType = _getVbyList(h, 0, [0]);
+2446 	var hContent = _getVbyList(h, 0, [1, 0]);
+2447 	pResult.type = KJUR.asn1.x509.OID.oid2name(ASN1HEX.hextooidstr(hType));
+2448 	pResult.content = {hex: hContent};
+2449 	return pResult;
+2450     };
+2451 
+2452     /**
+2453      * parse ASN.1 SignerInfos<br/>
+2454      * @name getSignerInfos
+2455      * @memberOf KJUR.asn1.cms.CMSParser#
+2456      * @function
+2457      * @param {String} h hexadecimal string of ASN.1 SignerInfos
+2458      * @return {Array} array of JSON object of SignerInfos parameter
+2459      * @see KJUR.asn1.cms.SignerInfos
+2460      * @see KJUR.asn1.cms.CMSParser#getSignedData
+2461      *
+2462      * @description
+2463      * This method parses ASN.1 SignerInfos defined in 
+2464      * RFC 5652 
+2465      * <a href="https://tools.ietf.org/html/rfc5652#section-5.1">
+2466      * section 5</a>.
+2467      * 
+2468      * @example
+2469      * parser = new KJUR.asn1.cms.CMSParser();
+2470      * parser.getSignerInfos("30...") →
+2471      * [{
+2472      *   version: 1,
+2473      *   id: {type: 'isssn', issuer: {str: '/C=US/O=T1'}, serial: {int: 1}},
+2474      *   hashalg: "sha1",
+2475      *   sattrs: {array: [{
+2476      *     attr: "contentType",
+2477      *     type: '1.2.840.113549.1.7.1'
+2478      *   },{
+2479      *     attr: "messageDigest",
+2480      *     hex: 'a1a2a3a4a5a6a7a8a9a0a1a2a3a4a5a6a7a8a9a0'
+2481      *   }]},
+2482      *   sigalg: "SHA1withRSA",
+2483      *   sighex: 'b1b2b...'
+2484      * }]
+2485      */
+2486     this.getSignerInfos = function(h) {
+2487 	var aResult = [];
+2488 
+2489 	var aIdx = _getChildIdx(h, 0);
+2490 	for (var i = 0; i < aIdx.length; i++) {
+2491 	    var hSignerInfo = _getTLV(h, aIdx[i]);
+2492 	    var pSignerInfo = this.getSignerInfo(hSignerInfo);
+2493 	    aResult.push(pSignerInfo);
+2494 	}
+2495 
+2496 	return aResult;
+2497     };
+2498 
+2499     /**
+2500      * parse ASN.1 SignerInfo<br/>
+2501      * @name getSignerInfo
+2502      * @memberOf KJUR.asn1.cms.CMSParser#
+2503      * @function
+2504      * @param {String} h hexadecimal string of ASN.1 SignerInfo
+2505      * @return {Array} array of JSON object of SignerInfo parameter
+2506      * @see KJUR.asn1.cms.SignerInfo
+2507      * @see KJUR.asn1.cms.CMSParser#getSignedData
+2508      *
+2509      * @description
+2510      * This method parses ASN.1 SignerInfos defined in 
+2511      * RFC 5652 
+2512      * <a href="https://tools.ietf.org/html/rfc5652#section-5.1">
+2513      * section 5</a>.
+2514      * <pre>
+2515      * SignerInfo ::= SEQUENCE {
+2516      *    version CMSVersion,
+2517      *    sid SignerIdentifier,
+2518      *    digestAlgorithm DigestAlgorithmIdentifier,
+2519      *    signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
+2520      *    signatureAlgorithm SignatureAlgorithmIdentifier,
+2521      *    signature SignatureValue,
+2522      *    unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
+2523      * </pre>
+2524      * The result parameter can be passed to
+2525      * {@link KJUR.asn1.cms.SignerInfo} constructor.
+2526      * 
+2527      * @example
+2528      * parser = new KJUR.asn1.cms.CMSParser();
+2529      * parser.getSignerInfos("30...") →
+2530      * [{
+2531      *   version: 1,
+2532      *   id: {type: 'isssn', issuer: {str: '/C=US/O=T1'}, serial: {int: 1}},
+2533      *   hashalg: "sha1",
+2534      *   sattrs: {array: [{
+2535      *     attr: "contentType",
+2536      *     type: '1.2.840.113549.1.7.1'
+2537      *   },{
+2538      *     attr: "messageDigest",
+2539      *     hex: 'a1a2a3a4a5a6a7a8a9a0a1a2a3a4a5a6a7a8a9a0'
+2540      *   }]},
+2541      *   sigalg: "SHA1withRSA",
+2542      *   sighex: 'b1b2b...'
+2543      * }]
+2544      */
+2545     this.getSignerInfo = function(h) {
+2546 	var pResult = {};
+2547 	var aIdx = _getChildIdx(h, 0);
+2548 
+2549 	var iVersion = _ASN1HEX.getInt(h, aIdx[0], -1);
+2550 	if (iVersion != -1) pResult.version = iVersion;
+2551 
+2552 	var hSI = _getTLV(h, aIdx[1]);
+2553 	var pSI = this.getIssuerAndSerialNumber(hSI);
+2554 	pResult.id = pSI;
+2555 
+2556 	var hAlg = _getTLV(h, aIdx[2]);
+2557 	//alert(hAlg);
+2558 	var sAlg = _x509obj.getAlgorithmIdentifierName(hAlg);
+2559 	pResult.hashalg = sAlg;
+2560 
+2561 	var hSattrs = _getTLVbyListEx(h, 0, ["[0]"]);
+2562 	if (hSattrs != null) {
+2563 	    var aSattrs = this.getAttributeArray(hSattrs);
+2564 	    pResult.sattrs = aSattrs;
+2565 	}
+2566 
+2567 	var hSigAlg = _getTLVbyListEx(h, 0, [3]);
+2568 	var sSigAlg = _x509obj.getAlgorithmIdentifierName(hSigAlg);
+2569 	pResult.sigalg = sSigAlg;
+2570 
+2571 	var hSigHex = _getTLVbyListEx(h, 0, [4]);
+2572 	pResult.sighex = hSigHex;
+2573 
+2574 	var hUattrs = _getTLVbyListEx(h, 0, ["[1]"]);
+2575 	if (hUattrs != null) {
+2576 	    var aUattrs = this.getAttributeArray(hUattrs);
+2577 	    pResult.uattrs = aUattrs;
+2578 	}
+2579 
+2580 	return pResult;
+2581     };
+2582 
+2583     /**
+2584      * parse ASN.1 SignerIdentifier<br/>
+2585      * @name getSignerIdentifier
+2586      * @memberOf KJUR.asn1.cms.CMSParser#
+2587      * @function
+2588      * @param {String} h hexadecimal string of ASN.1 SignerIdentifier
+2589      * @return {Array} array of JSON object of SignerIdentifier parameter
+2590      * @see KJUR.asn1.cms.SignerInfo
+2591      * @see KJUR.asn1.cms.SignerIdentifier
+2592      * @see KJUR.asn1.cms.CMSParser#getSignedData
+2593      *
+2594      * @description
+2595      * This method parses ASN.1 SignerIdentifier defined in 
+2596      * RFC 5652 
+2597      * <a href="https://tools.ietf.org/html/rfc5652#section-5.1">
+2598      * section 5</a>.
+2599      * 
+2600      * @example
+2601      * parser = new KJUR.asn1.cms.CMSParser();
+2602      * parser.getSignerIdentifier("30...") →
+2603      * { type: "isssn",
+2604      *   issuer: {
+2605      *     array: [[{type:"C",value:"JP",ds:"prn"},...]]
+2606      *     str: '/C=US/O=T1'
+2607      *   },
+2608      *   serial: {int: 1} }
+2609      */
+2610     this.getSignerIdentifier = function(h) {
+2611 	if (h.substr(0, 2) == "30") {
+2612 	    return this.getIssuerAndSerialNumber(h);
+2613 	} else {
+2614 	    throw new Error("SKID of signerIdentifier not supported");
+2615 	}
+2616     };
+2617 
+2618     /**
+2619      * parse ASN.1 IssuerAndSerialNumber<br/>
+2620      * @name getIssuerAndSerialNumber
+2621      * @memberOf KJUR.asn1.cms.CMSParser#
+2622      * @function
+2623      * @param {String} h hexadecimal string of ASN.1 IssuerAndSerialNumber
+2624      * @return {Array} array of JSON object of IssuerAndSerialNumber parameter
+2625      * @see KJUR.asn1.cms.SignerInfo
+2626      * @see KJUR.asn1.cms.CMSParser#getSignedData
+2627      *
+2628      * @description
+2629      * This method parses ASN.1 IssuerAndSerialNumber defined in 
+2630      * RFC 5652 
+2631      * <a href="https://tools.ietf.org/html/rfc5652#section-5.1">
+2632      * section 5</a>.
+2633      * 
+2634      * @example
+2635      * parser = new KJUR.asn1.cms.CMSParser();
+2636      * parser.getIssuerAndSerialNumber("30...") →
+2637      * { type: "isssn",
+2638      *   issuer: {
+2639      *     array: [[{type:"C",value:"JP",ds:"prn"},...]]
+2640      *     str: '/C=US/O=T1'
+2641      *   },
+2642      *   serial: {int: 1} }
+2643      */
+2644     this.getIssuerAndSerialNumber = function(h) {
+2645 	var pResult = {type: "isssn"};
+2646 
+2647 	var aIdx = _getChildIdx(h, 0);
+2648 
+2649 	var hName = _getTLV(h, aIdx[0]);
+2650 	pResult.issuer = _x509obj.getX500Name(hName);
+2651 
+2652 	var hSerial = _getV(h, aIdx[1]);
+2653 	pResult.serial = {hex: hSerial};
+2654 
+2655 	return pResult;
+2656     };
+2657 
+2658     /**
+2659      * parse ASN.1 SET OF Attributes<br/>
+2660      * @name getAttributeArray
+2661      * @memberOf KJUR.asn1.cms.CMSParser#
+2662      * @function
+2663      * @param {String} h hexadecimal string of ASN.1 SET OF Attribute
+2664      * @return {Array} array of JSON object of Attribute parameter
+2665      * @see KJUR.asn1.cms.SignerInfo
+2666      * @see KJUR.asn1.cms.CMSParser#getAttribute
+2667      *
+2668      * @description
+2669      * This method parses ASN.1 SET OF Attribute defined in 
+2670      * RFC 5652 
+2671      * <a href="https://tools.ietf.org/html/rfc5652#section-5.1">
+2672      * section 5</a>.
+2673      * This can be used for SignedAttributes and UnsignedAttributes.
+2674      * 
+2675      * @example
+2676      * parser = new KJUR.asn1.cms.CMSParser();
+2677      * parser.getAttributeArray("30...") →
+2678      * [{attr: "contentType", type: "tstinfo"},
+2679      *  {attr: "messageDigest", hex: "1234abcd..."}]
+2680      */
+2681     this.getAttributeArray = function(h) {
+2682 	var aResult = [];
+2683 
+2684 	var aIdx = _getChildIdx(h, 0);
+2685 	for (var i = 0; i < aIdx.length; i++) {
+2686 	    var hAttr = _getTLV(h, aIdx[i]);
+2687 	    var pAttr = this.getAttribute(hAttr);
+2688 	    aResult.push(pAttr);
+2689 	}
+2690 
+2691 	return aResult;
+2692     };
+2693 
+2694     /**
+2695      * parse ASN.1 Attributes<br/>
+2696      * @name getAttribute
+2697      * @memberOf KJUR.asn1.cms.CMSParser#
+2698      * @function
+2699      * @param {String} h hexadecimal string of ASN.1 Attribute
+2700      * @return {Array} array of JSON object of Attribute parameter
+2701      * @see KJUR.asn1.cms.SignerInfo
+2702      * @see KJUR.asn1.cms.CMSParser#getAttributeArray
+2703      *
+2704      * @description
+2705      * This method parses ASN.1 Attribute defined in 
+2706      * RFC 5652 
+2707      * <a href="https://tools.ietf.org/html/rfc5652#section-5.1">
+2708      * section 5</a>.
+2709      * Following attribute type are supported in the
+2710      * latest version:
+2711      * <ul>
+2712      * <li>contentType</li>
+2713      * <li>messageDigest</li>
+2714      * <li>signingTime</li>
+2715      * <li>signingCertificate</li>
+2716      * </ul>
+2717      * 
+2718      * @example
+2719      * parser = new KJUR.asn1.cms.CMSParser();
+2720      * parser.getAttribute("30...") →
+2721      * {attr: "contentType", type: "tstinfo"}
+2722      */
+2723     this.getAttribute = function(h) {
+2724 	var pResult = {};
+2725 	var aIdx = _getChildIdx(h, 0);
+2726 
+2727 	var attrTypeOID = _ASN1HEX.getOID(h, aIdx[0]);
+2728 	var attrType = KJUR.asn1.x509.OID.oid2name(attrTypeOID);
+2729 	pResult.attr = attrType;
+2730 
+2731 	var hSet = _getTLV(h, aIdx[1]);
+2732 	var aSetIdx = _getChildIdx(hSet, 0);
+2733 	if (aSetIdx.length == 1) {
+2734 	    pResult.valhex = _getTLV(hSet, aSetIdx[0]);
+2735 	} else {
+2736 	    var a = [];
+2737 	    for (var i = 0; i < aSetIdx.length; i++) {
+2738 		a.push(_getTLV(hSet, aSetIdx[i]));
+2739 	    }
+2740 	    pResult.valhex = a;
+2741 	}
+2742 
+2743 	if (attrType == "contentType") {
+2744 	    this.setContentType(pResult);
+2745 	} else if (attrType == "messageDigest") {
+2746 	    this.setMessageDigest(pResult);
+2747 	} else if (attrType == "signingTime") {
+2748 	    this.setSigningTime(pResult);
+2749 	} else if (attrType == "signingCertificate") {
+2750 	    this.setSigningCertificate(pResult);
+2751 	}
+2752 
+2753 	return pResult;
+2754     };
+2755 
+2756     /**
+2757      * set ContentType attribute<br/>
+2758      * @name setContentType
+2759      * @memberOf KJUR.asn1.cms.CMSParser#
+2760      * @function
+2761      * @param {Array} pAttr JSON object of attribute parameter
+2762      * @see KJUR.asn1.cms.CMSParser#getAttribute
+2763      *
+2764      * @description
+2765      * This sets an attribute as ContentType defined in
+2766      * RFC 5652 
+2767      * <a href="https://tools.ietf.org/html/rfc5652#section-5.1">
+2768      * section 5</a>.
+2769      *
+2770      * @example
+2771      * parser = new KJUR.asn1.cms.CMSParser();
+2772      * pAttr = {
+2773      *   attr: "contentType"
+2774      *   valhex: '060b2a864886f70d0109100104'
+2775      * };
+2776      * parser.setContentInfo(pAttr);
+2777      * pAttr → {
+2778      *   attr: "contentType"
+2779      *   type: "tstinfo"
+2780      * }
+2781      */
+2782     this.setContentType = function(pAttr) {
+2783 	var contentType = _ASN1HEX.getOIDName(pAttr.valhex, 0, null);
+2784 	if (contentType != null) {
+2785 	    pAttr.type = contentType;
+2786 	    delete pAttr.valhex;
+2787 	}
+2788     };
+2789 
+2790     /**
+2791      * set SigningTime attribute<br/>
+2792      * @name setSigningTime
+2793      * @memberOf KJUR.asn1.cms.CMSParser#
+2794      * @function
+2795      * @param {Array} pAttr JSON object of attribute parameter
+2796      * @see KJUR.asn1.cms.CMSParser#getAttribute
+2797      *
+2798      * @description
+2799      * This sets an attribute as SigningTime defined in
+2800      * RFC 5652 
+2801      * <a href="https://tools.ietf.org/html/rfc5652#section-5.1">
+2802      * section 5</a>.
+2803      *
+2804      * @example
+2805      * parser = new KJUR.asn1.cms.CMSParser();
+2806      * pAttr = {
+2807      *   attr: "signingTime"
+2808      *   valhex: '170d3230313233313233353935395a'
+2809      * };
+2810      * parser.setSigningTime(pAttr);
+2811      * pAttr → {
+2812      *   attr: "signingTime",
+2813      *   str: "2012315959Z"
+2814      * }
+2815      */
+2816     this.setSigningTime = function(pAttr) {
+2817 	var hSigningTime = _getV(pAttr.valhex, 0);
+2818 	var signingTime = hextoutf8(hSigningTime);
+2819 	pAttr.str = signingTime;
+2820 	delete pAttr.valhex;
+2821     };
+2822 
+2823     /**
+2824      * set MessageDigest attribute<br/>
+2825      * @name setMessageDigest
+2826      * @memberOf KJUR.asn1.cms.CMSParser#
+2827      * @function
+2828      * @param {Array} pAttr JSON object of attribute parameter
+2829      * @see KJUR.asn1.cms.CMSParser#getAttribute
+2830      *
+2831      * @description
+2832      * This sets an attribute as SigningTime defined in
+2833      * RFC 5652 
+2834      * <a href="https://tools.ietf.org/html/rfc5652#section-5.1">
+2835      * section 5</a>.
+2836      *
+2837      * @example
+2838      * parser = new KJUR.asn1.cms.CMSParser();
+2839      * pAttr = {
+2840      *   attr: "messageDigest"
+2841      *   valhex: '0403123456'
+2842      * };
+2843      * parser.setMessageDigest(pAttr);
+2844      * pAttr → {
+2845      *   attr: "messageDigest",
+2846      *   hex: "123456"
+2847      * }
+2848      */
+2849     this.setMessageDigest = function(pAttr) {
+2850 	var hMD = _getV(pAttr.valhex, 0);
+2851 	pAttr.hex = hMD;
+2852 	delete pAttr.valhex;
+2853     };
+2854 
+2855     /**
+2856      * set SigningCertificate attribute<br/>
+2857      * @name setSigningCertificate
+2858      * @memberOf KJUR.asn1.cms.CMSParser#
+2859      * @function
+2860      * @param {Array} pAttr JSON object of attribute parameter
+2861      * @see KJUR.asn1.cms.CMSParser#getAttribute
+2862      *
+2863      * @description
+2864      * This sets an attribute as SigningCertificate defined in
+2865      * <a href="https://tools.ietf.org/html/rfc5035#section-5">
+2866      * RFC 5035 section 5</a>.
+2867      *
+2868      * @example
+2869      * parser = new KJUR.asn1.cms.CMSParser();
+2870      * pAttr = {
+2871      *   attr: "signingCertificate"
+2872      *   valhex: '...'
+2873      * };
+2874      * parser.setSigningCertificate(pAttr);
+2875      * pAttr → {
+2876      *   attr: "signingCertificate",
+2877      *   array: [{
+2878      *     hash: "123456...",
+2879      *     issuer: {
+2880      *       array: [[{type:"C",value:"JP",ds:"prn"},...]],
+2881      *       str: "/C=JP/O=T1"
+2882      *     },
+2883      *     serial: {hex: "123456..."}
+2884      *   }]
+2885      * }
+2886      */
+2887     this.setSigningCertificate = function(pAttr) {
+2888 	var aIdx = _getChildIdx(pAttr.valhex, 0);
+2889 	if (aIdx.length > 0) {
+2890 	    var hCerts = _getTLV(pAttr.valhex, aIdx[0]);
+2891 	    var aCertIdx = _getChildIdx(hCerts, 0);
+2892 	    var a = [];
+2893 	    for (var i = 0; i < aCertIdx.length; i++) {
+2894 		var hESSCertID = _getTLV(hCerts, aCertIdx[i]);
+2895 		var pESSCertID = this.getESSCertID(hESSCertID);
+2896 		a.push(pESSCertID);
+2897 	    }
+2898 	    pAttr.array = a;
+2899 	}
+2900 
+2901 	if (aIdx.length > 1) {
+2902 	    var hPolicies = _getTLV(pAttr.valhex, aIdx[1]);
+2903 	    pAttr.polhex = hPolicies;
+2904 	}
+2905 	delete pAttr.valhex;
+2906     };
+2907 
+2908     /**
+2909      * parse ASN.1 ESSCertID<br/>
+2910      * @name getESSCertID
+2911      * @memberOf KJUR.asn1.cms.CMSParser#
+2912      * @function
+2913      * @param {String} h hexadecimal string of ASN.1 ESSCertID
+2914      * @return {Array} array of JSON object of ESSCertID parameter
+2915      * @see KJUR.asn1.cms.ESSCertID
+2916      *
+2917      * @description
+2918      * This method parses ASN.1 ESSCertID defined in 
+2919      * <a href="https://tools.ietf.org/html/rfc5035#section-6">
+2920      * RFC 5035 section 6</a>.
+2921      * <pre>
+2922      * ESSCertID ::= SEQUENCE {
+2923      *    certHash Hash,
+2924      *    issuerSerial IssuerSerial OPTIONAL }
+2925      * IssuerSerial ::= SEQUENCE {
+2926      *    issuer GeneralNames,
+2927      *    serialNumber CertificateSerialNumber }
+2928      * </pre>
+2929      * 
+2930      * @example
+2931      * parser = new KJUR.asn1.cms.CMSParser();
+2932      * parser.getESSCertID("30...") →
+2933      * { hash: "12ab...",
+2934      *   issuer: {
+2935      *     array: [[{type:"C",value:"JP",ds:"prn"}],...],
+2936      *     str: "/C=JP/O=T1"
+2937      *   },
+2938      *   serial: {hex: "12ab..."} }
+2939      */
+2940     this.getESSCertID = function(h) {
+2941 	var pResult = {};
+2942 	var aIdx = _getChildIdx(h, 0);
+2943 
+2944 	if (aIdx.length > 0) {
+2945 	    var hCertHash = _getV(h, aIdx[0]);
+2946 	    pResult.hash = hCertHash;
+2947 	}
+2948 
+2949 	if (aIdx.length > 1) {
+2950 	    var hIssuerSerial = _getTLV(h, aIdx[1]);
+2951 	    var pIssuerSerial = 
+2952 		this.getIssuerSerial(hIssuerSerial);
+2953 
+2954 	    if (pIssuerSerial.serial != undefined)
+2955 		pResult.serial = pIssuerSerial.serial;
+2956 
+2957 	    if (pIssuerSerial.issuer != undefined)
+2958 		pResult.issuer = pIssuerSerial.issuer;
+2959 	}
+2960 
+2961 	return pResult;
+2962     };
+2963 
+2964     /**
+2965      * parse ASN.1 IssuerSerial<br/>
+2966      * @name getIssuerSerial
+2967      * @memberOf KJUR.asn1.cms.CMSParser#
+2968      * @function
+2969      * @param {String} h hexadecimal string of ASN.1 IssuerSerial
+2970      * @return {Array} array of JSON object of IssuerSerial parameter
+2971      * @see KJUR.asn1.cms.IssuerSerial
+2972      * @see KJUR.asn1.x509.X500Name
+2973      *
+2974      * @description
+2975      * This method parses ASN.1 IssuerSerial defined in 
+2976      * <a href="https://tools.ietf.org/html/rfc5035#section-6">
+2977      * RFC 5035 section 6</a>.
+2978      * <pre>
+2979      * IssuerSerial ::= SEQUENCE {
+2980      *    issuer GeneralNames,
+2981      *    serialNumber CertificateSerialNumber }
+2982      * </pre>
+2983      * 
+2984      * @example
+2985      * parser = new KJUR.asn1.cms.CMSParser();
+2986      * parser.getIssuerSerial("30...") →
+2987      * { issuer: {
+2988      *     array: [[{type:"C",value:"JP",ds:"prn"}],...],
+2989      *     str: "/C=JP/O=T1",
+2990      *   },
+2991      *   serial: {hex: "12ab..."} }
+2992      */
+2993     this.getIssuerSerial = function(h) {
+2994 	var pResult = {};
+2995 	var aIdx = _getChildIdx(h, 0);
+2996 
+2997 	var hIssuer = _getTLV(h, aIdx[0]);
+2998 	var pIssuerGN = _x509obj.getGeneralNames(hIssuer);
+2999 	var pIssuerName = pIssuerGN[0].dn;
+3000 	pResult.issuer = pIssuerName;
+3001 
+3002 	var hSerial = _getV(h, aIdx[1]);
+3003 	pResult.serial = {hex: hSerial};
+3004 
+3005 	return pResult;
+3006     };
+3007 
+3008     /**
+3009      * parse ASN.1 CertificateSet<br/>
+3010      * @name getCertificateSet
+3011      * @memberOf KJUR.asn1.cms.CMSParser#
+3012      * @function
+3013      * @param {String} h hexadecimal string of ASN.1 CertificateSet
+3014      * @return {Array} array of JSON object of CertificateSet parameter
+3015      * @see KJUR.asn1.cms.CertificateSet
+3016      *
+3017      * @description
+3018      * This method parses ASN.1 IssuerSerial defined in 
+3019      * <a href="https://tools.ietf.org/html/rfc5652#section-10.2.3">
+3020      * RFC 5652 CMS section 10.2.3</a> and 
+3021      * <a href="https://tools.ietf.org/html/rfc5652#section-10.2.2">
+3022      * section 10.2.2</a>.
+3023      * <pre>
+3024      * CertificateSet ::= SET OF CertificateChoices
+3025      * CertificateChoices ::= CHOICE {
+3026      *   certificate Certificate,
+3027      *   extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
+3028      *   v1AttrCert [1] IMPLICIT AttributeCertificateV1,       -- Obsolete
+3029      *   v2AttrCert [2] IMPLICIT AttributeCertificateV2,
+3030      *   other [3] IMPLICIT OtherCertificateFormat }
+3031      * OtherCertificateFormat ::= SEQUENCE {
+3032      *   otherCertFormat OBJECT IDENTIFIER,
+3033      *   otherCert ANY DEFINED BY otherCertFormat }
+3034      * </pre>
+3035      * Currently only "certificate" is supported in
+3036      * CertificateChoices.
+3037      * 
+3038      * @example
+3039      * parser = new KJUR.asn1.cms.CMSParser();
+3040      * parser.getCertificateSet("a0...") →
+3041      * [ "-----BEGIN CERTIFICATE...", ... ]
+3042      */
+3043     this.getCertificateSet = function(h) {
+3044 	var aIdx = _getChildIdx(h, 0);
+3045 	var  a = [];
+3046 	for (var i = 0; i < aIdx.length; i++) {
+3047 	    var hCert = _getTLV(h, aIdx[i]);
+3048 	    if (hCert.substr(0, 2) == "30") {
+3049 		var pem = hextopem(hCert, "CERTIFICATE");
+3050 		a.push(pem);
+3051 	    }
+3052 	}
+3053 	return a;
+3054     };
+3055 };
+3056
    \ No newline at end of file diff --git a/api/symbols/src/asn1csr-1.0.js.html b/api/symbols/src/asn1csr-1.0.js.html index f5047e92..8ad6fbb8 100644 --- a/api/symbols/src/asn1csr-1.0.js.html +++ b/api/symbols/src/asn1csr-1.0.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
      1 /* asn1csr-2.0.2.js (c) 2015-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
      1 /* asn1csr-2.0.3.js (c) 2015-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * asn1csr.js - ASN.1 DER encoder classes for PKCS#10 CSR
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1csr-1.0.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 9.1.1 asn1csr 2.0.2 (2020-Aug-26)
+ 19  * @version jsrsasign 10.1.0 asn1csr 2.0.3 (2020-Nov-18)
  20  * @since jsrsasign 4.9.0
  21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -455,35 +455,37 @@
 448 
 449     try {
 450 	var hSubject = _getTLVbyListEx(hex, 0, [0, 1]);
-451 	var x = new X509();
-452 	result.subject = {};
-453 	result.subject.array = x.getX500Name(hSubject);
-454 	result.subject.str = X509.hex2dn(hSubject);
-455     } catch (ex) {};
-456 
-457     var hPubKey = _getTLVbyListEx(hex, 0, [0, 2]);
-458     var pubkeyobj = KEYUTIL.getKey(hPubKey, null, "pkcs8pub");
-459     result.sbjpubkey = KEYUTIL.getPEM(pubkeyobj, "PKCS8PUB");
-460 
-461     var hExtReqSeq = _getExtReqSeqHex(hex);
-462     var x = new X509();
-463     if (hExtReqSeq != null) {
-464 	result.extreq = x.getExtParamArray(hExtReqSeq);
-465     }
-466 
-467     try {
-468 	var hSigAlg = _getTLVbyListEx(hex, 0, [1], "30");
-469 	var x = new X509();
-470 	result.sigalg = x.getAlgorithmIdentifierName(hSigAlg);
-471     } catch (ex) {};
-472 
-473     try {
-474 	var hSig = _getVbyListEx(hex, 0, [2]);
-475 	result.sighex = hSig;
-476     } catch (ex) {};
-477 
-478     return result;
-479 };
-480 
-481 
-482 
    
\ No newline at end of file
+451     	if (hSubject == "3000") {
+452 	    result.subject = {};
+453 	} else {
+454 	    var x = new X509();
+455 	    result.subject = x.getX500Name(hSubject);
+456 	}
+457     } catch (ex) {};
+458 
+459     var hPubKey = _getTLVbyListEx(hex, 0, [0, 2]);
+460     var pubkeyobj = KEYUTIL.getKey(hPubKey, null, "pkcs8pub");
+461     result.sbjpubkey = KEYUTIL.getPEM(pubkeyobj, "PKCS8PUB");
+462 
+463     var hExtReqSeq = _getExtReqSeqHex(hex);
+464     var x = new X509();
+465     if (hExtReqSeq != null) {
+466 	result.extreq = x.getExtParamArray(hExtReqSeq);
+467     }
+468 
+469     try {
+470 	var hSigAlg = _getTLVbyListEx(hex, 0, [1], "30");
+471 	var x = new X509();
+472 	result.sigalg = x.getAlgorithmIdentifierName(hSigAlg);
+473     } catch (ex) {};
+474 
+475     try {
+476 	var hSig = _getVbyListEx(hex, 0, [2]);
+477 	result.sighex = hSig;
+478     } catch (ex) {};
+479 
+480     return result;
+481 };
+482 
+483 
+484
    \ No newline at end of file diff --git a/api/symbols/src/asn1hex-1.1.js.html b/api/symbols/src/asn1hex-1.1.js.html index 7d1f377c..c3911a80 100644 --- a/api/symbols/src/asn1hex-1.1.js.html +++ b/api/symbols/src/asn1hex-1.1.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
      1 /* asn1hex-1.2.6.js (c) 2012-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
      1 /* asn1hex-1.2.7.js (c) 2012-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * asn1hex.js - Hexadecimal represented ASN.1 string library
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1hex-1.1.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 9.1.6 asn1hex 1.2.6 (2020-Sep-04)
+ 19  * @version jsrsasign 10.1.0 asn1hex 1.2.7 (2020-Nov-18)
  20  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  21  */
  22 
@@ -598,513 +598,596 @@
 591 };
 592 
 593 /**
-594  * get OID string from hexadecimal encoded value<br/>
-595  * @name hextooidstr
+594  * get integer value from ASN.1 V(value)<br/>
+595  * @name getInt
 596  * @memberOf ASN1HEX
 597  * @function
-598  * @param {String} hex hexadecmal string of ASN.1 DER encoded OID value
-599  * @return {String} OID string (ex. '1.2.3.4.567')
-600  * @since asn1hex 1.1.5
-601  * @see {@link KJUR.asn1.ASN1Util.oidIntToHex}
-602  * @description
-603  * This static method converts from ASN.1 DER encoded 
-604  * hexadecimal object identifier value to dot concatinated OID value.
-605  * {@link KJUR.asn1.ASN1Util.oidIntToHex} is a reverse function of this.
-606  * @example
-607  * ASN1HEX.hextooidstr("550406") → "2.5.4.6"
-608  */
-609 ASN1HEX.hextooidstr = function(hex) {
-610     var zeroPadding = function(s, len) {
-611         if (s.length >= len) return s;
-612         return new Array(len - s.length + 1).join('0') + s;
-613     };
-614 
-615     var a = [];
-616 
-617     // a[0], a[1]
-618     var hex0 = hex.substr(0, 2);
-619     var i0 = parseInt(hex0, 16);
-620     a[0] = new String(Math.floor(i0 / 40));
-621     a[1] = new String(i0 % 40);
-622 
-623     // a[2]..a[n]
-624    var hex1 = hex.substr(2);
-625     var b = [];
-626     for (var i = 0; i < hex1.length / 2; i++) {
-627     b.push(parseInt(hex1.substr(i * 2, 2), 16));
-628     }
-629     var c = [];
-630     var cbin = "";
-631     for (var i = 0; i < b.length; i++) {
-632         if (b[i] & 0x80) {
-633             cbin = cbin + zeroPadding((b[i] & 0x7f).toString(2), 7);
-634         } else {
-635             cbin = cbin + zeroPadding((b[i] & 0x7f).toString(2), 7);
-636             c.push(new String(parseInt(cbin, 2)));
-637             cbin = "";
-638         }
-639     }
-640 
-641     var s = a.join(".");
-642     if (c.length > 0) s = s + "." + c.join(".");
-643     return s;
-644 };
-645 
-646 /**
-647  * get string of simple ASN.1 dump from hexadecimal ASN.1 data<br/>
-648  * @name dump
-649  * @memberOf ASN1HEX
-650  * @function
-651  * @param {Object} hexOrObj hexadecmal string of ASN.1 data or ASN1Object object
-652  * @param {Array} flags associative array of flags for dump (OPTION)
-653  * @param {Number} idx string index for starting dump (OPTION)
-654  * @param {String} indent indent string (OPTION)
-655  * @return {String} string of simple ASN.1 dump
-656  * @since jsrsasign 4.8.3 asn1hex 1.1.6
-657  * @description
-658  * This method will get an ASN.1 dump from
-659  * hexadecmal string of ASN.1 DER encoded data.
-660  * Here are features:
-661  * <ul>
-662  * <li>ommit long hexadecimal string</li>
-663  * <li>dump encapsulated OCTET STRING (good for X.509v3 extensions)</li>
-664  * <li>structured/primitive context specific tag support (i.e. [0], [3] ...)</li>
-665  * <li>automatic decode for implicit primitive context specific tag 
-666  * (good for X.509v3 extension value)
-667  *   <ul>
-668  *   <li>if hex starts '68747470'(i.e. http) it is decoded as utf8 encoded string.</li>
-669  *   <li>if it is in 'subjectAltName' extension value and is '[2]'(dNSName) tag
-670  *   value will be encoded as utf8 string</li>
-671  *   <li>otherwise it shows as hexadecimal string</li>
-672  *   </ul>
-673  * </li>
-674  * </ul>
-675  * NOTE1: Argument {@link KJUR.asn1.ASN1Object} object is supported since
-676  * jsrsasign 6.2.4 asn1hex 1.0.8
-677  * @example
-678  * // 1) ASN.1 INTEGER
-679  * ASN1HEX.dump('0203012345')
-680  * ↓
-681  * INTEGER 012345
-682  *
-683  * // 2) ASN.1 Object Identifier
-684  * ASN1HEX.dump('06052b0e03021a')
-685  * ↓
-686  * ObjectIdentifier sha1 (1 3 14 3 2 26)
-687  *
-688  * // 3) ASN.1 SEQUENCE
-689  * ASN1HEX.dump('3006020101020102')
-690  * ↓
-691  * SEQUENCE
-692  *   INTEGER 01
-693  *   INTEGER 02
-694  *
-695  * // 4) ASN.1 SEQUENCE since jsrsasign 6.2.4
-696  * o = KJUR.asn1.ASN1Util.newObject({seq: [{int: 1}, {int: 2}]});
-697  * ASN1HEX.dump(o)
-698  * ↓
-699  * SEQUENCE
-700  *   INTEGER 01
-701  *   INTEGER 02
-702  * // 5) ASN.1 DUMP FOR X.509 CERTIFICATE
-703  * ASN1HEX.dump(pemtohex(certPEM))
-704  * ↓
-705  * SEQUENCE
-706  *   SEQUENCE
-707  *     [0]
-708  *       INTEGER 02
-709  *     INTEGER 0c009310d206dbe337553580118ddc87
-710  *     SEQUENCE
-711  *       ObjectIdentifier SHA256withRSA (1 2 840 113549 1 1 11)
-712  *       NULL
-713  *     SEQUENCE
-714  *       SET
-715  *         SEQUENCE
-716  *           ObjectIdentifier countryName (2 5 4 6)
-717  *           PrintableString 'US'
-718  *             :
-719  */
-720 ASN1HEX.dump = function(hexOrObj, flags, idx, indent) {
-721     var _ASN1HEX = ASN1HEX;
-722     var _getV = _ASN1HEX.getV;
-723     var _dump = _ASN1HEX.dump;
-724     var _getChildIdx = _ASN1HEX.getChildIdx;
-725 
-726     var hex = hexOrObj;
-727     if (hexOrObj instanceof KJUR.asn1.ASN1Object)
-728 	hex = hexOrObj.getEncodedHex();
-729 
-730     var _skipLongHex = function(hex, limitNumOctet) {
-731 	if (hex.length <= limitNumOctet * 2) {
-732 	    return hex;
-733 	} else {
-734 	    var s = hex.substr(0, limitNumOctet) + 
-735 		    "..(total " + hex.length / 2 + "bytes).." +
-736 		    hex.substr(hex.length - limitNumOctet, limitNumOctet);
-737 	    return s;
-738 	};
-739     };
-740 
-741     if (flags === undefined) flags = { "ommit_long_octet": 32 };
-742     if (idx === undefined) idx = 0;
-743     if (indent === undefined) indent = "";
-744     var skipLongHex = flags.ommit_long_octet;
-745 
-746     var tag = hex.substr(idx, 2);
-747 
-748     if (tag == "01") {
-749 	var v = _getV(hex, idx);
-750 	if (v == "00") {
-751 	    return indent + "BOOLEAN FALSE\n";
-752 	} else {
-753 	    return indent + "BOOLEAN TRUE\n";
-754 	}
-755     }
-756     if (tag == "02") {
-757 	var v = _getV(hex, idx);
-758         return indent + "INTEGER " + _skipLongHex(v, skipLongHex) + "\n";
-759     }
-760     if (tag == "03") {
-761 	var v = _getV(hex, idx);
-762 	if (_ASN1HEX.isASN1HEX(v.substr(2))) {
-763   	    var s = indent + "BITSTRING, encapsulates\n";
-764             s = s + _dump(v.substr(2), flags, 0, indent + "  ");
-765             return s;
-766 	} else {
-767             return indent + "BITSTRING " + _skipLongHex(v, skipLongHex) + "\n";
-768 	}
-769     }
-770     if (tag == "04") {
-771 	var v = _getV(hex, idx);
-772 	if (_ASN1HEX.isASN1HEX(v)) {
-773 	    var s = indent + "OCTETSTRING, encapsulates\n";
-774 	    s = s + _dump(v, flags, 0, indent + "  ");
-775 	    return s;
-776 	} else {
-777 	    return indent + "OCTETSTRING " + _skipLongHex(v, skipLongHex) + "\n";
-778 	}
-779     }
-780     if (tag == "05") {
-781 	return indent + "NULL\n";
-782     }
-783     if (tag == "06") {
-784 	var hV = _getV(hex, idx);
-785         var oidDot = KJUR.asn1.ASN1Util.oidHexToInt(hV);
-786         var oidName = KJUR.asn1.x509.OID.oid2name(oidDot);
-787 	var oidSpc = oidDot.replace(/\./g, ' ');
-788         if (oidName != '') {
-789   	    return indent + "ObjectIdentifier " + oidName + " (" + oidSpc + ")\n";
-790 	} else {
-791   	    return indent + "ObjectIdentifier (" + oidSpc + ")\n";
-792 	}
-793     }
-794     if (tag == "0a") {
-795 	return indent + "ENUMERATED " + parseInt(_getV(hex, idx)) + "\n";
-796     }
-797     if (tag == "0c") {
-798 	return indent + "UTF8String '" + hextoutf8(_getV(hex, idx)) + "'\n";
-799     }
-800     if (tag == "13") {
-801 	return indent + "PrintableString '" + hextoutf8(_getV(hex, idx)) + "'\n";
-802     }
-803     if (tag == "14") {
-804 	return indent + "TeletexString '" + hextoutf8(_getV(hex, idx)) + "'\n";
-805     }
-806     if (tag == "16") {
-807 	return indent + "IA5String '" + hextoutf8(_getV(hex, idx)) + "'\n";
-808     }
-809     if (tag == "17") {
-810 	return indent + "UTCTime " + hextoutf8(_getV(hex, idx)) + "\n";
-811     }
-812     if (tag == "18") {
-813 	return indent + "GeneralizedTime " + hextoutf8(_getV(hex, idx)) + "\n";
-814     }
-815     if (tag == "1a") {
-816 	return indent + "VisualString '" + hextoutf8(_getV(hex, idx)) + "'\n";
-817     }
-818     if (tag == "1e") {
-819 	return indent + "BMPString '" + hextoutf8(_getV(hex, idx)) + "'\n";
-820     }
-821     if (tag == "30") {
-822 	if (hex.substr(idx, 4) == "3000") {
-823 	    return indent + "SEQUENCE {}\n";
-824 	}
-825 
-826 	var s = indent + "SEQUENCE\n";
-827 	var aIdx = _getChildIdx(hex, idx);
+598  * @param {String} h hexadecimal string
+599  * @param {Number} idx string index in h to get ASN.1 DER Integer
+600  * @param {Object} errorReturn (OPTION) error return value (DEFAULT: -1)
+601  * @return {Number} DER Integer value
+602  * @since jsrsasign 10.1.0 asn1hex 1.2.7
+603  *
+604  * @example
+605  * ASN1HEX.getInt("xxxx020103xxxxxx", 4) &rarr 3
+606  */
+607 ASN1HEX.getInt = function(h, idx, errorReturn) {
+608     if (errorReturn == undefined) errorReturn = -1;
+609     try {
+610 	if (h.substr(idx, 2) != "02") return errorReturn;
+611 	var hV = ASN1HEX.getV(h, idx);
+612 	return parseInt(hV, 16);
+613     } catch(ex) {
+614 	return errorReturn;
+615     }
+616 };
+617 
+618 /**
+619  * get object identifier string from ASN.1 V(value)<br/>
+620  * @name getOID
+621  * @memberOf ASN1HEX
+622  * @function
+623  * @param {String} h hexadecimal string
+624  * @param {Number} idx string index in h to get ASN.1 DER ObjectIdentifier
+625  * @param {Object} errorReturn (OPTION) error return value (DEFAULT: null)
+626  * @return {String} object identifier string (ex. "1.2.3.4")
+627  * @since jsrsasign 10.1.0 asn1hex 1.2.7
+628  *
+629  * @example
+630  * ASN1HEX.getInt("xxxx06032a0304xxxxxx", 4) &rarr "1.2.3.4"
+631  */
+632 ASN1HEX.getOID = function(h, idx, errorReturn) {
+633     if (errorReturn == undefined) errorReturn = null;
+634     try {
+635 	if (h.substr(idx, 2) != "06") return errorReturn;
+636 	var hOID = ASN1HEX.getV(h, idx);
+637 	return hextooid(hOID);
+638     } catch(ex) {
+639 	return errorReturn;
+640     }
+641 };
+642 
+643 /**
+644  * get object identifier name from ASN.1 V(value)<br/>
+645  * @name getOIDName
+646  * @memberOf ASN1HEX
+647  * @function
+648  * @param {String} h hexadecimal string
+649  * @param {Number} idx string index in h to get ASN.1 DER ObjectIdentifier
+650  * @param {Object} errorReturn (OPTION) error return value (DEFAULT: null)
+651  * @return {String} object identifier name (ex. "sha256") oir OID string
+652  * @since jsrsasign 10.1.0 asn1hex 1.2.7
+653  *
+654  * @description
+655  * This static method returns object identifier name such as "sha256"
+656  * if registered. If not registered, it returns OID string. 
+657  * (ex. "1.2.3.4")
+658  *
+659  * @example
+660  * ASN1HEX.getOIDName("xxxx0609608648016503040201xxxxxx", 4) &rarr "sha256"
+661  * ASN1HEX.getOIDName("xxxx06032a0304xxxxxx", 4) &rarr "1.2.3.4"
+662  */
+663 ASN1HEX.getOIDName = function(h, idx, errorReturn) {
+664     if (errorReturn == undefined) errorReturn = null;
+665     try {
+666 	var oid = ASN1HEX.getOID(h, idx, errorReturn);
+667 	if (oid == errorReturn) return errorReturn;
+668 	var name = KJUR.asn1.x509.OID.oid2name(oid);
+669 	if (name == '') return oid;
+670 	return name;
+671     } catch(ex) {
+672 	return errorReturn;
+673     }
+674 };
+675 
+676 /**
+677  * get OID string from hexadecimal encoded value<br/>
+678  * @name hextooidstr
+679  * @memberOf ASN1HEX
+680  * @function
+681  * @param {String} hex hexadecmal string of ASN.1 DER encoded OID value
+682  * @return {String} OID string (ex. '1.2.3.4.567')
+683  * @since asn1hex 1.1.5
+684  * @see {@link KJUR.asn1.ASN1Util.oidIntToHex}
+685  * @description
+686  * This static method converts from ASN.1 DER encoded 
+687  * hexadecimal object identifier value to dot concatinated OID value.
+688  * {@link KJUR.asn1.ASN1Util.oidIntToHex} is a reverse function of this.
+689  * @example
+690  * ASN1HEX.hextooidstr("550406") → "2.5.4.6"
+691  */
+692 ASN1HEX.hextooidstr = function(hex) {
+693     var zeroPadding = function(s, len) {
+694         if (s.length >= len) return s;
+695         return new Array(len - s.length + 1).join('0') + s;
+696     };
+697 
+698     var a = [];
+699 
+700     // a[0], a[1]
+701     var hex0 = hex.substr(0, 2);
+702     var i0 = parseInt(hex0, 16);
+703     a[0] = new String(Math.floor(i0 / 40));
+704     a[1] = new String(i0 % 40);
+705 
+706     // a[2]..a[n]
+707    var hex1 = hex.substr(2);
+708     var b = [];
+709     for (var i = 0; i < hex1.length / 2; i++) {
+710     b.push(parseInt(hex1.substr(i * 2, 2), 16));
+711     }
+712     var c = [];
+713     var cbin = "";
+714     for (var i = 0; i < b.length; i++) {
+715         if (b[i] & 0x80) {
+716             cbin = cbin + zeroPadding((b[i] & 0x7f).toString(2), 7);
+717         } else {
+718             cbin = cbin + zeroPadding((b[i] & 0x7f).toString(2), 7);
+719             c.push(new String(parseInt(cbin, 2)));
+720             cbin = "";
+721         }
+722     }
+723 
+724     var s = a.join(".");
+725     if (c.length > 0) s = s + "." + c.join(".");
+726     return s;
+727 };
+728 
+729 /**
+730  * get string of simple ASN.1 dump from hexadecimal ASN.1 data<br/>
+731  * @name dump
+732  * @memberOf ASN1HEX
+733  * @function
+734  * @param {Object} hexOrObj hexadecmal string of ASN.1 data or ASN1Object object
+735  * @param {Array} flags associative array of flags for dump (OPTION)
+736  * @param {Number} idx string index for starting dump (OPTION)
+737  * @param {String} indent indent string (OPTION)
+738  * @return {String} string of simple ASN.1 dump
+739  * @since jsrsasign 4.8.3 asn1hex 1.1.6
+740  * @description
+741  * This method will get an ASN.1 dump from
+742  * hexadecmal string of ASN.1 DER encoded data.
+743  * Here are features:
+744  * <ul>
+745  * <li>ommit long hexadecimal string</li>
+746  * <li>dump encapsulated OCTET STRING (good for X.509v3 extensions)</li>
+747  * <li>structured/primitive context specific tag support (i.e. [0], [3] ...)</li>
+748  * <li>automatic decode for implicit primitive context specific tag 
+749  * (good for X.509v3 extension value)
+750  *   <ul>
+751  *   <li>if hex starts '68747470'(i.e. http) it is decoded as utf8 encoded string.</li>
+752  *   <li>if it is in 'subjectAltName' extension value and is '[2]'(dNSName) tag
+753  *   value will be encoded as utf8 string</li>
+754  *   <li>otherwise it shows as hexadecimal string</li>
+755  *   </ul>
+756  * </li>
+757  * </ul>
+758  * NOTE1: Argument {@link KJUR.asn1.ASN1Object} object is supported since
+759  * jsrsasign 6.2.4 asn1hex 1.0.8
+760  * @example
+761  * // 1) ASN.1 INTEGER
+762  * ASN1HEX.dump('0203012345')
+763  * ↓
+764  * INTEGER 012345
+765  *
+766  * // 2) ASN.1 Object Identifier
+767  * ASN1HEX.dump('06052b0e03021a')
+768  * ↓
+769  * ObjectIdentifier sha1 (1 3 14 3 2 26)
+770  *
+771  * // 3) ASN.1 SEQUENCE
+772  * ASN1HEX.dump('3006020101020102')
+773  * ↓
+774  * SEQUENCE
+775  *   INTEGER 01
+776  *   INTEGER 02
+777  *
+778  * // 4) ASN.1 SEQUENCE since jsrsasign 6.2.4
+779  * o = KJUR.asn1.ASN1Util.newObject({seq: [{int: 1}, {int: 2}]});
+780  * ASN1HEX.dump(o)
+781  * ↓
+782  * SEQUENCE
+783  *   INTEGER 01
+784  *   INTEGER 02
+785  * // 5) ASN.1 DUMP FOR X.509 CERTIFICATE
+786  * ASN1HEX.dump(pemtohex(certPEM))
+787  * ↓
+788  * SEQUENCE
+789  *   SEQUENCE
+790  *     [0]
+791  *       INTEGER 02
+792  *     INTEGER 0c009310d206dbe337553580118ddc87
+793  *     SEQUENCE
+794  *       ObjectIdentifier SHA256withRSA (1 2 840 113549 1 1 11)
+795  *       NULL
+796  *     SEQUENCE
+797  *       SET
+798  *         SEQUENCE
+799  *           ObjectIdentifier countryName (2 5 4 6)
+800  *           PrintableString 'US'
+801  *             :
+802  */
+803 ASN1HEX.dump = function(hexOrObj, flags, idx, indent) {
+804     var _ASN1HEX = ASN1HEX;
+805     var _getV = _ASN1HEX.getV;
+806     var _dump = _ASN1HEX.dump;
+807     var _getChildIdx = _ASN1HEX.getChildIdx;
+808 
+809     var hex = hexOrObj;
+810     if (hexOrObj instanceof KJUR.asn1.ASN1Object)
+811 	hex = hexOrObj.getEncodedHex();
+812 
+813     var _skipLongHex = function(hex, limitNumOctet) {
+814 	if (hex.length <= limitNumOctet * 2) {
+815 	    return hex;
+816 	} else {
+817 	    var s = hex.substr(0, limitNumOctet) + 
+818 		    "..(total " + hex.length / 2 + "bytes).." +
+819 		    hex.substr(hex.length - limitNumOctet, limitNumOctet);
+820 	    return s;
+821 	};
+822     };
+823 
+824     if (flags === undefined) flags = { "ommit_long_octet": 32 };
+825     if (idx === undefined) idx = 0;
+826     if (indent === undefined) indent = "";
+827     var skipLongHex = flags.ommit_long_octet;
 828 
-829 	var flagsTemp = flags;
-830 	
-831 	if ((aIdx.length == 2 || aIdx.length == 3) &&
-832 	    hex.substr(aIdx[0], 2) == "06" &&
-833 	    hex.substr(aIdx[aIdx.length - 1], 2) == "04") { // supposed X.509v3 extension
-834 	    var oidName = _ASN1HEX.oidname(_getV(hex, aIdx[0]));
-835 	    var flagsClone = JSON.parse(JSON.stringify(flags));
-836 	    flagsClone.x509ExtName = oidName;
-837 	    flagsTemp = flagsClone;
-838 	}
-839 	
-840 	for (var i = 0; i < aIdx.length; i++) {
-841 	    s = s + _dump(hex, flagsTemp, aIdx[i], indent + "  ");
-842 	}
-843 	return s;
-844     }
-845     if (tag == "31") {
-846 	var s = indent + "SET\n";
-847 	var aIdx = _getChildIdx(hex, idx);
-848 	for (var i = 0; i < aIdx.length; i++) {
-849 	    s = s + _dump(hex, flags, aIdx[i], indent + "  ");
-850 	}
-851 	return s;
+829     var tag = hex.substr(idx, 2);
+830 
+831     if (tag == "01") {
+832 	var v = _getV(hex, idx);
+833 	if (v == "00") {
+834 	    return indent + "BOOLEAN FALSE\n";
+835 	} else {
+836 	    return indent + "BOOLEAN TRUE\n";
+837 	}
+838     }
+839     if (tag == "02") {
+840 	var v = _getV(hex, idx);
+841         return indent + "INTEGER " + _skipLongHex(v, skipLongHex) + "\n";
+842     }
+843     if (tag == "03") {
+844 	var v = _getV(hex, idx);
+845 	if (_ASN1HEX.isASN1HEX(v.substr(2))) {
+846   	    var s = indent + "BITSTRING, encapsulates\n";
+847             s = s + _dump(v.substr(2), flags, 0, indent + "  ");
+848             return s;
+849 	} else {
+850             return indent + "BITSTRING " + _skipLongHex(v, skipLongHex) + "\n";
+851 	}
 852     }
-853     var tag = parseInt(tag, 16);
-854     if ((tag & 128) != 0) { // context specific 
-855 	var tagNumber = tag & 31;
-856 	if ((tag & 32) != 0) { // structured tag
-857 	    var s = indent + "[" + tagNumber + "]\n";
-858 	    var aIdx = _getChildIdx(hex, idx);
-859 	    for (var i = 0; i < aIdx.length; i++) {
-860 		s = s + _dump(hex, flags, aIdx[i], indent + "  ");
-861 	    }
-862 	    return s;
-863 	} else { // primitive tag
-864 	    var v = _getV(hex, idx);
-865 	    if (ASN1HEX.isASN1HEX(v)) {
-866 		var s = indent + "[" + tagNumber + "]\n";
-867 		s = s + _dump(v, flags, 0, indent + "  ");
-868 		return s;
-869 	    } else if (v.substr(0, 8) == "68747470") { // http
-870 		v = hextoutf8(v);
-871 	    } else if (flags.x509ExtName === "subjectAltName" &&
-872 		       tagNumber == 2) {
-873 		v = hextoutf8(v);
-874 	    }
-875 	    // else if (ASN1HEX.isASN1HEX(v))
-876 
-877 	    var s = indent + "[" + tagNumber + "] " + v + "\n";
-878 	    return s;
-879 	}
-880     }
-881     return indent + "UNKNOWN(" + tag + ") " + 
-882 	   _getV(hex, idx) + "\n";
-883 };
-884 
-885 /**
-886  * check if a hexadecimal tag is a specified ASN.1 context specific tag
-887  * @name isContextTag
-888  * @memberOf ASN1HEX
-889  * @function
-890  * @param {hTag} hex string of a hexadecimal ASN.1 tag consists by two characters (e.x. "a0")
-891  * @param {sTag} context specific tag in string represention (OPTION) (e.x. "[0]")
-892  * @return {Boolean} true if hTag is a ASN.1 context specific tag specified by sTag value.
-893  * @since jsrsasign 8.0.21 asn1hex 1.2.2
-894  * @description
-895  * This method checks if a hexadecimal tag is a specified ASN.1 context specific tag.
-896  * Structured and non-structured type of tag have the same string representation
-897  * of context specific tag. For example tag "a0" and "80" have the same string
-898  * representation "[0]".
-899  * The sTag has a range from from "[0]" to "[31]".
-900  * @example
-901  * ASN1HEX.isContextTag('a0', '[0]') → true // structured
-902  * ASN1HEX.isContextTag('a1', '[1]') → true // structured
-903  * ASN1HEX.isContextTag('a2', '[2]') → true // structured
-904  * ASN1HEX.isContextTag('80', '[0]') → true // non structured
-905  * ASN1HEX.isContextTag('81', '[1]') → true // non structured
-906  * ASN1HEX.isContextTag('82', '[2]') → true // non structured
-907  * ASN1HEX.isContextTag('a0', '[3]') → false
-908  * ASN1HEX.isContextTag('80', '[15]') → false
-909  *
-910  * ASN.1 tag bits
-911  * 12345679
-912  * ++        tag class(universal:00, context specific:10)
-913  *   +       structured:1, primitive:0
-914  *    +++++  tag number (0 - 31)
-915  */
-916 ASN1HEX.isContextTag = function(hTag, sTag) {
-917     hTag = hTag.toLowerCase();
-918     var ihtag, istag;
-919 
-920     try {
-921 	ihtag = parseInt(hTag, 16);
-922     } catch (ex) {
-923 	return -1;
-924     }
-925 	
-926     if (sTag === undefined) {
-927 	if ((ihtag & 192) == 128) {
-928 	    return true;
-929 	} else {
-930 	    return false;
-931 	}
-932     }
-933 
-934     try {
-935 	var result = sTag.match(/^\[[0-9]+\]$/);
-936 	if (result == null) return false;
-937 	istag = parseInt(sTag.substr(1,sTag.length - 1), 10);
-938 	if (istag > 31) return false;
-939 	if (((ihtag & 192) == 128) &&   // ihtag & b11000000 == b10000000
-940 	    ((ihtag & 31) == istag)) {  // ihtag & b00011111 == istag (0-31)
-941 	    return true;
-942 	}
-943 	return false;
-944     } catch (ex) {
-945 	return false;
-946     }
-947 };
-948 
-949 /**
-950  * simple ASN.1 DER hexadecimal string checker
-951  * @name isASN1HEX
-952  * @memberOf ASN1HEX
-953  * @function
-954  * @param {String} hex string to check whether it is hexadecmal string for ASN.1 DER or not
-955  * @return {Boolean} true if it is hexadecimal string of ASN.1 data otherwise false
-956  * @since jsrsasign 4.8.3 asn1hex 1.1.6
-957  * @description
-958  * This method checks wheather the argument 'hex' is a hexadecimal string of
-959  * ASN.1 data or not.
-960  * @example
-961  * ASN1HEX.isASN1HEX('0203012345') → true // PROPER ASN.1 INTEGER
-962  * ASN1HEX.isASN1HEX('0203012345ff') → false // TOO LONG VALUE
-963  * ASN1HEX.isASN1HEX('02030123') → false // TOO SHORT VALUE
-964  * ASN1HEX.isASN1HEX('fa3bcd') → false // WRONG FOR ASN.1
-965  */
-966 ASN1HEX.isASN1HEX = function(hex) {
-967     var _ASN1HEX = ASN1HEX;
-968     if (hex.length % 2 == 1) return false;
-969 
-970     var intL = _ASN1HEX.getVblen(hex, 0);
-971     var hT = hex.substr(0, 2);
-972     var hL = _ASN1HEX.getL(hex, 0);
-973     var hVLength = hex.length - hT.length - hL.length;
-974     if (hVLength == intL * 2) return true;
-975 
-976     return false;
-977 };
-978 
-979 /**
-980  * strict ASN.1 DER hexadecimal string checker
-981  * @name checkStrictDER
-982  * @memberOf ASN1HEX
-983  * @function
-984  * @param {String} hex string to check whether it is hexadecmal string for ASN.1 DER or not
-985  * @return unspecified
-986  * @since jsrsasign 8.0.19 asn1hex 1.2.1
-987  * @throws Error when malformed ASN.1 DER hexadecimal string
-988  * @description
-989  * This method checks wheather the argument 'hex' is a hexadecimal string of
-990  * ASN.1 data or not. If the argument is not DER string, this 
-991  * raise an exception.
-992  * @example
-993  * ASN1HEX.checkStrictDER('0203012345') → NO EXCEPTION FOR PROPER ASN.1 INTEGER
-994  * ASN1HEX.checkStrictDER('0203012345ff') → RAISE EXCEPTION FOR TOO LONG VALUE
-995  * ASN1HEX.checkStrictDER('02030123') → false RAISE EXCEPITON FOR TOO SHORT VALUE
-996  * ASN1HEX.checkStrictDER('fa3bcd') → false RAISE EXCEPTION FOR WRONG ASN.1
-997  */
-998 ASN1HEX.checkStrictDER = function(h, idx, maxHexLen, maxByteLen, maxLbyteLen) {
-999     var _ASN1HEX = ASN1HEX;
-1000 
-1001     if (maxHexLen === undefined) {
-1002 	// 1. hex string check
-1003 	if (typeof h != "string") throw new Error("not hex string");
-1004 	h = h.toLowerCase();
-1005 	if (! KJUR.lang.String.isHex(h)) throw new Error("not hex string");
-1006 
-1007 	// 2. set max if needed
-1008 	// max length of hexadecimal string
-1009 	maxHexLen = h.length;
-1010 	// max length of octets
-1011 	maxByteLen = h.length / 2;
-1012 	// max length of L octets of TLV
-1013 	if (maxByteLen < 0x80) {
-1014 	    maxLbyteLen = 1;
-1015 	} else {
-1016 	    maxLbyteLen = Math.ceil(maxByteLen.toString(16)) + 1;
-1017 	}
-1018     }
-1019     //console.log(maxHexLen + ":" + maxByteLen + ":" + maxLbyteLen);
-1020 
-1021     // 3. check if L(length) string not exceeds maxLbyteLen
-1022     var hL = _ASN1HEX.getL(h, idx);
-1023     if (hL.length > maxLbyteLen * 2)
-1024 	throw new Error("L of TLV too long: idx=" + idx);
-1025 
-1026     // 4. check if V(value) octet length (i.e. L(length) value) 
-1027     //    not exceeds maxByteLen
-1028     var vblen = _ASN1HEX.getVblen(h, idx);
-1029     if (vblen > maxByteLen) 
-1030 	throw new Error("value of L too long than hex: idx=" + idx);
+853     if (tag == "04") {
+854 	var v = _getV(hex, idx);
+855 	if (_ASN1HEX.isASN1HEX(v)) {
+856 	    var s = indent + "OCTETSTRING, encapsulates\n";
+857 	    s = s + _dump(v, flags, 0, indent + "  ");
+858 	    return s;
+859 	} else {
+860 	    return indent + "OCTETSTRING " + _skipLongHex(v, skipLongHex) + "\n";
+861 	}
+862     }
+863     if (tag == "05") {
+864 	return indent + "NULL\n";
+865     }
+866     if (tag == "06") {
+867 	var hV = _getV(hex, idx);
+868         var oidDot = KJUR.asn1.ASN1Util.oidHexToInt(hV);
+869         var oidName = KJUR.asn1.x509.OID.oid2name(oidDot);
+870 	var oidSpc = oidDot.replace(/\./g, ' ');
+871         if (oidName != '') {
+872   	    return indent + "ObjectIdentifier " + oidName + " (" + oidSpc + ")\n";
+873 	} else {
+874   	    return indent + "ObjectIdentifier (" + oidSpc + ")\n";
+875 	}
+876     }
+877     if (tag == "0a") {
+878 	return indent + "ENUMERATED " + parseInt(_getV(hex, idx)) + "\n";
+879     }
+880     if (tag == "0c") {
+881 	return indent + "UTF8String '" + hextoutf8(_getV(hex, idx)) + "'\n";
+882     }
+883     if (tag == "13") {
+884 	return indent + "PrintableString '" + hextoutf8(_getV(hex, idx)) + "'\n";
+885     }
+886     if (tag == "14") {
+887 	return indent + "TeletexString '" + hextoutf8(_getV(hex, idx)) + "'\n";
+888     }
+889     if (tag == "16") {
+890 	return indent + "IA5String '" + hextoutf8(_getV(hex, idx)) + "'\n";
+891     }
+892     if (tag == "17") {
+893 	return indent + "UTCTime " + hextoutf8(_getV(hex, idx)) + "\n";
+894     }
+895     if (tag == "18") {
+896 	return indent + "GeneralizedTime " + hextoutf8(_getV(hex, idx)) + "\n";
+897     }
+898     if (tag == "1a") {
+899 	return indent + "VisualString '" + hextoutf8(_getV(hex, idx)) + "'\n";
+900     }
+901     if (tag == "1e") {
+902 	return indent + "BMPString '" + hextoutf8(_getV(hex, idx)) + "'\n";
+903     }
+904     if (tag == "30") {
+905 	if (hex.substr(idx, 4) == "3000") {
+906 	    return indent + "SEQUENCE {}\n";
+907 	}
+908 
+909 	var s = indent + "SEQUENCE\n";
+910 	var aIdx = _getChildIdx(hex, idx);
+911 
+912 	var flagsTemp = flags;
+913 	
+914 	if ((aIdx.length == 2 || aIdx.length == 3) &&
+915 	    hex.substr(aIdx[0], 2) == "06" &&
+916 	    hex.substr(aIdx[aIdx.length - 1], 2) == "04") { // supposed X.509v3 extension
+917 	    var oidName = _ASN1HEX.oidname(_getV(hex, aIdx[0]));
+918 	    var flagsClone = JSON.parse(JSON.stringify(flags));
+919 	    flagsClone.x509ExtName = oidName;
+920 	    flagsTemp = flagsClone;
+921 	}
+922 	
+923 	for (var i = 0; i < aIdx.length; i++) {
+924 	    s = s + _dump(hex, flagsTemp, aIdx[i], indent + "  ");
+925 	}
+926 	return s;
+927     }
+928     if (tag == "31") {
+929 	var s = indent + "SET\n";
+930 	var aIdx = _getChildIdx(hex, idx);
+931 	for (var i = 0; i < aIdx.length; i++) {
+932 	    s = s + _dump(hex, flags, aIdx[i], indent + "  ");
+933 	}
+934 	return s;
+935     }
+936     var tag = parseInt(tag, 16);
+937     if ((tag & 128) != 0) { // context specific 
+938 	var tagNumber = tag & 31;
+939 	if ((tag & 32) != 0) { // structured tag
+940 	    var s = indent + "[" + tagNumber + "]\n";
+941 	    var aIdx = _getChildIdx(hex, idx);
+942 	    for (var i = 0; i < aIdx.length; i++) {
+943 		s = s + _dump(hex, flags, aIdx[i], indent + "  ");
+944 	    }
+945 	    return s;
+946 	} else { // primitive tag
+947 	    var v = _getV(hex, idx);
+948 	    if (ASN1HEX.isASN1HEX(v)) {
+949 		var s = indent + "[" + tagNumber + "]\n";
+950 		s = s + _dump(v, flags, 0, indent + "  ");
+951 		return s;
+952 	    } else if (v.substr(0, 8) == "68747470") { // http
+953 		v = hextoutf8(v);
+954 	    } else if (flags.x509ExtName === "subjectAltName" &&
+955 		       tagNumber == 2) {
+956 		v = hextoutf8(v);
+957 	    }
+958 	    // else if (ASN1HEX.isASN1HEX(v))
+959 
+960 	    var s = indent + "[" + tagNumber + "] " + v + "\n";
+961 	    return s;
+962 	}
+963     }
+964     return indent + "UNKNOWN(" + tag + ") " + 
+965 	   _getV(hex, idx) + "\n";
+966 };
+967 
+968 /**
+969  * check if a hexadecimal tag is a specified ASN.1 context specific tag
+970  * @name isContextTag
+971  * @memberOf ASN1HEX
+972  * @function
+973  * @param {hTag} hex string of a hexadecimal ASN.1 tag consists by two characters (e.x. "a0")
+974  * @param {sTag} context specific tag in string represention (OPTION) (e.x. "[0]")
+975  * @return {Boolean} true if hTag is a ASN.1 context specific tag specified by sTag value.
+976  * @since jsrsasign 8.0.21 asn1hex 1.2.2
+977  * @description
+978  * This method checks if a hexadecimal tag is a specified ASN.1 context specific tag.
+979  * Structured and non-structured type of tag have the same string representation
+980  * of context specific tag. For example tag "a0" and "80" have the same string
+981  * representation "[0]".
+982  * The sTag has a range from from "[0]" to "[31]".
+983  * @example
+984  * ASN1HEX.isContextTag('a0', '[0]') → true // structured
+985  * ASN1HEX.isContextTag('a1', '[1]') → true // structured
+986  * ASN1HEX.isContextTag('a2', '[2]') → true // structured
+987  * ASN1HEX.isContextTag('80', '[0]') → true // non structured
+988  * ASN1HEX.isContextTag('81', '[1]') → true // non structured
+989  * ASN1HEX.isContextTag('82', '[2]') → true // non structured
+990  * ASN1HEX.isContextTag('a0', '[3]') → false
+991  * ASN1HEX.isContextTag('80', '[15]') → false
+992  *
+993  * ASN.1 tag bits
+994  * 12345679
+995  * ++        tag class(universal:00, context specific:10)
+996  *   +       structured:1, primitive:0
+997  *    +++++  tag number (0 - 31)
+998  */
+999 ASN1HEX.isContextTag = function(hTag, sTag) {
+1000     hTag = hTag.toLowerCase();
+1001     var ihtag, istag;
+1002 
+1003     try {
+1004 	ihtag = parseInt(hTag, 16);
+1005     } catch (ex) {
+1006 	return -1;
+1007     }
+1008 	
+1009     if (sTag === undefined) {
+1010 	if ((ihtag & 192) == 128) {
+1011 	    return true;
+1012 	} else {
+1013 	    return false;
+1014 	}
+1015     }
+1016 
+1017     try {
+1018 	var result = sTag.match(/^\[[0-9]+\]$/);
+1019 	if (result == null) return false;
+1020 	istag = parseInt(sTag.substr(1,sTag.length - 1), 10);
+1021 	if (istag > 31) return false;
+1022 	if (((ihtag & 192) == 128) &&   // ihtag & b11000000 == b10000000
+1023 	    ((ihtag & 31) == istag)) {  // ihtag & b00011111 == istag (0-31)
+1024 	    return true;
+1025 	}
+1026 	return false;
+1027     } catch (ex) {
+1028 	return false;
+1029     }
+1030 };
 1031 
-1032     // 5. check V string length and L's value are the same
-1033     var hTLV = _ASN1HEX.getTLV(h, idx);
-1034     var hVLength = 
-1035 	hTLV.length - 2 - _ASN1HEX.getL(h, idx).length;
-1036     if (hVLength !== (vblen * 2))
-1037 	throw new Error("V string length and L's value not the same:" +
-1038 		        hVLength + "/" + (vblen * 2));
-1039 
-1040     // 6. check appending garbled string
-1041     if (idx === 0) {
-1042 	if (h.length != hTLV.length)
-1043 	    throw new Error("total length and TLV length unmatch:" +
-1044 			    h.length + "!=" + hTLV.length);
-1045     }
-1046 
-1047     // 7. check if there isn't prepending zeros in DER INTEGER value
-1048     var hT = h.substr(idx, 2);
-1049     if (hT === '02') {
-1050 	var vidx = _ASN1HEX.getVidx(h, idx);
-1051 	// check if DER INTEGER VALUE have least leading zeros 
-1052 	// for two's complement
-1053 	// GOOD - 3fabde... 008fad...
-1054 	// BAD  - 000012... 007fad...
-1055 	if (h.substr(vidx, 2) == "00" && h.charCodeAt(vidx + 2) < 56) // '8'=56
-1056 	    throw new Error("not least zeros for DER INTEGER");
-1057     }
+1032 /**
+1033  * simple ASN.1 DER hexadecimal string checker
+1034  * @name isASN1HEX
+1035  * @memberOf ASN1HEX
+1036  * @function
+1037  * @param {String} hex string to check whether it is hexadecmal string for ASN.1 DER or not
+1038  * @return {Boolean} true if it is hexadecimal string of ASN.1 data otherwise false
+1039  * @since jsrsasign 4.8.3 asn1hex 1.1.6
+1040  * @description
+1041  * This method checks wheather the argument 'hex' is a hexadecimal string of
+1042  * ASN.1 data or not.
+1043  * @example
+1044  * ASN1HEX.isASN1HEX('0203012345') → true // PROPER ASN.1 INTEGER
+1045  * ASN1HEX.isASN1HEX('0203012345ff') → false // TOO LONG VALUE
+1046  * ASN1HEX.isASN1HEX('02030123') → false // TOO SHORT VALUE
+1047  * ASN1HEX.isASN1HEX('fa3bcd') → false // WRONG FOR ASN.1
+1048  */
+1049 ASN1HEX.isASN1HEX = function(hex) {
+1050     var _ASN1HEX = ASN1HEX;
+1051     if (hex.length % 2 == 1) return false;
+1052 
+1053     var intL = _ASN1HEX.getVblen(hex, 0);
+1054     var hT = hex.substr(0, 2);
+1055     var hL = _ASN1HEX.getL(hex, 0);
+1056     var hVLength = hex.length - hT.length - hL.length;
+1057     if (hVLength == intL * 2) return true;
 1058 
-1059     // 8. check if all of elements in a structured item are conformed to
-1060     //    strict DER encoding rules.
-1061     if (parseInt(hT, 16) & 32) { // structured tag?
-1062 	var intL = _ASN1HEX.getVblen(h, idx);
-1063 	var sum = 0;
-1064 	var aIdx = _ASN1HEX.getChildIdx(h, idx);
-1065 	for (var i = 0; i < aIdx.length; i++) {
-1066 	    var tlv = _ASN1HEX.getTLV(h, aIdx[i]);
-1067 	    sum += tlv.length;
-1068 	    _ASN1HEX.checkStrictDER(h, aIdx[i], 
-1069 				   maxHexLen, maxByteLen, maxLbyteLen);
-1070 	}
-1071 	if ((intL * 2) != sum)
-1072 	    throw new Error("sum of children's TLV length and L unmatch: " +
-1073 			    (intL * 2) + "!=" + sum);
-1074     }
-1075 };
-1076 
-1077 /**
-1078  * get hexacedimal string from PEM format data<br/>
-1079  * @name oidname
-1080  * @memberOf ASN1HEX
-1081  * @function
-1082  * @param {String} oidDotOrHex number dot notation(i.e. 1.2.3) or hexadecimal string for OID
-1083  * @return {String} name for OID
-1084  * @since jsrsasign 7.2.0 asn1hex 1.1.11
-1085  * @description
-1086  * This static method gets a OID name for
-1087  * a specified string of number dot notation (i.e. 1.2.3) or
-1088  * hexadecimal string.
-1089  * @example
-1090  * ASN1HEX.oidname("2.5.29.37") → extKeyUsage
-1091  * ASN1HEX.oidname("551d25") → extKeyUsage
-1092  * ASN1HEX.oidname("0.1.2.3") → 0.1.2.3 // unknown
-1093  */
-1094 ASN1HEX.oidname = function(oidDotOrHex) {
-1095     var _KJUR_asn1 = KJUR.asn1;
-1096     if (KJUR.lang.String.isHex(oidDotOrHex))
-1097 	oidDotOrHex = _KJUR_asn1.ASN1Util.oidHexToInt(oidDotOrHex);
-1098     var name = _KJUR_asn1.x509.OID.oid2name(oidDotOrHex);
-1099     if (name === "") name = oidDotOrHex;
-1100     return name;
-1101 };
-1102 
-1103 
    
\ No newline at end of file
+1059         return false;
+1060 };
+1061 
+1062 /**
+1063  * strict ASN.1 DER hexadecimal string checker
+1064  * @name checkStrictDER
+1065  * @memberOf ASN1HEX
+1066  * @function
+1067  * @param {String} hex string to check whether it is hexadecmal string for ASN.1 DER or not
+1068  * @return unspecified
+1069  * @since jsrsasign 8.0.19 asn1hex 1.2.1
+1070  * @throws Error when malformed ASN.1 DER hexadecimal string
+1071  * @description
+1072  * This method checks wheather the argument 'hex' is a hexadecimal string of
+1073  * ASN.1 data or not. If the argument is not DER string, this 
+1074  * raise an exception.
+1075  * @example
+1076  * ASN1HEX.checkStrictDER('0203012345') → NO EXCEPTION FOR PROPER ASN.1 INTEGER
+1077  * ASN1HEX.checkStrictDER('0203012345ff') → RAISE EXCEPTION FOR TOO LONG VALUE
+1078  * ASN1HEX.checkStrictDER('02030123') → false RAISE EXCEPITON FOR TOO SHORT VALUE
+1079  * ASN1HEX.checkStrictDER('fa3bcd') → false RAISE EXCEPTION FOR WRONG ASN.1
+1080  */
+1081 ASN1HEX.checkStrictDER = function(h, idx, maxHexLen, maxByteLen, maxLbyteLen) {
+1082     var _ASN1HEX = ASN1HEX;
+1083 
+1084     if (maxHexLen === undefined) {
+1085 	// 1. hex string check
+1086 	if (typeof h != "string") throw new Error("not hex string");
+1087 	h = h.toLowerCase();
+1088 	if (! KJUR.lang.String.isHex(h)) throw new Error("not hex string");
+1089 
+1090 	// 2. set max if needed
+1091 	// max length of hexadecimal string
+1092 	maxHexLen = h.length;
+1093 	// max length of octets
+1094 	maxByteLen = h.length / 2;
+1095 	// max length of L octets of TLV
+1096 	if (maxByteLen < 0x80) {
+1097 	    maxLbyteLen = 1;
+1098 	} else {
+1099 	    maxLbyteLen = Math.ceil(maxByteLen.toString(16)) + 1;
+1100 	}
+1101     }
+1102     //console.log(maxHexLen + ":" + maxByteLen + ":" + maxLbyteLen);
+1103 
+1104     // 3. check if L(length) string not exceeds maxLbyteLen
+1105     var hL = _ASN1HEX.getL(h, idx);
+1106     if (hL.length > maxLbyteLen * 2)
+1107 	throw new Error("L of TLV too long: idx=" + idx);
+1108 
+1109     // 4. check if V(value) octet length (i.e. L(length) value) 
+1110     //    not exceeds maxByteLen
+1111     var vblen = _ASN1HEX.getVblen(h, idx);
+1112     if (vblen > maxByteLen) 
+1113 	throw new Error("value of L too long than hex: idx=" + idx);
+1114 
+1115     // 5. check V string length and L's value are the same
+1116     var hTLV = _ASN1HEX.getTLV(h, idx);
+1117     var hVLength = 
+1118 	hTLV.length - 2 - _ASN1HEX.getL(h, idx).length;
+1119     if (hVLength !== (vblen * 2))
+1120 	throw new Error("V string length and L's value not the same:" +
+1121 		        hVLength + "/" + (vblen * 2));
+1122 
+1123     // 6. check appending garbled string
+1124     if (idx === 0) {
+1125 	if (h.length != hTLV.length)
+1126 	    throw new Error("total length and TLV length unmatch:" +
+1127 			    h.length + "!=" + hTLV.length);
+1128     }
+1129 
+1130     // 7. check if there isn't prepending zeros in DER INTEGER value
+1131     var hT = h.substr(idx, 2);
+1132     if (hT === '02') {
+1133 	var vidx = _ASN1HEX.getVidx(h, idx);
+1134 	// check if DER INTEGER VALUE have least leading zeros 
+1135 	// for two's complement
+1136 	// GOOD - 3fabde... 008fad...
+1137 	// BAD  - 000012... 007fad...
+1138 	if (h.substr(vidx, 2) == "00" && h.charCodeAt(vidx + 2) < 56) // '8'=56
+1139 	    throw new Error("not least zeros for DER INTEGER");
+1140     }
+1141 
+1142     // 8. check if all of elements in a structured item are conformed to
+1143     //    strict DER encoding rules.
+1144     if (parseInt(hT, 16) & 32) { // structured tag?
+1145 	var intL = _ASN1HEX.getVblen(h, idx);
+1146 	var sum = 0;
+1147 	var aIdx = _ASN1HEX.getChildIdx(h, idx);
+1148 	for (var i = 0; i < aIdx.length; i++) {
+1149 	    var tlv = _ASN1HEX.getTLV(h, aIdx[i]);
+1150 	    sum += tlv.length;
+1151 	    _ASN1HEX.checkStrictDER(h, aIdx[i], 
+1152 				   maxHexLen, maxByteLen, maxLbyteLen);
+1153 	}
+1154 	if ((intL * 2) != sum)
+1155 	    throw new Error("sum of children's TLV length and L unmatch: " +
+1156 			    (intL * 2) + "!=" + sum);
+1157     }
+1158 };
+1159 
+1160 /**
+1161  * get hexacedimal string from PEM format data<br/>
+1162  * @name oidname
+1163  * @memberOf ASN1HEX
+1164  * @function
+1165  * @param {String} oidDotOrHex number dot notation(i.e. 1.2.3) or hexadecimal string for OID
+1166  * @return {String} name for OID
+1167  * @since jsrsasign 7.2.0 asn1hex 1.1.11
+1168  * @description
+1169  * This static method gets a OID name for
+1170  * a specified string of number dot notation (i.e. 1.2.3) or
+1171  * hexadecimal string.
+1172  * @example
+1173  * ASN1HEX.oidname("2.5.29.37") → extKeyUsage
+1174  * ASN1HEX.oidname("551d25") → extKeyUsage
+1175  * ASN1HEX.oidname("0.1.2.3") → 0.1.2.3 // unknown
+1176  */
+1177 ASN1HEX.oidname = function(oidDotOrHex) {
+1178     var _KJUR_asn1 = KJUR.asn1;
+1179     if (KJUR.lang.String.isHex(oidDotOrHex))
+1180 	oidDotOrHex = _KJUR_asn1.ASN1Util.oidHexToInt(oidDotOrHex);
+1181     var name = _KJUR_asn1.x509.OID.oid2name(oidDotOrHex);
+1182     if (name === "") name = oidDotOrHex;
+1183     return name;
+1184 };
+1185 
+1186
    \ No newline at end of file diff --git a/api/symbols/src/asn1tsp-1.0.js.html b/api/symbols/src/asn1tsp-1.0.js.html index 141d01c6..850241f6 100644 --- a/api/symbols/src/asn1tsp-1.0.js.html +++ b/api/symbols/src/asn1tsp-1.0.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
      1 /* asn1tsp-2.0.0.js (c) 2014-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
      1 /* asn1tsp-2.0.1.js (c) 2014-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * asn1tsp.js - ASN.1 DER encoder classes for RFC 3161 Time Stamp Protocol
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1tsp-1.0.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 10.0.0 asn1tsp 2.0.0 (2020-Sep-22)
+ 19  * @version jsrsasign 10.1.0 asn1tsp 2.0.1 (2020-Nov-18)
  20  * @since jsrsasign 4.5.1
  21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -999,4 +999,389 @@
 992     return json;
 993 };
 994 
-995 
    
\ No newline at end of file
+995     /**
+996  * class for parsing RFC 3161 TimeStamp protocol data<br/>
+997  * @name KJUR.asn1.tsp.TSPParser
+998  * @class RFC 3161 TimeStamp protocol parser class
+999  * @since jsrsasign 10.1.0 asn1tsp 2.0.1
+1000  *
+1001  * @description
+1002  * This is an ASN.1 parser for 
+1003  * <a href="https://tools.ietf.org/html/rfc3161">RFC 3161</a>.
+1004  */
+1005 KJUR.asn1.tsp.TSPParser = function() {
+1006     var _Error = Error,
+1007 	_X509 = X509,
+1008 	_x509obj = new _X509(),
+1009 	_ASN1HEX = ASN1HEX,
+1010 	_getV = _ASN1HEX.getV,
+1011 	_getTLV = _ASN1HEX.getTLV,
+1012 	_getIdxbyList = _ASN1HEX.getIdxbyList,
+1013 	_getTLVbyListEx = _ASN1HEX.getTLVbyListEx,
+1014 	_getChildIdx = _ASN1HEX.getChildIdx;
+1015     var _aSTATUSSTR = [
+1016 	"granted", "grantedWithMods", "rejection", "waiting",
+1017 	"revocationWarning", "revocationNotification" ];
+1018     
+1019     /**
+1020      * parse ASN.1 TimeStampResp<br/>
+1021      * @name getResponse
+1022      * @memberOf KJUR.asn1.tsp.TSPParser#
+1023      * @function
+1024      * @param {String} h hexadecimal string of ASN.1 TimeStampResp
+1025      * @return {Array} JSON object of TimeStampResp parameter
+1026      * @see KJUR.asn1.tsp.TimeStampResp
+1027      * @see KJUR.asn1.tsp.TimeStampToken
+1028      * @see KJUR.asn1.cms.CMSParser#getCMSSignedData
+1029      *
+1030      * @description
+1031      * This method parses ASN.1 TimeStampRsp defined in RFC 3161.
+1032      * <pre>
+1033      * TimeStampResp ::= SEQUENCE {
+1034      *   status          PKIStatusInfo,
+1035      *   timeStampToken  TimeStampToken  OPTIONAL }
+1036      * </pre>
+1037      * When "h" is a TSP error response,
+1038      * returned parameter contains "statusinfo" only.
+1039      *
+1040      * @example
+1041      * parser = new KJUR.asn1.tsp.TSPParser();
+1042      * parser.getResponse("30...") →
+1043      * { 
+1044      *   statusinfo: 'granted',
+1045      *   ... // almost the same as CMS SignedData parameters
+1046      *   econtent: {
+1047      *     type: "tstinfo",
+1048      *     content: { // TSTInfo parameter
+1049      *       policy: '1.2.3.4.5',
+1050      *       messageImprint: {alg: 'sha256', hash: 'a1a2a3a4...'},
+1051      *       serialNumber: {'int': 3},
+1052      *       genTime: {str: '20131231235959.123Z'},
+1053      *       accuracy: {millis: 500},
+1054      *       ordering: true,
+1055      *       nonce: {int: 3}
+1056      *     }
+1057      *   },
+1058      *   ...
+1059      * }
+1060      */
+1061     this.getResponse = function(h) {
+1062 	var aIdx = _getChildIdx(h, 0);
+1063 	
+1064 	if (aIdx.length == 1) {
+1065 	    return this.getPKIStatusInfo(_getTLV(h, aIdx[0]));
+1066 	} else if (aIdx.length > 1) {
+1067 	    var pPKIStatusInfo = this.getPKIStatusInfo(_getTLV(h, aIdx[0]));
+1068 	    var hTST = _getTLV(h, aIdx[1]);
+1069 	    var pResult = this.getToken(hTST);
+1070 	    pResult.statusinfo = pPKIStatusInfo;
+1071 	    return pResult;
+1072 	}
+1073     };
+1074 
+1075     /**
+1076      * parse ASN.1 TimeStampToken<br/>
+1077      * @name getToken
+1078      * @memberOf KJUR.asn1.tsp.TSPParser#
+1079      * @function
+1080      * @param {String} h hexadecimal string of ASN.1 TimeStampToken
+1081      * @return {Array} JSON object of TimeStampToken parameter
+1082      * @see KJUR.asn1.tsp.TimeStampToken
+1083      * @see KJUR.asn1.cms.CMSParser#getCMSSignedData
+1084      * @see KJUR.asn1.tsp.TSPParser#setTSTInfo
+1085      *
+1086      * @description
+1087      * This method parses ASN.1 TimeStampRsp defined in RFC 3161.
+1088      * This method will parse "h" as CMS SigneData by
+1089      * {@link KJUR.asn1.cms.CMSParser#getCMSSignedData}, then
+1090      * parse and modify "econtent.content" parameter by
+1091      * {@link KJUR.asn1.tsp.TSPParser#setTSTInfo} method.
+1092      *
+1093      * @example
+1094      * parser = new KJUR.asn1.tsp.TSPParser();
+1095      * parser.getToken("30...") →
+1096      * { 
+1097      *   ... // almost the same as CMS SignedData parameters
+1098      *   econtent: {
+1099      *     type: "tstinfo",
+1100      *     content: { // TSTInfo parameter
+1101      *       policy: '1.2.3.4.5',
+1102      *       messageImprint: {alg: 'sha256', hash: 'a1a2a3a4...'},
+1103      *       serialNumber: {'int': 3},
+1104      *       genTime: {str: '20131231235959.123Z'},
+1105      *       accuracy: {millis: 500},
+1106      *       ordering: true,
+1107      *       nonce: {int: 3}
+1108      *     }
+1109      *   },
+1110      *   ...
+1111      * }
+1112      */
+1113     this.getToken = function(h) {
+1114 	var _CMSParser = new KJUR.asn1.cms.CMSParser;
+1115 	var p = _CMSParser.getCMSSignedData(h);
+1116 	this.setTSTInfo(p);
+1117 	return p;
+1118     };
+1119 
+1120     /**
+1121      * set ASN.1 TSTInfo parameter to CMS SignedData parameter<br/>
+1122      * @name setTSTInfo
+1123      * @memberOf KJUR.asn1.tsp.TSPParser#
+1124      * @function
+1125      * @param {Array} pCMSSignedData JSON object of CMS SignedData parameter
+1126      * @see KJUR.asn1.tsp.TimeStampToken
+1127      * @see KJUR.asn1.cms.CMSParser#getCMSSignedData
+1128      *
+1129      * @description
+1130      * This method modifies "econtent.content" of CMS SignedData parameter
+1131      * to parsed TSTInfo.
+1132      * <pre>
+1133      *
+1134      * @example
+1135      * parser = new KJUR.asn1.tsp.TSPParser();
+1136      * pCMSSignedData = { 
+1137      *   ... // almost the same as CMS SignedData parameters
+1138      *   econtent: {
+1139      *     type: "tstinfo",
+1140      *     content: { hex: "30..." }
+1141      *   },
+1142      *   ...
+1143      * };
+1144      * parser.setTSTInfo(pCMSSignedData);
+1145      * pCMSSignedData → { 
+1146      *   ... // almost the same as CMS SignedData parameters
+1147      *   econtent: {
+1148      *     type: "tstinfo",
+1149      *     content: { // TSTInfo parameter
+1150      *       policy: '1.2.3.4.5',
+1151      *       messageImprint: {alg: 'sha256', hash: 'a1a2a3a4...'},
+1152      *       serialNumber: {int: 3},
+1153      *       genTime: {str: '20131231235959.123Z'},
+1154      *       accuracy: {millis: 500},
+1155      *       ordering: true,
+1156      *       nonce: {int: 3}
+1157      *     }
+1158      *   },
+1159      *   ...
+1160      * };
+1161      */
+1162     this.setTSTInfo = function(pCMSSignedData) {
+1163 	var pEContent = pCMSSignedData.econtent;
+1164 	if (pEContent.type == "tstinfo") {
+1165 	    var hContent = pEContent.content.hex;
+1166 	    var pTSTInfo = this.getTSTInfo(hContent);
+1167 	    //pTSTInfo.hex_ = hContent;
+1168 	    pEContent.content = pTSTInfo;
+1169 	}
+1170     };
+1171 
+1172     /**
+1173      * parse ASN.1 TSTInfo<br/>
+1174      * @name getTSTInfo
+1175      * @memberOf KJUR.asn1.tsp.TSPParser#
+1176      * @function
+1177      * @param {String} h hexadecimal string of ASN.1 TSTInfo
+1178      * @return {Array} JSON object of TSTInfo parameter
+1179      * @see KJUR.asn1.tsp.TSTInfo
+1180      *
+1181      * @description
+1182      * This method parses ASN.1 TSTInfo defined in RFC 3161.
+1183      * <pre>
+1184      * TSTInfo ::= SEQUENCE  {
+1185      *    version          INTEGER  { v1(1) },
+1186      *    policy           TSAPolicyId,
+1187      *    messageImprint   MessageImprint,
+1188      *    serialNumber     INTEGER,
+1189      *    genTime          GeneralizedTime,
+1190      *    accuracy         Accuracy                 OPTIONAL,
+1191      *    ordering         BOOLEAN             DEFAULT FALSE,
+1192      *    nonce            INTEGER                  OPTIONAL,
+1193      *    tsa              [0] GeneralName          OPTIONAL,
+1194      *    extensions       [1] IMPLICIT Extensions  OPTIONAL }
+1195      * </pre>
+1196      *
+1197      * @example
+1198      * parser = new KJUR.asn1.tsp.TSPParser();
+1199      * parser.getTSTInfo("30...") →
+1200      * {
+1201      *   policy: '1.2.3.4.5',
+1202      *   messageImprint: {alg: 'sha256', hash: 'a1a2a3a4...'},
+1203      *   serialNumber: {'int': 3},
+1204      *   genTime: {str: '20131231235959.123Z'},
+1205      *   accuracy: {millis: 500},
+1206      *   ordering: true,
+1207      *   nonce: {int: 3}
+1208      * }
+1209      */
+1210     this.getTSTInfo = function(h) {
+1211 	var pResult = {};
+1212 	var aIdx = _getChildIdx(h, 0);
+1213 
+1214 	var hPolicy = _getV(h, aIdx[1]);
+1215 	pResult.policy = hextooid(hPolicy);
+1216 
+1217 	var hMessageImprint = _getTLV(h, aIdx[2]);
+1218 	pResult.messageImprint = this.getMessageImprint(hMessageImprint);
+1219 
+1220 	var hSerial = _getV(h, aIdx[3]);
+1221 	pResult.serial = {hex: hSerial};
+1222 
+1223 	var hGenTime = _getV(h, aIdx[4]);
+1224 	pResult.genTime = {str: hextoutf8(hGenTime)};
+1225 
+1226 	var offset = 0;
+1227 
+1228 	if (aIdx.length > 5 && h.substr(aIdx[5], 2) == "30") {
+1229 	    var hAccuracy = _getTLV(h, aIdx[5]);
+1230 	    pResult.accuracy = this.getAccuracy(hAccuracy);
+1231 	    offset++;
+1232 	}
+1233 
+1234 	if (aIdx.length > 5 + offset && 
+1235 	    h.substr(aIdx[5 + offset], 2) == "01") {
+1236 	    var hOrdering = _getV(h, aIdx[5 + offset]);
+1237 	    if (hOrdering == "ff") pResult.ordering = true;
+1238 	    offset++;
+1239 	}
+1240 
+1241 	if (aIdx.length > 5 + offset &&
+1242 	    h.substr(aIdx[5 + offset], 2) == "02") {
+1243 	    var hNonce = _getV(h, aIdx[5 + offset]);
+1244 	    pResult.nonce = {hex: hNonce};
+1245 	    offset++;
+1246 	}
+1247 
+1248 	if (aIdx.length > 5 + offset &&
+1249 	    h.substr(aIdx[5 + offset], 2) == "a0") {
+1250 	    var hGeneralNames = _getTLV(h, aIdx[5 + offset]);
+1251 	    hGeneralNames = "30" + hGeneralNames.substr(2);
+1252 	    pGeneralNames = _x509obj.getGeneralNames(hGeneralNames);
+1253 	    var pName = pGeneralNames[0].dn;
+1254 	    pResult.tsa = pName;
+1255 	    offset++;
+1256 	}
+1257 
+1258 	if (aIdx.length > 5 + offset &&
+1259 	    h.substr(aIdx[5 + offset], 2) == "a1") {
+1260 	    var hExt = _getTLV(h, aIdx[5 + offset]);
+1261 	    hExt = "30" + hExt.substr(2);
+1262 	    var aExt = _x509obj.getExtParamArray(hExt);
+1263 	    pResult.ext = aExt;
+1264 	    offset++;
+1265 	}
+1266 
+1267 	return pResult;
+1268     };
+1269 
+1270     /**
+1271      * parse ASN.1 Accuracy<br/>
+1272      * @name getAccuracy
+1273      * @memberOf KJUR.asn1.tsp.TSPParser#
+1274      * @function
+1275      * @param {String} h hexadecimal string of ASN.1 Accuracy
+1276      * @return {Array} JSON object of Accuracy parameter
+1277      * @see KJUR.asn1.tsp.Accuracy
+1278      *
+1279      * @description
+1280      * This method parses ASN.1 Accuracy defined in RFC 3161.
+1281      * <pre>
+1282      * Accuracy ::= SEQUENCE {
+1283      *    seconds        INTEGER              OPTIONAL,
+1284      *    millis     [0] INTEGER  (1..999)    OPTIONAL,
+1285      *    micros     [1] INTEGER  (1..999)    OPTIONAL  }
+1286      * </pre>
+1287      *
+1288      * @example
+1289      * parser = new KJUR.asn1.tsp.TSPParser();
+1290      * parser.getAccuracy("30...") → {millis: 500}
+1291      */
+1292     this.getAccuracy = function(h) {
+1293 	var pResult = {};
+1294 
+1295 	var aIdx = _getChildIdx(h, 0);
+1296 
+1297 	for (var i = 0; i < aIdx.length; i++) {
+1298 	    var tag = h.substr(aIdx[i], 2);
+1299 	    var hV = _getV(h, aIdx[i]);
+1300 	    var iV = parseInt(hV, 16);
+1301 
+1302 	    if (tag == "02") {
+1303 		pResult.seconds = iV;
+1304 	    } else if (tag == "80") {
+1305 		pResult.millis = iV;
+1306 	    } else if (tag == "81") {
+1307 		pResult.micros = iV;
+1308 	    }
+1309 	}
+1310 
+1311 	return pResult;
+1312     };
+1313 
+1314     /**
+1315      * parse ASN.1 MessageImprint<br/>
+1316      * @name getMessageImprint
+1317      * @memberOf KJUR.asn1.tsp.TSPParser#
+1318      * @function
+1319      * @param {String} h hexadecimal string of ASN.1 MessageImprint
+1320      * @return {Array} JSON object of MessageImprint parameter
+1321      * @see KJUR.asn1.tsp.MessageImprint
+1322      *
+1323      * @description
+1324      * This method parses ASN.1 MessageImprint defined in RFC 3161.
+1325      *
+1326      * @example
+1327      * parser = new KJUR.asn1.tsp.TSPParser();
+1328      * parser.getMessageImprint("30...") → 
+1329      * { alg: "sha256", hash: "12ab..." }
+1330      */
+1331     this.getMessageImprint = function(h) {
+1332 	if (h.substr(0, 2) != "30")
+1333             throw new Error("head of messageImprint hex shall be x30");
+1334 
+1335 	var json = {};
+1336 	var idxList = _getChildIdx(h, 0);
+1337 	var hashAlgOidIdx = _getIdxbyList(h, 0, [0, 0]);
+1338 	var hashAlgHex = _getV(h, hashAlgOidIdx);
+1339 	var hashAlgOid = _ASN1HEX.hextooidstr(hashAlgHex);
+1340 	var hashAlgName = KJUR.asn1.x509.OID.oid2name(hashAlgOid);
+1341 	if (hashAlgName == '')
+1342             throw new Error("hashAlg name undefined: " + hashAlgOid);
+1343 	var hashAlg = hashAlgName;
+1344 	var hashValueIdx = _getIdxbyList(h, 0, [1]);
+1345 	
+1346 	json.alg = hashAlg;
+1347 	json.hash = _getV(h, hashValueIdx); 
+1348 
+1349 	return json;
+1350     };
+1351 
+1352     /**
+1353      * parse ASN.1 PKIStatusInfo<br/>
+1354      * @name getPKIStatusInfo
+1355      * @memberOf KJUR.asn1.tsp.TSPParser#
+1356      * @function
+1357      * @param {String} h hexadecimal string of ASN.1 PKIStatusInfo
+1358      * @return {Array} JSON object of PKIStatusInfo parameter
+1359      * @see KJUR.asn1.tsp.PKIStatusInfo
+1360      *
+1361      * @description
+1362      * This method parses ASN.1 PKIStatusInfo defined in RFC 3161.
+1363      *
+1364      * @example
+1365      * parser = new KJUR.asn1.tsp.TSPParser();
+1366      * parser.getPKIStatusInfo("30...") → 
+1367      * { status: "granted" }
+1368      */
+1369     this.getPKIStatusInfo = function(h) {
+1370 	var pResult = {};
+1371 	var aIdx = _getChildIdx(h, 0);
+1372 	try {
+1373 	    var hStatus = _getV(h, aIdx[0]);
+1374 	    var iStatus = parseInt(hStatus, 16);
+1375 	    pResult.status = _aSTATUSSTR[iStatus];
+1376 	} catch(ex) {};
+1377 	
+1378 	return pResult;
+1379     };
+1380 };
    \ No newline at end of file diff --git a/api/symbols/src/asn1x509-1.0.js.html b/api/symbols/src/asn1x509-1.0.js.html index 4a103f7f..7a7a8b6f 100644 --- a/api/symbols/src/asn1x509-1.0.js.html +++ b/api/symbols/src/asn1x509-1.0.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
      1 /* asn1x509-2.1.5.js (c) 2013-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
      1 /* asn1x509-2.1.6.js (c) 2013-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1x509-1.0.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 10.0.5 asn1x509 2.1.5 (2020-Nov-04)
+ 19  * @version jsrsasign 10.1.0 asn1x509 2.1.6 (2020-Nov-18)
  20  * @since jsrsasign 2.1
  21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -230,3995 +230,4000 @@
 223      */
 224     this.sign = function() {
 225 	var params = this.params;
-226 	var hTBS = params.tbsobj.getEncodedHex();
-227 	var sig = new KJUR.crypto.Signature({alg: params.sigalg});
-228 	sig.init(params.cakey);
-229 	sig.updateHex(hTBS);
-230 	params.sighex = sig.sign();
-231     };
-232 
-233     /**
-234      * get PEM formatted certificate string after signed
-235      * @name getPEM
-236      * @memberOf KJUR.asn1.x509.Certificate#
-237      * @function
-238      * @return PEM formatted string of certificate
-239      * @since jsrsasign 9.0.0 asn1hex 2.0.0
-240      * @description
-241      * This method returns a string of PEM formatted 
-242      * certificate.
-243      * @example
-244      * cert = new KJUR.asn1.x509.Certificate({...});
-245      * cert.getPEM() →
-246      * "-----BEGIN CERTIFICATE-----\r\n..."
-247      */
-248     this.getPEM = function() {
-249 	return hextopem(this.getEncodedHex(), "CERTIFICATE");
-250     };
-251 
-252     this.getEncodedHex = function() {
-253 	var params = this.params;
-254 	
-255 	if (params.tbsobj == undefined || params.tbsobj == null) {
-256 	    params.tbsobj = new _TBSCertificate(params);
-257 	}
-258 
-259 	if (params.sighex == undefined && params.cakey != undefined) {
-260 	    this.sign();
-261 	}
-262 
-263 	if (params.sighex == undefined) {
-264 	    throw new Error("sighex or cakey parameter not defined");
-265 	}
-266 
-267 	var a = [];
-268 	a.push(params.tbsobj);
-269 	a.push(new _AlgorithmIdentifier({name: params.sigalg}));
-270 	a.push(new _DERBitString({hex: "00" + params.sighex}));
-271 	var seq = new _DERSequence({array: a});
-272 	return seq.getEncodedHex();
-273     };
-274 
-275     if (params != undefined) this.params = params;
-276 };
-277 YAHOO.lang.extend(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object);
-278 
-279 /**
-280  * ASN.1 TBSCertificate structure class<br/>
-281  * @name KJUR.asn1.x509.TBSCertificate
-282  * @class ASN.1 TBSCertificate structure class
-283  * @property {Array} params JSON object of parameters
-284  * @param {Array} params JSON object of TBSCertificate parameters
-285  * @extends KJUR.asn1.ASN1Object
-286  * @see KJUR.asn1.x509.Certificate
-287  *
-288  * @description
-289  * <br/>
-290  * NOTE: TBSCertificate class is updated without backward 
-291  * compatibility from jsrsasign 9.0.0 asn1x509 2.0.0.
-292  * Most of methods are removed and parameters can be set
-293  * by JSON object.
-294  *
-295  * @example
-296  * new TBSCertificate({
-297  *  version: 3, // this can be omitted, the default is 3.
-298  *  serial: {hex: "1234..."}, // DERInteger parameter
-299  *  sigalg: "SHA256withRSA",
-300  *  issuer: {array:[[{type:'O',value:'Test',ds:'prn'}]]}, // X500Name parameter
-301  *  notbefore: "151231235959Z", // string, passed to Time
-302  *  notafter: "251231235959Z", // string, passed to Time
-303  *  subject: {array:[[{type:'O',value:'Test',ds:'prn'}]]}, // X500Name parameter
-304  *  sbjpubkey: "-----BEGIN...", // KEYUTIL.getKey pubkey parameter
-305  *  // As for extension parameters, please see extension class
-306  *  // All extension parameters need to have "extname" parameter additionaly.
-307  *  ext:[{ 
-308  *   extname:"keyUsage",critical:true,
-309  *   names:["digitalSignature","keyEncipherment"]
-310  *  },{
-311  *   extname:"cRLDistributionPoints",
-312  *   array:[{dpname:{full:[{uri:"http://example.com/a1.crl"}]}}]
-313  *  }, ...]
-314  * })
-315  *
-316  * var tbsc = new TBSCertificate();
-317  * tbsc.setByParam({version:3,serial:{hex:'1234...'},...});
-318  */
-319 KJUR.asn1.x509.TBSCertificate = function(params) {
-320     KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this);
-321     var _KJUR = KJUR,
-322 	_KJUR_asn1 = _KJUR.asn1,
-323 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
-324 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
-325 	_DERInteger = _KJUR_asn1.DERInteger,
-326 	_DERSequence = _KJUR_asn1.DERSequence,
-327 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
-328 	_Time = _KJUR_asn1_x509.Time,
-329 	_X500Name = _KJUR_asn1_x509.X500Name,
-330 	_Extensions = _KJUR_asn1_x509.Extensions,
-331 	_SubjectPublicKeyInfo = _KJUR_asn1_x509.SubjectPublicKeyInfo;
-332 
-333     this.params = null;
-334 
-335     /**
-336      * get array of ASN.1 object for extensions<br/>
-337      * @name setByParam
-338      * @memberOf KJUR.asn1.x509.TBSCertificate#
-339      * @function
-340      * @param {Array} JSON object of TBSCertificate parameters
-341      * @example
-342      * tbsc = new KJUR.asn1.x509.TBSCertificate();
-343      * tbsc.setByParam({version:3, serial:{hex:'1234...'},...});
-344      */
-345     this.setByParam = function(params) {
-346 	this.params = params;
-347     };
-348 
-349     this.getEncodedHex = function() {
-350 	var a = [];
-351 	var params = this.params;
-352 
-353 	// X.509v3 default if params.version not defined
-354 	if (params.version != undefined || params.version != 1) {
-355 	    var version = 2; 
-356 	    if (params.version != undefined) version = params.version - 1;
-357 	    var obj = 
-358 		new _DERTaggedObject({obj: new _DERInteger({'int': version})}) 
-359 	    a.push(obj);
-360 	}
-361 
-362 	a.push(new _DERInteger(params.serial));
-363 	a.push(new _AlgorithmIdentifier({name: params.sigalg}));
-364 	a.push(new _X500Name(params.issuer));
-365 	a.push(new _DERSequence({array:[new _Time({str: params.notbefore}),
-366 					new _Time({str: params.notafter})]}));
-367 	a.push(new _X500Name(params.subject));
-368 	a.push(new _SubjectPublicKeyInfo(KEYUTIL.getKey(params.sbjpubkey)));
-369 	if (params.ext !== undefined && params.ext.length > 0) {
-370 	    a.push(new _DERTaggedObject({tag: "a3",
-371 					 obj: new _Extensions(params.ext)}));
-372 	}
-373 
-374 	var seq = new KJUR.asn1.DERSequence({array: a});
-375 	return seq.getEncodedHex();
-376     };
-377 
-378     if (params !== undefined) this.setByParam(params);
-379 };
-380 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate, KJUR.asn1.ASN1Object);
-381 
-382 /**
-383  * Extensions ASN.1 structure class<br/>
-384  * @name KJUR.asn1.x509.Extensions
-385  * @class Extensions ASN.1 structure class
-386  * @param {Array} aParam array of JSON extension parameter
-387  * @extends KJUR.asn1.ASN1Object
-388  * @since jsrsasign 9.1.0 asn1x509 2.1.0
-389  * @see KJUR.asn1.x509.TBSCertificate
-390  * @see KJUR.asn1.x509.TBSCertList
-391  * @see KJUR.asn1.csr.CertificationRequestInfo
-392  * @see KJUR.asn1.x509.PrivateExtension
-393  *
-394  * @description
-395  * This class represents
-396  * <a href="https://tools.ietf.org/html/rfc5280#section-4.1">
-397  * Extensions defined in RFC 5280 4.1</a> and
-398  * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.9">
-399  * 4.1.2.9</a>.
-400  * <pre>
-401  * Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
-402  * </pre>
-403  * NOTE: From jsrsasign 9.1.1, private extension or
-404  * undefined extension have been supported by
-405  * {@link KJUR.asn1.x509.PrivateExtension}.
-406  *
-407  * @example
-408  * o = new KJUR.asn1.x509.Extensions([
-409  *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
-410  *   {extname:"subjectAltName",array:[{dns:"example.com"}]},
-411  *   {extname:"1.2.3.4",extn:{prnstr:"aa"}} // private extension
-412  * ]);
-413  * o.getEncodedHex() → "30..."
-414  */
-415 KJUR.asn1.x509.Extensions = function(aParam) {
-416     KJUR.asn1.x509.Extensions.superclass.constructor.call(this);
-417     var _KJUR = KJUR,
-418 	_KJUR_asn1 = _KJUR.asn1,
-419 	_DERSequence = _KJUR_asn1.DERSequence,
-420 	_KJUR_asn1_x509 = _KJUR_asn1.x509;
-421     this.aParam = [];
-422 
-423     this.setByParam = function(aParam) { this.aParam = aParam; }
-424 
-425     this.getEncodedHex = function() {
-426 	var a = [];
-427 	for (var i = 0; i < this.aParam.length; i++) {
-428 	    var param = this.aParam[i];
-429 	    var extname = param.extname;
-430 	    var obj = null;
-431 
-432 	    if (param.extn != undefined) {
-433 		obj = new _KJUR_asn1_x509.PrivateExtension(param);
-434 	    } else if (extname == "subjectKeyIdentifier") {
-435 		obj = new _KJUR_asn1_x509.SubjectKeyIdentifier(param);
-436 	    } else if (extname == "keyUsage") {
-437 		obj = new _KJUR_asn1_x509.KeyUsage(param);
-438 	    } else if (extname == "subjectAltName") {
-439 		obj = new _KJUR_asn1_x509.SubjectAltName(param);
-440 	    } else if (extname == "issuerAltName") {
-441 		obj = new _KJUR_asn1_x509.IssuerAltName(param);
-442 	    } else if (extname == "basicConstraints") {
-443 		obj = new _KJUR_asn1_x509.BasicConstraints(param);
-444 	    } else if (extname == "cRLDistributionPoints") {
-445 		obj = new _KJUR_asn1_x509.CRLDistributionPoints(param);
-446 	    } else if (extname == "certificatePolicies") {
-447 		obj = new _KJUR_asn1_x509.CertificatePolicies(param);
-448 	    } else if (extname == "authorityKeyIdentifier") {
-449 		obj = new _KJUR_asn1_x509.AuthorityKeyIdentifier(param);
-450 	    } else if (extname == "extKeyUsage") {
-451 		obj = new _KJUR_asn1_x509.ExtKeyUsage(param);
-452 	    } else if (extname == "authorityInfoAccess") {
-453 		obj = new _KJUR_asn1_x509.AuthorityInfoAccess(param);
-454 	    } else if (extname == "cRLNumber") {
-455 		obj = new _KJUR_asn1_x509.CRLNumber(param);
-456 	    } else if (extname == "cRLReason") {
-457 		obj = new _KJUR_asn1_x509.CRLReason(param);
-458 	    } else if (extname == "ocspNonce") {
-459 		obj = new _KJUR_asn1_x509.OCSPNonce(param);
-460 	    } else if (extname == "ocspNoCheck") {
-461 		obj = new _KJUR_asn1_x509.OCSPNoCheck(param);
-462 	    } else if (extname == "adobeTimeStamp") {
-463 		obj = new _KJUR_asn1_x509.AdobeTimeStamp(param);
-464 	    } else {
-465 		throw new Error("extension not supported:"
-466 				+ JSON.stringify(param));
-467 	    }
-468 	    if (obj != null) a.push(obj);
-469 	}
-470 
-471 	var seq = new _DERSequence({array: a});
-472 	return seq.getEncodedHex();
-473     };
-474 
-475     if (aParam != undefined) this.setByParam(aParam);
-476 };
-477 YAHOO.lang.extend(KJUR.asn1.x509.Extensions, KJUR.asn1.ASN1Object);
-478 
+226 
+227 	var sigalg = params.sigalg;
+228 	if (params.sigalg.name != undefined) 
+229 	    sigalg = params.sigalg.name;
+230 
+231 	var hTBS = params.tbsobj.getEncodedHex();
+232 	var sig = new KJUR.crypto.Signature({alg: sigalg});
+233 	sig.init(params.cakey);
+234 	sig.updateHex(hTBS);
+235 	params.sighex = sig.sign();
+236     };
+237 
+238     /**
+239      * get PEM formatted certificate string after signed
+240      * @name getPEM
+241      * @memberOf KJUR.asn1.x509.Certificate#
+242      * @function
+243      * @return PEM formatted string of certificate
+244      * @since jsrsasign 9.0.0 asn1hex 2.0.0
+245      * @description
+246      * This method returns a string of PEM formatted 
+247      * certificate.
+248      * @example
+249      * cert = new KJUR.asn1.x509.Certificate({...});
+250      * cert.getPEM() →
+251      * "-----BEGIN CERTIFICATE-----\r\n..."
+252      */
+253     this.getPEM = function() {
+254 	return hextopem(this.getEncodedHex(), "CERTIFICATE");
+255     };
+256 
+257     this.getEncodedHex = function() {
+258 	var params = this.params;
+259 	
+260 	if (params.tbsobj == undefined || params.tbsobj == null) {
+261 	    params.tbsobj = new _TBSCertificate(params);
+262 	}
+263 
+264 	if (params.sighex == undefined && params.cakey != undefined) {
+265 	    this.sign();
+266 	}
+267 
+268 	if (params.sighex == undefined) {
+269 	    throw new Error("sighex or cakey parameter not defined");
+270 	}
+271 
+272 	var a = [];
+273 	a.push(params.tbsobj);
+274 	a.push(new _AlgorithmIdentifier({name: params.sigalg}));
+275 	a.push(new _DERBitString({hex: "00" + params.sighex}));
+276 	var seq = new _DERSequence({array: a});
+277 	return seq.getEncodedHex();
+278     };
+279 
+280     if (params != undefined) this.params = params;
+281 };
+282 YAHOO.lang.extend(KJUR.asn1.x509.Certificate, KJUR.asn1.ASN1Object);
+283 
+284 /**
+285  * ASN.1 TBSCertificate structure class<br/>
+286  * @name KJUR.asn1.x509.TBSCertificate
+287  * @class ASN.1 TBSCertificate structure class
+288  * @property {Array} params JSON object of parameters
+289  * @param {Array} params JSON object of TBSCertificate parameters
+290  * @extends KJUR.asn1.ASN1Object
+291  * @see KJUR.asn1.x509.Certificate
+292  *
+293  * @description
+294  * <br/>
+295  * NOTE: TBSCertificate class is updated without backward 
+296  * compatibility from jsrsasign 9.0.0 asn1x509 2.0.0.
+297  * Most of methods are removed and parameters can be set
+298  * by JSON object.
+299  *
+300  * @example
+301  * new TBSCertificate({
+302  *  version: 3, // this can be omitted, the default is 3.
+303  *  serial: {hex: "1234..."}, // DERInteger parameter
+304  *  sigalg: "SHA256withRSA",
+305  *  issuer: {array:[[{type:'O',value:'Test',ds:'prn'}]]}, // X500Name parameter
+306  *  notbefore: "151231235959Z", // string, passed to Time
+307  *  notafter: "251231235959Z", // string, passed to Time
+308  *  subject: {array:[[{type:'O',value:'Test',ds:'prn'}]]}, // X500Name parameter
+309  *  sbjpubkey: "-----BEGIN...", // KEYUTIL.getKey pubkey parameter
+310  *  // As for extension parameters, please see extension class
+311  *  // All extension parameters need to have "extname" parameter additionaly.
+312  *  ext:[{ 
+313  *   extname:"keyUsage",critical:true,
+314  *   names:["digitalSignature","keyEncipherment"]
+315  *  },{
+316  *   extname:"cRLDistributionPoints",
+317  *   array:[{dpname:{full:[{uri:"http://example.com/a1.crl"}]}}]
+318  *  }, ...]
+319  * })
+320  *
+321  * var tbsc = new TBSCertificate();
+322  * tbsc.setByParam({version:3,serial:{hex:'1234...'},...});
+323  */
+324 KJUR.asn1.x509.TBSCertificate = function(params) {
+325     KJUR.asn1.x509.TBSCertificate.superclass.constructor.call(this);
+326     var _KJUR = KJUR,
+327 	_KJUR_asn1 = _KJUR.asn1,
+328 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+329 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
+330 	_DERInteger = _KJUR_asn1.DERInteger,
+331 	_DERSequence = _KJUR_asn1.DERSequence,
+332 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
+333 	_Time = _KJUR_asn1_x509.Time,
+334 	_X500Name = _KJUR_asn1_x509.X500Name,
+335 	_Extensions = _KJUR_asn1_x509.Extensions,
+336 	_SubjectPublicKeyInfo = _KJUR_asn1_x509.SubjectPublicKeyInfo;
+337 
+338     this.params = null;
+339 
+340     /**
+341      * get array of ASN.1 object for extensions<br/>
+342      * @name setByParam
+343      * @memberOf KJUR.asn1.x509.TBSCertificate#
+344      * @function
+345      * @param {Array} JSON object of TBSCertificate parameters
+346      * @example
+347      * tbsc = new KJUR.asn1.x509.TBSCertificate();
+348      * tbsc.setByParam({version:3, serial:{hex:'1234...'},...});
+349      */
+350     this.setByParam = function(params) {
+351 	this.params = params;
+352     };
+353 
+354     this.getEncodedHex = function() {
+355 	var a = [];
+356 	var params = this.params;
+357 
+358 	// X.509v3 default if params.version not defined
+359 	if (params.version != undefined || params.version != 1) {
+360 	    var version = 2; 
+361 	    if (params.version != undefined) version = params.version - 1;
+362 	    var obj = 
+363 		new _DERTaggedObject({obj: new _DERInteger({'int': version})}) 
+364 	    a.push(obj);
+365 	}
+366 
+367 	a.push(new _DERInteger(params.serial));
+368 	a.push(new _AlgorithmIdentifier({name: params.sigalg}));
+369 	a.push(new _X500Name(params.issuer));
+370 	a.push(new _DERSequence({array:[new _Time(params.notbefore),
+371 					new _Time(params.notafter)]}));
+372 	a.push(new _X500Name(params.subject));
+373 	a.push(new _SubjectPublicKeyInfo(KEYUTIL.getKey(params.sbjpubkey)));
+374 	if (params.ext !== undefined && params.ext.length > 0) {
+375 	    a.push(new _DERTaggedObject({tag: "a3",
+376 					 obj: new _Extensions(params.ext)}));
+377 	}
+378 
+379 	var seq = new KJUR.asn1.DERSequence({array: a});
+380 	return seq.getEncodedHex();
+381     };
+382 
+383     if (params !== undefined) this.setByParam(params);
+384 };
+385 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate, KJUR.asn1.ASN1Object);
+386 
+387 /**
+388  * Extensions ASN.1 structure class<br/>
+389  * @name KJUR.asn1.x509.Extensions
+390  * @class Extensions ASN.1 structure class
+391  * @param {Array} aParam array of JSON extension parameter
+392  * @extends KJUR.asn1.ASN1Object
+393  * @since jsrsasign 9.1.0 asn1x509 2.1.0
+394  * @see KJUR.asn1.x509.TBSCertificate
+395  * @see KJUR.asn1.x509.TBSCertList
+396  * @see KJUR.asn1.csr.CertificationRequestInfo
+397  * @see KJUR.asn1.x509.PrivateExtension
+398  *
+399  * @description
+400  * This class represents
+401  * <a href="https://tools.ietf.org/html/rfc5280#section-4.1">
+402  * Extensions defined in RFC 5280 4.1</a> and
+403  * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.9">
+404  * 4.1.2.9</a>.
+405  * <pre>
+406  * Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
+407  * </pre>
+408  * NOTE: From jsrsasign 9.1.1, private extension or
+409  * undefined extension have been supported by
+410  * {@link KJUR.asn1.x509.PrivateExtension}.
+411  *
+412  * @example
+413  * o = new KJUR.asn1.x509.Extensions([
+414  *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
+415  *   {extname:"subjectAltName",array:[{dns:"example.com"}]},
+416  *   {extname:"1.2.3.4",extn:{prnstr:"aa"}} // private extension
+417  * ]);
+418  * o.getEncodedHex() → "30..."
+419  */
+420 KJUR.asn1.x509.Extensions = function(aParam) {
+421     KJUR.asn1.x509.Extensions.superclass.constructor.call(this);
+422     var _KJUR = KJUR,
+423 	_KJUR_asn1 = _KJUR.asn1,
+424 	_DERSequence = _KJUR_asn1.DERSequence,
+425 	_KJUR_asn1_x509 = _KJUR_asn1.x509;
+426     this.aParam = [];
+427 
+428     this.setByParam = function(aParam) { this.aParam = aParam; }
+429 
+430     this.getEncodedHex = function() {
+431 	var a = [];
+432 	for (var i = 0; i < this.aParam.length; i++) {
+433 	    var param = this.aParam[i];
+434 	    var extname = param.extname;
+435 	    var obj = null;
+436 
+437 	    if (param.extn != undefined) {
+438 		obj = new _KJUR_asn1_x509.PrivateExtension(param);
+439 	    } else if (extname == "subjectKeyIdentifier") {
+440 		obj = new _KJUR_asn1_x509.SubjectKeyIdentifier(param);
+441 	    } else if (extname == "keyUsage") {
+442 		obj = new _KJUR_asn1_x509.KeyUsage(param);
+443 	    } else if (extname == "subjectAltName") {
+444 		obj = new _KJUR_asn1_x509.SubjectAltName(param);
+445 	    } else if (extname == "issuerAltName") {
+446 		obj = new _KJUR_asn1_x509.IssuerAltName(param);
+447 	    } else if (extname == "basicConstraints") {
+448 		obj = new _KJUR_asn1_x509.BasicConstraints(param);
+449 	    } else if (extname == "cRLDistributionPoints") {
+450 		obj = new _KJUR_asn1_x509.CRLDistributionPoints(param);
+451 	    } else if (extname == "certificatePolicies") {
+452 		obj = new _KJUR_asn1_x509.CertificatePolicies(param);
+453 	    } else if (extname == "authorityKeyIdentifier") {
+454 		obj = new _KJUR_asn1_x509.AuthorityKeyIdentifier(param);
+455 	    } else if (extname == "extKeyUsage") {
+456 		obj = new _KJUR_asn1_x509.ExtKeyUsage(param);
+457 	    } else if (extname == "authorityInfoAccess") {
+458 		obj = new _KJUR_asn1_x509.AuthorityInfoAccess(param);
+459 	    } else if (extname == "cRLNumber") {
+460 		obj = new _KJUR_asn1_x509.CRLNumber(param);
+461 	    } else if (extname == "cRLReason") {
+462 		obj = new _KJUR_asn1_x509.CRLReason(param);
+463 	    } else if (extname == "ocspNonce") {
+464 		obj = new _KJUR_asn1_x509.OCSPNonce(param);
+465 	    } else if (extname == "ocspNoCheck") {
+466 		obj = new _KJUR_asn1_x509.OCSPNoCheck(param);
+467 	    } else if (extname == "adobeTimeStamp") {
+468 		obj = new _KJUR_asn1_x509.AdobeTimeStamp(param);
+469 	    } else {
+470 		throw new Error("extension not supported:"
+471 				+ JSON.stringify(param));
+472 	    }
+473 	    if (obj != null) a.push(obj);
+474 	}
+475 
+476 	var seq = new _DERSequence({array: a});
+477 	return seq.getEncodedHex();
+478     };
 479 
-480 // === END   TBSCertificate ===================================================
-481 
-482 // === BEGIN X.509v3 Extensions Related =======================================
+480     if (aParam != undefined) this.setByParam(aParam);
+481 };
+482 YAHOO.lang.extend(KJUR.asn1.x509.Extensions, KJUR.asn1.ASN1Object);
 483 
-484 /**
-485  * base Extension ASN.1 structure class
-486  * @name KJUR.asn1.x509.Extension
-487  * @class base Extension ASN.1 structure class
-488  * @param {Array} params associative array of parameters (ex. {'critical': true})
-489  * @extends KJUR.asn1.ASN1Object
-490  * @description
-491  * <pre>
-492  * Extension  ::=  SEQUENCE  {
-493  *     extnID      OBJECT IDENTIFIER,
-494  *     critical    BOOLEAN DEFAULT FALSE,
-495  *     extnValue   OCTET STRING  }
-496  * </pre>
-497  * @example
-498  */
-499 KJUR.asn1.x509.Extension = function(params) {
-500     KJUR.asn1.x509.Extension.superclass.constructor.call(this);
-501     var asn1ExtnValue = null,
-502 	_KJUR = KJUR,
-503 	_KJUR_asn1 = _KJUR.asn1,
-504 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
-505 	_DEROctetString = _KJUR_asn1.DEROctetString,
-506 	_DERBitString = _KJUR_asn1.DERBitString,
-507 	_DERBoolean = _KJUR_asn1.DERBoolean,
-508 	_DERSequence = _KJUR_asn1.DERSequence;
-509 
-510     this.getEncodedHex = function() {
-511         var asn1Oid = new _DERObjectIdentifier({'oid': this.oid});
-512         var asn1EncapExtnValue =
-513             new _DEROctetString({'hex': this.getExtnValueHex()});
+484 
+485 // === END   TBSCertificate ===================================================
+486 
+487 // === BEGIN X.509v3 Extensions Related =======================================
+488 
+489 /**
+490  * base Extension ASN.1 structure class
+491  * @name KJUR.asn1.x509.Extension
+492  * @class base Extension ASN.1 structure class
+493  * @param {Array} params associative array of parameters (ex. {'critical': true})
+494  * @extends KJUR.asn1.ASN1Object
+495  * @description
+496  * <pre>
+497  * Extension  ::=  SEQUENCE  {
+498  *     extnID      OBJECT IDENTIFIER,
+499  *     critical    BOOLEAN DEFAULT FALSE,
+500  *     extnValue   OCTET STRING  }
+501  * </pre>
+502  * @example
+503  */
+504 KJUR.asn1.x509.Extension = function(params) {
+505     KJUR.asn1.x509.Extension.superclass.constructor.call(this);
+506     var asn1ExtnValue = null,
+507 	_KJUR = KJUR,
+508 	_KJUR_asn1 = _KJUR.asn1,
+509 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
+510 	_DEROctetString = _KJUR_asn1.DEROctetString,
+511 	_DERBitString = _KJUR_asn1.DERBitString,
+512 	_DERBoolean = _KJUR_asn1.DERBoolean,
+513 	_DERSequence = _KJUR_asn1.DERSequence;
 514 
-515         var asn1Array = new Array();
-516         asn1Array.push(asn1Oid);
-517         if (this.critical) asn1Array.push(new _DERBoolean());
-518         asn1Array.push(asn1EncapExtnValue);
+515     this.getEncodedHex = function() {
+516         var asn1Oid = new _DERObjectIdentifier({'oid': this.oid});
+517         var asn1EncapExtnValue =
+518             new _DEROctetString({'hex': this.getExtnValueHex()});
 519 
-520         var asn1Seq = new _DERSequence({'array': asn1Array});
-521         return asn1Seq.getEncodedHex();
-522     };
-523 
-524     this.critical = false;
-525     if (params !== undefined) {
-526         if (params.critical !== undefined) {
-527             this.critical = params.critical;
-528         }
-529     }
-530 };
-531 YAHOO.lang.extend(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object);
-532 
-533 /**
-534  * KeyUsage ASN.1 structure class
-535  * @name KJUR.asn1.x509.KeyUsage
-536  * @class KeyUsage ASN.1 structure class
-537  * @param {Array} params associative array of parameters (ex. {'bin': '11', 'critical': true})
-538  * @extends KJUR.asn1.x509.Extension
-539  * @description
-540  * This class is for <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.3" target="_blank">KeyUsage</a> X.509v3 extension.
-541  * <pre>
-542  * id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
-543  * KeyUsage ::= BIT STRING {
-544  *   digitalSignature   (0),
-545  *   nonRepudiation     (1),
-546  *   keyEncipherment    (2),
-547  *   dataEncipherment   (3),
-548  *   keyAgreement       (4),
-549  *   keyCertSign        (5),
-550  *   cRLSign            (6),
-551  *   encipherOnly       (7),
-552  *   decipherOnly       (8) }
-553  * </pre><br/>
-554  * NOTE: 'names' parameter is supprted since jsrsasign 8.0.14.
-555  * @example
-556  * o = new KJUR.asn1.x509.KeyUsage({bin: "11"});
-557  * o = new KJUR.asn1.x509.KeyUsage({critical: true, bin: "11"});
-558  * o = new KJUR.asn1.x509.KeyUsage({names: ['digitalSignature', 'keyAgreement']});
-559  */
-560 KJUR.asn1.x509.KeyUsage = function(params) {
-561     KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this, params);
-562     var _KEYUSAGE_NAME = X509.KEYUSAGE_NAME;
-563 
-564     this.getExtnValueHex = function() {
-565         return this.asn1ExtnValue.getEncodedHex();
-566     };
-567 
-568     this.oid = "2.5.29.15";
-569     if (params !== undefined) {
-570         if (params.bin !== undefined) {
-571             this.asn1ExtnValue = new KJUR.asn1.DERBitString(params);
-572         }
-573 	if (params.names !== undefined &&
-574 	    params.names.length !== undefined) {
-575 	    var names = params.names;
-576 	    var s = "000000000";
-577 	    for (var i = 0; i < names.length; i++) {
-578 		for (var j = 0; j < _KEYUSAGE_NAME.length; j++) {
-579 		    if (names[i] === _KEYUSAGE_NAME[j]) {
-580 			s = s.substring(0, j) + '1' + 
-581 			    s.substring(j + 1, s.length);
-582 		    }
-583 		}
-584 	    }
-585             this.asn1ExtnValue = new KJUR.asn1.DERBitString({bin: s});
-586 	}
-587     }
-588 };
-589 YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage, KJUR.asn1.x509.Extension);
-590 
-591 /**
-592  * BasicConstraints ASN.1 structure class
-593  * @name KJUR.asn1.x509.BasicConstraints
-594  * @class BasicConstraints ASN.1 structure class
-595  * @param {Array} params JSON object for parameters (ex. {cA:true,critical:true})
-596  * @extends KJUR.asn1.x509.Extension
-597  * @see {@link X509#getExtBasicConstraints}
-598  * @description
-599  * This class represents 
-600  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.9">
-601  * BasicConstraints extension defined in RFC 5280 4.2.1.9</a>.
-602  * <pre>
-603  *  id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 }
-604  *  BasicConstraints ::= SEQUENCE {
-605  *       cA                      BOOLEAN DEFAULT FALSE,
-606  *       pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
-607  * </pre>
-608  * Its constructor can have following parameters:
-609  * <ul>
-610  * <li>{Boolean}cA - cA flag</li>
-611  * <li>{Integer}pathLen - pathLen field value</li>
-612  * <li>{Boolean}critical - critical flag</li>
-613  * </ul>
-614  * @example
-615  * new KJUR.asn1.x509.BasicConstraints({
-616  *   cA: true,
-617  *   pathLen: 3,
-618  *   critical: true
-619  * })
-620  */
-621 KJUR.asn1.x509.BasicConstraints = function(params) {
-622     KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this, params);
-623     var _KJUR_asn1 = KJUR.asn1,
-624 	_DERBoolean = _KJUR_asn1.DERBoolean,
-625 	_DERInteger = _KJUR_asn1.DERInteger,
-626 	_DERSequence = _KJUR_asn1.DERSequence;
-627 
-628     var cA = false;
-629     var pathLen = -1;
-630 
-631     this.getExtnValueHex = function() {
-632         var asn1Array = new Array();
-633         if (this.cA) asn1Array.push(new _DERBoolean());
-634         if (this.pathLen > -1)
-635             asn1Array.push(new _DERInteger({'int': this.pathLen}));
-636         var asn1Seq = new _DERSequence({'array': asn1Array});
-637         this.asn1ExtnValue = asn1Seq;
-638         return this.asn1ExtnValue.getEncodedHex();
-639     };
-640 
-641     this.oid = "2.5.29.19";
-642     this.cA = false;
-643     this.pathLen = -1;
-644     if (params !== undefined) {
-645         if (params.cA !== undefined) {
-646             this.cA = params.cA;
-647         }
-648         if (params.pathLen !== undefined) {
-649             this.pathLen = params.pathLen;
-650         }
-651     }
-652 };
-653 YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension);
-654 
-655 /**
-656  * CRLDistributionPoints ASN.1 structure class
-657  * @name KJUR.asn1.x509.CRLDistributionPoints
-658  * @class CRLDistributionPoints ASN.1 structure class
-659  * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
-660  * @extends KJUR.asn1.x509.Extension
-661  * @see {@link X509#getExtCRLDistributionPoints}
-662  * @see {@link KJUR.asn1.x509.DistributionPoint}
-663  * @see {@link KJUR.asn1.x509.GeneralNames}
-664  * @description
-665  * This class represents 
-666  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13">
-667  * CRLDistributionPoints extension defined in RFC 5280 4.2.1.13</a>.
-668  * <pre>
-669  * id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-ce 31 }
-670  * CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
-671  * DistributionPoint ::= SEQUENCE {
-672  *      distributionPoint       [0]     DistributionPointName OPTIONAL,
-673  *      reasons                 [1]     ReasonFlags OPTIONAL,
-674  *      cRLIssuer               [2]     GeneralNames OPTIONAL }
-675  * DistributionPointName ::= CHOICE {
-676  *      fullName                [0]     GeneralNames,
-677  *      nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
-678  * </pre>
-679  * Constructor can have following parameter:
-680  * <ul>
-681  * <li>{Array}array - array of {@link KJUR.asn1.x509.DistributionPoint} parameter</li>
-682  * <li>{Boolean}critical - critical flag</li>
-683  * </ul>
-684  * @example
-685  * new KJUR.asn1.x509.CRLDistributionPoints({
-686  *   array: [{fulluri: "http://aaa.com/"}, {fulluri: "ldap://aaa.com/"}],
-687  *   critical: true
-688  * })
-689  */
-690 KJUR.asn1.x509.CRLDistributionPoints = function(params) {
-691     KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params);
-692     var _KJUR = KJUR,
-693 	_KJUR_asn1 = _KJUR.asn1,
-694 	_KJUR_asn1_x509 = _KJUR_asn1.x509;
-695 
-696     this.getExtnValueHex = function() {
-697         return this.asn1ExtnValue.getEncodedHex();
-698     };
-699 
-700     this.setByDPArray = function(dpArray) {
-701 	var asn1Array = [];
-702 	for (var i = 0; i < dpArray.length; i++) {
-703 	    if (dpArray[i] instanceof KJUR.asn1.ASN1Object) {
-704 		asn1Array.push(dpArray[i]);
-705 	    } else {
-706 		var dp = new _KJUR_asn1_x509.DistributionPoint(dpArray[i]);
-707 		asn1Array.push(dp);
-708 	    }
-709 	}
-710         this.asn1ExtnValue = new _KJUR_asn1.DERSequence({'array': asn1Array});
-711     };
-712 
-713     this.setByOneURI = function(uri) {
-714         var dp1 = new _KJUR_asn1_x509.DistributionPoint({fulluri: uri});
-715         this.setByDPArray([dp1]);
+520         var asn1Array = new Array();
+521         asn1Array.push(asn1Oid);
+522         if (this.critical) asn1Array.push(new _DERBoolean());
+523         asn1Array.push(asn1EncapExtnValue);
+524 
+525         var asn1Seq = new _DERSequence({'array': asn1Array});
+526         return asn1Seq.getEncodedHex();
+527     };
+528 
+529     this.critical = false;
+530     if (params !== undefined) {
+531         if (params.critical !== undefined) {
+532             this.critical = params.critical;
+533         }
+534     }
+535 };
+536 YAHOO.lang.extend(KJUR.asn1.x509.Extension, KJUR.asn1.ASN1Object);
+537 
+538 /**
+539  * KeyUsage ASN.1 structure class
+540  * @name KJUR.asn1.x509.KeyUsage
+541  * @class KeyUsage ASN.1 structure class
+542  * @param {Array} params associative array of parameters (ex. {'bin': '11', 'critical': true})
+543  * @extends KJUR.asn1.x509.Extension
+544  * @description
+545  * This class is for <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.3" target="_blank">KeyUsage</a> X.509v3 extension.
+546  * <pre>
+547  * id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
+548  * KeyUsage ::= BIT STRING {
+549  *   digitalSignature   (0),
+550  *   nonRepudiation     (1),
+551  *   keyEncipherment    (2),
+552  *   dataEncipherment   (3),
+553  *   keyAgreement       (4),
+554  *   keyCertSign        (5),
+555  *   cRLSign            (6),
+556  *   encipherOnly       (7),
+557  *   decipherOnly       (8) }
+558  * </pre><br/>
+559  * NOTE: 'names' parameter is supprted since jsrsasign 8.0.14.
+560  * @example
+561  * o = new KJUR.asn1.x509.KeyUsage({bin: "11"});
+562  * o = new KJUR.asn1.x509.KeyUsage({critical: true, bin: "11"});
+563  * o = new KJUR.asn1.x509.KeyUsage({names: ['digitalSignature', 'keyAgreement']});
+564  */
+565 KJUR.asn1.x509.KeyUsage = function(params) {
+566     KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this, params);
+567     var _KEYUSAGE_NAME = X509.KEYUSAGE_NAME;
+568 
+569     this.getExtnValueHex = function() {
+570         return this.asn1ExtnValue.getEncodedHex();
+571     };
+572 
+573     this.oid = "2.5.29.15";
+574     if (params !== undefined) {
+575         if (params.bin !== undefined) {
+576             this.asn1ExtnValue = new KJUR.asn1.DERBitString(params);
+577         }
+578 	if (params.names !== undefined &&
+579 	    params.names.length !== undefined) {
+580 	    var names = params.names;
+581 	    var s = "000000000";
+582 	    for (var i = 0; i < names.length; i++) {
+583 		for (var j = 0; j < _KEYUSAGE_NAME.length; j++) {
+584 		    if (names[i] === _KEYUSAGE_NAME[j]) {
+585 			s = s.substring(0, j) + '1' + 
+586 			    s.substring(j + 1, s.length);
+587 		    }
+588 		}
+589 	    }
+590             this.asn1ExtnValue = new KJUR.asn1.DERBitString({bin: s});
+591 	}
+592     }
+593 };
+594 YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage, KJUR.asn1.x509.Extension);
+595 
+596 /**
+597  * BasicConstraints ASN.1 structure class
+598  * @name KJUR.asn1.x509.BasicConstraints
+599  * @class BasicConstraints ASN.1 structure class
+600  * @param {Array} params JSON object for parameters (ex. {cA:true,critical:true})
+601  * @extends KJUR.asn1.x509.Extension
+602  * @see {@link X509#getExtBasicConstraints}
+603  * @description
+604  * This class represents 
+605  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.9">
+606  * BasicConstraints extension defined in RFC 5280 4.2.1.9</a>.
+607  * <pre>
+608  *  id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 }
+609  *  BasicConstraints ::= SEQUENCE {
+610  *       cA                      BOOLEAN DEFAULT FALSE,
+611  *       pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
+612  * </pre>
+613  * Its constructor can have following parameters:
+614  * <ul>
+615  * <li>{Boolean}cA - cA flag</li>
+616  * <li>{Integer}pathLen - pathLen field value</li>
+617  * <li>{Boolean}critical - critical flag</li>
+618  * </ul>
+619  * @example
+620  * new KJUR.asn1.x509.BasicConstraints({
+621  *   cA: true,
+622  *   pathLen: 3,
+623  *   critical: true
+624  * })
+625  */
+626 KJUR.asn1.x509.BasicConstraints = function(params) {
+627     KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this, params);
+628     var _KJUR_asn1 = KJUR.asn1,
+629 	_DERBoolean = _KJUR_asn1.DERBoolean,
+630 	_DERInteger = _KJUR_asn1.DERInteger,
+631 	_DERSequence = _KJUR_asn1.DERSequence;
+632 
+633     var cA = false;
+634     var pathLen = -1;
+635 
+636     this.getExtnValueHex = function() {
+637         var asn1Array = new Array();
+638         if (this.cA) asn1Array.push(new _DERBoolean());
+639         if (this.pathLen > -1)
+640             asn1Array.push(new _DERInteger({'int': this.pathLen}));
+641         var asn1Seq = new _DERSequence({'array': asn1Array});
+642         this.asn1ExtnValue = asn1Seq;
+643         return this.asn1ExtnValue.getEncodedHex();
+644     };
+645 
+646     this.oid = "2.5.29.19";
+647     this.cA = false;
+648     this.pathLen = -1;
+649     if (params !== undefined) {
+650         if (params.cA !== undefined) {
+651             this.cA = params.cA;
+652         }
+653         if (params.pathLen !== undefined) {
+654             this.pathLen = params.pathLen;
+655         }
+656     }
+657 };
+658 YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints, KJUR.asn1.x509.Extension);
+659 
+660 /**
+661  * CRLDistributionPoints ASN.1 structure class
+662  * @name KJUR.asn1.x509.CRLDistributionPoints
+663  * @class CRLDistributionPoints ASN.1 structure class
+664  * @param {Array} params associative array of parameters (ex. {'uri': 'http://a.com/', 'critical': true})
+665  * @extends KJUR.asn1.x509.Extension
+666  * @see {@link X509#getExtCRLDistributionPoints}
+667  * @see {@link KJUR.asn1.x509.DistributionPoint}
+668  * @see {@link KJUR.asn1.x509.GeneralNames}
+669  * @description
+670  * This class represents 
+671  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13">
+672  * CRLDistributionPoints extension defined in RFC 5280 4.2.1.13</a>.
+673  * <pre>
+674  * id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-ce 31 }
+675  * CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
+676  * DistributionPoint ::= SEQUENCE {
+677  *      distributionPoint       [0]     DistributionPointName OPTIONAL,
+678  *      reasons                 [1]     ReasonFlags OPTIONAL,
+679  *      cRLIssuer               [2]     GeneralNames OPTIONAL }
+680  * DistributionPointName ::= CHOICE {
+681  *      fullName                [0]     GeneralNames,
+682  *      nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
+683  * </pre>
+684  * Constructor can have following parameter:
+685  * <ul>
+686  * <li>{Array}array - array of {@link KJUR.asn1.x509.DistributionPoint} parameter</li>
+687  * <li>{Boolean}critical - critical flag</li>
+688  * </ul>
+689  * @example
+690  * new KJUR.asn1.x509.CRLDistributionPoints({
+691  *   array: [{fulluri: "http://aaa.com/"}, {fulluri: "ldap://aaa.com/"}],
+692  *   critical: true
+693  * })
+694  */
+695 KJUR.asn1.x509.CRLDistributionPoints = function(params) {
+696     KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this, params);
+697     var _KJUR = KJUR,
+698 	_KJUR_asn1 = _KJUR.asn1,
+699 	_KJUR_asn1_x509 = _KJUR_asn1.x509;
+700 
+701     this.getExtnValueHex = function() {
+702         return this.asn1ExtnValue.getEncodedHex();
+703     };
+704 
+705     this.setByDPArray = function(dpArray) {
+706 	var asn1Array = [];
+707 	for (var i = 0; i < dpArray.length; i++) {
+708 	    if (dpArray[i] instanceof KJUR.asn1.ASN1Object) {
+709 		asn1Array.push(dpArray[i]);
+710 	    } else {
+711 		var dp = new _KJUR_asn1_x509.DistributionPoint(dpArray[i]);
+712 		asn1Array.push(dp);
+713 	    }
+714 	}
+715         this.asn1ExtnValue = new _KJUR_asn1.DERSequence({'array': asn1Array});
 716     };
 717 
-718     this.oid = "2.5.29.31";
-719     if (params !== undefined) {
-720         if (params.array !== undefined) {
-721             this.setByDPArray(params.array);
-722         } else if (params.uri !== undefined) {
-723             this.setByOneURI(params.uri);
-724         }
-725     }
-726 };
-727 YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension);
-728 
-729 /**
-730  * DistributionPoint ASN.1 structure class<br/>
-731  * @name KJUR.asn1.x509.DistributionPoint
-732  * @class DistributionPoint ASN.1 structure class
-733  * @param {Array} params JSON object of parameters (OPTIONAL)
-734  * @extends KJUR.asn1.ASN1Object
-735  * @see {@link KJUR.asn1.x509.CRLDistributionPoints}
-736  * @see {@link KJUR.asn1.x509.DistributionPointName}
-737  * @see {@link KJUR.asn1.x509.GeneralNames}
-738  * @see {@link X509#getDistributionPoint}
-739  * @description
-740  * This class represents 
-741  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13">
-742  * DistributionPoint defined in RFC 5280 4.2.1.13</a>.
-743  * <pre>
-744  * DistributionPoint ::= SEQUENCE {
-745  *      distributionPoint       [0]     DistributionPointName OPTIONAL,
-746  *      reasons                 [1]     ReasonFlags OPTIONAL,
-747  *      cRLIssuer               [2]     GeneralNames OPTIONAL }
-748  * </pre>
-749  * Constructor can have following parameter:
-750  * <ul>
-751  * <li>{String}fulluri - uri string for fullName uri. This has the same meaning for '{dpname: {full: [{uri: "..."]}}'.</li>
-752  * <li>{Array}dpname - JSON object for {@link KJUR.asn1.x509.DistributionPointName} parameters</li>
-753  * <li>{DistrubutionPoint}dpobj - {@link KJUR.asn1.x509.DistributionPointName} object (DEPRECATED)</li>
-754  * </ul>
-755  * <br/>
-756  * NOTE1: Parameter "fulluri" and "dpname" supported 
-757  * since jsrsasign 9.0.0 asn1x509 2.0.0.
-758  * <br/>
-759  * NOTE2: The "reasons" and "cRLIssuer" fields are currently
-760  * not supported.
-761  * @example
-762  * new KJUR.asn1.x509.DistributionPoint(
-763  *   {fulluri: "http://example.com/crl1.crl"})
-764  * new KJUR.asn1.x509.DistributionPoint(
-765  *   {dpname: {full: [{uri: "http://example.com/crl1.crl"}]}})
-766  * new KJUR.asn1.x509.DistributionPoint(
-767  *   {dpobj: new DistributionPoint(...)})
-768  */
-769 KJUR.asn1.x509.DistributionPoint = function(params) {
-770     KJUR.asn1.x509.DistributionPoint.superclass.constructor.call(this);
-771     var asn1DP = null,
-772 	_KJUR = KJUR,
-773 	_KJUR_asn1 = _KJUR.asn1,
-774 	_DistributionPointName = _KJUR_asn1.x509.DistributionPointName;
-775 
-776     this.getEncodedHex = function() {
-777         var seq = new _KJUR_asn1.DERSequence();
-778         if (this.asn1DP != null) {
-779             var o1 = new _KJUR_asn1.DERTaggedObject({'explicit': true,
-780                                                      'tag': 'a0',
-781                                                      'obj': this.asn1DP});
-782             seq.appendASN1Object(o1);
-783         }
-784         this.hTLV = seq.getEncodedHex();
-785         return this.hTLV;
-786     };
-787 
-788     if (params !== undefined) {
-789         if (params.dpobj !== undefined) {
-790             this.asn1DP = params.dpobj;
-791         } else if (params.dpname !== undefined) {
-792             this.asn1DP = new _DistributionPointName(params.dpname);
-793 	} else if (params.fulluri !== undefined) {
-794             this.asn1DP = new _DistributionPointName({full: [{uri: params.fulluri}]});
-795 	}
-796     }
-797 };
-798 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPoint, KJUR.asn1.ASN1Object);
-799 
-800 /**
-801  * DistributionPointName ASN.1 structure class<br/>
-802  * @name KJUR.asn1.x509.DistributionPointName
-803  * @class DistributionPointName ASN.1 structure class
-804  * @param {Array} params JSON object of parameters or GeneralNames object
-805  * @extends KJUR.asn1.ASN1Object
-806  * @see {@link KJUR.asn1.x509.CRLDistributionPoints}
-807  * @see {@link KJUR.asn1.x509.DistributionPoint}
-808  * @see {@link KJUR.asn1.x509.GeneralNames}
-809  * @see {@link X509#getDistributionPointName}
-810  * @description
-811  * This class represents 
-812  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13">
-813  * DistributionPointName defined in RFC 5280 4.2.1.13</a>.
-814  * <pre>
-815  * DistributionPointName ::= CHOICE {
-816  *      fullName                [0]     GeneralNames,
-817  *      nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
-818  * </pre>
-819  * Constructor can have following parameter:
-820  * <ul>
-821  * <li>{String}full - JSON object parameter of {@link KJUR.asn1.x509.GeneralNames} for 'fullName' field</li>
-822  * <li>{GeneralNames} - {@link KJUR.asn1.x509.GeneralNames} object for 'fullName'</li>
-823  * </ul>
-824  * NOTE1: 'full' parameter have been suppored since jsrsasign 9.0.0 asn1x509 2.0.0.
-825  * <br>
-826  * NOTE2: The 'nameRelativeToCRLIssuer' field is currently not supported.
-827  * @example
-828  * new KJUR.asn1.x509.DistributionPointName({full: <<GeneralNamesParameter>>})
-829  * new KJUR.asn1.x509.DistributionPointName({full: [{uri: <<CDPURI>>}]})
-830  * new KJUR.asn1.x509.DistributionPointName({full: [{dn: <<DN Parameter>>}]}
-831  * new KJUR.asn1.x509.DistributionPointName({full: [{uri: "http://example.com/root.crl"}]})
-832  * new KJUR.asn1.x509.DistributionPointName({full: [{dn {str: "/C=US/O=Test"}}]})
-833  * new KJUR.asn1.x509.DistributionPointName(new GeneralNames(...))
-834  */
-835 KJUR.asn1.x509.DistributionPointName = function(params) {
-836     KJUR.asn1.x509.DistributionPointName.superclass.constructor.call(this);
-837     var asn1Obj = null,
-838 	type = null,
-839 	tag = null,
-840 	asn1V = null,
-841 	_KJUR = KJUR,
-842 	_KJUR_asn1 = _KJUR.asn1,
-843 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject;
-844 
-845     this.getEncodedHex = function() {
-846         if (this.type != "full")
-847             throw new Error("currently type shall be 'full': " + this.type);
-848         this.asn1Obj = new _DERTaggedObject({'explicit': false,
-849                                              'tag': this.tag,
-850                                              'obj': this.asn1V});
-851         this.hTLV = this.asn1Obj.getEncodedHex();
-852         return this.hTLV;
-853     };
-854 
-855     if (params !== undefined) {
-856         if (_KJUR_asn1.x509.GeneralNames.prototype.isPrototypeOf(params)) {
-857             this.type = "full";
-858             this.tag = "a0";
-859             this.asn1V = params;
-860 	} else if (params.full !== undefined) {
-861             this.type = "full";
-862             this.tag = "a0";
-863             this.asn1V = new _KJUR_asn1.x509.GeneralNames(params.full);
-864         } else {
-865             throw new Error("This class supports GeneralNames only as argument");
-866         }
-867     }
-868 };
-869 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPointName, KJUR.asn1.ASN1Object);
-870 
-871 /**
-872  * CertificatePolicies ASN.1 structure class
-873  * @name KJUR.asn1.x509.CertificatePolicies
-874  * @class CertificatePolicies ASN.1 structure class
-875  * @param {Array} params associative array of parameters
-876  * @extends KJUR.asn1.x509.Extension
-877  * @since jsrsasign 8.0.23 asn1x509 1.1.12
-878  * @see KJUR.asn1.x509.CertificatePolicies
-879  * @see KJUR.asn1.x509.PolicyInformation
-880  * @see KJUR.asn1.x509.PolicyQualifierInfo
-881  * @see KJUR.asn1.x509.UserNotice
-882  * @see KJUR.asn1.x509.NoticeReference
-883  * @see KJUR.asn1.x509.DisplayText
-884  * @description
-885  * This class represents 
-886  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
-887  * CertificatePolicies extension defined in RFC 5280 4.2.1.4</a>.
-888  * <pre>
-889  * id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 }
-890  * CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
-891  * </pre>
-892  * Its constructor can have following parameters:
-893  * <ul>
-894  * <li>array - array of {@link KJUR.asn1.x509.PolicyInformation} parameter</li>
-895  * <li>critical - boolean: critical flag</li>
-896  * </ul>
-897  * NOTE: Returned JSON value format have been changed without 
-898  * backward compatibility since jsrsasign 9.0.0 asn1x509 2.0.0.
-899  * @example
-900  * e1 = new KJUR.asn1.x509.CertificatePolicies({
-901  *   array: [
-902  *     { policyoid: "1.2.3.4.5",
-903  *       array: [
-904  *         { cps: "https://example.com/repository" },
-905  *         { unotice: {
-906  *           noticeref: { // CA SHOULD NOT use this by RFC
-907  *             org: {type: "ia5", str: "Sample Org"},
-908  *             noticenum: [{int: 5}, {hex: "01af"}]
-909  *           },
-910  *           exptext: {type: "ia5", str: "Sample Policy"}
-911  *         }}
-912  *       ]
-913  *     }
-914  *   ],
-915  *   critical: true
-916  * });
-917  */
-918 KJUR.asn1.x509.CertificatePolicies = function(params) {
-919     KJUR.asn1.x509.CertificatePolicies.superclass.constructor.call(this, params);
-920     var _KJUR = KJUR,
-921 	_KJUR_asn1 = _KJUR.asn1,
-922 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
-923 	_DERSequence = _KJUR_asn1.DERSequence,
-924 	_PolicyInformation = _KJUR_asn1_x509.PolicyInformation;
-925 
-926     this.params = null;
-927 
-928     this.getExtnValueHex = function() {
-929 	var aPI = [];
-930 	for (var i = 0; i < this.params.array.length; i++) {
-931 	    aPI.push(new _PolicyInformation(this.params.array[i]));
-932 	}
-933 	var seq = new _DERSequence({array: aPI});
-934 	this.asn1ExtnValue = seq;
-935         return this.asn1ExtnValue.getEncodedHex();
-936     };
-937 
-938     this.oid = "2.5.29.32";
-939     if (params !== undefined) {
-940 	this.params = params;
-941     }
-942 };
-943 YAHOO.lang.extend(KJUR.asn1.x509.CertificatePolicies, KJUR.asn1.x509.Extension);
-944 
-945 // ===== BEGIN CertificatePolicies related classes =====
-946 /**
-947  * PolicyInformation ASN.1 structure class
-948  * @name KJUR.asn1.x509.PolicyInformation
-949  * @class PolicyInformation ASN.1 structure class
-950  * @param {Array} params JSON object of parameters
-951  * @extends KJUR.asn1.ASN1Object
-952  * @since jsrsasign 8.0.23 asn1x509 1.1.12
-953  * @see KJUR.asn1.x509.CertificatePolicies
-954  * @see KJUR.asn1.x509.PolicyInformation
-955  * @see KJUR.asn1.x509.PolicyQualifierInfo
-956  * @see KJUR.asn1.x509.UserNotice
-957  * @see KJUR.asn1.x509.NoticeReference
-958  * @see KJUR.asn1.x509.DisplayText
-959  * @description
-960  * This class represents 
-961  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
-962  * PolicyInformation defined in RFC 5280 4.2.1.4</a>.
-963  * <pre>
-964  * PolicyInformation ::= SEQUENCE {
-965  *      policyIdentifier   CertPolicyId,
-966  *      policyQualifiers   SEQUENCE SIZE (1..MAX) OF
-967  *                         PolicyQualifierInfo OPTIONAL }
-968  * CertPolicyId ::= OBJECT IDENTIFIER
-969  * Its constructor can have following parameters:
-970  * <ul>
-971  * <li>{String}policyoid - policy OID (ex. "1.2.3.4.5")</li>
-972  * <li>{Object}array - array of {@link KJUR.asn1.x509.PolicyQualifierInfo}
-973  * parameters (OPTIONAL)</li>
-974  * </ul>
-975  * @example
-976  * new KJUR.asn1.x509.PolicyInformation({
-977  *   policyoid: "1.2.3.4.5",
-978  *   array: [
-979  *     { cps: "https://example.com/repository" },
-980  *     { unotice: {
-981  *       noticeref: { // CA SHOULD NOT use this by RFC
-982  *         org: {type: "ia5", str: "Sample Org"},
-983  *         noticenum: [{int: 5}, {hex: "01af"}]
-984  *       },
-985  *       exptext: {type: "ia5", str: "Sample Policy"}
-986  *     }}
-987  *   ]
-988  * })
-989  */
-990 KJUR.asn1.x509.PolicyInformation = function(params) {
-991     KJUR.asn1.x509.PolicyInformation.superclass.constructor.call(this,
-992 								 params);
-993     var _KJUR_asn1 = KJUR.asn1,
-994 	_DERSequence = _KJUR_asn1.DERSequence,
-995 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
-996 	_PolicyQualifierInfo = _KJUR_asn1.x509.PolicyQualifierInfo;
-997 
-998     this.params = null;
-999 
-1000     this.getEncodedHex = function() {
-1001 	if (this.params.policyoid === undefined &&
-1002 	    this.params.array === undefined)
-1003 	    throw new Error("parameter oid and array missing");
+718     this.setByOneURI = function(uri) {
+719         var dp1 = new _KJUR_asn1_x509.DistributionPoint({fulluri: uri});
+720         this.setByDPArray([dp1]);
+721     };
+722 
+723     this.oid = "2.5.29.31";
+724     if (params !== undefined) {
+725         if (params.array !== undefined) {
+726             this.setByDPArray(params.array);
+727         } else if (params.uri !== undefined) {
+728             this.setByOneURI(params.uri);
+729         }
+730     }
+731 };
+732 YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints, KJUR.asn1.x509.Extension);
+733 
+734 /**
+735  * DistributionPoint ASN.1 structure class<br/>
+736  * @name KJUR.asn1.x509.DistributionPoint
+737  * @class DistributionPoint ASN.1 structure class
+738  * @param {Array} params JSON object of parameters (OPTIONAL)
+739  * @extends KJUR.asn1.ASN1Object
+740  * @see {@link KJUR.asn1.x509.CRLDistributionPoints}
+741  * @see {@link KJUR.asn1.x509.DistributionPointName}
+742  * @see {@link KJUR.asn1.x509.GeneralNames}
+743  * @see {@link X509#getDistributionPoint}
+744  * @description
+745  * This class represents 
+746  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13">
+747  * DistributionPoint defined in RFC 5280 4.2.1.13</a>.
+748  * <pre>
+749  * DistributionPoint ::= SEQUENCE {
+750  *      distributionPoint       [0]     DistributionPointName OPTIONAL,
+751  *      reasons                 [1]     ReasonFlags OPTIONAL,
+752  *      cRLIssuer               [2]     GeneralNames OPTIONAL }
+753  * </pre>
+754  * Constructor can have following parameter:
+755  * <ul>
+756  * <li>{String}fulluri - uri string for fullName uri. This has the same meaning for '{dpname: {full: [{uri: "..."]}}'.</li>
+757  * <li>{Array}dpname - JSON object for {@link KJUR.asn1.x509.DistributionPointName} parameters</li>
+758  * <li>{DistrubutionPoint}dpobj - {@link KJUR.asn1.x509.DistributionPointName} object (DEPRECATED)</li>
+759  * </ul>
+760  * <br/>
+761  * NOTE1: Parameter "fulluri" and "dpname" supported 
+762  * since jsrsasign 9.0.0 asn1x509 2.0.0.
+763  * <br/>
+764  * NOTE2: The "reasons" and "cRLIssuer" fields are currently
+765  * not supported.
+766  * @example
+767  * new KJUR.asn1.x509.DistributionPoint(
+768  *   {fulluri: "http://example.com/crl1.crl"})
+769  * new KJUR.asn1.x509.DistributionPoint(
+770  *   {dpname: {full: [{uri: "http://example.com/crl1.crl"}]}})
+771  * new KJUR.asn1.x509.DistributionPoint(
+772  *   {dpobj: new DistributionPoint(...)})
+773  */
+774 KJUR.asn1.x509.DistributionPoint = function(params) {
+775     KJUR.asn1.x509.DistributionPoint.superclass.constructor.call(this);
+776     var asn1DP = null,
+777 	_KJUR = KJUR,
+778 	_KJUR_asn1 = _KJUR.asn1,
+779 	_DistributionPointName = _KJUR_asn1.x509.DistributionPointName;
+780 
+781     this.getEncodedHex = function() {
+782         var seq = new _KJUR_asn1.DERSequence();
+783         if (this.asn1DP != null) {
+784             var o1 = new _KJUR_asn1.DERTaggedObject({'explicit': true,
+785                                                      'tag': 'a0',
+786                                                      'obj': this.asn1DP});
+787             seq.appendASN1Object(o1);
+788         }
+789         this.hTLV = seq.getEncodedHex();
+790         return this.hTLV;
+791     };
+792 
+793     if (params !== undefined) {
+794         if (params.dpobj !== undefined) {
+795             this.asn1DP = params.dpobj;
+796         } else if (params.dpname !== undefined) {
+797             this.asn1DP = new _DistributionPointName(params.dpname);
+798 	} else if (params.fulluri !== undefined) {
+799             this.asn1DP = new _DistributionPointName({full: [{uri: params.fulluri}]});
+800 	}
+801     }
+802 };
+803 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPoint, KJUR.asn1.ASN1Object);
+804 
+805 /**
+806  * DistributionPointName ASN.1 structure class<br/>
+807  * @name KJUR.asn1.x509.DistributionPointName
+808  * @class DistributionPointName ASN.1 structure class
+809  * @param {Array} params JSON object of parameters or GeneralNames object
+810  * @extends KJUR.asn1.ASN1Object
+811  * @see {@link KJUR.asn1.x509.CRLDistributionPoints}
+812  * @see {@link KJUR.asn1.x509.DistributionPoint}
+813  * @see {@link KJUR.asn1.x509.GeneralNames}
+814  * @see {@link X509#getDistributionPointName}
+815  * @description
+816  * This class represents 
+817  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.13">
+818  * DistributionPointName defined in RFC 5280 4.2.1.13</a>.
+819  * <pre>
+820  * DistributionPointName ::= CHOICE {
+821  *      fullName                [0]     GeneralNames,
+822  *      nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
+823  * </pre>
+824  * Constructor can have following parameter:
+825  * <ul>
+826  * <li>{String}full - JSON object parameter of {@link KJUR.asn1.x509.GeneralNames} for 'fullName' field</li>
+827  * <li>{GeneralNames} - {@link KJUR.asn1.x509.GeneralNames} object for 'fullName'</li>
+828  * </ul>
+829  * NOTE1: 'full' parameter have been suppored since jsrsasign 9.0.0 asn1x509 2.0.0.
+830  * <br>
+831  * NOTE2: The 'nameRelativeToCRLIssuer' field is currently not supported.
+832  * @example
+833  * new KJUR.asn1.x509.DistributionPointName({full: <<GeneralNamesParameter>>})
+834  * new KJUR.asn1.x509.DistributionPointName({full: [{uri: <<CDPURI>>}]})
+835  * new KJUR.asn1.x509.DistributionPointName({full: [{dn: <<DN Parameter>>}]}
+836  * new KJUR.asn1.x509.DistributionPointName({full: [{uri: "http://example.com/root.crl"}]})
+837  * new KJUR.asn1.x509.DistributionPointName({full: [{dn {str: "/C=US/O=Test"}}]})
+838  * new KJUR.asn1.x509.DistributionPointName(new GeneralNames(...))
+839  */
+840 KJUR.asn1.x509.DistributionPointName = function(params) {
+841     KJUR.asn1.x509.DistributionPointName.superclass.constructor.call(this);
+842     var asn1Obj = null,
+843 	type = null,
+844 	tag = null,
+845 	asn1V = null,
+846 	_KJUR = KJUR,
+847 	_KJUR_asn1 = _KJUR.asn1,
+848 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject;
+849 
+850     this.getEncodedHex = function() {
+851         if (this.type != "full")
+852             throw new Error("currently type shall be 'full': " + this.type);
+853         this.asn1Obj = new _DERTaggedObject({'explicit': false,
+854                                              'tag': this.tag,
+855                                              'obj': this.asn1V});
+856         this.hTLV = this.asn1Obj.getEncodedHex();
+857         return this.hTLV;
+858     };
+859 
+860     if (params !== undefined) {
+861         if (_KJUR_asn1.x509.GeneralNames.prototype.isPrototypeOf(params)) {
+862             this.type = "full";
+863             this.tag = "a0";
+864             this.asn1V = params;
+865 	} else if (params.full !== undefined) {
+866             this.type = "full";
+867             this.tag = "a0";
+868             this.asn1V = new _KJUR_asn1.x509.GeneralNames(params.full);
+869         } else {
+870             throw new Error("This class supports GeneralNames only as argument");
+871         }
+872     }
+873 };
+874 YAHOO.lang.extend(KJUR.asn1.x509.DistributionPointName, KJUR.asn1.ASN1Object);
+875 
+876 /**
+877  * CertificatePolicies ASN.1 structure class
+878  * @name KJUR.asn1.x509.CertificatePolicies
+879  * @class CertificatePolicies ASN.1 structure class
+880  * @param {Array} params associative array of parameters
+881  * @extends KJUR.asn1.x509.Extension
+882  * @since jsrsasign 8.0.23 asn1x509 1.1.12
+883  * @see KJUR.asn1.x509.CertificatePolicies
+884  * @see KJUR.asn1.x509.PolicyInformation
+885  * @see KJUR.asn1.x509.PolicyQualifierInfo
+886  * @see KJUR.asn1.x509.UserNotice
+887  * @see KJUR.asn1.x509.NoticeReference
+888  * @see KJUR.asn1.x509.DisplayText
+889  * @description
+890  * This class represents 
+891  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
+892  * CertificatePolicies extension defined in RFC 5280 4.2.1.4</a>.
+893  * <pre>
+894  * id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 }
+895  * CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
+896  * </pre>
+897  * Its constructor can have following parameters:
+898  * <ul>
+899  * <li>array - array of {@link KJUR.asn1.x509.PolicyInformation} parameter</li>
+900  * <li>critical - boolean: critical flag</li>
+901  * </ul>
+902  * NOTE: Returned JSON value format have been changed without 
+903  * backward compatibility since jsrsasign 9.0.0 asn1x509 2.0.0.
+904  * @example
+905  * e1 = new KJUR.asn1.x509.CertificatePolicies({
+906  *   array: [
+907  *     { policyoid: "1.2.3.4.5",
+908  *       array: [
+909  *         { cps: "https://example.com/repository" },
+910  *         { unotice: {
+911  *           noticeref: { // CA SHOULD NOT use this by RFC
+912  *             org: {type: "ia5", str: "Sample Org"},
+913  *             noticenum: [{int: 5}, {hex: "01af"}]
+914  *           },
+915  *           exptext: {type: "ia5", str: "Sample Policy"}
+916  *         }}
+917  *       ]
+918  *     }
+919  *   ],
+920  *   critical: true
+921  * });
+922  */
+923 KJUR.asn1.x509.CertificatePolicies = function(params) {
+924     KJUR.asn1.x509.CertificatePolicies.superclass.constructor.call(this, params);
+925     var _KJUR = KJUR,
+926 	_KJUR_asn1 = _KJUR.asn1,
+927 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+928 	_DERSequence = _KJUR_asn1.DERSequence,
+929 	_PolicyInformation = _KJUR_asn1_x509.PolicyInformation;
+930 
+931     this.params = null;
+932 
+933     this.getExtnValueHex = function() {
+934 	var aPI = [];
+935 	for (var i = 0; i < this.params.array.length; i++) {
+936 	    aPI.push(new _PolicyInformation(this.params.array[i]));
+937 	}
+938 	var seq = new _DERSequence({array: aPI});
+939 	this.asn1ExtnValue = seq;
+940         return this.asn1ExtnValue.getEncodedHex();
+941     };
+942 
+943     this.oid = "2.5.29.32";
+944     if (params !== undefined) {
+945 	this.params = params;
+946     }
+947 };
+948 YAHOO.lang.extend(KJUR.asn1.x509.CertificatePolicies, KJUR.asn1.x509.Extension);
+949 
+950 // ===== BEGIN CertificatePolicies related classes =====
+951 /**
+952  * PolicyInformation ASN.1 structure class
+953  * @name KJUR.asn1.x509.PolicyInformation
+954  * @class PolicyInformation ASN.1 structure class
+955  * @param {Array} params JSON object of parameters
+956  * @extends KJUR.asn1.ASN1Object
+957  * @since jsrsasign 8.0.23 asn1x509 1.1.12
+958  * @see KJUR.asn1.x509.CertificatePolicies
+959  * @see KJUR.asn1.x509.PolicyInformation
+960  * @see KJUR.asn1.x509.PolicyQualifierInfo
+961  * @see KJUR.asn1.x509.UserNotice
+962  * @see KJUR.asn1.x509.NoticeReference
+963  * @see KJUR.asn1.x509.DisplayText
+964  * @description
+965  * This class represents 
+966  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
+967  * PolicyInformation defined in RFC 5280 4.2.1.4</a>.
+968  * <pre>
+969  * PolicyInformation ::= SEQUENCE {
+970  *      policyIdentifier   CertPolicyId,
+971  *      policyQualifiers   SEQUENCE SIZE (1..MAX) OF
+972  *                         PolicyQualifierInfo OPTIONAL }
+973  * CertPolicyId ::= OBJECT IDENTIFIER
+974  * Its constructor can have following parameters:
+975  * <ul>
+976  * <li>{String}policyoid - policy OID (ex. "1.2.3.4.5")</li>
+977  * <li>{Object}array - array of {@link KJUR.asn1.x509.PolicyQualifierInfo}
+978  * parameters (OPTIONAL)</li>
+979  * </ul>
+980  * @example
+981  * new KJUR.asn1.x509.PolicyInformation({
+982  *   policyoid: "1.2.3.4.5",
+983  *   array: [
+984  *     { cps: "https://example.com/repository" },
+985  *     { unotice: {
+986  *       noticeref: { // CA SHOULD NOT use this by RFC
+987  *         org: {type: "ia5", str: "Sample Org"},
+988  *         noticenum: [{int: 5}, {hex: "01af"}]
+989  *       },
+990  *       exptext: {type: "ia5", str: "Sample Policy"}
+991  *     }}
+992  *   ]
+993  * })
+994  */
+995 KJUR.asn1.x509.PolicyInformation = function(params) {
+996     KJUR.asn1.x509.PolicyInformation.superclass.constructor.call(this,
+997 								 params);
+998     var _KJUR_asn1 = KJUR.asn1,
+999 	_DERSequence = _KJUR_asn1.DERSequence,
+1000 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
+1001 	_PolicyQualifierInfo = _KJUR_asn1.x509.PolicyQualifierInfo;
+1002 
+1003     this.params = null;
 1004 
-1005 	// policy oid
-1006 	var a = [new _DERObjectIdentifier(this.params.policyoid)];
-1007 
-1008 	// array of ASN1Object of PolicyQualifierInfo
-1009 	if (this.params.array !== undefined) {
-1010 	    var aPQI = [];
-1011 	    for (var i = 0; i < this.params.array.length; i++) {
-1012 		aPQI.push(new _PolicyQualifierInfo(this.params.array[i]));
-1013 	    }
-1014 	    if (aPQI.length > 0) {
-1015 		a.push(new _DERSequence({array: aPQI}));
-1016 	    }
-1017 	}
-1018 
-1019 	var seq = new _DERSequence({array: a});
-1020 	return seq.getEncodedHex();
-1021     };
-1022 
-1023     if (params !== undefined) {
-1024 	this.params = params;
-1025     }
-1026 };
-1027 YAHOO.lang.extend(KJUR.asn1.x509.PolicyInformation, KJUR.asn1.ASN1Object);
-1028 
-1029 /**
-1030  * PolicyQualifierInfo ASN.1 structure class
-1031  * @name KJUR.asn1.x509.PolicyQualifierInfo
-1032  * @class PolicyQualifierInfo ASN.1 structure class
-1033  * @param {Array} params associative array of parameters
-1034  * @extends KJUR.asn1.ASN1Object
-1035  * @since jsrsasign 8.0.23 asn1x509 1.1.12
-1036  * @description
-1037  * This class represents 
-1038  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
-1039  * PolicyQualifierInfo defined in RFC 5280 4.2.1.4</a>.
-1040  * <pre>
-1041  * PolicyQualifierInfo ::= SEQUENCE {
-1042  *      policyQualifierId  PolicyQualifierId,
-1043  *      qualifier          ANY DEFINED BY policyQualifierId }
-1044  * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
-1045  * CPSuri ::= IA5String
-1046  * </pre>
-1047  * Its constructor can have one of following two parameters:
-1048  * <ul>
-1049  * <li>{String}cps - URI string for CPS</li>
-1050  * <li>{Object}unotice - {@link KJUR.asn1.x509.UserNotice} parameter</li>
-1051  * </ul>
-1052  * @example
-1053  * new PolicyQualifierInfo({
-1054  *   cps: "https://example.com/repository/cps"
-1055  * })
-1056  *
-1057  * new PolicyQualifierInfo({
-1058  *   unotice: {
-1059  *     noticeref: { // CA SHOULD NOT use this by RFC
-1060  *       org: {type: "bmp", str: "Sample Org"},
-1061  *       noticenum: [{int: 3}, {hex: "01af"}]
-1062  *     },
-1063  *     exptext: {type: "ia5", str: "Sample Policy"}
-1064  *   }
-1065  * })
-1066  */
-1067 KJUR.asn1.x509.PolicyQualifierInfo = function(params) {
-1068     KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,
-1069 								   params);
-1070     var _KJUR_asn1 = KJUR.asn1,
-1071 	_DERSequence = _KJUR_asn1.DERSequence,
-1072 	_DERIA5String = _KJUR_asn1.DERIA5String,
-1073 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
-1074 	_UserNotice = _KJUR_asn1.x509.UserNotice;
-1075 
-1076     this.params = null;
-1077 
-1078     this.getEncodedHex = function() {
-1079 	if (this.params.cps !== undefined) {
-1080 	    var seq = new _DERSequence({array: [
-1081 		new _DERObjectIdentifier({oid: '1.3.6.1.5.5.7.2.1'}),
-1082 		new _DERIA5String({str: this.params.cps})
-1083 	    ]});
-1084 	    return seq.getEncodedHex();
-1085 	}
-1086 	if (this.params.unotice != undefined) {
-1087 	    var seq = new _DERSequence({array: [
-1088 		new _DERObjectIdentifier({oid: '1.3.6.1.5.5.7.2.2'}),
-1089 		new _UserNotice(this.params.unotice)
-1090 	    ]});
-1091 	    return seq.getEncodedHex();
-1092 	}
-1093     };
-1094 
-1095     if (params !== undefined) {
-1096 	this.params = params;
-1097     }
-1098 };
-1099 YAHOO.lang.extend(KJUR.asn1.x509.PolicyQualifierInfo, KJUR.asn1.ASN1Object);
-1100 
-1101 
-1102 /**
-1103  * UserNotice ASN.1 structure class
-1104  * @name KJUR.asn1.x509.UserNotice
-1105  * @class UserNotice ASN.1 structure class
-1106  * @param {Array} params associative array of parameters
-1107  * @extends KJUR.asn1.ASN1Object
-1108  * @since jsrsasign 8.0.23 asn1x509 1.1.12
-1109  * @description
-1110  * This class represents 
-1111  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
-1112  * UserNotice defined in RFC 5280 4.2.1.4</a>.
-1113  * <pre>
-1114  * UserNotice ::= SEQUENCE {
-1115  *      noticeRef        NoticeReference OPTIONAL,
-1116  *      explicitText     DisplayText OPTIONAL }
-1117  * </pre>
-1118  * Its constructor can have following two parameters:
-1119  * <ul>
-1120  * <li>{Object}noticeref - {@link KJUR.asn1.x509.NoticeReference} parameter.
-1121  * This SHALL NOT be set for conforming CA by RFC 5280. (OPTIONAL)</li>
-1122  * <li>{Object}exptext - explicitText value
-1123  * by {@link KJUR.asn1.x509.DisplayText} parameter (OPTIONAL)</li>
-1124  * </ul>
-1125  * @example
-1126  * new UserNotice({
-1127  *   noticeref: {
-1128  *     org: {type: "bmp", str: "Sample Org"},
-1129  *     noticenum: [{int: 3}, {hex: "01af"}]
-1130  *   },
-1131  *   exptext: {type: "ia5", str: "Sample Policy"}
-1132  * })
-1133  */
-1134 KJUR.asn1.x509.UserNotice = function(params) {
-1135     KJUR.asn1.x509.UserNotice.superclass.constructor.call(this, params);
-1136     var _DERSequence = KJUR.asn1.DERSequence,
-1137 	_DERInteger = KJUR.asn1.DERInteger,
-1138 	_DisplayText = KJUR.asn1.x509.DisplayText,
-1139 	_NoticeReference = KJUR.asn1.x509.NoticeReference;
-1140 
-1141     this.params = null;
-1142 
-1143     this.getEncodedHex = function() {
-1144 	var a = [];
-1145 	if (this.params.noticeref !== undefined) {
-1146 	    a.push(new _NoticeReference(this.params.noticeref));
-1147 	}
-1148 	if (this.params.exptext !== undefined) {
-1149 	    a.push(new _DisplayText(this.params.exptext));
-1150 	}
-1151 	var seq = new _DERSequence({array: a});
-1152 	return seq.getEncodedHex();
-1153     };
-1154 
-1155     if (params !== undefined) {
-1156 	this.params = params;
-1157     }
-1158 };
-1159 YAHOO.lang.extend(KJUR.asn1.x509.UserNotice, KJUR.asn1.ASN1Object);
-1160 
-1161 /**
-1162  * NoticeReference ASN.1 structure class
-1163  * @name KJUR.asn1.x509.NoticeReference
-1164  * @class NoticeReference ASN.1 structure class
-1165  * @param {Array} params associative array of parameters
-1166  * @extends KJUR.asn1.ASN1Object
-1167  * @since jsrsasign 8.0.23 asn1x509 1.1.12
-1168  * @description
-1169  * This class represents 
-1170  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
-1171  * NoticeReference defined in RFC 5280 4.2.1.4</a>.
-1172  * <pre>
-1173  * NoticeReference ::= SEQUENCE {
-1174  *      organization     DisplayText,
-1175  *      noticeNumbers    SEQUENCE OF INTEGER }
-1176  * </pre>
-1177  * Its constructor can have following two parameters:
-1178  * <ul>
-1179  * <li>{Object}org - organization by {@link KJUR.asn1.x509.DisplayText}
-1180  * parameter.</li>
-1181  * <li>{Object}noticenum - noticeNumbers value by an array of
-1182  * {@link KJUR.asn1.DERInteger} parameter</li>
-1183  * </ul>
-1184  * @example
-1185  * new NoticeReference({
-1186  *   org: {type: "bmp", str: "Sample Org"},
-1187  *   noticenum: [{int: 3}, {hex: "01af"}]
-1188  * })
-1189  */
-1190 KJUR.asn1.x509.NoticeReference = function(params) {
-1191     KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this, params);
-1192     var _DERSequence = KJUR.asn1.DERSequence,
-1193 	_DERInteger = KJUR.asn1.DERInteger,
-1194 	_DisplayText = KJUR.asn1.x509.DisplayText;
-1195 
-1196     this.params = null;
-1197 
-1198     this.getEncodedHex = function() {
-1199 	var a = [];
-1200 	if (this.params.org !== undefined) {
-1201 	    a.push(new _DisplayText(this.params.org));
-1202 	}
-1203 	if (this.params.noticenum !== undefined) {
-1204 	    var aNoticeNum = [];
-1205 	    var aNumParam = this.params.noticenum;
-1206 	    for (var i = 0; i < aNumParam.length; i++) {
-1207 		aNoticeNum.push(new _DERInteger(aNumParam[i]));
-1208 	    }
-1209 	    a.push(new _DERSequence({array: aNoticeNum}));
-1210 	}
-1211 	if (a.length == 0) throw new Error("parameter is empty");
-1212 	var seq = new _DERSequence({array: a});
-1213 	return seq.getEncodedHex();
-1214     }
-1215 
-1216     if (params !== undefined) {
-1217 	this.params = params;
-1218     }
-1219 };
-1220 YAHOO.lang.extend(KJUR.asn1.x509.NoticeReference, KJUR.asn1.ASN1Object);
-1221 
-1222 /**
-1223  * DisplayText ASN.1 structure class
-1224  * @name KJUR.asn1.x509.DisplayText
-1225  * @class DisplayText ASN.1 structure class
-1226  * @param {Array} params associative array of parameters
-1227  * @extends KJUR.asn1.DERAbstractString
-1228  * @since jsrsasign 8.0.23 asn1x509 1.1.12
-1229  * @description
-1230  * This class represents 
-1231  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
-1232  * DisplayText defined in RFC 5280 4.2.1.4</a>.
-1233  * <pre>
-1234  * -- from RFC 5280 Appendix A
-1235  * DisplayText ::= CHOICE {
-1236  *      ia5String        IA5String      (SIZE (1..200)),
-1237  *      visibleString    VisibleString  (SIZE (1..200)),
-1238  *      bmpString        BMPString      (SIZE (1..200)),
-1239  *      utf8String       UTF8String     (SIZE (1..200)) }
-1240  * </pre>
-1241  * {@link KJUR.asn1.DERAbstractString} parameters and methods
-1242  * can be used.
-1243  * Its constructor can also have following parameter:
-1244  * <ul>
-1245  * <li>{String} type - DirectoryString type of DisplayText.
-1246  * "ia5" for IA5String, "vis" for VisibleString,
-1247  * "bmp" for BMPString and "utf8" for UTF8String.
-1248  * Default is "utf8". (OPTIONAL)</li>
-1249  * </ul>
-1250  * @example
-1251  * new DisplayText({type: "bmp", str: "Sample Org"})
-1252  * new DisplayText({type: "ia5", str: "Sample Org"})
-1253  * new DisplayText({str: "Sample Org"})
-1254  */
-1255 KJUR.asn1.x509.DisplayText = function(params) {
-1256     KJUR.asn1.x509.DisplayText.superclass.constructor.call(this, params);
-1257 
-1258     this.hT = "0c"; // DEFAULT "utf8"
-1259 
-1260     if (params !== undefined) {
-1261 	if (params.type === "ia5") {
-1262 	    this.hT = "16";
-1263 	} else if (params.type === "vis") {
-1264 	    this.hT = "1a";
-1265 	} else if (params.type === "bmp") {
-1266 	    this.hT = "1e";
-1267 	}
-1268     }
-1269 };
-1270 YAHOO.lang.extend(KJUR.asn1.x509.DisplayText, KJUR.asn1.DERAbstractString);
-1271 // ===== END CertificatePolicies related classes =====
-1272 
-1273 // =====================================================================
-1274 /**
-1275  * KeyUsage ASN.1 structure class
-1276  * @name KJUR.asn1.x509.ExtKeyUsage
-1277  * @class ExtKeyUsage ASN.1 structure class
-1278  * @param {Array} params associative array of parameters
-1279  * @extends KJUR.asn1.x509.Extension
-1280  * @description
-1281  * @example
-1282  * e1 = new KJUR.asn1.x509.ExtKeyUsage({
-1283  *   critical: true,
-1284  *   array: [
-1285  *     {oid: '2.5.29.37.0'},  // anyExtendedKeyUsage
-1286  *     {name: 'clientAuth'},
-1287  *     "1.2.3.4",
-1288  *     "serverAuth"
-1289  *   ]
-1290  * });
-1291  * // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
-1292  * // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
-1293  * // KeyPurposeId ::= OBJECT IDENTIFIER
-1294  */
-1295 KJUR.asn1.x509.ExtKeyUsage = function(params) {
-1296     KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params);
-1297     var _KJUR = KJUR,
-1298 	_KJUR_asn1 = _KJUR.asn1;
-1299 
-1300     this.setPurposeArray = function(purposeArray) {
-1301         this.asn1ExtnValue = new _KJUR_asn1.DERSequence();
-1302         for (var i = 0; i < purposeArray.length; i++) {
-1303             var o = new _KJUR_asn1.DERObjectIdentifier(purposeArray[i]);
-1304             this.asn1ExtnValue.appendASN1Object(o);
-1305         }
-1306     };
-1307 
-1308     this.getExtnValueHex = function() {
-1309         return this.asn1ExtnValue.getEncodedHex();
-1310     };
-1311 
-1312     this.oid = "2.5.29.37";
-1313     if (params !== undefined) {
-1314         if (params.array !== undefined) {
-1315             this.setPurposeArray(params.array);
-1316         }
-1317     }
-1318 };
-1319 YAHOO.lang.extend(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension);
-1320 
-1321 /**
-1322  * AuthorityKeyIdentifier ASN.1 structure class
-1323  * @name KJUR.asn1.x509.AuthorityKeyIdentifier
-1324  * @class AuthorityKeyIdentifier ASN.1 structure class
-1325  * @param {Array} params associative array of parameters (ex. {kid: {hex: '89ab...'}, critical: true})
-1326  * @extends KJUR.asn1.x509.Extension
-1327  * @since asn1x509 1.0.8
-1328  * @description
-1329  * This class represents ASN.1 structure for <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.1">AuthorityKeyIdentifier in RFC 5280</a>.
-1330  * Constructor of this class may have following parameters.: 
-1331  * <ul>
-1332  * <li>kid - When key object (RSA, KJUR.crypto.ECDSA/DSA) or PEM string of issuing authority public key or issuer certificate is specified, key identifier will be automatically calculated by the method specified in RFC 5280. When a hexadecimal string is specifed, kid will be set explicitly by it.</li>
-1333  * <li>isscert - When PEM string of authority certificate is specified, both authorityCertIssuer and authorityCertSerialNumber will be set by the certificate.</li>
-1334  * <li>issuer - {@link KJUR.asn1.x509.X500Name} parameter to specify issuer name explicitly.</li>
-1335  * <li>sn - hexadecimal string to specify serial number explicitly.</li>
-1336  * <li>critical - boolean to specify criticality of this extension
-1337  * however conforming CA must mark this extension as non-critical in RFC 5280.</li>
-1338  * </ul>
-1339  * 
-1340  * <pre>
-1341  * d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
-1342  * AuthorityKeyIdentifier ::= SEQUENCE {
-1343  *    keyIdentifier             [0] KeyIdentifier           OPTIONAL,
-1344  *    authorityCertIssuer       [1] GeneralNames            OPTIONAL,
-1345  *    authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }
-1346  * KeyIdentifier ::= OCTET STRING
-1347  * </pre>
-1348  *
-1349  * @example
-1350  * // 1. kid by key object
-1351  * keyobj = KEYUTIL.getKey("-----BEGIN PUBLIC KEY...");
-1352  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: keyobj});
-1353  * // 2. kid by PEM string of authority certificate or public key
-1354  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "-----BEGIN..."});
-1355  * // 3. specify kid explicitly
-1356  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "8ab1d3..."});
-1357  * });
-1358  * // 4. issuer and serial number by auhtority PEM certificate
-1359  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({isscert: "-----BEGIN..."});
-1360  * // 5. issuer and serial number explicitly
-1361  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({
-1362  *   issuer: {ldapstr: "O=test,C=US"},
-1363  *   sn: {hex: "1ac7..."}});
-1364  * // 6. combination
-1365  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({
-1366  *   kid: "-----BEGIN CERTIFICATE...",
-1367  *   isscert: "-----BEGIN CERTIFICATE..."});
-1368  */
-1369 KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) {
-1370     KJUR.asn1.x509.AuthorityKeyIdentifier.superclass.constructor.call(this, params);
-1371     var _KJUR = KJUR,
-1372 	_KJUR_asn1 = _KJUR.asn1,
-1373 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
-1374 	_GeneralNames = _KJUR_asn1.x509.GeneralNames,
-1375 	_isKey = _KJUR.crypto.Util.isKey;
-1376 
-1377     this.asn1KID = null;
-1378     this.asn1CertIssuer = null; // X500Name hTLV
-1379     this.asn1CertSN = null;
-1380 
-1381     this.getExtnValueHex = function() {
-1382         var a = new Array();
-1383         if (this.asn1KID)
-1384             a.push(new _DERTaggedObject({'explicit': false,
-1385                                          'tag': '80',
-1386                                          'obj': this.asn1KID}));
-1387 
-1388         if (this.asn1CertIssuer)
+1005     this.getEncodedHex = function() {
+1006 	if (this.params.policyoid === undefined &&
+1007 	    this.params.array === undefined)
+1008 	    throw new Error("parameter oid and array missing");
+1009 
+1010 	// policy oid
+1011 	var a = [new _DERObjectIdentifier(this.params.policyoid)];
+1012 
+1013 	// array of ASN1Object of PolicyQualifierInfo
+1014 	if (this.params.array !== undefined) {
+1015 	    var aPQI = [];
+1016 	    for (var i = 0; i < this.params.array.length; i++) {
+1017 		aPQI.push(new _PolicyQualifierInfo(this.params.array[i]));
+1018 	    }
+1019 	    if (aPQI.length > 0) {
+1020 		a.push(new _DERSequence({array: aPQI}));
+1021 	    }
+1022 	}
+1023 
+1024 	var seq = new _DERSequence({array: a});
+1025 	return seq.getEncodedHex();
+1026     };
+1027 
+1028     if (params !== undefined) {
+1029 	this.params = params;
+1030     }
+1031 };
+1032 YAHOO.lang.extend(KJUR.asn1.x509.PolicyInformation, KJUR.asn1.ASN1Object);
+1033 
+1034 /**
+1035  * PolicyQualifierInfo ASN.1 structure class
+1036  * @name KJUR.asn1.x509.PolicyQualifierInfo
+1037  * @class PolicyQualifierInfo ASN.1 structure class
+1038  * @param {Array} params associative array of parameters
+1039  * @extends KJUR.asn1.ASN1Object
+1040  * @since jsrsasign 8.0.23 asn1x509 1.1.12
+1041  * @description
+1042  * This class represents 
+1043  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
+1044  * PolicyQualifierInfo defined in RFC 5280 4.2.1.4</a>.
+1045  * <pre>
+1046  * PolicyQualifierInfo ::= SEQUENCE {
+1047  *      policyQualifierId  PolicyQualifierId,
+1048  *      qualifier          ANY DEFINED BY policyQualifierId }
+1049  * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
+1050  * CPSuri ::= IA5String
+1051  * </pre>
+1052  * Its constructor can have one of following two parameters:
+1053  * <ul>
+1054  * <li>{String}cps - URI string for CPS</li>
+1055  * <li>{Object}unotice - {@link KJUR.asn1.x509.UserNotice} parameter</li>
+1056  * </ul>
+1057  * @example
+1058  * new PolicyQualifierInfo({
+1059  *   cps: "https://example.com/repository/cps"
+1060  * })
+1061  *
+1062  * new PolicyQualifierInfo({
+1063  *   unotice: {
+1064  *     noticeref: { // CA SHOULD NOT use this by RFC
+1065  *       org: {type: "bmp", str: "Sample Org"},
+1066  *       noticenum: [{int: 3}, {hex: "01af"}]
+1067  *     },
+1068  *     exptext: {type: "ia5", str: "Sample Policy"}
+1069  *   }
+1070  * })
+1071  */
+1072 KJUR.asn1.x509.PolicyQualifierInfo = function(params) {
+1073     KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,
+1074 								   params);
+1075     var _KJUR_asn1 = KJUR.asn1,
+1076 	_DERSequence = _KJUR_asn1.DERSequence,
+1077 	_DERIA5String = _KJUR_asn1.DERIA5String,
+1078 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
+1079 	_UserNotice = _KJUR_asn1.x509.UserNotice;
+1080 
+1081     this.params = null;
+1082 
+1083     this.getEncodedHex = function() {
+1084 	if (this.params.cps !== undefined) {
+1085 	    var seq = new _DERSequence({array: [
+1086 		new _DERObjectIdentifier({oid: '1.3.6.1.5.5.7.2.1'}),
+1087 		new _DERIA5String({str: this.params.cps})
+1088 	    ]});
+1089 	    return seq.getEncodedHex();
+1090 	}
+1091 	if (this.params.unotice != undefined) {
+1092 	    var seq = new _DERSequence({array: [
+1093 		new _DERObjectIdentifier({oid: '1.3.6.1.5.5.7.2.2'}),
+1094 		new _UserNotice(this.params.unotice)
+1095 	    ]});
+1096 	    return seq.getEncodedHex();
+1097 	}
+1098     };
+1099 
+1100     if (params !== undefined) {
+1101 	this.params = params;
+1102     }
+1103 };
+1104 YAHOO.lang.extend(KJUR.asn1.x509.PolicyQualifierInfo, KJUR.asn1.ASN1Object);
+1105 
+1106 
+1107 /**
+1108  * UserNotice ASN.1 structure class
+1109  * @name KJUR.asn1.x509.UserNotice
+1110  * @class UserNotice ASN.1 structure class
+1111  * @param {Array} params associative array of parameters
+1112  * @extends KJUR.asn1.ASN1Object
+1113  * @since jsrsasign 8.0.23 asn1x509 1.1.12
+1114  * @description
+1115  * This class represents 
+1116  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
+1117  * UserNotice defined in RFC 5280 4.2.1.4</a>.
+1118  * <pre>
+1119  * UserNotice ::= SEQUENCE {
+1120  *      noticeRef        NoticeReference OPTIONAL,
+1121  *      explicitText     DisplayText OPTIONAL }
+1122  * </pre>
+1123  * Its constructor can have following two parameters:
+1124  * <ul>
+1125  * <li>{Object}noticeref - {@link KJUR.asn1.x509.NoticeReference} parameter.
+1126  * This SHALL NOT be set for conforming CA by RFC 5280. (OPTIONAL)</li>
+1127  * <li>{Object}exptext - explicitText value
+1128  * by {@link KJUR.asn1.x509.DisplayText} parameter (OPTIONAL)</li>
+1129  * </ul>
+1130  * @example
+1131  * new UserNotice({
+1132  *   noticeref: {
+1133  *     org: {type: "bmp", str: "Sample Org"},
+1134  *     noticenum: [{int: 3}, {hex: "01af"}]
+1135  *   },
+1136  *   exptext: {type: "ia5", str: "Sample Policy"}
+1137  * })
+1138  */
+1139 KJUR.asn1.x509.UserNotice = function(params) {
+1140     KJUR.asn1.x509.UserNotice.superclass.constructor.call(this, params);
+1141     var _DERSequence = KJUR.asn1.DERSequence,
+1142 	_DERInteger = KJUR.asn1.DERInteger,
+1143 	_DisplayText = KJUR.asn1.x509.DisplayText,
+1144 	_NoticeReference = KJUR.asn1.x509.NoticeReference;
+1145 
+1146     this.params = null;
+1147 
+1148     this.getEncodedHex = function() {
+1149 	var a = [];
+1150 	if (this.params.noticeref !== undefined) {
+1151 	    a.push(new _NoticeReference(this.params.noticeref));
+1152 	}
+1153 	if (this.params.exptext !== undefined) {
+1154 	    a.push(new _DisplayText(this.params.exptext));
+1155 	}
+1156 	var seq = new _DERSequence({array: a});
+1157 	return seq.getEncodedHex();
+1158     };
+1159 
+1160     if (params !== undefined) {
+1161 	this.params = params;
+1162     }
+1163 };
+1164 YAHOO.lang.extend(KJUR.asn1.x509.UserNotice, KJUR.asn1.ASN1Object);
+1165 
+1166 /**
+1167  * NoticeReference ASN.1 structure class
+1168  * @name KJUR.asn1.x509.NoticeReference
+1169  * @class NoticeReference ASN.1 structure class
+1170  * @param {Array} params associative array of parameters
+1171  * @extends KJUR.asn1.ASN1Object
+1172  * @since jsrsasign 8.0.23 asn1x509 1.1.12
+1173  * @description
+1174  * This class represents 
+1175  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
+1176  * NoticeReference defined in RFC 5280 4.2.1.4</a>.
+1177  * <pre>
+1178  * NoticeReference ::= SEQUENCE {
+1179  *      organization     DisplayText,
+1180  *      noticeNumbers    SEQUENCE OF INTEGER }
+1181  * </pre>
+1182  * Its constructor can have following two parameters:
+1183  * <ul>
+1184  * <li>{Object}org - organization by {@link KJUR.asn1.x509.DisplayText}
+1185  * parameter.</li>
+1186  * <li>{Object}noticenum - noticeNumbers value by an array of
+1187  * {@link KJUR.asn1.DERInteger} parameter</li>
+1188  * </ul>
+1189  * @example
+1190  * new NoticeReference({
+1191  *   org: {type: "bmp", str: "Sample Org"},
+1192  *   noticenum: [{int: 3}, {hex: "01af"}]
+1193  * })
+1194  */
+1195 KJUR.asn1.x509.NoticeReference = function(params) {
+1196     KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this, params);
+1197     var _DERSequence = KJUR.asn1.DERSequence,
+1198 	_DERInteger = KJUR.asn1.DERInteger,
+1199 	_DisplayText = KJUR.asn1.x509.DisplayText;
+1200 
+1201     this.params = null;
+1202 
+1203     this.getEncodedHex = function() {
+1204 	var a = [];
+1205 	if (this.params.org !== undefined) {
+1206 	    a.push(new _DisplayText(this.params.org));
+1207 	}
+1208 	if (this.params.noticenum !== undefined) {
+1209 	    var aNoticeNum = [];
+1210 	    var aNumParam = this.params.noticenum;
+1211 	    for (var i = 0; i < aNumParam.length; i++) {
+1212 		aNoticeNum.push(new _DERInteger(aNumParam[i]));
+1213 	    }
+1214 	    a.push(new _DERSequence({array: aNoticeNum}));
+1215 	}
+1216 	if (a.length == 0) throw new Error("parameter is empty");
+1217 	var seq = new _DERSequence({array: a});
+1218 	return seq.getEncodedHex();
+1219     }
+1220 
+1221     if (params !== undefined) {
+1222 	this.params = params;
+1223     }
+1224 };
+1225 YAHOO.lang.extend(KJUR.asn1.x509.NoticeReference, KJUR.asn1.ASN1Object);
+1226 
+1227 /**
+1228  * DisplayText ASN.1 structure class
+1229  * @name KJUR.asn1.x509.DisplayText
+1230  * @class DisplayText ASN.1 structure class
+1231  * @param {Array} params associative array of parameters
+1232  * @extends KJUR.asn1.DERAbstractString
+1233  * @since jsrsasign 8.0.23 asn1x509 1.1.12
+1234  * @description
+1235  * This class represents 
+1236  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
+1237  * DisplayText defined in RFC 5280 4.2.1.4</a>.
+1238  * <pre>
+1239  * -- from RFC 5280 Appendix A
+1240  * DisplayText ::= CHOICE {
+1241  *      ia5String        IA5String      (SIZE (1..200)),
+1242  *      visibleString    VisibleString  (SIZE (1..200)),
+1243  *      bmpString        BMPString      (SIZE (1..200)),
+1244  *      utf8String       UTF8String     (SIZE (1..200)) }
+1245  * </pre>
+1246  * {@link KJUR.asn1.DERAbstractString} parameters and methods
+1247  * can be used.
+1248  * Its constructor can also have following parameter:
+1249  * <ul>
+1250  * <li>{String} type - DirectoryString type of DisplayText.
+1251  * "ia5" for IA5String, "vis" for VisibleString,
+1252  * "bmp" for BMPString and "utf8" for UTF8String.
+1253  * Default is "utf8". (OPTIONAL)</li>
+1254  * </ul>
+1255  * @example
+1256  * new DisplayText({type: "bmp", str: "Sample Org"})
+1257  * new DisplayText({type: "ia5", str: "Sample Org"})
+1258  * new DisplayText({str: "Sample Org"})
+1259  */
+1260 KJUR.asn1.x509.DisplayText = function(params) {
+1261     KJUR.asn1.x509.DisplayText.superclass.constructor.call(this, params);
+1262 
+1263     this.hT = "0c"; // DEFAULT "utf8"
+1264 
+1265     if (params !== undefined) {
+1266 	if (params.type === "ia5") {
+1267 	    this.hT = "16";
+1268 	} else if (params.type === "vis") {
+1269 	    this.hT = "1a";
+1270 	} else if (params.type === "bmp") {
+1271 	    this.hT = "1e";
+1272 	}
+1273     }
+1274 };
+1275 YAHOO.lang.extend(KJUR.asn1.x509.DisplayText, KJUR.asn1.DERAbstractString);
+1276 // ===== END CertificatePolicies related classes =====
+1277 
+1278 // =====================================================================
+1279 /**
+1280  * KeyUsage ASN.1 structure class
+1281  * @name KJUR.asn1.x509.ExtKeyUsage
+1282  * @class ExtKeyUsage ASN.1 structure class
+1283  * @param {Array} params associative array of parameters
+1284  * @extends KJUR.asn1.x509.Extension
+1285  * @description
+1286  * @example
+1287  * e1 = new KJUR.asn1.x509.ExtKeyUsage({
+1288  *   critical: true,
+1289  *   array: [
+1290  *     {oid: '2.5.29.37.0'},  // anyExtendedKeyUsage
+1291  *     {name: 'clientAuth'},
+1292  *     "1.2.3.4",
+1293  *     "serverAuth"
+1294  *   ]
+1295  * });
+1296  * // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
+1297  * // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+1298  * // KeyPurposeId ::= OBJECT IDENTIFIER
+1299  */
+1300 KJUR.asn1.x509.ExtKeyUsage = function(params) {
+1301     KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this, params);
+1302     var _KJUR = KJUR,
+1303 	_KJUR_asn1 = _KJUR.asn1;
+1304 
+1305     this.setPurposeArray = function(purposeArray) {
+1306         this.asn1ExtnValue = new _KJUR_asn1.DERSequence();
+1307         for (var i = 0; i < purposeArray.length; i++) {
+1308             var o = new _KJUR_asn1.DERObjectIdentifier(purposeArray[i]);
+1309             this.asn1ExtnValue.appendASN1Object(o);
+1310         }
+1311     };
+1312 
+1313     this.getExtnValueHex = function() {
+1314         return this.asn1ExtnValue.getEncodedHex();
+1315     };
+1316 
+1317     this.oid = "2.5.29.37";
+1318     if (params !== undefined) {
+1319         if (params.array !== undefined) {
+1320             this.setPurposeArray(params.array);
+1321         }
+1322     }
+1323 };
+1324 YAHOO.lang.extend(KJUR.asn1.x509.ExtKeyUsage, KJUR.asn1.x509.Extension);
+1325 
+1326 /**
+1327  * AuthorityKeyIdentifier ASN.1 structure class
+1328  * @name KJUR.asn1.x509.AuthorityKeyIdentifier
+1329  * @class AuthorityKeyIdentifier ASN.1 structure class
+1330  * @param {Array} params associative array of parameters (ex. {kid: {hex: '89ab...'}, critical: true})
+1331  * @extends KJUR.asn1.x509.Extension
+1332  * @since asn1x509 1.0.8
+1333  * @description
+1334  * This class represents ASN.1 structure for <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.1">AuthorityKeyIdentifier in RFC 5280</a>.
+1335  * Constructor of this class may have following parameters.: 
+1336  * <ul>
+1337  * <li>kid - When key object (RSA, KJUR.crypto.ECDSA/DSA) or PEM string of issuing authority public key or issuer certificate is specified, key identifier will be automatically calculated by the method specified in RFC 5280. When a hexadecimal string is specifed, kid will be set explicitly by it.</li>
+1338  * <li>isscert - When PEM string of authority certificate is specified, both authorityCertIssuer and authorityCertSerialNumber will be set by the certificate.</li>
+1339  * <li>issuer - {@link KJUR.asn1.x509.X500Name} parameter to specify issuer name explicitly.</li>
+1340  * <li>sn - hexadecimal string to specify serial number explicitly.</li>
+1341  * <li>critical - boolean to specify criticality of this extension
+1342  * however conforming CA must mark this extension as non-critical in RFC 5280.</li>
+1343  * </ul>
+1344  * 
+1345  * <pre>
+1346  * d-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
+1347  * AuthorityKeyIdentifier ::= SEQUENCE {
+1348  *    keyIdentifier             [0] KeyIdentifier           OPTIONAL,
+1349  *    authorityCertIssuer       [1] GeneralNames            OPTIONAL,
+1350  *    authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }
+1351  * KeyIdentifier ::= OCTET STRING
+1352  * </pre>
+1353  *
+1354  * @example
+1355  * // 1. kid by key object
+1356  * keyobj = KEYUTIL.getKey("-----BEGIN PUBLIC KEY...");
+1357  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: keyobj});
+1358  * // 2. kid by PEM string of authority certificate or public key
+1359  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "-----BEGIN..."});
+1360  * // 3. specify kid explicitly
+1361  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({kid: "8ab1d3..."});
+1362  * });
+1363  * // 4. issuer and serial number by auhtority PEM certificate
+1364  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({isscert: "-----BEGIN..."});
+1365  * // 5. issuer and serial number explicitly
+1366  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({
+1367  *   issuer: {ldapstr: "O=test,C=US"},
+1368  *   sn: {hex: "1ac7..."}});
+1369  * // 6. combination
+1370  * e1 = new KJUR.asn1.x509.AuthorityKeyIdentifier({
+1371  *   kid: "-----BEGIN CERTIFICATE...",
+1372  *   isscert: "-----BEGIN CERTIFICATE..."});
+1373  */
+1374 KJUR.asn1.x509.AuthorityKeyIdentifier = function(params) {
+1375     KJUR.asn1.x509.AuthorityKeyIdentifier.superclass.constructor.call(this, params);
+1376     var _KJUR = KJUR,
+1377 	_KJUR_asn1 = _KJUR.asn1,
+1378 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
+1379 	_GeneralNames = _KJUR_asn1.x509.GeneralNames,
+1380 	_isKey = _KJUR.crypto.Util.isKey;
+1381 
+1382     this.asn1KID = null;
+1383     this.asn1CertIssuer = null; // X500Name hTLV
+1384     this.asn1CertSN = null;
+1385 
+1386     this.getExtnValueHex = function() {
+1387         var a = new Array();
+1388         if (this.asn1KID)
 1389             a.push(new _DERTaggedObject({'explicit': false,
-1390                                          'tag': 'a1',
-1391                                          'obj': new _GeneralNames([{dn: this.asn1CertIssuer}])}));
+1390                                          'tag': '80',
+1391                                          'obj': this.asn1KID}));
 1392 
-1393         if (this.asn1CertSN)
+1393         if (this.asn1CertIssuer)
 1394             a.push(new _DERTaggedObject({'explicit': false,
-1395                                          'tag': '82',
-1396                                          'obj': this.asn1CertSN}));
+1395                                          'tag': 'a1',
+1396                                          'obj': new _GeneralNames([{dn: this.asn1CertIssuer}])}));
 1397 
-1398         var asn1Seq = new _KJUR_asn1.DERSequence({'array': a});
-1399         this.asn1ExtnValue = asn1Seq;
-1400         return this.asn1ExtnValue.getEncodedHex();
-1401     };
+1398         if (this.asn1CertSN)
+1399             a.push(new _DERTaggedObject({'explicit': false,
+1400                                          'tag': '82',
+1401                                          'obj': this.asn1CertSN}));
 1402 
-1403     /**
-1404      * set keyIdentifier value by DEROctetString parameter, key object or PEM file
-1405      * @name setKIDByParam
-1406      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier#
-1407      * @function
-1408      * @param {Array} param parameter to set key identifier
-1409      * @since asn1x509 1.0.8
-1410      * @description
-1411      * This method will set keyIdentifier by param.
-1412      * Its key identifier value can be set by following type of param argument:
-1413      * <ul>
-1414      * <li>{str: "123"} - by raw string</li>
-1415      * <li>{hex: "01af..."} - by hexadecimal value</li>
-1416      * <li>RSAKey/DSA/ECDSA - by RSAKey, KJUR.crypto.{DSA/ECDSA} public key object.
-1417      * key identifier value will be calculated by the method described in
-1418      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>.
-1419      * </li>
-1420      * <li>certificate PEM string - extract subjectPublicKeyInfo from specified PEM
-1421      * certificate and
+1403         var asn1Seq = new _KJUR_asn1.DERSequence({'array': a});
+1404         this.asn1ExtnValue = asn1Seq;
+1405         return this.asn1ExtnValue.getEncodedHex();
+1406     };
+1407 
+1408     /**
+1409      * set keyIdentifier value by DEROctetString parameter, key object or PEM file
+1410      * @name setKIDByParam
+1411      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier#
+1412      * @function
+1413      * @param {Array} param parameter to set key identifier
+1414      * @since asn1x509 1.0.8
+1415      * @description
+1416      * This method will set keyIdentifier by param.
+1417      * Its key identifier value can be set by following type of param argument:
+1418      * <ul>
+1419      * <li>{str: "123"} - by raw string</li>
+1420      * <li>{hex: "01af..."} - by hexadecimal value</li>
+1421      * <li>RSAKey/DSA/ECDSA - by RSAKey, KJUR.crypto.{DSA/ECDSA} public key object.
 1422      * key identifier value will be calculated by the method described in
 1423      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>.
-1424      * <li>PKCS#1/#8 public key PEM string - pem will be converted to a key object and
-1425      * to PKCS#8 ASN.1 structure then calculate 
-1426      * a key identifier value will be calculated by the method described in
-1427      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>.
-1428      * </ul>
-1429      *
-1430      * NOTE1: Automatic key identifier calculation is supported
-1431      * since jsrsasign 8.0.16.
-1432      *
-1433      * @see KEYUTIL.getKeyID
-1434      * 
-1435      * @example
-1436      * o = new KJUR.asn1.x509.AuthorityKeyIdentifier();
-1437      * // set by hexadecimal string
-1438      * o.setKIDByParam({hex: '1ad9...'});
-1439      * // set by SubjectPublicKeyInfo of PEM certificate string
-1440      * o.setKIDByParam("-----BEGIN CERTIFICATE...");
-1441      * // set by PKCS#8 PEM public key string
-1442      * o.setKIDByParam("-----BEGIN PUBLIC KEY...");
-1443      * // set by public key object
-1444      * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE...");
-1445      * o.setKIDByParam(pubkey);
-1446      */
-1447     this.setKIDByParam = function(param) {
-1448 	if (param.str !== undefined ||
-1449 	    param.hex !== undefined) {
-1450 	    this.asn1KID = new KJUR.asn1.DEROctetString(param);
-1451 	} else if ((typeof param === "object" &&
-1452 		    KJUR.crypto.Util.isKey(param)) ||
-1453 		   (typeof param === "string" &&
-1454 		    param.indexOf("BEGIN ") != -1)) {
-1455 
-1456 	    var keyobj = param;
-1457 	    if (typeof param === "string") {
-1458 		keyobj = KEYUTIL.getKey(param);
-1459 	    }
+1424      * </li>
+1425      * <li>certificate PEM string - extract subjectPublicKeyInfo from specified PEM
+1426      * certificate and
+1427      * key identifier value will be calculated by the method described in
+1428      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>.
+1429      * <li>PKCS#1/#8 public key PEM string - pem will be converted to a key object and
+1430      * to PKCS#8 ASN.1 structure then calculate 
+1431      * a key identifier value will be calculated by the method described in
+1432      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>.
+1433      * </ul>
+1434      *
+1435      * NOTE1: Automatic key identifier calculation is supported
+1436      * since jsrsasign 8.0.16.
+1437      *
+1438      * @see KEYUTIL.getKeyID
+1439      * 
+1440      * @example
+1441      * o = new KJUR.asn1.x509.AuthorityKeyIdentifier();
+1442      * // set by hexadecimal string
+1443      * o.setKIDByParam({hex: '1ad9...'});
+1444      * // set by SubjectPublicKeyInfo of PEM certificate string
+1445      * o.setKIDByParam("-----BEGIN CERTIFICATE...");
+1446      * // set by PKCS#8 PEM public key string
+1447      * o.setKIDByParam("-----BEGIN PUBLIC KEY...");
+1448      * // set by public key object
+1449      * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE...");
+1450      * o.setKIDByParam(pubkey);
+1451      */
+1452     this.setKIDByParam = function(param) {
+1453 	if (param.str !== undefined ||
+1454 	    param.hex !== undefined) {
+1455 	    this.asn1KID = new KJUR.asn1.DEROctetString(param);
+1456 	} else if ((typeof param === "object" &&
+1457 		    KJUR.crypto.Util.isKey(param)) ||
+1458 		   (typeof param === "string" &&
+1459 		    param.indexOf("BEGIN ") != -1)) {
 1460 
-1461 	    var kid = KEYUTIL.getKeyID(keyobj);
-1462 	    this.asn1KID = new KJUR.asn1.DEROctetString({hex: kid});
-1463 	}
-1464     };
+1461 	    var keyobj = param;
+1462 	    if (typeof param === "string") {
+1463 		keyobj = KEYUTIL.getKey(param);
+1464 	    }
 1465 
-1466     /**
-1467      * set authorityCertIssuer value by X500Name parameter
-1468      * @name setCertIssuerByParam
-1469      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier#
-1470      * @function
-1471      * @param {Array} param parameter to set issuer name
-1472      * @since asn1x509 1.0.8
-1473      * @description
-1474      * This method will set authorityCertIssuer name by param.
-1475      * Issuer name can be set by following type of param argument:
-1476      * <ul>
-1477      * <li>str/ldapstr/hex/certsubject/certissuer - 
-1478      * set issuer by {@link KJUR.asn1.x509.X500Name}
-1479      * object with specified parameters.</li>
-1480      * <li>PEM CERTIFICATE STRING - extract its subject name from 
-1481      * specified issuer PEM certificate and set.
-1482      * </ul>
-1483      * NOTE1: Automatic authorityCertIssuer setting by certificate
-1484      * is supported since jsrsasign 8.0.16.
-1485      *
-1486      * @see KJUR.asn1.x509.X500Name
-1487      * @see KJUR.asn1.x509.GeneralNames
-1488      * @see X509.getSubjectHex
-1489      *
-1490      * @example
-1491      * var o = new KJUR.asn1.x509.AuthorityKeyIdentifier();
-1492      * // 1. set it by string
-1493      * o.setCertIssuerByParam({str: '/C=US/O=Test'});
-1494      * // 2. set it by issuer PEM certificate
-1495      * o.setCertIssuerByParam("-----BEGIN CERTIFICATE...");
-1496      *
-1497      */
-1498     this.setCertIssuerByParam = function(param) {
-1499 	if (param.str !== undefined ||
-1500 	    param.ldapstr !== undefined ||
-1501 	    param.hex !== undefined ||
-1502 	    param.certsubject !== undefined ||
-1503 	    param.certissuer !== undefined) {
-1504             this.asn1CertIssuer = new KJUR.asn1.x509.X500Name(param);
-1505 	} else if (typeof param === "string" &&
-1506 		   param.indexOf("BEGIN ") != -1 &&
-1507 		   param.indexOf("CERTIFICATE") != -1) {
-1508             this.asn1CertIssuer = new KJUR.asn1.x509.X500Name({certissuer: param});
-1509 	}
-1510     };
-1511 
-1512     /**
-1513      * set authorityCertSerialNumber value
-1514      * @name setCertSerialNumberByParam
-1515      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier#
-1516      * @function
-1517      * @param {Object} param parameter to set serial number
-1518      * @since asn1x509 1.0.8
-1519      * @description
-1520      * This method will set authorityCertSerialNumber by param.
-1521      * Serial number can be set by following type of param argument:
-1522      *
-1523      * <ul>
-1524      * <li>{int: 123} - by integer value</li>
-1525      * <li>{hex: "01af"} - by hexadecimal integer value</li>
-1526      * <li>{bigint: new BigInteger(...)} - by hexadecimal integer value</li>
-1527      * <li>PEM CERTIFICATE STRING - extract serial number from issuer certificate and
-1528      * set serial number.
-1529      * 
-1530      * NOTE1: Automatic authorityCertSerialNumber setting by certificate
-1531      * is supported since jsrsasign 8.0.16.
-1532      *
-1533      * @see X509.getSerialNumberHex
-1534      */
-1535     this.setCertSNByParam = function(param) {
-1536 	if (param.str !== undefined ||
-1537 	    param.bigint !== undefined ||
-1538 	    param.hex !== undefined) {
-1539             this.asn1CertSN = new KJUR.asn1.DERInteger(param);
-1540 	} else if (typeof param === "string" &&
-1541 		   param.indexOf("BEGIN ") != -1 &&
-1542 		   param.indexOf("CERTIFICATE")) {
-1543 
-1544             var x = new X509();
-1545             x.readCertPEM(param);
-1546 	    var sn = x.getSerialNumberHex();
-1547 	    this.asn1CertSN = new KJUR.asn1.DERInteger({hex: sn});
-1548 	}
-1549     };
-1550 
-1551     this.oid = "2.5.29.35";
-1552     if (params !== undefined) {
-1553         if (params.kid !== undefined) {
-1554             this.setKIDByParam(params.kid);
-1555         }
-1556         if (params.issuer !== undefined) {
-1557             this.setCertIssuerByParam(params.issuer);
-1558         }
-1559         if (params.sn !== undefined) {
-1560             this.setCertSNByParam(params.sn);
-1561         }
-1562 
-1563 	if (params.issuersn !== undefined &&
-1564 	    typeof params.issuersn === "string" &&
-1565 	    params.issuersn.indexOf("BEGIN ") != -1 &&
-1566 	    params.issuersn.indexOf("CERTIFICATE")) {
-1567 	    this.setCertSNByParam(params.issuersn);
-1568 	    this.setCertIssuerByParam(params.issuersn);
-1569 	}
-1570     }
-1571 };
-1572 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityKeyIdentifier, KJUR.asn1.x509.Extension);
-1573 
-1574 /**
-1575  * SubjectKeyIdentifier extension ASN.1 structure class
-1576  * @name KJUR.asn1.x509.SubjectKeyIdentifier
-1577  * @class SubjectKeyIdentifier ASN.1 structure class
-1578  * @param {Array} params associative array of parameters (ex. {kid: {hex: '89ab...'}, critical: true})
-1579  * @extends KJUR.asn1.x509.Extension
-1580  * @since asn1x509 1.1.7 jsrsasign 8.0.14
-1581  * @description
-1582  * This class represents ASN.1 structure for 
-1583  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">
-1584  * SubjectKeyIdentifier in RFC 5280</a>.
-1585  * Constructor of this class may have following parameters:
-1586  * <ul>
-1587  * <li>kid - When key object (RSA, KJUR.crypto.ECDSA/DSA) or PEM string of subject public key or certificate is specified, key identifier will be automatically calculated by the method specified in RFC 5280. When a hexadecimal string is specifed, kid will be set explicitly by it.</li>
-1588  * <li>critical - boolean to specify criticality of this extension
-1589  * however conforming CA must mark this extension as non-critical in RFC 5280.</li>
-1590  * </ul>
-1591  * <pre>
-1592  * d-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
-1593  * SubjectKeyIdentifier ::= KeyIdentifier
-1594  * KeyIdentifier ::= OCTET STRING
-1595  * </pre>
-1596  *
-1597  * @example
-1598  * // set by hexadecimal string
-1599  * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: {hex: '89ab'}});
-1600  * // set by PEM public key or certificate string
-1601  * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: "-----BEGIN CERTIFICATE..."});
-1602  * // set by public key object
-1603  * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE...");
-1604  * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: pubkey});
-1605  */
-1606 KJUR.asn1.x509.SubjectKeyIdentifier = function(params) {
-1607     KJUR.asn1.x509.SubjectKeyIdentifier.superclass.constructor.call(this, params);
-1608     var _KJUR = KJUR,
-1609 	_KJUR_asn1 = _KJUR.asn1,
-1610 	_DEROctetString = _KJUR_asn1.DEROctetString;
-1611 
-1612     this.asn1KID = null;
-1613 
-1614     this.getExtnValueHex = function() {
-1615         this.asn1ExtnValue = this.asn1KID;
-1616         return this.asn1ExtnValue.getEncodedHex();
-1617     };
+1466 	    var kid = KEYUTIL.getKeyID(keyobj);
+1467 	    this.asn1KID = new KJUR.asn1.DEROctetString({hex: kid});
+1468 	}
+1469     };
+1470 
+1471     /**
+1472      * set authorityCertIssuer value by X500Name parameter
+1473      * @name setCertIssuerByParam
+1474      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier#
+1475      * @function
+1476      * @param {Array} param parameter to set issuer name
+1477      * @since asn1x509 1.0.8
+1478      * @description
+1479      * This method will set authorityCertIssuer name by param.
+1480      * Issuer name can be set by following type of param argument:
+1481      * <ul>
+1482      * <li>str/ldapstr/hex/certsubject/certissuer - 
+1483      * set issuer by {@link KJUR.asn1.x509.X500Name}
+1484      * object with specified parameters.</li>
+1485      * <li>PEM CERTIFICATE STRING - extract its subject name from 
+1486      * specified issuer PEM certificate and set.
+1487      * </ul>
+1488      * NOTE1: Automatic authorityCertIssuer setting by certificate
+1489      * is supported since jsrsasign 8.0.16.
+1490      *
+1491      * @see KJUR.asn1.x509.X500Name
+1492      * @see KJUR.asn1.x509.GeneralNames
+1493      * @see X509.getSubjectHex
+1494      *
+1495      * @example
+1496      * var o = new KJUR.asn1.x509.AuthorityKeyIdentifier();
+1497      * // 1. set it by string
+1498      * o.setCertIssuerByParam({str: '/C=US/O=Test'});
+1499      * // 2. set it by issuer PEM certificate
+1500      * o.setCertIssuerByParam("-----BEGIN CERTIFICATE...");
+1501      *
+1502      */
+1503     this.setCertIssuerByParam = function(param) {
+1504 	if (param.str !== undefined ||
+1505 	    param.ldapstr !== undefined ||
+1506 	    param.hex !== undefined ||
+1507 	    param.certsubject !== undefined ||
+1508 	    param.certissuer !== undefined) {
+1509             this.asn1CertIssuer = new KJUR.asn1.x509.X500Name(param);
+1510 	} else if (typeof param === "string" &&
+1511 		   param.indexOf("BEGIN ") != -1 &&
+1512 		   param.indexOf("CERTIFICATE") != -1) {
+1513             this.asn1CertIssuer = new KJUR.asn1.x509.X500Name({certissuer: param});
+1514 	}
+1515     };
+1516 
+1517     /**
+1518      * set authorityCertSerialNumber value
+1519      * @name setCertSerialNumberByParam
+1520      * @memberOf KJUR.asn1.x509.AuthorityKeyIdentifier#
+1521      * @function
+1522      * @param {Object} param parameter to set serial number
+1523      * @since asn1x509 1.0.8
+1524      * @description
+1525      * This method will set authorityCertSerialNumber by param.
+1526      * Serial number can be set by following type of param argument:
+1527      *
+1528      * <ul>
+1529      * <li>{int: 123} - by integer value</li>
+1530      * <li>{hex: "01af"} - by hexadecimal integer value</li>
+1531      * <li>{bigint: new BigInteger(...)} - by hexadecimal integer value</li>
+1532      * <li>PEM CERTIFICATE STRING - extract serial number from issuer certificate and
+1533      * set serial number.
+1534      * 
+1535      * NOTE1: Automatic authorityCertSerialNumber setting by certificate
+1536      * is supported since jsrsasign 8.0.16.
+1537      *
+1538      * @see X509.getSerialNumberHex
+1539      */
+1540     this.setCertSNByParam = function(param) {
+1541 	if (param.str !== undefined ||
+1542 	    param.bigint !== undefined ||
+1543 	    param.hex !== undefined) {
+1544             this.asn1CertSN = new KJUR.asn1.DERInteger(param);
+1545 	} else if (typeof param === "string" &&
+1546 		   param.indexOf("BEGIN ") != -1 &&
+1547 		   param.indexOf("CERTIFICATE")) {
+1548 
+1549             var x = new X509();
+1550             x.readCertPEM(param);
+1551 	    var sn = x.getSerialNumberHex();
+1552 	    this.asn1CertSN = new KJUR.asn1.DERInteger({hex: sn});
+1553 	}
+1554     };
+1555 
+1556     this.oid = "2.5.29.35";
+1557     if (params !== undefined) {
+1558         if (params.kid !== undefined) {
+1559             this.setKIDByParam(params.kid);
+1560         }
+1561         if (params.issuer !== undefined) {
+1562             this.setCertIssuerByParam(params.issuer);
+1563         }
+1564         if (params.sn !== undefined) {
+1565             this.setCertSNByParam(params.sn);
+1566         }
+1567 
+1568 	if (params.issuersn !== undefined &&
+1569 	    typeof params.issuersn === "string" &&
+1570 	    params.issuersn.indexOf("BEGIN ") != -1 &&
+1571 	    params.issuersn.indexOf("CERTIFICATE")) {
+1572 	    this.setCertSNByParam(params.issuersn);
+1573 	    this.setCertIssuerByParam(params.issuersn);
+1574 	}
+1575     }
+1576 };
+1577 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityKeyIdentifier, KJUR.asn1.x509.Extension);
+1578 
+1579 /**
+1580  * SubjectKeyIdentifier extension ASN.1 structure class
+1581  * @name KJUR.asn1.x509.SubjectKeyIdentifier
+1582  * @class SubjectKeyIdentifier ASN.1 structure class
+1583  * @param {Array} params associative array of parameters (ex. {kid: {hex: '89ab...'}, critical: true})
+1584  * @extends KJUR.asn1.x509.Extension
+1585  * @since asn1x509 1.1.7 jsrsasign 8.0.14
+1586  * @description
+1587  * This class represents ASN.1 structure for 
+1588  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">
+1589  * SubjectKeyIdentifier in RFC 5280</a>.
+1590  * Constructor of this class may have following parameters:
+1591  * <ul>
+1592  * <li>kid - When key object (RSA, KJUR.crypto.ECDSA/DSA) or PEM string of subject public key or certificate is specified, key identifier will be automatically calculated by the method specified in RFC 5280. When a hexadecimal string is specifed, kid will be set explicitly by it.</li>
+1593  * <li>critical - boolean to specify criticality of this extension
+1594  * however conforming CA must mark this extension as non-critical in RFC 5280.</li>
+1595  * </ul>
+1596  * <pre>
+1597  * d-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
+1598  * SubjectKeyIdentifier ::= KeyIdentifier
+1599  * KeyIdentifier ::= OCTET STRING
+1600  * </pre>
+1601  *
+1602  * @example
+1603  * // set by hexadecimal string
+1604  * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: {hex: '89ab'}});
+1605  * // set by PEM public key or certificate string
+1606  * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: "-----BEGIN CERTIFICATE..."});
+1607  * // set by public key object
+1608  * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE...");
+1609  * e = new KJUR.asn1.x509.SubjectKeyIdentifier({kid: pubkey});
+1610  */
+1611 KJUR.asn1.x509.SubjectKeyIdentifier = function(params) {
+1612     KJUR.asn1.x509.SubjectKeyIdentifier.superclass.constructor.call(this, params);
+1613     var _KJUR = KJUR,
+1614 	_KJUR_asn1 = _KJUR.asn1,
+1615 	_DEROctetString = _KJUR_asn1.DEROctetString;
+1616 
+1617     this.asn1KID = null;
 1618 
-1619     /**
-1620      * set keyIdentifier value by DEROctetString parameter, key object or PEM file
-1621      * @name setKIDByParam
-1622      * @memberOf KJUR.asn1.x509.SubjectKeyIdentifier#
-1623      * @function
-1624      * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter
-1625      * @since asn1x509 1.1.7 jsrsasign 8.0.14
-1626      * @description
-1627      * <ul>
-1628      * <li>{str: "123"} - by raw string</li>
-1629      * <li>{hex: "01af..."} - by hexadecimal value</li>
-1630      * <li>RSAKey/DSA/ECDSA - by RSAKey, KJUR.crypto.{DSA/ECDSA} public key object.
-1631      * key identifier value will be calculated by the method described in
-1632      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>.
-1633      * </li>
-1634      * <li>certificate PEM string - extract subjectPublicKeyInfo from specified PEM
-1635      * certificate and
+1619     this.getExtnValueHex = function() {
+1620         this.asn1ExtnValue = this.asn1KID;
+1621         return this.asn1ExtnValue.getEncodedHex();
+1622     };
+1623 
+1624     /**
+1625      * set keyIdentifier value by DEROctetString parameter, key object or PEM file
+1626      * @name setKIDByParam
+1627      * @memberOf KJUR.asn1.x509.SubjectKeyIdentifier#
+1628      * @function
+1629      * @param {Array} param array of {@link KJUR.asn1.DERInteger} parameter
+1630      * @since asn1x509 1.1.7 jsrsasign 8.0.14
+1631      * @description
+1632      * <ul>
+1633      * <li>{str: "123"} - by raw string</li>
+1634      * <li>{hex: "01af..."} - by hexadecimal value</li>
+1635      * <li>RSAKey/DSA/ECDSA - by RSAKey, KJUR.crypto.{DSA/ECDSA} public key object.
 1636      * key identifier value will be calculated by the method described in
 1637      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>.
-1638      * <li>PKCS#1/#8 public key PEM string - pem will be converted to a key object and
-1639      * to PKCS#8 ASN.1 structure then calculate 
-1640      * a key identifier value will be calculated by the method described in
-1641      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>.
-1642      * </ul>
-1643      *
-1644      * NOTE1: Automatic key identifier calculation is supported
-1645      * since jsrsasign 8.0.16.
-1646      *
-1647      * @see KEYUTIL.getKeyID
+1638      * </li>
+1639      * <li>certificate PEM string - extract subjectPublicKeyInfo from specified PEM
+1640      * certificate and
+1641      * key identifier value will be calculated by the method described in
+1642      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>.
+1643      * <li>PKCS#1/#8 public key PEM string - pem will be converted to a key object and
+1644      * to PKCS#8 ASN.1 structure then calculate 
+1645      * a key identifier value will be calculated by the method described in
+1646      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">RFC 5280 4.2.1.2 (1)</a>.
+1647      * </ul>
 1648      *
-1649      * @example
-1650      * o = new KJUR.asn1.x509.SubjectKeyIdentifier();
-1651      * // set by hexadecimal string
-1652      * o.setKIDByParam({hex: '1ad9...'});
-1653      * // set by SubjectPublicKeyInfo of PEM certificate string
-1654      * o.setKIDByParam("-----BEGIN CERTIFICATE...");
-1655      * // set by PKCS#8 PEM public key string
-1656      * o.setKIDByParam("-----BEGIN PUBLIC KEY...");
-1657      * // set by public key object
-1658      * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE...");
-1659      * o.setKIDByParam(pubkey);
-1660      */
-1661     this.setKIDByParam = function(param) {
-1662 	if (param.str !== undefined ||
-1663 	    param.hex !== undefined) {
-1664 	    this.asn1KID = new _DEROctetString(param);
-1665 	} else if ((typeof param === "object" &&
-1666 		    KJUR.crypto.Util.isKey(param)) ||
-1667 		   (typeof param === "string" &&
-1668 		    param.indexOf("BEGIN") != -1)) {
-1669 
-1670 	    var keyobj = param;
-1671 	    if (typeof param === "string") {
-1672 		keyobj = KEYUTIL.getKey(param);
-1673 	    }
+1649      * NOTE1: Automatic key identifier calculation is supported
+1650      * since jsrsasign 8.0.16.
+1651      *
+1652      * @see KEYUTIL.getKeyID
+1653      *
+1654      * @example
+1655      * o = new KJUR.asn1.x509.SubjectKeyIdentifier();
+1656      * // set by hexadecimal string
+1657      * o.setKIDByParam({hex: '1ad9...'});
+1658      * // set by SubjectPublicKeyInfo of PEM certificate string
+1659      * o.setKIDByParam("-----BEGIN CERTIFICATE...");
+1660      * // set by PKCS#8 PEM public key string
+1661      * o.setKIDByParam("-----BEGIN PUBLIC KEY...");
+1662      * // set by public key object
+1663      * pubkey = KEYUTIL.getKey("-----BEGIN CERTIFICATE...");
+1664      * o.setKIDByParam(pubkey);
+1665      */
+1666     this.setKIDByParam = function(param) {
+1667 	if (param.str !== undefined ||
+1668 	    param.hex !== undefined) {
+1669 	    this.asn1KID = new _DEROctetString(param);
+1670 	} else if ((typeof param === "object" &&
+1671 		    KJUR.crypto.Util.isKey(param)) ||
+1672 		   (typeof param === "string" &&
+1673 		    param.indexOf("BEGIN") != -1)) {
 1674 
-1675 	    var kid = KEYUTIL.getKeyID(keyobj);
-1676 	    this.asn1KID = new KJUR.asn1.DEROctetString({hex: kid});
-1677 	}
-1678     };
+1675 	    var keyobj = param;
+1676 	    if (typeof param === "string") {
+1677 		keyobj = KEYUTIL.getKey(param);
+1678 	    }
 1679 
-1680     this.oid = "2.5.29.14";
-1681     if (params !== undefined) {
-1682 	if (params.kid !== undefined) {
-1683 	    this.setKIDByParam(params.kid);
-1684 	}
-1685     }
-1686 };
-1687 YAHOO.lang.extend(KJUR.asn1.x509.SubjectKeyIdentifier, KJUR.asn1.x509.Extension);
-1688 
-1689 /**
-1690  * AuthorityInfoAccess ASN.1 structure class
-1691  * @name KJUR.asn1.x509.AuthorityInfoAccess
-1692  * @class AuthorityInfoAccess ASN.1 structure class
-1693  * @param {Array} params JSON object of AuthorityInfoAccess parameters
-1694  * @extends KJUR.asn1.x509.Extension
-1695  * @since asn1x509 1.0.8
-1696  * @see {@link X509#getExtAuthorityInfoAccess}
-1697  * @description
-1698  * This class represents 
-1699  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.2.1">
-1700  * AuthorityInfoAccess extension defined in RFC 5280 4.2.2.1</a>.
-1701  * <pre>
-1702  * id-pe OBJECT IDENTIFIER  ::=  { id-pkix 1 }
-1703  * id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
-1704  * AuthorityInfoAccessSyntax  ::=
-1705  *         SEQUENCE SIZE (1..MAX) OF AccessDescription
-1706  * AccessDescription  ::=  SEQUENCE {
-1707  *         accessMethod          OBJECT IDENTIFIER,
-1708  *         accessLocation        GeneralName  }
-1709  * id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
-1710  * id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
-1711  * id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
-1712  * </pre>
-1713  * NOTE: Acceptable parameters have been changed since
-1714  * from jsrsasign 9.0.0 asn1x509 2.0.0.
-1715  * Parameter generated by {@link X509#getAuthorityInfoAccess}
-1716  * can be accepted as a argument of this constructor.
-1717  * @example
-1718  * e1 = new KJUR.asn1.x509.AuthorityInfoAccess({
-1719  *   array: [
-1720  *     {ocsp: 'http://ocsp.example.org'},
-1721  *     {caissuer: 'https://repository.example.org/aaa.crt'}
-1722  *   ]
-1723  * });
-1724  */
-1725 KJUR.asn1.x509.AuthorityInfoAccess = function(params) {
-1726     KJUR.asn1.x509.AuthorityInfoAccess.superclass.constructor.call(this, params);
-1727 
-1728     this.setAccessDescriptionArray = function(aParam) {
-1729         var aASN1 = new Array(),
-1730 	    _KJUR = KJUR,
-1731 	    _KJUR_asn1 = _KJUR.asn1,
-1732 	    _DERSequence = _KJUR_asn1.DERSequence,
-1733 	    _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
-1734 	    _GeneralName = _KJUR_asn1.x509.GeneralName;
-1735 
-1736         for (var i = 0; i < aParam.length; i++) {
-1737 	    var adseq;
-1738 	    var adparam = aParam[i];
-1739 
-1740 	    if (adparam.ocsp !== undefined) {
-1741 		adseq = new _DERSequence({array: [
-1742 		    new _DERObjectIdentifier({oid: "1.3.6.1.5.5.7.48.1"}),
-1743 		    new _GeneralName({uri: adparam.ocsp})
-1744 		]});
-1745 	    } else if (adparam.caissuer !== undefined) {
+1680 	    var kid = KEYUTIL.getKeyID(keyobj);
+1681 	    this.asn1KID = new KJUR.asn1.DEROctetString({hex: kid});
+1682 	}
+1683     };
+1684 
+1685     this.oid = "2.5.29.14";
+1686     if (params !== undefined) {
+1687 	if (params.kid !== undefined) {
+1688 	    this.setKIDByParam(params.kid);
+1689 	}
+1690     }
+1691 };
+1692 YAHOO.lang.extend(KJUR.asn1.x509.SubjectKeyIdentifier, KJUR.asn1.x509.Extension);
+1693 
+1694 /**
+1695  * AuthorityInfoAccess ASN.1 structure class
+1696  * @name KJUR.asn1.x509.AuthorityInfoAccess
+1697  * @class AuthorityInfoAccess ASN.1 structure class
+1698  * @param {Array} params JSON object of AuthorityInfoAccess parameters
+1699  * @extends KJUR.asn1.x509.Extension
+1700  * @since asn1x509 1.0.8
+1701  * @see {@link X509#getExtAuthorityInfoAccess}
+1702  * @description
+1703  * This class represents 
+1704  * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.2.1">
+1705  * AuthorityInfoAccess extension defined in RFC 5280 4.2.2.1</a>.
+1706  * <pre>
+1707  * id-pe OBJECT IDENTIFIER  ::=  { id-pkix 1 }
+1708  * id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
+1709  * AuthorityInfoAccessSyntax  ::=
+1710  *         SEQUENCE SIZE (1..MAX) OF AccessDescription
+1711  * AccessDescription  ::=  SEQUENCE {
+1712  *         accessMethod          OBJECT IDENTIFIER,
+1713  *         accessLocation        GeneralName  }
+1714  * id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
+1715  * id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
+1716  * id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
+1717  * </pre>
+1718  * NOTE: Acceptable parameters have been changed since
+1719  * from jsrsasign 9.0.0 asn1x509 2.0.0.
+1720  * Parameter generated by {@link X509#getAuthorityInfoAccess}
+1721  * can be accepted as a argument of this constructor.
+1722  * @example
+1723  * e1 = new KJUR.asn1.x509.AuthorityInfoAccess({
+1724  *   array: [
+1725  *     {ocsp: 'http://ocsp.example.org'},
+1726  *     {caissuer: 'https://repository.example.org/aaa.crt'}
+1727  *   ]
+1728  * });
+1729  */
+1730 KJUR.asn1.x509.AuthorityInfoAccess = function(params) {
+1731     KJUR.asn1.x509.AuthorityInfoAccess.superclass.constructor.call(this, params);
+1732 
+1733     this.setAccessDescriptionArray = function(aParam) {
+1734         var aASN1 = new Array(),
+1735 	    _KJUR = KJUR,
+1736 	    _KJUR_asn1 = _KJUR.asn1,
+1737 	    _DERSequence = _KJUR_asn1.DERSequence,
+1738 	    _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
+1739 	    _GeneralName = _KJUR_asn1.x509.GeneralName;
+1740 
+1741         for (var i = 0; i < aParam.length; i++) {
+1742 	    var adseq;
+1743 	    var adparam = aParam[i];
+1744 
+1745 	    if (adparam.ocsp !== undefined) {
 1746 		adseq = new _DERSequence({array: [
-1747 		    new _DERObjectIdentifier({oid: "1.3.6.1.5.5.7.48.2"}),
-1748 		    new _GeneralName({uri: adparam.caissuer})
+1747 		    new _DERObjectIdentifier({oid: "1.3.6.1.5.5.7.48.1"}),
+1748 		    new _GeneralName({uri: adparam.ocsp})
 1749 		]});
-1750 	    } else {
-1751 		throw new Error("unknown AccessMethod parameter: " +
-1752 				JSON.stringify(adparam));
-1753 	    }
-1754 	    aASN1.push(adseq);
-1755         }
-1756         this.asn1ExtnValue = new _DERSequence({'array':aASN1});
-1757     };
-1758 
-1759     this.getExtnValueHex = function() {
-1760         return this.asn1ExtnValue.getEncodedHex();
-1761     };
-1762 
-1763     this.oid = "1.3.6.1.5.5.7.1.1";
-1764     if (params !== undefined) {
-1765         if (params.array !== undefined) {
-1766             this.setAccessDescriptionArray(params.array);
-1767         }
-1768     }
-1769 };
-1770 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityInfoAccess, KJUR.asn1.x509.Extension);
-1771 
-1772 /**
-1773  * SubjectAltName ASN.1 structure class<br/>
-1774  * @name KJUR.asn1.x509.SubjectAltName
-1775  * @class SubjectAltName ASN.1 structure class
-1776  * @param {Array} params associative array of parameters
-1777  * @extends KJUR.asn1.x509.Extension
-1778  * @since jsrsasign 6.2.3 asn1x509 1.0.19
-1779  * @see KJUR.asn1.x509.GeneralNames
-1780  * @see KJUR.asn1.x509.GeneralName
-1781  * @description
-1782  * This class provides X.509v3 SubjectAltName extension.
-1783  * <pre>
-1784  * id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 }
-1785  * SubjectAltName ::= GeneralNames
-1786  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-1787  * GeneralName ::= CHOICE {
-1788  *   otherName                  [0] OtherName,
-1789  *   rfc822Name                 [1] IA5String,
-1790  *   dNSName                    [2] IA5String,
-1791  *   x400Address                [3] ORAddress,
-1792  *   directoryName              [4] Name,
-1793  *   ediPartyName               [5] EDIPartyName,
-1794  *   uniformResourceIdentifier  [6] IA5String,
-1795  *   iPAddress                  [7] OCTET STRING,
-1796  *   registeredID               [8] OBJECT IDENTIFIER }
-1797  * </pre>
-1798  * @example
-1799  * e1 = new KJUR.asn1.x509.SubjectAltName({
-1800  *   critical: true,
-1801  *   array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]
-1802  * });
-1803  */
-1804 KJUR.asn1.x509.SubjectAltName = function(params) {
-1805     KJUR.asn1.x509.SubjectAltName.superclass.constructor.call(this, params)
-1806 
-1807     this.setNameArray = function(paramsArray) {
-1808 	this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray);
-1809     };
-1810 
-1811     this.getExtnValueHex = function() {
-1812         return this.asn1ExtnValue.getEncodedHex();
-1813     };
-1814 
-1815     this.oid = "2.5.29.17";
-1816     if (params !== undefined) {
-1817         if (params.array !== undefined) {
-1818             this.setNameArray(params.array);
-1819         }
-1820     }
-1821 };
-1822 YAHOO.lang.extend(KJUR.asn1.x509.SubjectAltName, KJUR.asn1.x509.Extension);
-1823 
-1824 /**
-1825  * IssuerAltName ASN.1 structure class<br/>
-1826  * @name KJUR.asn1.x509.IssuerAltName
-1827  * @class IssuerAltName ASN.1 structure class
-1828  * @param {Array} params associative array of parameters
-1829  * @extends KJUR.asn1.x509.Extension
-1830  * @since jsrsasign 6.2.3 asn1x509 1.0.19
-1831  * @see KJUR.asn1.x509.GeneralNames
-1832  * @see KJUR.asn1.x509.GeneralName
-1833  * @description
-1834  * This class provides X.509v3 IssuerAltName extension.
-1835  * <pre>
-1836  * id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 18 }
-1837  * IssuerAltName ::= GeneralNames
-1838  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-1839  * GeneralName ::= CHOICE {
-1840  *   otherName                  [0] OtherName,
-1841  *   rfc822Name                 [1] IA5String,
-1842  *   dNSName                    [2] IA5String,
-1843  *   x400Address                [3] ORAddress,
-1844  *   directoryName              [4] Name,
-1845  *   ediPartyName               [5] EDIPartyName,
-1846  *   uniformResourceIdentifier  [6] IA5String,
-1847  *   iPAddress                  [7] OCTET STRING,
-1848  *   registeredID               [8] OBJECT IDENTIFIER }
-1849  * </pre>
-1850  * @example
-1851  * e1 = new KJUR.asn1.x509.IssuerAltName({
-1852  *   critical: true,
-1853  *   array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]
-1854  * });
-1855  */
-1856 KJUR.asn1.x509.IssuerAltName = function(params) {
-1857     KJUR.asn1.x509.IssuerAltName.superclass.constructor.call(this, params)
-1858 
-1859     this.setNameArray = function(paramsArray) {
-1860 	this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray);
-1861     };
-1862 
-1863     this.getExtnValueHex = function() {
-1864         return this.asn1ExtnValue.getEncodedHex();
-1865     };
-1866 
-1867     this.oid = "2.5.29.18";
-1868     if (params !== undefined) {
-1869         if (params.array !== undefined) {
-1870             this.setNameArray(params.array);
-1871         }
-1872     }
-1873 };
-1874 YAHOO.lang.extend(KJUR.asn1.x509.IssuerAltName, KJUR.asn1.x509.Extension);
-1875 
-1876 /**
-1877  * priavte extension ASN.1 structure class<br/>
-1878  * @name KJUR.asn1.x509.PrivateExtension
-1879  * @class private extension ASN.1 structure class
-1880  * @param {Array} params JSON object of private extension
-1881  * @extends KJUR.asn1.x509.Extension
-1882  * @since jsrsasign 9.1.1 asn1x509 
-1883  * @see KJUR.asn1.ASN1Util.newObject
-1884  *
-1885  * @description
-1886  * This class is to represent private extension or 
-1887  * unsupported extension. 
-1888  * <pre>
-1889  * Extension  ::=  SEQUENCE  {
-1890  *      extnID      OBJECT IDENTIFIER,
-1891  *      critical    BOOLEAN DEFAULT FALSE,
-1892  *      extnValue   OCTET STRING }
-1893  * </pre>
-1894  * Following properties can be set for JSON parameter:
-1895  * <ul>
-1896  * <li>{String}extname - string of OID or predefined extension name</li>
-1897  * <li>{Boolean}critical - critical flag</li>
-1898  * <li>{Object}extn - hexadecimal string or 
-1899  * of {@link KJUR.asn1.ASN1Util.newObject} 
-1900  * JSON parameter for extnValue field</li>
-1901  * </li>
-1902  * </ul>
-1903  *
-1904  * @example
-1905  * // extn by hexadecimal
-1906  * new KJUR.asn1.x509.PrivateExtension({
-1907  *   extname: "1.2.3.4",
-1908  *   critical: true,
-1909  *   extn: "13026161" // means PrintableString "aa"
-1910  * });
-1911  *
-1912  * // extn by JSON parameter
-1913  * new KJUR.asn1.x509.PrivateExtension({
-1914  *   extname: "1.2.3.5",
-1915  *   extn: {seq: [{prnstr:"abc"},{utf8str:"def"}]}
-1916  * });
-1917  */
-1918 KJUR.asn1.x509.PrivateExtension = function(params) {
-1919     KJUR.asn1.x509.PrivateExtension.superclass.constructor.call(this, params)
-1920 
-1921     var _KJUR = KJUR,
-1922 	_isHex = _KJUR.lang.String.isHex,
-1923 	_KJUR_asn1 = _KJUR.asn1,
-1924 	_name2oid = _KJUR_asn1.x509.OID.name2oid,
-1925 	_newObject = _KJUR_asn1.ASN1Util.newObject;
-1926 
-1927     this.params = null;
-1928 
-1929     this.setByParam = function(params) {
-1930 	this.oid = _name2oid(params.extname);
-1931 	this.params = params;
-1932     };
+1750 	    } else if (adparam.caissuer !== undefined) {
+1751 		adseq = new _DERSequence({array: [
+1752 		    new _DERObjectIdentifier({oid: "1.3.6.1.5.5.7.48.2"}),
+1753 		    new _GeneralName({uri: adparam.caissuer})
+1754 		]});
+1755 	    } else {
+1756 		throw new Error("unknown AccessMethod parameter: " +
+1757 				JSON.stringify(adparam));
+1758 	    }
+1759 	    aASN1.push(adseq);
+1760         }
+1761         this.asn1ExtnValue = new _DERSequence({'array':aASN1});
+1762     };
+1763 
+1764     this.getExtnValueHex = function() {
+1765         return this.asn1ExtnValue.getEncodedHex();
+1766     };
+1767 
+1768     this.oid = "1.3.6.1.5.5.7.1.1";
+1769     if (params !== undefined) {
+1770         if (params.array !== undefined) {
+1771             this.setAccessDescriptionArray(params.array);
+1772         }
+1773     }
+1774 };
+1775 YAHOO.lang.extend(KJUR.asn1.x509.AuthorityInfoAccess, KJUR.asn1.x509.Extension);
+1776 
+1777 /**
+1778  * SubjectAltName ASN.1 structure class<br/>
+1779  * @name KJUR.asn1.x509.SubjectAltName
+1780  * @class SubjectAltName ASN.1 structure class
+1781  * @param {Array} params associative array of parameters
+1782  * @extends KJUR.asn1.x509.Extension
+1783  * @since jsrsasign 6.2.3 asn1x509 1.0.19
+1784  * @see KJUR.asn1.x509.GeneralNames
+1785  * @see KJUR.asn1.x509.GeneralName
+1786  * @description
+1787  * This class provides X.509v3 SubjectAltName extension.
+1788  * <pre>
+1789  * id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 }
+1790  * SubjectAltName ::= GeneralNames
+1791  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+1792  * GeneralName ::= CHOICE {
+1793  *   otherName                  [0] OtherName,
+1794  *   rfc822Name                 [1] IA5String,
+1795  *   dNSName                    [2] IA5String,
+1796  *   x400Address                [3] ORAddress,
+1797  *   directoryName              [4] Name,
+1798  *   ediPartyName               [5] EDIPartyName,
+1799  *   uniformResourceIdentifier  [6] IA5String,
+1800  *   iPAddress                  [7] OCTET STRING,
+1801  *   registeredID               [8] OBJECT IDENTIFIER }
+1802  * </pre>
+1803  * @example
+1804  * e1 = new KJUR.asn1.x509.SubjectAltName({
+1805  *   critical: true,
+1806  *   array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]
+1807  * });
+1808  */
+1809 KJUR.asn1.x509.SubjectAltName = function(params) {
+1810     KJUR.asn1.x509.SubjectAltName.superclass.constructor.call(this, params)
+1811 
+1812     this.setNameArray = function(paramsArray) {
+1813 	this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray);
+1814     };
+1815 
+1816     this.getExtnValueHex = function() {
+1817         return this.asn1ExtnValue.getEncodedHex();
+1818     };
+1819 
+1820     this.oid = "2.5.29.17";
+1821     if (params !== undefined) {
+1822         if (params.array !== undefined) {
+1823             this.setNameArray(params.array);
+1824         }
+1825     }
+1826 };
+1827 YAHOO.lang.extend(KJUR.asn1.x509.SubjectAltName, KJUR.asn1.x509.Extension);
+1828 
+1829 /**
+1830  * IssuerAltName ASN.1 structure class<br/>
+1831  * @name KJUR.asn1.x509.IssuerAltName
+1832  * @class IssuerAltName ASN.1 structure class
+1833  * @param {Array} params associative array of parameters
+1834  * @extends KJUR.asn1.x509.Extension
+1835  * @since jsrsasign 6.2.3 asn1x509 1.0.19
+1836  * @see KJUR.asn1.x509.GeneralNames
+1837  * @see KJUR.asn1.x509.GeneralName
+1838  * @description
+1839  * This class provides X.509v3 IssuerAltName extension.
+1840  * <pre>
+1841  * id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 18 }
+1842  * IssuerAltName ::= GeneralNames
+1843  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+1844  * GeneralName ::= CHOICE {
+1845  *   otherName                  [0] OtherName,
+1846  *   rfc822Name                 [1] IA5String,
+1847  *   dNSName                    [2] IA5String,
+1848  *   x400Address                [3] ORAddress,
+1849  *   directoryName              [4] Name,
+1850  *   ediPartyName               [5] EDIPartyName,
+1851  *   uniformResourceIdentifier  [6] IA5String,
+1852  *   iPAddress                  [7] OCTET STRING,
+1853  *   registeredID               [8] OBJECT IDENTIFIER }
+1854  * </pre>
+1855  * @example
+1856  * e1 = new KJUR.asn1.x509.IssuerAltName({
+1857  *   critical: true,
+1858  *   array: [{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]
+1859  * });
+1860  */
+1861 KJUR.asn1.x509.IssuerAltName = function(params) {
+1862     KJUR.asn1.x509.IssuerAltName.superclass.constructor.call(this, params)
+1863 
+1864     this.setNameArray = function(paramsArray) {
+1865 	this.asn1ExtnValue = new KJUR.asn1.x509.GeneralNames(paramsArray);
+1866     };
+1867 
+1868     this.getExtnValueHex = function() {
+1869         return this.asn1ExtnValue.getEncodedHex();
+1870     };
+1871 
+1872     this.oid = "2.5.29.18";
+1873     if (params !== undefined) {
+1874         if (params.array !== undefined) {
+1875             this.setNameArray(params.array);
+1876         }
+1877     }
+1878 };
+1879 YAHOO.lang.extend(KJUR.asn1.x509.IssuerAltName, KJUR.asn1.x509.Extension);
+1880 
+1881 /**
+1882  * priavte extension ASN.1 structure class<br/>
+1883  * @name KJUR.asn1.x509.PrivateExtension
+1884  * @class private extension ASN.1 structure class
+1885  * @param {Array} params JSON object of private extension
+1886  * @extends KJUR.asn1.x509.Extension
+1887  * @since jsrsasign 9.1.1 asn1x509 
+1888  * @see KJUR.asn1.ASN1Util.newObject
+1889  *
+1890  * @description
+1891  * This class is to represent private extension or 
+1892  * unsupported extension. 
+1893  * <pre>
+1894  * Extension  ::=  SEQUENCE  {
+1895  *      extnID      OBJECT IDENTIFIER,
+1896  *      critical    BOOLEAN DEFAULT FALSE,
+1897  *      extnValue   OCTET STRING }
+1898  * </pre>
+1899  * Following properties can be set for JSON parameter:
+1900  * <ul>
+1901  * <li>{String}extname - string of OID or predefined extension name</li>
+1902  * <li>{Boolean}critical - critical flag</li>
+1903  * <li>{Object}extn - hexadecimal string or 
+1904  * of {@link KJUR.asn1.ASN1Util.newObject} 
+1905  * JSON parameter for extnValue field</li>
+1906  * </li>
+1907  * </ul>
+1908  *
+1909  * @example
+1910  * // extn by hexadecimal
+1911  * new KJUR.asn1.x509.PrivateExtension({
+1912  *   extname: "1.2.3.4",
+1913  *   critical: true,
+1914  *   extn: "13026161" // means PrintableString "aa"
+1915  * });
+1916  *
+1917  * // extn by JSON parameter
+1918  * new KJUR.asn1.x509.PrivateExtension({
+1919  *   extname: "1.2.3.5",
+1920  *   extn: {seq: [{prnstr:"abc"},{utf8str:"def"}]}
+1921  * });
+1922  */
+1923 KJUR.asn1.x509.PrivateExtension = function(params) {
+1924     KJUR.asn1.x509.PrivateExtension.superclass.constructor.call(this, params)
+1925 
+1926     var _KJUR = KJUR,
+1927 	_isHex = _KJUR.lang.String.isHex,
+1928 	_KJUR_asn1 = _KJUR.asn1,
+1929 	_name2oid = _KJUR_asn1.x509.OID.name2oid,
+1930 	_newObject = _KJUR_asn1.ASN1Util.newObject;
+1931 
+1932     this.params = null;
 1933 
-1934     this.getExtnValueHex = function() {
-1935 	if (this.params.extname == undefined ||
-1936 	    this.params.extn == undefined) {
-1937 	    throw new Error("extname or extnhex not specified");
-1938 	}
-1939 
-1940 	var extn = this.params.extn;
-1941 	if (typeof extn == "string" && _isHex(extn)) {
-1942 	    return extn;
-1943 	} else if (typeof extn == "object") {
-1944 	    try {
-1945 		return _newObject(extn).getEncodedHex();
-1946 	    } catch(ex) {}
-1947 	}
-1948 	throw new Error("unsupported extn value");
-1949     };
-1950 
-1951     if (params != undefined) {
-1952 	this.setByParam(params);
-1953     }
-1954 };
-1955 YAHOO.lang.extend(KJUR.asn1.x509.PrivateExtension, KJUR.asn1.x509.Extension);
-1956 
-1957 // === END   X.509v3 Extensions Related =======================================
-1958 
-1959 // === BEGIN CRL Related ===================================================
-1960 /**
-1961  * X.509 CRL class to sign and generate hex encoded CRL<br/>
-1962  * @name KJUR.asn1.x509.CRL
-1963  * @class X.509 CRL class to sign and generate hex encoded certificate
-1964  * @property {Array} params JSON object of parameters
-1965  * @param {Array} params JSON object of CRL parameters
-1966  * @extends KJUR.asn1.ASN1Object
-1967  * @since 1.0.3
-1968  * @see KJUR.asn1.x509.TBSCertList
-1969  * 
-1970  * @description
-1971  * This class represents CertificateList ASN.1 structur of X.509 CRL
-1972  * defined in <a href="https://tools.ietf.org/html/rfc5280#section-5.1">
-1973  * RFC 5280 5.1</a>
-1974  * <pre>
-1975  * CertificateList  ::=  SEQUENCE  {
-1976  *     tbsCertList          TBSCertList,
-1977  *     signatureAlgorithm   AlgorithmIdentifier,
-1978  *     signatureValue       BIT STRING  }
-1979  * </pre>
-1980  * NOTE: CRL class is updated without backward 
-1981  * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0.
-1982  * Most of methods are removed and parameters can be set
-1983  * by JSON object.
-1984  * <br/>
-1985  * Constructor of this class can accept all
-1986  * parameters of {@link KJUR.asn1.x509.TBSCertList}.
-1987  * It also accept following parameters additionally:
-1988  * <ul>
-1989  * <li>{TBSCertList}tbsobj (OPTION) - 
-1990  * specifies {@link KJUR.asn1.x509.TBSCertList} 
-1991  * object to be signed if needed. 
-1992  * When this isn't specified, 
-1993  * this will be set from other parametes of TBSCertList.</li>
-1994  * <li>{Object}cakey (OPTION) - specifies CRL signing private key.
-1995  * Parameter "cakey" or "sighex" shall be specified. Following
-1996  * values can be specified:
-1997  *   <ul>
-1998  *   <li>PKCS#1/5 or PKCS#8 PEM string of private key</li>
-1999  *   <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful
-2000  *   to generate a key object.</li>
-2001  *   </ul>
-2002  * </li>
-2003  * <li>{String}sighex (OPTION) - hexadecimal string of signature value
-2004  * (i.e. ASN.1 value(V) of signatureValue BIT STRING without
-2005  * unused bits)</li>
-2006  * </ul>
-2007  *
-2008  * @example
-2009  * var crl = new KJUR.asn1.x509.CRL({
-2010  *  sigalg: "SHA256withRSA",
-2011  *  issuer: {str:'/C=JP/O=Test1'},
-2012  *  thisupdate: "200821235959Z",
-2013  *  nextupdate: "200828235959Z", // OPTION
-2014  *  revcert: [{sn: {hex: "12ab"}, date: "200401235959Z"}],
-2015  *  ext: [
-2016  *   {extname: "cRLNumber", num: {'int': 8}},
-2017  *   {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}}
-2018  *  ],
-2019  *  cakey: prvkey
-2020  * });
-2021  * crl.getEncodedHex() → "30..."
-2022  * crl.getPEM() → "-----BEGIN X509 CRL..."
-2023  */
-2024 KJUR.asn1.x509.CRL = function(params) {
-2025     KJUR.asn1.x509.CRL.superclass.constructor.call(this);
-2026     var _KJUR = KJUR,
-2027 	_KJUR_asn1 = _KJUR.asn1,
-2028 	_DERSequence = _KJUR_asn1.DERSequence,
-2029 	_DERBitString = _KJUR_asn1.DERBitString,
-2030 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
-2031 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
-2032 	_TBSCertList = _KJUR_asn1_x509.TBSCertList;
-2033 
-2034     this.params = undefined;
-2035 
-2036     this.setByParam = function(params) {
-2037 	this.params = params;
-2038     };
-2039 
-2040     /**
-2041      * sign CRL<br/>
-2042      * @name sign
-2043      * @memberOf KJUR.asn1.x509.CRL#
-2044      * @function
-2045      * @description
-2046      * This method signs TBSCertList with a specified 
-2047      * private key and algorithm by 
-2048      * this.params.cakey and this.params.sigalg parameter.
-2049      * @example
-2050      * crl = new KJUR.asn1.x509.CRL({..., cakey:prvkey});
-2051      * crl.sign()
-2052      */
-2053     this.sign = function() {
-2054 	var hTBSCL = (new _TBSCertList(this.params)).getEncodedHex();
-2055 	var sig = new KJUR.crypto.Signature({alg: this.params.sigalg});
-2056 	sig.init(this.params.cakey);
-2057 	sig.updateHex(hTBSCL);
-2058 	var sighex = sig.sign();
-2059 	this.params.sighex = sighex;
-2060     };
-2061 
-2062     /**
-2063      * get PEM formatted CRL string after signed<br/>
-2064      * @name getPEM
-2065      * @memberOf KJUR.asn1.x509.CRL#
-2066      * @function
-2067      * @return PEM formatted string of CRL
-2068      * @since jsrsasign 9.1.0 asn1hex 2.1.0
-2069      * @description
-2070      * This method returns a string of PEM formatted 
-2071      * CRL.
-2072      * @example
-2073      * crl = new KJUR.asn1.x509.CRL({...});
-2074      * crl.getPEM() →
-2075      * "-----BEGIN X509 CRL-----\r\n..."
-2076      */
-2077     this.getPEM = function() {
-2078 	return hextopem(this.getEncodedHex(), "X509 CRL");
-2079     };
-2080 
-2081     this.getEncodedHex = function() {
-2082 	var params = this.params;
-2083 
-2084 	if (params.tbsobj == undefined) {
-2085 	    params.tbsobj = new _TBSCertList(params);
-2086 	}
-2087 
-2088 	if (params.sighex == undefined && params.cakey != undefined) {
-2089 	    this.sign();
-2090 	}
-2091 
-2092 	if (params.sighex == undefined) {
-2093 	    throw new Error("sighex or cakey parameter not defined");
-2094 	}
-2095 	
-2096 	var a = [];
-2097 	a.push(params.tbsobj);
-2098 	a.push(new _AlgorithmIdentifier({name: params.sigalg}));
-2099 	a.push(new _DERBitString({hex: "00" + params.sighex}));
-2100 	var seq = new _DERSequence({array: a});
-2101 	return seq.getEncodedHex();
-2102     };
-2103 
-2104     if (params != undefined) this.params = params;
-2105 };
-2106 YAHOO.lang.extend(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object);
-2107 
-2108 /**
-2109  * ASN.1 TBSCertList ASN.1 structure class for CRL<br/>
-2110  * @name KJUR.asn1.x509.TBSCertList
-2111  * @class TBSCertList ASN.1 structure class for CRL
-2112  * @property {Array} params JSON object of parameters
-2113  * @param {Array} params JSON object of TBSCertList parameters
-2114  * @extends KJUR.asn1.ASN1Object
-2115  * @since 1.0.3
-2116  *
-2117  * @description
-2118  * This class represents TBSCertList of CRL defined in
-2119  * <a href="https://tools.ietf.org/html/rfc5280#section-5.1">
-2120  * RFC 5280 5.1</a>.
-2121  * <pre>
-2122  * TBSCertList  ::=  SEQUENCE  {
-2123  *       version                 Version OPTIONAL,
-2124  *                                    -- if present, MUST be v2
-2125  *       signature               AlgorithmIdentifier,
-2126  *       issuer                  Name,
-2127  *       thisUpdate              Time,
-2128  *       nextUpdate              Time OPTIONAL,
-2129  *       revokedCertificates     SEQUENCE OF SEQUENCE  {
-2130  *            userCertificate         CertificateSerialNumber,
-2131  *            revocationDate          Time,
-2132  *            crlEntryExtensions      Extensions OPTIONAL
-2133  *                                     -- if present, version MUST be v2
-2134  *                                 }  OPTIONAL,
-2135  *       crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
-2136  * }
-2137  * </pre>
-2138  * NOTE: TBSCertList class is updated without backward 
-2139  * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0.
-2140  * Most of methods are removed and parameters can be set
-2141  * by JSON object.
-2142  * <br/>
-2143  * Constructor of this class may have following parameters:
-2144  * <ul>
-2145  * <li>{Integer}version (OPTION) - version number. Omitted by default.</li>
-2146  * <li>{String}sigalg - signature algorithm name</li>
-2147  * <li>{Array}issuer - issuer parameter of {@link KJUR.asn1.x509.X500Name}</li>
-2148  * <li>{String}thisupdate - thisUpdate field value</li>
-2149  * <li>{String}nextupdate (OPTION) - thisUpdate field value</li>
-2150  * <li>{Array}revcert (OPTION) - revokedCertificates field value as array
-2151  *   Its element may have following property:
-2152  *   <ul>
-2153  *   <li>{Array}sn - serialNumber of userCertificate field specified
-2154  *   by {@link KJUR.asn1.DERInteger}</li>
-2155  *   <li>{String}date - revocationDate field specified by
-2156  *   a string of {@link KJUR.asn1.x509.Time} parameter</li>
-2157  *   <li>{Array}ext (OPTION) - array of CRL entry extension parameter</li>
-2158  *   </ul>
-2159  * </li>
-2160  * </ul>
-2161  * 
-2162  * @example
-2163  * var o = new KJUR.asn1.x509.TBSCertList({
-2164  *  sigalg: "SHA256withRSA",
-2165  *  issuer: {array: [[{type:'C',value:'JP',ds:'prn'}],
-2166  *                   [{type:'O',value:'T1',ds:'prn'}]]},
-2167  *  thisupdate: "200821235959Z",
-2168  *  nextupdate: "200828235959Z", // OPTION
-2169  *  revcert: [
-2170  *   {sn: {hex: "12ab"}, date: "200401235959Z", ext: [{extname: "cRLReason", code:1}]},
-2171  *   {sn: {hex: "12bc"}, date: "200405235959Z", ext: [{extname: "cRLReason", code:2}]}
-2172  *  ],
-2173  *  ext: [
-2174  *   {extname: "cRLNumber", num: {'int': 8}},
-2175  *   {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}}
-2176  *  ]
-2177  * });
-2178  * o.getEncodedHex() → "30..."
-2179  */
-2180 KJUR.asn1.x509.TBSCertList = function(params) {
-2181     KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this);
-2182     var	_KJUR = KJUR,
-2183 	_KJUR_asn1 = _KJUR.asn1,
-2184 	_DERInteger = _KJUR_asn1.DERInteger,
-2185 	_DERSequence = _KJUR_asn1.DERSequence,
-2186 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
-2187 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
-2188 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
-2189 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
-2190 	_Time = _KJUR_asn1_x509.Time,
-2191 	_Extensions = _KJUR_asn1_x509.Extensions,
-2192 	_X500Name = _KJUR_asn1_x509.X500Name;
-2193     this.params = null;
-2194 
-2195     /**
-2196      * get array of ASN.1 object for extensions<br/>
-2197      * @name setByParam
-2198      * @memberOf KJUR.asn1.x509.TBSCertList#
-2199      * @function
-2200      * @param {Array} JSON object of TBSCertList parameters
-2201      * @example
-2202      * tbsc = new KJUR.asn1.x509.TBSCertificate();
-2203      * tbsc.setByParam({version:3, serial:{hex:'1234...'},...});
-2204      */
-2205     this.setByParam = function(params) {
-2206 	this.params = params;
-2207     };
-2208 
-2209     /**
-2210      * get DERSequence for revokedCertificates<br/>
-2211      * @name getRevCertSequence
-2212      * @memberOf KJUR.asn1.x509.TBSCertList#
-2213      * @function
-2214      * @return {@link KJUR.asn1.DERSequence} of revokedCertificates
-2215      */
-2216     this.getRevCertSequence = function() {
-2217 	var a = [];
-2218 	var aRevCert = this.params.revcert;
-2219 	for (var i = 0; i < aRevCert.length; i++) {
-2220 	    var aEntry = [
-2221 		new _DERInteger(aRevCert[i].sn),
-2222 		new _Time(aRevCert[i].date)
-2223 	    ];
-2224 	    if (aRevCert[i].ext != undefined) {
-2225 		aEntry.push(new _Extensions(aRevCert[i].ext));
-2226 	    }
-2227 	    a.push(new _DERSequence({array: aEntry}));
-2228 	}
-2229 	return new _DERSequence({array: a});
-2230     };
-2231 
-2232     this.getEncodedHex = function() {
-2233 	var a = [];
-2234 	var params = this.params;
-2235 
-2236 	if (params.version != undefined) {
-2237 	    var version = params.version - 1; 
-2238 	    var obj = new _DERInteger({'int': version});
-2239 	    a.push(obj);
-2240 	}
-2241 
-2242 	a.push(new _AlgorithmIdentifier({name: params.sigalg}));
-2243 	a.push(new _X500Name(params.issuer));
-2244 	a.push(new _Time(params.thisupdate));
-2245 	if (params.nextupdate != undefined) 
-2246 	    a.push(new _Time(params.nextupdate))
-2247 	if (params.revcert != undefined) {
-2248 	    a.push(this.getRevCertSequence());
-2249 	}
-2250 	if (params.ext != undefined) {
-2251 	    var dExt = new _Extensions(params.ext);
-2252 	    a.push(new _DERTaggedObject({tag:'a0',
-2253 					 explicit:true,
-2254 					 obj:dExt}));
-2255 	}
-2256 
-2257 	var seq = new _DERSequence({array: a});
-2258 	return seq.getEncodedHex();
-2259     };
-2260 
-2261     if (params !== undefined) this.setByParam(params);
-2262 };
-2263 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object);
-2264 
-2265 /**
-2266  * ASN.1 CRLEntry structure class for CRL (DEPRECATED)<br/>
-2267  * @name KJUR.asn1.x509.CRLEntry
-2268  * @class ASN.1 CRLEntry structure class for CRL
-2269  * @param {Array} params JSON object for CRL entry parameter
-2270  * @extends KJUR.asn1.ASN1Object
-2271  * @since 1.0.3
-2272  * @see KJUR.asn1.x509.TBSCertList
-2273  * @deprecated since jsrsasign 9.1.0 asn1x509 2.1.0
-2274  * @description
-2275  * This class is to represent revokedCertificate in TBSCertList.
-2276  * However this is no more used by TBSCertList since
-2277  * jsrsasign 9.1.0. So this class have been deprecated in 
-2278  * jsrsasign 9.1.0.
-2279  * <pre>
-2280  * revokedCertificates     SEQUENCE OF SEQUENCE  {
-2281  *     userCertificate         CertificateSerialNumber,
-2282  *     revocationDate          Time,
-2283  *     crlEntryExtensions      Extensions OPTIONAL
-2284  *                             -- if present, version MUST be v2 }
-2285  * </pre>
-2286  * @example
-2287  * var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}});
-2288  */
-2289 KJUR.asn1.x509.CRLEntry = function(params) {
-2290     KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);
-2291     var sn = null,
-2292 	time = null,
-2293 	_KJUR = KJUR,
-2294 	_KJUR_asn1 = _KJUR.asn1;
-2295 
-2296     /**
-2297      * set DERInteger parameter for serial number of revoked certificate
-2298      * @name setCertSerial
-2299      * @memberOf KJUR.asn1.x509.CRLEntry
-2300      * @function
-2301      * @param {Array} intParam DERInteger parameter for certificate serial number
-2302      * @description
-2303      * @example
-2304      * entry.setCertSerial({'int': 3});
-2305      */
-2306     this.setCertSerial = function(intParam) {
-2307         this.sn = new _KJUR_asn1.DERInteger(intParam);
-2308     };
-2309 
-2310     /**
-2311      * set Time parameter for revocation date
-2312      * @name setRevocationDate
-2313      * @memberOf KJUR.asn1.x509.CRLEntry
-2314      * @function
-2315      * @param {Array} timeParam Time parameter for revocation date
-2316      * @description
-2317      * @example
-2318      * entry.setRevocationDate({'str': '130508235959Z'});
-2319      */
-2320     this.setRevocationDate = function(timeParam) {
-2321         this.time = new _KJUR_asn1.x509.Time(timeParam);
-2322     };
-2323 
-2324     this.getEncodedHex = function() {
-2325         var o = new _KJUR_asn1.DERSequence({"array": [this.sn, this.time]});
-2326         this.TLV = o.getEncodedHex();
-2327         return this.TLV;
-2328     };
-2329 
-2330     if (params !== undefined) {
-2331         if (params.time !== undefined) {
-2332             this.setRevocationDate(params.time);
-2333         }
-2334         if (params.sn !== undefined) {
-2335             this.setCertSerial(params.sn);
-2336         }
-2337     }
-2338 };
-2339 YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object);
-2340 
-2341 /**
-2342  * CRLNumber CRL extension ASN.1 structure class<br/>
-2343  * @name KJUR.asn1.x509.CRLNumber
-2344  * @class CRLNumber CRL extension ASN.1 structure class
-2345  * @extends KJUR.asn1.x509.Extension
-2346  * @since jsrsasign 9.1.0 asn1x509 2.1.0
-2347  * @see KJUR.asn1.x509.TBSCertList
-2348  * @see KJUR.asn1.x509.Extensions
-2349  * @description
-2350  * This class represents ASN.1 structure for
-2351  * CRLNumber CRL extension defined in
-2352  * <a href="https://tools.ietf.org/html/rfc5280#section-5.2.3">
-2353  * RFC 5280 5.2.3</a>.
-2354  * <pre>
-2355  * id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
-2356  * CRLNumber ::= INTEGER (0..MAX)
-2357  * </pre>
-2358  * Constructor of this class may have following parameters:
-2359  * <ul>
-2360  * <li>{String}extname - name "cRLNumber". It is ignored in this class but
-2361  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
-2362  * <li>{Object}num - CRLNumber value to specify
-2363  * {@link KJUR.asn1.DERInteger} parameter.</li>
-2364  * <li>{Boolean}critical - critical flag. Generally false and not specified
-2365  * in this class.(OPTION)</li>
-2366  * </ul>
-2367  *
-2368  * @example
-2369  * new KJUR.asn1.x509.CRLNumber({extname:'cRLNumber',
-2370  *                               num:{'int':147}})
-2371  */
-2372 KJUR.asn1.x509.CRLNumber = function(params) {
-2373     KJUR.asn1.x509.CRLNumber.superclass.constructor.call(this, params);
-2374     this.params = undefined;
-2375 
-2376     this.getExtnValueHex = function() {
-2377         this.asn1ExtnValue = new KJUR.asn1.DERInteger(this.params.num);
-2378         return this.asn1ExtnValue.getEncodedHex();
-2379     };
+1934     this.setByParam = function(params) {
+1935 	this.oid = _name2oid(params.extname);
+1936 	this.params = params;
+1937     };
+1938 
+1939     this.getExtnValueHex = function() {
+1940 	if (this.params.extname == undefined ||
+1941 	    this.params.extn == undefined) {
+1942 	    throw new Error("extname or extnhex not specified");
+1943 	}
+1944 
+1945 	var extn = this.params.extn;
+1946 	if (typeof extn == "string" && _isHex(extn)) {
+1947 	    return extn;
+1948 	} else if (typeof extn == "object") {
+1949 	    try {
+1950 		return _newObject(extn).getEncodedHex();
+1951 	    } catch(ex) {}
+1952 	}
+1953 	throw new Error("unsupported extn value");
+1954     };
+1955 
+1956     if (params != undefined) {
+1957 	this.setByParam(params);
+1958     }
+1959 };
+1960 YAHOO.lang.extend(KJUR.asn1.x509.PrivateExtension, KJUR.asn1.x509.Extension);
+1961 
+1962 // === END   X.509v3 Extensions Related =======================================
+1963 
+1964 // === BEGIN CRL Related ===================================================
+1965 /**
+1966  * X.509 CRL class to sign and generate hex encoded CRL<br/>
+1967  * @name KJUR.asn1.x509.CRL
+1968  * @class X.509 CRL class to sign and generate hex encoded certificate
+1969  * @property {Array} params JSON object of parameters
+1970  * @param {Array} params JSON object of CRL parameters
+1971  * @extends KJUR.asn1.ASN1Object
+1972  * @since 1.0.3
+1973  * @see KJUR.asn1.x509.TBSCertList
+1974  * 
+1975  * @description
+1976  * This class represents CertificateList ASN.1 structur of X.509 CRL
+1977  * defined in <a href="https://tools.ietf.org/html/rfc5280#section-5.1">
+1978  * RFC 5280 5.1</a>
+1979  * <pre>
+1980  * CertificateList  ::=  SEQUENCE  {
+1981  *     tbsCertList          TBSCertList,
+1982  *     signatureAlgorithm   AlgorithmIdentifier,
+1983  *     signatureValue       BIT STRING  }
+1984  * </pre>
+1985  * NOTE: CRL class is updated without backward 
+1986  * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0.
+1987  * Most of methods are removed and parameters can be set
+1988  * by JSON object.
+1989  * <br/>
+1990  * Constructor of this class can accept all
+1991  * parameters of {@link KJUR.asn1.x509.TBSCertList}.
+1992  * It also accept following parameters additionally:
+1993  * <ul>
+1994  * <li>{TBSCertList}tbsobj (OPTION) - 
+1995  * specifies {@link KJUR.asn1.x509.TBSCertList} 
+1996  * object to be signed if needed. 
+1997  * When this isn't specified, 
+1998  * this will be set from other parametes of TBSCertList.</li>
+1999  * <li>{Object}cakey (OPTION) - specifies CRL signing private key.
+2000  * Parameter "cakey" or "sighex" shall be specified. Following
+2001  * values can be specified:
+2002  *   <ul>
+2003  *   <li>PKCS#1/5 or PKCS#8 PEM string of private key</li>
+2004  *   <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful
+2005  *   to generate a key object.</li>
+2006  *   </ul>
+2007  * </li>
+2008  * <li>{String}sighex (OPTION) - hexadecimal string of signature value
+2009  * (i.e. ASN.1 value(V) of signatureValue BIT STRING without
+2010  * unused bits)</li>
+2011  * </ul>
+2012  *
+2013  * @example
+2014  * var crl = new KJUR.asn1.x509.CRL({
+2015  *  sigalg: "SHA256withRSA",
+2016  *  issuer: {str:'/C=JP/O=Test1'},
+2017  *  thisupdate: "200821235959Z",
+2018  *  nextupdate: "200828235959Z", // OPTION
+2019  *  revcert: [{sn: {hex: "12ab"}, date: "200401235959Z"}],
+2020  *  ext: [
+2021  *   {extname: "cRLNumber", num: {'int': 8}},
+2022  *   {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}}
+2023  *  ],
+2024  *  cakey: prvkey
+2025  * });
+2026  * crl.getEncodedHex() → "30..."
+2027  * crl.getPEM() → "-----BEGIN X509 CRL..."
+2028  */
+2029 KJUR.asn1.x509.CRL = function(params) {
+2030     KJUR.asn1.x509.CRL.superclass.constructor.call(this);
+2031     var _KJUR = KJUR,
+2032 	_KJUR_asn1 = _KJUR.asn1,
+2033 	_DERSequence = _KJUR_asn1.DERSequence,
+2034 	_DERBitString = _KJUR_asn1.DERBitString,
+2035 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+2036 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
+2037 	_TBSCertList = _KJUR_asn1_x509.TBSCertList;
+2038 
+2039     this.params = undefined;
+2040 
+2041     this.setByParam = function(params) {
+2042 	this.params = params;
+2043     };
+2044 
+2045     /**
+2046      * sign CRL<br/>
+2047      * @name sign
+2048      * @memberOf KJUR.asn1.x509.CRL#
+2049      * @function
+2050      * @description
+2051      * This method signs TBSCertList with a specified 
+2052      * private key and algorithm by 
+2053      * this.params.cakey and this.params.sigalg parameter.
+2054      * @example
+2055      * crl = new KJUR.asn1.x509.CRL({..., cakey:prvkey});
+2056      * crl.sign()
+2057      */
+2058     this.sign = function() {
+2059 	var hTBSCL = (new _TBSCertList(this.params)).getEncodedHex();
+2060 	var sig = new KJUR.crypto.Signature({alg: this.params.sigalg});
+2061 	sig.init(this.params.cakey);
+2062 	sig.updateHex(hTBSCL);
+2063 	var sighex = sig.sign();
+2064 	this.params.sighex = sighex;
+2065     };
+2066 
+2067     /**
+2068      * get PEM formatted CRL string after signed<br/>
+2069      * @name getPEM
+2070      * @memberOf KJUR.asn1.x509.CRL#
+2071      * @function
+2072      * @return PEM formatted string of CRL
+2073      * @since jsrsasign 9.1.0 asn1hex 2.1.0
+2074      * @description
+2075      * This method returns a string of PEM formatted 
+2076      * CRL.
+2077      * @example
+2078      * crl = new KJUR.asn1.x509.CRL({...});
+2079      * crl.getPEM() →
+2080      * "-----BEGIN X509 CRL-----\r\n..."
+2081      */
+2082     this.getPEM = function() {
+2083 	return hextopem(this.getEncodedHex(), "X509 CRL");
+2084     };
+2085 
+2086     this.getEncodedHex = function() {
+2087 	var params = this.params;
+2088 
+2089 	if (params.tbsobj == undefined) {
+2090 	    params.tbsobj = new _TBSCertList(params);
+2091 	}
+2092 
+2093 	if (params.sighex == undefined && params.cakey != undefined) {
+2094 	    this.sign();
+2095 	}
+2096 
+2097 	if (params.sighex == undefined) {
+2098 	    throw new Error("sighex or cakey parameter not defined");
+2099 	}
+2100 	
+2101 	var a = [];
+2102 	a.push(params.tbsobj);
+2103 	a.push(new _AlgorithmIdentifier({name: params.sigalg}));
+2104 	a.push(new _DERBitString({hex: "00" + params.sighex}));
+2105 	var seq = new _DERSequence({array: a});
+2106 	return seq.getEncodedHex();
+2107     };
+2108 
+2109     if (params != undefined) this.params = params;
+2110 };
+2111 YAHOO.lang.extend(KJUR.asn1.x509.CRL, KJUR.asn1.ASN1Object);
+2112 
+2113 /**
+2114  * ASN.1 TBSCertList ASN.1 structure class for CRL<br/>
+2115  * @name KJUR.asn1.x509.TBSCertList
+2116  * @class TBSCertList ASN.1 structure class for CRL
+2117  * @property {Array} params JSON object of parameters
+2118  * @param {Array} params JSON object of TBSCertList parameters
+2119  * @extends KJUR.asn1.ASN1Object
+2120  * @since 1.0.3
+2121  *
+2122  * @description
+2123  * This class represents TBSCertList of CRL defined in
+2124  * <a href="https://tools.ietf.org/html/rfc5280#section-5.1">
+2125  * RFC 5280 5.1</a>.
+2126  * <pre>
+2127  * TBSCertList  ::=  SEQUENCE  {
+2128  *       version                 Version OPTIONAL,
+2129  *                                    -- if present, MUST be v2
+2130  *       signature               AlgorithmIdentifier,
+2131  *       issuer                  Name,
+2132  *       thisUpdate              Time,
+2133  *       nextUpdate              Time OPTIONAL,
+2134  *       revokedCertificates     SEQUENCE OF SEQUENCE  {
+2135  *            userCertificate         CertificateSerialNumber,
+2136  *            revocationDate          Time,
+2137  *            crlEntryExtensions      Extensions OPTIONAL
+2138  *                                     -- if present, version MUST be v2
+2139  *                                 }  OPTIONAL,
+2140  *       crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
+2141  * }
+2142  * </pre>
+2143  * NOTE: TBSCertList class is updated without backward 
+2144  * compatibility from jsrsasign 9.1.0 asn1x509 2.1.0.
+2145  * Most of methods are removed and parameters can be set
+2146  * by JSON object.
+2147  * <br/>
+2148  * Constructor of this class may have following parameters:
+2149  * <ul>
+2150  * <li>{Integer}version (OPTION) - version number. Omitted by default.</li>
+2151  * <li>{String}sigalg - signature algorithm name</li>
+2152  * <li>{Array}issuer - issuer parameter of {@link KJUR.asn1.x509.X500Name}</li>
+2153  * <li>{String}thisupdate - thisUpdate field value</li>
+2154  * <li>{String}nextupdate (OPTION) - thisUpdate field value</li>
+2155  * <li>{Array}revcert (OPTION) - revokedCertificates field value as array
+2156  *   Its element may have following property:
+2157  *   <ul>
+2158  *   <li>{Array}sn - serialNumber of userCertificate field specified
+2159  *   by {@link KJUR.asn1.DERInteger}</li>
+2160  *   <li>{String}date - revocationDate field specified by
+2161  *   a string of {@link KJUR.asn1.x509.Time} parameter</li>
+2162  *   <li>{Array}ext (OPTION) - array of CRL entry extension parameter</li>
+2163  *   </ul>
+2164  * </li>
+2165  * </ul>
+2166  * 
+2167  * @example
+2168  * var o = new KJUR.asn1.x509.TBSCertList({
+2169  *  sigalg: "SHA256withRSA",
+2170  *  issuer: {array: [[{type:'C',value:'JP',ds:'prn'}],
+2171  *                   [{type:'O',value:'T1',ds:'prn'}]]},
+2172  *  thisupdate: "200821235959Z",
+2173  *  nextupdate: "200828235959Z", // OPTION
+2174  *  revcert: [
+2175  *   {sn: {hex: "12ab"}, date: "200401235959Z", ext: [{extname: "cRLReason", code:1}]},
+2176  *   {sn: {hex: "12bc"}, date: "200405235959Z", ext: [{extname: "cRLReason", code:2}]}
+2177  *  ],
+2178  *  ext: [
+2179  *   {extname: "cRLNumber", num: {'int': 8}},
+2180  *   {extname: "authorityKeyIdentifier", "kid": {hex: "12ab"}}
+2181  *  ]
+2182  * });
+2183  * o.getEncodedHex() → "30..."
+2184  */
+2185 KJUR.asn1.x509.TBSCertList = function(params) {
+2186     KJUR.asn1.x509.TBSCertList.superclass.constructor.call(this);
+2187     var	_KJUR = KJUR,
+2188 	_KJUR_asn1 = _KJUR.asn1,
+2189 	_DERInteger = _KJUR_asn1.DERInteger,
+2190 	_DERSequence = _KJUR_asn1.DERSequence,
+2191 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
+2192 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
+2193 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+2194 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
+2195 	_Time = _KJUR_asn1_x509.Time,
+2196 	_Extensions = _KJUR_asn1_x509.Extensions,
+2197 	_X500Name = _KJUR_asn1_x509.X500Name;
+2198     this.params = null;
+2199 
+2200     /**
+2201      * get array of ASN.1 object for extensions<br/>
+2202      * @name setByParam
+2203      * @memberOf KJUR.asn1.x509.TBSCertList#
+2204      * @function
+2205      * @param {Array} JSON object of TBSCertList parameters
+2206      * @example
+2207      * tbsc = new KJUR.asn1.x509.TBSCertificate();
+2208      * tbsc.setByParam({version:3, serial:{hex:'1234...'},...});
+2209      */
+2210     this.setByParam = function(params) {
+2211 	this.params = params;
+2212     };
+2213 
+2214     /**
+2215      * get DERSequence for revokedCertificates<br/>
+2216      * @name getRevCertSequence
+2217      * @memberOf KJUR.asn1.x509.TBSCertList#
+2218      * @function
+2219      * @return {@link KJUR.asn1.DERSequence} of revokedCertificates
+2220      */
+2221     this.getRevCertSequence = function() {
+2222 	var a = [];
+2223 	var aRevCert = this.params.revcert;
+2224 	for (var i = 0; i < aRevCert.length; i++) {
+2225 	    var aEntry = [
+2226 		new _DERInteger(aRevCert[i].sn),
+2227 		new _Time(aRevCert[i].date)
+2228 	    ];
+2229 	    if (aRevCert[i].ext != undefined) {
+2230 		aEntry.push(new _Extensions(aRevCert[i].ext));
+2231 	    }
+2232 	    a.push(new _DERSequence({array: aEntry}));
+2233 	}
+2234 	return new _DERSequence({array: a});
+2235     };
+2236 
+2237     this.getEncodedHex = function() {
+2238 	var a = [];
+2239 	var params = this.params;
+2240 
+2241 	if (params.version != undefined) {
+2242 	    var version = params.version - 1; 
+2243 	    var obj = new _DERInteger({'int': version});
+2244 	    a.push(obj);
+2245 	}
+2246 
+2247 	a.push(new _AlgorithmIdentifier({name: params.sigalg}));
+2248 	a.push(new _X500Name(params.issuer));
+2249 	a.push(new _Time(params.thisupdate));
+2250 	if (params.nextupdate != undefined) 
+2251 	    a.push(new _Time(params.nextupdate))
+2252 	if (params.revcert != undefined) {
+2253 	    a.push(this.getRevCertSequence());
+2254 	}
+2255 	if (params.ext != undefined) {
+2256 	    var dExt = new _Extensions(params.ext);
+2257 	    a.push(new _DERTaggedObject({tag:'a0',
+2258 					 explicit:true,
+2259 					 obj:dExt}));
+2260 	}
+2261 
+2262 	var seq = new _DERSequence({array: a});
+2263 	return seq.getEncodedHex();
+2264     };
+2265 
+2266     if (params !== undefined) this.setByParam(params);
+2267 };
+2268 YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList, KJUR.asn1.ASN1Object);
+2269 
+2270 /**
+2271  * ASN.1 CRLEntry structure class for CRL (DEPRECATED)<br/>
+2272  * @name KJUR.asn1.x509.CRLEntry
+2273  * @class ASN.1 CRLEntry structure class for CRL
+2274  * @param {Array} params JSON object for CRL entry parameter
+2275  * @extends KJUR.asn1.ASN1Object
+2276  * @since 1.0.3
+2277  * @see KJUR.asn1.x509.TBSCertList
+2278  * @deprecated since jsrsasign 9.1.0 asn1x509 2.1.0
+2279  * @description
+2280  * This class is to represent revokedCertificate in TBSCertList.
+2281  * However this is no more used by TBSCertList since
+2282  * jsrsasign 9.1.0. So this class have been deprecated in 
+2283  * jsrsasign 9.1.0.
+2284  * <pre>
+2285  * revokedCertificates     SEQUENCE OF SEQUENCE  {
+2286  *     userCertificate         CertificateSerialNumber,
+2287  *     revocationDate          Time,
+2288  *     crlEntryExtensions      Extensions OPTIONAL
+2289  *                             -- if present, version MUST be v2 }
+2290  * </pre>
+2291  * @example
+2292  * var e = new KJUR.asn1.x509.CRLEntry({'time': {'str': '130514235959Z'}, 'sn': {'int': 234}});
+2293  */
+2294 KJUR.asn1.x509.CRLEntry = function(params) {
+2295     KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);
+2296     var sn = null,
+2297 	time = null,
+2298 	_KJUR = KJUR,
+2299 	_KJUR_asn1 = _KJUR.asn1;
+2300 
+2301     /**
+2302      * set DERInteger parameter for serial number of revoked certificate
+2303      * @name setCertSerial
+2304      * @memberOf KJUR.asn1.x509.CRLEntry
+2305      * @function
+2306      * @param {Array} intParam DERInteger parameter for certificate serial number
+2307      * @description
+2308      * @example
+2309      * entry.setCertSerial({'int': 3});
+2310      */
+2311     this.setCertSerial = function(intParam) {
+2312         this.sn = new _KJUR_asn1.DERInteger(intParam);
+2313     };
+2314 
+2315     /**
+2316      * set Time parameter for revocation date
+2317      * @name setRevocationDate
+2318      * @memberOf KJUR.asn1.x509.CRLEntry
+2319      * @function
+2320      * @param {Array} timeParam Time parameter for revocation date
+2321      * @description
+2322      * @example
+2323      * entry.setRevocationDate({'str': '130508235959Z'});
+2324      */
+2325     this.setRevocationDate = function(timeParam) {
+2326         this.time = new _KJUR_asn1.x509.Time(timeParam);
+2327     };
+2328 
+2329     this.getEncodedHex = function() {
+2330         var o = new _KJUR_asn1.DERSequence({"array": [this.sn, this.time]});
+2331         this.TLV = o.getEncodedHex();
+2332         return this.TLV;
+2333     };
+2334 
+2335     if (params !== undefined) {
+2336         if (params.time !== undefined) {
+2337             this.setRevocationDate(params.time);
+2338         }
+2339         if (params.sn !== undefined) {
+2340             this.setCertSerial(params.sn);
+2341         }
+2342     }
+2343 };
+2344 YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry, KJUR.asn1.ASN1Object);
+2345 
+2346 /**
+2347  * CRLNumber CRL extension ASN.1 structure class<br/>
+2348  * @name KJUR.asn1.x509.CRLNumber
+2349  * @class CRLNumber CRL extension ASN.1 structure class
+2350  * @extends KJUR.asn1.x509.Extension
+2351  * @since jsrsasign 9.1.0 asn1x509 2.1.0
+2352  * @see KJUR.asn1.x509.TBSCertList
+2353  * @see KJUR.asn1.x509.Extensions
+2354  * @description
+2355  * This class represents ASN.1 structure for
+2356  * CRLNumber CRL extension defined in
+2357  * <a href="https://tools.ietf.org/html/rfc5280#section-5.2.3">
+2358  * RFC 5280 5.2.3</a>.
+2359  * <pre>
+2360  * id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
+2361  * CRLNumber ::= INTEGER (0..MAX)
+2362  * </pre>
+2363  * Constructor of this class may have following parameters:
+2364  * <ul>
+2365  * <li>{String}extname - name "cRLNumber". It is ignored in this class but
+2366  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
+2367  * <li>{Object}num - CRLNumber value to specify
+2368  * {@link KJUR.asn1.DERInteger} parameter.</li>
+2369  * <li>{Boolean}critical - critical flag. Generally false and not specified
+2370  * in this class.(OPTION)</li>
+2371  * </ul>
+2372  *
+2373  * @example
+2374  * new KJUR.asn1.x509.CRLNumber({extname:'cRLNumber',
+2375  *                               num:{'int':147}})
+2376  */
+2377 KJUR.asn1.x509.CRLNumber = function(params) {
+2378     KJUR.asn1.x509.CRLNumber.superclass.constructor.call(this, params);
+2379     this.params = undefined;
 2380 
-2381     this.oid = "2.5.29.20";
-2382     if (params != undefined) this.params = params;
-2383 };
-2384 YAHOO.lang.extend(KJUR.asn1.x509.CRLNumber, KJUR.asn1.x509.Extension);
+2381     this.getExtnValueHex = function() {
+2382         this.asn1ExtnValue = new KJUR.asn1.DERInteger(this.params.num);
+2383         return this.asn1ExtnValue.getEncodedHex();
+2384     };
 2385 
-2386 /**
-2387  * CRLReason CRL entry extension ASN.1 structure class<br/>
-2388  * @name KJUR.asn1.x509.CRLReason
-2389  * @class CRLReason CRL entry extension ASN.1 structure class
-2390  * @extends KJUR.asn1.x509.Extension
-2391  * @since jsrsasign 9.1.0 asn1x509 2.1.0
-2392  * @see KJUR.asn1.x509.TBSCertList
-2393  * @see KJUR.asn1.x509.Extensions
-2394  * @description
-2395  * This class represents ASN.1 structure for
-2396  * CRLReason CRL entry extension defined in
-2397  * <a href="https://tools.ietf.org/html/rfc5280#section-5.3.1">
-2398  * RFC 5280 5.3.1</a>
-2399  * <pre>
-2400  * id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
-2401  * -- reasonCode ::= { CRLReason }
-2402  * CRLReason ::= ENUMERATED {
-2403  *      unspecified             (0),
-2404  *      keyCompromise           (1),
-2405  *      cACompromise            (2),
-2406  *      affiliationChanged      (3),
-2407  *      superseded              (4),
-2408  *      cessationOfOperation    (5),
-2409  *      certificateHold         (6),
-2410  *      removeFromCRL           (8),
-2411  *      privilegeWithdrawn      (9),
-2412  *      aACompromise           (10) }
-2413  * </pre>
-2414  * Constructor of this class may have following parameters:
-2415  * <ul>
-2416  * <li>{String}extname - name "cRLReason". It is ignored in this class but
-2417  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
-2418  * <li>{Integer}code - reasonCode value</li>
-2419  * <li>{Boolean}critical - critical flag. Generally false and not specified
-2420  * in this class.(OPTION)</li>
-2421  * </ul>
-2422  *
-2423  * @example
-2424  * new KJUR.asn1.x509.CRLReason({extname:'cRLNumber',code:4})
-2425  */
-2426 KJUR.asn1.x509.CRLReason = function(params) {
-2427     KJUR.asn1.x509.CRLReason.superclass.constructor.call(this, params);
-2428     this.params = undefined;
-2429 
-2430     this.getExtnValueHex = function() {
-2431         this.asn1ExtnValue = new KJUR.asn1.DEREnumerated(this.params.code);
-2432         return this.asn1ExtnValue.getEncodedHex();
-2433     };
+2386     this.oid = "2.5.29.20";
+2387     if (params != undefined) this.params = params;
+2388 };
+2389 YAHOO.lang.extend(KJUR.asn1.x509.CRLNumber, KJUR.asn1.x509.Extension);
+2390 
+2391 /**
+2392  * CRLReason CRL entry extension ASN.1 structure class<br/>
+2393  * @name KJUR.asn1.x509.CRLReason
+2394  * @class CRLReason CRL entry extension ASN.1 structure class
+2395  * @extends KJUR.asn1.x509.Extension
+2396  * @since jsrsasign 9.1.0 asn1x509 2.1.0
+2397  * @see KJUR.asn1.x509.TBSCertList
+2398  * @see KJUR.asn1.x509.Extensions
+2399  * @description
+2400  * This class represents ASN.1 structure for
+2401  * CRLReason CRL entry extension defined in
+2402  * <a href="https://tools.ietf.org/html/rfc5280#section-5.3.1">
+2403  * RFC 5280 5.3.1</a>
+2404  * <pre>
+2405  * id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
+2406  * -- reasonCode ::= { CRLReason }
+2407  * CRLReason ::= ENUMERATED {
+2408  *      unspecified             (0),
+2409  *      keyCompromise           (1),
+2410  *      cACompromise            (2),
+2411  *      affiliationChanged      (3),
+2412  *      superseded              (4),
+2413  *      cessationOfOperation    (5),
+2414  *      certificateHold         (6),
+2415  *      removeFromCRL           (8),
+2416  *      privilegeWithdrawn      (9),
+2417  *      aACompromise           (10) }
+2418  * </pre>
+2419  * Constructor of this class may have following parameters:
+2420  * <ul>
+2421  * <li>{String}extname - name "cRLReason". It is ignored in this class but
+2422  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
+2423  * <li>{Integer}code - reasonCode value</li>
+2424  * <li>{Boolean}critical - critical flag. Generally false and not specified
+2425  * in this class.(OPTION)</li>
+2426  * </ul>
+2427  *
+2428  * @example
+2429  * new KJUR.asn1.x509.CRLReason({extname:'cRLNumber',code:4})
+2430  */
+2431 KJUR.asn1.x509.CRLReason = function(params) {
+2432     KJUR.asn1.x509.CRLReason.superclass.constructor.call(this, params);
+2433     this.params = undefined;
 2434 
-2435     this.oid = "2.5.29.21";
-2436     if (params != undefined) this.params = params;
-2437 };
-2438 YAHOO.lang.extend(KJUR.asn1.x509.CRLReason, KJUR.asn1.x509.Extension);
+2435     this.getExtnValueHex = function() {
+2436         this.asn1ExtnValue = new KJUR.asn1.DEREnumerated(this.params.code);
+2437         return this.asn1ExtnValue.getEncodedHex();
+2438     };
 2439 
-2440 // === END   CRL Related ===================================================
-2441 
-2442 // === BEGIN OCSP Related ===================================================
-2443 /**
-2444  * Nonce OCSP extension ASN.1 structure class<br/>
-2445  * @name KJUR.asn1.x509.OCSPNonce
-2446  * @class Nonce OCSP extension ASN.1 structure class
-2447  * @extends KJUR.asn1.x509.Extension
-2448  * @since jsrsasign 9.1.6 asn1x509 2.1.2
-2449  * @param {Array} params JSON object for Nonce extension
-2450  * @see KJUR.asn1.ocsp.ResponseData
-2451  * @see KJUR.asn1.x509.Extensions
-2452  * @see X509#getExtOCSPNonce
-2453  * @description
-2454  * This class represents
-2455  * Nonce OCSP extension value defined in
-2456  * <a href="https://tools.ietf.org/html/rfc6960#section-4.4.1">
-2457  * RFC 6960 4.4.1</a> as JSON object.
-2458  * <pre>
-2459  * id-pkix-ocsp           OBJECT IDENTIFIER ::= { id-ad-ocsp }
-2460  * id-pkix-ocsp-nonce     OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
-2461  * Nonce ::= OCTET STRING
-2462  * </pre>
-2463  * Constructor of this class may have following parameters:
-2464  * <ul>
-2465  * <li>{String}extname - name "ocspNonce". It is ignored in this class but
-2466  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
-2467  * <li>{String}hex - hexadecimal string of nonce value</li>
-2468  * <li>{Number}int - integer of nonce value. "hex" or "int" needs to be
-2469  * specified.</li>
-2470  * <li>{Boolean}critical - critical flag. Generally false and not specified
-2471  * in this class.(OPTION)</li>
-2472  * </ul>
-2473  *
-2474  * @example
-2475  * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNonce',
-2476  *                               hex: '12ab...'})
-2477  */
-2478 KJUR.asn1.x509.OCSPNonce = function(params) {
-2479     KJUR.asn1.x509.OCSPNonce.superclass.constructor.call(this, params);
-2480     this.params = undefined;
-2481 
-2482     this.getExtnValueHex = function() {
-2483         this.asn1ExtnValue = new KJUR.asn1.DEROctetString(this.params);
-2484         return this.asn1ExtnValue.getEncodedHex();
-2485     };
+2440     this.oid = "2.5.29.21";
+2441     if (params != undefined) this.params = params;
+2442 };
+2443 YAHOO.lang.extend(KJUR.asn1.x509.CRLReason, KJUR.asn1.x509.Extension);
+2444 
+2445 // === END   CRL Related ===================================================
+2446 
+2447 // === BEGIN OCSP Related ===================================================
+2448 /**
+2449  * Nonce OCSP extension ASN.1 structure class<br/>
+2450  * @name KJUR.asn1.x509.OCSPNonce
+2451  * @class Nonce OCSP extension ASN.1 structure class
+2452  * @extends KJUR.asn1.x509.Extension
+2453  * @since jsrsasign 9.1.6 asn1x509 2.1.2
+2454  * @param {Array} params JSON object for Nonce extension
+2455  * @see KJUR.asn1.ocsp.ResponseData
+2456  * @see KJUR.asn1.x509.Extensions
+2457  * @see X509#getExtOCSPNonce
+2458  * @description
+2459  * This class represents
+2460  * Nonce OCSP extension value defined in
+2461  * <a href="https://tools.ietf.org/html/rfc6960#section-4.4.1">
+2462  * RFC 6960 4.4.1</a> as JSON object.
+2463  * <pre>
+2464  * id-pkix-ocsp           OBJECT IDENTIFIER ::= { id-ad-ocsp }
+2465  * id-pkix-ocsp-nonce     OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
+2466  * Nonce ::= OCTET STRING
+2467  * </pre>
+2468  * Constructor of this class may have following parameters:
+2469  * <ul>
+2470  * <li>{String}extname - name "ocspNonce". It is ignored in this class but
+2471  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
+2472  * <li>{String}hex - hexadecimal string of nonce value</li>
+2473  * <li>{Number}int - integer of nonce value. "hex" or "int" needs to be
+2474  * specified.</li>
+2475  * <li>{Boolean}critical - critical flag. Generally false and not specified
+2476  * in this class.(OPTION)</li>
+2477  * </ul>
+2478  *
+2479  * @example
+2480  * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNonce',
+2481  *                               hex: '12ab...'})
+2482  */
+2483 KJUR.asn1.x509.OCSPNonce = function(params) {
+2484     KJUR.asn1.x509.OCSPNonce.superclass.constructor.call(this, params);
+2485     this.params = undefined;
 2486 
-2487     this.oid = "1.3.6.1.5.5.7.48.1.2";
-2488     if (params != undefined) this.params = params;
-2489 };
-2490 YAHOO.lang.extend(KJUR.asn1.x509.OCSPNonce, KJUR.asn1.x509.Extension);
+2487     this.getExtnValueHex = function() {
+2488         this.asn1ExtnValue = new KJUR.asn1.DEROctetString(this.params);
+2489         return this.asn1ExtnValue.getEncodedHex();
+2490     };
 2491 
-2492 /**
-2493  * OCSPNoCheck certificate ASN.1 structure class<br/>
-2494  * @name KJUR.asn1.x509.OCSPNoCheck
-2495  * @class OCSPNoCheck extension ASN.1 structure class
-2496  * @extends KJUR.asn1.x509.Extension
-2497  * @since jsrsasign 9.1.6 asn1x509 2.1.2
-2498  * @param {Array} params JSON object for OCSPNoCheck extension
-2499  * @see KJUR.asn1.x509.Extensions
-2500  * @see X509#getExtOCSPNoCheck
-2501  * @description
-2502  * This class represents
-2503  * OCSPNoCheck extension value defined in
-2504  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.2.2.1">
-2505  * RFC 6960 4.2.2.2.1</a> as JSON object.
-2506  * <pre>
-2507  * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
-2508  * </pre>
-2509  * Constructor of this class may have following parameters:
-2510  * <ul>
-2511  * <li>{String}extname - name "ocspNoCheck". It is ignored in this class but
-2512  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
-2513  * <li>{Boolean}critical - critical flag. Generally false and not specified
-2514  * in this class.(OPTION)</li>
-2515  * </ul>
-2516  *
-2517  * @example
-2518  * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNoCheck'})
-2519  */
-2520 KJUR.asn1.x509.OCSPNoCheck = function(params) {
-2521     KJUR.asn1.x509.OCSPNoCheck.superclass.constructor.call(this, params);
-2522     this.params = undefined;
-2523 
-2524     this.getExtnValueHex = function() {
-2525         this.asn1ExtnValue = new KJUR.asn1.DERNull();
-2526         return this.asn1ExtnValue.getEncodedHex();
-2527     };
+2492     this.oid = "1.3.6.1.5.5.7.48.1.2";
+2493     if (params != undefined) this.params = params;
+2494 };
+2495 YAHOO.lang.extend(KJUR.asn1.x509.OCSPNonce, KJUR.asn1.x509.Extension);
+2496 
+2497 /**
+2498  * OCSPNoCheck certificate ASN.1 structure class<br/>
+2499  * @name KJUR.asn1.x509.OCSPNoCheck
+2500  * @class OCSPNoCheck extension ASN.1 structure class
+2501  * @extends KJUR.asn1.x509.Extension
+2502  * @since jsrsasign 9.1.6 asn1x509 2.1.2
+2503  * @param {Array} params JSON object for OCSPNoCheck extension
+2504  * @see KJUR.asn1.x509.Extensions
+2505  * @see X509#getExtOCSPNoCheck
+2506  * @description
+2507  * This class represents
+2508  * OCSPNoCheck extension value defined in
+2509  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.2.2.1">
+2510  * RFC 6960 4.2.2.2.1</a> as JSON object.
+2511  * <pre>
+2512  * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
+2513  * </pre>
+2514  * Constructor of this class may have following parameters:
+2515  * <ul>
+2516  * <li>{String}extname - name "ocspNoCheck". It is ignored in this class but
+2517  * required to use with {@link KJUR.asn1.x509.Extensions} class. (OPTION)</li>
+2518  * <li>{Boolean}critical - critical flag. Generally false and not specified
+2519  * in this class.(OPTION)</li>
+2520  * </ul>
+2521  *
+2522  * @example
+2523  * new KJUR.asn1.x509.OCSPNonce({extname:'ocspNoCheck'})
+2524  */
+2525 KJUR.asn1.x509.OCSPNoCheck = function(params) {
+2526     KJUR.asn1.x509.OCSPNoCheck.superclass.constructor.call(this, params);
+2527     this.params = undefined;
 2528 
-2529     this.oid = "1.3.6.1.5.5.7.48.1.5";
-2530     if (params != undefined) this.params = params;
-2531 };
-2532 YAHOO.lang.extend(KJUR.asn1.x509.OCSPNoCheck, KJUR.asn1.x509.Extension);
+2529     this.getExtnValueHex = function() {
+2530         this.asn1ExtnValue = new KJUR.asn1.DERNull();
+2531         return this.asn1ExtnValue.getEncodedHex();
+2532     };
 2533 
-2534 // === END   OCSP Related ===================================================
-2535 
-2536 // === BEGIN Other X.509v3 Extensions========================================
-2537 
-2538 /**
-2539  * AdobeTimeStamp X.509v3 extension ASN.1 encoder class<br/>
-2540  * @name KJUR.asn1.x509.AdobeTimeStamp
-2541  * @class AdobeTimeStamp X.509v3 extension ASN.1 encoder class
-2542  * @extends KJUR.asn1.x509.Extension
-2543  * @since jsrsasign 10.0.1 asn1x509 2.1.4
-2544  * @param {Array} params JSON object for AdobeTimeStamp extension parameter
-2545  * @see KJUR.asn1.x509.Extensions
-2546  * @see X509#getExtAdobeTimeStamp
-2547  * @description
-2548  * This class represents
-2549  * AdobeTimeStamp X.509v3 extension value defined in
-2550  * <a href="https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSigDC/oids.html">
-2551  * Adobe site</a> as JSON object.
-2552  * <pre>
-2553  * adbe- OBJECT IDENTIFIER ::=  { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 }
-2554  *  ::= SEQUENCE {
-2555  *     version INTEGER  { v1(1) }, -- extension version
-2556  *     location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier)
-2557  *     requiresAuth        boolean (default false), OPTIONAL }
-2558  * </pre>
-2559  * Constructor of this class may have following parameters:
-2560  * <ul>
-2561  * <li>{String}uri - RFC 3161 time stamp service URL</li>
-2562  * <li>{Boolean}reqauth - authentication required or not</li>
-2563  * </ul>
-2564  * </pre>
-2565  * <br/>
-2566  * NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp".
-2567  * @example
-2568  * new KJUR.asn1.x509.AdobeTimesStamp({
-2569  *   uri: "http://tsa.example.com/",
-2570  *   reqauth: true
-2571  * }
-2572  */
-2573 KJUR.asn1.x509.AdobeTimeStamp = function(params) {
-2574     KJUR.asn1.x509.AdobeTimeStamp.superclass.constructor.call(this, params);
-2575 
-2576     var _KJUR = KJUR,
-2577 	_KJUR_asn1 = _KJUR.asn1,
-2578 	_DERInteger = _KJUR_asn1.DERInteger,
-2579 	_DERBoolean = _KJUR_asn1.DERBoolean,
-2580 	_DERSequence = _KJUR_asn1.DERSequence,
-2581 	_GeneralName = _KJUR_asn1.x509.GeneralName;
-2582 
-2583     this.params = null;
-2584 
-2585     this.getExtnValueHex = function() {
-2586 	var params = this.params;
-2587 	var a = [new _DERInteger(1)];
-2588 	a.push(new _GeneralName({uri: params.uri}));
-2589 	if (params.reqauth != undefined) {
-2590 	    a.push(new _DERBoolean(params.reqauth));
-2591 	}
-2592 
-2593         this.asn1ExtnValue = new _DERSequence({array: a});
-2594         return this.asn1ExtnValue.getEncodedHex();
-2595     };
-2596 
-2597     this.oid = "1.2.840.113583.1.1.9.1";
-2598     if (params !== undefined) this.setByParam(params);
-2599 };
-2600 YAHOO.lang.extend(KJUR.asn1.x509.AdobeTimeStamp, KJUR.asn1.x509.Extension);
-2601  
-2602 // === END   Other X.509v3 Extensions========================================
-2603 
-2604 
-2605 // === BEGIN X500Name Related =================================================
-2606 /**
-2607  * X500Name ASN.1 structure class
-2608  * @name KJUR.asn1.x509.X500Name
-2609  * @class X500Name ASN.1 structure class
-2610  * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'})
-2611  * @extends KJUR.asn1.ASN1Object
-2612  * @see KJUR.asn1.x509.X500Name
-2613  * @see KJUR.asn1.x509.RDN
-2614  * @see KJUR.asn1.x509.AttributeTypeAndValue
-2615  * @see X509#getX500Name
-2616  * @description
-2617  * This class provides DistinguishedName ASN.1 class structure
-2618  * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>.
-2619  * <blockquote><pre>
-2620  * DistinguishedName ::= RDNSequence
-2621  * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-2622  * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
-2623  *   AttributeTypeAndValue
-2624  * AttributeTypeAndValue ::= SEQUENCE {
-2625  *   type  AttributeType,
-2626  *   value AttributeValue }
-2627  * </pre></blockquote>
-2628  * <br/>
-2629  * Argument for the constructor can be one of following parameters:
-2630  * <ul>
-2631  * <li>{Array}array - array of {@link KJUR.asn1.x509.RDN} parameter</li>
-2632  * <li>`String}str - string for distingish name in OpenSSL One line foramt (ex: /C=US/O=test/CN=test) See <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">this</a> in detail.</li>
-2633  * <li>{String}ldapstr - string for distinguish name in LDAP format (ex: CN=test,O=test,C=US)</li>
-2634  * <li>{String}hex - hexadecimal string for ASN.1 distinguish name structure</li>
-2635  * <li>{String}certissuer - issuer name in the specified PEM certificate</li>
-2636  * <li>{String}certsubject - subject name in the specified PEM certificate</li>
-2637  * <li>{String}rule - DirectoryString rule (ex. "prn" or "utf8")</li>
-2638  * </ul>
-2639  * <br/>
-2640  * NOTE1: The "array" and "rule" parameters have been supported
-2641  * since jsrsasign 9.0.0 asn1x509 2.0.0.
-2642  * <br/>
-2643  * NOTE2: Multi-valued RDN in "str" parameter have been
-2644  * supported since jsrsasign 6.2.1 asn1x509 1.0.17.
-2645  * @example
-2646  * // 1. construct with array
-2647  * new KJUR.asn1.x509.X500Name({array:[
-2648  *   [{type:'C',value:'JP',ds:'prn'}],
-2649  *   [{type:'O',value:'aaa',ds:'utf8'}, // multi-valued RDN
-2650  *    {type:'CN',value:'bob@example.com',ds:'ia5'}]
-2651  * ]})
-2652 : "/C=US/O=aaa+CN=contact@example.com"}); // multi valued
-2653  * // 2. construct with string
-2654  * new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa+CN=contact@example.com"}); // multi valued
-2655  * // 3. construct by LDAP string
-2656  * new KJUR.asn1.x509.X500Name({ldapstr: "CN=foo@example.com,OU=bbb,C=US"});
-2657  * // 4. construct by ASN.1 hex string
-2658  * new KJUR.asn1.x509.X500Name({hex: "304c3120..."});
-2659  * // 5. construct by issuer of PEM certificate
-2660  * new KJUR.asn1.x509.X500Name({certsubject: "-----BEGIN CERT..."});
-2661  * // 6. construct by subject of PEM certificate
-2662  * new KJUR.asn1.x509.X500Name({certissuer: "-----BEGIN CERT..."});
-2663  * // 7. construct by object (DEPRECATED)
-2664  * new KJUR.asn1.x509.X500Name({C:"US",O:"aaa",CN:"http://example.com/"});
-2665  */
-2666 KJUR.asn1.x509.X500Name = function(params) {
-2667     KJUR.asn1.x509.X500Name.superclass.constructor.call(this);
-2668     this.asn1Array = [];
-2669     this.paramArray = [];
-2670     this.sRule = "utf8";
-2671     var _KJUR = KJUR,
-2672 	_KJUR_asn1 = _KJUR.asn1,
-2673 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
-2674 	_RDN = _KJUR_asn1_x509.RDN,
-2675 	_pemtohex = pemtohex;
-2676 
-2677     /**
-2678      * set DN by OpenSSL oneline distinguished name string<br/>
-2679      * @name setByString
-2680      * @memberOf KJUR.asn1.x509.X500Name#
-2681      * @function
-2682      * @param {String} dnStr distinguished name by string (ex. /C=US/O=aaa)
-2683      * @description
-2684      * Sets distinguished name by string. 
-2685      * dnStr must be formatted as 
-2686      * "/type0=value0/type1=value1/type2=value2...".
-2687      * No need to escape a slash in an attribute value.
-2688      * @example
-2689      * name = new KJUR.asn1.x509.X500Name();
-2690      * name.setByString("/C=US/O=aaa/OU=bbb/CN=foo@example.com");
-2691      * // no need to escape slash in an attribute value
-2692      * name.setByString("/C=US/O=aaa/CN=1980/12/31");
-2693      */
-2694     this.setByString = function(dnStr, sRule) {
-2695 	if (sRule !== undefined) this.sRule = sRule;
-2696         var a = dnStr.split('/');
-2697         a.shift();
-2698 
-2699 	var a1 = [];
-2700 	for (var i = 0; i < a.length; i++) {
-2701 	  if (a[i].match(/^[^=]+=.+$/)) {
-2702 	    a1.push(a[i]);
-2703 	  } else {
-2704 	    var lastidx = a1.length - 1;
-2705 	    a1[lastidx] = a1[lastidx] + "/" + a[i];
-2706 	  }
-2707 	}
-2708 
-2709         for (var i = 0; i < a1.length; i++) {
-2710             this.asn1Array.push(new _RDN({'str':a1[i], rule:this.sRule}));
-2711         }
-2712     };
+2534     this.oid = "1.3.6.1.5.5.7.48.1.5";
+2535     if (params != undefined) this.params = params;
+2536 };
+2537 YAHOO.lang.extend(KJUR.asn1.x509.OCSPNoCheck, KJUR.asn1.x509.Extension);
+2538 
+2539 // === END   OCSP Related ===================================================
+2540 
+2541 // === BEGIN Other X.509v3 Extensions========================================
+2542 
+2543 /**
+2544  * AdobeTimeStamp X.509v3 extension ASN.1 encoder class<br/>
+2545  * @name KJUR.asn1.x509.AdobeTimeStamp
+2546  * @class AdobeTimeStamp X.509v3 extension ASN.1 encoder class
+2547  * @extends KJUR.asn1.x509.Extension
+2548  * @since jsrsasign 10.0.1 asn1x509 2.1.4
+2549  * @param {Array} params JSON object for AdobeTimeStamp extension parameter
+2550  * @see KJUR.asn1.x509.Extensions
+2551  * @see X509#getExtAdobeTimeStamp
+2552  * @description
+2553  * This class represents
+2554  * AdobeTimeStamp X.509v3 extension value defined in
+2555  * <a href="https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSigDC/oids.html">
+2556  * Adobe site</a> as JSON object.
+2557  * <pre>
+2558  * adbe- OBJECT IDENTIFIER ::=  { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 }
+2559  *  ::= SEQUENCE {
+2560  *     version INTEGER  { v1(1) }, -- extension version
+2561  *     location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier)
+2562  *     requiresAuth        boolean (default false), OPTIONAL }
+2563  * </pre>
+2564  * Constructor of this class may have following parameters:
+2565  * <ul>
+2566  * <li>{String}uri - RFC 3161 time stamp service URL</li>
+2567  * <li>{Boolean}reqauth - authentication required or not</li>
+2568  * </ul>
+2569  * </pre>
+2570  * <br/>
+2571  * NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp".
+2572  * @example
+2573  * new KJUR.asn1.x509.AdobeTimesStamp({
+2574  *   uri: "http://tsa.example.com/",
+2575  *   reqauth: true
+2576  * }
+2577  */
+2578 KJUR.asn1.x509.AdobeTimeStamp = function(params) {
+2579     KJUR.asn1.x509.AdobeTimeStamp.superclass.constructor.call(this, params);
+2580 
+2581     var _KJUR = KJUR,
+2582 	_KJUR_asn1 = _KJUR.asn1,
+2583 	_DERInteger = _KJUR_asn1.DERInteger,
+2584 	_DERBoolean = _KJUR_asn1.DERBoolean,
+2585 	_DERSequence = _KJUR_asn1.DERSequence,
+2586 	_GeneralName = _KJUR_asn1.x509.GeneralName;
+2587 
+2588     this.params = null;
+2589 
+2590     this.getExtnValueHex = function() {
+2591 	var params = this.params;
+2592 	var a = [new _DERInteger(1)];
+2593 	a.push(new _GeneralName({uri: params.uri}));
+2594 	if (params.reqauth != undefined) {
+2595 	    a.push(new _DERBoolean(params.reqauth));
+2596 	}
+2597 
+2598         this.asn1ExtnValue = new _DERSequence({array: a});
+2599         return this.asn1ExtnValue.getEncodedHex();
+2600     };
+2601 
+2602     this.oid = "1.2.840.113583.1.1.9.1";
+2603     if (params !== undefined) this.setByParam(params);
+2604 };
+2605 YAHOO.lang.extend(KJUR.asn1.x509.AdobeTimeStamp, KJUR.asn1.x509.Extension);
+2606  
+2607 // === END   Other X.509v3 Extensions========================================
+2608 
+2609 
+2610 // === BEGIN X500Name Related =================================================
+2611 /**
+2612  * X500Name ASN.1 structure class
+2613  * @name KJUR.asn1.x509.X500Name
+2614  * @class X500Name ASN.1 structure class
+2615  * @param {Array} params associative array of parameters (ex. {'str': '/C=US/O=a'})
+2616  * @extends KJUR.asn1.ASN1Object
+2617  * @see KJUR.asn1.x509.X500Name
+2618  * @see KJUR.asn1.x509.RDN
+2619  * @see KJUR.asn1.x509.AttributeTypeAndValue
+2620  * @see X509#getX500Name
+2621  * @description
+2622  * This class provides DistinguishedName ASN.1 class structure
+2623  * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>.
+2624  * <blockquote><pre>
+2625  * DistinguishedName ::= RDNSequence
+2626  * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+2627  * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
+2628  *   AttributeTypeAndValue
+2629  * AttributeTypeAndValue ::= SEQUENCE {
+2630  *   type  AttributeType,
+2631  *   value AttributeValue }
+2632  * </pre></blockquote>
+2633  * <br/>
+2634  * Argument for the constructor can be one of following parameters:
+2635  * <ul>
+2636  * <li>{Array}array - array of {@link KJUR.asn1.x509.RDN} parameter</li>
+2637  * <li>`String}str - string for distingish name in OpenSSL One line foramt (ex: /C=US/O=test/CN=test) See <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">this</a> in detail.</li>
+2638  * <li>{String}ldapstr - string for distinguish name in LDAP format (ex: CN=test,O=test,C=US)</li>
+2639  * <li>{String}hex - hexadecimal string for ASN.1 distinguish name structure</li>
+2640  * <li>{String}certissuer - issuer name in the specified PEM certificate</li>
+2641  * <li>{String}certsubject - subject name in the specified PEM certificate</li>
+2642  * <li>{String}rule - DirectoryString rule (ex. "prn" or "utf8")</li>
+2643  * </ul>
+2644  * <br/>
+2645  * NOTE1: The "array" and "rule" parameters have been supported
+2646  * since jsrsasign 9.0.0 asn1x509 2.0.0.
+2647  * <br/>
+2648  * NOTE2: Multi-valued RDN in "str" parameter have been
+2649  * supported since jsrsasign 6.2.1 asn1x509 1.0.17.
+2650  * @example
+2651  * // 1. construct with array
+2652  * new KJUR.asn1.x509.X500Name({array:[
+2653  *   [{type:'C',value:'JP',ds:'prn'}],
+2654  *   [{type:'O',value:'aaa',ds:'utf8'}, // multi-valued RDN
+2655  *    {type:'CN',value:'bob@example.com',ds:'ia5'}]
+2656  * ]})
+2657 : "/C=US/O=aaa+CN=contact@example.com"}); // multi valued
+2658  * // 2. construct with string
+2659  * new KJUR.asn1.x509.X500Name({str: "/C=US/O=aaa+CN=contact@example.com"}); // multi valued
+2660  * // 3. construct by LDAP string
+2661  * new KJUR.asn1.x509.X500Name({ldapstr: "CN=foo@example.com,OU=bbb,C=US"});
+2662  * // 4. construct by ASN.1 hex string
+2663  * new KJUR.asn1.x509.X500Name({hex: "304c3120..."});
+2664  * // 5. construct by issuer of PEM certificate
+2665  * new KJUR.asn1.x509.X500Name({certsubject: "-----BEGIN CERT..."});
+2666  * // 6. construct by subject of PEM certificate
+2667  * new KJUR.asn1.x509.X500Name({certissuer: "-----BEGIN CERT..."});
+2668  * // 7. construct by object (DEPRECATED)
+2669  * new KJUR.asn1.x509.X500Name({C:"US",O:"aaa",CN:"http://example.com/"});
+2670  */
+2671 KJUR.asn1.x509.X500Name = function(params) {
+2672     KJUR.asn1.x509.X500Name.superclass.constructor.call(this);
+2673     this.asn1Array = [];
+2674     this.paramArray = [];
+2675     this.sRule = "utf8";
+2676     var _KJUR = KJUR,
+2677 	_KJUR_asn1 = _KJUR.asn1,
+2678 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+2679 	_RDN = _KJUR_asn1_x509.RDN,
+2680 	_pemtohex = pemtohex;
+2681 
+2682     /**
+2683      * set DN by OpenSSL oneline distinguished name string<br/>
+2684      * @name setByString
+2685      * @memberOf KJUR.asn1.x509.X500Name#
+2686      * @function
+2687      * @param {String} dnStr distinguished name by string (ex. /C=US/O=aaa)
+2688      * @description
+2689      * Sets distinguished name by string. 
+2690      * dnStr must be formatted as 
+2691      * "/type0=value0/type1=value1/type2=value2...".
+2692      * No need to escape a slash in an attribute value.
+2693      * @example
+2694      * name = new KJUR.asn1.x509.X500Name();
+2695      * name.setByString("/C=US/O=aaa/OU=bbb/CN=foo@example.com");
+2696      * // no need to escape slash in an attribute value
+2697      * name.setByString("/C=US/O=aaa/CN=1980/12/31");
+2698      */
+2699     this.setByString = function(dnStr, sRule) {
+2700 	if (sRule !== undefined) this.sRule = sRule;
+2701         var a = dnStr.split('/');
+2702         a.shift();
+2703 
+2704 	var a1 = [];
+2705 	for (var i = 0; i < a.length; i++) {
+2706 	  if (a[i].match(/^[^=]+=.+$/)) {
+2707 	    a1.push(a[i]);
+2708 	  } else {
+2709 	    var lastidx = a1.length - 1;
+2710 	    a1[lastidx] = a1[lastidx] + "/" + a[i];
+2711 	  }
+2712 	}
 2713 
-2714     /**
-2715      * set DN by LDAP(RFC 2253) distinguished name string<br/>
-2716      * @name setByLdapString
-2717      * @memberOf KJUR.asn1.x509.X500Name#
-2718      * @function
-2719      * @param {String} dnStr distinguished name by LDAP string (ex. O=aaa,C=US)
-2720      * @since jsrsasign 6.2.2 asn1x509 1.0.18
-2721      * @see {@link KJUR.asn1.x509.X500Name.ldapToCompat}
-2722      * @description
-2723      * @example
-2724      * name = new KJUR.asn1.x509.X500Name();
-2725      * name.setByLdapString("CN=foo@example.com,OU=bbb,O=aaa,C=US");
-2726      */
-2727     this.setByLdapString = function(dnStr, sRule) {
-2728 	if (sRule !== undefined) this.sRule = sRule;
-2729 	var compat = _KJUR_asn1_x509.X500Name.ldapToCompat(dnStr);
-2730 	this.setByString(compat, sRule);
-2731     };
-2732 
-2733     /**
-2734      * set DN by associative array<br/>
-2735      * @name setByObject
-2736      * @memberOf KJUR.asn1.x509.X500Name#
-2737      * @function
-2738      * @param {Array} dnObj associative array of DN (ex. {C: "US", O: "aaa"})
-2739      * @since jsrsasign 4.9. asn1x509 1.0.13
-2740      * @description
-2741      * @example
-2742      * name = new KJUR.asn1.x509.X500Name();
-2743      * name.setByObject({C: "US", O: "aaa", CN="http://example.com/"1});
-2744      */
-2745     this.setByObject = function(dnObj, sRule) {
-2746 	if (sRule !== undefined) this.sRule = sRule;
-2747 
-2748         // Get all the dnObject attributes and stuff them in the ASN.1 array.
-2749         for (var x in dnObj) {
-2750             if (dnObj.hasOwnProperty(x)) {
-2751                 var newRDN = new _RDN({str: x + '=' + dnObj[x], rule: this.sRule});
-2752                 // Initialize or push into the ANS1 array.
-2753                 this.asn1Array ? this.asn1Array.push(newRDN)
-2754                     : this.asn1Array = [newRDN];
-2755             }
-2756         }
-2757     };
-2758 
-2759     this.setByParam = function(params) {
-2760 	if (params.rule !== undefined) this.sRule = params.rule;
-2761 
-2762 	if (params.array !== undefined) {
-2763 	    this.paramArray = params.array;
-2764 	} else {
-2765             if (params.str !== undefined) {
-2766 		this.setByString(params.str);
-2767             } else if (params.ldapstr !== undefined) {
-2768 		this.setByLdapString(params.ldapstr);
-2769 	    } else if (params.hex !== undefined) {
-2770 		this.hTLV = params.hex;
-2771             } else if (params.certissuer !== undefined) {
-2772 		var x = new X509();
-2773 		x.readCertPEM(params.certissuer);
-2774 		this.hTLV = x.getIssuerHex();
-2775             } else if (params.certsubject !== undefined) {
-2776 		var x = new X509();
-2777 		x.readCertPEM(params.certsubject);
-2778 		this.hTLV = x.getSubjectHex();
-2779 		// If params is an object, then set the ASN1 array
-2780 		// just using the object attributes. 
-2781 		// This is nice for fields that have lots of special
-2782 		// characters (i.e. CN: 'https://www.github.com/kjur//').
-2783             } else if (typeof params === "object" &&
-2784 		       params.certsubject === undefined &&
-2785 		       params.certissuer === undefined) {
-2786 		this.setByObject(params);
-2787             }
-2788 	}
-2789     }
-2790 
-2791     this.getEncodedHex = function() {
-2792         if (typeof this.hTLV == "string") return this.hTLV;
-2793 
-2794 	if (this.asn1Array.length == 0 && this.paramArray.length > 0) {
-2795 	    for (var i = 0; i < this.paramArray.length; i++) {
-2796 		var param = {array: this.paramArray[i]};
-2797 		if (this.sRule != "utf8") param.rule = this.sRule;
-2798 		var asn1RDN = new _RDN(param);
-2799 		this.asn1Array.push(asn1RDN);
-2800 	    }
-2801 	}
-2802 
-2803         var o = new _KJUR_asn1.DERSequence({"array": this.asn1Array});
-2804         this.hTLV = o.getEncodedHex();
-2805         return this.hTLV;
-2806     };
+2714         for (var i = 0; i < a1.length; i++) {
+2715             this.asn1Array.push(new _RDN({'str':a1[i], rule:this.sRule}));
+2716         }
+2717     };
+2718 
+2719     /**
+2720      * set DN by LDAP(RFC 2253) distinguished name string<br/>
+2721      * @name setByLdapString
+2722      * @memberOf KJUR.asn1.x509.X500Name#
+2723      * @function
+2724      * @param {String} dnStr distinguished name by LDAP string (ex. O=aaa,C=US)
+2725      * @since jsrsasign 6.2.2 asn1x509 1.0.18
+2726      * @see {@link KJUR.asn1.x509.X500Name.ldapToCompat}
+2727      * @description
+2728      * @example
+2729      * name = new KJUR.asn1.x509.X500Name();
+2730      * name.setByLdapString("CN=foo@example.com,OU=bbb,O=aaa,C=US");
+2731      */
+2732     this.setByLdapString = function(dnStr, sRule) {
+2733 	if (sRule !== undefined) this.sRule = sRule;
+2734 	var compat = _KJUR_asn1_x509.X500Name.ldapToCompat(dnStr);
+2735 	this.setByString(compat, sRule);
+2736     };
+2737 
+2738     /**
+2739      * set DN by associative array<br/>
+2740      * @name setByObject
+2741      * @memberOf KJUR.asn1.x509.X500Name#
+2742      * @function
+2743      * @param {Array} dnObj associative array of DN (ex. {C: "US", O: "aaa"})
+2744      * @since jsrsasign 4.9. asn1x509 1.0.13
+2745      * @description
+2746      * @example
+2747      * name = new KJUR.asn1.x509.X500Name();
+2748      * name.setByObject({C: "US", O: "aaa", CN="http://example.com/"1});
+2749      */
+2750     this.setByObject = function(dnObj, sRule) {
+2751 	if (sRule !== undefined) this.sRule = sRule;
+2752 
+2753         // Get all the dnObject attributes and stuff them in the ASN.1 array.
+2754         for (var x in dnObj) {
+2755             if (dnObj.hasOwnProperty(x)) {
+2756                 var newRDN = new _RDN({str: x + '=' + dnObj[x], rule: this.sRule});
+2757                 // Initialize or push into the ANS1 array.
+2758                 this.asn1Array ? this.asn1Array.push(newRDN)
+2759                     : this.asn1Array = [newRDN];
+2760             }
+2761         }
+2762     };
+2763 
+2764     this.setByParam = function(params) {
+2765 	if (params.rule !== undefined) this.sRule = params.rule;
+2766 
+2767 	if (params.array !== undefined) {
+2768 	    this.paramArray = params.array;
+2769 	} else {
+2770             if (params.str !== undefined) {
+2771 		this.setByString(params.str);
+2772             } else if (params.ldapstr !== undefined) {
+2773 		this.setByLdapString(params.ldapstr);
+2774 	    } else if (params.hex !== undefined) {
+2775 		this.hTLV = params.hex;
+2776             } else if (params.certissuer !== undefined) {
+2777 		var x = new X509();
+2778 		x.readCertPEM(params.certissuer);
+2779 		this.hTLV = x.getIssuerHex();
+2780             } else if (params.certsubject !== undefined) {
+2781 		var x = new X509();
+2782 		x.readCertPEM(params.certsubject);
+2783 		this.hTLV = x.getSubjectHex();
+2784 		// If params is an object, then set the ASN1 array
+2785 		// just using the object attributes. 
+2786 		// This is nice for fields that have lots of special
+2787 		// characters (i.e. CN: 'https://www.github.com/kjur//').
+2788             } else if (typeof params === "object" &&
+2789 		       params.certsubject === undefined &&
+2790 		       params.certissuer === undefined) {
+2791 		this.setByObject(params);
+2792             }
+2793 	}
+2794     }
+2795 
+2796     this.getEncodedHex = function() {
+2797         if (typeof this.hTLV == "string") return this.hTLV;
+2798 
+2799 	if (this.asn1Array.length == 0 && this.paramArray.length > 0) {
+2800 	    for (var i = 0; i < this.paramArray.length; i++) {
+2801 		var param = {array: this.paramArray[i]};
+2802 		if (this.sRule != "utf8") param.rule = this.sRule;
+2803 		var asn1RDN = new _RDN(param);
+2804 		this.asn1Array.push(asn1RDN);
+2805 	    }
+2806 	}
 2807 
-2808     if (params !== undefined) this.setByParam(params);
-2809 };
-2810 YAHOO.lang.extend(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object);
-2811 
-2812 /**
-2813  * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format<br/>
-2814  * @name compatToLDAP
-2815  * @memberOf KJUR.asn1.x509.X500Name
-2816  * @function
-2817  * @param {String} s distinguished name string in OpenSSL oneline compat (ex. /C=US/O=test)
-2818  * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
-2819  * @since jsrsasign 8.0.19 asn1x509 1.1.20
-2820  * @description
-2821  * This static method converts a distinguished name string in OpenSSL compat
-2822  * format to LDAP(RFC 2253) format.
-2823  * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a>
-2824  * @see <a href="https://www.openssl.org/docs/man1.0.2/man1/openssl-x509.html#NAME-OPTIONS">OpenSSL x509 command manual - NAME OPTIONS</a>
-2825  * @example
-2826  * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=test") → 'O=test,C=US'
-2827  * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=a,a") → 'O=a\,a,C=US'
-2828  */
-2829 KJUR.asn1.x509.X500Name.compatToLDAP = function(s) {
-2830     if (s.substr(0, 1) !== "/") throw "malformed input";
-2831 
-2832     var result = "";
-2833     s = s.substr(1);
-2834 
-2835     var a = s.split("/");
-2836     a.reverse();
-2837     a = a.map(function(s) {return s.replace(/,/, "\\,")});
-2838 
-2839     return a.join(",");
-2840 };
-2841 
-2842 /**
-2843  * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format (DEPRECATED)<br/>
-2844  * @name onelineToLDAP
-2845  * @memberOf KJUR.asn1.x509.X500Name
-2846  * @function
-2847  * @param {String} s distinguished name string in OpenSSL compat format (ex. /C=US/O=test)
-2848  * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
-2849  * @since jsrsasign 6.2.2 asn1x509 1.0.18
-2850  * @see KJUR.asn1.x509.X500Name.compatToLDAP
-2851  * @description
-2852  * This method is deprecated. Please use 
-2853  * {@link KJUR.asn1.x509.X500Name.compatToLDAP} instead.
-2854  */
-2855 KJUR.asn1.x509.X500Name.onelineToLDAP = function(s) {
-2856     return KJUR.asn1.x509.X500Name.compatToLDAP(s);
-2857 }
-2858 
-2859 /**
-2860  * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format<br/>
-2861  * @name ldapToCompat
-2862  * @memberOf KJUR.asn1.x509.X500Name
-2863  * @function
-2864  * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
-2865  * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test)
-2866  * @since jsrsasign 8.0.19 asn1x509 1.1.10
-2867  * @description
-2868  * This static method converts a distinguished name string in 
-2869  * LDAP(RFC 2253) format to OpenSSL compat format.
-2870  * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a>
-2871  * @example
-2872  * KJUR.asn1.x509.X500Name.ldapToCompat('O=test,C=US') → '/C=US/O=test'
-2873  * KJUR.asn1.x509.X500Name.ldapToCompat('O=a\,a,C=US') → '/C=US/O=a,a'
-2874  * KJUR.asn1.x509.X500Name.ldapToCompat('O=a/a,C=US')  → '/C=US/O=a\/a'
-2875  */
-2876 KJUR.asn1.x509.X500Name.ldapToCompat = function(s) {
-2877     var a = s.split(",");
-2878 
-2879     // join \,
-2880     var isBSbefore = false;
-2881     var a2 = [];
-2882     for (var i = 0; a.length > 0; i++) {
-2883 	var item = a.shift();
-2884 	//console.log("item=" + item);
-2885 
-2886 	if (isBSbefore === true) {
-2887 	    var a2last = a2.pop();
-2888 	    var newitem = (a2last + "," + item).replace(/\\,/g, ",");
-2889 	    a2.push(newitem);
-2890 	    isBSbefore = false;
-2891 	} else {
-2892 	    a2.push(item);
-2893 	}
-2894 
-2895 	if (item.substr(-1, 1) === "\\") isBSbefore = true;
-2896     }
-2897 
-2898     a2 = a2.map(function(s) {return s.replace("/", "\\/")});
-2899     a2.reverse();
-2900     return "/" + a2.join("/");
-2901 };
+2808         var o = new _KJUR_asn1.DERSequence({"array": this.asn1Array});
+2809         this.hTLV = o.getEncodedHex();
+2810         return this.hTLV;
+2811     };
+2812 
+2813     if (params !== undefined) this.setByParam(params);
+2814 };
+2815 YAHOO.lang.extend(KJUR.asn1.x509.X500Name, KJUR.asn1.ASN1Object);
+2816 
+2817 /**
+2818  * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format<br/>
+2819  * @name compatToLDAP
+2820  * @memberOf KJUR.asn1.x509.X500Name
+2821  * @function
+2822  * @param {String} s distinguished name string in OpenSSL oneline compat (ex. /C=US/O=test)
+2823  * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
+2824  * @since jsrsasign 8.0.19 asn1x509 1.1.20
+2825  * @description
+2826  * This static method converts a distinguished name string in OpenSSL compat
+2827  * format to LDAP(RFC 2253) format.
+2828  * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a>
+2829  * @see <a href="https://www.openssl.org/docs/man1.0.2/man1/openssl-x509.html#NAME-OPTIONS">OpenSSL x509 command manual - NAME OPTIONS</a>
+2830  * @example
+2831  * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=test") → 'O=test,C=US'
+2832  * KJUR.asn1.x509.X500Name.compatToLDAP("/C=US/O=a,a") → 'O=a\,a,C=US'
+2833  */
+2834 KJUR.asn1.x509.X500Name.compatToLDAP = function(s) {
+2835     if (s.substr(0, 1) !== "/") throw "malformed input";
+2836 
+2837     var result = "";
+2838     s = s.substr(1);
+2839 
+2840     var a = s.split("/");
+2841     a.reverse();
+2842     a = a.map(function(s) {return s.replace(/,/, "\\,")});
+2843 
+2844     return a.join(",");
+2845 };
+2846 
+2847 /**
+2848  * convert OpenSSL compat distinguished name format string to LDAP(RFC 2253) format (DEPRECATED)<br/>
+2849  * @name onelineToLDAP
+2850  * @memberOf KJUR.asn1.x509.X500Name
+2851  * @function
+2852  * @param {String} s distinguished name string in OpenSSL compat format (ex. /C=US/O=test)
+2853  * @return {String} distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
+2854  * @since jsrsasign 6.2.2 asn1x509 1.0.18
+2855  * @see KJUR.asn1.x509.X500Name.compatToLDAP
+2856  * @description
+2857  * This method is deprecated. Please use 
+2858  * {@link KJUR.asn1.x509.X500Name.compatToLDAP} instead.
+2859  */
+2860 KJUR.asn1.x509.X500Name.onelineToLDAP = function(s) {
+2861     return KJUR.asn1.x509.X500Name.compatToLDAP(s);
+2862 }
+2863 
+2864 /**
+2865  * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format<br/>
+2866  * @name ldapToCompat
+2867  * @memberOf KJUR.asn1.x509.X500Name
+2868  * @function
+2869  * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
+2870  * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test)
+2871  * @since jsrsasign 8.0.19 asn1x509 1.1.10
+2872  * @description
+2873  * This static method converts a distinguished name string in 
+2874  * LDAP(RFC 2253) format to OpenSSL compat format.
+2875  * @see <a href="https://github.com/kjur/jsrsasign/wiki/NOTE-distinguished-name-representation-in-jsrsasign">jsrsasign wiki: distinguished name string difference between OpenSSL compat and LDAP(RFC 2253)</a>
+2876  * @example
+2877  * KJUR.asn1.x509.X500Name.ldapToCompat('O=test,C=US') → '/C=US/O=test'
+2878  * KJUR.asn1.x509.X500Name.ldapToCompat('O=a\,a,C=US') → '/C=US/O=a,a'
+2879  * KJUR.asn1.x509.X500Name.ldapToCompat('O=a/a,C=US')  → '/C=US/O=a\/a'
+2880  */
+2881 KJUR.asn1.x509.X500Name.ldapToCompat = function(s) {
+2882     var a = s.split(",");
+2883 
+2884     // join \,
+2885     var isBSbefore = false;
+2886     var a2 = [];
+2887     for (var i = 0; a.length > 0; i++) {
+2888 	var item = a.shift();
+2889 	//console.log("item=" + item);
+2890 
+2891 	if (isBSbefore === true) {
+2892 	    var a2last = a2.pop();
+2893 	    var newitem = (a2last + "," + item).replace(/\\,/g, ",");
+2894 	    a2.push(newitem);
+2895 	    isBSbefore = false;
+2896 	} else {
+2897 	    a2.push(item);
+2898 	}
+2899 
+2900 	if (item.substr(-1, 1) === "\\") isBSbefore = true;
+2901     }
 2902 
-2903 /**
-2904  * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format (DEPRECATED)<br/>
-2905  * @name ldapToOneline
-2906  * @memberOf KJUR.asn1.x509.X500Name
-2907  * @function
-2908  * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
-2909  * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test)
-2910  * @since jsrsasign 6.2.2 asn1x509 1.0.18
-2911  * @description
-2912  * This method is deprecated. Please use 
-2913  * {@link KJUR.asn1.x509.X500Name.ldapToCompat} instead.
-2914  */
-2915 KJUR.asn1.x509.X500Name.ldapToOneline = function(s) {
-2916     return KJUR.asn1.x509.X500Name.ldapToCompat(s);
-2917 };
-2918 
-2919 /**
-2920  * RDN (Relative Distinguished Name) ASN.1 structure class
-2921  * @name KJUR.asn1.x509.RDN
-2922  * @class RDN (Relative Distinguished Name) ASN.1 structure class
-2923  * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
-2924  * @extends KJUR.asn1.ASN1Object
-2925  * @see KJUR.asn1.x509.X500Name
-2926  * @see KJUR.asn1.x509.RDN
-2927  * @see KJUR.asn1.x509.AttributeTypeAndValue
-2928  * @description
-2929  * This class provides RelativeDistinguishedName ASN.1 class structure
-2930  * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>.
-2931  * <blockquote><pre>
-2932  * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
-2933  *   AttributeTypeAndValue
-2934  *
-2935  * AttributeTypeAndValue ::= SEQUENCE {
-2936  *   type  AttributeType,
-2937  *   value AttributeValue }
-2938  * </pre></blockquote>
-2939  * <br/>
-2940  * NOTE1: The "array" and "rule" parameters have been supported
-2941  * since jsrsasign 9.0.0 asn1x509 2.0.0.
-2942  * <br/>
-2943  * NOTE2: Multi-valued RDN in "str" parameter have been
-2944  * supported since jsrsasign 6.2.1 asn1x509 1.0.17.
-2945  * @example
-2946  * new KJUR.asn1.x509.RDN({array: [ // multi-valued
-2947  *    {type:"CN",value:"Bob",ds:"prn"},
-2948  *    {type:"CN",value:"bob@example.com", ds:"ia5"}
-2949  * ]});
-2950  * new KJUR.asn1.x509.RDN({str: "CN=test"});
-2951  * new KJUR.asn1.x509.RDN({str: "O=a+O=bb+O=c"}); // multi-valued
-2952  * new KJUR.asn1.x509.RDN({str: "O=a+O=b\\+b+O=c"}); // plus escaped
-2953  * new KJUR.asn1.x509.RDN({str: "O=a+O=\"b+b\"+O=c"}); // double quoted
-2954  */
-2955 KJUR.asn1.x509.RDN = function(params) {
-2956     KJUR.asn1.x509.RDN.superclass.constructor.call(this);
-2957     this.asn1Array = [];
-2958     this.paramArray = [];
-2959     this.sRule = "utf8"; // DEFAULT "utf8"
-2960     var _AttributeTypeAndValue = KJUR.asn1.x509.AttributeTypeAndValue;
-2961 
-2962     this.setByParam = function(params) {
-2963 	if (params.rule !== undefined) this.sRule = params.rule;
-2964         if (params.str !== undefined) {
-2965             this.addByMultiValuedString(params.str);
-2966         }
-2967 	if (params.array !== undefined) this.paramArray = params.array;
-2968     };
-2969 
-2970     /**
-2971      * add one AttributeTypeAndValue by string<br/>
-2972      * @name addByString
-2973      * @memberOf KJUR.asn1.x509.RDN#
-2974      * @function
-2975      * @param {String} s string of AttributeTypeAndValue
-2976      * @return {Object} unspecified
-2977      * @description
-2978      * This method add one AttributeTypeAndValue to RDN object.
-2979      * @example
-2980      * rdn = new KJUR.asn1.x509.RDN();
-2981      * rdn.addByString("CN=john");
-2982      * rdn.addByString("serialNumber=1234"); // for multi-valued RDN
-2983      */
-2984     this.addByString = function(s) {
-2985         this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str': s, rule: this.sRule}));
-2986     };
-2987 
-2988     /**
-2989      * add one AttributeTypeAndValue by multi-valued string<br/>
-2990      * @name addByMultiValuedString
-2991      * @memberOf KJUR.asn1.x509.RDN#
-2992      * @function
-2993      * @param {String} s string of multi-valued RDN
-2994      * @return {Object} unspecified
-2995      * @since jsrsasign 6.2.1 asn1x509 1.0.17
-2996      * @description
-2997      * This method add multi-valued RDN to RDN object.
-2998      * @example
-2999      * rdn = new KJUR.asn1.x509.RDN();
-3000      * rdn.addByMultiValuedString("CN=john+O=test");
-3001      * rdn.addByMultiValuedString("O=a+O=b\+b\+b+O=c"); // multi-valued RDN with quoted plus
-3002      * rdn.addByMultiValuedString("O=a+O=\"b+b+b\"+O=c"); // multi-valued RDN with quoted quotation
-3003      */
-3004     this.addByMultiValuedString = function(s) {
-3005 	var a = KJUR.asn1.x509.RDN.parseString(s);
-3006 	for (var i = 0; i < a.length; i++) {
-3007 	    this.addByString(a[i]);
-3008 	}
-3009     };
-3010 
-3011     this.getEncodedHex = function() {
-3012 	if (this.asn1Array.length == 0 && this.paramArray.length > 0) {
-3013 	    for (var i = 0; i < this.paramArray.length; i++) {
-3014 		var param = this.paramArray[i];
-3015 		if (param.rule !== undefined &&
-3016 		    this.sRule != "utf8") {
-3017 		    param.rule = this.sRule;
-3018 		}
-3019 		//alert(JSON.stringify(param));
-3020 		var asn1ATV = new _AttributeTypeAndValue(param);
-3021 		this.asn1Array.push(asn1ATV);
-3022 	    }
-3023 	}
-3024         var o = new KJUR.asn1.DERSet({"array": this.asn1Array});
-3025         this.TLV = o.getEncodedHex();
-3026         return this.TLV;
-3027     };
-3028 
-3029     if (params !== undefined) {
-3030 	this.setByParam(params);
-3031     }
-3032 };
-3033 YAHOO.lang.extend(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object);
-3034 
-3035 /**
-3036  * parse multi-valued RDN string and split into array of 'AttributeTypeAndValue'<br/>
-3037  * @name parseString
-3038  * @memberOf KJUR.asn1.x509.RDN
-3039  * @function
-3040  * @param {String} s multi-valued string of RDN
-3041  * @return {Array} array of string of AttributeTypeAndValue
-3042  * @since jsrsasign 6.2.1 asn1x509 1.0.17
-3043  * @description
-3044  * This static method parses multi-valued RDN string and split into
-3045  * array of AttributeTypeAndValue.
-3046  * @example
-3047  * KJUR.asn1.x509.RDN.parseString("CN=john") → ["CN=john"]
-3048  * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test") → ["CN=john", "OU=test"]
-3049  * KJUR.asn1.x509.RDN.parseString('CN="jo+hn"+OU=test') → ["CN=jo+hn", "OU=test"]
-3050  * KJUR.asn1.x509.RDN.parseString('CN=jo\+hn+OU=test') → ["CN=jo+hn", "OU=test"]
-3051  * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test+OU=t1") → ["CN=john", "OU=test", "OU=t1"]
-3052  */
-3053 KJUR.asn1.x509.RDN.parseString = function(s) {
-3054     var a = s.split(/\+/);
-3055 
-3056     // join \+
-3057     var isBSbefore = false;
-3058     var a2 = [];
-3059     for (var i = 0; a.length > 0; i++) {
-3060 	var item = a.shift();
-3061 	//console.log("item=" + item);
-3062 
-3063 	if (isBSbefore === true) {
-3064 	    var a2last = a2.pop();
-3065 	    var newitem = (a2last + "+" + item).replace(/\\\+/g, "+");
-3066 	    a2.push(newitem);
-3067 	    isBSbefore = false;
-3068 	} else {
-3069 	    a2.push(item);
-3070 	}
-3071 
-3072 	if (item.substr(-1, 1) === "\\") isBSbefore = true;
-3073     }
-3074 
-3075     // join quote
-3076     var beginQuote = false;
-3077     var a3 = [];
-3078     for (var i = 0; a2.length > 0; i++) {
-3079 	var item = a2.shift();
-3080 
-3081 	if (beginQuote === true) {
-3082 	    var a3last = a3.pop();
-3083 	    if (item.match(/"$/)) {
-3084 		var newitem = (a3last + "+" + item).replace(/^([^=]+)="(.*)"$/, "$1=$2");
-3085 		a3.push(newitem);
-3086 		beginQuote = false;
-3087 	    } else {
-3088 		a3.push(a3last + "+" + item);
-3089 	    }
-3090 	} else {
-3091 	    a3.push(item);
-3092 	}
-3093 
-3094 	if (item.match(/^[^=]+="/)) {
-3095 	    //console.log(i + "=" + item);
-3096 	    beginQuote = true;
+2903     a2 = a2.map(function(s) {return s.replace("/", "\\/")});
+2904     a2.reverse();
+2905     return "/" + a2.join("/");
+2906 };
+2907 
+2908 /**
+2909  * convert LDAP(RFC 2253) distinguished name format string to OpenSSL compat format (DEPRECATED)<br/>
+2910  * @name ldapToOneline
+2911  * @memberOf KJUR.asn1.x509.X500Name
+2912  * @function
+2913  * @param {String} s distinguished name string in LDAP(RFC 2253) format (ex. O=test,C=US)
+2914  * @return {String} distinguished name string in OpenSSL compat format (ex. /C=US/O=test)
+2915  * @since jsrsasign 6.2.2 asn1x509 1.0.18
+2916  * @description
+2917  * This method is deprecated. Please use 
+2918  * {@link KJUR.asn1.x509.X500Name.ldapToCompat} instead.
+2919  */
+2920 KJUR.asn1.x509.X500Name.ldapToOneline = function(s) {
+2921     return KJUR.asn1.x509.X500Name.ldapToCompat(s);
+2922 };
+2923 
+2924 /**
+2925  * RDN (Relative Distinguished Name) ASN.1 structure class
+2926  * @name KJUR.asn1.x509.RDN
+2927  * @class RDN (Relative Distinguished Name) ASN.1 structure class
+2928  * @param {Array} params associative array of parameters (ex. {'str': 'C=US'})
+2929  * @extends KJUR.asn1.ASN1Object
+2930  * @see KJUR.asn1.x509.X500Name
+2931  * @see KJUR.asn1.x509.RDN
+2932  * @see KJUR.asn1.x509.AttributeTypeAndValue
+2933  * @description
+2934  * This class provides RelativeDistinguishedName ASN.1 class structure
+2935  * defined in <a href="https://tools.ietf.org/html/rfc2253#section-2">RFC 2253 section 2</a>.
+2936  * <blockquote><pre>
+2937  * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
+2938  *   AttributeTypeAndValue
+2939  *
+2940  * AttributeTypeAndValue ::= SEQUENCE {
+2941  *   type  AttributeType,
+2942  *   value AttributeValue }
+2943  * </pre></blockquote>
+2944  * <br/>
+2945  * NOTE1: The "array" and "rule" parameters have been supported
+2946  * since jsrsasign 9.0.0 asn1x509 2.0.0.
+2947  * <br/>
+2948  * NOTE2: Multi-valued RDN in "str" parameter have been
+2949  * supported since jsrsasign 6.2.1 asn1x509 1.0.17.
+2950  * @example
+2951  * new KJUR.asn1.x509.RDN({array: [ // multi-valued
+2952  *    {type:"CN",value:"Bob",ds:"prn"},
+2953  *    {type:"CN",value:"bob@example.com", ds:"ia5"}
+2954  * ]});
+2955  * new KJUR.asn1.x509.RDN({str: "CN=test"});
+2956  * new KJUR.asn1.x509.RDN({str: "O=a+O=bb+O=c"}); // multi-valued
+2957  * new KJUR.asn1.x509.RDN({str: "O=a+O=b\\+b+O=c"}); // plus escaped
+2958  * new KJUR.asn1.x509.RDN({str: "O=a+O=\"b+b\"+O=c"}); // double quoted
+2959  */
+2960 KJUR.asn1.x509.RDN = function(params) {
+2961     KJUR.asn1.x509.RDN.superclass.constructor.call(this);
+2962     this.asn1Array = [];
+2963     this.paramArray = [];
+2964     this.sRule = "utf8"; // DEFAULT "utf8"
+2965     var _AttributeTypeAndValue = KJUR.asn1.x509.AttributeTypeAndValue;
+2966 
+2967     this.setByParam = function(params) {
+2968 	if (params.rule !== undefined) this.sRule = params.rule;
+2969         if (params.str !== undefined) {
+2970             this.addByMultiValuedString(params.str);
+2971         }
+2972 	if (params.array !== undefined) this.paramArray = params.array;
+2973     };
+2974 
+2975     /**
+2976      * add one AttributeTypeAndValue by string<br/>
+2977      * @name addByString
+2978      * @memberOf KJUR.asn1.x509.RDN#
+2979      * @function
+2980      * @param {String} s string of AttributeTypeAndValue
+2981      * @return {Object} unspecified
+2982      * @description
+2983      * This method add one AttributeTypeAndValue to RDN object.
+2984      * @example
+2985      * rdn = new KJUR.asn1.x509.RDN();
+2986      * rdn.addByString("CN=john");
+2987      * rdn.addByString("serialNumber=1234"); // for multi-valued RDN
+2988      */
+2989     this.addByString = function(s) {
+2990         this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({'str': s, rule: this.sRule}));
+2991     };
+2992 
+2993     /**
+2994      * add one AttributeTypeAndValue by multi-valued string<br/>
+2995      * @name addByMultiValuedString
+2996      * @memberOf KJUR.asn1.x509.RDN#
+2997      * @function
+2998      * @param {String} s string of multi-valued RDN
+2999      * @return {Object} unspecified
+3000      * @since jsrsasign 6.2.1 asn1x509 1.0.17
+3001      * @description
+3002      * This method add multi-valued RDN to RDN object.
+3003      * @example
+3004      * rdn = new KJUR.asn1.x509.RDN();
+3005      * rdn.addByMultiValuedString("CN=john+O=test");
+3006      * rdn.addByMultiValuedString("O=a+O=b\+b\+b+O=c"); // multi-valued RDN with quoted plus
+3007      * rdn.addByMultiValuedString("O=a+O=\"b+b+b\"+O=c"); // multi-valued RDN with quoted quotation
+3008      */
+3009     this.addByMultiValuedString = function(s) {
+3010 	var a = KJUR.asn1.x509.RDN.parseString(s);
+3011 	for (var i = 0; i < a.length; i++) {
+3012 	    this.addByString(a[i]);
+3013 	}
+3014     };
+3015 
+3016     this.getEncodedHex = function() {
+3017 	if (this.asn1Array.length == 0 && this.paramArray.length > 0) {
+3018 	    for (var i = 0; i < this.paramArray.length; i++) {
+3019 		var param = this.paramArray[i];
+3020 		if (param.rule !== undefined &&
+3021 		    this.sRule != "utf8") {
+3022 		    param.rule = this.sRule;
+3023 		}
+3024 		//alert(JSON.stringify(param));
+3025 		var asn1ATV = new _AttributeTypeAndValue(param);
+3026 		this.asn1Array.push(asn1ATV);
+3027 	    }
+3028 	}
+3029         var o = new KJUR.asn1.DERSet({"array": this.asn1Array});
+3030         this.TLV = o.getEncodedHex();
+3031         return this.TLV;
+3032     };
+3033 
+3034     if (params !== undefined) {
+3035 	this.setByParam(params);
+3036     }
+3037 };
+3038 YAHOO.lang.extend(KJUR.asn1.x509.RDN, KJUR.asn1.ASN1Object);
+3039 
+3040 /**
+3041  * parse multi-valued RDN string and split into array of 'AttributeTypeAndValue'<br/>
+3042  * @name parseString
+3043  * @memberOf KJUR.asn1.x509.RDN
+3044  * @function
+3045  * @param {String} s multi-valued string of RDN
+3046  * @return {Array} array of string of AttributeTypeAndValue
+3047  * @since jsrsasign 6.2.1 asn1x509 1.0.17
+3048  * @description
+3049  * This static method parses multi-valued RDN string and split into
+3050  * array of AttributeTypeAndValue.
+3051  * @example
+3052  * KJUR.asn1.x509.RDN.parseString("CN=john") → ["CN=john"]
+3053  * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test") → ["CN=john", "OU=test"]
+3054  * KJUR.asn1.x509.RDN.parseString('CN="jo+hn"+OU=test') → ["CN=jo+hn", "OU=test"]
+3055  * KJUR.asn1.x509.RDN.parseString('CN=jo\+hn+OU=test') → ["CN=jo+hn", "OU=test"]
+3056  * KJUR.asn1.x509.RDN.parseString("CN=john+OU=test+OU=t1") → ["CN=john", "OU=test", "OU=t1"]
+3057  */
+3058 KJUR.asn1.x509.RDN.parseString = function(s) {
+3059     var a = s.split(/\+/);
+3060 
+3061     // join \+
+3062     var isBSbefore = false;
+3063     var a2 = [];
+3064     for (var i = 0; a.length > 0; i++) {
+3065 	var item = a.shift();
+3066 	//console.log("item=" + item);
+3067 
+3068 	if (isBSbefore === true) {
+3069 	    var a2last = a2.pop();
+3070 	    var newitem = (a2last + "+" + item).replace(/\\\+/g, "+");
+3071 	    a2.push(newitem);
+3072 	    isBSbefore = false;
+3073 	} else {
+3074 	    a2.push(item);
+3075 	}
+3076 
+3077 	if (item.substr(-1, 1) === "\\") isBSbefore = true;
+3078     }
+3079 
+3080     // join quote
+3081     var beginQuote = false;
+3082     var a3 = [];
+3083     for (var i = 0; a2.length > 0; i++) {
+3084 	var item = a2.shift();
+3085 
+3086 	if (beginQuote === true) {
+3087 	    var a3last = a3.pop();
+3088 	    if (item.match(/"$/)) {
+3089 		var newitem = (a3last + "+" + item).replace(/^([^=]+)="(.*)"$/, "$1=$2");
+3090 		a3.push(newitem);
+3091 		beginQuote = false;
+3092 	    } else {
+3093 		a3.push(a3last + "+" + item);
+3094 	    }
+3095 	} else {
+3096 	    a3.push(item);
 3097 	}
-3098     }
-3099     return a3;
-3100 };
-3101 
-3102 /**
-3103  * AttributeTypeAndValue ASN.1 structure class
-3104  * @name KJUR.asn1.x509.AttributeTypeAndValue
-3105  * @class AttributeTypeAndValue ASN.1 structure class
-3106  * @param {Array} params JSON object for parameters (ex. {str: 'C=US'})
-3107  * @extends KJUR.asn1.ASN1Object
-3108  * @see KJUR.asn1.x509.X500Name
-3109  * @see KJUR.asn1.x509.RDN
-3110  * @see KJUR.asn1.x509.AttributeTypeAndValue
-3111  * @see X509#getAttrTypeAndValue
-3112  * @description
-3113  * This class generates AttributeTypeAndValue defined in
-3114  * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-3115  * RFC 5280 4.1.2.4</a>.
-3116  * <pre>
-3117  * AttributeTypeAndValue ::= SEQUENCE {
-3118  *   type     AttributeType,
-3119  *   value    AttributeValue }
-3120  * AttributeType ::= OBJECT IDENTIFIER
-3121  * AttributeValue ::= ANY -- DEFINED BY AttributeType
-3122  * </pre>
-3123  * The constructor argument can have following parameters:
-3124  * <ul>
-3125  * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li>
-3126  * <li>{String}value - raw string of ASN.1 value of AttributeValue</li>
-3127  * <li>{String}ds - DirectoryString type of AttributeValue</li>
-3128  * <li>{String}rule - DirectoryString type rule (ex. "prn" or "utf8")
-3129  * set DirectoryString type automatically when "ds" not specified.</li>
-3130  * <li>{String}str - AttributeTypeAndVale string (ex. "C=US").
-3131  * When type and value don't exists, 
-3132  * this "str" will be converted to "type" and "value".
-3133  * </li>
-3134  * </ul>
-3135  * <br
-3136  * NOTE: Parameters "type", "value,", "ds" and "rule" have
-3137  * been supported since jsrsasign 9.0.0 asn1x509 2.0.0.
-3138  * @example
-3139  * new KJUR.asn1.x509.AttributeTypeAndValue({type:'C',value:'US',ds:'prn'})
-3140  * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1'})
-3141  * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='prn'})
-3142  * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='utf8'})
-3143  */
-3144 KJUR.asn1.x509.AttributeTypeAndValue = function(params) {
-3145     KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);
-3146     this.sRule = "utf8";
-3147     this.sType = null;
-3148     this.sValue = null;
-3149     this.dsType = null;
-3150     var _KJUR = KJUR,
-3151 	_KJUR_asn1 = _KJUR.asn1,
-3152 	_DERSequence = _KJUR_asn1.DERSequence,
-3153 	_DERUTF8String = _KJUR_asn1.DERUTF8String,
-3154 	_DERPrintableString = _KJUR_asn1.DERPrintableString,
-3155 	_DERTeletexString = _KJUR_asn1.DERTeletexString,
-3156 	_DERIA5String = _KJUR_asn1.DERIA5String,
-3157 	_DERVisibleString = _KJUR_asn1.DERVisibleString,
-3158 	_DERBMPString = _KJUR_asn1.DERBMPString,
-3159 	_isMail = _KJUR.lang.String.isMail,
-3160 	_isPrintable = _KJUR.lang.String.isPrintable;
-3161 
-3162     this.setByParam = function(params) {
-3163 	if (params.rule !== undefined) this.sRule = params.rule;
-3164 	if (params.ds !== undefined)   this.dsType = params.ds;
-3165 
-3166         if (params.value === undefined &&
-3167 	    params.str !== undefined) {
-3168 	    var str = params.str;
-3169             var matchResult = str.match(/^([^=]+)=(.+)$/);
-3170             if (matchResult) {
-3171 		this.sType = matchResult[1];
-3172 		this.sValue = matchResult[2];
-3173             } else {
-3174 		throw new Error("malformed attrTypeAndValueStr: " +
-3175 				attrTypeAndValueStr);
-3176             }
-3177 	    
-3178 	    //this.setByString(params.str);
-3179         } else {
-3180 	    this.sType = params.type;
-3181 	    this.sValue = params.value;
-3182 	}
-3183     };
-3184 
-3185     /*
-3186      * @deprecated
-3187      */
-3188     this.setByString = function(sTypeValue, sRule) {
-3189 	if (sRule !== undefined) this.sRule = sRule;
-3190         var matchResult = sTypeValue.match(/^([^=]+)=(.+)$/);
-3191         if (matchResult) {
-3192             this.setByAttrTypeAndValueStr(matchResult[1], matchResult[2]);
-3193         } else {
-3194             throw new Error("malformed attrTypeAndValueStr: " +
-3195 			    attrTypeAndValueStr);
-3196         }
-3197     };
-3198 
-3199     this._getDsType = function() {
-3200 	var sType = this.sType;
-3201 	var sValue = this.sValue;
-3202 	var sRule = this.sRule;
+3098 
+3099 	if (item.match(/^[^=]+="/)) {
+3100 	    //console.log(i + "=" + item);
+3101 	    beginQuote = true;
+3102 	}
+3103     }
+3104     return a3;
+3105 };
+3106 
+3107 /**
+3108  * AttributeTypeAndValue ASN.1 structure class
+3109  * @name KJUR.asn1.x509.AttributeTypeAndValue
+3110  * @class AttributeTypeAndValue ASN.1 structure class
+3111  * @param {Array} params JSON object for parameters (ex. {str: 'C=US'})
+3112  * @extends KJUR.asn1.ASN1Object
+3113  * @see KJUR.asn1.x509.X500Name
+3114  * @see KJUR.asn1.x509.RDN
+3115  * @see KJUR.asn1.x509.AttributeTypeAndValue
+3116  * @see X509#getAttrTypeAndValue
+3117  * @description
+3118  * This class generates AttributeTypeAndValue defined in
+3119  * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+3120  * RFC 5280 4.1.2.4</a>.
+3121  * <pre>
+3122  * AttributeTypeAndValue ::= SEQUENCE {
+3123  *   type     AttributeType,
+3124  *   value    AttributeValue }
+3125  * AttributeType ::= OBJECT IDENTIFIER
+3126  * AttributeValue ::= ANY -- DEFINED BY AttributeType
+3127  * </pre>
+3128  * The constructor argument can have following parameters:
+3129  * <ul>
+3130  * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li>
+3131  * <li>{String}value - raw string of ASN.1 value of AttributeValue</li>
+3132  * <li>{String}ds - DirectoryString type of AttributeValue</li>
+3133  * <li>{String}rule - DirectoryString type rule (ex. "prn" or "utf8")
+3134  * set DirectoryString type automatically when "ds" not specified.</li>
+3135  * <li>{String}str - AttributeTypeAndVale string (ex. "C=US").
+3136  * When type and value don't exists, 
+3137  * this "str" will be converted to "type" and "value".
+3138  * </li>
+3139  * </ul>
+3140  * <br
+3141  * NOTE: Parameters "type", "value,", "ds" and "rule" have
+3142  * been supported since jsrsasign 9.0.0 asn1x509 2.0.0.
+3143  * @example
+3144  * new KJUR.asn1.x509.AttributeTypeAndValue({type:'C',value:'US',ds:'prn'})
+3145  * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1'})
+3146  * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='prn'})
+3147  * new KJUR.asn1.x509.AttributeTypeAndValue({str:'O=T1',rule='utf8'})
+3148  */
+3149 KJUR.asn1.x509.AttributeTypeAndValue = function(params) {
+3150     KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);
+3151     this.sRule = "utf8";
+3152     this.sType = null;
+3153     this.sValue = null;
+3154     this.dsType = null;
+3155     var _KJUR = KJUR,
+3156 	_KJUR_asn1 = _KJUR.asn1,
+3157 	_DERSequence = _KJUR_asn1.DERSequence,
+3158 	_DERUTF8String = _KJUR_asn1.DERUTF8String,
+3159 	_DERPrintableString = _KJUR_asn1.DERPrintableString,
+3160 	_DERTeletexString = _KJUR_asn1.DERTeletexString,
+3161 	_DERIA5String = _KJUR_asn1.DERIA5String,
+3162 	_DERVisibleString = _KJUR_asn1.DERVisibleString,
+3163 	_DERBMPString = _KJUR_asn1.DERBMPString,
+3164 	_isMail = _KJUR.lang.String.isMail,
+3165 	_isPrintable = _KJUR.lang.String.isPrintable;
+3166 
+3167     this.setByParam = function(params) {
+3168 	if (params.rule !== undefined) this.sRule = params.rule;
+3169 	if (params.ds !== undefined)   this.dsType = params.ds;
+3170 
+3171         if (params.value === undefined &&
+3172 	    params.str !== undefined) {
+3173 	    var str = params.str;
+3174             var matchResult = str.match(/^([^=]+)=(.+)$/);
+3175             if (matchResult) {
+3176 		this.sType = matchResult[1];
+3177 		this.sValue = matchResult[2];
+3178             } else {
+3179 		throw new Error("malformed attrTypeAndValueStr: " +
+3180 				attrTypeAndValueStr);
+3181             }
+3182 	    
+3183 	    //this.setByString(params.str);
+3184         } else {
+3185 	    this.sType = params.type;
+3186 	    this.sValue = params.value;
+3187 	}
+3188     };
+3189 
+3190     /*
+3191      * @deprecated
+3192      */
+3193     this.setByString = function(sTypeValue, sRule) {
+3194 	if (sRule !== undefined) this.sRule = sRule;
+3195         var matchResult = sTypeValue.match(/^([^=]+)=(.+)$/);
+3196         if (matchResult) {
+3197             this.setByAttrTypeAndValueStr(matchResult[1], matchResult[2]);
+3198         } else {
+3199             throw new Error("malformed attrTypeAndValueStr: " +
+3200 			    attrTypeAndValueStr);
+3201         }
+3202     };
 3203 
-3204 	if (sRule === "prn") {
-3205 	    if (sType == "CN" && _isMail(sValue)) return "ia5";
-3206 	    if (_isPrintable(sValue)) return "prn";
-3207 	    return "utf8";
-3208 	} else if (sRule === "utf8") {
-3209 	    if (sType == "CN" && _isMail(sValue)) return "ia5";
-3210 	    if (sType == "C") return "prn";
-3211 	    return "utf8";
-3212 	}
-3213 	return "utf8"; // default
-3214     };
-3215 
-3216     this.setByAttrTypeAndValueStr = function(sType, sValue, sRule) {
-3217 	if (sRule !== undefined) this.sRule = sRule;
-3218 	this.sType = sType;
-3219 	this.sValue = sValue;
-3220     };
-3221 
-3222     this.getValueObj = function(dsType, valueStr) {
-3223         if (dsType == "utf8") return new _DERUTF8String({"str": valueStr});
-3224         if (dsType == "prn")  return new _DERPrintableString({"str": valueStr});
-3225         if (dsType == "tel")  return new _DERTeletexString({"str": valueStr});
-3226         if (dsType == "ia5")  return new _DERIA5String({"str": valueStr});
-3227         if (dsType == "vis")  return new _DERVisibleString({"str": valueStr});
-3228         if (dsType == "bmp")  return new _DERBMPString({"str": valueStr});
-3229         throw new Error("unsupported directory string type: type=" +
-3230 			dsType + " value=" + valueStr);
-3231     };
-3232 
-3233     this.getEncodedHex = function() {
-3234 	if (this.dsType == null) this.dsType = this._getDsType();
-3235 	var asn1Type = KJUR.asn1.x509.OID.atype2obj(this.sType);
-3236 	var asn1Value = this.getValueObj(this.dsType, this.sValue);
-3237         var o = new _DERSequence({"array": [asn1Type, asn1Value]});
-3238         this.TLV = o.getEncodedHex();
-3239         return this.TLV;
-3240     };
-3241 
-3242     if (params !== undefined) {
-3243 	this.setByParam(params);
-3244     }
-3245 };
-3246 YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object);
-3247 
-3248 // === END   X500Name Related =================================================
-3249 
-3250 // === BEGIN Other ASN1 structure class  ======================================
-3251 
-3252 /**
-3253  * SubjectPublicKeyInfo ASN.1 structure class
-3254  * @name KJUR.asn1.x509.SubjectPublicKeyInfo
-3255  * @class SubjectPublicKeyInfo ASN.1 structure class
-3256  * @param {Object} params parameter for subject public key
-3257  * @extends KJUR.asn1.ASN1Object
-3258  * @description
-3259  * <br/>
-3260  * As for argument 'params' for constructor, you can specify one of
-3261  * following properties:
-3262  * <ul>
-3263  * <li>{@link RSAKey} object</li>
-3264  * <li>{@link KJUR.crypto.ECDSA} object</li>
-3265  * <li>{@link KJUR.crypto.DSA} object</li>
-3266  * </ul>
-3267  * NOTE1: 'params' can be omitted.<br/>
-3268  * NOTE2: DSA/ECDSA key object is also supported since asn1x509 1.0.6.<br/>
-3269  * <h4>EXAMPLE</h4>
-3270  * @example
-3271  * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(RSAKey_object);
-3272  * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoECDSA_object);
-3273  * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoDSA_object);
-3274  */
-3275 KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) {
-3276     KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);
-3277     var asn1AlgId = null,
-3278 	asn1SubjPKey = null,
-3279 	_KJUR = KJUR,
-3280 	_KJUR_asn1 = _KJUR.asn1,
-3281 	_DERInteger = _KJUR_asn1.DERInteger,
-3282 	_DERBitString = _KJUR_asn1.DERBitString,
-3283 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
-3284 	_DERSequence = _KJUR_asn1.DERSequence,
-3285 	_newObject = _KJUR_asn1.ASN1Util.newObject,
-3286 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
-3287 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
-3288 	_KJUR_crypto = _KJUR.crypto,
-3289 	_KJUR_crypto_ECDSA = _KJUR_crypto.ECDSA,
-3290 	_KJUR_crypto_DSA = _KJUR_crypto.DSA;
-3291 
-3292     /*
-3293      * @since asn1x509 1.0.7
-3294      */
-3295     this.getASN1Object = function() {
-3296         if (this.asn1AlgId == null || this.asn1SubjPKey == null)
-3297             throw "algId and/or subjPubKey not set";
-3298         var o = new _DERSequence({'array':
-3299                                   [this.asn1AlgId, this.asn1SubjPKey]});
-3300         return o;
-3301     };
-3302 
-3303     this.getEncodedHex = function() {
-3304         var o = this.getASN1Object();
-3305         this.hTLV = o.getEncodedHex();
-3306         return this.hTLV;
-3307     };
-3308 
-3309     /**
-3310      * @name setPubKey
-3311      * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo#
-3312      * @function
-3313      * @param {Object} {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} object
-3314      * @since jsrsasign 8.0.0 asn1x509 1.1.0
-3315      * @description
-3316      * @example
-3317      * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo();
-3318      * pubKey = KEYUTIL.getKey(PKCS8PUBKEYPEM);
-3319      * spki.setPubKey(pubKey);
-3320      */
-3321     this.setPubKey = function(key) {
-3322 	try {
-3323 	    if (key instanceof RSAKey) {
-3324 		var asn1RsaPub = _newObject({
-3325 		    'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}]
-3326 		});
-3327 		var rsaKeyHex = asn1RsaPub.getEncodedHex();
-3328 		this.asn1AlgId = new _AlgorithmIdentifier({'name':'rsaEncryption'});
-3329 		this.asn1SubjPKey = new _DERBitString({'hex':'00'+rsaKeyHex});
-3330 	    }
-3331 	} catch(ex) {};
-3332 
-3333 	try {
-3334 	    if (key instanceof KJUR.crypto.ECDSA) {
-3335 		var asn1Params = new _DERObjectIdentifier({'name': key.curveName});
-3336 		this.asn1AlgId =
-3337 		    new _AlgorithmIdentifier({'name': 'ecPublicKey',
-3338 					      'asn1params': asn1Params});
-3339 		this.asn1SubjPKey = new _DERBitString({'hex': '00' + key.pubKeyHex});
-3340 	    }
-3341 	} catch(ex) {};
-3342 
-3343 	try {
-3344 	    if (key instanceof KJUR.crypto.DSA) {
-3345 		var asn1Params = new _newObject({
-3346 		    'seq': [{'int': {'bigint': key.p}},
-3347 			    {'int': {'bigint': key.q}},
-3348 			    {'int': {'bigint': key.g}}]
-3349 		});
-3350 		this.asn1AlgId =
-3351 		    new _AlgorithmIdentifier({'name': 'dsa',
-3352 					      'asn1params': asn1Params});
-3353 		var pubInt = new _DERInteger({'bigint': key.y});
-3354 		this.asn1SubjPKey = 
-3355 		    new _DERBitString({'hex': '00' + pubInt.getEncodedHex()});
-3356 	    }
-3357 	} catch(ex) {};
-3358     };
-3359 
-3360     if (params !== undefined) {
-3361 	this.setPubKey(params);
-3362     }
-3363 };
-3364 YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object);
-3365 
-3366 /**
-3367  * Time ASN.1 structure class<br/>
-3368  * @name KJUR.asn1.x509.Time
-3369  * @class Time ASN.1 structure class
-3370  * @param {Array} params associative array of parameters (ex. {'str': '130508235959Z'})
-3371  * @extends KJUR.asn1.ASN1Object
-3372  * @see KJUR.asn1.DERUTCTime
-3373  * @see KJUR.asn1.DERGeneralizedTime
-3374  * @description
-3375  * This class represents Time ASN.1 structure defined in 
-3376  * <a href="https://tools.ietf.org/html/rfc5280">RFC 5280</a>
-3377  * <pre>
-3378  * Time ::= CHOICE {
-3379  *      utcTime        UTCTime,
-3380  *      generalTime    GeneralizedTime }
-3381  * </pre>
-3382  *
-3383  * @example
-3384  * var t1 = new KJUR.asn1.x509.Time{'str': '130508235959Z'} // UTCTime by default
-3385  * var t2 = new KJUR.asn1.x509.Time{'type': 'gen',  'str': '20130508235959Z'} // GeneralizedTime
-3386  */
-3387 KJUR.asn1.x509.Time = function(params) {
-3388     KJUR.asn1.x509.Time.superclass.constructor.call(this);
-3389     var type = null,
-3390 	timeParams = null,
-3391 	_KJUR = KJUR,
-3392 	_KJUR_asn1 = _KJUR.asn1,
-3393 	_DERUTCTime = _KJUR_asn1.DERUTCTime,
-3394 	_DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime;
-3395 
-3396     this.setTimeParams = function(timeParams) {
-3397         this.timeParams = timeParams;
-3398     }
-3399 
-3400     this.getEncodedHex = function() {
-3401         var o = null;
-3402 
-3403         if (this.timeParams != null) {
-3404             if (this.type == "utc") {
-3405                 o = new _DERUTCTime(this.timeParams);
-3406             } else {
-3407                 o = new _DERGeneralizedTime(this.timeParams);
-3408             }
-3409         } else {
-3410             if (this.type == "utc") {
-3411                 o = new _DERUTCTime();
-3412             } else {
-3413                 o = new _DERGeneralizedTime();
-3414             }
-3415         }
-3416         this.TLV = o.getEncodedHex();
-3417         return this.TLV;
-3418     };
-3419 
-3420     this.type = "utc";
-3421     if (params !== undefined) {
-3422         if (params.type !== undefined) {
-3423             this.type = params.type;
-3424         } else {
-3425             if (params.str !== undefined) {
-3426                 if (params.str.match(/^[0-9]{12}Z$/)) this.type = "utc";
-3427                 if (params.str.match(/^[0-9]{14}Z$/)) this.type = "gen";
-3428             }
-3429         }
-3430         this.timeParams = params;
-3431     }
-3432 };
-3433 YAHOO.lang.extend(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object);
-3434 
-3435 /**
-3436  * AlgorithmIdentifier ASN.1 structure class
-3437  * @name KJUR.asn1.x509.AlgorithmIdentifier
-3438  * @class AlgorithmIdentifier ASN.1 structure class
-3439  * @param {Array} params associative array of parameters (ex. {'name': 'SHA1withRSA'})
-3440  * @extends KJUR.asn1.ASN1Object
-3441  * @description
-3442  * The 'params' argument is an associative array and has following parameters:
-3443  * <ul>
-3444  * <li>name: algorithm name (MANDATORY, ex. sha1, SHA256withRSA)</li>
-3445  * <li>asn1params: explicitly specify ASN.1 object for algorithm.
-3446  * (OPTION)</li>
-3447  * <li>paramempty: set algorithm parameter to NULL by force.
-3448  * If paramempty is false, algorithm parameter will be set automatically.
-3449  * If paramempty is false and algorithm name is "*withDSA" or "withECDSA" parameter field of
-3450  * AlgorithmIdentifier will be ommitted otherwise
-3451  * it will be NULL by default.
-3452  * (OPTION, DEFAULT = false)</li>
-3453  * </ul>
-3454  * RSA-PSS algorithm names such as SHA{,256,384,512}withRSAandMGF1 are
-3455  * special names. They will set a suite of algorithm OID and multiple algorithm
-3456  * parameters. Its ASN.1 schema is defined in 
-3457  * <a href="https://tools.ietf.org/html/rfc3447#appendix-A.2.3">RFC 3447 PKCS#1 2.1
-3458  * section A.2.3</a>.
-3459  * <blockquote><pre>
-3460  * id-RSASSA-PSS  OBJECT IDENTIFIER ::= { pkcs-1 10 }
-3461  * RSASSA-PSS-params ::= SEQUENCE {
-3462  *   hashAlgorithm      [0] HashAlgorithm    DEFAULT sha1,
-3463  *   maskGenAlgorithm   [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
-3464  *   saltLength         [2] INTEGER          DEFAULT 20,
-3465  *   trailerField       [3] TrailerField     DEFAULT trailerFieldBC }
-3466  * mgf1SHA1    MaskGenAlgorithm ::= {
-3467  *   algorithm   id-mgf1,
-3468  *   parameters  HashAlgorithm : sha1 }
-3469  * id-mgf1     OBJECT IDENTIFIER ::= { pkcs-1 8 }
-3470  * TrailerField ::= INTEGER { trailerFieldBC(1) }
-3471  * </pre></blockquote>
-3472  * Here is a table for PSS parameters:
-3473  * <table>
-3474  * <tr><th>Name</th><th>alg oid</th><th>pss hash</th><th>maskgen</th></th><th>pss saltlen</th><th>trailer</th></tr>
-3475  * <tr><td>SHAwithRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>default(sha1)</td><td>default(mgf1sha1)</td><td>default(20)</td><td>default(1)</td></tr>
-3476  * <tr><td>SHA256withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha256</td><td>mgf1sha256</td><td>32</td><td>default(1)</td></tr>
-3477  * <tr><td>SHA384withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha384</td><td>mgf1sha384</td><td>48</td><td>default(1)</td></tr>
-3478  * <tr><td>SHA512withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha512</td><td>mgf1sha512</td><td>64</td><td>default(1)</td></tr>
-3479  * </table>
-3480  * Default value is omitted as defined in ASN.1 schema.
-3481  * These parameters are interoperable to OpenSSL or IAIK toolkit.
-3482  * <br/>
-3483  * NOTE: RSA-PSS algorihtm names are supported since jsrsasign 8.0.21. 
-3484  * @example
-3485  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "sha1"})
-3486  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA"})
-3487  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA512withRSAandMGF1"}) // set parameters automatically
-3488  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA", paramempty: true})
-3489  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "rsaEncryption"})
-3490  */
-3491 KJUR.asn1.x509.AlgorithmIdentifier = function(params) {
-3492     KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);
-3493     this.nameAlg = null;
-3494     this.asn1Alg = null;
-3495     this.asn1Params = null;
-3496     this.paramEmpty = false;
-3497 
-3498     var _KJUR = KJUR,
-3499 	_KJUR_asn1 = _KJUR.asn1,
-3500 	_PSSNAME2ASN1TLV = _KJUR_asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;
-3501 
-3502     this.getEncodedHex = function() {
-3503         if (this.nameAlg === null && this.asn1Alg === null) {
-3504             throw new Error("algorithm not specified");
-3505         }
+3204     this._getDsType = function() {
+3205 	var sType = this.sType;
+3206 	var sValue = this.sValue;
+3207 	var sRule = this.sRule;
+3208 
+3209 	if (sRule === "prn") {
+3210 	    if (sType == "CN" && _isMail(sValue)) return "ia5";
+3211 	    if (_isPrintable(sValue)) return "prn";
+3212 	    return "utf8";
+3213 	} else if (sRule === "utf8") {
+3214 	    if (sType == "CN" && _isMail(sValue)) return "ia5";
+3215 	    if (sType == "C") return "prn";
+3216 	    return "utf8";
+3217 	}
+3218 	return "utf8"; // default
+3219     };
+3220 
+3221     this.setByAttrTypeAndValueStr = function(sType, sValue, sRule) {
+3222 	if (sRule !== undefined) this.sRule = sRule;
+3223 	this.sType = sType;
+3224 	this.sValue = sValue;
+3225     };
+3226 
+3227     this.getValueObj = function(dsType, valueStr) {
+3228         if (dsType == "utf8") return new _DERUTF8String({"str": valueStr});
+3229         if (dsType == "prn")  return new _DERPrintableString({"str": valueStr});
+3230         if (dsType == "tel")  return new _DERTeletexString({"str": valueStr});
+3231         if (dsType == "ia5")  return new _DERIA5String({"str": valueStr});
+3232         if (dsType == "vis")  return new _DERVisibleString({"str": valueStr});
+3233         if (dsType == "bmp")  return new _DERBMPString({"str": valueStr});
+3234         throw new Error("unsupported directory string type: type=" +
+3235 			dsType + " value=" + valueStr);
+3236     };
+3237 
+3238     this.getEncodedHex = function() {
+3239 	if (this.dsType == null) this.dsType = this._getDsType();
+3240 	var asn1Type = KJUR.asn1.x509.OID.atype2obj(this.sType);
+3241 	var asn1Value = this.getValueObj(this.dsType, this.sValue);
+3242         var o = new _DERSequence({"array": [asn1Type, asn1Value]});
+3243         this.TLV = o.getEncodedHex();
+3244         return this.TLV;
+3245     };
+3246 
+3247     if (params !== undefined) {
+3248 	this.setByParam(params);
+3249     }
+3250 };
+3251 YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue, KJUR.asn1.ASN1Object);
+3252 
+3253 // === END   X500Name Related =================================================
+3254 
+3255 // === BEGIN Other ASN1 structure class  ======================================
+3256 
+3257 /**
+3258  * SubjectPublicKeyInfo ASN.1 structure class
+3259  * @name KJUR.asn1.x509.SubjectPublicKeyInfo
+3260  * @class SubjectPublicKeyInfo ASN.1 structure class
+3261  * @param {Object} params parameter for subject public key
+3262  * @extends KJUR.asn1.ASN1Object
+3263  * @description
+3264  * <br/>
+3265  * As for argument 'params' for constructor, you can specify one of
+3266  * following properties:
+3267  * <ul>
+3268  * <li>{@link RSAKey} object</li>
+3269  * <li>{@link KJUR.crypto.ECDSA} object</li>
+3270  * <li>{@link KJUR.crypto.DSA} object</li>
+3271  * </ul>
+3272  * NOTE1: 'params' can be omitted.<br/>
+3273  * NOTE2: DSA/ECDSA key object is also supported since asn1x509 1.0.6.<br/>
+3274  * <h4>EXAMPLE</h4>
+3275  * @example
+3276  * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(RSAKey_object);
+3277  * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoECDSA_object);
+3278  * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo(KJURcryptoDSA_object);
+3279  */
+3280 KJUR.asn1.x509.SubjectPublicKeyInfo = function(params) {
+3281     KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);
+3282     var asn1AlgId = null,
+3283 	asn1SubjPKey = null,
+3284 	_KJUR = KJUR,
+3285 	_KJUR_asn1 = _KJUR.asn1,
+3286 	_DERInteger = _KJUR_asn1.DERInteger,
+3287 	_DERBitString = _KJUR_asn1.DERBitString,
+3288 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
+3289 	_DERSequence = _KJUR_asn1.DERSequence,
+3290 	_newObject = _KJUR_asn1.ASN1Util.newObject,
+3291 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+3292 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
+3293 	_KJUR_crypto = _KJUR.crypto,
+3294 	_KJUR_crypto_ECDSA = _KJUR_crypto.ECDSA,
+3295 	_KJUR_crypto_DSA = _KJUR_crypto.DSA;
+3296 
+3297     /*
+3298      * @since asn1x509 1.0.7
+3299      */
+3300     this.getASN1Object = function() {
+3301         if (this.asn1AlgId == null || this.asn1SubjPKey == null)
+3302             throw "algId and/or subjPubKey not set";
+3303         var o = new _DERSequence({'array':
+3304                                   [this.asn1AlgId, this.asn1SubjPKey]});
+3305         return o;
+3306     };
+3307 
+3308     this.getEncodedHex = function() {
+3309         var o = this.getASN1Object();
+3310         this.hTLV = o.getEncodedHex();
+3311         return this.hTLV;
+3312     };
+3313 
+3314     /**
+3315      * @name setPubKey
+3316      * @memberOf KJUR.asn1.x509.SubjectPublicKeyInfo#
+3317      * @function
+3318      * @param {Object} {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} object
+3319      * @since jsrsasign 8.0.0 asn1x509 1.1.0
+3320      * @description
+3321      * @example
+3322      * spki = new KJUR.asn1.x509.SubjectPublicKeyInfo();
+3323      * pubKey = KEYUTIL.getKey(PKCS8PUBKEYPEM);
+3324      * spki.setPubKey(pubKey);
+3325      */
+3326     this.setPubKey = function(key) {
+3327 	try {
+3328 	    if (key instanceof RSAKey) {
+3329 		var asn1RsaPub = _newObject({
+3330 		    'seq': [{'int': {'bigint': key.n}}, {'int': {'int': key.e}}]
+3331 		});
+3332 		var rsaKeyHex = asn1RsaPub.getEncodedHex();
+3333 		this.asn1AlgId = new _AlgorithmIdentifier({'name':'rsaEncryption'});
+3334 		this.asn1SubjPKey = new _DERBitString({'hex':'00'+rsaKeyHex});
+3335 	    }
+3336 	} catch(ex) {};
+3337 
+3338 	try {
+3339 	    if (key instanceof KJUR.crypto.ECDSA) {
+3340 		var asn1Params = new _DERObjectIdentifier({'name': key.curveName});
+3341 		this.asn1AlgId =
+3342 		    new _AlgorithmIdentifier({'name': 'ecPublicKey',
+3343 					      'asn1params': asn1Params});
+3344 		this.asn1SubjPKey = new _DERBitString({'hex': '00' + key.pubKeyHex});
+3345 	    }
+3346 	} catch(ex) {};
+3347 
+3348 	try {
+3349 	    if (key instanceof KJUR.crypto.DSA) {
+3350 		var asn1Params = new _newObject({
+3351 		    'seq': [{'int': {'bigint': key.p}},
+3352 			    {'int': {'bigint': key.q}},
+3353 			    {'int': {'bigint': key.g}}]
+3354 		});
+3355 		this.asn1AlgId =
+3356 		    new _AlgorithmIdentifier({'name': 'dsa',
+3357 					      'asn1params': asn1Params});
+3358 		var pubInt = new _DERInteger({'bigint': key.y});
+3359 		this.asn1SubjPKey = 
+3360 		    new _DERBitString({'hex': '00' + pubInt.getEncodedHex()});
+3361 	    }
+3362 	} catch(ex) {};
+3363     };
+3364 
+3365     if (params !== undefined) {
+3366 	this.setPubKey(params);
+3367     }
+3368 };
+3369 YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo, KJUR.asn1.ASN1Object);
+3370 
+3371 /**
+3372  * Time ASN.1 structure class<br/>
+3373  * @name KJUR.asn1.x509.Time
+3374  * @class Time ASN.1 structure class
+3375  * @param {Array} params associative array of parameters (ex. {'str': '130508235959Z'})
+3376  * @extends KJUR.asn1.ASN1Object
+3377  * @see KJUR.asn1.DERUTCTime
+3378  * @see KJUR.asn1.DERGeneralizedTime
+3379  * @description
+3380  * This class represents Time ASN.1 structure defined in 
+3381  * <a href="https://tools.ietf.org/html/rfc5280">RFC 5280</a>
+3382  * <pre>
+3383  * Time ::= CHOICE {
+3384  *      utcTime        UTCTime,
+3385  *      generalTime    GeneralizedTime }
+3386  * </pre>
+3387  *
+3388  * @example
+3389  * var t1 = new KJUR.asn1.x509.Time{'str': '130508235959Z'} // UTCTime by default
+3390  * var t2 = new KJUR.asn1.x509.Time{'type': 'gen',  'str': '20130508235959Z'} // GeneralizedTime
+3391  */
+3392 KJUR.asn1.x509.Time = function(params) {
+3393     KJUR.asn1.x509.Time.superclass.constructor.call(this);
+3394     var type = null,
+3395 	timeParams = null,
+3396 	_KJUR = KJUR,
+3397 	_KJUR_asn1 = _KJUR.asn1,
+3398 	_DERUTCTime = _KJUR_asn1.DERUTCTime,
+3399 	_DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime;
+3400 
+3401     this.setTimeParams = function(timeParams) {
+3402         this.timeParams = timeParams;
+3403     }
+3404 
+3405     this.getEncodedHex = function() {
+3406         var o = null;
+3407 
+3408         if (this.timeParams != null) {
+3409             if (this.type == "utc") {
+3410                 o = new _DERUTCTime(this.timeParams);
+3411             } else {
+3412                 o = new _DERGeneralizedTime(this.timeParams);
+3413             }
+3414         } else {
+3415             if (this.type == "utc") {
+3416                 o = new _DERUTCTime();
+3417             } else {
+3418                 o = new _DERGeneralizedTime();
+3419             }
+3420         }
+3421         this.TLV = o.getEncodedHex();
+3422         return this.TLV;
+3423     };
+3424 
+3425     this.type = "utc";
+3426     if (params !== undefined) {
+3427         if (params.type !== undefined) {
+3428             this.type = params.type;
+3429         } else {
+3430             if (params.str !== undefined) {
+3431                 if (params.str.match(/^[0-9]{12}Z$/)) this.type = "utc";
+3432                 if (params.str.match(/^[0-9]{14}Z$/)) this.type = "gen";
+3433             }
+3434         }
+3435         this.timeParams = params;
+3436     }
+3437 };
+3438 YAHOO.lang.extend(KJUR.asn1.x509.Time, KJUR.asn1.ASN1Object);
+3439 
+3440 /**
+3441  * AlgorithmIdentifier ASN.1 structure class
+3442  * @name KJUR.asn1.x509.AlgorithmIdentifier
+3443  * @class AlgorithmIdentifier ASN.1 structure class
+3444  * @param {Array} params associative array of parameters (ex. {'name': 'SHA1withRSA'})
+3445  * @extends KJUR.asn1.ASN1Object
+3446  * @description
+3447  * The 'params' argument is an associative array and has following parameters:
+3448  * <ul>
+3449  * <li>name: algorithm name (MANDATORY, ex. sha1, SHA256withRSA)</li>
+3450  * <li>asn1params: explicitly specify ASN.1 object for algorithm.
+3451  * (OPTION)</li>
+3452  * <li>paramempty: set algorithm parameter to NULL by force.
+3453  * If paramempty is false, algorithm parameter will be set automatically.
+3454  * If paramempty is false and algorithm name is "*withDSA" or "withECDSA" parameter field of
+3455  * AlgorithmIdentifier will be ommitted otherwise
+3456  * it will be NULL by default.
+3457  * (OPTION, DEFAULT = false)</li>
+3458  * </ul>
+3459  * RSA-PSS algorithm names such as SHA{,256,384,512}withRSAandMGF1 are
+3460  * special names. They will set a suite of algorithm OID and multiple algorithm
+3461  * parameters. Its ASN.1 schema is defined in 
+3462  * <a href="https://tools.ietf.org/html/rfc3447#appendix-A.2.3">RFC 3447 PKCS#1 2.1
+3463  * section A.2.3</a>.
+3464  * <blockquote><pre>
+3465  * id-RSASSA-PSS  OBJECT IDENTIFIER ::= { pkcs-1 10 }
+3466  * RSASSA-PSS-params ::= SEQUENCE {
+3467  *   hashAlgorithm      [0] HashAlgorithm    DEFAULT sha1,
+3468  *   maskGenAlgorithm   [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
+3469  *   saltLength         [2] INTEGER          DEFAULT 20,
+3470  *   trailerField       [3] TrailerField     DEFAULT trailerFieldBC }
+3471  * mgf1SHA1    MaskGenAlgorithm ::= {
+3472  *   algorithm   id-mgf1,
+3473  *   parameters  HashAlgorithm : sha1 }
+3474  * id-mgf1     OBJECT IDENTIFIER ::= { pkcs-1 8 }
+3475  * TrailerField ::= INTEGER { trailerFieldBC(1) }
+3476  * </pre></blockquote>
+3477  * Here is a table for PSS parameters:
+3478  * <table>
+3479  * <tr><th>Name</th><th>alg oid</th><th>pss hash</th><th>maskgen</th></th><th>pss saltlen</th><th>trailer</th></tr>
+3480  * <tr><td>SHAwithRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>default(sha1)</td><td>default(mgf1sha1)</td><td>default(20)</td><td>default(1)</td></tr>
+3481  * <tr><td>SHA256withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha256</td><td>mgf1sha256</td><td>32</td><td>default(1)</td></tr>
+3482  * <tr><td>SHA384withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha384</td><td>mgf1sha384</td><td>48</td><td>default(1)</td></tr>
+3483  * <tr><td>SHA512withRSAandMGF1</td><td>1.2.840.113549.1.1.10(rsapss)</td><td>sha512</td><td>mgf1sha512</td><td>64</td><td>default(1)</td></tr>
+3484  * </table>
+3485  * Default value is omitted as defined in ASN.1 schema.
+3486  * These parameters are interoperable to OpenSSL or IAIK toolkit.
+3487  * <br/>
+3488  * NOTE: RSA-PSS algorihtm names are supported since jsrsasign 8.0.21. 
+3489  * @example
+3490  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "sha1"})
+3491  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA"})
+3492  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA512withRSAandMGF1"}) // set parameters automatically
+3493  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "SHA256withRSA", paramempty: true})
+3494  * new KJUR.asn1.x509.AlgorithmIdentifier({name: "rsaEncryption"})
+3495  */
+3496 KJUR.asn1.x509.AlgorithmIdentifier = function(params) {
+3497     KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);
+3498     this.nameAlg = null;
+3499     this.asn1Alg = null;
+3500     this.asn1Params = null;
+3501     this.paramEmpty = false;
+3502 
+3503     var _KJUR = KJUR,
+3504 	_KJUR_asn1 = _KJUR.asn1,
+3505 	_PSSNAME2ASN1TLV = _KJUR_asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;
 3506 
-3507 	// for RSAPSS algorithm name
-3508 	//  && this.hTLV === null
-3509 	if (this.nameAlg !== null) {
-3510 	    var hTLV = null;
-3511 	    for (var key in _PSSNAME2ASN1TLV) {
-3512 		if (key === this.nameAlg) {
-3513 		    hTLV = _PSSNAME2ASN1TLV[key];
-3514 		}
-3515 	    }
-3516 	    if (hTLV !== null) {
-3517 		this.hTLV = hTLV;
-3518 		return this.hTLV;
-3519 	    }
-3520 	}
-3521 
-3522         if (this.nameAlg !== null && this.asn1Alg === null) {
-3523             this.asn1Alg = _KJUR_asn1.x509.OID.name2obj(this.nameAlg);
-3524         }
-3525         var a = [this.asn1Alg];
-3526         if (this.asn1Params !== null) a.push(this.asn1Params);
-3527 
-3528         var o = new _KJUR_asn1.DERSequence({'array': a});
-3529         this.hTLV = o.getEncodedHex();
-3530         return this.hTLV;
-3531     };
+3507     this.getEncodedHex = function() {
+3508         if (this.nameAlg === null && this.asn1Alg === null) {
+3509             throw new Error("algorithm not specified");
+3510         }
+3511 
+3512 	// for RSAPSS algorithm name
+3513 	//  && this.hTLV === null
+3514 	if (this.nameAlg !== null) {
+3515 	    var hTLV = null;
+3516 	    for (var key in _PSSNAME2ASN1TLV) {
+3517 		if (key === this.nameAlg) {
+3518 		    hTLV = _PSSNAME2ASN1TLV[key];
+3519 		}
+3520 	    }
+3521 	    if (hTLV !== null) {
+3522 		this.hTLV = hTLV;
+3523 		return this.hTLV;
+3524 	    }
+3525 	}
+3526 
+3527         if (this.nameAlg !== null && this.asn1Alg === null) {
+3528             this.asn1Alg = _KJUR_asn1.x509.OID.name2obj(this.nameAlg);
+3529         }
+3530         var a = [this.asn1Alg];
+3531         if (this.asn1Params !== null) a.push(this.asn1Params);
 3532 
-3533     if (params !== undefined) {
-3534         if (params.name !== undefined) {
-3535             this.nameAlg = params.name;
-3536         }
-3537         if (params.asn1params !== undefined) {
-3538             this.asn1Params = params.asn1params;
-3539         }
-3540         if (params.paramempty !== undefined) {
-3541             this.paramEmpty = params.paramempty;
-3542         }
-3543     }
-3544 
-3545     // set algorithm parameters will be ommitted for
-3546     // "*withDSA" or "*withECDSA" otherwise will be NULL.
-3547     if (this.asn1Params === null &&
-3548 	this.paramEmpty === false &&
-3549 	this.nameAlg !== null) {
-3550 
-3551 	if (this.nameAlg.name !== undefined) {
-3552 	    this.nameAlg = this.nameAlg.name;
-3553 	}
-3554 	var lcNameAlg = this.nameAlg.toLowerCase();
+3533         var o = new _KJUR_asn1.DERSequence({'array': a});
+3534         this.hTLV = o.getEncodedHex();
+3535         return this.hTLV;
+3536     };
+3537 
+3538     if (params !== undefined) {
+3539         if (params.name !== undefined) {
+3540             this.nameAlg = params.name;
+3541         }
+3542         if (params.asn1params !== undefined) {
+3543             this.asn1Params = params.asn1params;
+3544         }
+3545         if (params.paramempty !== undefined) {
+3546             this.paramEmpty = params.paramempty;
+3547         }
+3548     }
+3549 
+3550     // set algorithm parameters will be ommitted for
+3551     // "*withDSA" or "*withECDSA" otherwise will be NULL.
+3552     if (this.asn1Params === null &&
+3553 	this.paramEmpty === false &&
+3554 	this.nameAlg !== null) {
 3555 
-3556 	if (lcNameAlg.substr(-7, 7) !== "withdsa" &&
-3557 	    lcNameAlg.substr(-9, 9) !== "withecdsa") {
-3558             this.asn1Params = new _KJUR_asn1.DERNull();
-3559 	}
-3560     }
-3561 };
-3562 YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object);
-3563 
-3564 /**
-3565  * AlgorithmIdentifier ASN.1 TLV string associative array for RSA-PSS algorithm names
-3566  * @const
-3567  */
-3568 KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV = {
-3569     "SHAwithRSAandMGF1":
-3570     "300d06092a864886f70d01010a3000",
-3571     "SHA256withRSAandMGF1":
-3572     "303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",
-3573     "SHA384withRSAandMGF1":
-3574     "303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",
-3575     "SHA512withRSAandMGF1":
-3576     "303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"
-3577 };
-3578 
-3579 /**
-3580  * GeneralName ASN.1 structure class<br/>
-3581  * @name KJUR.asn1.x509.GeneralName
-3582  * @class GeneralName ASN.1 structure class
-3583  * @description
-3584  * <br/>
-3585  * As for argument 'params' for constructor, you can specify one of
-3586  * following properties:
-3587  * <ul>
-3588  * <li>rfc822 - rfc822Name[1] (ex. user1@foo.com)</li>
-3589  * <li>dns - dNSName[2] (ex. foo.com)</li>
-3590  * <li>uri - uniformResourceIdentifier[6] (ex. http://foo.com/)</li>
-3591  * <li>dn - directoryName[4] 
-3592  * distinguished name string or X500Name class parameters can be
-3593  * specified (ex. "/C=US/O=Test", {hex: '301c...')</li>
-3594  * <li>ldapdn - directoryName[4] (ex. O=Test,C=US)</li>
-3595  * <li>certissuer - directoryName[4] (PEM or hex string of cert)</li>
-3596  * <li>certsubj - directoryName[4] (PEM or hex string of cert)</li>
-3597  * <li>ip - iPAddress[7] (ex. 192.168.1.1, 2001:db3::43, 3faa0101...)</li>
-3598  * </ul>
-3599  * NOTE1: certissuer and certsubj were supported since asn1x509 1.0.10.<br/>
-3600  * NOTE2: dn and ldapdn were supported since jsrsasign 6.2.3 asn1x509 1.0.19.<br/>
-3601  * NOTE3: ip were supported since jsrsasign 8.0.10 asn1x509 1.1.4.<br/>
-3602  * NOTE4: X500Name parameters in dn were supported since jsrsasign 8.0.16.<br/>
-3603  *
-3604  * Here is definition of the ASN.1 syntax:
-3605  * <pre>
-3606  * -- NOTE: under the CHOICE, it will always be explicit.
-3607  * GeneralName ::= CHOICE {
-3608  *   otherName                  [0] OtherName,
-3609  *   rfc822Name                 [1] IA5String,
-3610  *   dNSName                    [2] IA5String,
-3611  *   x400Address                [3] ORAddress,
-3612  *   directoryName              [4] Name,
-3613  *   ediPartyName               [5] EDIPartyName,
-3614  *   uniformResourceIdentifier  [6] IA5String,
-3615  *   iPAddress                  [7] OCTET STRING,
-3616  *   registeredID               [8] OBJECT IDENTIFIER }
-3617  * </pre>
-3618  *
-3619  * @example
-3620  * gn = new KJUR.asn1.x509.GeneralName({dn:     '/C=US/O=Test'});
-3621  * gn = new KJUR.asn1.x509.GeneralName({dn:     X500NameObject);
-3622  * gn = new KJUR.asn1.x509.GeneralName({dn:     {str: /C=US/O=Test'});
-3623  * gn = new KJUR.asn1.x509.GeneralName({dn:     {ldapstr: 'O=Test,C=US'});
-3624  * gn = new KJUR.asn1.x509.GeneralName({dn:     {hex: '301c...'});
-3625  * gn = new KJUR.asn1.x509.GeneralName({dn:     {certissuer: PEMCERTSTRING});
-3626  * gn = new KJUR.asn1.x509.GeneralName({dn:     {certsubject: PEMCERTSTRING});
-3627  * gn = new KJUR.asn1.x509.GeneralName({ip:     '192.168.1.1'});
-3628  * gn = new KJUR.asn1.x509.GeneralName({ip:     '2001:db4::4:1'});
-3629  * gn = new KJUR.asn1.x509.GeneralName({ip:     'c0a80101'});
-3630  * gn = new KJUR.asn1.x509.GeneralName({rfc822: 'test@aaa.com'});
-3631  * gn = new KJUR.asn1.x509.GeneralName({dns:    'aaa.com'});
-3632  * gn = new KJUR.asn1.x509.GeneralName({uri:    'http://aaa.com/'});
-3633  *
-3634  * gn = new KJUR.asn1.x509.GeneralName({ldapdn:     'O=Test,C=US'}); // DEPRECATED
-3635  * gn = new KJUR.asn1.x509.GeneralName({certissuer: certPEM});       // DEPRECATED
-3636  * gn = new KJUR.asn1.x509.GeneralName({certsubj:   certPEM});       // DEPRECATED
-3637  */
-3638 KJUR.asn1.x509.GeneralName = function(params) {
-3639     KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);
-3640     var asn1Obj = null,
-3641 	type = null,
-3642 	pTag = {rfc822: '81', dns: '82', dn: 'a4',  uri: '86', ip: '87'},
-3643 	_KJUR = KJUR,
-3644 	_KJUR_asn1 = _KJUR.asn1,
-3645 	_DERSequence = _KJUR_asn1.DERSequence,
-3646 	_DEROctetString = _KJUR_asn1.DEROctetString,
-3647 	_DERIA5String = _KJUR_asn1.DERIA5String,
-3648 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
-3649 	_ASN1Object = _KJUR_asn1.ASN1Object,
-3650 	_X500Name = _KJUR_asn1.x509.X500Name,
-3651 	_pemtohex = pemtohex;
-3652 	
-3653     this.explicit = false;
-3654 
-3655     this.setByParam = function(params) {
-3656         var str = null;
-3657         var v = null;
-3658 
-3659 	if (params === undefined) return;
-3660 
-3661         if (params.rfc822 !== undefined) {
-3662             this.type = 'rfc822';
-3663             v = new _DERIA5String({str: params[this.type]});
-3664         }
+3556 	if (this.nameAlg.name !== undefined) {
+3557 	    this.nameAlg = this.nameAlg.name;
+3558 	}
+3559 	var lcNameAlg = this.nameAlg.toLowerCase();
+3560 
+3561 	if (lcNameAlg.substr(-7, 7) !== "withdsa" &&
+3562 	    lcNameAlg.substr(-9, 9) !== "withecdsa") {
+3563             this.asn1Params = new _KJUR_asn1.DERNull();
+3564 	}
+3565     }
+3566 };
+3567 YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier, KJUR.asn1.ASN1Object);
+3568 
+3569 /**
+3570  * AlgorithmIdentifier ASN.1 TLV string associative array for RSA-PSS algorithm names
+3571  * @const
+3572  */
+3573 KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV = {
+3574     "SHAwithRSAandMGF1":
+3575     "300d06092a864886f70d01010a3000",
+3576     "SHA256withRSAandMGF1":
+3577     "303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",
+3578     "SHA384withRSAandMGF1":
+3579     "303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",
+3580     "SHA512withRSAandMGF1":
+3581     "303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"
+3582 };
+3583 
+3584 /**
+3585  * GeneralName ASN.1 structure class<br/>
+3586  * @name KJUR.asn1.x509.GeneralName
+3587  * @class GeneralName ASN.1 structure class
+3588  * @description
+3589  * <br/>
+3590  * As for argument 'params' for constructor, you can specify one of
+3591  * following properties:
+3592  * <ul>
+3593  * <li>rfc822 - rfc822Name[1] (ex. user1@foo.com)</li>
+3594  * <li>dns - dNSName[2] (ex. foo.com)</li>
+3595  * <li>uri - uniformResourceIdentifier[6] (ex. http://foo.com/)</li>
+3596  * <li>dn - directoryName[4] 
+3597  * distinguished name string or X500Name class parameters can be
+3598  * specified (ex. "/C=US/O=Test", {hex: '301c...')</li>
+3599  * <li>ldapdn - directoryName[4] (ex. O=Test,C=US)</li>
+3600  * <li>certissuer - directoryName[4] (PEM or hex string of cert)</li>
+3601  * <li>certsubj - directoryName[4] (PEM or hex string of cert)</li>
+3602  * <li>ip - iPAddress[7] (ex. 192.168.1.1, 2001:db3::43, 3faa0101...)</li>
+3603  * </ul>
+3604  * NOTE1: certissuer and certsubj were supported since asn1x509 1.0.10.<br/>
+3605  * NOTE2: dn and ldapdn were supported since jsrsasign 6.2.3 asn1x509 1.0.19.<br/>
+3606  * NOTE3: ip were supported since jsrsasign 8.0.10 asn1x509 1.1.4.<br/>
+3607  * NOTE4: X500Name parameters in dn were supported since jsrsasign 8.0.16.<br/>
+3608  *
+3609  * Here is definition of the ASN.1 syntax:
+3610  * <pre>
+3611  * -- NOTE: under the CHOICE, it will always be explicit.
+3612  * GeneralName ::= CHOICE {
+3613  *   otherName                  [0] OtherName,
+3614  *   rfc822Name                 [1] IA5String,
+3615  *   dNSName                    [2] IA5String,
+3616  *   x400Address                [3] ORAddress,
+3617  *   directoryName              [4] Name,
+3618  *   ediPartyName               [5] EDIPartyName,
+3619  *   uniformResourceIdentifier  [6] IA5String,
+3620  *   iPAddress                  [7] OCTET STRING,
+3621  *   registeredID               [8] OBJECT IDENTIFIER }
+3622  * </pre>
+3623  *
+3624  * @example
+3625  * gn = new KJUR.asn1.x509.GeneralName({dn:     '/C=US/O=Test'});
+3626  * gn = new KJUR.asn1.x509.GeneralName({dn:     X500NameObject);
+3627  * gn = new KJUR.asn1.x509.GeneralName({dn:     {str: /C=US/O=Test'});
+3628  * gn = new KJUR.asn1.x509.GeneralName({dn:     {ldapstr: 'O=Test,C=US'});
+3629  * gn = new KJUR.asn1.x509.GeneralName({dn:     {hex: '301c...'});
+3630  * gn = new KJUR.asn1.x509.GeneralName({dn:     {certissuer: PEMCERTSTRING});
+3631  * gn = new KJUR.asn1.x509.GeneralName({dn:     {certsubject: PEMCERTSTRING});
+3632  * gn = new KJUR.asn1.x509.GeneralName({ip:     '192.168.1.1'});
+3633  * gn = new KJUR.asn1.x509.GeneralName({ip:     '2001:db4::4:1'});
+3634  * gn = new KJUR.asn1.x509.GeneralName({ip:     'c0a80101'});
+3635  * gn = new KJUR.asn1.x509.GeneralName({rfc822: 'test@aaa.com'});
+3636  * gn = new KJUR.asn1.x509.GeneralName({dns:    'aaa.com'});
+3637  * gn = new KJUR.asn1.x509.GeneralName({uri:    'http://aaa.com/'});
+3638  *
+3639  * gn = new KJUR.asn1.x509.GeneralName({ldapdn:     'O=Test,C=US'}); // DEPRECATED
+3640  * gn = new KJUR.asn1.x509.GeneralName({certissuer: certPEM});       // DEPRECATED
+3641  * gn = new KJUR.asn1.x509.GeneralName({certsubj:   certPEM});       // DEPRECATED
+3642  */
+3643 KJUR.asn1.x509.GeneralName = function(params) {
+3644     KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);
+3645     var asn1Obj = null,
+3646 	type = null,
+3647 	pTag = {rfc822: '81', dns: '82', dn: 'a4',  uri: '86', ip: '87'},
+3648 	_KJUR = KJUR,
+3649 	_KJUR_asn1 = _KJUR.asn1,
+3650 	_DERSequence = _KJUR_asn1.DERSequence,
+3651 	_DEROctetString = _KJUR_asn1.DEROctetString,
+3652 	_DERIA5String = _KJUR_asn1.DERIA5String,
+3653 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
+3654 	_ASN1Object = _KJUR_asn1.ASN1Object,
+3655 	_X500Name = _KJUR_asn1.x509.X500Name,
+3656 	_pemtohex = pemtohex;
+3657 	
+3658     this.explicit = false;
+3659 
+3660     this.setByParam = function(params) {
+3661         var str = null;
+3662         var v = null;
+3663 
+3664 	if (params === undefined) return;
 3665 
-3666         if (params.dns !== undefined) {
-3667             this.type = 'dns';
+3666         if (params.rfc822 !== undefined) {
+3667             this.type = 'rfc822';
 3668             v = new _DERIA5String({str: params[this.type]});
 3669         }
 3670 
-3671         if (params.uri !== undefined) {
-3672             this.type = 'uri';
+3671         if (params.dns !== undefined) {
+3672             this.type = 'dns';
 3673             v = new _DERIA5String({str: params[this.type]});
 3674         }
 3675 
-3676         if (params.dn !== undefined) {
-3677 	    this.type = 'dn';
-3678 	    this.explicit = true;
-3679 	    if (typeof params.dn === "string") {
-3680 		v = new _X500Name({str: params.dn});
-3681 	    } else if (params.dn instanceof KJUR.asn1.x509.X500Name) {
-3682 		v = params.dn;
-3683 	    } else {
-3684 		v = new _X500Name(params.dn);
-3685 	    }
-3686 	}
-3687 
-3688         if (params.ldapdn !== undefined) {
-3689 	    this.type = 'dn';
-3690 	    this.explicit = true;
-3691 	    v = new _X500Name({ldapstr: params.ldapdn});
-3692 	}
-3693 
-3694 	if (params.certissuer !== undefined) {
-3695 	    this.type = 'dn';
-3696 	    this.explicit = true;
-3697 	    var certStr = params.certissuer;
-3698 	    var certHex = null;
-3699 
-3700 	    if (certStr.match(/^[0-9A-Fa-f]+$/)) {
-3701 		certHex == certStr;
-3702             }
-3703 
-3704 	    if (certStr.indexOf("-----BEGIN ") != -1) {
-3705 		certHex = _pemtohex(certStr);
-3706 	    }
-3707 
-3708 	    if (certHex == null) throw "certissuer param not cert";
-3709 	    var x = new X509();
-3710 	    x.hex = certHex;
-3711 	    var dnHex = x.getIssuerHex();
-3712 	    v = new _ASN1Object();
-3713 	    v.hTLV = dnHex;
-3714 	}
-3715 
-3716 	if (params.certsubj !== undefined) {
-3717 	    this.type = 'dn';
-3718 	    this.explicit = true;
-3719 	    var certStr = params.certsubj;
-3720 	    var certHex = null;
-3721 	    if (certStr.match(/^[0-9A-Fa-f]+$/)) {
-3722 		certHex == certStr;
-3723             }
-3724 	    if (certStr.indexOf("-----BEGIN ") != -1) {
-3725 		certHex = _pemtohex(certStr);
-3726 	    }
-3727 	    if (certHex == null) throw "certsubj param not cert";
-3728 	    var x = new X509();
-3729 	    x.hex = certHex;
-3730 	    var dnHex = x.getSubjectHex();
-3731 	    v = new _ASN1Object();
-3732 	    v.hTLV = dnHex;
-3733 	}
-3734 
-3735 	if (params.ip !== undefined) {
-3736 	    this.type = 'ip';
-3737 	    this.explicit = false;
-3738 	    var ip = params.ip;
-3739 	    var hIP;
-3740 	    var malformedIPMsg = "malformed IP address";
-3741 	    if (ip.match(/^[0-9.]+[.][0-9.]+$/)) { // ipv4
-3742 		hIP = intarystrtohex("[" + ip.split(".").join(",") + "]");
-3743 		if (hIP.length !== 8) throw malformedIPMsg;
-3744 	    } else if (ip.match(/^[0-9A-Fa-f:]+:[0-9A-Fa-f:]+$/)) { // ipv6
-3745 		hIP = ipv6tohex(ip);
-3746 	    } else if (ip.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)) { // hex
-3747 		hIP = ip;
-3748 	    } else {
-3749 		throw malformedIPMsg;
-3750 	    }
-3751 	    v = new _DEROctetString({hex: hIP});
-3752 	}
-3753 
-3754         if (this.type == null)
-3755             throw "unsupported type in params=" + params;
-3756         this.asn1Obj = new _DERTaggedObject({'explicit': this.explicit,
-3757                                              'tag': pTag[this.type],
-3758                                              'obj': v});
-3759     };
-3760 
-3761     this.getEncodedHex = function() {
-3762         return this.asn1Obj.getEncodedHex();
-3763     }
-3764 
-3765     if (params !== undefined) {
-3766         this.setByParam(params);
-3767     }
-3768 
-3769 };
-3770 YAHOO.lang.extend(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object);
-3771 
-3772 /**
-3773  * GeneralNames ASN.1 structure class<br/>
-3774  * @name KJUR.asn1.x509.GeneralNames
-3775  * @class GeneralNames ASN.1 structure class
-3776  * @description
-3777  * <br/>
-3778  * <h4>EXAMPLE AND ASN.1 SYNTAX</h4>
-3779  * @example
-3780  * gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]);
-3781  *
-3782  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-3783  */
-3784 KJUR.asn1.x509.GeneralNames = function(paramsArray) {
-3785     KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);
-3786     var asn1Array = null,
-3787 	_KJUR = KJUR,
-3788 	_KJUR_asn1 = _KJUR.asn1;
-3789 
-3790     /**
-3791      * set a array of {@link KJUR.asn1.x509.GeneralName} parameters<br/>
-3792      * @name setByParamArray
-3793      * @memberOf KJUR.asn1.x509.GeneralNames#
-3794      * @function
-3795      * @param {Array} paramsArray Array of {@link KJUR.asn1.x509.GeneralNames}
-3796      * @description
-3797      * <br/>
-3798      * <h4>EXAMPLES</h4>
-3799      * @example
-3800      * gns = new KJUR.asn1.x509.GeneralNames();
-3801      * gns.setByParamArray([{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]);
-3802      */
-3803     this.setByParamArray = function(paramsArray) {
-3804         for (var i = 0; i < paramsArray.length; i++) {
-3805             var o = new _KJUR_asn1.x509.GeneralName(paramsArray[i]);
-3806             this.asn1Array.push(o);
-3807         }
-3808     };
-3809 
-3810     this.getEncodedHex = function() {
-3811         var o = new _KJUR_asn1.DERSequence({'array': this.asn1Array});
-3812         return o.getEncodedHex();
+3676         if (params.uri !== undefined) {
+3677             this.type = 'uri';
+3678             v = new _DERIA5String({str: params[this.type]});
+3679         }
+3680 
+3681         if (params.dn !== undefined) {
+3682 	    this.type = 'dn';
+3683 	    this.explicit = true;
+3684 	    if (typeof params.dn === "string") {
+3685 		v = new _X500Name({str: params.dn});
+3686 	    } else if (params.dn instanceof KJUR.asn1.x509.X500Name) {
+3687 		v = params.dn;
+3688 	    } else {
+3689 		v = new _X500Name(params.dn);
+3690 	    }
+3691 	}
+3692 
+3693         if (params.ldapdn !== undefined) {
+3694 	    this.type = 'dn';
+3695 	    this.explicit = true;
+3696 	    v = new _X500Name({ldapstr: params.ldapdn});
+3697 	}
+3698 
+3699 	if (params.certissuer !== undefined) {
+3700 	    this.type = 'dn';
+3701 	    this.explicit = true;
+3702 	    var certStr = params.certissuer;
+3703 	    var certHex = null;
+3704 
+3705 	    if (certStr.match(/^[0-9A-Fa-f]+$/)) {
+3706 		certHex == certStr;
+3707             }
+3708 
+3709 	    if (certStr.indexOf("-----BEGIN ") != -1) {
+3710 		certHex = _pemtohex(certStr);
+3711 	    }
+3712 
+3713 	    if (certHex == null) throw "certissuer param not cert";
+3714 	    var x = new X509();
+3715 	    x.hex = certHex;
+3716 	    var dnHex = x.getIssuerHex();
+3717 	    v = new _ASN1Object();
+3718 	    v.hTLV = dnHex;
+3719 	}
+3720 
+3721 	if (params.certsubj !== undefined) {
+3722 	    this.type = 'dn';
+3723 	    this.explicit = true;
+3724 	    var certStr = params.certsubj;
+3725 	    var certHex = null;
+3726 	    if (certStr.match(/^[0-9A-Fa-f]+$/)) {
+3727 		certHex == certStr;
+3728             }
+3729 	    if (certStr.indexOf("-----BEGIN ") != -1) {
+3730 		certHex = _pemtohex(certStr);
+3731 	    }
+3732 	    if (certHex == null) throw "certsubj param not cert";
+3733 	    var x = new X509();
+3734 	    x.hex = certHex;
+3735 	    var dnHex = x.getSubjectHex();
+3736 	    v = new _ASN1Object();
+3737 	    v.hTLV = dnHex;
+3738 	}
+3739 
+3740 	if (params.ip !== undefined) {
+3741 	    this.type = 'ip';
+3742 	    this.explicit = false;
+3743 	    var ip = params.ip;
+3744 	    var hIP;
+3745 	    var malformedIPMsg = "malformed IP address";
+3746 	    if (ip.match(/^[0-9.]+[.][0-9.]+$/)) { // ipv4
+3747 		hIP = intarystrtohex("[" + ip.split(".").join(",") + "]");
+3748 		if (hIP.length !== 8) throw malformedIPMsg;
+3749 	    } else if (ip.match(/^[0-9A-Fa-f:]+:[0-9A-Fa-f:]+$/)) { // ipv6
+3750 		hIP = ipv6tohex(ip);
+3751 	    } else if (ip.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)) { // hex
+3752 		hIP = ip;
+3753 	    } else {
+3754 		throw malformedIPMsg;
+3755 	    }
+3756 	    v = new _DEROctetString({hex: hIP});
+3757 	}
+3758 
+3759         if (this.type == null)
+3760             throw "unsupported type in params=" + params;
+3761         this.asn1Obj = new _DERTaggedObject({'explicit': this.explicit,
+3762                                              'tag': pTag[this.type],
+3763                                              'obj': v});
+3764     };
+3765 
+3766     this.getEncodedHex = function() {
+3767         return this.asn1Obj.getEncodedHex();
+3768     }
+3769 
+3770     if (params !== undefined) {
+3771         this.setByParam(params);
+3772     }
+3773 
+3774 };
+3775 YAHOO.lang.extend(KJUR.asn1.x509.GeneralName, KJUR.asn1.ASN1Object);
+3776 
+3777 /**
+3778  * GeneralNames ASN.1 structure class<br/>
+3779  * @name KJUR.asn1.x509.GeneralNames
+3780  * @class GeneralNames ASN.1 structure class
+3781  * @description
+3782  * <br/>
+3783  * <h4>EXAMPLE AND ASN.1 SYNTAX</h4>
+3784  * @example
+3785  * gns = new KJUR.asn1.x509.GeneralNames([{'uri': 'http://aaa.com/'}, {'uri': 'http://bbb.com/'}]);
+3786  *
+3787  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+3788  */
+3789 KJUR.asn1.x509.GeneralNames = function(paramsArray) {
+3790     KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);
+3791     var asn1Array = null,
+3792 	_KJUR = KJUR,
+3793 	_KJUR_asn1 = _KJUR.asn1;
+3794 
+3795     /**
+3796      * set a array of {@link KJUR.asn1.x509.GeneralName} parameters<br/>
+3797      * @name setByParamArray
+3798      * @memberOf KJUR.asn1.x509.GeneralNames#
+3799      * @function
+3800      * @param {Array} paramsArray Array of {@link KJUR.asn1.x509.GeneralNames}
+3801      * @description
+3802      * <br/>
+3803      * <h4>EXAMPLES</h4>
+3804      * @example
+3805      * gns = new KJUR.asn1.x509.GeneralNames();
+3806      * gns.setByParamArray([{uri: 'http://aaa.com/'}, {uri: 'http://bbb.com/'}]);
+3807      */
+3808     this.setByParamArray = function(paramsArray) {
+3809         for (var i = 0; i < paramsArray.length; i++) {
+3810             var o = new _KJUR_asn1.x509.GeneralName(paramsArray[i]);
+3811             this.asn1Array.push(o);
+3812         }
 3813     };
 3814 
-3815     this.asn1Array = new Array();
-3816     if (typeof paramsArray != "undefined") {
-3817         this.setByParamArray(paramsArray);
-3818     }
-3819 };
-3820 YAHOO.lang.extend(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object);
-3821 
-3822 /**
-3823  * static object for OID
-3824  * @name KJUR.asn1.x509.OID
-3825  * @class static object for OID
-3826  * @property {Assoc Array} atype2oidList for short attribute type name and oid (ex. 'C' and '2.5.4.6')
-3827  * @property {Assoc Array} name2oidList for oid name and oid (ex. 'keyUsage' and '2.5.29.15')
-3828  * @property {Assoc Array} objCache for caching name and DERObjectIdentifier object
-3829  * @description
-3830  * This class defines OID name and values.
-3831  * AttributeType names registered in OID.atype2oidList are following:
-3832  * <table style="border-width: thin; border-style: solid; witdh: 100%">
-3833  * <tr><th>short</th><th>long</th><th>OID</th></tr>
-3834  * <tr><td>CN</td>commonName<td></td><td>2.5.4.3</td></tr>
-3835  * <tr><td>L</td><td>localityName</td><td>2.5.4.7</td></tr>
-3836  * <tr><td>ST</td><td>stateOrProvinceName</td><td>2.5.4.8</td></tr>
-3837  * <tr><td>O</td><td>organizationName</td><td>2.5.4.10</td></tr>
-3838  * <tr><td>OU</td><td>organizationalUnitName</td><td>2.5.4.11</td></tr>
-3839  * <tr><td>C</td><td></td>countryName<td>2.5.4.6</td></tr>
-3840  * <tr><td>STREET</td>streetAddress<td></td><td>2.5.4.6</td></tr>
-3841  * <tr><td>DC</td><td>domainComponent</td><td>0.9.2342.19200300.100.1.25</td></tr>
-3842  * <tr><td>UID</td><td>userId</td><td>0.9.2342.19200300.100.1.1</td></tr>
-3843  * <tr><td>SN</td><td>surname</td><td>2.5.4.4</td></tr>
-3844  * <tr><td>DN</td><td>distinguishedName</td><td>2.5.4.49</td></tr>
-3845  * <tr><td>E</td><td>emailAddress</td><td>1.2.840.113549.1.9.1</td></tr>
-3846  * <tr><td></td><td>businessCategory</td><td>2.5.4.15</td></tr>
-3847  * <tr><td></td><td>postalCode</td><td>2.5.4.17</td></tr>
-3848  * <tr><td></td><td>jurisdictionOfIncorporationL</td><td>1.3.6.1.4.1.311.60.2.1.1</td></tr>
-3849  * <tr><td></td><td>jurisdictionOfIncorporationSP</td><td>1.3.6.1.4.1.311.60.2.1.2</td></tr>
-3850  * <tr><td></td><td>jurisdictionOfIncorporationC</td><td>1.3.6.1.4.1.311.60.2.1.3</td></tr>
-3851  * </table>
-3852  *
-3853  * @example
-3854  */
-3855 KJUR.asn1.x509.OID = new function(params) {
-3856     this.atype2oidList = {
-3857 	// RFC 4514 AttributeType name string (MUST recognized)
-3858         'CN':		'2.5.4.3',
-3859         'L':		'2.5.4.7',
-3860         'ST':		'2.5.4.8',
-3861         'O':		'2.5.4.10',
-3862         'OU':		'2.5.4.11',
-3863         'C':		'2.5.4.6',
-3864         'STREET':	'2.5.4.9',
-3865         'DC':		'0.9.2342.19200300.100.1.25',
-3866         'UID':		'0.9.2342.19200300.100.1.1',
-3867 	// other AttributeType name string
-3868 	// http://blog.livedoor.jp/k_urushima/archives/656114.html
-3869         'SN':		'2.5.4.4', // surname
-3870         'T':		'2.5.4.12', // title
-3871         'DN':		'2.5.4.49', // distinguishedName
-3872         'E':		'1.2.840.113549.1.9.1', // emailAddress in MS.NET or Bouncy
-3873 	// other AttributeType name string (no short name)
-3874 	'description':			'2.5.4.13',
-3875 	'businessCategory':		'2.5.4.15',
-3876 	'postalCode':			'2.5.4.17',
-3877 	'serialNumber':			'2.5.4.5',
-3878 	'uniqueIdentifier':		'2.5.4.45',
-3879 	'organizationIdentifier':	'2.5.4.97',
-3880 	'jurisdictionOfIncorporationL':	'1.3.6.1.4.1.311.60.2.1.1',
-3881 	'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2',
-3882 	'jurisdictionOfIncorporationC':	'1.3.6.1.4.1.311.60.2.1.3'
-3883     };
-3884     this.name2oidList = {
-3885         'sha1':                 '1.3.14.3.2.26',
-3886         'sha256':               '2.16.840.1.101.3.4.2.1',
-3887         'sha384':               '2.16.840.1.101.3.4.2.2',
-3888         'sha512':               '2.16.840.1.101.3.4.2.3',
-3889         'sha224':               '2.16.840.1.101.3.4.2.4',
-3890         'md5':                  '1.2.840.113549.2.5',
-3891         'md2':                  '1.3.14.7.2.2.1',
-3892         'ripemd160':            '1.3.36.3.2.1',
-3893 
-3894         'MD2withRSA':           '1.2.840.113549.1.1.2',
-3895         'MD4withRSA':           '1.2.840.113549.1.1.3',
-3896         'MD5withRSA':           '1.2.840.113549.1.1.4',
-3897         'SHA1withRSA':          '1.2.840.113549.1.1.5',
-3898 	'pkcs1-MGF':		'1.2.840.113549.1.1.8',
-3899 	'rsaPSS':		'1.2.840.113549.1.1.10',
-3900         'SHA224withRSA':        '1.2.840.113549.1.1.14',
-3901         'SHA256withRSA':        '1.2.840.113549.1.1.11',
-3902         'SHA384withRSA':        '1.2.840.113549.1.1.12',
-3903         'SHA512withRSA':        '1.2.840.113549.1.1.13',
-3904 
-3905         'SHA1withECDSA':        '1.2.840.10045.4.1',
-3906         'SHA224withECDSA':      '1.2.840.10045.4.3.1',
-3907         'SHA256withECDSA':      '1.2.840.10045.4.3.2',
-3908         'SHA384withECDSA':      '1.2.840.10045.4.3.3',
-3909         'SHA512withECDSA':      '1.2.840.10045.4.3.4',
-3910 
-3911         'dsa':                  '1.2.840.10040.4.1',
-3912         'SHA1withDSA':          '1.2.840.10040.4.3',
-3913         'SHA224withDSA':        '2.16.840.1.101.3.4.3.1',
-3914         'SHA256withDSA':        '2.16.840.1.101.3.4.3.2',
+3815     this.getEncodedHex = function() {
+3816         var o = new _KJUR_asn1.DERSequence({'array': this.asn1Array});
+3817         return o.getEncodedHex();
+3818     };
+3819 
+3820     this.asn1Array = new Array();
+3821     if (typeof paramsArray != "undefined") {
+3822         this.setByParamArray(paramsArray);
+3823     }
+3824 };
+3825 YAHOO.lang.extend(KJUR.asn1.x509.GeneralNames, KJUR.asn1.ASN1Object);
+3826 
+3827 /**
+3828  * static object for OID
+3829  * @name KJUR.asn1.x509.OID
+3830  * @class static object for OID
+3831  * @property {Assoc Array} atype2oidList for short attribute type name and oid (ex. 'C' and '2.5.4.6')
+3832  * @property {Assoc Array} name2oidList for oid name and oid (ex. 'keyUsage' and '2.5.29.15')
+3833  * @property {Assoc Array} objCache for caching name and DERObjectIdentifier object
+3834  * @description
+3835  * This class defines OID name and values.
+3836  * AttributeType names registered in OID.atype2oidList are following:
+3837  * <table style="border-width: thin; border-style: solid; witdh: 100%">
+3838  * <tr><th>short</th><th>long</th><th>OID</th></tr>
+3839  * <tr><td>CN</td>commonName<td></td><td>2.5.4.3</td></tr>
+3840  * <tr><td>L</td><td>localityName</td><td>2.5.4.7</td></tr>
+3841  * <tr><td>ST</td><td>stateOrProvinceName</td><td>2.5.4.8</td></tr>
+3842  * <tr><td>O</td><td>organizationName</td><td>2.5.4.10</td></tr>
+3843  * <tr><td>OU</td><td>organizationalUnitName</td><td>2.5.4.11</td></tr>
+3844  * <tr><td>C</td><td></td>countryName<td>2.5.4.6</td></tr>
+3845  * <tr><td>STREET</td>streetAddress<td></td><td>2.5.4.6</td></tr>
+3846  * <tr><td>DC</td><td>domainComponent</td><td>0.9.2342.19200300.100.1.25</td></tr>
+3847  * <tr><td>UID</td><td>userId</td><td>0.9.2342.19200300.100.1.1</td></tr>
+3848  * <tr><td>SN</td><td>surname</td><td>2.5.4.4</td></tr>
+3849  * <tr><td>DN</td><td>distinguishedName</td><td>2.5.4.49</td></tr>
+3850  * <tr><td>E</td><td>emailAddress</td><td>1.2.840.113549.1.9.1</td></tr>
+3851  * <tr><td></td><td>businessCategory</td><td>2.5.4.15</td></tr>
+3852  * <tr><td></td><td>postalCode</td><td>2.5.4.17</td></tr>
+3853  * <tr><td></td><td>jurisdictionOfIncorporationL</td><td>1.3.6.1.4.1.311.60.2.1.1</td></tr>
+3854  * <tr><td></td><td>jurisdictionOfIncorporationSP</td><td>1.3.6.1.4.1.311.60.2.1.2</td></tr>
+3855  * <tr><td></td><td>jurisdictionOfIncorporationC</td><td>1.3.6.1.4.1.311.60.2.1.3</td></tr>
+3856  * </table>
+3857  *
+3858  * @example
+3859  */
+3860 KJUR.asn1.x509.OID = new function(params) {
+3861     this.atype2oidList = {
+3862 	// RFC 4514 AttributeType name string (MUST recognized)
+3863         'CN':		'2.5.4.3',
+3864         'L':		'2.5.4.7',
+3865         'ST':		'2.5.4.8',
+3866         'O':		'2.5.4.10',
+3867         'OU':		'2.5.4.11',
+3868         'C':		'2.5.4.6',
+3869         'STREET':	'2.5.4.9',
+3870         'DC':		'0.9.2342.19200300.100.1.25',
+3871         'UID':		'0.9.2342.19200300.100.1.1',
+3872 	// other AttributeType name string
+3873 	// http://blog.livedoor.jp/k_urushima/archives/656114.html
+3874         'SN':		'2.5.4.4', // surname
+3875         'T':		'2.5.4.12', // title
+3876         'DN':		'2.5.4.49', // distinguishedName
+3877         'E':		'1.2.840.113549.1.9.1', // emailAddress in MS.NET or Bouncy
+3878 	// other AttributeType name string (no short name)
+3879 	'description':			'2.5.4.13',
+3880 	'businessCategory':		'2.5.4.15',
+3881 	'postalCode':			'2.5.4.17',
+3882 	'serialNumber':			'2.5.4.5',
+3883 	'uniqueIdentifier':		'2.5.4.45',
+3884 	'organizationIdentifier':	'2.5.4.97',
+3885 	'jurisdictionOfIncorporationL':	'1.3.6.1.4.1.311.60.2.1.1',
+3886 	'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2',
+3887 	'jurisdictionOfIncorporationC':	'1.3.6.1.4.1.311.60.2.1.3'
+3888     };
+3889     this.name2oidList = {
+3890         'sha1':                 '1.3.14.3.2.26',
+3891         'sha256':               '2.16.840.1.101.3.4.2.1',
+3892         'sha384':               '2.16.840.1.101.3.4.2.2',
+3893         'sha512':               '2.16.840.1.101.3.4.2.3',
+3894         'sha224':               '2.16.840.1.101.3.4.2.4',
+3895         'md5':                  '1.2.840.113549.2.5',
+3896         'md2':                  '1.3.14.7.2.2.1',
+3897         'ripemd160':            '1.3.36.3.2.1',
+3898 
+3899         'MD2withRSA':           '1.2.840.113549.1.1.2',
+3900         'MD4withRSA':           '1.2.840.113549.1.1.3',
+3901         'MD5withRSA':           '1.2.840.113549.1.1.4',
+3902         'SHA1withRSA':          '1.2.840.113549.1.1.5',
+3903 	'pkcs1-MGF':		'1.2.840.113549.1.1.8',
+3904 	'rsaPSS':		'1.2.840.113549.1.1.10',
+3905         'SHA224withRSA':        '1.2.840.113549.1.1.14',
+3906         'SHA256withRSA':        '1.2.840.113549.1.1.11',
+3907         'SHA384withRSA':        '1.2.840.113549.1.1.12',
+3908         'SHA512withRSA':        '1.2.840.113549.1.1.13',
+3909 
+3910         'SHA1withECDSA':        '1.2.840.10045.4.1',
+3911         'SHA224withECDSA':      '1.2.840.10045.4.3.1',
+3912         'SHA256withECDSA':      '1.2.840.10045.4.3.2',
+3913         'SHA384withECDSA':      '1.2.840.10045.4.3.3',
+3914         'SHA512withECDSA':      '1.2.840.10045.4.3.4',
 3915 
-3916         'rsaEncryption':        '1.2.840.113549.1.1.1',
-3917 
-3918 	// X.500 AttributeType defined in RFC 4514
-3919         'commonName':			'2.5.4.3',
-3920         'countryName':			'2.5.4.6',
-3921         'localityName':			'2.5.4.7',
-3922         'stateOrProvinceName':		'2.5.4.8',
-3923         'streetAddress':		'2.5.4.9',
-3924         'organizationName':		'2.5.4.10',
-3925         'organizationalUnitName':	'2.5.4.11',
-3926         'domainComponent':		'0.9.2342.19200300.100.1.25',
-3927         'userId':			'0.9.2342.19200300.100.1.1',
-3928 	// other AttributeType name string
-3929 	'surname':			'2.5.4.4',
-3930         'title':			'2.5.4.12',
-3931 	'distinguishedName':		'2.5.4.49',
-3932 	'emailAddress':			'1.2.840.113549.1.9.1',
-3933 	// other AttributeType name string (no short name)
-3934 	'description':			'2.5.4.13',
-3935 	'businessCategory':		'2.5.4.15',
-3936 	'postalCode':			'2.5.4.17',
-3937 	'uniqueIdentifier':		'2.5.4.45',
-3938 	'organizationIdentifier':	'2.5.4.97',
-3939 	'jurisdictionOfIncorporationL':	'1.3.6.1.4.1.311.60.2.1.1',
-3940 	'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2',
-3941 	'jurisdictionOfIncorporationC':	'1.3.6.1.4.1.311.60.2.1.3',
-3942 
-3943         'subjectKeyIdentifier': '2.5.29.14',
-3944         'keyUsage':             '2.5.29.15',
-3945         'subjectAltName':       '2.5.29.17',
-3946         'issuerAltName':        '2.5.29.18',
-3947         'basicConstraints':     '2.5.29.19',
-3948         'cRLNumber':     	'2.5.29.20',
-3949         'cRLReason':     	'2.5.29.21',
-3950         'nameConstraints':      '2.5.29.30',
-3951         'cRLDistributionPoints':'2.5.29.31',
-3952         'certificatePolicies':  '2.5.29.32',
-3953         'anyPolicy':  		'2.5.29.32.0',
-3954         'authorityKeyIdentifier':'2.5.29.35',
-3955         'policyConstraints':    '2.5.29.36',
-3956         'extKeyUsage':          '2.5.29.37',
-3957         'authorityInfoAccess':  '1.3.6.1.5.5.7.1.1',
-3958         'ocsp':                 '1.3.6.1.5.5.7.48.1',
-3959         'ocspBasic':            '1.3.6.1.5.5.7.48.1.1',
-3960         'ocspNonce':            '1.3.6.1.5.5.7.48.1.2',
-3961         'ocspNoCheck':          '1.3.6.1.5.5.7.48.1.5',
-3962         'caIssuers':            '1.3.6.1.5.5.7.48.2',
-3963 
-3964         'anyExtendedKeyUsage':  '2.5.29.37.0',
-3965         'serverAuth':           '1.3.6.1.5.5.7.3.1',
-3966         'clientAuth':           '1.3.6.1.5.5.7.3.2',
-3967         'codeSigning':          '1.3.6.1.5.5.7.3.3',
-3968         'emailProtection':      '1.3.6.1.5.5.7.3.4',
-3969         'timeStamping':         '1.3.6.1.5.5.7.3.8',
-3970         'ocspSigning':          '1.3.6.1.5.5.7.3.9',
-3971 
-3972         'ecPublicKey':          '1.2.840.10045.2.1',
-3973         'P-256':                '1.2.840.10045.3.1.7',
-3974         'secp256r1':            '1.2.840.10045.3.1.7',
-3975         'secp256k1':            '1.3.132.0.10',
-3976         'secp384r1':            '1.3.132.0.34',
-3977 
-3978         'pkcs5PBES2':           '1.2.840.113549.1.5.13',
-3979         'pkcs5PBKDF2':          '1.2.840.113549.1.5.12',
-3980 
-3981         'des-EDE3-CBC':         '1.2.840.113549.3.7',
+3916         'dsa':                  '1.2.840.10040.4.1',
+3917         'SHA1withDSA':          '1.2.840.10040.4.3',
+3918         'SHA224withDSA':        '2.16.840.1.101.3.4.3.1',
+3919         'SHA256withDSA':        '2.16.840.1.101.3.4.3.2',
+3920 
+3921         'rsaEncryption':        '1.2.840.113549.1.1.1',
+3922 
+3923 	// X.500 AttributeType defined in RFC 4514
+3924         'commonName':			'2.5.4.3',
+3925         'countryName':			'2.5.4.6',
+3926         'localityName':			'2.5.4.7',
+3927         'stateOrProvinceName':		'2.5.4.8',
+3928         'streetAddress':		'2.5.4.9',
+3929         'organizationName':		'2.5.4.10',
+3930         'organizationalUnitName':	'2.5.4.11',
+3931         'domainComponent':		'0.9.2342.19200300.100.1.25',
+3932         'userId':			'0.9.2342.19200300.100.1.1',
+3933 	// other AttributeType name string
+3934 	'surname':			'2.5.4.4',
+3935         'title':			'2.5.4.12',
+3936 	'distinguishedName':		'2.5.4.49',
+3937 	'emailAddress':			'1.2.840.113549.1.9.1',
+3938 	// other AttributeType name string (no short name)
+3939 	'description':			'2.5.4.13',
+3940 	'businessCategory':		'2.5.4.15',
+3941 	'postalCode':			'2.5.4.17',
+3942 	'uniqueIdentifier':		'2.5.4.45',
+3943 	'organizationIdentifier':	'2.5.4.97',
+3944 	'jurisdictionOfIncorporationL':	'1.3.6.1.4.1.311.60.2.1.1',
+3945 	'jurisdictionOfIncorporationSP':'1.3.6.1.4.1.311.60.2.1.2',
+3946 	'jurisdictionOfIncorporationC':	'1.3.6.1.4.1.311.60.2.1.3',
+3947 
+3948         'subjectKeyIdentifier': '2.5.29.14',
+3949         'keyUsage':             '2.5.29.15',
+3950         'subjectAltName':       '2.5.29.17',
+3951         'issuerAltName':        '2.5.29.18',
+3952         'basicConstraints':     '2.5.29.19',
+3953         'cRLNumber':     	'2.5.29.20',
+3954         'cRLReason':     	'2.5.29.21',
+3955         'nameConstraints':      '2.5.29.30',
+3956         'cRLDistributionPoints':'2.5.29.31',
+3957         'certificatePolicies':  '2.5.29.32',
+3958         'anyPolicy':  		'2.5.29.32.0',
+3959         'authorityKeyIdentifier':'2.5.29.35',
+3960         'policyConstraints':    '2.5.29.36',
+3961         'extKeyUsage':          '2.5.29.37',
+3962         'authorityInfoAccess':  '1.3.6.1.5.5.7.1.1',
+3963         'ocsp':                 '1.3.6.1.5.5.7.48.1',
+3964         'ocspBasic':            '1.3.6.1.5.5.7.48.1.1',
+3965         'ocspNonce':            '1.3.6.1.5.5.7.48.1.2',
+3966         'ocspNoCheck':          '1.3.6.1.5.5.7.48.1.5',
+3967         'caIssuers':            '1.3.6.1.5.5.7.48.2',
+3968 
+3969         'anyExtendedKeyUsage':  '2.5.29.37.0',
+3970         'serverAuth':           '1.3.6.1.5.5.7.3.1',
+3971         'clientAuth':           '1.3.6.1.5.5.7.3.2',
+3972         'codeSigning':          '1.3.6.1.5.5.7.3.3',
+3973         'emailProtection':      '1.3.6.1.5.5.7.3.4',
+3974         'timeStamping':         '1.3.6.1.5.5.7.3.8',
+3975         'ocspSigning':          '1.3.6.1.5.5.7.3.9',
+3976 
+3977         'ecPublicKey':          '1.2.840.10045.2.1',
+3978         'P-256':                '1.2.840.10045.3.1.7',
+3979         'secp256r1':            '1.2.840.10045.3.1.7',
+3980         'secp256k1':            '1.3.132.0.10',
+3981         'secp384r1':            '1.3.132.0.34',
 3982 
-3983         'data':                 '1.2.840.113549.1.7.1', // CMS data
-3984         'signed-data':          '1.2.840.113549.1.7.2', // CMS signed-data
-3985         'enveloped-data':       '1.2.840.113549.1.7.3', // CMS enveloped-data
-3986         'digested-data':        '1.2.840.113549.1.7.5', // CMS digested-data
-3987         'encrypted-data':       '1.2.840.113549.1.7.6', // CMS encrypted-data
-3988         'authenticated-data':   '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data
-3989         'tstinfo':              '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo
-3990 	'signingCertificate':	'1.2.840.113549.1.9.16.2.12',// SMIME
-3991 	'timeStampToken':	'1.2.840.113549.1.9.16.2.14',// sigTS
-3992 	'signaturePolicyIdentifier':	'1.2.840.113549.1.9.16.2.15',// cades
-3993 	'etsArchiveTimeStamp':	'1.2.840.113549.1.9.16.2.27',// SMIME
-3994 	'signingCertificateV2':	'1.2.840.113549.1.9.16.2.47',// SMIME
-3995 	'etsArchiveTimeStampV2':'1.2.840.113549.1.9.16.2.48',// SMIME
-3996         'extensionRequest':     '1.2.840.113549.1.9.14',// CSR extensionRequest
-3997 	'contentType':		'1.2.840.113549.1.9.3',//PKCS#9
-3998 	'messageDigest':	'1.2.840.113549.1.9.4',//PKCS#9
-3999 	'signingTime':		'1.2.840.113549.1.9.5',//PKCS#9
-4000 	'counterSignature':	'1.2.840.113549.1.9.6',//PKCS#9
-4001 	'archiveTimeStampV3':	'0.4.0.1733.2.4',//ETSI EN29319122/TS101733
-4002 	'pdfRevocationInfoArchival':'1.2.840.113583.1.1.8', //Adobe
-4003 	'adobeTimeStamp':	'1.2.840.113583.1.1.9.1' // Adobe
-4004     };
-4005 
-4006     this.objCache = {};
-4007 
-4008     /**
-4009      * get DERObjectIdentifier by registered OID name
-4010      * @name name2obj
-4011      * @memberOf KJUR.asn1.x509.OID
-4012      * @function
-4013      * @param {String} name OID
-4014      * @description
-4015      * @example
-4016      * var asn1ObjOID = OID.name2obj('SHA1withRSA');
-4017      */
-4018     this.name2obj = function(name) {
-4019         if (typeof this.objCache[name] != "undefined")
-4020             return this.objCache[name];
-4021         if (typeof this.name2oidList[name] == "undefined")
-4022             throw "Name of ObjectIdentifier not defined: " + name;
-4023         var oid = this.name2oidList[name];
-4024         var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
-4025         this.objCache[name] = obj;
-4026         return obj;
-4027     };
-4028 
-4029     /**
-4030      * get DERObjectIdentifier by registered attribute type name such like 'C' or 'CN'<br/>
-4031      * @name atype2obj
-4032      * @memberOf KJUR.asn1.x509.OID
-4033      * @function
-4034      * @param {String} atype short attribute type name such like 'C' or 'CN'
-4035      * @description
-4036      * @example
-4037      * KJUR.asn1.x509.OID.atype2obj('CN') → 2.5.4.3
-4038      * KJUR.asn1.x509.OID.atype2obj('OU') → 2.5.4.11
-4039      */
-4040     this.atype2obj = function(atype) {
-4041         if (typeof this.objCache[atype] != "undefined")
-4042             return this.objCache[atype];
-4043         if (typeof this.atype2oidList[atype] == "undefined")
-4044             throw "AttributeType name undefined: " + atype;
-4045         var oid = this.atype2oidList[atype];
-4046         var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
-4047         this.objCache[atype] = obj;
-4048         return obj;
-4049     };
-4050 };
-4051 
-4052 /**
-4053  * convert OID to name<br/>
-4054  * @name oid2name
-4055  * @memberOf KJUR.asn1.x509.OID
-4056  * @function
-4057  * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4)
-4058  * @return {String} OID name if registered otherwise empty string
-4059  * @since asn1x509 1.0.9
-4060  * @description
-4061  * This static method converts OID string to its name.
-4062  * If OID is undefined then it returns empty string (i.e. '').
-4063  * @example
-4064  * KJUR.asn1.x509.OID.oid2name("1.3.6.1.5.5.7.1.1") → 'authorityInfoAccess'
-4065  */
-4066 KJUR.asn1.x509.OID.oid2name = function(oid) {
-4067     var list = KJUR.asn1.x509.OID.name2oidList;
-4068     for (var name in list) {
-4069         if (list[name] == oid) return name;
-4070     }
-4071     return '';
-4072 };
-4073 
-4074 /**
-4075  * convert OID to AttributeType name<br/>
-4076  * @name oid2atype
-4077  * @memberOf KJUR.asn1.x509.OID
-4078  * @function
-4079  * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4)
-4080  * @return {String} OID AttributeType name if registered otherwise oid
-4081  * @since jsrsasign 6.2.2 asn1x509 1.0.18
-4082  * @description
-4083  * This static method converts OID string to its AttributeType name.
-4084  * If OID is not defined in OID.atype2oidList associative array then it returns OID
-4085  * specified as argument.
-4086  * @example
-4087  * KJUR.asn1.x509.OID.oid2atype("2.5.4.3") → CN
-4088  * KJUR.asn1.x509.OID.oid2atype("1.3.6.1.4.1.311.60.2.1.3") → jurisdictionOfIncorporationC
-4089  * KJUR.asn1.x509.OID.oid2atype("0.1.2.3.4") → 0.1.2.3.4 // unregistered OID
-4090  */
-4091 KJUR.asn1.x509.OID.oid2atype = function(oid) {
-4092     var list = KJUR.asn1.x509.OID.atype2oidList;
-4093     for (var atype in list) {
-4094         if (list[atype] == oid) return atype;
-4095     }
-4096     return oid;
-4097 };
-4098 
-4099 /**
-4100  * convert OID name to OID value<br/>
-4101  * @name name2oid
-4102  * @memberOf KJUR.asn1.x509.OID
-4103  * @function
-4104  * @param {String} name OID name or OID (ex. "sha1" or "1.2.3.4")
-4105  * @return {String} dot noted Object Identifer string (ex. 1.2.3.4)
-4106  * @since asn1x509 1.0.11
-4107  * @description
-4108  * This static method converts from OID name to OID string.
-4109  * If OID is undefined then it returns empty string (i.e. '').
-4110  * @example
-4111  * KJUR.asn1.x509.OID.name2oid("authorityInfoAccess") → "1.3.6.1.5.5.7.1.1"
-4112  * KJUR.asn1.x509.OID.name2oid("1.2.3.4") → "1.2.3.4"
-4113  * KJUR.asn1.x509.OID.name2oid("UNKNOWN NAME") → ""
-4114  */
-4115 KJUR.asn1.x509.OID.name2oid = function(name) {
-4116     if (name.match(/^[0-9.]+$/)) return name;
-4117     var list = KJUR.asn1.x509.OID.name2oidList;
-4118     if (list[name] === undefined) return '';
-4119     return list[name];
-4120 };
-4121 
-4122 /**
-4123  * X.509 certificate and CRL utilities class<br/>
-4124  * @name KJUR.asn1.x509.X509Util
-4125  * @class X.509 certificate and CRL utilities class
-4126  */
-4127 KJUR.asn1.x509.X509Util = {};
-4128 
-4129 /**
-4130  * issue a certificate in PEM format (DEPRECATED)
-4131  * @name newCertPEM
-4132  * @memberOf KJUR.asn1.x509.X509Util
-4133  * @function
-4134  * @param {Array} param JSON object of parameter to issue a certificate
-4135  * @since asn1x509 1.0.6
-4136  * @deprecated since jsrsasign 9.0.0 asn1x509 2.0.0. please move to {@link KJUR.asn1.x509.Certificate} constructor
-4137  * @description
-4138  * This method can issue a certificate by a simple
-4139  * JSON object.
-4140  * Signature value will be provided by signing with
-4141  * private key using 'cakey' parameter or
-4142  * hexadecimal signature value by 'sighex' parameter.
-4143  * <br/>
-4144  * NOTE: Algorithm parameter of AlgorithmIdentifier will
-4145  * be set automatically by default. 
-4146  * (see {@link KJUR.asn1.x509.AlgorithmIdentifier})
-4147  * from jsrsasign 7.1.1 asn1x509 1.0.20.
+3983         'pkcs5PBES2':           '1.2.840.113549.1.5.13',
+3984         'pkcs5PBKDF2':          '1.2.840.113549.1.5.12',
+3985 
+3986         'des-EDE3-CBC':         '1.2.840.113549.3.7',
+3987 
+3988         'data':                 '1.2.840.113549.1.7.1', // CMS data
+3989         'signed-data':          '1.2.840.113549.1.7.2', // CMS signed-data
+3990         'enveloped-data':       '1.2.840.113549.1.7.3', // CMS enveloped-data
+3991         'digested-data':        '1.2.840.113549.1.7.5', // CMS digested-data
+3992         'encrypted-data':       '1.2.840.113549.1.7.6', // CMS encrypted-data
+3993         'authenticated-data':   '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data
+3994         'tstinfo':              '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo
+3995 	'signingCertificate':	'1.2.840.113549.1.9.16.2.12',// SMIME
+3996 	'timeStampToken':	'1.2.840.113549.1.9.16.2.14',// sigTS
+3997 	'signaturePolicyIdentifier':	'1.2.840.113549.1.9.16.2.15',// cades
+3998 	'etsArchiveTimeStamp':	'1.2.840.113549.1.9.16.2.27',// SMIME
+3999 	'signingCertificateV2':	'1.2.840.113549.1.9.16.2.47',// SMIME
+4000 	'etsArchiveTimeStampV2':'1.2.840.113549.1.9.16.2.48',// SMIME
+4001         'extensionRequest':     '1.2.840.113549.1.9.14',// CSR extensionRequest
+4002 	'contentType':		'1.2.840.113549.1.9.3',//PKCS#9
+4003 	'messageDigest':	'1.2.840.113549.1.9.4',//PKCS#9
+4004 	'signingTime':		'1.2.840.113549.1.9.5',//PKCS#9
+4005 	'counterSignature':	'1.2.840.113549.1.9.6',//PKCS#9
+4006 	'archiveTimeStampV3':	'0.4.0.1733.2.4',//ETSI EN29319122/TS101733
+4007 	'pdfRevocationInfoArchival':'1.2.840.113583.1.1.8', //Adobe
+4008 	'adobeTimeStamp':	'1.2.840.113583.1.1.9.1' // Adobe
+4009     };
+4010 
+4011     this.objCache = {};
+4012 
+4013     /**
+4014      * get DERObjectIdentifier by registered OID name
+4015      * @name name2obj
+4016      * @memberOf KJUR.asn1.x509.OID
+4017      * @function
+4018      * @param {String} name OID
+4019      * @description
+4020      * @example
+4021      * var asn1ObjOID = OID.name2obj('SHA1withRSA');
+4022      */
+4023     this.name2obj = function(name) {
+4024         if (typeof this.objCache[name] != "undefined")
+4025             return this.objCache[name];
+4026         if (typeof this.name2oidList[name] == "undefined")
+4027             throw "Name of ObjectIdentifier not defined: " + name;
+4028         var oid = this.name2oidList[name];
+4029         var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
+4030         this.objCache[name] = obj;
+4031         return obj;
+4032     };
+4033 
+4034     /**
+4035      * get DERObjectIdentifier by registered attribute type name such like 'C' or 'CN'<br/>
+4036      * @name atype2obj
+4037      * @memberOf KJUR.asn1.x509.OID
+4038      * @function
+4039      * @param {String} atype short attribute type name such like 'C' or 'CN'
+4040      * @description
+4041      * @example
+4042      * KJUR.asn1.x509.OID.atype2obj('CN') → 2.5.4.3
+4043      * KJUR.asn1.x509.OID.atype2obj('OU') → 2.5.4.11
+4044      */
+4045     this.atype2obj = function(atype) {
+4046         if (typeof this.objCache[atype] != "undefined")
+4047             return this.objCache[atype];
+4048         if (typeof this.atype2oidList[atype] == "undefined")
+4049             throw "AttributeType name undefined: " + atype;
+4050         var oid = this.atype2oidList[atype];
+4051         var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
+4052         this.objCache[atype] = obj;
+4053         return obj;
+4054     };
+4055 };
+4056 
+4057 /**
+4058  * convert OID to name<br/>
+4059  * @name oid2name
+4060  * @memberOf KJUR.asn1.x509.OID
+4061  * @function
+4062  * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4)
+4063  * @return {String} OID name if registered otherwise empty string
+4064  * @since asn1x509 1.0.9
+4065  * @description
+4066  * This static method converts OID string to its name.
+4067  * If OID is undefined then it returns empty string (i.e. '').
+4068  * @example
+4069  * KJUR.asn1.x509.OID.oid2name("1.3.6.1.5.5.7.1.1") → 'authorityInfoAccess'
+4070  */
+4071 KJUR.asn1.x509.OID.oid2name = function(oid) {
+4072     var list = KJUR.asn1.x509.OID.name2oidList;
+4073     for (var name in list) {
+4074         if (list[name] == oid) return name;
+4075     }
+4076     return '';
+4077 };
+4078 
+4079 /**
+4080  * convert OID to AttributeType name<br/>
+4081  * @name oid2atype
+4082  * @memberOf KJUR.asn1.x509.OID
+4083  * @function
+4084  * @param {String} oid dot noted Object Identifer string (ex. 1.2.3.4)
+4085  * @return {String} OID AttributeType name if registered otherwise oid
+4086  * @since jsrsasign 6.2.2 asn1x509 1.0.18
+4087  * @description
+4088  * This static method converts OID string to its AttributeType name.
+4089  * If OID is not defined in OID.atype2oidList associative array then it returns OID
+4090  * specified as argument.
+4091  * @example
+4092  * KJUR.asn1.x509.OID.oid2atype("2.5.4.3") → CN
+4093  * KJUR.asn1.x509.OID.oid2atype("1.3.6.1.4.1.311.60.2.1.3") → jurisdictionOfIncorporationC
+4094  * KJUR.asn1.x509.OID.oid2atype("0.1.2.3.4") → 0.1.2.3.4 // unregistered OID
+4095  */
+4096 KJUR.asn1.x509.OID.oid2atype = function(oid) {
+4097     var list = KJUR.asn1.x509.OID.atype2oidList;
+4098     for (var atype in list) {
+4099         if (list[atype] == oid) return atype;
+4100     }
+4101     return oid;
+4102 };
+4103 
+4104 /**
+4105  * convert OID name to OID value<br/>
+4106  * @name name2oid
+4107  * @memberOf KJUR.asn1.x509.OID
+4108  * @function
+4109  * @param {String} name OID name or OID (ex. "sha1" or "1.2.3.4")
+4110  * @return {String} dot noted Object Identifer string (ex. 1.2.3.4)
+4111  * @since asn1x509 1.0.11
+4112  * @description
+4113  * This static method converts from OID name to OID string.
+4114  * If OID is undefined then it returns empty string (i.e. '').
+4115  * @example
+4116  * KJUR.asn1.x509.OID.name2oid("authorityInfoAccess") → "1.3.6.1.5.5.7.1.1"
+4117  * KJUR.asn1.x509.OID.name2oid("1.2.3.4") → "1.2.3.4"
+4118  * KJUR.asn1.x509.OID.name2oid("UNKNOWN NAME") → ""
+4119  */
+4120 KJUR.asn1.x509.OID.name2oid = function(name) {
+4121     if (name.match(/^[0-9.]+$/)) return name;
+4122     var list = KJUR.asn1.x509.OID.name2oidList;
+4123     if (list[name] === undefined) return '';
+4124     return list[name];
+4125 };
+4126 
+4127 /**
+4128  * X.509 certificate and CRL utilities class<br/>
+4129  * @name KJUR.asn1.x509.X509Util
+4130  * @class X.509 certificate and CRL utilities class
+4131  */
+4132 KJUR.asn1.x509.X509Util = {};
+4133 
+4134 /**
+4135  * issue a certificate in PEM format (DEPRECATED)
+4136  * @name newCertPEM
+4137  * @memberOf KJUR.asn1.x509.X509Util
+4138  * @function
+4139  * @param {Array} param JSON object of parameter to issue a certificate
+4140  * @since asn1x509 1.0.6
+4141  * @deprecated since jsrsasign 9.0.0 asn1x509 2.0.0. please move to {@link KJUR.asn1.x509.Certificate} constructor
+4142  * @description
+4143  * This method can issue a certificate by a simple
+4144  * JSON object.
+4145  * Signature value will be provided by signing with
+4146  * private key using 'cakey' parameter or
+4147  * hexadecimal signature value by 'sighex' parameter.
 4148  * <br/>
-4149  * NOTE2: 
-4150  * RSA-PSS algorithm has been supported from jsrsasign 8.0.21.
-4151  * As for RSA-PSS signature algorithm names and signing parameters 
-4152  * such as MGF function and salt length, please see
-4153  * {@link KJUR.asn1.x509.AlgorithmIdentifier} class.
-4154  *
-4155  * @example
-4156  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
-4157  *   serial: {int: 4},
-4158  *   sigalg: {name: 'SHA1withECDSA'},
-4159  *   issuer: {str: '/C=US/O=a'},
-4160  *   notbefore: {'str': '130504235959Z'},
-4161  *   notafter: {'str': '140504235959Z'},
-4162  *   subject: {str: '/C=US/O=b'},
-4163  *   sbjpubkey: pubKeyObj,
-4164  *   ext: [
-4165  *     {basicConstraints: {cA: true, critical: true}},
-4166  *     {keyUsage: {bin: '11'}},
-4167  *   ],
-4168  *   cakey: prvKeyObj
-4169  * });
-4170  * // -- or --
-4171  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
-4172  *   serial: {int: 4},
-4173  *   sigalg: {name: 'SHA1withECDSA'},
-4174  *   issuer: {str: '/C=US/O=a'},
-4175  *   notbefore: {'str': '130504235959Z'},
-4176  *   notafter: {'str': '140504235959Z'},
-4177  *   subject: {str: '/C=US/O=b'},
-4178  *   sbjpubkey: pubKeyPEM,
-4179  *   ext: [
-4180  *     {basicConstraints: {cA: true, critical: true}},
-4181  *     {keyUsage: {bin: '11'}},
-4182  *   ],
-4183  *   cakey: [prvkey, pass]}
-4184  * );
-4185  * // -- or --
-4186  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
-4187  *   serial: {int: 1},
-4188  *   sigalg: {name: 'SHA1withRSA'},
-4189  *   issuer: {str: '/C=US/O=T1'},
-4190  *   notbefore: {'str': '130504235959Z'},
-4191  *   notafter: {'str': '140504235959Z'},
-4192  *   subject: {str: '/C=US/O=T1'},
-4193  *   sbjpubkey: pubKeyObj,
-4194  *   sighex: '0102030405..'
-4195  * });
-4196  * // for the issuer and subject field, another
-4197  * // representation is also available
-4198  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
-4199  *   serial: {int: 1},
-4200  *   sigalg: {name: 'SHA256withRSA'},
-4201  *   issuer: {C: "US", O: "T1"},
-4202  *   notbefore: {'str': '130504235959Z'},
-4203  *   notafter: {'str': '140504235959Z'},
-4204  *   subject: {C: "US", O: "T1", CN: "http://example.com/"},
-4205  *   sbjpubkey: pubKeyObj,
-4206  *   sighex: '0102030405..'
-4207  * });
-4208  */
-4209 KJUR.asn1.x509.X509Util.newCertPEM = function(param) {
-4210     var _KJUR_asn1_x509 = KJUR.asn1.x509,
-4211 	_TBSCertificate = _KJUR_asn1_x509.TBSCertificate,
-4212 	_Certificate = _KJUR_asn1_x509.Certificate;
-4213     var cert = new _Certificate(param);
-4214     return cert.getPEM();
-4215 };
-4216 
-4217 
    
\ No newline at end of file
+4149  * NOTE: Algorithm parameter of AlgorithmIdentifier will
+4150  * be set automatically by default. 
+4151  * (see {@link KJUR.asn1.x509.AlgorithmIdentifier})
+4152  * from jsrsasign 7.1.1 asn1x509 1.0.20.
+4153  * <br/>
+4154  * NOTE2: 
+4155  * RSA-PSS algorithm has been supported from jsrsasign 8.0.21.
+4156  * As for RSA-PSS signature algorithm names and signing parameters 
+4157  * such as MGF function and salt length, please see
+4158  * {@link KJUR.asn1.x509.AlgorithmIdentifier} class.
+4159  *
+4160  * @example
+4161  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
+4162  *   serial: {int: 4},
+4163  *   sigalg: {name: 'SHA1withECDSA'},
+4164  *   issuer: {str: '/C=US/O=a'},
+4165  *   notbefore: {'str': '130504235959Z'},
+4166  *   notafter: {'str': '140504235959Z'},
+4167  *   subject: {str: '/C=US/O=b'},
+4168  *   sbjpubkey: pubKeyObj,
+4169  *   ext: [
+4170  *     {basicConstraints: {cA: true, critical: true}},
+4171  *     {keyUsage: {bin: '11'}},
+4172  *   ],
+4173  *   cakey: prvKeyObj
+4174  * });
+4175  * // -- or --
+4176  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
+4177  *   serial: {int: 4},
+4178  *   sigalg: {name: 'SHA1withECDSA'},
+4179  *   issuer: {str: '/C=US/O=a'},
+4180  *   notbefore: {'str': '130504235959Z'},
+4181  *   notafter: {'str': '140504235959Z'},
+4182  *   subject: {str: '/C=US/O=b'},
+4183  *   sbjpubkey: pubKeyPEM,
+4184  *   ext: [
+4185  *     {basicConstraints: {cA: true, critical: true}},
+4186  *     {keyUsage: {bin: '11'}},
+4187  *   ],
+4188  *   cakey: [prvkey, pass]}
+4189  * );
+4190  * // -- or --
+4191  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
+4192  *   serial: {int: 1},
+4193  *   sigalg: {name: 'SHA1withRSA'},
+4194  *   issuer: {str: '/C=US/O=T1'},
+4195  *   notbefore: {'str': '130504235959Z'},
+4196  *   notafter: {'str': '140504235959Z'},
+4197  *   subject: {str: '/C=US/O=T1'},
+4198  *   sbjpubkey: pubKeyObj,
+4199  *   sighex: '0102030405..'
+4200  * });
+4201  * // for the issuer and subject field, another
+4202  * // representation is also available
+4203  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM({
+4204  *   serial: {int: 1},
+4205  *   sigalg: {name: 'SHA256withRSA'},
+4206  *   issuer: {C: "US", O: "T1"},
+4207  *   notbefore: {'str': '130504235959Z'},
+4208  *   notafter: {'str': '140504235959Z'},
+4209  *   subject: {C: "US", O: "T1", CN: "http://example.com/"},
+4210  *   sbjpubkey: pubKeyObj,
+4211  *   sighex: '0102030405..'
+4212  * });
+4213  */    
+4214 KJUR.asn1.x509.X509Util.newCertPEM = function(param) {
+4215     var _KJUR_asn1_x509 = KJUR.asn1.x509,
+4216 	_TBSCertificate = _KJUR_asn1_x509.TBSCertificate,
+4217 	_Certificate = _KJUR_asn1_x509.Certificate;
+4218     var cert = new _Certificate(param);
+4219     return cert.getPEM();
+4220 };
+4221 
+4222
    \ No newline at end of file diff --git a/api/symbols/src/base64x-1.1.js.html b/api/symbols/src/base64x-1.1.js.html index 237f44fc..15d966d8 100644 --- a/api/symbols/src/base64x-1.1.js.html +++ b/api/symbols/src/base64x-1.1.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
      1 /* base64x-1.1.17 (c) 2012-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
      1 /* base64x-1.1.18 (c) 2012-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * base64x.js - Base64url and supplementary functions for Tom Wu's base64.js library
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name base64x-1.1.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 10.0.5 base64x 1.1.17 (2020-Nov-04)
+ 19  * @version jsrsasign 10.1.0 base64x 1.1.18 (2020-Nov-18)
  20  * @since jsrsasign 2.1
  21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -1005,7 +1005,7 @@
 998 };
 999 
 1000 /**
-1001  * check whether a string is an hexadecimal string or not<br/>
+1001  * check whether a string is an hexadecimal string or not (DEPRECATED)<br/>
 1002  * @name isHex
 1003  * @memberOf KJUR.lang.String
 1004  * @function
@@ -1013,249 +1013,403 @@
 1006  * @param {String} s input string
 1007  * @return {Boolean} true if a string "s" is an hexadecimal string otherwise false
 1008  * @since base64x 1.1.7 jsrsasign 5.0.13
-1009  * @example
-1010  * KJUR.lang.String.isHex("1234") → true
-1011  * KJUR.lang.String.isHex("12ab") → true
-1012  * KJUR.lang.String.isHex("12AB") → true
-1013  * KJUR.lang.String.isHex("12ZY") → false
-1014  * KJUR.lang.String.isHex("121") → false -- odd length
-1015  */
-1016 KJUR.lang.String.isHex = function(s) {
-1017     if (s.length % 2 == 0 &&
-1018 	(s.match(/^[0-9a-f]+$/) || s.match(/^[0-9A-F]+$/))) {
-1019 	return true;
-1020     } else {
-1021 	return false;
-1022     }
-1023 };
-1024 
-1025 /**
-1026  * check whether a string is a base64 encoded string or not<br/>
-1027  * Input string can conclude new lines or space characters.
-1028  * @name isBase64
-1029  * @memberOf KJUR.lang.String
-1030  * @function
-1031  * @static
-1032  * @param {String} s input string
-1033  * @return {Boolean} true if a string "s" is a base64 encoded string otherwise false
-1034  * @since base64x 1.1.7 jsrsasign 5.0.13
-1035  * @example
-1036  * KJUR.lang.String.isBase64("YWE=") → true
-1037  * KJUR.lang.String.isBase64("YW_=") → false
-1038  * KJUR.lang.String.isBase64("YWE") → false -- length shall be multiples of 4
-1039  */
-1040 KJUR.lang.String.isBase64 = function(s) {
-1041     s = s.replace(/\s+/g, "");
-1042     if (s.match(/^[0-9A-Za-z+\/]+={0,3}$/) && s.length % 4 == 0) {
-1043 	return true;
-1044     } else {
-1045 	return false;
-1046     }
-1047 };
-1048 
-1049 /**
-1050  * check whether a string is a base64url encoded string or not<br/>
-1051  * Input string can conclude new lines or space characters.
-1052  * @name isBase64URL
-1053  * @memberOf KJUR.lang.String
-1054  * @function
-1055  * @static
-1056  * @param {String} s input string
-1057  * @return {Boolean} true if a string "s" is a base64url encoded string otherwise false
-1058  * @since base64x 1.1.7 jsrsasign 5.0.13
-1059  * @example
-1060  * KJUR.lang.String.isBase64URL("YWE") → true
-1061  * KJUR.lang.String.isBase64URL("YW-") → true
-1062  * KJUR.lang.String.isBase64URL("YW+") → false
-1063  */
-1064 KJUR.lang.String.isBase64URL = function(s) {
-1065     if (s.match(/[+/=]/)) return false;
-1066     s = b64utob64(s);
-1067     return KJUR.lang.String.isBase64(s);
+1009  * @deprecated from 10.0.6. please use {@link ishex}
+1010  * @see ishex
+1011  * @example
+1012  * KJUR.lang.String.isHex("1234") → true
+1013  * KJUR.lang.String.isHex("12ab") → true
+1014  * KJUR.lang.String.isHex("12AB") → true
+1015  * KJUR.lang.String.isHex("12ZY") → false
+1016  * KJUR.lang.String.isHex("121") → false -- odd length
+1017  */
+1018 KJUR.lang.String.isHex = function(s) {
+1019     return ishex(s);
+1020 };
+1021 
+1022 /**
+1023  * check whether a string is an hexadecimal string or not<br/>
+1024  * @name ishex
+1025  * @function
+1026  * @static
+1027  * @param {String} s input string
+1028  * @return {Boolean} true if a string "s" is an hexadecimal string otherwise false
+1029  * @since base64x 1.1.7 jsrsasign 5.0.13
+1030  * @example
+1031  * ishex("1234") → true
+1032  * ishex("12ab") → true
+1033  * ishex("12AB") → true
+1034  * ishex("12ZY") → false
+1035  * ishex("121") → false -- odd length
+1036  */
+1037 function ishex(s) {
+1038     if (s.length % 2 == 0 &&
+1039 	(s.match(/^[0-9a-f]+$/) || s.match(/^[0-9A-F]+$/))) {
+1040 	return true;
+1041     } else {
+1042 	return false;
+1043     }
+1044 };
+1045 
+1046 /**
+1047  * check whether a string is a base64 encoded string or not<br/>
+1048  * Input string can conclude new lines or space characters.
+1049  * @name isBase64
+1050  * @memberOf KJUR.lang.String
+1051  * @function
+1052  * @static
+1053  * @param {String} s input string
+1054  * @return {Boolean} true if a string "s" is a base64 encoded string otherwise false
+1055  * @since base64x 1.1.7 jsrsasign 5.0.13
+1056  * @example
+1057  * KJUR.lang.String.isBase64("YWE=") → true
+1058  * KJUR.lang.String.isBase64("YW_=") → false
+1059  * KJUR.lang.String.isBase64("YWE") → false -- length shall be multiples of 4
+1060  */
+1061 KJUR.lang.String.isBase64 = function(s) {
+1062     s = s.replace(/\s+/g, "");
+1063     if (s.match(/^[0-9A-Za-z+\/]+={0,3}$/) && s.length % 4 == 0) {
+1064 	return true;
+1065     } else {
+1066 	return false;
+1067     }
 1068 };
 1069 
 1070 /**
-1071  * check whether a string is a string of integer array or not<br/>
+1071  * check whether a string is a base64url encoded string or not<br/>
 1072  * Input string can conclude new lines or space characters.
-1073  * @name isIntegerArray
+1073  * @name isBase64URL
 1074  * @memberOf KJUR.lang.String
 1075  * @function
 1076  * @static
 1077  * @param {String} s input string
-1078  * @return {Boolean} true if a string "s" is a string of integer array otherwise false
+1078  * @return {Boolean} true if a string "s" is a base64url encoded string otherwise false
 1079  * @since base64x 1.1.7 jsrsasign 5.0.13
 1080  * @example
-1081  * KJUR.lang.String.isIntegerArray("[1,2,3]") → true
-1082  * KJUR.lang.String.isIntegerArray("  [1, 2, 3  ] ") → true
-1083  * KJUR.lang.String.isIntegerArray("[a,2]") → false
+1081  * KJUR.lang.String.isBase64URL("YWE") → true
+1082  * KJUR.lang.String.isBase64URL("YW-") → true
+1083  * KJUR.lang.String.isBase64URL("YW+") → false
 1084  */
-1085 KJUR.lang.String.isIntegerArray = function(s) {
-1086     s = s.replace(/\s+/g, "");
-1087     if (s.match(/^\[[0-9,]+\]$/)) {
-1088 	return true;
-1089     } else {
-1090 	return false;
-1091     }
-1092 };
-1093 
-1094 /**
-1095  * check whether a string consists of PrintableString characters<br/>
-1096  * @name isPrintable
-1097  * @memberOf KJUR.lang.String
-1098  * @function
-1099  * @static
-1100  * @param {String} s input string
-1101  * @return {Boolean} true if a string "s" consists of PrintableString characters
-1102  * @since jsrsasign 9.0.0 base64x 1.1.16
-1103  * A PrintableString consists of following characters
-1104  * <pre>
-1105  * 0-9A-Za-z '()+,-./:=?
-1106  * </pre>
-1107  * This method returns false when other characters than above.
-1108  * Otherwise it returns true.
-1109  * @example
-1110  * KJUR.lang.String.isPrintable("abc") → true
-1111  * KJUR.lang.String.isPrintable("abc@") → false
-1112  * KJUR.lang.String.isPrintable("あいう") → false
-1113  */
-1114 KJUR.lang.String.isPrintable = function(s) {
-1115     if (s.match(/^[0-9A-Za-z '()+,-./:=?]*$/) !== null) return true;
-1116     return false;
-1117 };
-1118 
-1119 /**
-1120  * check whether a string consists of IAString characters<br/>
-1121  * @name isIA5
-1122  * @memberOf KJUR.lang.String
-1123  * @function
-1124  * @static
-1125  * @param {String} s input string
-1126  * @return {Boolean} true if a string "s" consists of IA5String characters
-1127  * @since jsrsasign 9.0.0 base64x 1.1.16
-1128  * A IA5String consists of following characters
-1129  * <pre>
-1130  * %x00-21/%x23-7F (i.e. ASCII characters excludes double quote(%x22)
-1131  * </pre>
-1132  * This method returns false when other characters than above.
-1133  * Otherwise it returns true.
-1134  * @example
-1135  * KJUR.lang.String.isIA5("abc") → true
-1136  * KJUR.lang.String.isIA5('"abc"') → false
-1137  * KJUR.lang.String.isIA5("あいう") → false
-1138  */
-1139 KJUR.lang.String.isIA5 = function(s) {
-1140     if (s.match(/^[\x20-\x21\x23-\x7f]*$/) !== null) return true;
-1141     return false;
-1142 };
-1143 
-1144 /**
-1145  * check whether a string is RFC 822 mail address<br/>
-1146  * @name isMail
-1147  * @memberOf KJUR.lang.String
-1148  * @function
-1149  * @static
-1150  * @param {String} s input string
-1151  * @return {Boolean} true if a string "s" RFC 822 mail address
-1152  * @since jsrsasign 9.0.0 base64x 1.1.16
-1153  * This static method will check string s is RFC 822 compliant mail address.
-1154  * @example
-1155  * KJUR.lang.String.isMail("abc") → false
-1156  * KJUR.lang.String.isMail("abc@example") → false
-1157  * KJUR.lang.String.isMail("abc@example.com") → true
-1158  */
-1159 KJUR.lang.String.isMail = function(s) {
-1160     if (s.match(/^[A-Za-z0-9]{1}[A-Za-z0-9_.-]*@{1}[A-Za-z0-9_.-]{1,}\.[A-Za-z0-9]{1,}$/) !== null) return true;
-1161     return false;
-1162 };
-1163 
-1164 // ==== others ================================
-1165 
-1166 /**
-1167  * canonicalize hexadecimal string of positive integer<br/>
-1168  * @name hextoposhex
+1085 KJUR.lang.String.isBase64URL = function(s) {
+1086     if (s.match(/[+/=]/)) return false;
+1087     s = b64utob64(s);
+1088     return KJUR.lang.String.isBase64(s);
+1089 };
+1090 
+1091 /**
+1092  * check whether a string is a string of integer array or not<br/>
+1093  * Input string can conclude new lines or space characters.
+1094  * @name isIntegerArray
+1095  * @memberOf KJUR.lang.String
+1096  * @function
+1097  * @static
+1098  * @param {String} s input string
+1099  * @return {Boolean} true if a string "s" is a string of integer array otherwise false
+1100  * @since base64x 1.1.7 jsrsasign 5.0.13
+1101  * @example
+1102  * KJUR.lang.String.isIntegerArray("[1,2,3]") → true
+1103  * KJUR.lang.String.isIntegerArray("  [1, 2, 3  ] ") → true
+1104  * KJUR.lang.String.isIntegerArray("[a,2]") → false
+1105  */
+1106 KJUR.lang.String.isIntegerArray = function(s) {
+1107     s = s.replace(/\s+/g, "");
+1108     if (s.match(/^\[[0-9,]+\]$/)) {
+1109 	return true;
+1110     } else {
+1111 	return false;
+1112     }
+1113 };
+1114 
+1115 /**
+1116  * check whether a string consists of PrintableString characters<br/>
+1117  * @name isPrintable
+1118  * @memberOf KJUR.lang.String
+1119  * @function
+1120  * @static
+1121  * @param {String} s input string
+1122  * @return {Boolean} true if a string "s" consists of PrintableString characters
+1123  * @since jsrsasign 9.0.0 base64x 1.1.16
+1124  * A PrintableString consists of following characters
+1125  * <pre>
+1126  * 0-9A-Za-z '()+,-./:=?
+1127  * </pre>
+1128  * This method returns false when other characters than above.
+1129  * Otherwise it returns true.
+1130  * @example
+1131  * KJUR.lang.String.isPrintable("abc") → true
+1132  * KJUR.lang.String.isPrintable("abc@") → false
+1133  * KJUR.lang.String.isPrintable("あいう") → false
+1134  */
+1135 KJUR.lang.String.isPrintable = function(s) {
+1136     if (s.match(/^[0-9A-Za-z '()+,-./:=?]*$/) !== null) return true;
+1137     return false;
+1138 };
+1139 
+1140 /**
+1141  * check whether a string consists of IAString characters<br/>
+1142  * @name isIA5
+1143  * @memberOf KJUR.lang.String
+1144  * @function
+1145  * @static
+1146  * @param {String} s input string
+1147  * @return {Boolean} true if a string "s" consists of IA5String characters
+1148  * @since jsrsasign 9.0.0 base64x 1.1.16
+1149  * A IA5String consists of following characters
+1150  * <pre>
+1151  * %x00-21/%x23-7F (i.e. ASCII characters excludes double quote(%x22)
+1152  * </pre>
+1153  * This method returns false when other characters than above.
+1154  * Otherwise it returns true.
+1155  * @example
+1156  * KJUR.lang.String.isIA5("abc") → true
+1157  * KJUR.lang.String.isIA5('"abc"') → false
+1158  * KJUR.lang.String.isIA5("あいう") → false
+1159  */
+1160 KJUR.lang.String.isIA5 = function(s) {
+1161     if (s.match(/^[\x20-\x21\x23-\x7f]*$/) !== null) return true;
+1162     return false;
+1163 };
+1164 
+1165 /**
+1166  * check whether a string is RFC 822 mail address<br/>
+1167  * @name isMail
+1168  * @memberOf KJUR.lang.String
 1169  * @function
-1170  * @param {String} s hexadecimal string 
-1171  * @return {String} canonicalized hexadecimal string of positive integer
-1172  * @since base64x 1.1.10 jsrsasign 7.1.4
-1173  * @description
-1174  * This method canonicalize a hexadecimal string of positive integer
-1175  * for two's complement representation.
-1176  * Canonicalized hexadecimal string of positive integer will be:
-1177  * <ul>
-1178  * <li>Its length is always even.</li>
-1179  * <li>If odd length it will be padded with leading zero.<li>
-1180  * <li>If it is even length and its first character is "8" or greater,
-1181  * it will be padded with "00" to make it positive integer.</li>
-1182  * </ul>
-1183  * @example
-1184  * hextoposhex("abcd") → "00abcd"
-1185  * hextoposhex("1234") → "1234"
-1186  * hextoposhex("12345") → "012345"
-1187  */
-1188 function hextoposhex(s) {
-1189     if (s.length % 2 == 1) return "0" + s;
-1190     if (s.substr(0, 1) > "7") return "00" + s;
-1191     return s;
-1192 }
-1193 
-1194 /**
-1195  * convert string of integer array to hexadecimal string.<br/>
-1196  * @name intarystrtohex
-1197  * @function
-1198  * @param {String} s string of integer array
-1199  * @return {String} hexadecimal string
-1200  * @since base64x 1.1.6 jsrsasign 5.0.2
-1201  * @throws "malformed integer array string: *" for wrong input
-1202  * @description
-1203  * This function converts a string of JavaScript integer array to
-1204  * a hexadecimal string. Each integer value shall be in a range 
-1205  * from 0 to 255 otherwise it raise exception. Input string can
-1206  * have extra space or newline string so that they will be ignored.
-1207  * 
-1208  * @example
-1209  * intarystrtohex(" [123, 34, 101, 34, 58] ")
-1210  * → 7b2265223a (i.e. '{"e":' as string)
-1211  */
-1212 function intarystrtohex(s) {
-1213   s = s.replace(/^\s*\[\s*/, '');
-1214   s = s.replace(/\s*\]\s*$/, '');
-1215   s = s.replace(/\s*/g, '');
-1216   try {
-1217     var hex = s.split(/,/).map(function(element, index, array) {
-1218       var i = parseInt(element);
-1219       if (i < 0 || 255 < i) throw "integer not in range 0-255";
-1220       var hI = ("00" + i.toString(16)).slice(-2);
-1221       return hI;
-1222     }).join('');
-1223     return hex;
-1224   } catch(ex) {
-1225     throw "malformed integer array string: " + ex;
-1226   }
-1227 }
-1228 
-1229 /**
-1230  * find index of string where two string differs
-1231  * @name strdiffidx
-1232  * @function
-1233  * @param {String} s1 string to compare
-1234  * @param {String} s2 string to compare
-1235  * @return {Number} string index of where character differs. Return -1 if same.
-1236  * @since jsrsasign 4.9.0 base64x 1.1.5
-1237  * @example
-1238  * strdiffidx("abcdefg", "abcd4fg") -> 4
-1239  * strdiffidx("abcdefg", "abcdefg") -> -1
-1240  * strdiffidx("abcdefg", "abcdef") -> 6
-1241  * strdiffidx("abcdefgh", "abcdef") -> 6
-1242  */
-1243 var strdiffidx = function(s1, s2) {
-1244     var n = s1.length;
-1245     if (s1.length > s2.length) n = s2.length;
-1246     for (var i = 0; i < n; i++) {
-1247 	if (s1.charCodeAt(i) != s2.charCodeAt(i)) return i;
-1248     }
-1249     if (s1.length != s2.length) return n;
-1250     return -1; // same
-1251 };
-1252 
-1253 
-1254 
    
\ No newline at end of file
+1170  * @static
+1171  * @param {String} s input string
+1172  * @return {Boolean} true if a string "s" RFC 822 mail address
+1173  * @since jsrsasign 9.0.0 base64x 1.1.16
+1174  * This static method will check string s is RFC 822 compliant mail address.
+1175  * @example
+1176  * KJUR.lang.String.isMail("abc") → false
+1177  * KJUR.lang.String.isMail("abc@example") → false
+1178  * KJUR.lang.String.isMail("abc@example.com") → true
+1179  */    
+1180 KJUR.lang.String.isMail = function(s) {
+1181     if (s.match(/^[A-Za-z0-9]{1}[A-Za-z0-9_.-]*@{1}[A-Za-z0-9_.-]{1,}\.[A-Za-z0-9]{1,}$/) !== null) return true;
+1182     return false;
+1183 };
+1184 
+1185 // ==== others ================================
+1186 
+1187 /**
+1188  * canonicalize hexadecimal string of positive integer<br/>
+1189  * @name hextoposhex
+1190  * @function
+1191  * @param {String} s hexadecimal string 
+1192  * @return {String} canonicalized hexadecimal string of positive integer
+1193  * @since base64x 1.1.10 jsrsasign 7.1.4
+1194  * @description
+1195  * This method canonicalize a hexadecimal string of positive integer
+1196  * for two's complement representation.
+1197  * Canonicalized hexadecimal string of positive integer will be:
+1198  * <ul>
+1199  * <li>Its length is always even.</li>
+1200  * <li>If odd length it will be padded with leading zero.<li>
+1201  * <li>If it is even length and its first character is "8" or greater,
+1202  * it will be padded with "00" to make it positive integer.</li>
+1203  * </ul>
+1204  * @example
+1205  * hextoposhex("abcd") → "00abcd"
+1206  * hextoposhex("1234") → "1234"
+1207  * hextoposhex("12345") → "012345"
+1208  */
+1209 function hextoposhex(s) {
+1210     if (s.length % 2 == 1) return "0" + s;
+1211     if (s.substr(0, 1) > "7") return "00" + s;
+1212     return s;
+1213 }
+1214 
+1215 /**
+1216  * convert string of integer array to hexadecimal string.<br/>
+1217  * @name intarystrtohex
+1218  * @function
+1219  * @param {String} s string of integer array
+1220  * @return {String} hexadecimal string
+1221  * @since base64x 1.1.6 jsrsasign 5.0.2
+1222  * @throws "malformed integer array string: *" for wrong input
+1223  * @description
+1224  * This function converts a string of JavaScript integer array to
+1225  * a hexadecimal string. Each integer value shall be in a range 
+1226  * from 0 to 255 otherwise it raise exception. Input string can
+1227  * have extra space or newline string so that they will be ignored.
+1228  * 
+1229  * @example
+1230  * intarystrtohex(" [123, 34, 101, 34, 58] ")
+1231  * → 7b2265223a (i.e. '{"e":' as string)
+1232  */
+1233 function intarystrtohex(s) {
+1234   s = s.replace(/^\s*\[\s*/, '');
+1235   s = s.replace(/\s*\]\s*$/, '');
+1236   s = s.replace(/\s*/g, '');
+1237   try {
+1238     var hex = s.split(/,/).map(function(element, index, array) {
+1239       var i = parseInt(element);
+1240       if (i < 0 || 255 < i) throw "integer not in range 0-255";
+1241       var hI = ("00" + i.toString(16)).slice(-2);
+1242       return hI;
+1243     }).join('');
+1244     return hex;
+1245   } catch(ex) {
+1246     throw "malformed integer array string: " + ex;
+1247   }
+1248 }
+1249 
+1250 /**
+1251  * find index of string where two string differs
+1252  * @name strdiffidx
+1253  * @function
+1254  * @param {String} s1 string to compare
+1255  * @param {String} s2 string to compare
+1256  * @return {Number} string index of where character differs. Return -1 if same.
+1257  * @since jsrsasign 4.9.0 base64x 1.1.5
+1258  * @example
+1259  * strdiffidx("abcdefg", "abcd4fg") -> 4
+1260  * strdiffidx("abcdefg", "abcdefg") -> -1
+1261  * strdiffidx("abcdefg", "abcdef") -> 6
+1262  * strdiffidx("abcdefgh", "abcdef") -> 6
+1263  */
+1264 var strdiffidx = function(s1, s2) {
+1265     var n = s1.length;
+1266     if (s1.length > s2.length) n = s2.length;
+1267     for (var i = 0; i < n; i++) {
+1268 	if (s1.charCodeAt(i) != s2.charCodeAt(i)) return i;
+1269     }
+1270     if (s1.length != s2.length) return n;
+1271     return -1; // same
+1272 };
+1273 
+1274 /**
+1275  * get hexadecimal value of object identifier from dot noted oid value
+1276  * @name oidtohex
+1277  * @function
+1278  * @param {String} oidString dot noted string of object identifier
+1279  * @return {String} hexadecimal value of object identifier
+1280  * @since jsrsasign 10.1.0 base64x 1.1.18
+1281  * @see hextooid
+1282  * @see ASN1HEX.hextooidstr
+1283  * @see KJUR.asn1.ASN1Util.oidIntToHex
+1284  * @description
+1285  * This static method converts from object identifier value string.
+1286  * to hexadecimal string representation of it.
+1287  * {@link hextooid} is a reverse function of this.
+1288  * @example
+1289  * oidtohex("2.5.4.6") → "550406"
+1290  */
+1291 function oidtohex(oidString) {
+1292     var itox = function(i) {
+1293         var h = i.toString(16);
+1294         if (h.length == 1) h = '0' + h;
+1295         return h;
+1296     };
+1297 
+1298     var roidtox = function(roid) {
+1299         var h = '';
+1300         var bi = parseInt(roid, 10);
+1301         var b = bi.toString(2);
+1302 
+1303         var padLen = 7 - b.length % 7;
+1304         if (padLen == 7) padLen = 0;
+1305         var bPad = '';
+1306         for (var i = 0; i < padLen; i++) bPad += '0';
+1307         b = bPad + b;
+1308         for (var i = 0; i < b.length - 1; i += 7) {
+1309             var b8 = b.substr(i, 7);
+1310             if (i != b.length - 7) b8 = '1' + b8;
+1311             h += itox(parseInt(b8, 2));
+1312         }
+1313         return h;
+1314     };
+1315     
+1316     try {
+1317 	if (! oidString.match(/^[0-9.]+$/)) return null;
+1318     
+1319 	var h = '';
+1320 	var a = oidString.split('.');
+1321 	var i0 = parseInt(a[0], 10) * 40 + parseInt(a[1], 10);
+1322 	h += itox(i0);
+1323 	a.splice(0, 2);
+1324 	for (var i = 0; i < a.length; i++) {
+1325             h += roidtox(a[i]);
+1326 	}
+1327 	return h;
+1328     } catch(ex) {
+1329 	return null;
+1330     }
+1331 };
+1332 
+1333 /**
+1334  * get oid string from hexadecimal value of object identifier<br/>
+1335  * @name hextooid
+1336  * @function
+1337  * @param {String} h hexadecimal value of object identifier
+1338  * @return {String} dot noted string of object identifier (ex. "1.2.3.4")
+1339  * @since jsrsasign 10.1.0 base64x 1.1.18
+1340  * @see oidtohex
+1341  * @see ASN1HEX.hextooidstr
+1342  * @see KJUR.asn1.ASN1Util.oidIntToHex
+1343  * @description
+1344  * This static method converts from hexadecimal object identifier value 
+1345  * to dot noted OID value (ex. "1.2.3.4").
+1346  * {@link oidtohex} is a reverse function of this.
+1347  * @example
+1348  * hextooid("550406") → "2.5.4.6"
+1349  */
+1350 function hextooid(h) {
+1351     if (! ishex(h)) return null;
+1352     try {
+1353 	var a = [];
+1354 
+1355 	// a[0], a[1]
+1356 	var hex0 = h.substr(0, 2);
+1357 	var i0 = parseInt(hex0, 16);
+1358 	a[0] = new String(Math.floor(i0 / 40));
+1359 	a[1] = new String(i0 % 40);
+1360 
+1361 	// a[2]..a[n]
+1362 	var hex1 = h.substr(2);
+1363 	var b = [];
+1364 	for (var i = 0; i < hex1.length / 2; i++) {
+1365 	    b.push(parseInt(hex1.substr(i * 2, 2), 16));
+1366 	}
+1367 	var c = [];
+1368 	var cbin = "";
+1369 	for (var i = 0; i < b.length; i++) {
+1370             if (b[i] & 0x80) {
+1371 		cbin = cbin + strpad((b[i] & 0x7f).toString(2), 7);
+1372             } else {
+1373 		cbin = cbin + strpad((b[i] & 0x7f).toString(2), 7);
+1374 		c.push(new String(parseInt(cbin, 2)));
+1375 		cbin = "";
+1376             }
+1377 	}
+1378 
+1379 	var s = a.join(".");
+1380 	if (c.length > 0) s = s + "." + c.join(".");
+1381 	return s;
+1382     } catch(ex) {
+1383 	return null;
+1384     }
+1385 };
+1386 
+1387 /**
+1388  * string padding<br/>
+1389  * @name spad
+1390  * @function
+1391  * @param {String} s input string
+1392  * @param {Number} len output string length
+1393  * @param {String} padchar padding character (default is "0")
+1394  * @return {String} padded string
+1395  * @since jsrsasign 10.1.0 base64x 1.1.18
+1396  * @example
+1397  * strpad("1234", 10, "0") → "0000001234"
+1398  * strpad("1234", 10, " ") → "      1234"
+1399  * strpad("1234", 10)      → "0000001234"
+1400  */
+1401 var strpad = function(s, len, padchar) {
+1402     if (padchar == undefined) padchar = "0";
+1403     if (s.length >= len) return s;
+1404     return new Array(len - s.length + 1).join(padchar) + s;
+1405 };
+1406 
+1407 
+1408
    \ No newline at end of file diff --git a/api/symbols/src/x509-1.1.js.html b/api/symbols/src/x509-1.1.js.html index a6e0fbd9..78ebdee6 100644 --- a/api/symbols/src/x509-1.1.js.html +++ b/api/symbols/src/x509-1.1.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
      1 /* x509-2.0.8.js (c) 2012-2020 Kenji Urushima | kjur.github.io/jsrsasign/license
+	
      1 /* x509-2.0.9.js (c) 2012-2020 Kenji Urushima | kjur.github.io/jsrsasign/license
   2  */
   3 /*
   4  * x509.js - X509 class to read subject public key from certificate.
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name x509-1.1.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 10.0.4 x509 2.0.8 (2020-Oct-23)
+ 19  * @version jsrsasign 10.1.0 x509 2.0.9 (2020-Nov-18)
  20  * @since jsrsasign 1.x.x
  21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -239,2710 +239,2799 @@
 232      * @function
 233      * @return {Array} JSON object of issuer field
 234      * @since jsrsasign 9.0.0 x509 2.0.0
-235      * @description
-236      * @example
-237      * var x = new X509();
-238      * x.readCertPEM(sCertPEM);
+235      * @see X509#getX500Name
+236      * @description
+237      * @example
+238      * var x = new X509(sCertPEM);
 239      * x.getIssuer() →
 240      * { array: [[{type:'C',value:'JP',ds:'prn'}],...],
-241      *   str: "30..." }
+241      *   str: "/C=JP/..." }
 242      */
 243     this.getIssuer = function() {
-244 	var result = {};
-245 	result.array = this.getX500Name(this.getIssuerHex());
-246 	result.str = this.getIssuerString();
-247 	return result;
-248     };
-249 
-250     /**
-251      * get hexadecimal string of issuer field TLV of certificate.<br/>
-252      * @name getIssuerHex
-253      * @memberOf X509#
-254      * @function
-255      * @return {String} hexadecial string of issuer DN ASN.1
-256      * @example
-257      * var x = new X509();
-258      * x.readCertPEM(sCertPEM);
-259      * var issuer = x.getIssuerHex(); // return string like "3013..."
-260      */
-261     this.getIssuerHex = function() {
-262 	return _getTLVbyList(this.hex, 0, [0, 3 + this.foffset], "30");
-263     };
-264 
-265     /**
-266      * get string of issuer field of certificate.<br/>
-267      * @name getIssuerString
-268      * @memberOf X509#
-269      * @function
-270      * @return {String} issuer DN string
-271      * @example
-272      * var x = new X509();
-273      * x.readCertPEM(sCertPEM);
-274      * var dn1 = x.getIssuerString(); // return string like "/C=US/O=TEST"
-275      * var dn2 = KJUR.asn1.x509.X500Name.compatToLDAP(dn1); // returns "O=TEST, C=US"
-276      */
-277     this.getIssuerString = function() {
-278         return _X509.hex2dn(this.getIssuerHex());
-279     };
-280 
-281     /**
-282      * get JSON object of subject field<br/>
-283      * @name getSubject
-284      * @memberOf X509#
-285      * @function
-286      * @return {Array} JSON object of subject field
-287      * @since jsrsasign 9.0.0 x509 2.0.0
-288      * @description
-289      * @example
-290      * var x = new X509();
-291      * x.readCertPEM(sCertPEM);
-292      * x.getIssuer() →
-293      * { array: [[{type:'C',value:'JP',ds:'prn'}],...],
-294      *   str: "30..." }
-295      */
-296     this.getSubject = function() {
-297 	var result = {};
-298 	result.array = this.getX500Name(this.getSubjectHex());
-299 	result.str = this.getSubjectString();
-300 	return result;
-301     };
-302 
-303     /**
-304      * get hexadecimal string of subject field of certificate.<br/>
-305      * @name getSubjectHex
-306      * @memberOf X509#
-307      * @function
-308      * @return {String} hexadecial string of subject DN ASN.1
-309      * @example
-310      * var x = new X509();
-311      * x.readCertPEM(sCertPEM);
-312      * var subject = x.getSubjectHex(); // return string like "3013..."
-313      */
-314     this.getSubjectHex = function() {
-315 	return _getTLVbyList(this.hex, 0, [0, 5 + this.foffset], "30");
-316     };
-317 
-318     /**
-319      * get string of subject field of certificate.<br/>
-320      * @name getSubjectString
-321      * @memberOf X509#
-322      * @function
-323      * @return {String} subject DN string
-324      * @example
-325      * var x = new X509();
-326      * x.readCertPEM(sCertPEM);
-327      * var dn1 = x.getSubjectString(); // return string like "/C=US/O=TEST"
-328      * var dn2 = KJUR.asn1.x509.X500Name.compatToLDAP(dn1); // returns "O=TEST, C=US"
-329      */
-330     this.getSubjectString = function() {
-331         return _X509.hex2dn(this.getSubjectHex());
-332     };
-333 
-334     /**
-335      * get notBefore field string of certificate.<br/>
-336      * @name getNotBefore
-337      * @memberOf X509#
-338      * @function
-339      * @return {String} not before time value (ex. "151231235959Z")
-340      * @example
-341      * var x = new X509();
-342      * x.readCertPEM(sCertPEM);
-343      * var notBefore = x.getNotBefore(); // return string like "151231235959Z"
-344      */
-345     this.getNotBefore = function() {
-346         var s = _getVbyList(this.hex, 0, [0, 4 + this.foffset, 0]);
-347         s = s.replace(/(..)/g, "%$1");
-348         s = decodeURIComponent(s);
-349         return s;
-350     };
-351 
-352     /**
-353      * get notAfter field string of certificate.<br/>
-354      * @name getNotAfter
-355      * @memberOf X509#
-356      * @function
-357      * @return {String} not after time value (ex. "151231235959Z")
-358      * @example
-359      * var x = new X509();
-360      * x.readCertPEM(sCertPEM);
-361      * var notAfter = x.getNotAfter(); // return string like "151231235959Z"
-362      */
-363     this.getNotAfter = function() {
-364 	var s = _getVbyList(this.hex, 0, [0, 4 + this.foffset, 1]);
-365         s = s.replace(/(..)/g, "%$1");
-366         s = decodeURIComponent(s);
-367         return s;
-368     };
-369 
-370     /**
-371      * get a hexadecimal string of subjectPublicKeyInfo field.<br/>
-372      * @name getPublicKeyHex
-373      * @memberOf X509#
-374      * @function
-375      * @return {String} ASN.1 SEQUENCE hexadecimal string of subjectPublicKeyInfo field
-376      * @since jsrsasign 7.1.4 x509 1.1.13
-377      * @example
-378      * x = new X509();
-379      * x.readCertPEM(sCertPEM);
-380      * hSPKI = x.getPublicKeyHex(); // return string like "30820122..."
-381      */
-382     this.getPublicKeyHex = function() {
-383 	return _ASN1HEX.getTLVbyList(this.hex, 0, [0, 6 + this.foffset], "30");
-384     };
-385 
-386     /**
-387      * get a string index of subjectPublicKeyInfo field for hexadecimal string certificate.<br/>
-388      * @name getPublicKeyIdx
-389      * @memberOf X509#
-390      * @function
-391      * @return {Number} string index of subjectPublicKeyInfo field for hexadecimal string certificate.
-392      * @since jsrsasign 7.1.4 x509 1.1.13
-393      * @example
-394      * x = new X509();
-395      * x.readCertPEM(sCertPEM);
-396      * idx = x.getPublicKeyIdx(); // return string index in x.hex parameter
-397      */
-398     this.getPublicKeyIdx = function() {
-399 	return _getIdxbyList(this.hex, 0, [0, 6 + this.foffset], "30");
-400     };
-401 
-402     /**
-403      * get a string index of contents of subjectPublicKeyInfo BITSTRING value from hexadecimal certificate<br/>
-404      * @name getPublicKeyContentIdx
-405      * @memberOf X509#
-406      * @function
-407      * @return {Integer} string index of key contents
-408      * @since jsrsasign 8.0.0 x509 1.2.0
-409      * @example
-410      * x = new X509();
-411      * x.readCertPEM(sCertPEM);
-412      * idx = x.getPublicKeyContentIdx(); // return string index in x.hex parameter
-413      */
-414     // NOTE: Without BITSTRING encapsulation.
-415     this.getPublicKeyContentIdx = function() {
-416 	var idx = this.getPublicKeyIdx();
-417 	return _getIdxbyList(this.hex, idx, [1, 0], "30");
-418     };
-419 
-420     /**
-421      * get a RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field.<br/>
-422      * @name getPublicKey
-423      * @memberOf X509#
-424      * @function
-425      * @return {Object} RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field
-426      * @since jsrsasign 7.1.4 x509 1.1.13
-427      * @example
-428      * x = new X509();
-429      * x.readCertPEM(sCertPEM);
-430      * pubkey= x.getPublicKey();
-431      */
-432     this.getPublicKey = function() {
-433 	return KEYUTIL.getKey(this.getPublicKeyHex(), null, "pkcs8pub");
-434     };
-435 
-436     /**
-437      * get signature algorithm name from hexadecimal certificate data
-438      * @name getSignatureAlgorithmName
-439      * @memberOf X509#
-440      * @function
-441      * @return {String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA)
-442      * @since jsrsasign 7.2.0 x509 1.1.14
-443      * @see X509#getAlgorithmIdentifierName
-444      * @description
-445      * This method will get signature algorithm name of certificate:
-446      * @example
-447      * var x = new X509();
-448      * x.readCertPEM(sCertPEM);
-449      * x.getSignatureAlgorithmName() → "SHA256withRSA"
-450      */
-451     this.getSignatureAlgorithmName = function() {
-452 	var hTLV = _getTLVbyList(this.hex, 0, [1], "30");
-453 	return this.getAlgorithmIdentifierName(hTLV);
-454     };
-455 
-456     /**
-457      * get signature value as hexadecimal string<br/>
-458      * @name getSignatureValueHex
-459      * @memberOf X509#
-460      * @function
-461      * @return {String} signature value hexadecimal string without BitString unused bits
-462      * @since jsrsasign 7.2.0 x509 1.1.14
-463      *
-464      * @description
-465      * This method will get signature value of certificate:
-466      *
-467      * @example
-468      * var x = new X509();
-469      * x.readCertPEM(sCertPEM);
-470      * x.getSignatureValueHex() &rarr "8a4c47913..."
-471      */
-472     this.getSignatureValueHex = function() {
-473 	return _getVbyList(this.hex, 0, [2], "03", true);
-474     };
-475 
-476     /**
-477      * verifies signature value by public key<br/>
-478      * @name verifySignature
-479      * @memberOf X509#
-480      * @function
-481      * @param {Object} pubKey public key object
-482      * @return {Boolean} true if signature value is valid otherwise false
-483      * @since jsrsasign 7.2.0 x509 1.1.14
-484      *
-485      * @description
-486      * This method verifies signature value of hexadecimal string of 
-487      * X.509 certificate by specified public key object.
-488      * The signature algorithm used to verify will refer
-489      * signatureAlgorithm field. (See {@link X509#getSignatureAlgorithmField})
-490      * RSA-PSS signature algorithms (SHA{,256,384,512}withRSAandMGF1)
-491      * are available.
-492      *
-493      * @example
-494      * pubKey = KEYUTIL.getKey(pemPublicKey); // or certificate
-495      * x = new X509();
-496      * x.readCertPEM(pemCert);
-497      * x.verifySignature(pubKey) → true, false or raising exception
-498      */
-499     this.verifySignature = function(pubKey) {
-500 	var algName = this.getSignatureAlgorithmField();
-501 	var hSigVal = this.getSignatureValueHex();
-502 	var hTbsCert = _getTLVbyList(this.hex, 0, [0], "30");
-503 	
-504 	var sig = new KJUR.crypto.Signature({alg: algName});
-505 	sig.init(pubKey);
-506 	sig.updateHex(hTbsCert);
-507 	return sig.verify(hSigVal);
-508     };
-509 
-510     // ===== parse extension ======================================
-511     /**
-512      * set array of X.509v3 and CSR extesion information such as extension OID, criticality and value index. (DEPRECATED)<br/>
-513      * @name parseExt
-514      * @memberOf X509#
-515      * @function
-516      * @param {String} hCSR - PEM string of certificate signing requrest(CSR) (OPTION)
-517      * @since jsrsasign 7.2.0 x509 1.1.14
-518      * @deprecated jsrsasign 9.1.1 x509 2.0.1
-519      *
-520      * @description
-521      * This method will set an array of X.509v3 extension information having 
-522      * following parameters:
-523      * <ul>
-524      * <li>oid - extension OID (ex. 2.5.29.19)</li>
-525      * <li>critical - true or false</li>
-526      * <li>vidx - string index for extension value</li>
-527      * <br/>
-528      * When you want to parse extensionRequest of CSR,
-529      * argument 'hCSR' shall be specified.
-530      * <br/>
-531      * NOTE: CSR is supported from jsrsasign 8.0.20 x509 1.1.22.
-532      * <br/>
-533      * This method and X509.aExtInfo property
-534      * have been *deprecated* since jsrsasign 9.1.1.
-535      * All extension parser method such as X509.getExt* shall be
-536      * call with argument "hExtV" and "critical" explicitly.
-537      *
-538      * @example
-539      * x = new X509();
-540      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-541      *
+244 	return this.getX500Name(this.getIssuerHex())
+245     };
+246 
+247     /**
+248      * get hexadecimal string of issuer field TLV of certificate.<br/>
+249      * @name getIssuerHex
+250      * @memberOf X509#
+251      * @function
+252      * @return {String} hexadecial string of issuer DN ASN.1
+253      * @example
+254      * var x = new X509();
+255      * x.readCertPEM(sCertPEM);
+256      * var issuer = x.getIssuerHex(); // return string like "3013..."
+257      */
+258     this.getIssuerHex = function() {
+259 	return _getTLVbyList(this.hex, 0, [0, 3 + this.foffset], "30");
+260     };
+261 
+262     /**
+263      * get string of issuer field of certificate.<br/>
+264      * @name getIssuerString
+265      * @memberOf X509#
+266      * @function
+267      * @return {String} issuer DN string
+268      * @example
+269      * var x = new X509();
+270      * x.readCertPEM(sCertPEM);
+271      * var dn1 = x.getIssuerString(); // return string like "/C=US/O=TEST"
+272      * var dn2 = KJUR.asn1.x509.X500Name.compatToLDAP(dn1); // returns "O=TEST, C=US"
+273      */
+274     this.getIssuerString = function() {
+275         return _X509.hex2dn(this.getIssuerHex());
+276     };
+277 
+278     /**
+279      * get JSON object of subject field<br/>
+280      * @name getSubject
+281      * @memberOf X509#
+282      * @function
+283      * @return {Array} JSON object of subject field
+284      * @since jsrsasign 9.0.0 x509 2.0.0
+285      * @see X509#getX500Name
+286      * @description
+287      * @example
+288      * var x = new X509(sCertPEM);
+289      * x.getSubject() →
+290      * { array: [[{type:'C',value:'JP',ds:'prn'}],...],
+291      *   str: "/C=JP/..." }
+292      */
+293     this.getSubject = function() {
+294 	return this.getX500Name(this.getSubjectHex());
+295     };
+296 
+297     /**
+298      * get hexadecimal string of subject field of certificate.<br/>
+299      * @name getSubjectHex
+300      * @memberOf X509#
+301      * @function
+302      * @return {String} hexadecial string of subject DN ASN.1
+303      * @example
+304      * var x = new X509();
+305      * x.readCertPEM(sCertPEM);
+306      * var subject = x.getSubjectHex(); // return string like "3013..."
+307      */
+308     this.getSubjectHex = function() {
+309 	return _getTLVbyList(this.hex, 0, [0, 5 + this.foffset], "30");
+310     };
+311 
+312     /**
+313      * get string of subject field of certificate.<br/>
+314      * @name getSubjectString
+315      * @memberOf X509#
+316      * @function
+317      * @return {String} subject DN string
+318      * @example
+319      * var x = new X509();
+320      * x.readCertPEM(sCertPEM);
+321      * var dn1 = x.getSubjectString(); // return string like "/C=US/O=TEST"
+322      * var dn2 = KJUR.asn1.x509.X500Name.compatToLDAP(dn1); // returns "O=TEST, C=US"
+323      */
+324     this.getSubjectString = function() {
+325         return _X509.hex2dn(this.getSubjectHex());
+326     };
+327 
+328     /**
+329      * get notBefore field string of certificate.<br/>
+330      * @name getNotBefore
+331      * @memberOf X509#
+332      * @function
+333      * @return {String} not before time value (ex. "151231235959Z")
+334      * @example
+335      * var x = new X509();
+336      * x.readCertPEM(sCertPEM);
+337      * var notBefore = x.getNotBefore(); // return string like "151231235959Z"
+338      */
+339     this.getNotBefore = function() {
+340         var s = _getVbyList(this.hex, 0, [0, 4 + this.foffset, 0]);
+341         s = s.replace(/(..)/g, "%$1");
+342         s = decodeURIComponent(s);
+343         return s;
+344     };
+345 
+346     /**
+347      * get notAfter field string of certificate.<br/>
+348      * @name getNotAfter
+349      * @memberOf X509#
+350      * @function
+351      * @return {String} not after time value (ex. "151231235959Z")
+352      * @example
+353      * var x = new X509();
+354      * x.readCertPEM(sCertPEM);
+355      * var notAfter = x.getNotAfter(); // return string like "151231235959Z"
+356      */
+357     this.getNotAfter = function() {
+358 	var s = _getVbyList(this.hex, 0, [0, 4 + this.foffset, 1]);
+359         s = s.replace(/(..)/g, "%$1");
+360         s = decodeURIComponent(s);
+361         return s;
+362     };
+363 
+364     /**
+365      * get a hexadecimal string of subjectPublicKeyInfo field.<br/>
+366      * @name getPublicKeyHex
+367      * @memberOf X509#
+368      * @function
+369      * @return {String} ASN.1 SEQUENCE hexadecimal string of subjectPublicKeyInfo field
+370      * @since jsrsasign 7.1.4 x509 1.1.13
+371      * @example
+372      * x = new X509();
+373      * x.readCertPEM(sCertPEM);
+374      * hSPKI = x.getPublicKeyHex(); // return string like "30820122..."
+375      */
+376     this.getPublicKeyHex = function() {
+377 	return _ASN1HEX.getTLVbyList(this.hex, 0, [0, 6 + this.foffset], "30");
+378     };
+379 
+380     /**
+381      * get a string index of subjectPublicKeyInfo field for hexadecimal string certificate.<br/>
+382      * @name getPublicKeyIdx
+383      * @memberOf X509#
+384      * @function
+385      * @return {Number} string index of subjectPublicKeyInfo field for hexadecimal string certificate.
+386      * @since jsrsasign 7.1.4 x509 1.1.13
+387      * @example
+388      * x = new X509();
+389      * x.readCertPEM(sCertPEM);
+390      * idx = x.getPublicKeyIdx(); // return string index in x.hex parameter
+391      */
+392     this.getPublicKeyIdx = function() {
+393 	return _getIdxbyList(this.hex, 0, [0, 6 + this.foffset], "30");
+394     };
+395 
+396     /**
+397      * get a string index of contents of subjectPublicKeyInfo BITSTRING value from hexadecimal certificate<br/>
+398      * @name getPublicKeyContentIdx
+399      * @memberOf X509#
+400      * @function
+401      * @return {Integer} string index of key contents
+402      * @since jsrsasign 8.0.0 x509 1.2.0
+403      * @example
+404      * x = new X509();
+405      * x.readCertPEM(sCertPEM);
+406      * idx = x.getPublicKeyContentIdx(); // return string index in x.hex parameter
+407      */
+408     // NOTE: Without BITSTRING encapsulation.
+409     this.getPublicKeyContentIdx = function() {
+410 	var idx = this.getPublicKeyIdx();
+411 	return _getIdxbyList(this.hex, idx, [1, 0], "30");
+412     };
+413 
+414     /**
+415      * get a RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field.<br/>
+416      * @name getPublicKey
+417      * @memberOf X509#
+418      * @function
+419      * @return {Object} RSAKey/ECDSA/DSA public key object of subjectPublicKeyInfo field
+420      * @since jsrsasign 7.1.4 x509 1.1.13
+421      * @example
+422      * x = new X509();
+423      * x.readCertPEM(sCertPEM);
+424      * pubkey= x.getPublicKey();
+425      */
+426     this.getPublicKey = function() {
+427 	return KEYUTIL.getKey(this.getPublicKeyHex(), null, "pkcs8pub");
+428     };
+429 
+430     /**
+431      * get signature algorithm name from hexadecimal certificate data
+432      * @name getSignatureAlgorithmName
+433      * @memberOf X509#
+434      * @function
+435      * @return {String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA)
+436      * @since jsrsasign 7.2.0 x509 1.1.14
+437      * @see X509#getAlgorithmIdentifierName
+438      * @description
+439      * This method will get signature algorithm name of certificate:
+440      * @example
+441      * var x = new X509();
+442      * x.readCertPEM(sCertPEM);
+443      * x.getSignatureAlgorithmName() → "SHA256withRSA"
+444      */
+445     this.getSignatureAlgorithmName = function() {
+446 	var hTLV = _getTLVbyList(this.hex, 0, [1], "30");
+447 	return this.getAlgorithmIdentifierName(hTLV);
+448     };
+449 
+450     /**
+451      * get signature value as hexadecimal string<br/>
+452      * @name getSignatureValueHex
+453      * @memberOf X509#
+454      * @function
+455      * @return {String} signature value hexadecimal string without BitString unused bits
+456      * @since jsrsasign 7.2.0 x509 1.1.14
+457      *
+458      * @description
+459      * This method will get signature value of certificate:
+460      *
+461      * @example
+462      * var x = new X509();
+463      * x.readCertPEM(sCertPEM);
+464      * x.getSignatureValueHex() &rarr "8a4c47913..."
+465      */
+466     this.getSignatureValueHex = function() {
+467 	return _getVbyList(this.hex, 0, [2], "03", true);
+468     };
+469 
+470     /**
+471      * verifies signature value by public key<br/>
+472      * @name verifySignature
+473      * @memberOf X509#
+474      * @function
+475      * @param {Object} pubKey public key object
+476      * @return {Boolean} true if signature value is valid otherwise false
+477      * @since jsrsasign 7.2.0 x509 1.1.14
+478      *
+479      * @description
+480      * This method verifies signature value of hexadecimal string of 
+481      * X.509 certificate by specified public key object.
+482      * The signature algorithm used to verify will refer
+483      * signatureAlgorithm field. (See {@link X509#getSignatureAlgorithmField})
+484      * RSA-PSS signature algorithms (SHA{,256,384,512}withRSAandMGF1)
+485      * are available.
+486      *
+487      * @example
+488      * pubKey = KEYUTIL.getKey(pemPublicKey); // or certificate
+489      * x = new X509();
+490      * x.readCertPEM(pemCert);
+491      * x.verifySignature(pubKey) → true, false or raising exception
+492      */
+493     this.verifySignature = function(pubKey) {
+494 	var algName = this.getSignatureAlgorithmField();
+495 	var hSigVal = this.getSignatureValueHex();
+496 	var hTbsCert = _getTLVbyList(this.hex, 0, [0], "30");
+497 	
+498 	var sig = new KJUR.crypto.Signature({alg: algName});
+499 	sig.init(pubKey);
+500 	sig.updateHex(hTbsCert);
+501 	return sig.verify(hSigVal);
+502     };
+503 
+504     // ===== parse extension ======================================
+505     /**
+506      * set array of X.509v3 and CSR extesion information such as extension OID, criticality and value index. (DEPRECATED)<br/>
+507      * @name parseExt
+508      * @memberOf X509#
+509      * @function
+510      * @param {String} hCSR - PEM string of certificate signing requrest(CSR) (OPTION)
+511      * @since jsrsasign 7.2.0 x509 1.1.14
+512      * @deprecated jsrsasign 9.1.1 x509 2.0.1
+513      *
+514      * @description
+515      * This method will set an array of X.509v3 extension information having 
+516      * following parameters:
+517      * <ul>
+518      * <li>oid - extension OID (ex. 2.5.29.19)</li>
+519      * <li>critical - true or false</li>
+520      * <li>vidx - string index for extension value</li>
+521      * <br/>
+522      * When you want to parse extensionRequest of CSR,
+523      * argument 'hCSR' shall be specified.
+524      * <br/>
+525      * NOTE: CSR is supported from jsrsasign 8.0.20 x509 1.1.22.
+526      * <br/>
+527      * This method and X509.aExtInfo property
+528      * have been *deprecated* since jsrsasign 9.1.1.
+529      * All extension parser method such as X509.getExt* shall be
+530      * call with argument "hExtV" and "critical" explicitly.
+531      *
+532      * @example
+533      * x = new X509();
+534      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+535      *
+536      * x.aExtInfo →
+537      * [ { oid: "2.5.29,19", critical: true, vidx: 2504 }, ... ]
+538      *
+539      * // to parse CSR
+540      * X = new X509()
+541      * x.parseExt("-----BEGIN CERTIFICATE REQUEST-----...");
 542      * x.aExtInfo →
 543      * [ { oid: "2.5.29,19", critical: true, vidx: 2504 }, ... ]
-544      *
-545      * // to parse CSR
-546      * X = new X509()
-547      * x.parseExt("-----BEGIN CERTIFICATE REQUEST-----...");
-548      * x.aExtInfo →
-549      * [ { oid: "2.5.29,19", critical: true, vidx: 2504 }, ... ]
-550      */
-551     this.parseExt = function(hCSR) {
-552 	var iExtSeq, aExtIdx, h;
-553 
-554 	if (hCSR === undefined) {
-555 	    h = this.hex;
-556 	    if (this.version !== 3) return -1;
-557 	    iExtSeq = _getIdxbyList(h, 0, [0, 7, 0], "30");
-558 	    aExtIdx = _getChildIdx(h, iExtSeq);
-559 	} else {
-560 	    h = pemtohex(hCSR);
-561 	    var idx1 = _getIdxbyList(h, 0, [0, 3, 0, 0], "06");
-562 
-563 	    if (_getV(h, idx1) != "2a864886f70d01090e") {
-564 		this.aExtInfo = new Array();
-565 		return;
-566 	    }
-567 
-568 	    iExtSeq = _getIdxbyList(h, 0, [0, 3, 0, 1, 0], "30");
-569 	    aExtIdx = _getChildIdx(h, iExtSeq);
-570 
-571 	    this.hex = h;
-572 	}
-573 	    
-574 	this.aExtInfo = new Array();
-575 	for (var i = 0; i < aExtIdx.length; i++) {
-576 	    var item = {};
-577 	    item.critical = false;
-578 	    var a = _getChildIdx(h, aExtIdx[i]);
-579 	    var offset = 0;
-580 
-581 	    if (a.length === 3) {
-582 		item.critical = true;
-583 		offset = 1;
-584 	    }
-585 
-586 	    item.oid = _ASN1HEX.hextooidstr(_getVbyList(h, aExtIdx[i], [0], "06"));
-587 	    var octidx = _getIdxbyList(h, aExtIdx[i], [1 + offset]);
-588 	    item.vidx = _getVidx(h, octidx);
-589 	    this.aExtInfo.push(item);
-590 	}
-591     };
-592 
-593     /**
-594      * get a X.509v3 extesion information such as extension OID, criticality and value index for specified oid or name.<br/>
-595      * @name getExtInfo
-596      * @memberOf X509#
-597      * @function
-598      * @param {String} oidOrName X.509 extension oid or name (ex. keyUsage or 2.5.29.19)
-599      * @return X.509 extension information such as extension OID or value indx (see {@link X509#parseExt})
-600      * @since jsrsasign 7.2.0 x509 1.1.14
-601      * @description
-602      * This method will get an X.509v3 extension information JSON object
-603      * having extension OID, criticality and value idx for specified
-604      * extension OID or name.
-605      * If there is no such extension, this returns undefined.
-606      * @example
-607      * x = new X509();
-608      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-609      *
-610      * x.getExtInfo("keyUsage") → { oid: "2.5.29.15", critical: true, vidx: 1714 }
-611      * x.getExtInfo("unknownExt") → undefined
-612      */
-613     this.getExtInfo = function(oidOrName) {
-614 	var a = this.aExtInfo;
-615 	var oid = oidOrName;
-616 	if (! oidOrName.match(/^[0-9.]+$/)) {
-617 	    oid = KJUR.asn1.x509.OID.name2oid(oidOrName);
-618 	}
-619 	if (oid === '') return undefined;
+544      */
+545     this.parseExt = function(hCSR) {
+546 	var iExtSeq, aExtIdx, h;
+547 
+548 	if (hCSR === undefined) {
+549 	    h = this.hex;
+550 	    if (this.version !== 3) return -1;
+551 	    iExtSeq = _getIdxbyList(h, 0, [0, 7, 0], "30");
+552 	    aExtIdx = _getChildIdx(h, iExtSeq);
+553 	} else {
+554 	    h = pemtohex(hCSR);
+555 	    var idx1 = _getIdxbyList(h, 0, [0, 3, 0, 0], "06");
+556 
+557 	    if (_getV(h, idx1) != "2a864886f70d01090e") {
+558 		this.aExtInfo = new Array();
+559 		return;
+560 	    }
+561 
+562 	    iExtSeq = _getIdxbyList(h, 0, [0, 3, 0, 1, 0], "30");
+563 	    aExtIdx = _getChildIdx(h, iExtSeq);
+564 
+565 	    this.hex = h;
+566 	}
+567 	    
+568 	this.aExtInfo = new Array();
+569 	for (var i = 0; i < aExtIdx.length; i++) {
+570 	    var item = {};
+571 	    item.critical = false;
+572 	    var a = _getChildIdx(h, aExtIdx[i]);
+573 	    var offset = 0;
+574 
+575 	    if (a.length === 3) {
+576 		item.critical = true;
+577 		offset = 1;
+578 	    }
+579 
+580 	    item.oid = _ASN1HEX.hextooidstr(_getVbyList(h, aExtIdx[i], [0], "06"));
+581 	    var octidx = _getIdxbyList(h, aExtIdx[i], [1 + offset]);
+582 	    item.vidx = _getVidx(h, octidx);
+583 	    this.aExtInfo.push(item);
+584 	}
+585     };
+586 
+587     /**
+588      * get a X.509v3 extesion information such as extension OID, criticality and value index for specified oid or name.<br/>
+589      * @name getExtInfo
+590      * @memberOf X509#
+591      * @function
+592      * @param {String} oidOrName X.509 extension oid or name (ex. keyUsage or 2.5.29.19)
+593      * @return X.509 extension information such as extension OID or value indx (see {@link X509#parseExt})
+594      * @since jsrsasign 7.2.0 x509 1.1.14
+595      * @description
+596      * This method will get an X.509v3 extension information JSON object
+597      * having extension OID, criticality and value idx for specified
+598      * extension OID or name.
+599      * If there is no such extension, this returns undefined.
+600      * @example
+601      * x = new X509();
+602      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+603      *
+604      * x.getExtInfo("keyUsage") → { oid: "2.5.29.15", critical: true, vidx: 1714 }
+605      * x.getExtInfo("unknownExt") → undefined
+606      */
+607     this.getExtInfo = function(oidOrName) {
+608 	var a = this.aExtInfo;
+609 	var oid = oidOrName;
+610 	if (! oidOrName.match(/^[0-9.]+$/)) {
+611 	    oid = KJUR.asn1.x509.OID.name2oid(oidOrName);
+612 	}
+613 	if (oid === '') return undefined;
+614 
+615 	for (var i = 0; i < a.length; i++) {
+616 	    if (a[i].oid === oid) return a[i];
+617 	}
+618 	return undefined;
+619     };
 620 
-621 	for (var i = 0; i < a.length; i++) {
-622 	    if (a[i].oid === oid) return a[i];
-623 	}
-624 	return undefined;
-625     };
-626 
-627     /**
-628      * get BasicConstraints extension value as object in the certificate
-629      * @name getExtBasicConstraints
-630      * @memberOf X509#
-631      * @function
-632      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
-633      * @param {Boolean} critical flag (OPTIONAL)
-634      * @return {Array} JSON object of BasicConstraints parameter or undefined
-635      * @since jsrsasign 7.2.0 x509 1.1.14
-636      * @see KJUR.asn1.x509.BasicConstraints
-637      * @description
-638      * This method will get basic constraints extension value as object with following paramters.
+621     /**
+622      * get BasicConstraints extension value as object in the certificate
+623      * @name getExtBasicConstraints
+624      * @memberOf X509#
+625      * @function
+626      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
+627      * @param {Boolean} critical flag (OPTIONAL)
+628      * @return {Array} JSON object of BasicConstraints parameter or undefined
+629      * @since jsrsasign 7.2.0 x509 1.1.14
+630      * @see KJUR.asn1.x509.BasicConstraints
+631      * @description
+632      * This method will get basic constraints extension value as object with following paramters.
+633      * <ul>
+634      * <li>{Boolean}cA - CA flag whether CA or not</li>
+635      * <li>{Integer}pathLen - maximum intermediate certificate length</li>
+636      * <li>{Boolean}critical - critical flag</li>
+637      * </ul>
+638      * There are use cases for return values:
 639      * <ul>
-640      * <li>{Boolean}cA - CA flag whether CA or not</li>
-641      * <li>{Integer}pathLen - maximum intermediate certificate length</li>
-642      * <li>{Boolean}critical - critical flag</li>
-643      * </ul>
-644      * There are use cases for return values:
-645      * <ul>
-646      * <li>{cA:true,pathLen:3,critical:true} - cA flag is true and pathLen is 3</li>
-647      * <li>{cA:true,critical:true} - cA flag is true and no pathLen</li>
-648      * <li>{} - basic constraints has no value in case of end entity certificate</li>
-649      * <li>undefined - there is no basic constraints extension</li>
-650      * </ul>
-651      * @example
-652      * x = new X509();
-653      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-654      * x.getExtBasicConstraints() → {cA:true,pathLen:3,critical:true}
-655      */
-656     this.getExtBasicConstraints = function(hExtV, critical) {
-657 	if (hExtV === undefined && critical === undefined) {
-658 	    var info = this.getExtInfo("basicConstraints");
-659 	    if (info === undefined) return undefined;
-660 	    hExtV = _getTLV(this.hex, info.vidx);
-661 	    critical = info.critical;
-662 	}
-663 
-664 	var result = {extname:"basicConstraints"};
-665 	if (critical) result.critical = true;
-666 
-667 	if (hExtV === '3000') return result;
-668 	if (hExtV === '30030101ff') {
+640      * <li>{cA:true,pathLen:3,critical:true} - cA flag is true and pathLen is 3</li>
+641      * <li>{cA:true,critical:true} - cA flag is true and no pathLen</li>
+642      * <li>{} - basic constraints has no value in case of end entity certificate</li>
+643      * <li>undefined - there is no basic constraints extension</li>
+644      * </ul>
+645      * @example
+646      * x = new X509();
+647      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+648      * x.getExtBasicConstraints() → {cA:true,pathLen:3,critical:true}
+649      */
+650     this.getExtBasicConstraints = function(hExtV, critical) {
+651 	if (hExtV === undefined && critical === undefined) {
+652 	    var info = this.getExtInfo("basicConstraints");
+653 	    if (info === undefined) return undefined;
+654 	    hExtV = _getTLV(this.hex, info.vidx);
+655 	    critical = info.critical;
+656 	}
+657 
+658 	var result = {extname:"basicConstraints"};
+659 	if (critical) result.critical = true;
+660 
+661 	if (hExtV === '3000') return result;
+662 	if (hExtV === '30030101ff') {
+663 	    result.cA = true;
+664 	    return result;
+665 	}
+666 	if (hExtV.substr(0, 12) === '30060101ff02') {
+667 	    var pathLexHex = _getV(hExtV, 10);
+668 	    var pathLen = parseInt(pathLexHex, 16);
 669 	    result.cA = true;
-670 	    return result;
-671 	}
-672 	if (hExtV.substr(0, 12) === '30060101ff02') {
-673 	    var pathLexHex = _getV(hExtV, 10);
-674 	    var pathLen = parseInt(pathLexHex, 16);
-675 	    result.cA = true;
-676 	    result.pathLen = pathLen;
-677 	    return result;
-678 	}
-679 	throw new Error("hExtV parse error: " + hExtV);
-680     };
-681 
-682     /**
-683      * get KeyUsage extension value as JSON object
-684      * @memberOf X509#
-685      * @function
-686      * @name getExtKeyUsage
-687      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
-688      * @param {Boolean} critical flag (OPTIONAL)
-689      * @return {Array} JSON object of KeyUsage parameter or undefined
-690      * @since jsrsasign 9.0.0 x509 2.0.0
-691      * @see KJUR.asn1.x509.KeyUsage
-692      * @see X509#getExtKeyUsageString
-693      * @description
-694      * This method parse keyUsage extension. When arguments are
-695      * not specified, its extension in X509 object will be parsed.
-696      * Result of this method can be passed to 
-697      * {@link KJUR.asn1.x509.KeyUsage} constructor.
-698      * <br>
-699      * When hExtV and critical specified as arguments, return value
-700      * will be generated from them.
-701      * <pre>
-702      * id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
-703      * KeyUsage ::= BIT STRING {
-704      *      digitalSignature        (0),
-705      *      nonRepudiation          (1),
-706      *      keyEncipherment         (2),
-707      *      dataEncipherment        (3),
-708      *      keyAgreement            (4),
-709      *      keyCertSign             (5),
-710      *      cRLSign                 (6),
-711      *      encipherOnly            (7),
-712      *      decipherOnly            (8) }     
-713      * </pre>
-714      * @example
-715      * x = new X509();
-716      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-717      * x.getExtKeyUsage() →
-718      * {
-719      *   critial: true,
-720      *   names: ["digitalSignature", "decipherOnly"]
-721      * }
-722      *
-723      * x = new X509();
-724      * x.getExtKeyUsage("306230...") 
-725      * x.getExtKeyUsage("306230...", true) 
-726      */
-727     this.getExtKeyUsage = function(hExtV, critical) {
-728 	if (hExtV === undefined && critical === undefined) {
-729 	    var info = this.getExtInfo("keyUsage");
-730 	    if (info === undefined) return undefined;
-731 	    hExtV = _getTLV(this.hex, info.vidx);
-732 	    critical = info.critical;
-733 	}
-734 
-735 	var result = {extname:"keyUsage"};
-736 	if (critical) result.critical = true;
-737 
-738 	result.names = this.getExtKeyUsageString(hExtV).split(",");
-739 
-740 	return result;
-741     };
-742 
-743     /**
-744      * get KeyUsage extension value as binary string in the certificate<br/>
-745      * @name getExtKeyUsageBin
-746      * @memberOf X509#
-747      * @function
-748      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
-749      * @return {String} binary string of key usage bits (ex. '101')
-750      * @since jsrsasign 7.2.0 x509 1.1.14
-751      * @see X509#getExtKeyUsage
-752      * @description
-753      * This method will get key usage extension value
-754      * as binary string such like '101'.
-755      * Key usage bits definition is in the RFC 5280.
-756      * If there is no key usage extension in the certificate,
-757      * it returns empty string (i.e. '').
-758      * <br/>
-759      * NOTE: argument 'hExtV' supported since jsrsasign 9.0.0 x509 2.0.0.
-760      * @example
-761      * x = new X509();
-762      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-763      * x.getExtKeyUsageBin() → '101'
-764      * // 1 - digitalSignature
-765      * // 0 - nonRepudiation
-766      * // 1 - keyEncipherment
-767      */
-768     this.getExtKeyUsageBin = function(hExtV) {
-769 	if (hExtV === undefined) {
-770 	    var info = this.getExtInfo("keyUsage");
-771 	    if (info === undefined) return '';
-772 	    hExtV = _getTLV(this.hex, info.vidx);
-773 	}
-774 	
-775 	if (hExtV.length != 8 && hExtV.length != 10)
-776 	    throw new Error("malformed key usage value: " + hExtV);
-777 
-778 	var s = "000000000000000" + parseInt(hExtV.substr(6), 16).toString(2);
-779 	if (hExtV.length == 8) s = s.slice(-8);
-780 	if (hExtV.length == 10) s = s.slice(-16);
-781 	s = s.replace(/0+$/, '');
-782 	if (s == '') s = '0';
-783 	return s;
-784     };
-785 
-786     /**
-787      * get KeyUsage extension value as names in the certificate<br/>
-788      * @name getExtKeyUsageString
-789      * @memberOf X509#
-790      * @function
-791      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
-792      * @return {String} comma separated string of key usage
-793      * @since jsrsasign 7.2.0 x509 1.1.14
-794      * @see X509#getExtKeyUsage
-795      * @description
-796      * This method will get key usage extension value
-797      * as comma separated string of usage names.
-798      * If there is no key usage extension in the certificate,
-799      * it returns empty string (i.e. '').
-800      * <br/>
-801      * NOTE: argument 'hExtV' supported since jsrsasign 9.0.0 x509 2.0.0.
-802      * @example
-803      * x = new X509();
-804      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-805      * x.getExtKeyUsageString() → "digitalSignature,keyEncipherment"
-806      */
-807     this.getExtKeyUsageString = function(hExtV) {
-808 	var bKeyUsage = this.getExtKeyUsageBin(hExtV);
-809 	var a = new Array();
-810 	for (var i = 0; i < bKeyUsage.length; i++) {
-811 	    if (bKeyUsage.substr(i, 1) == "1") a.push(X509.KEYUSAGE_NAME[i]);
-812 	}
-813 	return a.join(",");
-814     };
-815 
-816     /**
-817      * get subjectKeyIdentifier value as hexadecimal string in the certificate<br/>
-818      * @name getExtSubjectKeyIdentifier
-819      * @memberOf X509#
-820      * @function
-821      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
-822      * @param {Boolean} critical flag (OPTIONAL)
-823      * @return {Array} JSON object of SubjectKeyIdentifier parameter or undefined
-824      * @since jsrsasign 7.2.0 x509 1.1.14
-825      * @description
-826      * This method will get 
-827      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">
-828      * SubjectKeyIdentifier extension</a> value as JSON object.
-829      * <br>
-830      * When hExtV and critical specified as arguments, return value
-831      * will be generated from them.
-832      * If there is no such extension in the certificate, it returns undefined.
-833      * <br>
-834      * Result of this method can be passed to 
-835      * {@link KJUR.asn1.x509.SubjectKeyIdentifier} constructor.
-836      * <pre>
-837      * id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
-838      * SubjectKeyIdentifier ::= KeyIdentifier
-839      * </pre>
-840      * <br>
-841      * CAUTION:
-842      * Returned JSON value format have been changed without 
-843      * backward compatibility since jsrsasign 9.0.0 x509 2.0.0.
-844      *
-845      * @example
-846      * x = new X509();
-847      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-848      * x.getExtSubjectKeyIdentifier() → 
-849      * { kid: {hex: "1b3347ab..."}, critical: true };
-850      */
-851     this.getExtSubjectKeyIdentifier = function(hExtV, critical) {
-852 	if (hExtV === undefined && critical === undefined) {
-853 	    var info = this.getExtInfo("subjectKeyIdentifier");
-854 	    if (info === undefined) return undefined;
-855 	    hExtV = _getTLV(this.hex, info.vidx);
-856 	    critical = info.critical;
-857 	}
+670 	    result.pathLen = pathLen;
+671 	    return result;
+672 	}
+673 	throw new Error("hExtV parse error: " + hExtV);
+674     };
+675 
+676     /**
+677      * get KeyUsage extension value as JSON object
+678      * @memberOf X509#
+679      * @function
+680      * @name getExtKeyUsage
+681      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
+682      * @param {Boolean} critical flag (OPTIONAL)
+683      * @return {Array} JSON object of KeyUsage parameter or undefined
+684      * @since jsrsasign 9.0.0 x509 2.0.0
+685      * @see KJUR.asn1.x509.KeyUsage
+686      * @see X509#getExtKeyUsageString
+687      * @description
+688      * This method parse keyUsage extension. When arguments are
+689      * not specified, its extension in X509 object will be parsed.
+690      * Result of this method can be passed to 
+691      * {@link KJUR.asn1.x509.KeyUsage} constructor.
+692      * <br>
+693      * When hExtV and critical specified as arguments, return value
+694      * will be generated from them.
+695      * <pre>
+696      * id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
+697      * KeyUsage ::= BIT STRING {
+698      *      digitalSignature        (0),
+699      *      nonRepudiation          (1),
+700      *      keyEncipherment         (2),
+701      *      dataEncipherment        (3),
+702      *      keyAgreement            (4),
+703      *      keyCertSign             (5),
+704      *      cRLSign                 (6),
+705      *      encipherOnly            (7),
+706      *      decipherOnly            (8) }     
+707      * </pre>
+708      * @example
+709      * x = new X509();
+710      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+711      * x.getExtKeyUsage() →
+712      * {
+713      *   critial: true,
+714      *   names: ["digitalSignature", "decipherOnly"]
+715      * }
+716      *
+717      * x = new X509();
+718      * x.getExtKeyUsage("306230...") 
+719      * x.getExtKeyUsage("306230...", true) 
+720      */
+721     this.getExtKeyUsage = function(hExtV, critical) {
+722 	if (hExtV === undefined && critical === undefined) {
+723 	    var info = this.getExtInfo("keyUsage");
+724 	    if (info === undefined) return undefined;
+725 	    hExtV = _getTLV(this.hex, info.vidx);
+726 	    critical = info.critical;
+727 	}
+728 
+729 	var result = {extname:"keyUsage"};
+730 	if (critical) result.critical = true;
+731 
+732 	result.names = this.getExtKeyUsageString(hExtV).split(",");
+733 
+734 	return result;
+735     };
+736 
+737     /**
+738      * get KeyUsage extension value as binary string in the certificate<br/>
+739      * @name getExtKeyUsageBin
+740      * @memberOf X509#
+741      * @function
+742      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
+743      * @return {String} binary string of key usage bits (ex. '101')
+744      * @since jsrsasign 7.2.0 x509 1.1.14
+745      * @see X509#getExtKeyUsage
+746      * @description
+747      * This method will get key usage extension value
+748      * as binary string such like '101'.
+749      * Key usage bits definition is in the RFC 5280.
+750      * If there is no key usage extension in the certificate,
+751      * it returns empty string (i.e. '').
+752      * <br/>
+753      * NOTE: argument 'hExtV' supported since jsrsasign 9.0.0 x509 2.0.0.
+754      * @example
+755      * x = new X509();
+756      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+757      * x.getExtKeyUsageBin() → '101'
+758      * // 1 - digitalSignature
+759      * // 0 - nonRepudiation
+760      * // 1 - keyEncipherment
+761      */
+762     this.getExtKeyUsageBin = function(hExtV) {
+763 	if (hExtV === undefined) {
+764 	    var info = this.getExtInfo("keyUsage");
+765 	    if (info === undefined) return '';
+766 	    hExtV = _getTLV(this.hex, info.vidx);
+767 	}
+768 	
+769 	if (hExtV.length != 8 && hExtV.length != 10)
+770 	    throw new Error("malformed key usage value: " + hExtV);
+771 
+772 	var s = "000000000000000" + parseInt(hExtV.substr(6), 16).toString(2);
+773 	if (hExtV.length == 8) s = s.slice(-8);
+774 	if (hExtV.length == 10) s = s.slice(-16);
+775 	s = s.replace(/0+$/, '');
+776 	if (s == '') s = '0';
+777 	return s;
+778     };
+779 
+780     /**
+781      * get KeyUsage extension value as names in the certificate<br/>
+782      * @name getExtKeyUsageString
+783      * @memberOf X509#
+784      * @function
+785      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
+786      * @return {String} comma separated string of key usage
+787      * @since jsrsasign 7.2.0 x509 1.1.14
+788      * @see X509#getExtKeyUsage
+789      * @description
+790      * This method will get key usage extension value
+791      * as comma separated string of usage names.
+792      * If there is no key usage extension in the certificate,
+793      * it returns empty string (i.e. '').
+794      * <br/>
+795      * NOTE: argument 'hExtV' supported since jsrsasign 9.0.0 x509 2.0.0.
+796      * @example
+797      * x = new X509();
+798      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+799      * x.getExtKeyUsageString() → "digitalSignature,keyEncipherment"
+800      */
+801     this.getExtKeyUsageString = function(hExtV) {
+802 	var bKeyUsage = this.getExtKeyUsageBin(hExtV);
+803 	var a = new Array();
+804 	for (var i = 0; i < bKeyUsage.length; i++) {
+805 	    if (bKeyUsage.substr(i, 1) == "1") a.push(X509.KEYUSAGE_NAME[i]);
+806 	}
+807 	return a.join(",");
+808     };
+809 
+810     /**
+811      * get subjectKeyIdentifier value as hexadecimal string in the certificate<br/>
+812      * @name getExtSubjectKeyIdentifier
+813      * @memberOf X509#
+814      * @function
+815      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
+816      * @param {Boolean} critical flag (OPTIONAL)
+817      * @return {Array} JSON object of SubjectKeyIdentifier parameter or undefined
+818      * @since jsrsasign 7.2.0 x509 1.1.14
+819      * @description
+820      * This method will get 
+821      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.2">
+822      * SubjectKeyIdentifier extension</a> value as JSON object.
+823      * <br>
+824      * When hExtV and critical specified as arguments, return value
+825      * will be generated from them.
+826      * If there is no such extension in the certificate, it returns undefined.
+827      * <br>
+828      * Result of this method can be passed to 
+829      * {@link KJUR.asn1.x509.SubjectKeyIdentifier} constructor.
+830      * <pre>
+831      * id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
+832      * SubjectKeyIdentifier ::= KeyIdentifier
+833      * </pre>
+834      * <br>
+835      * CAUTION:
+836      * Returned JSON value format have been changed without 
+837      * backward compatibility since jsrsasign 9.0.0 x509 2.0.0.
+838      *
+839      * @example
+840      * x = new X509();
+841      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+842      * x.getExtSubjectKeyIdentifier() → 
+843      * { kid: {hex: "1b3347ab..."}, critical: true };
+844      */
+845     this.getExtSubjectKeyIdentifier = function(hExtV, critical) {
+846 	if (hExtV === undefined && critical === undefined) {
+847 	    var info = this.getExtInfo("subjectKeyIdentifier");
+848 	    if (info === undefined) return undefined;
+849 	    hExtV = _getTLV(this.hex, info.vidx);
+850 	    critical = info.critical;
+851 	}
+852 
+853 	var result = {extname:"subjectKeyIdentifier"};
+854 	if (critical) result.critical = true;
+855 
+856 	var hKID = _getV(hExtV, 0);
+857 	result.kid = {hex: hKID};
 858 
-859 	var result = {extname:"subjectKeyIdentifier"};
-860 	if (critical) result.critical = true;
+859 	return result;
+860     };
 861 
-862 	var hKID = _getV(hExtV, 0);
-863 	result.kid = {hex: hKID};
-864 
-865 	return result;
-866     };
-867 
-868     /**
-869      * get authorityKeyIdentifier value as JSON object in the certificate<br/>
-870      * @name getExtAuthorityKeyIdentifier
-871      * @memberOf X509#
-872      * @function
-873      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
-874      * @param {Boolean} critical flag (OPTIONAL)
-875      * @return {Array} JSON object of AuthorityKeyIdentifier parameter or undefined
-876      * @since jsrsasign 7.2.0 x509 1.1.14
-877      * @see KJUR.asn1.x509.AuthorityKeyIdentifier
-878      * @description
-879      * This method will get 
-880      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.1">
-881      * AuthorityKeyIdentifier extension</a> value as JSON object.
-882      * <br>
-883      * When hExtV and critical specified as arguments, return value
-884      * will be generated from them.
-885      * If there is no such extension in the certificate, it returns undefined.
-886      * <br/>
-887      * Result of this method can be passed to 
-888      * {@link KJUR.asn1.x509.AuthorityKeyIdentifier} constructor.
-889      * <pre>
-890      *    id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
-891      *    AuthorityKeyIdentifier ::= SEQUENCE {
-892      *       keyIdentifier             [0] KeyIdentifier           OPTIONAL,
-893      *       authorityCertIssuer       [1] GeneralNames            OPTIONAL,
-894      *       authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }
-895      *    KeyIdentifier ::= OCTET STRING
-896      * </pre>
-897      * Constructor may have following parameters:
-898      * <ul>
-899      * <li>{Array}kid - JSON object of {@link KJUR.asn1.DEROctetString} parameters</li>
-900      * <li>{Array}issuer - JSON object of {@link KJUR.asn1.x509.X500Name} parameters</li>
-901      * <li>{Array}sn - JSON object of {@link KJUR.asn1.DERInteger} parameters</li>
-902      * <li>{Boolean}critical - critical flag</li>
-903      * </ul>
-904      * <br>
-905      * NOTE: The 'authorityCertIssuer' and 'authorityCertSerialNumber'
-906      * supported since jsrsasign 9.0.0 x509 2.0.0.
-907      * @example
-908      * x = new X509();
-909      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-910      * x.getExtAuthorityKeyIdentifier() → 
-911      * { kid: {hex: "1234abcd..."},
-912      *   issuer: {hex: "30..."},
-913      *   sn: {hex: "1234..."},
-914      *   critical: true}
-915      */
-916     this.getExtAuthorityKeyIdentifier = function(hExtV, critical) {
-917 	if (hExtV === undefined && critical === undefined) {
-918 	    var info = this.getExtInfo("authorityKeyIdentifier");
-919 	    if (info === undefined) return undefined;
-920 	    hExtV = _getTLV(this.hex, info.vidx);
-921 	    critical = info.critical;
-922 	}
-923 
-924 	var result = {extname:"authorityKeyIdentifier"};
-925 	if (critical) result.critical = true;
-926 
-927 	var a = _getChildIdx(hExtV, 0);
-928 	for (var i = 0; i < a.length; i++) {
-929 	    var tag = hExtV.substr(a[i], 2);
-930 	    if (tag === "80") {
-931 		result.kid = {hex: _getV(hExtV, a[i])};
-932 	    }
-933 	    if (tag === "a1") {
-934 		var hGNS = _getTLV(hExtV, a[i]);
-935 		var gnsParam = this.getGeneralNames(hGNS);
-936 		result.issuer = gnsParam[0]["dn"];
-937 	    }
-938 	    if (tag === "82") {
-939 		result.sn = {hex: _getV(hExtV, a[i])};
-940 	    }
-941 	}
-942 	return result;
-943     };
-944 
-945     /**
-946      * get extKeyUsage value as JSON object
-947      * @name getExtExtKeyUsage
-948      * @memberOf X509#
-949      * @function
-950      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
-951      * @param {Boolean} critical flag (OPTIONAL)
-952      * @return {Array} JSON object of ExtKeyUsage parameter or undefined
-953      * @return {Object} JSONarray of extended key usage ID name or oid
-954      * @since jsrsasign 9.0.0 x509 2.0.0
-955      * @see KJUR.asn1.x509.ExtKeyUsage
-956      * @description
-957      * This method parse extKeyUsage extension. When arguments are
-958      * not specified, its extension in X509 object will be parsed.
-959      * Result of this method can be passed to 
-960      * {@link KJUR.asn1.x509.ExtKeyUsage} constructor.
-961      * <br>
-962      * When hExtV and critical specified as arguments, return value
-963      * will be generated from them.
-964      * @example
-965      * x = new X509();
-966      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-967      * x.getExtExtKeyUsage() →
-968      * { array: ["clientAuth", "emailProtection", "1.3.6.1.4.1.311.10.3.4"], 
-969      *   critical: true},
-970      */
-971     this.getExtExtKeyUsage = function(hExtV, critical) {
-972 	if (hExtV === undefined && critical === undefined) {
-973 	    var info = this.getExtInfo("extKeyUsage");
-974 	    if (info === undefined) return undefined;
-975 	    hExtV = _getTLV(this.hex, info.vidx);
-976 	    critical = info.critical;
-977 	}
-978 
-979 	var result = {extname:"extKeyUsage",array:[]};
-980 	if (critical) result.critical = true;
+862     /**
+863      * get authorityKeyIdentifier value as JSON object in the certificate<br/>
+864      * @name getExtAuthorityKeyIdentifier
+865      * @memberOf X509#
+866      * @function
+867      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
+868      * @param {Boolean} critical flag (OPTIONAL)
+869      * @return {Array} JSON object of AuthorityKeyIdentifier parameter or undefined
+870      * @since jsrsasign 7.2.0 x509 1.1.14
+871      * @see KJUR.asn1.x509.AuthorityKeyIdentifier
+872      * @description
+873      * This method will get 
+874      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.1">
+875      * AuthorityKeyIdentifier extension</a> value as JSON object.
+876      * <br>
+877      * When hExtV and critical specified as arguments, return value
+878      * will be generated from them.
+879      * If there is no such extension in the certificate, it returns undefined.
+880      * <br/>
+881      * Result of this method can be passed to 
+882      * {@link KJUR.asn1.x509.AuthorityKeyIdentifier} constructor.
+883      * <pre>
+884      *    id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
+885      *    AuthorityKeyIdentifier ::= SEQUENCE {
+886      *       keyIdentifier             [0] KeyIdentifier           OPTIONAL,
+887      *       authorityCertIssuer       [1] GeneralNames            OPTIONAL,
+888      *       authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }
+889      *    KeyIdentifier ::= OCTET STRING
+890      * </pre>
+891      * Constructor may have following parameters:
+892      * <ul>
+893      * <li>{Array}kid - JSON object of {@link KJUR.asn1.DEROctetString} parameters</li>
+894      * <li>{Array}issuer - JSON object of {@link KJUR.asn1.x509.X500Name} parameters</li>
+895      * <li>{Array}sn - JSON object of {@link KJUR.asn1.DERInteger} parameters</li>
+896      * <li>{Boolean}critical - critical flag</li>
+897      * </ul>
+898      * <br>
+899      * NOTE: The 'authorityCertIssuer' and 'authorityCertSerialNumber'
+900      * supported since jsrsasign 9.0.0 x509 2.0.0.
+901      * @example
+902      * x = new X509();
+903      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+904      * x.getExtAuthorityKeyIdentifier() → 
+905      * { kid: {hex: "1234abcd..."},
+906      *   issuer: {hex: "30..."},
+907      *   sn: {hex: "1234..."},
+908      *   critical: true}
+909      */
+910     this.getExtAuthorityKeyIdentifier = function(hExtV, critical) {
+911 	if (hExtV === undefined && critical === undefined) {
+912 	    var info = this.getExtInfo("authorityKeyIdentifier");
+913 	    if (info === undefined) return undefined;
+914 	    hExtV = _getTLV(this.hex, info.vidx);
+915 	    critical = info.critical;
+916 	}
+917 
+918 	var result = {extname:"authorityKeyIdentifier"};
+919 	if (critical) result.critical = true;
+920 
+921 	var a = _getChildIdx(hExtV, 0);
+922 	for (var i = 0; i < a.length; i++) {
+923 	    var tag = hExtV.substr(a[i], 2);
+924 	    if (tag === "80") {
+925 		result.kid = {hex: _getV(hExtV, a[i])};
+926 	    }
+927 	    if (tag === "a1") {
+928 		var hGNS = _getTLV(hExtV, a[i]);
+929 		var gnsParam = this.getGeneralNames(hGNS);
+930 		result.issuer = gnsParam[0]["dn"];
+931 	    }
+932 	    if (tag === "82") {
+933 		result.sn = {hex: _getV(hExtV, a[i])};
+934 	    }
+935 	}
+936 	return result;
+937     };
+938 
+939     /**
+940      * get extKeyUsage value as JSON object
+941      * @name getExtExtKeyUsage
+942      * @memberOf X509#
+943      * @function
+944      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
+945      * @param {Boolean} critical flag (OPTIONAL)
+946      * @return {Array} JSON object of ExtKeyUsage parameter or undefined
+947      * @return {Object} JSONarray of extended key usage ID name or oid
+948      * @since jsrsasign 9.0.0 x509 2.0.0
+949      * @see KJUR.asn1.x509.ExtKeyUsage
+950      * @description
+951      * This method parse extKeyUsage extension. When arguments are
+952      * not specified, its extension in X509 object will be parsed.
+953      * Result of this method can be passed to 
+954      * {@link KJUR.asn1.x509.ExtKeyUsage} constructor.
+955      * <br>
+956      * When hExtV and critical specified as arguments, return value
+957      * will be generated from them.
+958      * @example
+959      * x = new X509();
+960      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+961      * x.getExtExtKeyUsage() →
+962      * { array: ["clientAuth", "emailProtection", "1.3.6.1.4.1.311.10.3.4"], 
+963      *   critical: true},
+964      */
+965     this.getExtExtKeyUsage = function(hExtV, critical) {
+966 	if (hExtV === undefined && critical === undefined) {
+967 	    var info = this.getExtInfo("extKeyUsage");
+968 	    if (info === undefined) return undefined;
+969 	    hExtV = _getTLV(this.hex, info.vidx);
+970 	    critical = info.critical;
+971 	}
+972 
+973 	var result = {extname:"extKeyUsage",array:[]};
+974 	if (critical) result.critical = true;
+975 
+976 	var a = _getChildIdx(hExtV, 0);
+977 
+978 	for (var i = 0; i < a.length; i++) {
+979 	    result.array.push(_oidname(_getV(hExtV, a[i])));
+980 	}
 981 
-982 	var a = _getChildIdx(hExtV, 0);
-983 
-984 	for (var i = 0; i < a.length; i++) {
-985 	    result.array.push(_oidname(_getV(hExtV, a[i])));
-986 	}
-987 
-988 	return result;
-989     };
-990 
-991     /**
-992      * get extKeyUsage value as array of name string in the certificate(DEPRECATED)<br/>
-993      * @name getExtExtKeyUsageName
-994      * @memberOf X509#
-995      * @function
-996      * @return {Object} array of extended key usage ID name or oid
-997      * @since jsrsasign 7.2.0 x509 1.1.14
-998      * @deprecated since jsrsasign 9.0.0 x509 2.0.0
-999      * @description
-1000      * This method will get extended key usage extension value
-1001      * as array of name or OID string.
-1002      * If there is this in the certificate, it returns undefined;
-1003      * <br>
-1004      * NOTE: Supported extended key usage ID names are defined in
-1005      * name2oidList parameter in asn1x509.js file.
-1006      * @example
-1007      * x = new X509();
-1008      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-1009      * x.getExtExtKeyUsageName() → ["serverAuth", "clientAuth", "0.1.2.3.4.5"]
-1010      */
-1011     this.getExtExtKeyUsageName = function() {
-1012 	var info = this.getExtInfo("extKeyUsage");
-1013 	if (info === undefined) return info;
-1014 
-1015 	var result = new Array();
-1016 	
-1017 	var h = _getTLV(this.hex, info.vidx);
-1018 	if (h === '') return result;
-1019 
-1020 	var a = _getChildIdx(h, 0);
-1021 	for (var i = 0; i < a.length; i++) {
-1022 	    result.push(_oidname(_getV(h, a[i])));
-1023 	}
-1024 
-1025 	return result;
-1026     };
-1027 
-1028     /**
-1029      * get subjectAltName value as array of string in the certificate
-1030      * @name getExtSubjectAltName
-1031      * @memberOf X509#
-1032      * @function
-1033      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
-1034      * @param {Boolean} critical flag (OPTIONAL)
-1035      * @return {Array} JSON object of SubjectAltName parameters or undefined
-1036      * @since jsrsasign 7.2.0 x509 1.1.14
-1037      * @see KJUR.asn1.x509.SubjectAltName
-1038      * @see X509#getExtIssuerAltName
-1039      * @description
-1040      * This method will get subjectAltName value
-1041      * as an array of JSON object which has properties defined
-1042      * in {@link KJUR.asn1.x509.SubjectAltName}.
-1043      * Result of this method can be passed to 
-1044      * {@link KJUR.asn1.x509.SubjectAltName} constructor.
-1045      * If there is no this extension in the certificate,
-1046      * it returns undefined.
-1047      * <br>
-1048      * When hExtV and critical specified as arguments, return value
-1049      * will be generated from them.
-1050      * <br>
-1051      * CAUTION: return value of JSON object format have been changed
-1052      * from jsrsasign 9.0.0 x509 2.0.0 without backword compatibility.
-1053      * @example
-1054      * x = new X509();
-1055      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-1056      * x.getExtSubjectAltName() → 
-1057      * { array: [
-1058      *     {uri: "http://example.com/"},
-1059      *     {rfc822: "user1@example.com"},
-1060      *     {dns: "example.com"}
-1061      *   ],
-1062      *   critical: true
-1063      * }
-1064      *
-1065      * x.getExtSubjectAltName("3026...") →
-1066      * { array: [{ip: "192.168.1.1"}] }
-1067      */
-1068     this.getExtSubjectAltName = function(hExtV, critical) {
-1069 	if (hExtV === undefined && critical === undefined) {
-1070 	    var info = this.getExtInfo("subjectAltName");
-1071 	    if (info === undefined) return undefined;
-1072 	    hExtV = _getTLV(this.hex, info.vidx);
-1073 	    critical = info.critical;
-1074 	}
-1075 
-1076 	var result = {extname:"subjectAltName",array:[]};
-1077 	if (critical) result.critical = true;
-1078 
-1079 	result.array = this.getGeneralNames(hExtV);
-1080 
-1081 	return result;
-1082     };
-1083 
-1084     /**
-1085      * get issuerAltName value as array of string in the certificate
-1086      * @name getExtIssuerAltName
-1087      * @memberOf X509#
-1088      * @function
-1089      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
-1090      * @param {Boolean} critical flag (OPTIONAL)
-1091      * @return {Array} JSON object of IssuerAltName parameters
-1092      * @since jsrsasign 9.0.0 x509 2.0.0
-1093      * @see KJUR.asn1.x509.IssuerAltName
-1094      * @see X509#getExtSubjectAltName
-1095      * @description
-1096      * This method will get issuerAltName value
-1097      * as an array of JSON object which has properties defined
-1098      * in {@link KJUR.asn1.x509.IssuerAltName}.
-1099      * Result of this method can be passed to 
-1100      * {@link KJUR.asn1.x509.IssuerAltName} constructor.
-1101      * If there is no this extension in the certificate,
-1102      * it returns undefined.
-1103      * <br>
-1104      * When hExtV and critical specified as arguments, return value
-1105      * will be generated from them.
-1106      * @example
-1107      * x = new X509();
-1108      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-1109      * x.getExtIssuerAltName() → 
-1110      * { array: [
-1111      *     {uri: "http://example.com/"},
-1112      *     {rfc822: "user1@example.com"},
-1113      *     {dns: "example.com"}
-1114      *   ],
-1115      *   critical: true
-1116      * }
-1117      *
-1118      * x.getExtIssuerAltName("3026...") →
-1119      * { array: [{ip: "192.168.1.1"}] }
-1120      */
-1121     this.getExtIssuerAltName = function(hExtV, critical) {
-1122 	if (hExtV === undefined && critical === undefined) {
-1123 	    var info = this.getExtInfo("issuerAltName");
-1124 	    if (info === undefined) return undefined;
-1125 	    hExtV = _getTLV(this.hex, info.vidx);
-1126 	    critical = info.critical;
-1127 	}
-1128 
-1129 	var result = {extname:"issuerAltName",array:[]};
-1130 	if (critical) result.critical = true;
-1131 
-1132 	result.array = this.getGeneralNames(hExtV);
-1133 
-1134 	return result;
-1135     };
-1136 
-1137     /**
-1138      * get GeneralNames ASN.1 structure parameter as JSON object
-1139      * @name getGeneralNames
-1140      * @memberOf X509#
-1141      * @function
-1142      * @param {String} h hexadecimal string of GeneralNames
-1143      * @return {Array} array of GeneralNames parameters
-1144      * @see KJUR.asn1.x509.GeneralNames
-1145      * @see KJUR.asn1.x509.GeneralName
-1146      * @see X509#getGeneralNames
-1147      * @since jsrsasign 9.0.0 x509 2.0.0
-1148      * @description
-1149      * This method will get GeneralNames parameters defined in
-1150      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.6">
-1151      * RFC 5280 4.2.1.6</a>.
-1152      * <pre>
-1153      * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-1154      * </pre>
-1155      * Result of this method can be passed to
-1156      * {@link KJUR.asn1.x509.GeneralNames} constructor.
-1157      * @example
-1158      * x = new X509();
-1159      * x.getGeneralNames("3011860f687474703a2f2f6161612e636f6d2f")
-1160      * → [{uri: "http://aaa.com/"}]
-1161      */
-1162     this.getGeneralNames = function(h) {
-1163 	var aIdx = _getChildIdx(h, 0);
-1164 	var result = [];
-1165 	for (var i = 0; i < aIdx.length; i++) {
-1166 	    var gnParam = this.getGeneralName(_getTLV(h, aIdx[i]));
-1167 	    if (gnParam !== undefined) result.push(gnParam);
-1168 	}
-1169 	return result;
-1170     };
-1171 
-1172     /**
-1173      * get GeneralName ASN.1 structure parameter as JSON object
-1174      * @name getGeneralName
-1175      * @memberOf X509#
-1176      * @function
-1177      * @param {String} h hexadecimal string of GeneralName
-1178      * @return {Array} JSON object of GeneralName parameters or undefined
-1179      * @see KJUR.asn1.x509.GeneralNames
-1180      * @see X509#getGeneralName
-1181      * @since jsrsasign 9.0.0 x509 2.0.0
-1182      * @description
-1183      * This method will get GeneralName parameters defined in
-1184      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.6">
-1185      * RFC 5280 4.2.1.6</a>.
-1186      * <pre>
-1187      * GeneralName ::= CHOICE {
-1188      *      otherName                       [0]     OtherName,
-1189      *      rfc822Name                      [1]     IA5String,
-1190      *      dNSName                         [2]     IA5String,
-1191      *      x400Address                     [3]     ORAddress,
-1192      *      directoryName                   [4]     Name,
-1193      *      ediPartyName                    [5]     EDIPartyName,
-1194      *      uniformResourceIdentifier       [6]     IA5String,
-1195      *      iPAddress                       [7]     OCTET STRING,
-1196      *      registeredID                    [8]     OBJECT IDENTIFIER }
-1197      * </pre>
-1198      * Result of this method can be passed to
-1199      * {@link KJUR.asn1.x509.GeneralName} constructor.
-1200      * @example
-1201      * x = new X509();
-1202      * x.getGeneralName("860f687474703a2f2f6161612e636f6d2f") 
-1203      * → {uri: "http://aaa.com/"}
-1204      */
-1205     this.getGeneralName = function(h) {
-1206 	var tag = h.substr(0, 2);
-1207 	var hValue = _getV(h, 0);
-1208 	var sValue = hextorstr(hValue);
-1209 	if (tag == "81") return {rfc822: sValue};
-1210 	if (tag == "82") return {dns: sValue};
-1211 	if (tag == "a4") return {dn: {hex: hValue}};
-1212 	if (tag == "86") return {uri: sValue};
-1213 	if (tag == "87") return {ip: hextoip(hValue)};
-1214 	return undefined;
-1215     };
-1216 
-1217     /**
-1218      * get subjectAltName value as array of string in the certificate (DEPRECATED)
-1219      * @name getExtSubjectAltName2
-1220      * @memberOf X509#
-1221      * @function
-1222      * @return {Object} array of alt name array
-1223      * @since jsrsasign 8.0.1 x509 1.1.17
-1224      * @deprecated jsrsasign 9.0.0 x509 2.0.0
-1225      * @description
-1226      * This method will get subject alt name extension value
-1227      * as array of type and name.
-1228      * If there is this in the certificate, it returns undefined;
-1229      * Type of GeneralName will be shown as following:
-1230      * <ul>
-1231      * <li>"MAIL" - [1]rfc822Name</li>
-1232      * <li>"DNS"  - [2]dNSName</li>
-1233      * <li>"DN"   - [4]directoryName</li>
-1234      * <li>"URI"  - [6]uniformResourceIdentifier</li>
-1235      * <li>"IP"   - [7]iPAddress</li>
-1236      * </ul>
-1237      * @example
-1238      * x = new X509();
-1239      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-1240      * x.getExtSubjectAltName2() →
-1241      * [["DNS",  "example.com"],
-1242      *  ["DNS",  "example.org"],
-1243      *  ["MAIL", "foo@example.com"],
-1244      *  ["IP",   "192.168.1.1"],
-1245      *  ["IP",   "2001:db8::2:1"],
-1246      *  ["DN",   "/C=US/O=TEST1"]]
-1247      */
-1248     this.getExtSubjectAltName2 = function() {
-1249 	var gnValueHex, gnValueStr, gnTag;
-1250 	var info = this.getExtInfo("subjectAltName");
-1251 	if (info === undefined) return info;
-1252 
-1253 	var result = new Array();
-1254 	var h = _getTLV(this.hex, info.vidx);
-1255 
-1256 	var a = _getChildIdx(h, 0);
-1257 	for (var i = 0; i < a.length; i++) {
-1258 	    gnTag = h.substr(a[i], 2);
-1259 	    gnValueHex = _getV(h, a[i]);
-1260 	    
-1261 	    if (gnTag === "81") { // rfc822Name [1]
-1262 		gnValueStr = hextoutf8(gnValueHex);
-1263 		result.push(["MAIL", gnValueStr]);
-1264 	    }
-1265 	    if (gnTag === "82") { // dNSName [2]
-1266 		gnValueStr = hextoutf8(gnValueHex);
-1267 		result.push(["DNS", gnValueStr]);
-1268 	    }
-1269 	    if (gnTag === "84") { // directoryName [4]
-1270 		gnValueStr = X509.hex2dn(gnValueHex, 0);
-1271 		result.push(["DN", gnValueStr]);
-1272 	    }
-1273 	    if (gnTag === "86") { // uniformResourceIdentifier [6]
-1274 		gnValueStr = hextoutf8(gnValueHex);
-1275 		result.push(["URI", gnValueStr]);
-1276 	    }
-1277 	    if (gnTag === "87") { // iPAddress [7]
-1278 		gnValueStr = hextoip(gnValueHex);
-1279 		result.push(["IP", gnValueStr]);
-1280 	    }
-1281 	}
-1282 	return result;
-1283     };
-1284 
-1285     /**
-1286      * get CRLDistributionPoints extension value as JSON object
-1287      * @name getExtCRLDistributionPoints
-1288      * @memberOf X509#
-1289      * @function
-1290      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
-1291      * @param {Boolean} critical flag (OPTIONAL)
-1292      * @return {Object} JSON object of CRLDistributionPoints parameters or undefined
-1293      * @since jsrsasign 9.0.0 x509 2.0.0
-1294      * @see KJUR.asn1.x509.CRLDistributionPoints
-1295      * @see X509#getDistributionPoint
-1296      * @see X509#getDistributionPointName
-1297      * @see X509#getGeneralNames
-1298      * @see X509#getGeneralName
-1299      * @description
-1300      * This method will get certificate policies value
-1301      * as an array of JSON object which has properties defined
-1302      * in {@link KJUR.asn1.x509.CRLDistributionPoints}.
-1303      * Result of this method can be passed to 
-1304      * {@link KJUR.asn1.x509.CRLDistributionPoints} constructor.
-1305      * If there is no this extension in the certificate,
-1306      * it returns undefined.
-1307      * @example
-1308      * x = new X509();
-1309      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-1310      * x.getExtCRLDistributionPoints() → 
-1311      * {array: [
-1312      *   {dpname: {full: [{uri: "http://example.com/"}]}},
-1313      *   {dpname: {full: [{uri: "ldap://example.com/"}]}}
-1314      *  ],
-1315      *  critical: true}
-1316      */
-1317     this.getExtCRLDistributionPoints = function(hExtV, critical) {
-1318 	if (hExtV === undefined && critical === undefined) {
-1319 	    var info = this.getExtInfo("cRLDistributionPoints");
-1320 	    if (info === undefined) return undefined;
-1321 	    hExtV = _getTLV(this.hex, info.vidx);
-1322 	    critical = info.critical;
-1323 	}
-1324 
-1325 	var result = {extname:"cRLDistributionPoints",array:[]};
-1326 	if (critical) result.critical = true;
-1327 
-1328 	var a = _getChildIdx(hExtV, 0);
-1329 	for (var i = 0; i < a.length; i++) {
-1330 	    var hTLV = _getTLV(hExtV, a[i]);
-1331 	    result.array.push(this.getDistributionPoint(hTLV));
+982 	return result;
+983     };
+984 
+985     /**
+986      * get extKeyUsage value as array of name string in the certificate(DEPRECATED)<br/>
+987      * @name getExtExtKeyUsageName
+988      * @memberOf X509#
+989      * @function
+990      * @return {Object} array of extended key usage ID name or oid
+991      * @since jsrsasign 7.2.0 x509 1.1.14
+992      * @deprecated since jsrsasign 9.0.0 x509 2.0.0
+993      * @description
+994      * This method will get extended key usage extension value
+995      * as array of name or OID string.
+996      * If there is this in the certificate, it returns undefined;
+997      * <br>
+998      * NOTE: Supported extended key usage ID names are defined in
+999      * name2oidList parameter in asn1x509.js file.
+1000      * @example
+1001      * x = new X509();
+1002      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+1003      * x.getExtExtKeyUsageName() → ["serverAuth", "clientAuth", "0.1.2.3.4.5"]
+1004      */
+1005     this.getExtExtKeyUsageName = function() {
+1006 	var info = this.getExtInfo("extKeyUsage");
+1007 	if (info === undefined) return info;
+1008 
+1009 	var result = new Array();
+1010 	
+1011 	var h = _getTLV(this.hex, info.vidx);
+1012 	if (h === '') return result;
+1013 
+1014 	var a = _getChildIdx(h, 0);
+1015 	for (var i = 0; i < a.length; i++) {
+1016 	    result.push(_oidname(_getV(h, a[i])));
+1017 	}
+1018 
+1019 	return result;
+1020     };
+1021 
+1022     /**
+1023      * get subjectAltName value as array of string in the certificate
+1024      * @name getExtSubjectAltName
+1025      * @memberOf X509#
+1026      * @function
+1027      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
+1028      * @param {Boolean} critical flag (OPTIONAL)
+1029      * @return {Array} JSON object of SubjectAltName parameters or undefined
+1030      * @since jsrsasign 7.2.0 x509 1.1.14
+1031      * @see KJUR.asn1.x509.SubjectAltName
+1032      * @see X509#getExtIssuerAltName
+1033      * @description
+1034      * This method will get subjectAltName value
+1035      * as an array of JSON object which has properties defined
+1036      * in {@link KJUR.asn1.x509.SubjectAltName}.
+1037      * Result of this method can be passed to 
+1038      * {@link KJUR.asn1.x509.SubjectAltName} constructor.
+1039      * If there is no this extension in the certificate,
+1040      * it returns undefined.
+1041      * <br>
+1042      * When hExtV and critical specified as arguments, return value
+1043      * will be generated from them.
+1044      * <br>
+1045      * CAUTION: return value of JSON object format have been changed
+1046      * from jsrsasign 9.0.0 x509 2.0.0 without backword compatibility.
+1047      * @example
+1048      * x = new X509();
+1049      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+1050      * x.getExtSubjectAltName() → 
+1051      * { array: [
+1052      *     {uri: "http://example.com/"},
+1053      *     {rfc822: "user1@example.com"},
+1054      *     {dns: "example.com"}
+1055      *   ],
+1056      *   critical: true
+1057      * }
+1058      *
+1059      * x.getExtSubjectAltName("3026...") →
+1060      * { array: [{ip: "192.168.1.1"}] }
+1061      */
+1062     this.getExtSubjectAltName = function(hExtV, critical) {
+1063 	if (hExtV === undefined && critical === undefined) {
+1064 	    var info = this.getExtInfo("subjectAltName");
+1065 	    if (info === undefined) return undefined;
+1066 	    hExtV = _getTLV(this.hex, info.vidx);
+1067 	    critical = info.critical;
+1068 	}
+1069 
+1070 	var result = {extname:"subjectAltName",array:[]};
+1071 	if (critical) result.critical = true;
+1072 
+1073 	result.array = this.getGeneralNames(hExtV);
+1074 
+1075 	return result;
+1076     };
+1077 
+1078     /**
+1079      * get issuerAltName value as array of string in the certificate
+1080      * @name getExtIssuerAltName
+1081      * @memberOf X509#
+1082      * @function
+1083      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
+1084      * @param {Boolean} critical flag (OPTIONAL)
+1085      * @return {Array} JSON object of IssuerAltName parameters
+1086      * @since jsrsasign 9.0.0 x509 2.0.0
+1087      * @see KJUR.asn1.x509.IssuerAltName
+1088      * @see X509#getExtSubjectAltName
+1089      * @description
+1090      * This method will get issuerAltName value
+1091      * as an array of JSON object which has properties defined
+1092      * in {@link KJUR.asn1.x509.IssuerAltName}.
+1093      * Result of this method can be passed to 
+1094      * {@link KJUR.asn1.x509.IssuerAltName} constructor.
+1095      * If there is no this extension in the certificate,
+1096      * it returns undefined.
+1097      * <br>
+1098      * When hExtV and critical specified as arguments, return value
+1099      * will be generated from them.
+1100      * @example
+1101      * x = new X509();
+1102      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+1103      * x.getExtIssuerAltName() → 
+1104      * { array: [
+1105      *     {uri: "http://example.com/"},
+1106      *     {rfc822: "user1@example.com"},
+1107      *     {dns: "example.com"}
+1108      *   ],
+1109      *   critical: true
+1110      * }
+1111      *
+1112      * x.getExtIssuerAltName("3026...") →
+1113      * { array: [{ip: "192.168.1.1"}] }
+1114      */
+1115     this.getExtIssuerAltName = function(hExtV, critical) {
+1116 	if (hExtV === undefined && critical === undefined) {
+1117 	    var info = this.getExtInfo("issuerAltName");
+1118 	    if (info === undefined) return undefined;
+1119 	    hExtV = _getTLV(this.hex, info.vidx);
+1120 	    critical = info.critical;
+1121 	}
+1122 
+1123 	var result = {extname:"issuerAltName",array:[]};
+1124 	if (critical) result.critical = true;
+1125 
+1126 	result.array = this.getGeneralNames(hExtV);
+1127 
+1128 	return result;
+1129     };
+1130 
+1131     /**
+1132      * get GeneralNames ASN.1 structure parameter as JSON object
+1133      * @name getGeneralNames
+1134      * @memberOf X509#
+1135      * @function
+1136      * @param {String} h hexadecimal string of GeneralNames
+1137      * @return {Array} array of GeneralNames parameters
+1138      * @see KJUR.asn1.x509.GeneralNames
+1139      * @see KJUR.asn1.x509.GeneralName
+1140      * @see X509#getGeneralNames
+1141      * @since jsrsasign 9.0.0 x509 2.0.0
+1142      * @description
+1143      * This method will get GeneralNames parameters defined in
+1144      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.6">
+1145      * RFC 5280 4.2.1.6</a>.
+1146      * <pre>
+1147      * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+1148      * </pre>
+1149      * Result of this method can be passed to
+1150      * {@link KJUR.asn1.x509.GeneralNames} constructor.
+1151      * @example
+1152      * x = new X509();
+1153      * x.getGeneralNames("3011860f687474703a2f2f6161612e636f6d2f")
+1154      * → [{uri: "http://aaa.com/"}]
+1155      *
+1156      * x.getGeneralNames("301ea41c30...") →
+1157      * [{ dn: {
+1158      *     array: [
+1159      *       [{type:"C", value:"JP", ds:"prn"}],
+1160      *       [{type:"O", value:"T1", ds:"utf8"}]
+1161      *     ],
+1162      *     str: "/C=JP/O=T1" } }]
+1163      */
+1164     this.getGeneralNames = function(h) {
+1165 	var aIdx = _getChildIdx(h, 0);
+1166 	var result = [];
+1167 	for (var i = 0; i < aIdx.length; i++) {
+1168 	    var gnParam = this.getGeneralName(_getTLV(h, aIdx[i]));
+1169 	    if (gnParam !== undefined) result.push(gnParam);
+1170 	}
+1171 	return result;
+1172     };
+1173 
+1174     /**
+1175      * get GeneralName ASN.1 structure parameter as JSON object
+1176      * @name getGeneralName
+1177      * @memberOf X509#
+1178      * @function
+1179      * @param {String} h hexadecimal string of GeneralName
+1180      * @return {Array} JSON object of GeneralName parameters or undefined
+1181      * @see KJUR.asn1.x509.GeneralNames
+1182      * @see X509#getGeneralName
+1183      * @since jsrsasign 9.0.0 x509 2.0.0
+1184      * @description
+1185      * This method will get GeneralName parameters defined in
+1186      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.6">
+1187      * RFC 5280 4.2.1.6</a>.
+1188      * <pre>
+1189      * GeneralName ::= CHOICE {
+1190      *      otherName                       [0]     OtherName,
+1191      *      rfc822Name                      [1]     IA5String,
+1192      *      dNSName                         [2]     IA5String,
+1193      *      x400Address                     [3]     ORAddress,
+1194      *      directoryName                   [4]     Name,
+1195      *      ediPartyName                    [5]     EDIPartyName,
+1196      *      uniformResourceIdentifier       [6]     IA5String,
+1197      *      iPAddress                       [7]     OCTET STRING,
+1198      *      registeredID                    [8]     OBJECT IDENTIFIER }
+1199      * </pre>
+1200      * Result of this method can be passed to
+1201      * {@link KJUR.asn1.x509.GeneralName} constructor.
+1202      * @example
+1203      * x = new X509();
+1204      * x.getGeneralName("860f687474703a2f2f6161612e636f6d2f") 
+1205      * → {uri: "http://aaa.com/"}
+1206      * x.getGeneralName("a41c30...") →
+1207      * { dn: {
+1208      *     array: [
+1209      *       [{type:"C", value:"JP", ds:"prn"}],
+1210      *       [{type:"O", value:"T1", ds:"utf8"}]
+1211      *     ],
+1212      *     str: "/C=JP/O=T1" } }
+1213      */
+1214     this.getGeneralName = function(h) {
+1215 	var tag = h.substr(0, 2);
+1216 	var hValue = _getV(h, 0);
+1217 	var sValue = hextorstr(hValue);
+1218 	if (tag == "81") return {rfc822: sValue};
+1219 	if (tag == "82") return {dns: sValue};
+1220 	if (tag == "86") return {uri: sValue};
+1221 	if (tag == "87") return {ip: hextoip(hValue)};
+1222 	if (tag == "a4") return {dn: this.getX500Name(hValue)};
+1223 	return undefined;
+1224     };
+1225 
+1226     /**
+1227      * get subjectAltName value as array of string in the certificate (DEPRECATED)
+1228      * @name getExtSubjectAltName2
+1229      * @memberOf X509#
+1230      * @function
+1231      * @return {Object} array of alt name array
+1232      * @since jsrsasign 8.0.1 x509 1.1.17
+1233      * @deprecated jsrsasign 9.0.0 x509 2.0.0
+1234      * @description
+1235      * This method will get subject alt name extension value
+1236      * as array of type and name.
+1237      * If there is this in the certificate, it returns undefined;
+1238      * Type of GeneralName will be shown as following:
+1239      * <ul>
+1240      * <li>"MAIL" - [1]rfc822Name</li>
+1241      * <li>"DNS"  - [2]dNSName</li>
+1242      * <li>"DN"   - [4]directoryName</li>
+1243      * <li>"URI"  - [6]uniformResourceIdentifier</li>
+1244      * <li>"IP"   - [7]iPAddress</li>
+1245      * </ul>
+1246      * @example
+1247      * x = new X509();
+1248      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+1249      * x.getExtSubjectAltName2() →
+1250      * [["DNS",  "example.com"],
+1251      *  ["DNS",  "example.org"],
+1252      *  ["MAIL", "foo@example.com"],
+1253      *  ["IP",   "192.168.1.1"],
+1254      *  ["IP",   "2001:db8::2:1"],
+1255      *  ["DN",   "/C=US/O=TEST1"]]
+1256      */
+1257     this.getExtSubjectAltName2 = function() {
+1258 	var gnValueHex, gnValueStr, gnTag;
+1259 	var info = this.getExtInfo("subjectAltName");
+1260 	if (info === undefined) return info;
+1261 
+1262 	var result = new Array();
+1263 	var h = _getTLV(this.hex, info.vidx);
+1264 
+1265 	var a = _getChildIdx(h, 0);
+1266 	for (var i = 0; i < a.length; i++) {
+1267 	    gnTag = h.substr(a[i], 2);
+1268 	    gnValueHex = _getV(h, a[i]);
+1269 	    
+1270 	    if (gnTag === "81") { // rfc822Name [1]
+1271 		gnValueStr = hextoutf8(gnValueHex);
+1272 		result.push(["MAIL", gnValueStr]);
+1273 	    }
+1274 	    if (gnTag === "82") { // dNSName [2]
+1275 		gnValueStr = hextoutf8(gnValueHex);
+1276 		result.push(["DNS", gnValueStr]);
+1277 	    }
+1278 	    if (gnTag === "84") { // directoryName [4]
+1279 		gnValueStr = X509.hex2dn(gnValueHex, 0);
+1280 		result.push(["DN", gnValueStr]);
+1281 	    }
+1282 	    if (gnTag === "86") { // uniformResourceIdentifier [6]
+1283 		gnValueStr = hextoutf8(gnValueHex);
+1284 		result.push(["URI", gnValueStr]);
+1285 	    }
+1286 	    if (gnTag === "87") { // iPAddress [7]
+1287 		gnValueStr = hextoip(gnValueHex);
+1288 		result.push(["IP", gnValueStr]);
+1289 	    }
+1290 	}
+1291 	return result;
+1292     };
+1293 
+1294     /**
+1295      * get CRLDistributionPoints extension value as JSON object
+1296      * @name getExtCRLDistributionPoints
+1297      * @memberOf X509#
+1298      * @function
+1299      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
+1300      * @param {Boolean} critical flag (OPTIONAL)
+1301      * @return {Object} JSON object of CRLDistributionPoints parameters or undefined
+1302      * @since jsrsasign 9.0.0 x509 2.0.0
+1303      * @see KJUR.asn1.x509.CRLDistributionPoints
+1304      * @see X509#getDistributionPoint
+1305      * @see X509#getDistributionPointName
+1306      * @see X509#getGeneralNames
+1307      * @see X509#getGeneralName
+1308      * @description
+1309      * This method will get certificate policies value
+1310      * as an array of JSON object which has properties defined
+1311      * in {@link KJUR.asn1.x509.CRLDistributionPoints}.
+1312      * Result of this method can be passed to 
+1313      * {@link KJUR.asn1.x509.CRLDistributionPoints} constructor.
+1314      * If there is no this extension in the certificate,
+1315      * it returns undefined.
+1316      * @example
+1317      * x = new X509();
+1318      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+1319      * x.getExtCRLDistributionPoints() → 
+1320      * {array: [
+1321      *   {dpname: {full: [{uri: "http://example.com/"}]}},
+1322      *   {dpname: {full: [{uri: "ldap://example.com/"}]}}
+1323      *  ],
+1324      *  critical: true}
+1325      */
+1326     this.getExtCRLDistributionPoints = function(hExtV, critical) {
+1327 	if (hExtV === undefined && critical === undefined) {
+1328 	    var info = this.getExtInfo("cRLDistributionPoints");
+1329 	    if (info === undefined) return undefined;
+1330 	    hExtV = _getTLV(this.hex, info.vidx);
+1331 	    critical = info.critical;
 1332 	}
 1333 
-1334 	return result;
-1335     };
+1334 	var result = {extname:"cRLDistributionPoints",array:[]};
+1335 	if (critical) result.critical = true;
 1336 
-1337     /**
-1338      * get DistributionPoint ASN.1 structure parameter as JSON object
-1339      * @name getDistributionPoint
-1340      * @memberOf X509#
-1341      * @function
-1342      * @param {String} h hexadecimal string of DistributionPoint
-1343      * @return {Object} JSON object of DistributionPoint parameters
-1344      * @since jsrsasign 9.0.0 x509 2.0.0
-1345      * @see X509#getExtCRLDistributionPoints
-1346      * @see X509#getDistributionPointName
-1347      * @see X509#getGeneralNames
-1348      * @see X509#getGeneralName
-1349      * @description
-1350      * This method will get DistributionPoint parameters.
-1351      * Result of this method can be passed to
-1352      * {@link KJUR.asn1.x509.DistributionPoint} constructor.
-1353      * <br/>
-1354      * NOTE: reasons[1] and CRLIssuer[2] field not supported
-1355      * @example
-1356      * x = new X509();
-1357      * x.getDistributionPoint("30...") →
-1358      * {dpname: {full: [{uri: "http://aaa.com/"}]}}
-1359      */
-1360     this.getDistributionPoint = function(h) {
-1361 	var result = {};
-1362 	var a = _getChildIdx(h, 0);
-1363 	for (var i = 0; i < a.length; i++) {
-1364 	    var tag = h.substr(a[i], 2);
-1365 	    var hTLV = _getTLV(h, a[i]);
-1366 	    if (tag == "a0") {
-1367 		result.dpname = this.getDistributionPointName(hTLV);
-1368 	    }
-1369 	}
-1370 	return result;
-1371     };
-1372 
-1373     /**
-1374      * get DistributionPointName ASN.1 structure parameter as JSON object
-1375      * @name getDistributionPointName
-1376      * @memberOf X509#
-1377      * @function
-1378      * @param {String} h hexadecimal string of DistributionPointName
-1379      * @return {Object} JSON object of DistributionPointName parameters
-1380      * @since jsrsasign 9.0.0 x509 2.0.0
-1381      * @see X509#getExtCRLDistributionPoints
-1382      * @see X509#getDistributionPoint
-1383      * @see X509#getGeneralNames
-1384      * @see X509#getGeneralName
-1385      * @description
-1386      * This method will get DistributionPointName parameters.
-1387      * Result of this method can be passed to
-1388      * {@link KJUR.asn1.x509.DistributionPointName} constructor.
-1389      * <br/>
-1390      * NOTE: nameRelativeToCRLIssuer[1] not supported
-1391      * @example
-1392      * x = new X509();
-1393      * x.getDistributionPointName("a0...") →
-1394      * {full: [{uri: "http://aaa.com/"}]}
-1395      */
-1396     this.getDistributionPointName = function(h) {
-1397 	var result = {};
-1398 	var a = _getChildIdx(h, 0);
-1399 	for (var i = 0; i < a.length; i++) {
-1400 	    var tag = h.substr(a[i], 2);
-1401 	    var hTLV = _getTLV(h, a[i]);
-1402 	    if (tag == "a0") {
-1403 		result.full = this.getGeneralNames(hTLV);
-1404 	    }
-1405 	}
-1406 	return result;
-1407     };
-1408 
-1409     /**
-1410      * get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate (DEPRECATED)
-1411      * @name getExtCRLDistributionPointsURI
-1412      * @memberOf X509#
-1413      * @function
-1414      * @return {Object} array of fullName URIs of CDP of the certificate
-1415      * @since jsrsasign 7.2.0 x509 1.1.14
-1416      * @description
-1417      * This method will get all fullName URIs of cRLDistributionPoints extension
-1418      * in the certificate as array of URI string.
-1419      * If there is this in the certificate, it returns undefined;
-1420      * <br>
-1421      * NOTE: Currently this method supports only fullName URI so that
-1422      * other parameters will not be returned.
-1423      * @example
-1424      * x = new X509();
-1425      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-1426      * x.getExtCRLDistributionPointsURI() →
-1427      * ["http://example.com/aaa.crl", "http://example.org/aaa.crl"]
-1428      */
-1429     this.getExtCRLDistributionPointsURI = function() {
-1430 	var info = this.getExtInfo("cRLDistributionPoints");
-1431 	if (info === undefined) return info;
-1432 
-1433 	var result = new Array();
-1434 	var a = _getChildIdx(this.hex, info.vidx);
-1435 	for (var i = 0; i < a.length; i++) {
-1436 	    try {
-1437 		var hURI = _getVbyList(this.hex, a[i], [0, 0, 0], "86");
-1438 		var uri = hextoutf8(hURI);
-1439 		result.push(uri);
-1440 	    } catch(ex) {};
-1441 	}
-1442 
-1443 	return result;
-1444     };
-1445 
-1446     /**
-1447      * get AuthorityInfoAccess extension value in the certificate as associative array
-1448      * @name getExtAIAInfo
-1449      * @memberOf X509#
-1450      * @function
-1451      * @return {Object} associative array of AIA extension properties
-1452      * @since jsrsasign 7.2.0 x509 1.1.14
-1453      * @description
-1454      * This method will get authority info access value
-1455      * as associate array which has following properties:
-1456      * <ul>
-1457      * <li>ocsp - array of string for OCSP responder URL</li>
-1458      * <li>caissuer - array of string for caIssuer value (i.e. CA certificates URL)</li>
-1459      * </ul>
-1460      * If there is this in the certificate, it returns undefined;
-1461      * @example
-1462      * x = new X509();
-1463      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-1464      * x.getExtAIAInfo(hCert) → 
-1465      * { ocsp:     ["http://ocsp.foo.com"],
-1466      *   caissuer: ["http://rep.foo.com/aaa.p8m"] }
-1467      */
-1468     this.getExtAIAInfo = function() {
-1469 	var info = this.getExtInfo("authorityInfoAccess");
-1470 	if (info === undefined) return info;
-1471 
-1472 	var result = { ocsp: [], caissuer: [] };
-1473 	var a = _getChildIdx(this.hex, info.vidx);
-1474 	for (var i = 0; i < a.length; i++) {
-1475 	    var hOID = _getVbyList(this.hex, a[i], [0], "06");
-1476 	    var hName = _getVbyList(this.hex, a[i], [1], "86");
-1477 	    if (hOID === "2b06010505073001") {
-1478 		result.ocsp.push(hextoutf8(hName));
-1479 	    }
-1480 	    if (hOID === "2b06010505073002") {
-1481 		result.caissuer.push(hextoutf8(hName));
-1482 	    }
-1483 	}
-1484 
-1485 	return result;
-1486     };
-1487 
-1488     /**
-1489      * get AuthorityInfoAccess extension value as JSON object
-1490      * @name getExtAuthorityInfoAccess
-1491      * @memberOf X509#
-1492      * @function
-1493      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
-1494      * @param {Boolean} critical flag (OPTIONAL)
-1495      * @return {Array} JSON object of AuthorityInfoAccess parameters or undefined
-1496      * @since jsrsasign 9.0.0 x509 2.0.0
-1497      * @see KJUR.asn1.x509.AuthorityInfoAccess
-1498      * @description
-1499      * This method parse authorityInfoAccess extension. When arguments are
-1500      * not specified, its extension in X509 object will be parsed.
-1501      * Result of this method can be passed to 
-1502      * {@link KJUR.asn1.x509.AuthorityInfoAccess} constructor.
-1503      * <br>
-1504      * When hExtV and critical specified as arguments, return value
-1505      * will be generated from them.
-1506      * @example
-1507      * x = new X509();
-1508      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-1509      * x.getExtAuthorityInfoAccess() →
-1510      * {
-1511      *   critial: true, // 
-1512      *   array: [{ocsp: http://ocsp.example.com/},
-1513      *           {caissuer: https://repository.example.com/}]
-1514      * }
-1515      *
+1337 	var a = _getChildIdx(hExtV, 0);
+1338 	for (var i = 0; i < a.length; i++) {
+1339 	    var hTLV = _getTLV(hExtV, a[i]);
+1340 	    result.array.push(this.getDistributionPoint(hTLV));
+1341 	}
+1342 
+1343 	return result;
+1344     };
+1345 
+1346     /**
+1347      * get DistributionPoint ASN.1 structure parameter as JSON object
+1348      * @name getDistributionPoint
+1349      * @memberOf X509#
+1350      * @function
+1351      * @param {String} h hexadecimal string of DistributionPoint
+1352      * @return {Object} JSON object of DistributionPoint parameters
+1353      * @since jsrsasign 9.0.0 x509 2.0.0
+1354      * @see X509#getExtCRLDistributionPoints
+1355      * @see X509#getDistributionPointName
+1356      * @see X509#getGeneralNames
+1357      * @see X509#getGeneralName
+1358      * @description
+1359      * This method will get DistributionPoint parameters.
+1360      * Result of this method can be passed to
+1361      * {@link KJUR.asn1.x509.DistributionPoint} constructor.
+1362      * <br/>
+1363      * NOTE: reasons[1] and CRLIssuer[2] field not supported
+1364      * @example
+1365      * x = new X509();
+1366      * x.getDistributionPoint("30...") →
+1367      * {dpname: {full: [{uri: "http://aaa.com/"}]}}
+1368      */
+1369     this.getDistributionPoint = function(h) {
+1370 	var result = {};
+1371 	var a = _getChildIdx(h, 0);
+1372 	for (var i = 0; i < a.length; i++) {
+1373 	    var tag = h.substr(a[i], 2);
+1374 	    var hTLV = _getTLV(h, a[i]);
+1375 	    if (tag == "a0") {
+1376 		result.dpname = this.getDistributionPointName(hTLV);
+1377 	    }
+1378 	}
+1379 	return result;
+1380     };
+1381 
+1382     /**
+1383      * get DistributionPointName ASN.1 structure parameter as JSON object
+1384      * @name getDistributionPointName
+1385      * @memberOf X509#
+1386      * @function
+1387      * @param {String} h hexadecimal string of DistributionPointName
+1388      * @return {Object} JSON object of DistributionPointName parameters
+1389      * @since jsrsasign 9.0.0 x509 2.0.0
+1390      * @see X509#getExtCRLDistributionPoints
+1391      * @see X509#getDistributionPoint
+1392      * @see X509#getGeneralNames
+1393      * @see X509#getGeneralName
+1394      * @description
+1395      * This method will get DistributionPointName parameters.
+1396      * Result of this method can be passed to
+1397      * {@link KJUR.asn1.x509.DistributionPointName} constructor.
+1398      * <br/>
+1399      * NOTE: nameRelativeToCRLIssuer[1] not supported
+1400      * @example
+1401      * x = new X509();
+1402      * x.getDistributionPointName("a0...") →
+1403      * {full: [{uri: "http://aaa.com/"}]}
+1404      */
+1405     this.getDistributionPointName = function(h) {
+1406 	var result = {};
+1407 	var a = _getChildIdx(h, 0);
+1408 	for (var i = 0; i < a.length; i++) {
+1409 	    var tag = h.substr(a[i], 2);
+1410 	    var hTLV = _getTLV(h, a[i]);
+1411 	    if (tag == "a0") {
+1412 		result.full = this.getGeneralNames(hTLV);
+1413 	    }
+1414 	}
+1415 	return result;
+1416     };
+1417 
+1418     /**
+1419      * get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate (DEPRECATED)
+1420      * @name getExtCRLDistributionPointsURI
+1421      * @memberOf X509#
+1422      * @function
+1423      * @return {Object} array of fullName URIs of CDP of the certificate
+1424      * @since jsrsasign 7.2.0 x509 1.1.14
+1425      * @description
+1426      * This method will get all fullName URIs of cRLDistributionPoints extension
+1427      * in the certificate as array of URI string.
+1428      * If there is this in the certificate, it returns undefined;
+1429      * <br>
+1430      * NOTE: Currently this method supports only fullName URI so that
+1431      * other parameters will not be returned.
+1432      * @example
+1433      * x = new X509();
+1434      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+1435      * x.getExtCRLDistributionPointsURI() →
+1436      * ["http://example.com/aaa.crl", "http://example.org/aaa.crl"]
+1437      */
+1438     this.getExtCRLDistributionPointsURI = function() {
+1439 	var info = this.getExtInfo("cRLDistributionPoints");
+1440 	if (info === undefined) return info;
+1441 
+1442 	var result = new Array();
+1443 	var a = _getChildIdx(this.hex, info.vidx);
+1444 	for (var i = 0; i < a.length; i++) {
+1445 	    try {
+1446 		var hURI = _getVbyList(this.hex, a[i], [0, 0, 0], "86");
+1447 		var uri = hextoutf8(hURI);
+1448 		result.push(uri);
+1449 	    } catch(ex) {};
+1450 	}
+1451 
+1452 	return result;
+1453     };
+1454 
+1455     /**
+1456      * get AuthorityInfoAccess extension value in the certificate as associative array
+1457      * @name getExtAIAInfo
+1458      * @memberOf X509#
+1459      * @function
+1460      * @return {Object} associative array of AIA extension properties
+1461      * @since jsrsasign 7.2.0 x509 1.1.14
+1462      * @description
+1463      * This method will get authority info access value
+1464      * as associate array which has following properties:
+1465      * <ul>
+1466      * <li>ocsp - array of string for OCSP responder URL</li>
+1467      * <li>caissuer - array of string for caIssuer value (i.e. CA certificates URL)</li>
+1468      * </ul>
+1469      * If there is this in the certificate, it returns undefined;
+1470      * @example
+1471      * x = new X509();
+1472      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+1473      * x.getExtAIAInfo(hCert) → 
+1474      * { ocsp:     ["http://ocsp.foo.com"],
+1475      *   caissuer: ["http://rep.foo.com/aaa.p8m"] }
+1476      */
+1477     this.getExtAIAInfo = function() {
+1478 	var info = this.getExtInfo("authorityInfoAccess");
+1479 	if (info === undefined) return info;
+1480 
+1481 	var result = { ocsp: [], caissuer: [] };
+1482 	var a = _getChildIdx(this.hex, info.vidx);
+1483 	for (var i = 0; i < a.length; i++) {
+1484 	    var hOID = _getVbyList(this.hex, a[i], [0], "06");
+1485 	    var hName = _getVbyList(this.hex, a[i], [1], "86");
+1486 	    if (hOID === "2b06010505073001") {
+1487 		result.ocsp.push(hextoutf8(hName));
+1488 	    }
+1489 	    if (hOID === "2b06010505073002") {
+1490 		result.caissuer.push(hextoutf8(hName));
+1491 	    }
+1492 	}
+1493 
+1494 	return result;
+1495     };
+1496 
+1497     /**
+1498      * get AuthorityInfoAccess extension value as JSON object
+1499      * @name getExtAuthorityInfoAccess
+1500      * @memberOf X509#
+1501      * @function
+1502      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
+1503      * @param {Boolean} critical flag (OPTIONAL)
+1504      * @return {Array} JSON object of AuthorityInfoAccess parameters or undefined
+1505      * @since jsrsasign 9.0.0 x509 2.0.0
+1506      * @see KJUR.asn1.x509.AuthorityInfoAccess
+1507      * @description
+1508      * This method parse authorityInfoAccess extension. When arguments are
+1509      * not specified, its extension in X509 object will be parsed.
+1510      * Result of this method can be passed to 
+1511      * {@link KJUR.asn1.x509.AuthorityInfoAccess} constructor.
+1512      * <br>
+1513      * When hExtV and critical specified as arguments, return value
+1514      * will be generated from them.
+1515      * @example
 1516      * x = new X509();
-1517      * x.getExtAuthorityInfoAccesss("306230...") 
-1518      * x.getExtAuthorityInfoAccesss("306230...", true) 
-1519      */
-1520     this.getExtAuthorityInfoAccess = function(hExtV, critical) {
-1521 	if (hExtV === undefined && critical === undefined) {
-1522 	    var info = this.getExtInfo("authorityInfoAccess");
-1523 	    if (info === undefined) return undefined;
-1524 	    hExtV = _getTLV(this.hex, info.vidx);
-1525 	    critical = info.critical;
-1526 	}
-1527 
-1528 	var result = {extname:"authorityInfoAccess",array:[]};
-1529 	if (critical) result.critical = true;
-1530 
-1531 	var a = _getChildIdx(hExtV, 0);
-1532 	for (var i = 0; i < a.length; i++) {
-1533 	    var hMethod = _getVbyListEx(hExtV, a[i], [0], "06");
-1534 	    var hLoc = _getVbyList(hExtV, a[i], [1], "86");
-1535 	    var sLoc = hextoutf8(hLoc);
-1536 	    if (hMethod == "2b06010505073001") {
-1537 		result.array.push({ocsp: sLoc});
-1538 	    } else if (hMethod == "2b06010505073002") {
-1539 		result.array.push({caissuer: sLoc});
-1540 	    } else {
-1541 		throw new Error("unknown method: " + hMethod);
-1542 	    }
-1543 	}
-1544 
-1545 	return result;
-1546     }
-1547 
-1548     /**
-1549      * get CertificatePolicies extension value as JSON object
-1550      * @name getExtCertificatePolicies
-1551      * @memberOf X509#
-1552      * @function
-1553      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
-1554      * @param {Boolean} critical flag (OPTIONAL)
-1555      * @return {Object} JSON object of CertificatePolicies parameters or undefined
-1556      * @since jsrsasign 7.2.0 x509 1.1.14
-1557      * @description
-1558      * This method will get certificate policies value
-1559      * as an array of JSON object which has properties defined
-1560      * in {@link KJUR.asn1.x509.CertificatePolicies}.
-1561      * Result of this method can be passed to 
-1562      * {@link KJUR.asn1.x509.CertificatePolicies} constructor.
-1563      * If there is no this extension in the certificate,
-1564      * it returns undefined.
-1565      * <br>
-1566      * CAUTION: return value of JSON object format have been changed
-1567      * from jsrsasign 9.0.0 without backword compatibility.
-1568      * <br>
-1569      * When hExtV and critical specified as arguments, return value
-1570      * will be generated from them.
-1571      * @example
-1572      * x = new X509();
-1573      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
-1574      * x.getExtCertificatePolicies() → 
-1575      * { array: [
-1576      *   { policyoid: "1.2.3.4" }
-1577      *   { policyoid: "1.2.3.5",
-1578      *     array: [
-1579      *       { cps: "https://example.com/" },
-1580      *       { unotice: { exptext: { type: "bmp", str: "sample text" } } }
-1581      *     ] 
-1582      *   }
-1583      * ]}
-1584      */
-1585     this.getExtCertificatePolicies = function(hExtV, critical) {
-1586 	if (hExtV === undefined && critical === undefined) {
-1587 	    var info = this.getExtInfo("certificatePolicies");
-1588 	    if (info === undefined) return undefined;
-1589 	    hExtV = _getTLV(this.hex, info.vidx);
-1590 	    critical = info.critical;
-1591 	}
-1592 	var result = {extname:"certificatePolicies",array:[]};
-1593 	if (critical) result.critical = true;
-1594 
-1595 	var aIdxPI = _getChildIdx(hExtV, 0); // PolicyInformation list index
-1596 	for (var i = 0; i < aIdxPI.length; i++) {
-1597 	    var hPolicyInformation = _getTLV(hExtV, aIdxPI[i]);
-1598 	    var polinfo = this.getPolicyInformation(hPolicyInformation);
-1599 	    result.array.push(polinfo);
+1517      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+1518      * x.getExtAuthorityInfoAccess() →
+1519      * {
+1520      *   critial: true, // 
+1521      *   array: [{ocsp: http://ocsp.example.com/},
+1522      *           {caissuer: https://repository.example.com/}]
+1523      * }
+1524      *
+1525      * x = new X509();
+1526      * x.getExtAuthorityInfoAccesss("306230...") 
+1527      * x.getExtAuthorityInfoAccesss("306230...", true) 
+1528      */
+1529     this.getExtAuthorityInfoAccess = function(hExtV, critical) {
+1530 	if (hExtV === undefined && critical === undefined) {
+1531 	    var info = this.getExtInfo("authorityInfoAccess");
+1532 	    if (info === undefined) return undefined;
+1533 	    hExtV = _getTLV(this.hex, info.vidx);
+1534 	    critical = info.critical;
+1535 	}
+1536 
+1537 	var result = {extname:"authorityInfoAccess",array:[]};
+1538 	if (critical) result.critical = true;
+1539 
+1540 	var a = _getChildIdx(hExtV, 0);
+1541 	for (var i = 0; i < a.length; i++) {
+1542 	    var hMethod = _getVbyListEx(hExtV, a[i], [0], "06");
+1543 	    var hLoc = _getVbyList(hExtV, a[i], [1], "86");
+1544 	    var sLoc = hextoutf8(hLoc);
+1545 	    if (hMethod == "2b06010505073001") {
+1546 		result.array.push({ocsp: sLoc});
+1547 	    } else if (hMethod == "2b06010505073002") {
+1548 		result.array.push({caissuer: sLoc});
+1549 	    } else {
+1550 		throw new Error("unknown method: " + hMethod);
+1551 	    }
+1552 	}
+1553 
+1554 	return result;
+1555     }
+1556 
+1557     /**
+1558      * get CertificatePolicies extension value as JSON object
+1559      * @name getExtCertificatePolicies
+1560      * @memberOf X509#
+1561      * @function
+1562      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
+1563      * @param {Boolean} critical flag (OPTIONAL)
+1564      * @return {Object} JSON object of CertificatePolicies parameters or undefined
+1565      * @since jsrsasign 7.2.0 x509 1.1.14
+1566      * @description
+1567      * This method will get certificate policies value
+1568      * as an array of JSON object which has properties defined
+1569      * in {@link KJUR.asn1.x509.CertificatePolicies}.
+1570      * Result of this method can be passed to 
+1571      * {@link KJUR.asn1.x509.CertificatePolicies} constructor.
+1572      * If there is no this extension in the certificate,
+1573      * it returns undefined.
+1574      * <br>
+1575      * CAUTION: return value of JSON object format have been changed
+1576      * from jsrsasign 9.0.0 without backword compatibility.
+1577      * <br>
+1578      * When hExtV and critical specified as arguments, return value
+1579      * will be generated from them.
+1580      * @example
+1581      * x = new X509();
+1582      * x.readCertPEM(sCertPEM); // parseExt() will also be called internally.
+1583      * x.getExtCertificatePolicies() → 
+1584      * { array: [
+1585      *   { policyoid: "1.2.3.4" }
+1586      *   { policyoid: "1.2.3.5",
+1587      *     array: [
+1588      *       { cps: "https://example.com/" },
+1589      *       { unotice: { exptext: { type: "bmp", str: "sample text" } } }
+1590      *     ] 
+1591      *   }
+1592      * ]}
+1593      */
+1594     this.getExtCertificatePolicies = function(hExtV, critical) {
+1595 	if (hExtV === undefined && critical === undefined) {
+1596 	    var info = this.getExtInfo("certificatePolicies");
+1597 	    if (info === undefined) return undefined;
+1598 	    hExtV = _getTLV(this.hex, info.vidx);
+1599 	    critical = info.critical;
 1600 	}
-1601 	return result;
-1602     }
+1601 	var result = {extname:"certificatePolicies",array:[]};
+1602 	if (critical) result.critical = true;
 1603 
-1604     /**
-1605      * get PolicyInformation ASN.1 structure parameter as JSON object
-1606      * @name getPolicyInformation
-1607      * @memberOf X509#
-1608      * @function
-1609      * @param {String} h hexadecimal string of PolicyInformation
-1610      * @return {Object} JSON object of PolicyInformation parameters
-1611      * @since jsrsasign 9.0.0 x509 2.0.0
-1612      * @description
-1613      * This method will get PolicyInformation parameters defined in
-1614      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
-1615      * RFC 5280 4.2.1.4</a>.
-1616      * <pre>
-1617      * PolicyInformation ::= SEQUENCE {
-1618      *      policyIdentifier   CertPolicyId,
-1619      *      policyQualifiers   SEQUENCE SIZE (1..MAX) OF
-1620      *                              PolicyQualifierInfo OPTIONAL }
-1621      * </pre>
-1622      * Result of this method can be passed to
-1623      * {@link KJUR.asn1.x509.PolicyInformation} constructor.
-1624      * @example
-1625      * x = new X509();
-1626      * x.getPolicyInformation("30...") →
-1627      * {
-1628      *     policyoid: "2.16.840.1.114412.2.1",
-1629      *     array: [{cps: "https://www.digicert.com/CPS"}]
-1630      * }
-1631      */
-1632     this.getPolicyInformation = function(h) {
-1633 	var result = {};
-1634 
-1635 	var hPOLICYOID = _getVbyList(h, 0, [0], "06");
-1636 	result.policyoid = _oidname(hPOLICYOID);
-1637 	
-1638 	var idxPQSEQ = _getIdxbyListEx(h, 0, [1], "30");
-1639 	if (idxPQSEQ != -1) {
-1640 	    result.array = [];
-1641 	    var aIdx = _getChildIdx(h, idxPQSEQ);
-1642 	    for (var j = 0; j < aIdx.length; j++) {
-1643 		var hPQI = _getTLV(h, aIdx[j]);
-1644 		var pqinfo = this.getPolicyQualifierInfo(hPQI);
-1645 		result.array.push(pqinfo);
-1646 	    }
-1647 	}
-1648 
-1649 	return result;
-1650     };
-1651 
-1652     /**
-1653      * get PolicyQualifierInfo ASN.1 structure parameter as JSON object
-1654      * @name getPolicyQualifierInfo
-1655      * @memberOf X509#
-1656      * @function
-1657      * @param {String} h hexadecimal string of PolicyQualifierInfo
-1658      * @return {Object} JSON object of PolicyQualifierInfo parameters
-1659      * @since jsrsasign 9.0.0 x509 2.0.0
-1660      * @see X509#getExtCertificatePolicies
-1661      * @see X509#getPolicyInformation
-1662      * @description
-1663      * This method will get 
-1664      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
-1665      * PolicyQualifierInfo</a> parameters.
-1666      * <pre>
-1667      * PolicyQualifierInfo ::= SEQUENCE {
-1668      *      policyQualifierId  PolicyQualifierId,
-1669      *      qualifier          ANY DEFINED BY policyQualifierId }
-1670      * id-qt          OBJECT IDENTIFIER ::=  { id-pkix 2 }
-1671      * id-qt-cps      OBJECT IDENTIFIER ::=  { id-qt 1 }
-1672      * id-qt-unotice  OBJECT IDENTIFIER ::=  { id-qt 2 }
-1673      * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
-1674      * Qualifier ::= CHOICE {
-1675      *      cPSuri           CPSuri,
-1676      *      userNotice       UserNotice }
-1677      * CPSuri ::= IA5String
-1678      * </pre>
-1679      * Result of this method can be passed to 
-1680      * {@link KJUR.asn1.x509.PolicyQualifierInfo} constructor.
-1681      * @example
-1682      * x = new X509();
-1683      * x.getPolicyQualifierInfo("30...") 
-1684      * → {unotice: {exptext: {type: 'utf8', str: 'aaa'}}}
-1685      * x.getPolicyQualifierInfo("30...") 
-1686      * → {cps: "https://repository.example.com/"}
-1687      */
-1688     this.getPolicyQualifierInfo = function(h) {
-1689 	var result = {};
-1690 	var hPQOID = _getVbyList(h, 0, [0], "06");
-1691 	if (hPQOID === "2b06010505070201") { // cps
-1692 	    var hCPSURI = _getVbyListEx(h, 0, [1], "16");
-1693 	    result.cps = hextorstr(hCPSURI);
-1694 	} else if (hPQOID === "2b06010505070202") { // unotice
-1695 	    var hUserNotice = _getTLVbyList(h, 0, [1], "30");
-1696 	    result.unotice = this.getUserNotice(hUserNotice);
-1697 	}
-1698 	return result;
-1699     };
-1700 
-1701     /**
-1702      * get UserNotice ASN.1 structure parameter as JSON object
-1703      * @name getUserNotice
-1704      * @memberOf X509#
-1705      * @function
-1706      * @param {String} h hexadecimal string of UserNotice
-1707      * @return {Object} JSON object of UserNotice parameters
-1708      * @since jsrsasign 9.0.0 x509 2.0.0
-1709      * @see X509#getExtCertificatePolicies
-1710      * @see X509#getPolicyInformation
-1711      * @see X509#getPolicyQualifierInfo
-1712      * @description
-1713      * This method will get 
-1714      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
-1715      * UserNotice</a> parameters.
-1716      * <pre>
-1717      * UserNotice ::= SEQUENCE {
-1718      *      noticeRef        NoticeReference OPTIONAL,
-1719      *      explicitText     DisplayText OPTIONAL }
-1720      * </pre>
-1721      * Result of this method can be passed to 
-1722      * {@link KJUR.asn1.x509.NoticeReference} constructor.
-1723      * <br/>
-1724      * NOTE: NoticeReference parsing is currently not supported and
-1725      * it will be ignored.
-1726      * @example
-1727      * x = new X509();
-1728      * x.getUserNotice("30...") → {exptext: {type: 'utf8', str: 'aaa'}}
-1729      */
-1730     this.getUserNotice = function(h) {
-1731 	var result = {};
-1732 	var a = _getChildIdx(h, 0);
-1733 	for (var i = 0; i < a.length; i++) {
-1734 	    var hItem = _getTLV(h, a[i]);
-1735 	    if (hItem.substr(0, 2) != "30") {
-1736 		result.exptext = this.getDisplayText(hItem);
-1737 	    }
-1738 	}
-1739 	return result;
-1740     };
-1741 
-1742     /**
-1743      * get DisplayText ASN.1 structure parameter as JSON object
-1744      * @name getDisplayText
-1745      * @memberOf X509#
-1746      * @function
-1747      * @param {String} h hexadecimal string of DisplayText
-1748      * @return {Object} JSON object of DisplayText parameters
-1749      * @since jsrsasign 9.0.0 x509 2.0.0
-1750      * @see X509#getExtCertificatePolicies
-1751      * @see X509#getPolicyInformation
-1752      * @description
-1753      * This method will get 
-1754      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
-1755      * DisplayText</a> parameters.
-1756      * <pre>
-1757      * DisplayText ::= CHOICE {
-1758      *      ia5String        IA5String      (SIZE (1..200)),
-1759      *      visibleString    VisibleString  (SIZE (1..200)),
-1760      *      bmpString        BMPString      (SIZE (1..200)),
-1761      *      utf8String       UTF8String     (SIZE (1..200)) }     
-1762      * </pre>
-1763      * Result of this method can be passed to 
-1764      * {@link KJUR.asn1.x509.DisplayText} constructor.
-1765      * @example
-1766      * x = new X509();
-1767      * x.getDisplayText("0c03616161") &rarr {type: 'utf8', str: 'aaa'}
-1768      * x.getDisplayText("1e03616161") &rarr {type: 'bmp',  str: 'aaa'}
-1769      */
-1770     this.getDisplayText = function(h) {
-1771 	var _DISPLAYTEXTTAG = {"0c": "utf8", "16": "ia5", "1a": "vis" , "1e": "bmp"};
-1772 	var result = {};
-1773 	result.type = _DISPLAYTEXTTAG[h.substr(0, 2)];
-1774 	result.str = hextorstr(_getV(h, 0));
-1775 	return result;
-1776     };
-1777 
-1778     /**
-1779      * parse cRLNumber CRL extension as JSON object<br/>
-1780      * @name getExtCRLNumber
-1781      * @memberOf X509#
-1782      * @function
-1783      * @param {String} hExtV hexadecimal string of extension value
-1784      * @param {Boolean} critical flag
-1785      * @since jsrsasign 9.1.1 x509 2.0.1
-1786      * @see KJUR.asn1.x509.CRLNumber
-1787      * @see X509#getExtParamArray
-1788      * @description
-1789      * This method parses
-1790      * CRLNumber CRL extension value defined in
-1791      * <a href="https://tools.ietf.org/html/rfc5280#section-5.2.3">
-1792      * RFC 5280 5.2.3</a> as JSON object.
-1793      * <pre>
-1794      * id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
-1795      * CRLNumber ::= INTEGER (0..MAX)
-1796      * </pre>
-1797      * <br/>
-1798      * Result of this method can be passed to 
-1799      * {@link KJUR.asn1.x509.CRLNumber} constructor.
-1800      * @example
-1801      * crl = X509CRL("-----BEGIN X509 CRL...");
-1802      * ... get hExtV and critical flag ...
-1803      * crl.getExtCRLNumber("02...", false) →
-1804      * {extname: "cRLNumber", num: {hex: "12af"}}
-1805      */
-1806     this.getExtCRLNumber = function(hExtV, critical) {
-1807 	var result = {extname:"cRLNumber"};
-1808 	if (critical) result.critical = true;
-1809 
-1810 	if (hExtV.substr(0, 2) == "02") {
-1811 	    result.num = {hex: _getV(hExtV, 0)};
-1812 	    return result;
-1813 	}
-1814 	throw new Error("hExtV parse error: " + hExtV);
-1815     };
-1816 
-1817     /**
-1818      * parse cRLReason CRL entry extension as JSON object<br/>
-1819      * @name getExtCRLReason
-1820      * @memberOf X509#
-1821      * @function
-1822      * @param {String} hExtV hexadecimal string of extension value
-1823      * @param {Boolean} critical flag
-1824      * @since jsrsasign 9.1.1 x509 2.0.1
-1825      * @see KJUR.asn1.x509.CRLReason
-1826      * @see X509#getExtParamArray
-1827      * @description
-1828      * This method parses
-1829      * CRLReason CRL entry extension value defined in
-1830      * <a href="https://tools.ietf.org/html/rfc5280#section-5.3.1">
-1831      * RFC 5280 5.3.1</a> as JSON object.
-1832      * <pre>
-1833      * id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
-1834      * -- reasonCode ::= { CRLReason }
-1835      * CRLReason ::= ENUMERATED {
-1836      *      unspecified             (0),
-1837      *      keyCompromise           (1),
-1838      *      cACompromise            (2),
-1839      *      affiliationChanged      (3),
-1840      *      superseded              (4),
-1841      *      cessationOfOperation    (5),
-1842      *      certificateHold         (6),
-1843      *      removeFromCRL           (8),
-1844      *      privilegeWithdrawn      (9),
-1845      *      aACompromise           (10) }
-1846      * </pre>
-1847      * <br/>
-1848      * Result of this method can be passed to 
-1849      * {@link KJUR.asn1.x509.CRLReason} constructor.
-1850      * @example
-1851      * crl = X509CRL("-----BEGIN X509 CRL...");
-1852      * ... get hExtV and critical flag ...
-1853      * crl.getExtCRLReason("02...", false) →
-1854      * {extname: "cRLReason", code: 3}
-1855      */
-1856     this.getExtCRLReason = function(hExtV, critical) {
-1857 	var result = {extname:"cRLReason"};
-1858 	if (critical) result.critical = true;
-1859 
-1860 	if (hExtV.substr(0, 2) == "0a") {
-1861 	    result.code = parseInt(_getV(hExtV, 0), 16);
-1862 	    return result;
-1863 	}
-1864 	throw new Error("hExtV parse error: " + hExtV);
-1865     };
-1866 
-1867     /**
-1868      * parse OCSPNonce OCSP extension as JSON object<br/>
-1869      * @name getExtOCSPNonce
-1870      * @memberOf X509#
-1871      * @function
-1872      * @param {String} hExtV hexadecimal string of extension value
-1873      * @param {Boolean} critical flag
-1874      * @return {Array} JSON object of parsed OCSPNonce extension
-1875      * @since jsrsasign 9.1.6 x509 2.0.3
-1876      * @see KJUR.asn1.x509.OCSPNonce
-1877      * @see X509#getExtParamArray
-1878      * @see X509#getExtParam
-1879      * @description
-1880      * This method parses
-1881      * Nonce OCSP extension value defined in
-1882      * <a href="https://tools.ietf.org/html/rfc6960#section-4.4.1">
-1883      * RFC 6960 4.4.1</a> as JSON object.
-1884      * <pre>
-1885      * id-pkix-ocsp           OBJECT IDENTIFIER ::= { id-ad-ocsp }
-1886      * id-pkix-ocsp-nonce     OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
-1887      * Nonce ::= OCTET STRING
-1888      * </pre>
-1889      * <br/>
-1890      * Result of this method can be passed to 
-1891      * {@link KJUR.asn1.x509.OCSPNonce} constructor.
-1892      * @example
-1893      * x = new X509();
-1894      * x.getExtOCSPNonce(<<extn hex value >>) →
-1895      * { extname: "ocspNonce", hex: "1a2b..." }
-1896      */
-1897     this.getExtOcspNonce = function(hExtV, critical) {
-1898 	var result = {extname:"ocspNonce"};
-1899 	if (critical) result.critical = true;
-1900 
-1901 	var hNonce = _getV(hExtV, 0);
-1902 	result.hex = hNonce;
-1903 
-1904 	return result;
-1905     };
-1906 
-1907     /**
-1908      * parse OCSPNoCheck OCSP extension as JSON object<br/>
-1909      * @name getExtOCSPNoCheck
-1910      * @memberOf X509#
-1911      * @function
-1912      * @param {String} hExtV hexadecimal string of extension value
-1913      * @param {Boolean} critical flag
-1914      * @return {Array} JSON object of parsed OCSPNoCheck extension
-1915      * @since jsrsasign 9.1.6 x509 2.0.3
-1916      * @see KJUR.asn1.x509.OCSPNoCheck
-1917      * @see X509#getExtParamArray
-1918      * @see X509#getExtParam
-1919      * @description
-1920      * This method parses
-1921      * OCSPNoCheck extension value defined in
-1922      * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.2.2.1">
-1923      * RFC 6960 4.2.2.2.1</a> as JSON object.
-1924      * <pre>
-1925      * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
-1926      * </pre>
-1927      * <br/>
-1928      * Result of this method can be passed to 
-1929      * {@link KJUR.asn1.x509.OCSPNoCheck} constructor.
-1930      * @example
-1931      * x = new X509();
-1932      * x.getExtOCSPNoCheck(<<extn hex value >>) →
-1933      * { extname: "ocspNoCheck" }
-1934      */
-1935     this.getExtOcspNoCheck = function(hExtV, critical) {
-1936 	var result = {extname:"ocspNoCheck"};
-1937 	if (critical) result.critical = true;
-1938 
-1939 	return result;
-1940     };
-1941 
-1942     /**
-1943      * parse AdobeTimeStamp extension as JSON object<br/>
-1944      * @name getExtAdobeTimeStamp
-1945      * @memberOf X509#
-1946      * @function
-1947      * @param {String} hExtV hexadecimal string of extension value
-1948      * @param {Boolean} critical flag
-1949      * @return {Array} JSON object of parsed AdobeTimeStamp extension
-1950      * @since jsrsasign 10.0.1 x509 2.0.5
-1951      * @see KJUR.asn1.x509.AdobeTimeStamp
-1952      * @see X509#getExtParamArray
-1953      * @see X509#getExtParam
-1954      * @description
-1955      * This method parses
-1956      * X.509v3 AdobeTimeStamp private extension value defined in the
-1957      * <a href="https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSigDC/oids.html">
-1958      * Adobe site</a> as JSON object.
-1959      * This extension provides the URL location for time stamp service.
-1960      * <pre>
-1961      * adbe- OBJECT IDENTIFIER ::=  { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 }
-1962      *  ::= SEQUENCE {
-1963      *     version INTEGER  { v1(1) }, -- extension version
-1964      *     location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier)
-1965      *     requiresAuth        boolean (default false), OPTIONAL }
-1966      * </pre>
-1967      * <br/>
-1968      * Result of this method can be passed to 
-1969      * {@link KJUR.asn1.x509.AdobeTimeStamp} constructor.
-1970      * <br/>
-1971      * NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp".
-1972      * @example
-1973      * x.getExtAdobeTimeStamp(<<extn hex value >>) →
-1974      * { extname: "adobeTimeStamp", uri: "http://tsa.example.com/" reqauth: true }
-1975      */
-1976     this.getExtAdobeTimeStamp = function(hExtV, critical) {
-1977 	if (hExtV === undefined && critical === undefined) {
-1978 	    var info = this.getExtInfo("adobeTimeStamp");
-1979 	    if (info === undefined) return undefined;
-1980 	    hExtV = _getTLV(this.hex, info.vidx);
-1981 	    critical = info.critical;
-1982 	}
-1983 
-1984 	var result = {extname:"adobeTimeStamp"};
-1985 	if (critical) result.critical = true;
-1986 
-1987 	var a = _getChildIdx(hExtV, 0);
-1988 	if (a.length > 1) {
-1989 	    var hGN = _getTLV(hExtV, a[1])
-1990 	    var gnParam = this.getGeneralName(hGN);
-1991 	    if (gnParam.uri != undefined) {
-1992 		result.uri = gnParam.uri;
-1993 	    }
-1994 	}
-1995 	if (a.length > 2) {
-1996 	    var hBool = _getTLV(hExtV, a[2]);
-1997 	    if (hBool == "0101ff") result.reqauth = true;
-1998 	    if (hBool == "010100") result.reqauth = false;
-1999 	}
-2000 
-2001 	return result;
-2002     };
-2003 
-2004     // ===== BEGIN X500Name related =====================================
-2005 
-2006     this.getX500NameRule = function(aDN) {
-2007 	var isPRNRule = true;
-2008 	var isUTF8Rule = true;
-2009 	var isMixedRule = false;
-2010 	var logfull = "";
-2011 	var logcheck = "";
-2012 	var lasttag = null;
-2013 
-2014 	var a = [];
-2015 	for (var i = 0; i < aDN.length; i++) {
-2016 	    var aRDN = aDN[i];
-2017 	    for (var j = 0; j < aRDN.length; j++) {
-2018 		a.push(aRDN[j]);
-2019 	    }
-2020 	}
-2021 
-2022 	for (var i = 0; i < a.length; i++) {
-2023 	    var item = a[i];
-2024 	    var tag = item.ds;
-2025 	    var value = item.value;
-2026 	    var type = item.type;
-2027 	    logfull += ":" + tag;
-2028 	    
-2029 	    if (tag != "prn" && tag != "utf8" && tag != "ia5") {
-2030 		return "mixed";
-2031 	    }
-2032 	    if (tag == "ia5") {
-2033 		if (type != "CN") {
-2034 		    return "mixed";
-2035 		} else {
-2036 		    if (! KJUR.lang.String.isMail(value)) {
-2037 			return "mixed";
-2038 		    } else {
-2039 			continue;
-2040 		    }
-2041 		}
-2042 	    }
-2043 	    if (type == "C") {
-2044 		if (tag == "prn") {
-2045 		    continue;
-2046 		} else {
-2047 		    return "mixed";
-2048 		}
-2049 	    }
-2050 	    logcheck += ":" + tag;
-2051 	    if (lasttag == null) {
-2052 		lasttag = tag;
-2053 	    } else {
-2054 		if (lasttag !== tag) return "mixed";
-2055 	    }
-2056 	}
-2057 	if (lasttag == null) {
-2058 	    return "prn";
-2059 	} else {
-2060 	    return lasttag;
-2061 	}
-2062     };
-2063 
-2064     /**
-2065      * get Name ASN.1 structure parameter array<br/>
-2066      * @name getX500Name
-2067      * @memberOf X509#
-2068      * @function
-2069      * @param {String} h hexadecimal string of Name
-2070      * @return {Array} array of RDN parameter array
-2071      * @since jsrsasign 9.0.0 x509 2.0.0
-2072      * @see X509#getX500Name
-2073      * @see X509#getRDN
-2074      * @see X509#getAttrTypeAndValue
-2075      * @description
-2076      * This method will get Name parameter defined in
-2077      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-2078      * RFC 5280 4.1.2.4</a>.
-2079      * <pre>
-2080      * Name ::= CHOICE { -- only one possibility for now --
-2081      *   rdnSequence  RDNSequence }
-2082      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-2083      * </pre>
-2084      * @example
-2085      * x = new X509();
-2086      * x.getX500Name("30...") →
-2087      * [[{type:"C",value:"US",ds:"prn"}],
-2088      *  [{type:"O",value:"Sample Corp.",ds:"utf8"}],
-2089      *  [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]]
-2090      */
-2091     this.getX500Name = function(h) {
-2092 	var result = [];
-2093 	var a = _getChildIdx(h, 0);
-2094 	for (var i = 0; i < a.length; i++) {
-2095 	    result.push(this.getRDN(_getTLV(h, a[i])));
-2096 	}
-2097 	return result;
-2098     };
-2099     
-2100     /**
-2101      * get RelativeDistinguishedName ASN.1 structure parameter array<br/>
-2102      * @name getRDN
-2103      * @memberOf X509#
-2104      * @function
-2105      * @param {String} h hexadecimal string of RDN
-2106      * @return {Array} array of AttrTypeAndValue parameters
-2107      * @since jsrsasign 9.0.0 x509 2.0.0
-2108      * @see X509#getX500Name
-2109      * @see X509#getRDN
-2110      * @see X509#getAttrTypeAndValue
-2111      * @description
-2112      * This method will get RelativeDistinguishedName parameters defined in
-2113      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-2114      * RFC 5280 4.1.2.4</a>.
-2115      * <pre>
-2116      * RelativeDistinguishedName ::=
-2117      *   SET SIZE (1..MAX) OF AttributeTypeAndValue
-2118      * </pre>
-2119      * @example
-2120      * x = new X509();
-2121      * x.getRDN("31...") →
-2122      * [{type:"C",value:"US",ds:"prn"}] or
-2123      * [{type:"O",value:"Sample Corp.",ds:"prn"}] or
-2124      * [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
-2125      */
-2126     this.getRDN = function(h) {
-2127 	var result = [];
-2128 	var a = _getChildIdx(h, 0);
-2129 	for (var i = 0; i < a.length; i++) {
-2130 	    result.push(this.getAttrTypeAndValue(_getTLV(h, a[i])));
-2131 	}
-2132 	return result;
-2133     };
-2134 
-2135     /**
-2136      * get AttributeTypeAndValue ASN.1 structure parameter as JSON object<br/>
-2137      * @name getAttrTypeAndValue
-2138      * @memberOf X509#
-2139      * @function
-2140      * @param {String} h hexadecimal string of AttributeTypeAndValue
-2141      * @return {Object} JSON object of AttributeTypeAndValue parameters
-2142      * @since jsrsasign 9.0.0 x509 2.0.0
-2143      * @see X509#getX500Name
-2144      * @see X509#getRDN
-2145      * @description
-2146      * This method will get AttributeTypeAndValue parameters defined in
-2147      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-2148      * RFC 5280 4.1.2.4</a>.
-2149      * <pre>
-2150      * AttributeTypeAndValue ::= SEQUENCE {
-2151      *   type     AttributeType,
-2152      *   value    AttributeValue }
-2153      * AttributeType ::= OBJECT IDENTIFIER
-2154      * AttributeValue ::= ANY -- DEFINED BY AttributeType
-2155      * </pre>
-2156      * <ul>
-2157      * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li>
-2158      * <li>{String}value - raw string of ASN.1 value of AttributeValue</li>
-2159      * <li>{String}ds - DirectoryString type of AttributeValue</li>
-2160      * </ul>
-2161      * "ds" has one of following value:
-2162      * <ul>
-2163      * <li>utf8 - (0x0c) UTF8String</li>
-2164      * <li>prn  - (0x13) PrintableString</li>
-2165      * <li>ia5  - (0x16) IA5String</li>
-2166      * <li>vis  - (0x1a) VisibleString</li>
-2167      * <li>bmp  - (0x1e) BMPString</li>
-2168      * </ul>
+1604 	var aIdxPI = _getChildIdx(hExtV, 0); // PolicyInformation list index
+1605 	for (var i = 0; i < aIdxPI.length; i++) {
+1606 	    var hPolicyInformation = _getTLV(hExtV, aIdxPI[i]);
+1607 	    var polinfo = this.getPolicyInformation(hPolicyInformation);
+1608 	    result.array.push(polinfo);
+1609 	}
+1610 	return result;
+1611     }
+1612 
+1613     /**
+1614      * get PolicyInformation ASN.1 structure parameter as JSON object
+1615      * @name getPolicyInformation
+1616      * @memberOf X509#
+1617      * @function
+1618      * @param {String} h hexadecimal string of PolicyInformation
+1619      * @return {Object} JSON object of PolicyInformation parameters
+1620      * @since jsrsasign 9.0.0 x509 2.0.0
+1621      * @description
+1622      * This method will get PolicyInformation parameters defined in
+1623      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
+1624      * RFC 5280 4.2.1.4</a>.
+1625      * <pre>
+1626      * PolicyInformation ::= SEQUENCE {
+1627      *      policyIdentifier   CertPolicyId,
+1628      *      policyQualifiers   SEQUENCE SIZE (1..MAX) OF
+1629      *                              PolicyQualifierInfo OPTIONAL }
+1630      * </pre>
+1631      * Result of this method can be passed to
+1632      * {@link KJUR.asn1.x509.PolicyInformation} constructor.
+1633      * @example
+1634      * x = new X509();
+1635      * x.getPolicyInformation("30...") →
+1636      * {
+1637      *     policyoid: "2.16.840.1.114412.2.1",
+1638      *     array: [{cps: "https://www.digicert.com/CPS"}]
+1639      * }
+1640      */
+1641     this.getPolicyInformation = function(h) {
+1642 	var result = {};
+1643 
+1644 	var hPOLICYOID = _getVbyList(h, 0, [0], "06");
+1645 	result.policyoid = _oidname(hPOLICYOID);
+1646 	
+1647 	var idxPQSEQ = _getIdxbyListEx(h, 0, [1], "30");
+1648 	if (idxPQSEQ != -1) {
+1649 	    result.array = [];
+1650 	    var aIdx = _getChildIdx(h, idxPQSEQ);
+1651 	    for (var j = 0; j < aIdx.length; j++) {
+1652 		var hPQI = _getTLV(h, aIdx[j]);
+1653 		var pqinfo = this.getPolicyQualifierInfo(hPQI);
+1654 		result.array.push(pqinfo);
+1655 	    }
+1656 	}
+1657 
+1658 	return result;
+1659     };
+1660 
+1661     /**
+1662      * get PolicyQualifierInfo ASN.1 structure parameter as JSON object
+1663      * @name getPolicyQualifierInfo
+1664      * @memberOf X509#
+1665      * @function
+1666      * @param {String} h hexadecimal string of PolicyQualifierInfo
+1667      * @return {Object} JSON object of PolicyQualifierInfo parameters
+1668      * @since jsrsasign 9.0.0 x509 2.0.0
+1669      * @see X509#getExtCertificatePolicies
+1670      * @see X509#getPolicyInformation
+1671      * @description
+1672      * This method will get 
+1673      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
+1674      * PolicyQualifierInfo</a> parameters.
+1675      * <pre>
+1676      * PolicyQualifierInfo ::= SEQUENCE {
+1677      *      policyQualifierId  PolicyQualifierId,
+1678      *      qualifier          ANY DEFINED BY policyQualifierId }
+1679      * id-qt          OBJECT IDENTIFIER ::=  { id-pkix 2 }
+1680      * id-qt-cps      OBJECT IDENTIFIER ::=  { id-qt 1 }
+1681      * id-qt-unotice  OBJECT IDENTIFIER ::=  { id-qt 2 }
+1682      * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
+1683      * Qualifier ::= CHOICE {
+1684      *      cPSuri           CPSuri,
+1685      *      userNotice       UserNotice }
+1686      * CPSuri ::= IA5String
+1687      * </pre>
+1688      * Result of this method can be passed to 
+1689      * {@link KJUR.asn1.x509.PolicyQualifierInfo} constructor.
+1690      * @example
+1691      * x = new X509();
+1692      * x.getPolicyQualifierInfo("30...") 
+1693      * → {unotice: {exptext: {type: 'utf8', str: 'aaa'}}}
+1694      * x.getPolicyQualifierInfo("30...") 
+1695      * → {cps: "https://repository.example.com/"}
+1696      */
+1697     this.getPolicyQualifierInfo = function(h) {
+1698 	var result = {};
+1699 	var hPQOID = _getVbyList(h, 0, [0], "06");
+1700 	if (hPQOID === "2b06010505070201") { // cps
+1701 	    var hCPSURI = _getVbyListEx(h, 0, [1], "16");
+1702 	    result.cps = hextorstr(hCPSURI);
+1703 	} else if (hPQOID === "2b06010505070202") { // unotice
+1704 	    var hUserNotice = _getTLVbyList(h, 0, [1], "30");
+1705 	    result.unotice = this.getUserNotice(hUserNotice);
+1706 	}
+1707 	return result;
+1708     };
+1709 
+1710     /**
+1711      * get UserNotice ASN.1 structure parameter as JSON object
+1712      * @name getUserNotice
+1713      * @memberOf X509#
+1714      * @function
+1715      * @param {String} h hexadecimal string of UserNotice
+1716      * @return {Object} JSON object of UserNotice parameters
+1717      * @since jsrsasign 9.0.0 x509 2.0.0
+1718      * @see X509#getExtCertificatePolicies
+1719      * @see X509#getPolicyInformation
+1720      * @see X509#getPolicyQualifierInfo
+1721      * @description
+1722      * This method will get 
+1723      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
+1724      * UserNotice</a> parameters.
+1725      * <pre>
+1726      * UserNotice ::= SEQUENCE {
+1727      *      noticeRef        NoticeReference OPTIONAL,
+1728      *      explicitText     DisplayText OPTIONAL }
+1729      * </pre>
+1730      * Result of this method can be passed to 
+1731      * {@link KJUR.asn1.x509.NoticeReference} constructor.
+1732      * <br/>
+1733      * NOTE: NoticeReference parsing is currently not supported and
+1734      * it will be ignored.
+1735      * @example
+1736      * x = new X509();
+1737      * x.getUserNotice("30...") → {exptext: {type: 'utf8', str: 'aaa'}}
+1738      */
+1739     this.getUserNotice = function(h) {
+1740 	var result = {};
+1741 	var a = _getChildIdx(h, 0);
+1742 	for (var i = 0; i < a.length; i++) {
+1743 	    var hItem = _getTLV(h, a[i]);
+1744 	    if (hItem.substr(0, 2) != "30") {
+1745 		result.exptext = this.getDisplayText(hItem);
+1746 	    }
+1747 	}
+1748 	return result;
+1749     };
+1750 
+1751     /**
+1752      * get DisplayText ASN.1 structure parameter as JSON object
+1753      * @name getDisplayText
+1754      * @memberOf X509#
+1755      * @function
+1756      * @param {String} h hexadecimal string of DisplayText
+1757      * @return {Object} JSON object of DisplayText parameters
+1758      * @since jsrsasign 9.0.0 x509 2.0.0
+1759      * @see X509#getExtCertificatePolicies
+1760      * @see X509#getPolicyInformation
+1761      * @description
+1762      * This method will get 
+1763      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
+1764      * DisplayText</a> parameters.
+1765      * <pre>
+1766      * DisplayText ::= CHOICE {
+1767      *      ia5String        IA5String      (SIZE (1..200)),
+1768      *      visibleString    VisibleString  (SIZE (1..200)),
+1769      *      bmpString        BMPString      (SIZE (1..200)),
+1770      *      utf8String       UTF8String     (SIZE (1..200)) }     
+1771      * </pre>
+1772      * Result of this method can be passed to 
+1773      * {@link KJUR.asn1.x509.DisplayText} constructor.
+1774      * @example
+1775      * x = new X509();
+1776      * x.getDisplayText("0c03616161") &rarr {type: 'utf8', str: 'aaa'}
+1777      * x.getDisplayText("1e03616161") &rarr {type: 'bmp',  str: 'aaa'}
+1778      */
+1779     this.getDisplayText = function(h) {
+1780 	var _DISPLAYTEXTTAG = {"0c": "utf8", "16": "ia5", "1a": "vis" , "1e": "bmp"};
+1781 	var result = {};
+1782 	result.type = _DISPLAYTEXTTAG[h.substr(0, 2)];
+1783 	result.str = hextorstr(_getV(h, 0));
+1784 	return result;
+1785     };
+1786 
+1787     /**
+1788      * parse cRLNumber CRL extension as JSON object<br/>
+1789      * @name getExtCRLNumber
+1790      * @memberOf X509#
+1791      * @function
+1792      * @param {String} hExtV hexadecimal string of extension value
+1793      * @param {Boolean} critical flag
+1794      * @since jsrsasign 9.1.1 x509 2.0.1
+1795      * @see KJUR.asn1.x509.CRLNumber
+1796      * @see X509#getExtParamArray
+1797      * @description
+1798      * This method parses
+1799      * CRLNumber CRL extension value defined in
+1800      * <a href="https://tools.ietf.org/html/rfc5280#section-5.2.3">
+1801      * RFC 5280 5.2.3</a> as JSON object.
+1802      * <pre>
+1803      * id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
+1804      * CRLNumber ::= INTEGER (0..MAX)
+1805      * </pre>
+1806      * <br/>
+1807      * Result of this method can be passed to 
+1808      * {@link KJUR.asn1.x509.CRLNumber} constructor.
+1809      * @example
+1810      * crl = X509CRL("-----BEGIN X509 CRL...");
+1811      * ... get hExtV and critical flag ...
+1812      * crl.getExtCRLNumber("02...", false) →
+1813      * {extname: "cRLNumber", num: {hex: "12af"}}
+1814      */
+1815     this.getExtCRLNumber = function(hExtV, critical) {
+1816 	var result = {extname:"cRLNumber"};
+1817 	if (critical) result.critical = true;
+1818 
+1819 	if (hExtV.substr(0, 2) == "02") {
+1820 	    result.num = {hex: _getV(hExtV, 0)};
+1821 	    return result;
+1822 	}
+1823 	throw new Error("hExtV parse error: " + hExtV);
+1824     };
+1825 
+1826     /**
+1827      * parse cRLReason CRL entry extension as JSON object<br/>
+1828      * @name getExtCRLReason
+1829      * @memberOf X509#
+1830      * @function
+1831      * @param {String} hExtV hexadecimal string of extension value
+1832      * @param {Boolean} critical flag
+1833      * @since jsrsasign 9.1.1 x509 2.0.1
+1834      * @see KJUR.asn1.x509.CRLReason
+1835      * @see X509#getExtParamArray
+1836      * @description
+1837      * This method parses
+1838      * CRLReason CRL entry extension value defined in
+1839      * <a href="https://tools.ietf.org/html/rfc5280#section-5.3.1">
+1840      * RFC 5280 5.3.1</a> as JSON object.
+1841      * <pre>
+1842      * id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
+1843      * -- reasonCode ::= { CRLReason }
+1844      * CRLReason ::= ENUMERATED {
+1845      *      unspecified             (0),
+1846      *      keyCompromise           (1),
+1847      *      cACompromise            (2),
+1848      *      affiliationChanged      (3),
+1849      *      superseded              (4),
+1850      *      cessationOfOperation    (5),
+1851      *      certificateHold         (6),
+1852      *      removeFromCRL           (8),
+1853      *      privilegeWithdrawn      (9),
+1854      *      aACompromise           (10) }
+1855      * </pre>
+1856      * <br/>
+1857      * Result of this method can be passed to 
+1858      * {@link KJUR.asn1.x509.CRLReason} constructor.
+1859      * @example
+1860      * crl = X509CRL("-----BEGIN X509 CRL...");
+1861      * ... get hExtV and critical flag ...
+1862      * crl.getExtCRLReason("02...", false) →
+1863      * {extname: "cRLReason", code: 3}
+1864      */
+1865     this.getExtCRLReason = function(hExtV, critical) {
+1866 	var result = {extname:"cRLReason"};
+1867 	if (critical) result.critical = true;
+1868 
+1869 	if (hExtV.substr(0, 2) == "0a") {
+1870 	    result.code = parseInt(_getV(hExtV, 0), 16);
+1871 	    return result;
+1872 	}
+1873 	throw new Error("hExtV parse error: " + hExtV);
+1874     };
+1875 
+1876     /**
+1877      * parse OCSPNonce OCSP extension as JSON object<br/>
+1878      * @name getExtOCSPNonce
+1879      * @memberOf X509#
+1880      * @function
+1881      * @param {String} hExtV hexadecimal string of extension value
+1882      * @param {Boolean} critical flag
+1883      * @return {Array} JSON object of parsed OCSPNonce extension
+1884      * @since jsrsasign 9.1.6 x509 2.0.3
+1885      * @see KJUR.asn1.x509.OCSPNonce
+1886      * @see X509#getExtParamArray
+1887      * @see X509#getExtParam
+1888      * @description
+1889      * This method parses
+1890      * Nonce OCSP extension value defined in
+1891      * <a href="https://tools.ietf.org/html/rfc6960#section-4.4.1">
+1892      * RFC 6960 4.4.1</a> as JSON object.
+1893      * <pre>
+1894      * id-pkix-ocsp           OBJECT IDENTIFIER ::= { id-ad-ocsp }
+1895      * id-pkix-ocsp-nonce     OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
+1896      * Nonce ::= OCTET STRING
+1897      * </pre>
+1898      * <br/>
+1899      * Result of this method can be passed to 
+1900      * {@link KJUR.asn1.x509.OCSPNonce} constructor.
+1901      * @example
+1902      * x = new X509();
+1903      * x.getExtOCSPNonce(<<extn hex value >>) →
+1904      * { extname: "ocspNonce", hex: "1a2b..." }
+1905      */
+1906     this.getExtOcspNonce = function(hExtV, critical) {
+1907 	var result = {extname:"ocspNonce"};
+1908 	if (critical) result.critical = true;
+1909 
+1910 	var hNonce = _getV(hExtV, 0);
+1911 	result.hex = hNonce;
+1912 
+1913 	return result;
+1914     };
+1915 
+1916     /**
+1917      * parse OCSPNoCheck OCSP extension as JSON object<br/>
+1918      * @name getExtOCSPNoCheck
+1919      * @memberOf X509#
+1920      * @function
+1921      * @param {String} hExtV hexadecimal string of extension value
+1922      * @param {Boolean} critical flag
+1923      * @return {Array} JSON object of parsed OCSPNoCheck extension
+1924      * @since jsrsasign 9.1.6 x509 2.0.3
+1925      * @see KJUR.asn1.x509.OCSPNoCheck
+1926      * @see X509#getExtParamArray
+1927      * @see X509#getExtParam
+1928      * @description
+1929      * This method parses
+1930      * OCSPNoCheck extension value defined in
+1931      * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.2.2.1">
+1932      * RFC 6960 4.2.2.2.1</a> as JSON object.
+1933      * <pre>
+1934      * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
+1935      * </pre>
+1936      * <br/>
+1937      * Result of this method can be passed to 
+1938      * {@link KJUR.asn1.x509.OCSPNoCheck} constructor.
+1939      * @example
+1940      * x = new X509();
+1941      * x.getExtOCSPNoCheck(<<extn hex value >>) →
+1942      * { extname: "ocspNoCheck" }
+1943      */
+1944     this.getExtOcspNoCheck = function(hExtV, critical) {
+1945 	var result = {extname:"ocspNoCheck"};
+1946 	if (critical) result.critical = true;
+1947 
+1948 	return result;
+1949     };
+1950 
+1951     /**
+1952      * parse AdobeTimeStamp extension as JSON object<br/>
+1953      * @name getExtAdobeTimeStamp
+1954      * @memberOf X509#
+1955      * @function
+1956      * @param {String} hExtV hexadecimal string of extension value
+1957      * @param {Boolean} critical flag
+1958      * @return {Array} JSON object of parsed AdobeTimeStamp extension
+1959      * @since jsrsasign 10.0.1 x509 2.0.5
+1960      * @see KJUR.asn1.x509.AdobeTimeStamp
+1961      * @see X509#getExtParamArray
+1962      * @see X509#getExtParam
+1963      * @description
+1964      * This method parses
+1965      * X.509v3 AdobeTimeStamp private extension value defined in the
+1966      * <a href="https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSigDC/oids.html">
+1967      * Adobe site</a> as JSON object.
+1968      * This extension provides the URL location for time stamp service.
+1969      * <pre>
+1970      * adbe- OBJECT IDENTIFIER ::=  { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 }
+1971      *  ::= SEQUENCE {
+1972      *     version INTEGER  { v1(1) }, -- extension version
+1973      *     location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier)
+1974      *     requiresAuth        boolean (default false), OPTIONAL }
+1975      * </pre>
+1976      * <br/>
+1977      * Result of this method can be passed to 
+1978      * {@link KJUR.asn1.x509.AdobeTimeStamp} constructor.
+1979      * <br/>
+1980      * NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp".
+1981      * @example
+1982      * x.getExtAdobeTimeStamp(<<extn hex value >>) →
+1983      * { extname: "adobeTimeStamp", uri: "http://tsa.example.com/" reqauth: true }
+1984      */
+1985     this.getExtAdobeTimeStamp = function(hExtV, critical) {
+1986 	if (hExtV === undefined && critical === undefined) {
+1987 	    var info = this.getExtInfo("adobeTimeStamp");
+1988 	    if (info === undefined) return undefined;
+1989 	    hExtV = _getTLV(this.hex, info.vidx);
+1990 	    critical = info.critical;
+1991 	}
+1992 
+1993 	var result = {extname:"adobeTimeStamp"};
+1994 	if (critical) result.critical = true;
+1995 
+1996 	var a = _getChildIdx(hExtV, 0);
+1997 	if (a.length > 1) {
+1998 	    var hGN = _getTLV(hExtV, a[1])
+1999 	    var gnParam = this.getGeneralName(hGN);
+2000 	    if (gnParam.uri != undefined) {
+2001 		result.uri = gnParam.uri;
+2002 	    }
+2003 	}
+2004 	if (a.length > 2) {
+2005 	    var hBool = _getTLV(hExtV, a[2]);
+2006 	    if (hBool == "0101ff") result.reqauth = true;
+2007 	    if (hBool == "010100") result.reqauth = false;
+2008 	}
+2009 
+2010 	return result;
+2011     };
+2012 
+2013     // ===== BEGIN X500Name related =====================================
+2014 
+2015     this.getX500NameRule = function(aDN) {
+2016 	var isPRNRule = true;
+2017 	var isUTF8Rule = true;
+2018 	var isMixedRule = false;
+2019 	var logfull = "";
+2020 	var logcheck = "";
+2021 	var lasttag = null;
+2022 
+2023 	var a = [];
+2024 	for (var i = 0; i < aDN.length; i++) {
+2025 	    var aRDN = aDN[i];
+2026 	    for (var j = 0; j < aRDN.length; j++) {
+2027 		a.push(aRDN[j]);
+2028 	    }
+2029 	}
+2030 
+2031 	for (var i = 0; i < a.length; i++) {
+2032 	    var item = a[i];
+2033 	    var tag = item.ds;
+2034 	    var value = item.value;
+2035 	    var type = item.type;
+2036 	    logfull += ":" + tag;
+2037 	    
+2038 	    if (tag != "prn" && tag != "utf8" && tag != "ia5") {
+2039 		return "mixed";
+2040 	    }
+2041 	    if (tag == "ia5") {
+2042 		if (type != "CN") {
+2043 		    return "mixed";
+2044 		} else {
+2045 		    if (! KJUR.lang.String.isMail(value)) {
+2046 			return "mixed";
+2047 		    } else {
+2048 			continue;
+2049 		    }
+2050 		}
+2051 	    }
+2052 	    if (type == "C") {
+2053 		if (tag == "prn") {
+2054 		    continue;
+2055 		} else {
+2056 		    return "mixed";
+2057 		}
+2058 	    }
+2059 	    logcheck += ":" + tag;
+2060 	    if (lasttag == null) {
+2061 		lasttag = tag;
+2062 	    } else {
+2063 		if (lasttag !== tag) return "mixed";
+2064 	    }
+2065 	}
+2066 	if (lasttag == null) {
+2067 	    return "prn";
+2068 	} else {
+2069 	    return lasttag;
+2070 	}
+2071     };
+2072 
+2073     /**
+2074      * get Name ASN.1 structure parameter array<br/>
+2075      * @name getX500Name
+2076      * @memberOf X509#
+2077      * @function
+2078      * @param {String} h hexadecimal string of Name
+2079      * @return {Array} array of RDN parameter array
+2080      * @since jsrsasign 9.0.0 x509 2.0.0
+2081      * @see X509#getX500NameArray
+2082      * @see X509#getRDN
+2083      * @see X509#getAttrTypeAndValue
+2084      * @see KJUR.asn1.x509.X500Name
+2085      * @see KJUR.asn1.x509.GeneralName
+2086      * @see KJUR.asn1.x509.GeneralNames
+2087      * @description
+2088      * This method will get Name parameter defined in
+2089      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2090      * RFC 5280 4.1.2.4</a>.
+2091      * <pre>
+2092      * Name ::= CHOICE { -- only one possibility for now --
+2093      *   rdnSequence  RDNSequence }
+2094      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+2095      * </pre>
+2096      * @example
+2097      * x = new X509();
+2098      * x.getX500Name("30...") →
+2099      * { array: [
+2100      *     [{type:"C",value:"US",ds:"prn"}],
+2101      *     [{type:"O",value:"Sample Corp.",ds:"utf8"}],
+2102      *     [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
+2103      *   ],
+2104      *   str: "/C=US/O=Sample Corp./CN=john.smith@example.com",
+2105      *   hex: "30..."
+2106      * }
+2107      */
+2108     this.getX500Name = function(h) {
+2109 	var a = this.getX500NameArray(h);
+2110 	var s = this.dnarraytostr(a);
+2111 	return { array: a, str: s };
+2112     };
+2113 
+2114     /**
+2115      * get X.500 Name ASN.1 structure parameter array<br/>
+2116      * @name getX500NameArray
+2117      * @memberOf X509#
+2118      * @function
+2119      * @param {String} h hexadecimal string of Name
+2120      * @return {Array} array of RDN parameter array
+2121      * @since jsrsasign 10.0.6 x509 2.0.9
+2122      * @see X509#getX500Name
+2123      * @see X509#getRDN
+2124      * @see X509#getAttrTypeAndValue
+2125      * @description
+2126      * This method will get Name parameter defined in
+2127      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2128      * RFC 5280 4.1.2.4</a>.
+2129      * <pre>
+2130      * Name ::= CHOICE { -- only one possibility for now --
+2131      *   rdnSequence  RDNSequence }
+2132      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+2133      * </pre>
+2134      * @example
+2135      * x = new X509();
+2136      * x.getX500NameArray("30...") →
+2137      * [[{type:"C",value:"US",ds:"prn"}],
+2138      *  [{type:"O",value:"Sample Corp.",ds:"utf8"}],
+2139      *  [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]]
+2140      */
+2141     this.getX500NameArray = function(h) {
+2142 	var result = [];
+2143 	var a = _getChildIdx(h, 0);
+2144 	for (var i = 0; i < a.length; i++) {
+2145 	    result.push(this.getRDN(_getTLV(h, a[i])));
+2146 	}
+2147 	return result;
+2148     };
+2149     
+2150     /**
+2151      * get RelativeDistinguishedName ASN.1 structure parameter array<br/>
+2152      * @name getRDN
+2153      * @memberOf X509#
+2154      * @function
+2155      * @param {String} h hexadecimal string of RDN
+2156      * @return {Array} array of AttrTypeAndValue parameters
+2157      * @since jsrsasign 9.0.0 x509 2.0.0
+2158      * @see X509#getX500Name
+2159      * @see X509#getRDN
+2160      * @see X509#getAttrTypeAndValue
+2161      * @description
+2162      * This method will get RelativeDistinguishedName parameters defined in
+2163      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2164      * RFC 5280 4.1.2.4</a>.
+2165      * <pre>
+2166      * RelativeDistinguishedName ::=
+2167      *   SET SIZE (1..MAX) OF AttributeTypeAndValue
+2168      * </pre>
 2169      * @example
 2170      * x = new X509();
-2171      * x.getAttrTypeAndValue("30...") →
-2172      * {type:"CN",value:"john.smith@example.com",ds:"ia5"} or
-2173      * {type:"O",value:"Sample Corp.",ds:"prn"}
-2174      */
-2175     // tel  - (0x14) TeletexString ... for future
-2176     // num  - (0x12) NumericString ... for future
-2177     // unv  - (0x1c??) UniversalString ... for future
-2178     this.getAttrTypeAndValue = function(h) {
-2179 	var result = {type: null, value: null, ds: null};
-2180 	var a = _getChildIdx(h, 0);
-2181 	var hOID = _getVbyList(h, a[0], [], "06");
-2182 	var hValue = _getVbyList(h, a[1], []);
-2183 	var oid = KJUR.asn1.ASN1Util.oidHexToInt(hOID);
-2184 	result.type = KJUR.asn1.x509.OID.oid2atype(oid);
-2185 	result.value = hextorstr(hValue);
-2186 	result.ds = this.HEX2STAG[h.substr(a[1], 2)];
-2187 	return result;
-2188     };
-2189 
-2190     // ===== END X500Name related =====================================
-2191 
-2192     // ===== BEGIN read certificate =====================================
-2193     /**
-2194      * read PEM formatted X.509 certificate from string.<br/>
-2195      * @name readCertPEM
-2196      * @memberOf X509#
-2197      * @function
-2198      * @param {String} sCertPEM string for PEM formatted X.509 certificate
-2199      * @example
-2200      * x = new X509();
-2201      * x.readCertPEM(sCertPEM); // read certificate
-2202      */
-2203     this.readCertPEM = function(sCertPEM) {
-2204         this.readCertHex(_pemtohex(sCertPEM));
-2205     };
-2206 
-2207     /**
-2208      * read a hexadecimal string of X.509 certificate<br/>
-2209      * @name readCertHex
-2210      * @memberOf X509#
-2211      * @function
-2212      * @param {String} sCertHex hexadecimal string of X.509 certificate
-2213      * @since jsrsasign 7.1.4 x509 1.1.13
-2214      * @description
-2215      * NOTE: {@link X509#parseExt} will called internally since jsrsasign 7.2.0.
-2216      * @example
-2217      * x = new X509();
-2218      * x.readCertHex("3082..."); // read certificate
-2219      */
-2220     this.readCertHex = function(sCertHex) {
-2221         this.hex = sCertHex;
-2222 	this.getVersion(); // set version parameter
-2223 
-2224 	try {
-2225 	    _getIdxbyList(this.hex, 0, [0, 7], "a3"); // has [3] v3ext
-2226 	    this.parseExt();
-2227 	} catch(ex) {};
-2228     };
-2229 
-2230     // ===== END read certificate =====================================
-2231 
-2232     /**
-2233      * get JSON object of certificate parameters<br/>
-2234      * @name getParam
-2235      * @memberOf X509#
-2236      * @function
-2237      * @return {Array} JSON object of certificate parameters
-2238      * @since jsrsasign 9.0.0 x509 2.0.0
-2239      * @see KJUR.asn1.x509.X509Util.newCertPEM
-2240      * @description
-2241      * This method returns a JSON object of the certificate
-2242      * parameters. Return value can be passed to
-2243      * {@link KJUR.asn1.x509.X509Util.newCertPEM}.
-2244      * @example
-2245      * x = new X509();
-2246      * x.readCertPEM("-----BEGIN CERTIFICATE...");
-2247      * x.getParam() →
-2248      * {version:3,
-2249      *  serial:{hex:"12ab"},
-2250      *  sigalg:"SHA256withRSA",
-2251      *  issuer: {array:[[{type:'CN',value:'CA1',ds:'prn'}]],str:"/O=CA1"},
-2252      *  notbefore:"160403023700Z",
-2253      *  notafter:"160702023700Z",
-2254      *  subject: {array:[[{type:'CN',value:'Test1',ds:'prn'}]],str:"/CN=Test1"},
-2255      *  sbjpubkey:"-----BEGIN PUBLIC KEY...",
-2256      *  ext:[
-2257      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
-2258      *   {extname:"basicConstraints",critical:true},
-2259      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
-2260      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-2261      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
-2262      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
-2263      *  ],
-2264      *  sighex:"0b76...8"
-2265      * };
-2266      */
-2267     this.getParam = function() {
-2268 	var result = {};
-2269 	result.version = this.getVersion();
-2270 	result.serial = {hex: this.getSerialNumberHex()};
-2271 	result.sigalg = this.getSignatureAlgorithmField();
-2272 	result.issuer = this.getIssuer();
-2273 	result.notbefore = this.getNotBefore();
-2274 	result.notafter = this.getNotAfter();
-2275 	result.subject = this.getSubject();
-2276 	result.sbjpubkey = hextopem(this.getPublicKeyHex(), "PUBLIC KEY");
-2277 	if (this.aExtInfo.length > 0) {
-2278 	    result.ext = this.getExtParamArray();
-2279 	}
-2280 	result.sighex = this.getSignatureValueHex();
-2281 	return result;
-2282     };
-2283 
-2284     /** 
-2285      * get array of certificate extension parameter JSON object<br/>
-2286      * @name getExtParamArray
-2287      * @memberOf X509#
-2288      * @function
-2289      * @param {String} hExtSeq hexadecimal string of SEQUENCE of Extension
-2290      * @return {Array} array of certificate extension parameter JSON object
-2291      * @since jsrsasign 9.0.0 x509 2.0.0
-2292      * @see KJUR.asn1.x509.X509Util.newCertPEM
-2293      * @see X509#getParam
-2294      * @see X509#getExtParam
-2295      * @see X509CRL#getParam
-2296      * @see KJUR.asn1.csr.CSRUtil.getParam
-2297      *
-2298      * @description
-2299      * This method returns an array of certificate extension
-2300      * parameters. 
-2301      * <br/>
-2302      * NOTE: Argument "hExtSeq" have been supported since jsrsasign 9.1.1.
-2303      *
-2304      * @example
-2305      * x = new X509();
-2306      * x.readCertPEM("-----BEGIN CERTIFICATE...");
-2307      * x.getExtParamArray() →
-2308      * [ {extname:"keyUsage",critical:true,names:["digitalSignature"]},
-2309      *   {extname:"basicConstraints",critical:true},
-2310      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
-2311      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-2312      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
-2313      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}]
-2314      */
-2315     this.getExtParamArray = function(hExtSeq) {
-2316 	if (hExtSeq == undefined) {
-2317 	    // for X.509v3 certificate
-2318 	    var idx1 = _getIdxbyListEx(this.hex, 0, [0, "[3]"]);
-2319 	    if (idx1 != -1) {
-2320 		hExtSeq = _getTLVbyListEx(this.hex, 0, [0, "[3]", 0], "30");
-2321 	    }
-2322 	}
-2323 	var result = [];
-2324 	var aIdx = _getChildIdx(hExtSeq, 0);
-2325 
-2326 	for (var i = 0; i < aIdx.length; i++) {
-2327 	    var hExt = _getTLV(hExtSeq, aIdx[i]);
-2328 	    var extParam = this.getExtParam(hExt);
-2329 	    if (extParam != null) result.push(extParam);
-2330 	}
-2331 
-2332 	return result;
-2333     };
-2334 
-2335     /** 
-2336      * get a extension parameter JSON object<br/>
-2337      * @name getExtParam
-2338      * @memberOf X509#
-2339      * @function
-2340      * @param {String} hExt hexadecimal string of Extension
-2341      * @return {Array} Extension parameter JSON object
-2342      * @since jsrsasign 9.1.1 x509 2.0.1
-2343      * @see KJUR.asn1.x509.X509Util.newCertPEM
-2344      * @see X509#getParam
-2345      * @see X509#getExtParamArray
-2346      * @see X509CRL#getParam
-2347      * @see KJUR.asn1.csr.CSRUtil.getParam
-2348      *
-2349      * @description
-2350      * This method returns a extension parameters as JSON object. 
-2351      *
-2352      * @example
-2353      * x = new X509();
-2354      * ...
-2355      * x.getExtParam("30...") →
-2356      * {extname:"keyUsage",critical:true,names:["digitalSignature"]}
-2357      */
-2358     this.getExtParam = function(hExt) {
-2359 	var result = {};
-2360 	var aIdx = _getChildIdx(hExt, 0);
-2361 	var aIdxLen = aIdx.length;
-2362 	if (aIdxLen != 2 && aIdxLen != 3)
-2363 	    throw new Error("wrong number elements in Extension: " + 
-2364 			    aIdxLen + " " + hExt);
-2365 
-2366 	var oid = _hextooidstr(_getVbyList(hExt, 0, [0], "06"));
-2367 
-2368 	var critical = false;
-2369 	if (aIdxLen == 3 && _getTLVbyList(hExt, 0, [1]) == "0101ff")
-2370 	    critical = true;
-2371 
-2372 	var hExtV = _getTLVbyList(hExt, 0, [aIdxLen - 1, 0]);
-2373 
-2374 	var extParam = undefined;
-2375 	if (oid == "2.5.29.14") {
-2376 	    extParam = this.getExtSubjectKeyIdentifier(hExtV, critical);
-2377 	} else if (oid == "2.5.29.15") {
-2378 	    extParam = this.getExtKeyUsage(hExtV, critical);
-2379 	} else if (oid == "2.5.29.17") {
-2380 	    extParam = this.getExtSubjectAltName(hExtV, critical);
-2381 	} else if (oid == "2.5.29.18") {
-2382 	    extParam = this.getExtIssuerAltName(hExtV, critical);
-2383 	} else if (oid == "2.5.29.19") {
-2384 	    extParam = this.getExtBasicConstraints(hExtV, critical);
-2385 	} else if (oid == "2.5.29.31") {
-2386 	    extParam = this.getExtCRLDistributionPoints(hExtV, critical);
-2387 	} else if (oid == "2.5.29.32") {
-2388 	    extParam = this.getExtCertificatePolicies(hExtV, critical);
-2389 	} else if (oid == "2.5.29.35") {
-2390 	    extParam = this.getExtAuthorityKeyIdentifier(hExtV, critical);
-2391 	} else if (oid == "2.5.29.37") {
-2392 	    extParam = this.getExtExtKeyUsage(hExtV, critical);
-2393 	} else if (oid == "1.3.6.1.5.5.7.1.1") {
-2394 	    extParam = this.getExtAuthorityInfoAccess(hExtV, critical);
-2395 	} else if (oid == "2.5.29.20") {
-2396 	    extParam = this.getExtCRLNumber(hExtV, critical);
-2397 	} else if (oid == "2.5.29.21") {
-2398 	    extParam = this.getExtCRLReason(hExtV, critical);
-2399 	} else if (oid == "1.3.6.1.5.5.7.48.1.2") {
-2400 	    extParam = this.getExtOcspNonce(hExtV, critical);
-2401 	} else if (oid == "1.3.6.1.5.5.7.48.1.5") {
-2402 	    extParam = this.getExtOcspNoCheck(hExtV, critical);
-2403 	} else if (oid == "1.2.840.113583.1.1.9.1") {
-2404 	    extParam = this.getExtAdobeTimeStamp(hExtV, critical);
-2405 	}
-2406 	if (extParam != undefined) return extParam;
-2407 
-2408 	var privateParam = { extname: oid, extn: hExtV };
-2409 	if (critical) privateParam.critical = true;
-2410 	return privateParam;
-2411     };
-2412 
-2413     /**
-2414      * find extension parameter in array<br/>
-2415      * @name findExt
-2416      * @memberOf X509#
-2417      * @function
-2418      * @param {Array} aExt array of extension parameters
-2419      * @param {String} extname extension name
-2420      * @return {Array} extension parameter in the array or null
-2421      * @since jsrsasign 10.0.3 x509 2.0.7
-2422      * @see X509#getParam
-2423      *
-2424      * @description
-2425      * This method returns an extension parameter for
-2426      * specified extension name in the array.
-2427      * This method is useful to update extension parameter value.
-2428      * When there is no such extension with the extname,
-2429      * this returns "null".
-2430      *
-2431      * @example
-2432      * // (1) 
-2433      * x = new X509(CERTPEM);
-2434      * params = x.getParam();
-2435      * pSKID = x.findExt(params.ext, "subjectKeyIdentifier");
-2436      * pSKID.kid = "1234abced..."; // skid in the params is updated.
-2437      *   // then params was updated
-2438      *
-2439      * // (2) another example
-2440      * aExt = [
-2441      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
-2442      *   {extname:"basicConstraints",critical:true},
-2443      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
-2444      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-2445      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
-2446      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
-2447      * ];
-2448      * var x = new X509();
-2449      * x.findExt(aExt, "authorityKeyInfoAccess").array[0].ocsp = "http://aaa.com";
-2450      * pKU = x.findExt(aExt, "keyUsage");
-2451      * delete pKU["critical"]; // clear criticla flag
-2452      * pKU.names = ["keyCertSign", "cRLSign"];
-2453      *   // then aExt was updated
-2454      */
-2455     this.findExt = function(aExt, extname) {
-2456 	for (var i = 0; i < aExt.length; i++) {
-2457 	    if (aExt[i].extname == extname) return aExt[i];
-2458 	}
-2459 	return null;
-2460 
+2171      * x.getRDN("31...") →
+2172      * [{type:"C",value:"US",ds:"prn"}] or
+2173      * [{type:"O",value:"Sample Corp.",ds:"prn"}] or
+2174      * [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
+2175      */
+2176     this.getRDN = function(h) {
+2177 	var result = [];
+2178 	var a = _getChildIdx(h, 0);
+2179 	for (var i = 0; i < a.length; i++) {
+2180 	    result.push(this.getAttrTypeAndValue(_getTLV(h, a[i])));
+2181 	}
+2182 	return result;
+2183     };
+2184 
+2185     /**
+2186      * get AttributeTypeAndValue ASN.1 structure parameter as JSON object<br/>
+2187      * @name getAttrTypeAndValue
+2188      * @memberOf X509#
+2189      * @function
+2190      * @param {String} h hexadecimal string of AttributeTypeAndValue
+2191      * @return {Object} JSON object of AttributeTypeAndValue parameters
+2192      * @since jsrsasign 9.0.0 x509 2.0.0
+2193      * @see X509#getX500Name
+2194      * @see X509#getRDN
+2195      * @description
+2196      * This method will get AttributeTypeAndValue parameters defined in
+2197      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2198      * RFC 5280 4.1.2.4</a>.
+2199      * <pre>
+2200      * AttributeTypeAndValue ::= SEQUENCE {
+2201      *   type     AttributeType,
+2202      *   value    AttributeValue }
+2203      * AttributeType ::= OBJECT IDENTIFIER
+2204      * AttributeValue ::= ANY -- DEFINED BY AttributeType
+2205      * </pre>
+2206      * <ul>
+2207      * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li>
+2208      * <li>{String}value - raw string of ASN.1 value of AttributeValue</li>
+2209      * <li>{String}ds - DirectoryString type of AttributeValue</li>
+2210      * </ul>
+2211      * "ds" has one of following value:
+2212      * <ul>
+2213      * <li>utf8 - (0x0c) UTF8String</li>
+2214      * <li>prn  - (0x13) PrintableString</li>
+2215      * <li>ia5  - (0x16) IA5String</li>
+2216      * <li>vis  - (0x1a) VisibleString</li>
+2217      * <li>bmp  - (0x1e) BMPString</li>
+2218      * </ul>
+2219      * @example
+2220      * x = new X509();
+2221      * x.getAttrTypeAndValue("30...") →
+2222      * {type:"CN",value:"john.smith@example.com",ds:"ia5"} or
+2223      * {type:"O",value:"Sample Corp.",ds:"prn"}
+2224      */
+2225     // tel  - (0x14) TeletexString ... for future
+2226     // num  - (0x12) NumericString ... for future
+2227     // unv  - (0x1c??) UniversalString ... for future
+2228     this.getAttrTypeAndValue = function(h) {
+2229 	var result = {type: null, value: null, ds: null};
+2230 	var a = _getChildIdx(h, 0);
+2231 	var hOID = _getVbyList(h, a[0], [], "06");
+2232 	var hValue = _getVbyList(h, a[1], []);
+2233 	var oid = KJUR.asn1.ASN1Util.oidHexToInt(hOID);
+2234 	result.type = KJUR.asn1.x509.OID.oid2atype(oid);
+2235 	result.value = hextorstr(hValue);
+2236 	result.ds = this.HEX2STAG[h.substr(a[1], 2)];
+2237 	return result;
+2238     };
+2239 
+2240     // ===== END X500Name related =====================================
+2241 
+2242     // ===== BEGIN read certificate =====================================
+2243     /**
+2244      * read PEM formatted X.509 certificate from string.<br/>
+2245      * @name readCertPEM
+2246      * @memberOf X509#
+2247      * @function
+2248      * @param {String} sCertPEM string for PEM formatted X.509 certificate
+2249      * @example
+2250      * x = new X509();
+2251      * x.readCertPEM(sCertPEM); // read certificate
+2252      */
+2253     this.readCertPEM = function(sCertPEM) {
+2254         this.readCertHex(_pemtohex(sCertPEM));
+2255     };
+2256 
+2257     /**
+2258      * read a hexadecimal string of X.509 certificate<br/>
+2259      * @name readCertHex
+2260      * @memberOf X509#
+2261      * @function
+2262      * @param {String} sCertHex hexadecimal string of X.509 certificate
+2263      * @since jsrsasign 7.1.4 x509 1.1.13
+2264      * @description
+2265      * NOTE: {@link X509#parseExt} will called internally since jsrsasign 7.2.0.
+2266      * @example
+2267      * x = new X509();
+2268      * x.readCertHex("3082..."); // read certificate
+2269      */
+2270     this.readCertHex = function(sCertHex) {
+2271         this.hex = sCertHex;
+2272 	this.getVersion(); // set version parameter
+2273 
+2274 	try {
+2275 	    _getIdxbyList(this.hex, 0, [0, 7], "a3"); // has [3] v3ext
+2276 	    this.parseExt();
+2277 	} catch(ex) {};
+2278     };
+2279 
+2280     // ===== END read certificate =====================================
+2281 
+2282     /**
+2283      * get JSON object of certificate parameters<br/>
+2284      * @name getParam
+2285      * @memberOf X509#
+2286      * @function
+2287      * @return {Array} JSON object of certificate parameters
+2288      * @since jsrsasign 9.0.0 x509 2.0.0
+2289      * @see KJUR.asn1.x509.X509Util.newCertPEM
+2290      * @description
+2291      * This method returns a JSON object of the certificate
+2292      * parameters. Return value can be passed to
+2293      * {@link KJUR.asn1.x509.X509Util.newCertPEM}.
+2294      * @example
+2295      * x = new X509();
+2296      * x.readCertPEM("-----BEGIN CERTIFICATE...");
+2297      * x.getParam() →
+2298      * {version:3,
+2299      *  serial:{hex:"12ab"},
+2300      *  sigalg:"SHA256withRSA",
+2301      *  issuer: {array:[[{type:'CN',value:'CA1',ds:'prn'}]],str:"/O=CA1"},
+2302      *  notbefore:"160403023700Z",
+2303      *  notafter:"160702023700Z",
+2304      *  subject: {array:[[{type:'CN',value:'Test1',ds:'prn'}]],str:"/CN=Test1"},
+2305      *  sbjpubkey:"-----BEGIN PUBLIC KEY...",
+2306      *  ext:[
+2307      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
+2308      *   {extname:"basicConstraints",critical:true},
+2309      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
+2310      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+2311      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
+2312      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
+2313      *  ],
+2314      *  sighex:"0b76...8"
+2315      * };
+2316      */
+2317     this.getParam = function() {
+2318 	var result = {};
+2319 	result.version = this.getVersion();
+2320 	result.serial = {hex: this.getSerialNumberHex()};
+2321 	result.sigalg = this.getSignatureAlgorithmField();
+2322 	result.issuer = this.getIssuer();
+2323 	result.notbefore = this.getNotBefore();
+2324 	result.notafter = this.getNotAfter();
+2325 	result.subject = this.getSubject();
+2326 	result.sbjpubkey = hextopem(this.getPublicKeyHex(), "PUBLIC KEY");
+2327 	if (this.aExtInfo.length > 0) {
+2328 	    result.ext = this.getExtParamArray();
+2329 	}
+2330 	result.sighex = this.getSignatureValueHex();
+2331 	return result;
+2332     };
+2333 
+2334     /** 
+2335      * get array of certificate extension parameter JSON object<br/>
+2336      * @name getExtParamArray
+2337      * @memberOf X509#
+2338      * @function
+2339      * @param {String} hExtSeq hexadecimal string of SEQUENCE of Extension
+2340      * @return {Array} array of certificate extension parameter JSON object
+2341      * @since jsrsasign 9.0.0 x509 2.0.0
+2342      * @see KJUR.asn1.x509.X509Util.newCertPEM
+2343      * @see X509#getParam
+2344      * @see X509#getExtParam
+2345      * @see X509CRL#getParam
+2346      * @see KJUR.asn1.csr.CSRUtil.getParam
+2347      *
+2348      * @description
+2349      * This method returns an array of certificate extension
+2350      * parameters. 
+2351      * <br/>
+2352      * NOTE: Argument "hExtSeq" have been supported since jsrsasign 9.1.1.
+2353      *
+2354      * @example
+2355      * x = new X509();
+2356      * x.readCertPEM("-----BEGIN CERTIFICATE...");
+2357      * x.getExtParamArray() →
+2358      * [ {extname:"keyUsage",critical:true,names:["digitalSignature"]},
+2359      *   {extname:"basicConstraints",critical:true},
+2360      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
+2361      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+2362      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
+2363      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}]
+2364      */
+2365     this.getExtParamArray = function(hExtSeq) {
+2366 	if (hExtSeq == undefined) {
+2367 	    // for X.509v3 certificate
+2368 	    var idx1 = _getIdxbyListEx(this.hex, 0, [0, "[3]"]);
+2369 	    if (idx1 != -1) {
+2370 		hExtSeq = _getTLVbyListEx(this.hex, 0, [0, "[3]", 0], "30");
+2371 	    }
+2372 	}
+2373 	var result = [];
+2374 	var aIdx = _getChildIdx(hExtSeq, 0);
+2375 
+2376 	for (var i = 0; i < aIdx.length; i++) {
+2377 	    var hExt = _getTLV(hExtSeq, aIdx[i]);
+2378 	    var extParam = this.getExtParam(hExt);
+2379 	    if (extParam != null) result.push(extParam);
+2380 	}
+2381 
+2382 	return result;
+2383     };
+2384 
+2385     /** 
+2386      * get a extension parameter JSON object<br/>
+2387      * @name getExtParam
+2388      * @memberOf X509#
+2389      * @function
+2390      * @param {String} hExt hexadecimal string of Extension
+2391      * @return {Array} Extension parameter JSON object
+2392      * @since jsrsasign 9.1.1 x509 2.0.1
+2393      * @see KJUR.asn1.x509.X509Util.newCertPEM
+2394      * @see X509#getParam
+2395      * @see X509#getExtParamArray
+2396      * @see X509CRL#getParam
+2397      * @see KJUR.asn1.csr.CSRUtil.getParam
+2398      *
+2399      * @description
+2400      * This method returns a extension parameters as JSON object. 
+2401      *
+2402      * @example
+2403      * x = new X509();
+2404      * ...
+2405      * x.getExtParam("30...") →
+2406      * {extname:"keyUsage",critical:true,names:["digitalSignature"]}
+2407      */
+2408     this.getExtParam = function(hExt) {
+2409 	var result = {};
+2410 	var aIdx = _getChildIdx(hExt, 0);
+2411 	var aIdxLen = aIdx.length;
+2412 	if (aIdxLen != 2 && aIdxLen != 3)
+2413 	    throw new Error("wrong number elements in Extension: " + 
+2414 			    aIdxLen + " " + hExt);
+2415 
+2416 	var oid = _hextooidstr(_getVbyList(hExt, 0, [0], "06"));
+2417 
+2418 	var critical = false;
+2419 	if (aIdxLen == 3 && _getTLVbyList(hExt, 0, [1]) == "0101ff")
+2420 	    critical = true;
+2421 
+2422 	var hExtV = _getTLVbyList(hExt, 0, [aIdxLen - 1, 0]);
+2423 
+2424 	var extParam = undefined;
+2425 	if (oid == "2.5.29.14") {
+2426 	    extParam = this.getExtSubjectKeyIdentifier(hExtV, critical);
+2427 	} else if (oid == "2.5.29.15") {
+2428 	    extParam = this.getExtKeyUsage(hExtV, critical);
+2429 	} else if (oid == "2.5.29.17") {
+2430 	    extParam = this.getExtSubjectAltName(hExtV, critical);
+2431 	} else if (oid == "2.5.29.18") {
+2432 	    extParam = this.getExtIssuerAltName(hExtV, critical);
+2433 	} else if (oid == "2.5.29.19") {
+2434 	    extParam = this.getExtBasicConstraints(hExtV, critical);
+2435 	} else if (oid == "2.5.29.31") {
+2436 	    extParam = this.getExtCRLDistributionPoints(hExtV, critical);
+2437 	} else if (oid == "2.5.29.32") {
+2438 	    extParam = this.getExtCertificatePolicies(hExtV, critical);
+2439 	} else if (oid == "2.5.29.35") {
+2440 	    extParam = this.getExtAuthorityKeyIdentifier(hExtV, critical);
+2441 	} else if (oid == "2.5.29.37") {
+2442 	    extParam = this.getExtExtKeyUsage(hExtV, critical);
+2443 	} else if (oid == "1.3.6.1.5.5.7.1.1") {
+2444 	    extParam = this.getExtAuthorityInfoAccess(hExtV, critical);
+2445 	} else if (oid == "2.5.29.20") {
+2446 	    extParam = this.getExtCRLNumber(hExtV, critical);
+2447 	} else if (oid == "2.5.29.21") {
+2448 	    extParam = this.getExtCRLReason(hExtV, critical);
+2449 	} else if (oid == "1.3.6.1.5.5.7.48.1.2") {
+2450 	    extParam = this.getExtOcspNonce(hExtV, critical);
+2451 	} else if (oid == "1.3.6.1.5.5.7.48.1.5") {
+2452 	    extParam = this.getExtOcspNoCheck(hExtV, critical);
+2453 	} else if (oid == "1.2.840.113583.1.1.9.1") {
+2454 	    extParam = this.getExtAdobeTimeStamp(hExtV, critical);
+2455 	}
+2456 	if (extParam != undefined) return extParam;
+2457 
+2458 	var privateParam = { extname: oid, extn: hExtV };
+2459 	if (critical) privateParam.critical = true;
+2460 	return privateParam;
 2461     };
 2462 
 2463     /**
-2464      * update CRLDistributionPoints Full URI in parameter<br/>
-2465      * @name updateCDPFullURI
+2464      * find extension parameter in array<br/>
+2465      * @name findExt
 2466      * @memberOf X509#
 2467      * @function
 2468      * @param {Array} aExt array of extension parameters
-2469      * @param {String} newURI string of new uri
-2470      * @since jsrsasign 10.0.4 x509 2.0.8
-2471      * @see X509#findExt
-2472      * @see KJUR.asn1.x509.CRLDistributionPoints
+2469      * @param {String} extname extension name
+2470      * @return {Array} extension parameter in the array or null
+2471      * @since jsrsasign 10.0.3 x509 2.0.7
+2472      * @see X509#getParam
 2473      *
 2474      * @description
-2475      * This method updates Full URI of CRLDistributionPoints extension
-2476      * in the extension parameter array if it exists.
-2477      *
-2478      * @example
-2479      * aExt = [
-2480      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-2481      *   {extname:"cRLDistributionPoints",
-2482      *    array:[{dpname:{full:[{uri:"http://example.com/a.crl"}]}}]},
-2483      * ];
-2484      * x = new X509();
-2485      * x.updateCDPFullURI(aExt, "http://crl2.example.new/b.crl");
-2486      */
-2487     this.updateExtCDPFullURI = function(aExt, newURI) {
-2488 	var pExt = this.findExt(aExt, "cRLDistributionPoints");
-2489 	if (pExt == null) return;
-2490 	if (pExt.array == undefined) return;
-2491 	var aDP = pExt.array;
-2492 	for (var i = 0; i < aDP.length; i++) {
-2493 	    if (aDP[i].dpname == undefined) continue;
-2494 	    if (aDP[i].dpname.full == undefined) continue;
-2495 	    var aURI = aDP[i].dpname.full;
-2496 	    for (var j = 0; j < aURI.length; j++) {
-2497 		var pURI = aURI[i];
-2498 		if (pURI.uri == undefined) continue;
-2499 		pURI.uri = newURI;
-2500 	    }
-2501 	}
-2502     };
-2503 
-2504     /**
-2505      * update authorityInfoAccess ocsp in parameter<br/>
-2506      * @name updateAIAOCSP
-2507      * @memberOf X509#
-2508      * @function
-2509      * @param {Array} aExt array of extension parameters
-2510      * @param {String} newURI string of new uri
-2511      * @since jsrsasign 10.0.4 x509 2.0.8
-2512      * @see X509#findExt
-2513      * @see KJUR.asn1.x509.AuthorityInfoAccess
-2514      *
-2515      * @description
-2516      * This method updates "ocsp" accessMethod URI of 
-2517      * AuthorityInfoAccess extension
-2518      * in the extension parameter array if it exists.
-2519      *
-2520      * @example
-2521      * aExt = [
-2522      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-2523      *   {extname:"authoriyInfoAccess",
-2524      *    array:[
-2525      *      {ocsp: "http://ocsp1.example.com"},
-2526      *      {caissuer: "http://example.com/a.crt"}
-2527      *    ]}
-2528      * ];
-2529      * x = new X509();
-2530      * x.updateAIAOCSP(aExt, "http://ocsp2.example.net");
-2531      */
-2532     this.updateExtAIAOCSP = function(aExt, newURI) {
-2533 	var pExt = this.findExt(aExt, "authorityInfoAccess");
-2534 	if (pExt == null) return;
-2535 	if (pExt.array == undefined) return;
-2536 	var a = pExt.array;
-2537 	for (var i = 0; i < a.length; i++) {
-2538 	    if (a[i].ocsp != undefined) a[i].ocsp = newURI;
-2539 	}
-2540     };
-2541 
-2542     /**
-2543      * update authorityInfoAccess caIssuer in parameter<br/>
-2544      * @name updateAIACAIssuer
-2545      * @memberOf X509#
-2546      * @function
-2547      * @param {Array} aExt array of extension parameters
-2548      * @param {String} newURI string of new uri
-2549      * @since jsrsasign 10.0.4 x509 2.0.8
-2550      * @see X509#findExt
-2551      * @see KJUR.asn1.x509.AuthorityInfoAccess
-2552      *
-2553      * @description
-2554      * This method updates "caIssuer" accessMethod URI of 
-2555      * AuthorityInfoAccess extension
-2556      * in the extension parameter array if it exists.
-2557      *
-2558      * @example
-2559      * aExt = [
-2560      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-2561      *   {extname:"authoriyInfoAccess",
-2562      *    array:[
-2563      *      {ocsp: "http://ocsp1.example.com"},
-2564      *      {caissuer: "http://example.com/a.crt"}
-2565      *    ]}
-2566      * ];
-2567      * x = new X509();
-2568      * x.updateAIACAIssuer(aExt, "http://example.net/b.crt");
-2569      */
-2570     this.updateExtAIACAIssuer = function(aExt, newURI) {
-2571 	var pExt = this.findExt(aExt, "authorityInfoAccess");
-2572 	if (pExt == null) return;
-2573 	if (pExt.array == undefined) return;
-2574 	var a = pExt.array;
-2575 	for (var i = 0; i < a.length; i++) {
-2576 	    if (a[i].caissuer != undefined) a[i].caissuer = newURI;
-2577 	}
-2578     };
-2579 
-2580     /**
-2581      * get certificate information as string.<br/>
-2582      * @name getInfo
-2583      * @memberOf X509#
-2584      * @function
-2585      * @return {String} certificate information string
-2586      * @since jsrsasign 5.0.10 x509 1.1.8
-2587      * @example
-2588      * x = new X509();
-2589      * x.readCertPEM(certPEM);
-2590      * console.log(x.getInfo());
-2591      * // this shows as following
-2592      * Basic Fields
-2593      *   serial number: 02ac5c266a0b409b8f0b79f2ae462577
-2594      *   signature algorithm: SHA1withRSA
-2595      *   issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-2596      *   notBefore: 061110000000Z
-2597      *   notAfter: 311110000000Z
-2598      *   subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-2599      *   subject public key info:
-2600      *     key algorithm: RSA
-2601      *     n=c6cce573e6fbd4bb...
-2602      *     e=10001
-2603      * X509v3 Extensions:
-2604      *   keyUsage CRITICAL:
-2605      *     digitalSignature,keyCertSign,cRLSign
-2606      *   basicConstraints CRITICAL:
-2607      *     cA=true
-2608      *   subjectKeyIdentifier :
-2609      *     b13ec36903f8bf4701d498261a0802ef63642bc3
-2610      *   authorityKeyIdentifier :
-2611      *     kid=b13ec36903f8bf4701d498261a0802ef63642bc3
-2612      * signature algorithm: SHA1withRSA
-2613      * signature: 1c1a0697dcd79c9f...
-2614      */
-2615     this.getInfo = function() {
-2616 	var _getSubjectAltNameStr = function(params) {
-2617 	    var s = JSON.stringify(params.array).replace(/[\[\]\{\}\"]/g, '');
-2618 	    return s;
-2619 	};
-2620 	var _getCertificatePoliciesStr = function(params) {
-2621 	    var s = "";
-2622 	    var a = params.array;
-2623 	    for (var i = 0; i < a.length; i++) {
-2624 		var pi = a[i];
-2625 		s += "    policy oid: " + pi.policyoid + "\n";
-2626 		if (pi.array === undefined) continue;
-2627 		for (var j = 0; j < pi.array.length; j++) {
-2628 		    var pqi = pi.array[j];
-2629 		    if (pqi.cps !== undefined) {
-2630 			s += "    cps: " + pqi.cps + "\n";
-2631 		    }
-2632 		}
-2633 	    }
-2634 	    return s;
-2635 	};
-2636 	var _getCRLDistributionPointsStr = function(params) {
-2637 	    var s = "";
-2638 	    var a = params.array;
-2639 	    for (var i = 0; i < a.length; i++) {
-2640 		var dp = a[i];
-2641 		try {
-2642 		    if (dp.dpname.full[0].uri !== undefined)
-2643 			s += "    " + dp.dpname.full[0].uri + "\n";
-2644 		} catch(ex) {};
-2645 		try {
-2646 		    if (dp.dname.full[0].dn.hex !== undefined)
-2647 			s += "    " + X509.hex2dn(dp.dpname.full[0].dn.hex) + "\n";
-2648 		} catch(ex) {};
-2649 	    }
-2650 	    return s;
-2651 	}
-2652 	var _getAuthorityInfoAccessStr = function(params) {
-2653 	    var s = "";
-2654 	    var a = params.array;
-2655 	    for (var i = 0; i < a.length; i++) {
-2656 		var ad = a[i];
-2657 
-2658 		if (ad.caissuer !== undefined)
-2659 		    s += "    caissuer: " + ad.caissuer + "\n";
-2660 		if (ad.ocsp !== undefined)
-2661 		    s += "    ocsp: " + ad.ocsp + "\n";
-2662 	    }
-2663 	    return s;
+2475      * This method returns an extension parameter for
+2476      * specified extension name in the array.
+2477      * This method is useful to update extension parameter value.
+2478      * When there is no such extension with the extname,
+2479      * this returns "null".
+2480      *
+2481      * @example
+2482      * // (1) 
+2483      * x = new X509(CERTPEM);
+2484      * params = x.getParam();
+2485      * pSKID = x.findExt(params.ext, "subjectKeyIdentifier");
+2486      * pSKID.kid = "1234abced..."; // skid in the params is updated.
+2487      *   // then params was updated
+2488      *
+2489      * // (2) another example
+2490      * aExt = [
+2491      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
+2492      *   {extname:"basicConstraints",critical:true},
+2493      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
+2494      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+2495      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
+2496      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
+2497      * ];
+2498      * var x = new X509();
+2499      * x.findExt(aExt, "authorityKeyInfoAccess").array[0].ocsp = "http://aaa.com";
+2500      * pKU = x.findExt(aExt, "keyUsage");
+2501      * delete pKU["critical"]; // clear criticla flag
+2502      * pKU.names = ["keyCertSign", "cRLSign"];
+2503      *   // then aExt was updated
+2504      */
+2505     this.findExt = function(aExt, extname) {
+2506 	for (var i = 0; i < aExt.length; i++) {
+2507 	    if (aExt[i].extname == extname) return aExt[i];
+2508 	}
+2509 	return null;
+2510 
+2511     };
+2512 
+2513     /**
+2514      * update CRLDistributionPoints Full URI in parameter<br/>
+2515      * @name updateCDPFullURI
+2516      * @memberOf X509#
+2517      * @function
+2518      * @param {Array} aExt array of extension parameters
+2519      * @param {String} newURI string of new uri
+2520      * @since jsrsasign 10.0.4 x509 2.0.8
+2521      * @see X509#findExt
+2522      * @see KJUR.asn1.x509.CRLDistributionPoints
+2523      *
+2524      * @description
+2525      * This method updates Full URI of CRLDistributionPoints extension
+2526      * in the extension parameter array if it exists.
+2527      *
+2528      * @example
+2529      * aExt = [
+2530      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+2531      *   {extname:"cRLDistributionPoints",
+2532      *    array:[{dpname:{full:[{uri:"http://example.com/a.crl"}]}}]},
+2533      * ];
+2534      * x = new X509();
+2535      * x.updateCDPFullURI(aExt, "http://crl2.example.new/b.crl");
+2536      */
+2537     this.updateExtCDPFullURI = function(aExt, newURI) {
+2538 	var pExt = this.findExt(aExt, "cRLDistributionPoints");
+2539 	if (pExt == null) return;
+2540 	if (pExt.array == undefined) return;
+2541 	var aDP = pExt.array;
+2542 	for (var i = 0; i < aDP.length; i++) {
+2543 	    if (aDP[i].dpname == undefined) continue;
+2544 	    if (aDP[i].dpname.full == undefined) continue;
+2545 	    var aURI = aDP[i].dpname.full;
+2546 	    for (var j = 0; j < aURI.length; j++) {
+2547 		var pURI = aURI[i];
+2548 		if (pURI.uri == undefined) continue;
+2549 		pURI.uri = newURI;
+2550 	    }
+2551 	}
+2552     };
+2553 
+2554     /**
+2555      * update authorityInfoAccess ocsp in parameter<br/>
+2556      * @name updateAIAOCSP
+2557      * @memberOf X509#
+2558      * @function
+2559      * @param {Array} aExt array of extension parameters
+2560      * @param {String} newURI string of new uri
+2561      * @since jsrsasign 10.0.4 x509 2.0.8
+2562      * @see X509#findExt
+2563      * @see KJUR.asn1.x509.AuthorityInfoAccess
+2564      *
+2565      * @description
+2566      * This method updates "ocsp" accessMethod URI of 
+2567      * AuthorityInfoAccess extension
+2568      * in the extension parameter array if it exists.
+2569      *
+2570      * @example
+2571      * aExt = [
+2572      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+2573      *   {extname:"authoriyInfoAccess",
+2574      *    array:[
+2575      *      {ocsp: "http://ocsp1.example.com"},
+2576      *      {caissuer: "http://example.com/a.crt"}
+2577      *    ]}
+2578      * ];
+2579      * x = new X509();
+2580      * x.updateAIAOCSP(aExt, "http://ocsp2.example.net");
+2581      */
+2582     this.updateExtAIAOCSP = function(aExt, newURI) {
+2583 	var pExt = this.findExt(aExt, "authorityInfoAccess");
+2584 	if (pExt == null) return;
+2585 	if (pExt.array == undefined) return;
+2586 	var a = pExt.array;
+2587 	for (var i = 0; i < a.length; i++) {
+2588 	    if (a[i].ocsp != undefined) a[i].ocsp = newURI;
+2589 	}
+2590     };
+2591 
+2592     /**
+2593      * update authorityInfoAccess caIssuer in parameter<br/>
+2594      * @name updateAIACAIssuer
+2595      * @memberOf X509#
+2596      * @function
+2597      * @param {Array} aExt array of extension parameters
+2598      * @param {String} newURI string of new uri
+2599      * @since jsrsasign 10.0.4 x509 2.0.8
+2600      * @see X509#findExt
+2601      * @see KJUR.asn1.x509.AuthorityInfoAccess
+2602      *
+2603      * @description
+2604      * This method updates "caIssuer" accessMethod URI of 
+2605      * AuthorityInfoAccess extension
+2606      * in the extension parameter array if it exists.
+2607      *
+2608      * @example
+2609      * aExt = [
+2610      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+2611      *   {extname:"authoriyInfoAccess",
+2612      *    array:[
+2613      *      {ocsp: "http://ocsp1.example.com"},
+2614      *      {caissuer: "http://example.com/a.crt"}
+2615      *    ]}
+2616      * ];
+2617      * x = new X509();
+2618      * x.updateAIACAIssuer(aExt, "http://example.net/b.crt");
+2619      */
+2620     this.updateExtAIACAIssuer = function(aExt, newURI) {
+2621 	var pExt = this.findExt(aExt, "authorityInfoAccess");
+2622 	if (pExt == null) return;
+2623 	if (pExt.array == undefined) return;
+2624 	var a = pExt.array;
+2625 	for (var i = 0; i < a.length; i++) {
+2626 	    if (a[i].caissuer != undefined) a[i].caissuer = newURI;
+2627 	}
+2628     };
+2629 
+2630     /**
+2631      * convert array for X500 distinguish name to distinguish name string<br/>
+2632      * @name dnarraytostr
+2633      * @memberOf X509#
+2634      * @function
+2635      * @param {Array} aDN array for X500 distinguish name
+2636      * @return {String} distinguish name
+2637      * @since jsrsasign 10.0.6 x509 2.0.8
+2638      * @see X509#getX500Name
+2639      * @see X509#getX500NameArray
+2640      * @see KJUR.asn1.x509.X500Name
+2641      *
+2642      * @description
+2643      * This method converts from an array representation of 
+2644      * X.500 distinguished name to X.500 name string.
+2645      * This supports multi-valued RDN.
+2646      * 
+2647      * @example
+2648      * var x = new X509();
+2649      * x.dnarraytostr(
+2650      *   [[{type:"C",value:"JP",ds:"prn"}],
+2651      *   [{type:"O",value:"T1",ds:"prn"}]]) → "/C=JP/O=T1"
+2652      * x.dnarraytostr(
+2653      *   [[{type:"C",value:"JP",ds:"prn"}],
+2654      *   [{type:"O",value:"T1",ds:"prn"}
+2655      *    {type:"CN",value:"Bob",ds:"prn"}]]) → "/C=JP/O=T1+CN=Bob"
+2656      */
+2657     this.dnarraytostr = function(aDN) {
+2658 	function rdnarraytostr(aRDN) {
+2659 	    return aRDN.map(function(x){return atvtostr(x);}).join("+");
+2660 	};
+2661 
+2662 	function atvtostr(pATV) {
+2663 	    return pATV.type + "=" + pATV.value;
 2664 	};
-2665 	var _X509 = X509;
-2666 	var s, pubkey, aExt;
-2667 	s  = "Basic Fields\n";
-2668         s += "  serial number: " + this.getSerialNumberHex() + "\n";
-2669 	s += "  signature algorithm: " + this.getSignatureAlgorithmField() + "\n";
-2670 	s += "  issuer: " + this.getIssuerString() + "\n";
-2671 	s += "  notBefore: " + this.getNotBefore() + "\n";
-2672 	s += "  notAfter: " + this.getNotAfter() + "\n";
-2673 	s += "  subject: " + this.getSubjectString() + "\n";
-2674 	s += "  subject public key info: " + "\n";
-2675 
-2676 	// subject public key info
-2677 	pubkey = this.getPublicKey();
-2678 	s += "    key algorithm: " + pubkey.type + "\n";
-2679 
-2680 	if (pubkey.type === "RSA") {
-2681 	    s += "    n=" + hextoposhex(pubkey.n.toString(16)).substr(0, 16) + "...\n";
-2682 	    s += "    e=" + hextoposhex(pubkey.e.toString(16)) + "\n";
-2683 	}
-2684 
-2685 	// X.509v3 Extensions
-2686         aExt = this.aExtInfo;
-2687 
-2688 	if (aExt !== undefined && aExt !== null) {
-2689             s += "X509v3 Extensions:\n";
-2690 	    
-2691             for (var i = 0; i < aExt.length; i++) {
-2692 		var info = aExt[i];
-2693 
-2694 		// show extension name and critical flag
-2695 		var extName = KJUR.asn1.x509.OID.oid2name(info["oid"]);
-2696 		if (extName === '') extName = info["oid"];
-2697 
-2698 		var critical = '';
-2699 		if (info["critical"] === true) critical = "CRITICAL";
-2700 
-2701 		s += "  " + extName + " " + critical + ":\n";
-2702 
-2703 		// show extension value if supported
-2704 		if (extName === "basicConstraints") {
-2705 		    var bc = this.getExtBasicConstraints();
-2706 		    if (bc.cA === undefined) {
-2707 			s += "    {}\n";
-2708 		    } else {
-2709 			s += "    cA=true";
-2710 			if (bc.pathLen !== undefined)
-2711 			    s += ", pathLen=" + bc.pathLen;
-2712 			s += "\n";
-2713 		    }
-2714 		} else if (extName === "keyUsage") {
-2715 		    s += "    " + this.getExtKeyUsageString() + "\n";
-2716 		} else if (extName === "subjectKeyIdentifier") {
-2717 		    s += "    " + this.getExtSubjectKeyIdentifier().kid.hex + "\n";
-2718 		} else if (extName === "authorityKeyIdentifier") {
-2719 		    var akid = this.getExtAuthorityKeyIdentifier();
-2720 		    if (akid.kid !== undefined)
-2721 			s += "    kid=" + akid.kid.hex + "\n";
-2722 		} else if (extName === "extKeyUsage") {
-2723 		    var eku = this.getExtExtKeyUsage().array;
-2724 		    s += "    " + eku.join(", ") + "\n";
-2725 		} else if (extName === "subjectAltName") {
-2726 		    var san = _getSubjectAltNameStr(this.getExtSubjectAltName());
-2727 		    s += "    " + san + "\n";
-2728 		} else if (extName === "cRLDistributionPoints") {
-2729 		    var cdp = this.getExtCRLDistributionPoints();
-2730 		    s += _getCRLDistributionPointsStr(cdp);
-2731 		} else if (extName === "authorityInfoAccess") {
-2732 		    var aia = this.getExtAuthorityInfoAccess();
-2733 		    s += _getAuthorityInfoAccessStr(aia);
-2734 		} else if (extName === "certificatePolicies") {
-2735 		    s += _getCertificatePoliciesStr(this.getExtCertificatePolicies());
-2736 		}
-2737 	    }
-2738         }
-2739 
-2740 	s += "signature algorithm: " + this.getSignatureAlgorithmName() + "\n";
-2741 	s += "signature: " + this.getSignatureValueHex().substr(0, 16) + "...\n";
-2742 	return s;
-2743     };
-2744 
-2745     if (typeof params == "string") {
-2746 	if (params.indexOf("-----BEGIN") != -1) {
-2747 	    this.readCertPEM(params);
-2748 	} else if (KJUR.lang.String.isHex(params)) {
-2749 	    this.readCertHex(params);
-2750 	}
-2751     }
-2752 };
-2753 // ----- END of X509 class -----
-2754 
-2755 /**
-2756  * get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name<br/>
-2757  * @name hex2dn
-2758  * @memberOf X509
-2759  * @function
-2760  * @param {String} hex hexadecimal string of ASN.1 DER distinguished name
-2761  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-2762  * @return {String} OpenSSL online format distinguished name
-2763  * @description
-2764  * This static method converts from a hexadecimal string of 
-2765  * distinguished name (DN)
-2766  * specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
-2767  * @example
-2768  * X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1
-2769  */
-2770 X509.hex2dn = function(hex, idx) {
-2771     if (idx === undefined) idx = 0;
-2772     if (hex.substr(idx, 2) !== "30") throw new Error("malformed DN");
+2665 
+2666 	return "/" + aDN.map(function(x){return rdnarraytostr(x);}).join("/");
+2667     };
+2668 
+2669     /**
+2670      * get certificate information as string.<br/>
+2671      * @name getInfo
+2672      * @memberOf X509#
+2673      * @function
+2674      * @return {String} certificate information string
+2675      * @since jsrsasign 5.0.10 x509 1.1.8
+2676      * @example
+2677      * x = new X509();
+2678      * x.readCertPEM(certPEM);
+2679      * console.log(x.getInfo());
+2680      * // this shows as following
+2681      * Basic Fields
+2682      *   serial number: 02ac5c266a0b409b8f0b79f2ae462577
+2683      *   signature algorithm: SHA1withRSA
+2684      *   issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
+2685      *   notBefore: 061110000000Z
+2686      *   notAfter: 311110000000Z
+2687      *   subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
+2688      *   subject public key info:
+2689      *     key algorithm: RSA
+2690      *     n=c6cce573e6fbd4bb...
+2691      *     e=10001
+2692      * X509v3 Extensions:
+2693      *   keyUsage CRITICAL:
+2694      *     digitalSignature,keyCertSign,cRLSign
+2695      *   basicConstraints CRITICAL:
+2696      *     cA=true
+2697      *   subjectKeyIdentifier :
+2698      *     b13ec36903f8bf4701d498261a0802ef63642bc3
+2699      *   authorityKeyIdentifier :
+2700      *     kid=b13ec36903f8bf4701d498261a0802ef63642bc3
+2701      * signature algorithm: SHA1withRSA
+2702      * signature: 1c1a0697dcd79c9f...
+2703      */
+2704     this.getInfo = function() {
+2705 	var _getSubjectAltNameStr = function(params) {
+2706 	    var s = JSON.stringify(params.array).replace(/[\[\]\{\}\"]/g, '');
+2707 	    return s;
+2708 	};
+2709 	var _getCertificatePoliciesStr = function(params) {
+2710 	    var s = "";
+2711 	    var a = params.array;
+2712 	    for (var i = 0; i < a.length; i++) {
+2713 		var pi = a[i];
+2714 		s += "    policy oid: " + pi.policyoid + "\n";
+2715 		if (pi.array === undefined) continue;
+2716 		for (var j = 0; j < pi.array.length; j++) {
+2717 		    var pqi = pi.array[j];
+2718 		    if (pqi.cps !== undefined) {
+2719 			s += "    cps: " + pqi.cps + "\n";
+2720 		    }
+2721 		}
+2722 	    }
+2723 	    return s;
+2724 	};
+2725 	var _getCRLDistributionPointsStr = function(params) {
+2726 	    var s = "";
+2727 	    var a = params.array;
+2728 	    for (var i = 0; i < a.length; i++) {
+2729 		var dp = a[i];
+2730 		try {
+2731 		    if (dp.dpname.full[0].uri !== undefined)
+2732 			s += "    " + dp.dpname.full[0].uri + "\n";
+2733 		} catch(ex) {};
+2734 		try {
+2735 		    if (dp.dname.full[0].dn.hex !== undefined)
+2736 			s += "    " + X509.hex2dn(dp.dpname.full[0].dn.hex) + "\n";
+2737 		} catch(ex) {};
+2738 	    }
+2739 	    return s;
+2740 	}
+2741 	var _getAuthorityInfoAccessStr = function(params) {
+2742 	    var s = "";
+2743 	    var a = params.array;
+2744 	    for (var i = 0; i < a.length; i++) {
+2745 		var ad = a[i];
+2746 
+2747 		if (ad.caissuer !== undefined)
+2748 		    s += "    caissuer: " + ad.caissuer + "\n";
+2749 		if (ad.ocsp !== undefined)
+2750 		    s += "    ocsp: " + ad.ocsp + "\n";
+2751 	    }
+2752 	    return s;
+2753 	};
+2754 	var _X509 = X509;
+2755 	var s, pubkey, aExt;
+2756 	s  = "Basic Fields\n";
+2757         s += "  serial number: " + this.getSerialNumberHex() + "\n";
+2758 	s += "  signature algorithm: " + this.getSignatureAlgorithmField() + "\n";
+2759 	s += "  issuer: " + this.getIssuerString() + "\n";
+2760 	s += "  notBefore: " + this.getNotBefore() + "\n";
+2761 	s += "  notAfter: " + this.getNotAfter() + "\n";
+2762 	s += "  subject: " + this.getSubjectString() + "\n";
+2763 	s += "  subject public key info: " + "\n";
+2764 
+2765 	// subject public key info
+2766 	pubkey = this.getPublicKey();
+2767 	s += "    key algorithm: " + pubkey.type + "\n";
+2768 
+2769 	if (pubkey.type === "RSA") {
+2770 	    s += "    n=" + hextoposhex(pubkey.n.toString(16)).substr(0, 16) + "...\n";
+2771 	    s += "    e=" + hextoposhex(pubkey.e.toString(16)) + "\n";
+2772 	}
 2773 
-2774     var a = new Array();
-2775 
-2776     var aIdx = ASN1HEX.getChildIdx(hex, idx);
-2777     for (var i = 0; i < aIdx.length; i++) {
-2778 	a.push(X509.hex2rdn(hex, aIdx[i]));
-2779     }
-2780 
-2781     a = a.map(function(s) { return s.replace("/", "\\/"); });
-2782     return "/" + a.join("/");
-2783 };
-2784 
-2785 /**
-2786  * get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN<br/>
-2787  * @name hex2rdn
-2788  * @memberOf X509
-2789  * @function
-2790  * @param {String} hex hexadecimal string of ASN.1 DER concludes relative distinguished name
-2791  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-2792  * @return {String} OpenSSL online format relative distinguished name
-2793  * @description
-2794  * This static method converts from a hexadecimal string of 
-2795  * relative distinguished name (RDN)
-2796  * specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).<br/>
-2797  * NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
-2798  * @example
-2799  * X509.hex2rdn("310a3008060355040a0c0161") → O=a
-2800  * X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b
-2801  */
-2802 X509.hex2rdn = function(hex, idx) {
-2803     if (idx === undefined) idx = 0;
-2804     if (hex.substr(idx, 2) !== "31") throw new Error("malformed RDN");
-2805 
-2806     var a = new Array();
-2807 
-2808     var aIdx = ASN1HEX.getChildIdx(hex, idx);
-2809     for (var i = 0; i < aIdx.length; i++) {
-2810 	a.push(X509.hex2attrTypeValue(hex, aIdx[i]));
-2811     }
-2812 
-2813     a = a.map(function(s) { return s.replace("+", "\\+"); });
-2814     return a.join("+");
-2815 };
-2816 
-2817 /**
-2818  * get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue<br/>
-2819  * @name hex2attrTypeValue
-2820  * @memberOf X509
-2821  * @function
-2822  * @param {String} hex hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue
-2823  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-2824  * @return {String} string representation of AttributeTypeAndValue (ex. C=US)
-2825  * @description
-2826  * This static method converts from a hexadecimal string of AttributeTypeAndValue
-2827  * specified by 'hex' and 'idx' to LDAP string representation (ex. C=US).
-2828  * @example
-2829  * X509.hex2attrTypeValue("3008060355040a0c0161") → O=a
-2830  * X509.hex2attrTypeValue("300806035504060c0161") → C=a
-2831  * X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a
-2832  */
-2833 X509.hex2attrTypeValue = function(hex, idx) {
-2834     var _ASN1HEX = ASN1HEX;
-2835     var _getV = _ASN1HEX.getV;
-2836 
-2837     if (idx === undefined) idx = 0;
-2838     if (hex.substr(idx, 2) !== "30") 
-2839 	throw new Error("malformed attribute type and value");
-2840 
-2841     var aIdx = _ASN1HEX.getChildIdx(hex, idx);
-2842     if (aIdx.length !== 2 || hex.substr(aIdx[0], 2) !== "06")
-2843 	"malformed attribute type and value";
-2844 
-2845     var oidHex = _getV(hex, aIdx[0]);
-2846     var oidInt = KJUR.asn1.ASN1Util.oidHexToInt(oidHex);
-2847     var atype = KJUR.asn1.x509.OID.oid2atype(oidInt);
-2848 
-2849     var hV = _getV(hex, aIdx[1]);
-2850     var rawV = hextorstr(hV);
-2851 
-2852     return atype + "=" + rawV;
-2853 };
-2854 
-2855 /**
-2856  * get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string<br/>
-2857  * @name getPublicKeyFromCertHex
-2858  * @memberOf X509
-2859  * @function
-2860  * @param {String} h hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key
-2861  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
-2862  * @since jsrasign 7.1.0 x509 1.1.11
-2863  */
-2864 X509.getPublicKeyFromCertHex = function(h) {
-2865     var x = new X509();
-2866     x.readCertHex(h);
-2867     return x.getPublicKey();
-2868 };
+2774 	// X.509v3 Extensions
+2775         aExt = this.aExtInfo;
+2776 
+2777 	if (aExt !== undefined && aExt !== null) {
+2778             s += "X509v3 Extensions:\n";
+2779 	    
+2780             for (var i = 0; i < aExt.length; i++) {
+2781 		var info = aExt[i];
+2782 
+2783 		// show extension name and critical flag
+2784 		var extName = KJUR.asn1.x509.OID.oid2name(info["oid"]);
+2785 		if (extName === '') extName = info["oid"];
+2786 
+2787 		var critical = '';
+2788 		if (info["critical"] === true) critical = "CRITICAL";
+2789 
+2790 		s += "  " + extName + " " + critical + ":\n";
+2791 
+2792 		// show extension value if supported
+2793 		if (extName === "basicConstraints") {
+2794 		    var bc = this.getExtBasicConstraints();
+2795 		    if (bc.cA === undefined) {
+2796 			s += "    {}\n";
+2797 		    } else {
+2798 			s += "    cA=true";
+2799 			if (bc.pathLen !== undefined)
+2800 			    s += ", pathLen=" + bc.pathLen;
+2801 			s += "\n";
+2802 		    }
+2803 		} else if (extName === "keyUsage") {
+2804 		    s += "    " + this.getExtKeyUsageString() + "\n";
+2805 		} else if (extName === "subjectKeyIdentifier") {
+2806 		    s += "    " + this.getExtSubjectKeyIdentifier().kid.hex + "\n";
+2807 		} else if (extName === "authorityKeyIdentifier") {
+2808 		    var akid = this.getExtAuthorityKeyIdentifier();
+2809 		    if (akid.kid !== undefined)
+2810 			s += "    kid=" + akid.kid.hex + "\n";
+2811 		} else if (extName === "extKeyUsage") {
+2812 		    var eku = this.getExtExtKeyUsage().array;
+2813 		    s += "    " + eku.join(", ") + "\n";
+2814 		} else if (extName === "subjectAltName") {
+2815 		    var san = _getSubjectAltNameStr(this.getExtSubjectAltName());
+2816 		    s += "    " + san + "\n";
+2817 		} else if (extName === "cRLDistributionPoints") {
+2818 		    var cdp = this.getExtCRLDistributionPoints();
+2819 		    s += _getCRLDistributionPointsStr(cdp);
+2820 		} else if (extName === "authorityInfoAccess") {
+2821 		    var aia = this.getExtAuthorityInfoAccess();
+2822 		    s += _getAuthorityInfoAccessStr(aia);
+2823 		} else if (extName === "certificatePolicies") {
+2824 		    s += _getCertificatePoliciesStr(this.getExtCertificatePolicies());
+2825 		}
+2826 	    }
+2827         }
+2828 
+2829 	s += "signature algorithm: " + this.getSignatureAlgorithmName() + "\n";
+2830 	s += "signature: " + this.getSignatureValueHex().substr(0, 16) + "...\n";
+2831 	return s;
+2832     };
+2833 
+2834     if (typeof params == "string") {
+2835 	if (params.indexOf("-----BEGIN") != -1) {
+2836 	    this.readCertPEM(params);
+2837 	} else if (KJUR.lang.String.isHex(params)) {
+2838 	    this.readCertHex(params);
+2839 	}
+2840     }
+2841 };
+2842 // ----- END of X509 class -----
+2843 
+2844 /**
+2845  * get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name<br/>
+2846  * @name hex2dn
+2847  * @memberOf X509
+2848  * @function
+2849  * @param {String} hex hexadecimal string of ASN.1 DER distinguished name
+2850  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+2851  * @return {String} OpenSSL online format distinguished name
+2852  * @description
+2853  * This static method converts from a hexadecimal string of 
+2854  * distinguished name (DN)
+2855  * specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
+2856  * @example
+2857  * X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1
+2858  */
+2859 X509.hex2dn = function(hex, idx) {
+2860     if (idx === undefined) idx = 0;
+2861     if (hex.substr(idx, 2) !== "30") throw new Error("malformed DN");
+2862 
+2863     var a = new Array();
+2864 
+2865     var aIdx = ASN1HEX.getChildIdx(hex, idx);
+2866     for (var i = 0; i < aIdx.length; i++) {
+2867 	a.push(X509.hex2rdn(hex, aIdx[i]));
+2868     }
 2869 
-2870 /**
-2871  * get RSA/DSA/ECDSA public key object from PEM certificate string
-2872  * @name getPublicKeyFromCertPEM
-2873  * @memberOf X509
-2874  * @function
-2875  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
-2876  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
-2877  * @since x509 1.1.1
-2878  * @description
-2879  * NOTE: DSA is also supported since x509 1.1.2.
-2880  */
-2881 X509.getPublicKeyFromCertPEM = function(sCertPEM) {
-2882     var x = new X509();
-2883     x.readCertPEM(sCertPEM);
-2884     return x.getPublicKey();
-2885 };
-2886 
-2887 /**
-2888  * get public key information from PEM certificate
-2889  * @name getPublicKeyInfoPropOfCertPEM
-2890  * @memberOf X509
-2891  * @function
-2892  * @param {String} sCertPEM string of PEM formatted certificate
-2893  * @return {Hash} hash of information for public key
-2894  * @since x509 1.1.1
-2895  * @description
-2896  * Resulted associative array has following properties:<br/>
-2897  * <ul>
-2898  * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
-2899  * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
-2900  * <li>keyhex - hexadecimal string of key in the certificate</li>
-2901  * </ul>
-2902  * NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
-2903  */
-2904 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) {
-2905     var _ASN1HEX = ASN1HEX;
-2906     var _getVbyList = _ASN1HEX.getVbyList;
-2907 
-2908     var result = {};
-2909     var x, hSPKI, pubkey;
-2910     result.algparam = null;
-2911 
-2912     x = new X509();
-2913     x.readCertPEM(sCertPEM);
-2914 
-2915     hSPKI = x.getPublicKeyHex();
-2916     result.keyhex = _getVbyList(hSPKI, 0, [1], "03").substr(2);
-2917     result.algoid = _getVbyList(hSPKI, 0, [0, 0], "06");
-2918 
-2919     if (result.algoid === "2a8648ce3d0201") { // ecPublicKey
-2920 	result.algparam = _getVbyList(hSPKI, 0, [0, 1], "06");
-2921     };
-2922 
-2923     return result;
-2924 };
+2870     a = a.map(function(s) { return s.replace("/", "\\/"); });
+2871     return "/" + a.join("/");
+2872 };
+2873 
+2874 /**
+2875  * get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN<br/>
+2876  * @name hex2rdn
+2877  * @memberOf X509
+2878  * @function
+2879  * @param {String} hex hexadecimal string of ASN.1 DER concludes relative distinguished name
+2880  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+2881  * @return {String} OpenSSL online format relative distinguished name
+2882  * @description
+2883  * This static method converts from a hexadecimal string of 
+2884  * relative distinguished name (RDN)
+2885  * specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).<br/>
+2886  * NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
+2887  * @example
+2888  * X509.hex2rdn("310a3008060355040a0c0161") → O=a
+2889  * X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b
+2890  */
+2891 X509.hex2rdn = function(hex, idx) {
+2892     if (idx === undefined) idx = 0;
+2893     if (hex.substr(idx, 2) !== "31") throw new Error("malformed RDN");
+2894 
+2895     var a = new Array();
+2896 
+2897     var aIdx = ASN1HEX.getChildIdx(hex, idx);
+2898     for (var i = 0; i < aIdx.length; i++) {
+2899 	a.push(X509.hex2attrTypeValue(hex, aIdx[i]));
+2900     }
+2901 
+2902     a = a.map(function(s) { return s.replace("+", "\\+"); });
+2903     return a.join("+");
+2904 };
+2905 
+2906 /**
+2907  * get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue<br/>
+2908  * @name hex2attrTypeValue
+2909  * @memberOf X509
+2910  * @function
+2911  * @param {String} hex hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue
+2912  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+2913  * @return {String} string representation of AttributeTypeAndValue (ex. C=US)
+2914  * @description
+2915  * This static method converts from a hexadecimal string of AttributeTypeAndValue
+2916  * specified by 'hex' and 'idx' to LDAP string representation (ex. C=US).
+2917  * @example
+2918  * X509.hex2attrTypeValue("3008060355040a0c0161") → O=a
+2919  * X509.hex2attrTypeValue("300806035504060c0161") → C=a
+2920  * X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a
+2921  */
+2922 X509.hex2attrTypeValue = function(hex, idx) {
+2923     var _ASN1HEX = ASN1HEX;
+2924     var _getV = _ASN1HEX.getV;
 2925 
-2926 /* ======================================================================
-2927  *   Specific V3 Extensions
-2928  * ====================================================================== */
+2926     if (idx === undefined) idx = 0;
+2927     if (hex.substr(idx, 2) !== "30") 
+2928 	throw new Error("malformed attribute type and value");
 2929 
-2930 X509.KEYUSAGE_NAME = [
-2931     "digitalSignature",
-2932     "nonRepudiation",
-2933     "keyEncipherment",
-2934     "dataEncipherment",
-2935     "keyAgreement",
-2936     "keyCertSign",
-2937     "cRLSign",
-2938     "encipherOnly",
-2939     "decipherOnly"
-2940 ];
-2941 
    
\ No newline at end of file
+2930         var aIdx = _ASN1HEX.getChildIdx(hex, idx);
+2931     if (aIdx.length !== 2 || hex.substr(aIdx[0], 2) !== "06")
+2932 	"malformed attribute type and value";
+2933 
+2934     var oidHex = _getV(hex, aIdx[0]);
+2935     var oidInt = KJUR.asn1.ASN1Util.oidHexToInt(oidHex);
+2936     var atype = KJUR.asn1.x509.OID.oid2atype(oidInt);
+2937 
+2938     var hV = _getV(hex, aIdx[1]);
+2939     var rawV = hextorstr(hV);
+2940 
+2941     return atype + "=" + rawV;
+2942 };
+2943 
+2944 /**
+2945  * get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string<br/>
+2946  * @name getPublicKeyFromCertHex
+2947  * @memberOf X509
+2948  * @function
+2949  * @param {String} h hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key
+2950  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
+2951  * @since jsrasign 7.1.0 x509 1.1.11
+2952  */
+2953 X509.getPublicKeyFromCertHex = function(h) {
+2954     var x = new X509();
+2955     x.readCertHex(h);
+2956     return x.getPublicKey();
+2957 };
+2958 
+2959 /**
+2960  * get RSA/DSA/ECDSA public key object from PEM certificate string
+2961  * @name getPublicKeyFromCertPEM
+2962  * @memberOf X509
+2963  * @function
+2964  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
+2965  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
+2966  * @since x509 1.1.1
+2967  * @description
+2968  * NOTE: DSA is also supported since x509 1.1.2.
+2969  */
+2970 X509.getPublicKeyFromCertPEM = function(sCertPEM) {
+2971     var x = new X509();
+2972     x.readCertPEM(sCertPEM);
+2973     return x.getPublicKey();
+2974 };
+2975 
+2976 /**
+2977  * get public key information from PEM certificate
+2978  * @name getPublicKeyInfoPropOfCertPEM
+2979  * @memberOf X509
+2980  * @function
+2981  * @param {String} sCertPEM string of PEM formatted certificate
+2982  * @return {Hash} hash of information for public key
+2983  * @since x509 1.1.1
+2984  * @description
+2985  * Resulted associative array has following properties:<br/>
+2986  * <ul>
+2987  * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
+2988  * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
+2989  * <li>keyhex - hexadecimal string of key in the certificate</li>
+2990  * </ul>
+2991  * NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
+2992  */
+2993 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) {
+2994     var _ASN1HEX = ASN1HEX;
+2995     var _getVbyList = _ASN1HEX.getVbyList;
+2996 
+2997     var result = {};
+2998     var x, hSPKI, pubkey;
+2999     result.algparam = null;
+3000 
+3001     x = new X509();
+3002     x.readCertPEM(sCertPEM);
+3003 
+3004     hSPKI = x.getPublicKeyHex();
+3005     result.keyhex = _getVbyList(hSPKI, 0, [1], "03").substr(2);
+3006     result.algoid = _getVbyList(hSPKI, 0, [0, 0], "06");
+3007 
+3008     if (result.algoid === "2a8648ce3d0201") { // ecPublicKey
+3009 	result.algparam = _getVbyList(hSPKI, 0, [0, 1], "06");
+3010     };
+3011 
+3012     return result;
+3013 };
+3014 
+3015 /* ======================================================================
+3016  *   Specific V3 Extensions
+3017  * ====================================================================== */
+3018 
+3019 X509.KEYUSAGE_NAME = [
+3020     "digitalSignature",
+3021     "nonRepudiation",
+3022     "keyEncipherment",
+3023     "dataEncipherment",
+3024     "keyAgreement",
+3025     "keyCertSign",
+3026     "cRLSign",
+3027     "encipherOnly",
+3028     "decipherOnly"
+3029 ];
+3030
    \ No newline at end of file diff --git a/api/symbols/src/x509crl.js.html b/api/symbols/src/x509crl.js.html index b93bd709..38d5fc23 100644 --- a/api/symbols/src/x509crl.js.html +++ b/api/symbols/src/x509crl.js.html @@ -23,8 +23,8 @@ 16 * @fileOverview 17 * @name x509crl.js 18 * @author Kenji Urushima kenji.urushima@gmail.com - 19 * @version jsrsasign 9.1.4 x509crl 1.0.1 (2020-Aug-26) - 20 * @since jsrsasign 9.1.1 + 19 * @version jsrsasign 10.1.0 x509crl 1.0.2 (2020-Nov-18) + 20 * @since jsrsasign 10.1.0 21 * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a> 22 */ 23 @@ -162,22 +162,22 @@ 155 * @function 156 * @return {Array} JSON object of issuer field 157 * @see X509#getIssuer -158 * @see KJUR.asn1.x509.X500Name -159 * -160 * @description -161 * This method returns parsed issuer field value as -162 * JSON object. -163 * -164 * @example -165 * crl = new X509CRL("-----BEGIN X509 CRL..."); -166 * x.getIssuer() → -167 * { array: [[{type:'C',value:'JP',ds:'prn'}],...] } -168 */ -169 this.getIssuer = function() { -170 var hIssuer = _getTLVbyList(this.hex, 0, [0, this.posSigAlg + 1], "30"); -171 var result = {}; -172 result.array = _x509obj.getX500Name(hIssuer); -173 return result; +158 * @see X509#getX500Name +159 * @see KJUR.asn1.x509.X500Name +160 * +161 * @description +162 * This method returns parsed issuer field value as +163 * JSON object. +164 * +165 * @example +166 * crl = new X509CRL("-----BEGIN X509 CRL..."); +167 * x.getIssuer() → +168 * { array: [[{type:'C',value:'JP',ds:'prn'}],...], +169 * str: "/C=JP/..." } +170 */ +171 this.getIssuer = function() { +172 var hIssuer = _getTLVbyList(this.hex, 0, [0, this.posSigAlg + 1], "30"); +173 return _x509obj.getX500Name(hIssuer); 174 }; 175 176 /** diff --git a/bower.json b/bower.json index 52c7d7b6..03c93656 100644 --- a/bower.json +++ b/bower.json @@ -1,6 +1,6 @@ { "name": "kjur-jsrsasign", - "version": "10.0.5", + "version": "10.1.0", "main": "jsrsasign-all-min.js", "description": "The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES, JWS and JWT in pure JavaScript.", "license": "MIT", diff --git a/jsrsasign-all-min.js b/jsrsasign-all-min.js index 67bb7d03..f8bce948 100644 --- a/jsrsasign-all-min.js +++ b/jsrsasign-all-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(all) 10.0.5 (2020-11-04) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license + * jsrsasign(all) 10.1.0 (2020-11-19) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license */ /*! @@ -225,15 +225,15 @@ ECFieldElementFp.prototype.getByteLength=function(){return Math.floor((this.toBi /*! Mike Samuel (c) 2009 | code.google.com/p/json-sans-eval */ var jsonParse=(function(){var e="(?:-?\\b(?:0|[1-9][0-9]*)(?:\\.[0-9]+)?(?:[eE][+-]?[0-9]+)?\\b)";var j='(?:[^\\0-\\x08\\x0a-\\x1f"\\\\]|\\\\(?:["/\\\\bfnrt]|u[0-9A-Fa-f]{4}))';var i='(?:"'+j+'*")';var d=new RegExp("(?:false|true|null|[\\{\\}\\[\\]]|"+e+"|"+i+")","g");var k=new RegExp("\\\\(?:([^u])|u(.{4}))","g");var g={'"':'"',"/":"/","\\":"\\",b:"\b",f:"\f",n:"\n",r:"\r",t:"\t"};function h(l,m,n){return m?g[m]:String.fromCharCode(parseInt(n,16))}var c=new String("");var a="\\";var f={"{":Object,"[":Array};var b=Object.hasOwnProperty;return function(u,q){var p=u.match(d);var x;var v=p[0];var l=false;if("{"===v){x={}}else{if("["===v){x=[]}else{x=[];l=true}}var t;var r=[x];for(var o=1-l,m=p.length;o=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw"ASN.1 length too long to represent by 8x: n = "+j.toString(16)}var g=128+h;return g.toString(16)+i}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;e0){n.push(new c({tag:"a3",obj:new j(q.ext)}))}var o=new KJUR.asn1.DERSequence({array:n});return o.getEncodedHex()};if(f!==undefined){this.setByParam(f)}};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extensions=function(d){KJUR.asn1.x509.Extensions.superclass.constructor.call(this);var c=KJUR,b=c.asn1,a=b.DERSequence,e=b.x509;this.aParam=[];this.setByParam=function(f){this.aParam=f};this.getEncodedHex=function(){var f=[];for(var h=0;h-1){i.push(new f({"int":this.pathLen}))}var h=new b({array:i});this.asn1ExtnValue=h;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(g!==undefined){if(g.cA!==undefined){this.cA=g.cA}if(g.pathLen!==undefined){this.pathLen=g.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(e){var f=[];for(var g=0;g0){f.push(new b({array:j}))}}var g=new b({array:f});return g.getEncodedHex()};if(d!==undefined){this.params=d}};YAHOO.lang.extend(KJUR.asn1.x509.PolicyInformation,KJUR.asn1.ASN1Object);KJUR.asn1.x509.PolicyQualifierInfo=function(e){KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,e);var c=KJUR.asn1,b=c.DERSequence,d=c.DERIA5String,f=c.DERObjectIdentifier,a=c.x509.UserNotice;this.params=null;this.getEncodedHex=function(){if(this.params.cps!==undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.1"}),new d({str:this.params.cps})]});return g.getEncodedHex()}if(this.params.unotice!=undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.2"}),new a(this.params.unotice)]});return g.getEncodedHex()}};if(e!==undefined){this.params=e}};YAHOO.lang.extend(KJUR.asn1.x509.PolicyQualifierInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.UserNotice=function(e){KJUR.asn1.x509.UserNotice.superclass.constructor.call(this,e);var a=KJUR.asn1.DERSequence,d=KJUR.asn1.DERInteger,c=KJUR.asn1.x509.DisplayText,b=KJUR.asn1.x509.NoticeReference;this.params=null;this.getEncodedHex=function(){var f=[];if(this.params.noticeref!==undefined){f.push(new b(this.params.noticeref))}if(this.params.exptext!==undefined){f.push(new c(this.params.exptext))}var g=new a({array:f});return g.getEncodedHex()};if(e!==undefined){this.params=e}};YAHOO.lang.extend(KJUR.asn1.x509.UserNotice,KJUR.asn1.ASN1Object);KJUR.asn1.x509.NoticeReference=function(d){KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this,d);var a=KJUR.asn1.DERSequence,c=KJUR.asn1.DERInteger,b=KJUR.asn1.x509.DisplayText;this.params=null;this.getEncodedHex=function(){var f=[];if(this.params.org!==undefined){f.push(new b(this.params.org))}if(this.params.noticenum!==undefined){var h=[];var e=this.params.noticenum;for(var j=0;j0){for(var g=0;g0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.X500Name.ldapToOneline=function(a){return KJUR.asn1.x509.X500Name.ldapToCompat(a)};KJUR.asn1.x509.RDN=function(b){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=[];this.paramArray=[];this.sRule="utf8";var a=KJUR.asn1.x509.AttributeTypeAndValue;this.setByParam=function(c){if(c.rule!==undefined){this.sRule=c.rule}if(c.str!==undefined){this.addByMultiValuedString(c.str)}if(c.array!==undefined){this.paramArray=c.array}};this.addByString=function(c){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:c,rule:this.sRule}))};this.addByMultiValuedString=function(e){var c=KJUR.asn1.x509.RDN.parseString(e);for(var d=0;d0){for(var d=0;d0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(c){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);this.sRule="utf8";this.sType=null;this.sValue=null;this.dsType=null;var a=KJUR,g=a.asn1,d=g.DERSequence,l=g.DERUTF8String,i=g.DERPrintableString,h=g.DERTeletexString,b=g.DERIA5String,e=g.DERVisibleString,k=g.DERBMPString,f=a.lang.String.isMail,j=a.lang.String.isPrintable;this.setByParam=function(o){if(o.rule!==undefined){this.sRule=o.rule}if(o.ds!==undefined){this.dsType=o.ds}if(o.value===undefined&&o.str!==undefined){var n=o.str;var m=n.match(/^([^=]+)=(.+)$/);if(m){this.sType=m[1];this.sValue=m[2]}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}}else{this.sType=o.type;this.sValue=o.value}};this.setByString=function(n,o){if(o!==undefined){this.sRule=o}var m=n.match(/^([^=]+)=(.+)$/);if(m){this.setByAttrTypeAndValueStr(m[1],m[2])}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}};this._getDsType=function(){var o=this.sType;var n=this.sValue;var m=this.sRule;if(m==="prn"){if(o=="CN"&&f(n)){return"ia5"}if(j(n)){return"prn"}return"utf8"}else{if(m==="utf8"){if(o=="CN"&&f(n)){return"ia5"}if(o=="C"){return"prn"}return"utf8"}}return"utf8"};this.setByAttrTypeAndValueStr=function(o,n,m){if(m!==undefined){this.sRule=m}this.sType=o;this.sValue=n};this.getValueObj=function(n,m){if(n=="utf8"){return new l({str:m})}if(n=="prn"){return new i({str:m})}if(n=="tel"){return new h({str:m})}if(n=="ia5"){return new b({str:m})}if(n=="vis"){return new e({str:m})}if(n=="bmp"){return new k({str:m})}throw new Error("unsupported directory string type: type="+n+" value="+m)};this.getEncodedHex=function(){if(this.dsType==null){this.dsType=this._getDsType()}var n=KJUR.asn1.x509.OID.atype2obj(this.sType);var m=this.getValueObj(this.dsType,this.sValue);var p=new d({array:[n,m]});this.TLV=p.getEncodedHex();return this.TLV};if(c!==undefined){this.setByParam(c)}};YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,m=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,o=d.AlgorithmIdentifier,g=a.crypto,n=g.ECDSA,c=g.DSA;this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var p=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return p};this.getEncodedHex=function(){var p=this.getASN1Object();this.hTLV=p.getEncodedHex();return this.hTLV};this.setPubKey=function(q){try{if(q instanceof RSAKey){var u=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var s=u.getEncodedHex();this.asn1AlgId=new o({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+s})}}catch(p){}try{if(q instanceof KJUR.crypto.ECDSA){var r=new m({name:q.curveName});this.asn1AlgId=new o({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})}}catch(p){}try{if(q instanceof KJUR.crypto.DSA){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new o({name:"dsa",asn1params:r});var t=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+t.getEncodedHex()})}}catch(p){}};if(f!==undefined){this.setPubKey(f)}};YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.getEncodedHex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.getEncodedHex();return this.TLV};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};YAHOO.lang.extend(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1,c=a.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;this.getEncodedHex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw new Error("algorithm not specified")}if(this.nameAlg!==null){var f=null;for(var h in c){if(h===this.nameAlg){f=c[h]}}if(f!==null){this.hTLV=f;return this.hTLV}}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var g=[this.asn1Alg];if(this.asn1Params!==null){g.push(this.asn1Params)}var i=new a.DERSequence({array:g});this.hTLV=i.getEncodedHex();return this.hTLV};if(e!==undefined){if(e.name!==undefined){this.nameAlg=e.name}if(e.asn1params!==undefined){this.asn1Params=e.asn1params}if(e.paramempty!==undefined){this.paramEmpty=e.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){if(this.nameAlg.name!==undefined){this.nameAlg=this.nameAlg.name}var d=this.nameAlg.toLowerCase();if(d.substr(-7,7)!=="withdsa"&&d.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:"300d06092a864886f70d01010a3000",SHA256withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",SHA384withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",SHA512withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"};KJUR.asn1.x509.GeneralName=function(e){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var m=null,i=null,k={rfc822:"81",dns:"82",dn:"a4",uri:"86",ip:"87"},b=KJUR,g=b.asn1,f=g.DERSequence,j=g.DEROctetString,d=g.DERIA5String,c=g.DERTaggedObject,l=g.ASN1Object,a=g.x509.X500Name,h=pemtohex;this.explicit=false;this.setByParam=function(p){var r=null;var u=null;if(p===undefined){return}if(p.rfc822!==undefined){this.type="rfc822";u=new d({str:p[this.type]})}if(p.dns!==undefined){this.type="dns";u=new d({str:p[this.type]})}if(p.uri!==undefined){this.type="uri";u=new d({str:p[this.type]})}if(p.dn!==undefined){this.type="dn";this.explicit=true;if(typeof p.dn==="string"){u=new a({str:p.dn})}else{if(p.dn instanceof KJUR.asn1.x509.X500Name){u=p.dn}else{u=new a(p.dn)}}}if(p.ldapdn!==undefined){this.type="dn";this.explicit=true;u=new a({ldapstr:p.ldapdn})}if(p.certissuer!==undefined){this.type="dn";this.explicit=true;var o=p.certissuer;var w=null;if(o.match(/^[0-9A-Fa-f]+$/)){w==o}if(o.indexOf("-----BEGIN ")!=-1){w=h(o)}if(w==null){throw"certissuer param not cert"}var t=new X509();t.hex=w;var y=t.getIssuerHex();u=new l();u.hTLV=y}if(p.certsubj!==undefined){this.type="dn";this.explicit=true;var o=p.certsubj;var w=null;if(o.match(/^[0-9A-Fa-f]+$/)){w==o}if(o.indexOf("-----BEGIN ")!=-1){w=h(o)}if(w==null){throw"certsubj param not cert"}var t=new X509();t.hex=w;var y=t.getSubjectHex();u=new l();u.hTLV=y}if(p.ip!==undefined){this.type="ip";this.explicit=false;var q=p.ip;var s;var n="malformed IP address";if(q.match(/^[0-9.]+[.][0-9.]+$/)){s=intarystrtohex("["+q.split(".").join(",")+"]");if(s.length!==8){throw n}}else{if(q.match(/^[0-9A-Fa-f:]+:[0-9A-Fa-f:]+$/)){s=ipv6tohex(q)}else{if(q.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){s=q}else{throw n}}}u=new j({hex:s})}if(this.type==null){throw"unsupported type in params="+p}this.asn1Obj=new c({explicit:this.explicit,tag:k[this.type],obj:u})};this.getEncodedHex=function(){return this.asn1Obj.getEncodedHex()};if(e!==undefined){this.setByParam(e)}};YAHOO.lang.extend(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e15){throw"ASN.1 length too long to represent by 8x: n = "+j.toString(16)}var g=128+h;return g.toString(16)+i}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.getInt=function(d,b,e){if(e==undefined){e=-1}try{if(d.substr(b,2)!="02"){return e}var a=ASN1HEX.getV(d,b);return parseInt(a,16)}catch(c){return e}};ASN1HEX.getOID=function(c,a,d){if(d==undefined){d=null}try{if(c.substr(a,2)!="06"){return d}var e=ASN1HEX.getV(c,a);return hextooid(e)}catch(b){return d}};ASN1HEX.getOIDName=function(d,a,f){if(f==undefined){f=null}try{var e=ASN1HEX.getOID(d,a,f);if(e==f){return f}var b=KJUR.asn1.x509.OID.oid2name(e);if(b==""){return e}return b}catch(c){return f}};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;e0){n.push(new c({tag:"a3",obj:new j(q.ext)}))}var o=new KJUR.asn1.DERSequence({array:n});return o.getEncodedHex()};if(f!==undefined){this.setByParam(f)}};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extensions=function(d){KJUR.asn1.x509.Extensions.superclass.constructor.call(this);var c=KJUR,b=c.asn1,a=b.DERSequence,e=b.x509;this.aParam=[];this.setByParam=function(f){this.aParam=f};this.getEncodedHex=function(){var f=[];for(var h=0;h-1){i.push(new f({"int":this.pathLen}))}var h=new b({array:i});this.asn1ExtnValue=h;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(g!==undefined){if(g.cA!==undefined){this.cA=g.cA}if(g.pathLen!==undefined){this.pathLen=g.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(e){var f=[];for(var g=0;g0){f.push(new b({array:j}))}}var g=new b({array:f});return g.getEncodedHex()};if(d!==undefined){this.params=d}};YAHOO.lang.extend(KJUR.asn1.x509.PolicyInformation,KJUR.asn1.ASN1Object);KJUR.asn1.x509.PolicyQualifierInfo=function(e){KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,e);var c=KJUR.asn1,b=c.DERSequence,d=c.DERIA5String,f=c.DERObjectIdentifier,a=c.x509.UserNotice;this.params=null;this.getEncodedHex=function(){if(this.params.cps!==undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.1"}),new d({str:this.params.cps})]});return g.getEncodedHex()}if(this.params.unotice!=undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.2"}),new a(this.params.unotice)]});return g.getEncodedHex()}};if(e!==undefined){this.params=e}};YAHOO.lang.extend(KJUR.asn1.x509.PolicyQualifierInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.UserNotice=function(e){KJUR.asn1.x509.UserNotice.superclass.constructor.call(this,e);var a=KJUR.asn1.DERSequence,d=KJUR.asn1.DERInteger,c=KJUR.asn1.x509.DisplayText,b=KJUR.asn1.x509.NoticeReference;this.params=null;this.getEncodedHex=function(){var f=[];if(this.params.noticeref!==undefined){f.push(new b(this.params.noticeref))}if(this.params.exptext!==undefined){f.push(new c(this.params.exptext))}var g=new a({array:f});return g.getEncodedHex()};if(e!==undefined){this.params=e}};YAHOO.lang.extend(KJUR.asn1.x509.UserNotice,KJUR.asn1.ASN1Object);KJUR.asn1.x509.NoticeReference=function(d){KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this,d);var a=KJUR.asn1.DERSequence,c=KJUR.asn1.DERInteger,b=KJUR.asn1.x509.DisplayText;this.params=null;this.getEncodedHex=function(){var f=[];if(this.params.org!==undefined){f.push(new b(this.params.org))}if(this.params.noticenum!==undefined){var h=[];var e=this.params.noticenum;for(var j=0;j0){for(var g=0;g0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.X500Name.ldapToOneline=function(a){return KJUR.asn1.x509.X500Name.ldapToCompat(a)};KJUR.asn1.x509.RDN=function(b){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=[];this.paramArray=[];this.sRule="utf8";var a=KJUR.asn1.x509.AttributeTypeAndValue;this.setByParam=function(c){if(c.rule!==undefined){this.sRule=c.rule}if(c.str!==undefined){this.addByMultiValuedString(c.str)}if(c.array!==undefined){this.paramArray=c.array}};this.addByString=function(c){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:c,rule:this.sRule}))};this.addByMultiValuedString=function(e){var c=KJUR.asn1.x509.RDN.parseString(e);for(var d=0;d0){for(var d=0;d0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(c){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);this.sRule="utf8";this.sType=null;this.sValue=null;this.dsType=null;var a=KJUR,g=a.asn1,d=g.DERSequence,l=g.DERUTF8String,i=g.DERPrintableString,h=g.DERTeletexString,b=g.DERIA5String,e=g.DERVisibleString,k=g.DERBMPString,f=a.lang.String.isMail,j=a.lang.String.isPrintable;this.setByParam=function(o){if(o.rule!==undefined){this.sRule=o.rule}if(o.ds!==undefined){this.dsType=o.ds}if(o.value===undefined&&o.str!==undefined){var n=o.str;var m=n.match(/^([^=]+)=(.+)$/);if(m){this.sType=m[1];this.sValue=m[2]}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}}else{this.sType=o.type;this.sValue=o.value}};this.setByString=function(n,o){if(o!==undefined){this.sRule=o}var m=n.match(/^([^=]+)=(.+)$/);if(m){this.setByAttrTypeAndValueStr(m[1],m[2])}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}};this._getDsType=function(){var o=this.sType;var n=this.sValue;var m=this.sRule;if(m==="prn"){if(o=="CN"&&f(n)){return"ia5"}if(j(n)){return"prn"}return"utf8"}else{if(m==="utf8"){if(o=="CN"&&f(n)){return"ia5"}if(o=="C"){return"prn"}return"utf8"}}return"utf8"};this.setByAttrTypeAndValueStr=function(o,n,m){if(m!==undefined){this.sRule=m}this.sType=o;this.sValue=n};this.getValueObj=function(n,m){if(n=="utf8"){return new l({str:m})}if(n=="prn"){return new i({str:m})}if(n=="tel"){return new h({str:m})}if(n=="ia5"){return new b({str:m})}if(n=="vis"){return new e({str:m})}if(n=="bmp"){return new k({str:m})}throw new Error("unsupported directory string type: type="+n+" value="+m)};this.getEncodedHex=function(){if(this.dsType==null){this.dsType=this._getDsType()}var n=KJUR.asn1.x509.OID.atype2obj(this.sType);var m=this.getValueObj(this.dsType,this.sValue);var p=new d({array:[n,m]});this.TLV=p.getEncodedHex();return this.TLV};if(c!==undefined){this.setByParam(c)}};YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,m=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,o=d.AlgorithmIdentifier,g=a.crypto,n=g.ECDSA,c=g.DSA;this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var p=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return p};this.getEncodedHex=function(){var p=this.getASN1Object();this.hTLV=p.getEncodedHex();return this.hTLV};this.setPubKey=function(q){try{if(q instanceof RSAKey){var u=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var s=u.getEncodedHex();this.asn1AlgId=new o({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+s})}}catch(p){}try{if(q instanceof KJUR.crypto.ECDSA){var r=new m({name:q.curveName});this.asn1AlgId=new o({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})}}catch(p){}try{if(q instanceof KJUR.crypto.DSA){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new o({name:"dsa",asn1params:r});var t=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+t.getEncodedHex()})}}catch(p){}};if(f!==undefined){this.setPubKey(f)}};YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.getEncodedHex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.getEncodedHex();return this.TLV};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};YAHOO.lang.extend(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1,c=a.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;this.getEncodedHex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw new Error("algorithm not specified")}if(this.nameAlg!==null){var f=null;for(var h in c){if(h===this.nameAlg){f=c[h]}}if(f!==null){this.hTLV=f;return this.hTLV}}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var g=[this.asn1Alg];if(this.asn1Params!==null){g.push(this.asn1Params)}var i=new a.DERSequence({array:g});this.hTLV=i.getEncodedHex();return this.hTLV};if(e!==undefined){if(e.name!==undefined){this.nameAlg=e.name}if(e.asn1params!==undefined){this.asn1Params=e.asn1params}if(e.paramempty!==undefined){this.paramEmpty=e.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){if(this.nameAlg.name!==undefined){this.nameAlg=this.nameAlg.name}var d=this.nameAlg.toLowerCase();if(d.substr(-7,7)!=="withdsa"&&d.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:"300d06092a864886f70d01010a3000",SHA256withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",SHA384withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",SHA512withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"};KJUR.asn1.x509.GeneralName=function(e){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var m=null,i=null,k={rfc822:"81",dns:"82",dn:"a4",uri:"86",ip:"87"},b=KJUR,g=b.asn1,f=g.DERSequence,j=g.DEROctetString,d=g.DERIA5String,c=g.DERTaggedObject,l=g.ASN1Object,a=g.x509.X500Name,h=pemtohex;this.explicit=false;this.setByParam=function(p){var r=null;var u=null;if(p===undefined){return}if(p.rfc822!==undefined){this.type="rfc822";u=new d({str:p[this.type]})}if(p.dns!==undefined){this.type="dns";u=new d({str:p[this.type]})}if(p.uri!==undefined){this.type="uri";u=new d({str:p[this.type]})}if(p.dn!==undefined){this.type="dn";this.explicit=true;if(typeof p.dn==="string"){u=new a({str:p.dn})}else{if(p.dn instanceof KJUR.asn1.x509.X500Name){u=p.dn}else{u=new a(p.dn)}}}if(p.ldapdn!==undefined){this.type="dn";this.explicit=true;u=new a({ldapstr:p.ldapdn})}if(p.certissuer!==undefined){this.type="dn";this.explicit=true;var o=p.certissuer;var w=null;if(o.match(/^[0-9A-Fa-f]+$/)){w==o}if(o.indexOf("-----BEGIN ")!=-1){w=h(o)}if(w==null){throw"certissuer param not cert"}var t=new X509();t.hex=w;var y=t.getIssuerHex();u=new l();u.hTLV=y}if(p.certsubj!==undefined){this.type="dn";this.explicit=true;var o=p.certsubj;var w=null;if(o.match(/^[0-9A-Fa-f]+$/)){w==o}if(o.indexOf("-----BEGIN ")!=-1){w=h(o)}if(w==null){throw"certsubj param not cert"}var t=new X509();t.hex=w;var y=t.getSubjectHex();u=new l();u.hTLV=y}if(p.ip!==undefined){this.type="ip";this.explicit=false;var q=p.ip;var s;var n="malformed IP address";if(q.match(/^[0-9.]+[.][0-9.]+$/)){s=intarystrtohex("["+q.split(".").join(",")+"]");if(s.length!==8){throw n}}else{if(q.match(/^[0-9A-Fa-f:]+:[0-9A-Fa-f:]+$/)){s=ipv6tohex(q)}else{if(q.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){s=q}else{throw n}}}u=new j({hex:s})}if(this.type==null){throw"unsupported type in params="+p}this.asn1Obj=new c({explicit:this.explicit,tag:k[this.type],obj:u})};this.getEncodedHex=function(){return this.asn1Obj.getEncodedHex()};if(e!==undefined){this.setByParam(e)}};YAHOO.lang.extend(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e0){var l=b(m.valhex,p[0]);var o=j(l,0);var s=[];for(var n=0;n1){var q=b(m.valhex,p[1]);m.polhex=q}delete m.valhex};this.getESSCertID=function(n){var o={};var m=j(n,0);if(m.length>0){var p=i(n,m[0]);o.hash=p}if(m.length>1){var l=b(n,m[1]);var q=this.getIssuerSerial(l);if(q.serial!=undefined){o.serial=q.serial}if(q.issuer!=undefined){o.issuer=q.issuer}}return o};this.getIssuerSerial=function(p){var q={};var m=j(p,0);var l=b(p,m[0]);var o=h.getGeneralNames(l);var n=o[0].dn;q.issuer=n;var r=i(p,m[1]);q.serial={hex:r};return q};this.getCertificateSet=function(o){var m=j(o,0);var l=[];for(var n=0;n1){var n=this.getPKIStatusInfo(b(m,k[0]));var l=b(m,k[1]);var o=this.getToken(l);o.statusinfo=n;return o}}};this.getToken=function(l){var k=new KJUR.asn1.cms.CMSParser;var m=k.getCMSSignedData(l);this.setTSTInfo(m);return m};this.setTSTInfo=function(k){var n=k.econtent;if(n.type=="tstinfo"){var m=n.content.hex;var l=this.getTSTInfo(m);n.content=l}};this.getTSTInfo=function(q){var w={};var r=h(q,0);var o=g(q,r[1]);w.policy=hextooid(o);var n=b(q,r[2]);w.messageImprint=this.getMessageImprint(n);var t=g(q,r[3]);w.serial={hex:t};var x=g(q,r[4]);w.genTime={str:hextoutf8(x)};var p=0;if(r.length>5&&q.substr(r[5],2)=="30"){var u=b(q,r[5]);w.accuracy=this.getAccuracy(u);p++}if(r.length>5+p&&q.substr(r[5+p],2)=="01"){var y=g(q,r[5+p]);if(y=="ff"){w.ordering=true}p++}if(r.length>5+p&&q.substr(r[5+p],2)=="02"){var m=g(q,r[5+p]);w.nonce={hex:m};p++}if(r.length>5+p&&q.substr(r[5+p],2)=="a0"){var l=b(q,r[5+p]);l="30"+l.substr(2);pGeneralNames=f.getGeneralNames(l);var s=pGeneralNames[0].dn;w.tsa=s;p++}if(r.length>5+p&&q.substr(r[5+p],2)=="a1"){var k=b(q,r[5+p]);k="30"+k.substr(2);var v=f.getExtParamArray(k);w.ext=v;p++}return w};this.getAccuracy=function(p){var q={};var n=h(p,0);for(var o=0;of.length){f=c[d]}}e=e.replace(f,"::");return e.slice(1,-1)}function hextoip(b){var d="malformed hex value";if(!b.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){throw d}if(b.length==8){var c;try{c=parseInt(b.substr(0,2),16)+"."+parseInt(b.substr(2,2),16)+"."+parseInt(b.substr(4,2),16)+"."+parseInt(b.substr(6,2),16);return c}catch(a){throw d}}else{if(b.length==32){return hextoipv6(b)}else{return b}}}function iptohex(f){var j="malformed IP address";f=f.toLowerCase(f);if(f.match(/^[0-9.]+$/)){var b=f.split(".");if(b.length!==4){throw j}var g="";try{for(var e=0;e<4;e++){var h=parseInt(b[e]);g+=("0"+h.toString(16)).slice(-2)}return g}catch(c){throw j}}else{if(f.match(/^[0-9a-f:]+$/)&&f.indexOf(":")!==-1){return ipv6tohex(f)}else{throw j}}}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;bf.length){f=c[d]}}e=e.replace(f,"::");return e.slice(1,-1)}function hextoip(b){var d="malformed hex value";if(!b.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){throw d}if(b.length==8){var c;try{c=parseInt(b.substr(0,2),16)+"."+parseInt(b.substr(2,2),16)+"."+parseInt(b.substr(4,2),16)+"."+parseInt(b.substr(6,2),16);return c}catch(a){throw d}}else{if(b.length==32){return hextoipv6(b)}else{return b}}}function iptohex(f){var j="malformed IP address";f=f.toLowerCase(f);if(f.match(/^[0-9.]+$/)){var b=f.split(".");if(b.length!==4){throw j}var g="";try{for(var e=0;e<4;e++){var h=parseInt(b[e]);g+=("0"+h.toString(16)).slice(-2)}return g}catch(c){throw j}}else{if(f.match(/^[0-9a-f:]+$/)&&f.indexOf(":")!==-1){return ipv6tohex(f)}else{throw j}}}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.Util=new function(){this.DIGESTINFOHEAD={sha1:"3021300906052b0e03021a05000414",sha224:"302d300d06096086480165030402040500041c",sha256:"3031300d060960864801650304020105000420",sha384:"3041300d060960864801650304020205000430",sha512:"3051300d060960864801650304020305000440",md2:"3020300c06082a864886f70d020205000410",md5:"3020300c06082a864886f70d020505000410",ripemd160:"3021300906052b2403020105000414",};this.DEFAULTPROVIDER={md5:"cryptojs",sha1:"cryptojs",sha224:"cryptojs",sha256:"cryptojs",sha384:"cryptojs",sha512:"cryptojs",ripemd160:"cryptojs",hmacmd5:"cryptojs",hmacsha1:"cryptojs",hmacsha224:"cryptojs",hmacsha256:"cryptojs",hmacsha384:"cryptojs",hmacsha512:"cryptojs",hmacripemd160:"cryptojs",MD5withRSA:"cryptojs/jsrsa",SHA1withRSA:"cryptojs/jsrsa",SHA224withRSA:"cryptojs/jsrsa",SHA256withRSA:"cryptojs/jsrsa",SHA384withRSA:"cryptojs/jsrsa",SHA512withRSA:"cryptojs/jsrsa",RIPEMD160withRSA:"cryptojs/jsrsa",MD5withECDSA:"cryptojs/jsrsa",SHA1withECDSA:"cryptojs/jsrsa",SHA224withECDSA:"cryptojs/jsrsa",SHA256withECDSA:"cryptojs/jsrsa",SHA384withECDSA:"cryptojs/jsrsa",SHA512withECDSA:"cryptojs/jsrsa",RIPEMD160withECDSA:"cryptojs/jsrsa",SHA1withDSA:"cryptojs/jsrsa",SHA224withDSA:"cryptojs/jsrsa",SHA256withDSA:"cryptojs/jsrsa",MD5withRSAandMGF1:"cryptojs/jsrsa",SHAwithRSAandMGF1:"cryptojs/jsrsa",SHA1withRSAandMGF1:"cryptojs/jsrsa",SHA224withRSAandMGF1:"cryptojs/jsrsa",SHA256withRSAandMGF1:"cryptojs/jsrsa",SHA384withRSAandMGF1:"cryptojs/jsrsa",SHA512withRSAandMGF1:"cryptojs/jsrsa",RIPEMD160withRSAandMGF1:"cryptojs/jsrsa",};this.CRYPTOJSMESSAGEDIGESTNAME={md5:CryptoJS.algo.MD5,sha1:CryptoJS.algo.SHA1,sha224:CryptoJS.algo.SHA224,sha256:CryptoJS.algo.SHA256,sha384:CryptoJS.algo.SHA384,sha512:CryptoJS.algo.SHA512,ripemd160:CryptoJS.algo.RIPEMD160};this.getDigestInfoHex=function(a,b){if(typeof this.DIGESTINFOHEAD[b]=="undefined"){throw"alg not supported in Util.DIGESTINFOHEAD: "+b}return this.DIGESTINFOHEAD[b]+a};this.getPaddedDigestInfoHex=function(h,a,j){var c=this.getDigestInfoHex(h,a);var d=j/4;if(c.length+22>d){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f=0;--u){v=v.twice2D();v.z=f.ONE;if(t.testBit(u)){if(s.testBit(u)){v=v.add2D(y)}else{v=v.add2D(x)}}else{if(s.testBit(u)){v=v.add2D(w)}}}return v}this.getBigRandom=function(r){return new f(r.bitLength(),a).mod(r.subtract(f.ONE)).add(f.ONE)};this.setNamedCurve=function(r){this.ecparams=c.getByName(r);this.prvKeyHex=null;this.pubKeyHex=null;this.curveName=r};this.setPrivateKeyHex=function(r){this.isPrivate=true;this.prvKeyHex=r};this.setPublicKeyHex=function(r){this.isPublic=true;this.pubKeyHex=r};this.getPublicKeyXYHex=function(){var t=this.pubKeyHex;if(t.substr(0,2)!=="04"){throw"this method supports uncompressed format(04) only"}var s=this.ecparams.keylen/4;if(t.length!==2+s*2){throw"malformed public key hex length"}var r={};r.x=t.substr(2,s);r.y=t.substr(2+s);return r};this.getShortNISTPCurveName=function(){var r=this.curveName;if(r==="secp256r1"||r==="NIST P-256"||r==="P-256"||r==="prime256v1"){return"P-256"}if(r==="secp384r1"||r==="NIST P-384"||r==="P-384"){return"P-384"}return null};this.generateKeyPairHex=function(){var t=this.ecparams.n;var w=this.getBigRandom(t);var u=this.ecparams.G.multiply(w);var z=u.getX().toBigInteger();var x=u.getY().toBigInteger();var r=this.ecparams.keylen/4;var v=("0000000000"+w.toString(16)).slice(-r);var A=("0000000000"+z.toString(16)).slice(-r);var y=("0000000000"+x.toString(16)).slice(-r);var s="04"+A+y;this.setPrivateKeyHex(v);this.setPublicKeyHex(s);return{ecprvhex:v,ecpubhex:s}};this.signWithMessageHash=function(r){return this.signHex(r,this.prvKeyHex)};this.signHex=function(x,u){var A=new f(u,16);var v=this.ecparams.n;var z=new f(x.substring(0,this.ecparams.keylen/4),16);do{var w=this.getBigRandom(v);var B=this.ecparams.G;var y=B.multiply(w);var t=y.getX().toBigInteger().mod(v)}while(t.compareTo(f.ZERO)<=0);var C=w.modInverse(v).multiply(z.add(A.multiply(t))).mod(v);return m.biRSSigToASN1Sig(t,C)};this.sign=function(w,B){var z=B;var u=this.ecparams.n;var y=f.fromByteArrayUnsigned(w);do{var v=this.getBigRandom(u);var A=this.ecparams.G;var x=A.multiply(v);var t=x.getX().toBigInteger().mod(u)}while(t.compareTo(BigInteger.ZERO)<=0);var C=v.modInverse(u).multiply(y.add(z.multiply(t))).mod(u);return this.serializeSig(t,C)};this.verifyWithMessageHash=function(s,r){return this.verifyHex(s,r,this.pubKeyHex)};this.verifyHex=function(v,y,u){try{var t,B;var w=m.parseSigHex(y);t=w.r;B=w.s;var x=h.decodeFromHex(this.ecparams.curve,u);var z=new f(v.substring(0,this.ecparams.keylen/4),16);return this.verifyRaw(z,t,B,x)}catch(A){return false}};this.verify=function(z,A,u){var w,t;if(Bitcoin.Util.isArray(A)){var y=this.parseSig(A);w=y.r;t=y.s}else{if("object"===typeof A&&A.r&&A.s){w=A.r;t=A.s}else{throw"Invalid value for signature"}}var v;if(u instanceof ECPointFp){v=u}else{if(Bitcoin.Util.isArray(u)){v=h.decodeFrom(this.ecparams.curve,u)}else{throw"Invalid format for pubkey value, must be byte array or ECPointFp"}}var x=f.fromByteArrayUnsigned(z);return this.verifyRaw(x,w,t,v)};this.verifyRaw=function(z,t,E,y){var x=this.ecparams.n;var D=this.ecparams.G;if(t.compareTo(f.ONE)<0||t.compareTo(x)>=0){return false}if(E.compareTo(f.ONE)<0||E.compareTo(x)>=0){return false}var A=E.modInverse(x);var w=z.multiply(A).mod(x);var u=t.multiply(A).mod(x);var B=D.multiply(w).add(y.multiply(u));var C=B.getX().toBigInteger().mod(x);return C.equals(t)};this.serializeSig=function(v,u){var w=v.toByteArraySigned();var t=u.toByteArraySigned();var x=[];x.push(2);x.push(w.length);x=x.concat(w);x.push(2);x.push(t.length);x=x.concat(t);x.unshift(x.length);x.unshift(48);return x};this.parseSig=function(y){var x;if(y[0]!=48){throw new Error("Signature not a valid DERSequence")}x=2;if(y[x]!=2){throw new Error("First element in signature must be a DERInteger")}var w=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];if(y[x]!=2){throw new Error("Second element in signature must be a DERInteger")}var t=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];var v=f.fromByteArrayUnsigned(w);var u=f.fromByteArrayUnsigned(t);return{r:v,s:u}};this.parseSigCompact=function(w){if(w.length!==65){throw"Signature has the wrong length"}var t=w[0]-27;if(t<0||t>7){throw"Invalid signature type"}var x=this.ecparams.n;var v=f.fromByteArrayUnsigned(w.slice(1,33)).mod(x);var u=f.fromByteArrayUnsigned(w.slice(33,65)).mod(x);return{r:v,s:u,i:t}};this.readPKCS5PrvKeyHex=function(u){if(k(u)===false){throw new Error("not ASN.1 hex string")}var r,t,v;try{r=n(u,0,["[0]",0],"06");t=n(u,0,[1],"04");try{v=n(u,0,["[1]",0],"03")}catch(s){}}catch(s){throw new Error("malformed PKCS#1/5 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v);this.setPrivateKeyHex(t);this.isPublic=false};this.readPKCS8PrvKeyHex=function(v){if(k(v)===false){throw new j("not ASN.1 hex string")}var t,r,u,w;try{t=n(v,0,[1,0],"06");r=n(v,0,[1,1],"06");u=n(v,0,[2,0,1],"04");try{w=n(v,0,[2,0,"[1]",0],"03")}catch(s){}}catch(s){throw new j("malformed PKCS#8 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(w);this.setPrivateKeyHex(u);this.isPublic=false};this.readPKCS8PubKeyHex=function(u){if(k(u)===false){throw new j("not ASN.1 hex string")}var t,r,v;try{t=n(u,0,[0,0],"06");r=n(u,0,[0,1],"06");v=n(u,0,[1],"03")}catch(s){throw new j("malformed PKCS#8 ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v)};this.readCertPubKeyHex=function(t,v){if(k(t)===false){throw new j("not ASN.1 hex string")}var r,u;try{r=n(t,0,[0,5,0,1],"06");u=n(t,0,[0,5,1],"03")}catch(s){throw new j("malformed X.509 certificate ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(u)};if(e!==undefined){if(e.curve!==undefined){this.curveName=e.curve}}if(this.curveName===undefined){this.curveName=g}this.setNamedCurve(this.curveName);if(e!==undefined){if(e.prv!==undefined){this.setPrivateKeyHex(e.prv)}if(e.pub!==undefined){this.setPublicKeyHex(e.pub)}}};KJUR.crypto.ECDSA.parseSigHex=function(a){var b=KJUR.crypto.ECDSA.parseSigHexInHexRS(a);var d=new BigInteger(b.r,16);var c=new BigInteger(b.s,16);return{r:d,s:c}};KJUR.crypto.ECDSA.parseSigHexInHexRS=function(f){var j=ASN1HEX,i=j.getChildIdx,g=j.getV;j.checkStrictDER(f,0);if(f.substr(0,2)!="30"){throw new Error("signature is not a ASN.1 sequence")}var h=i(f,0);if(h.length!=2){throw new Error("signature shall have two elements")}var e=h[0];var d=h[1];if(f.substr(e,2)!="02"){throw new Error("1st item not ASN.1 integer")}if(f.substr(d,2)!="02"){throw new Error("2nd item not ASN.1 integer")}var c=g(f,e);var b=g(f,d);return{r:c,s:b}};KJUR.crypto.ECDSA.asn1SigToConcatSig=function(c){var d=KJUR.crypto.ECDSA.parseSigHexInHexRS(c);var b=d.r;var a=d.s;if(b.substr(0,2)=="00"&&(b.length%32)==2){b=b.substr(2)}if(a.substr(0,2)=="00"&&(a.length%32)==2){a=a.substr(2)}if((b.length%32)==30){b="00"+b}if((a.length%32)==30){a="00"+a}if(b.length%32!=0){throw"unknown ECDSA sig r length error"}if(a.length%32!=0){throw"unknown ECDSA sig s length error"}return b+a};KJUR.crypto.ECDSA.concatSigToASN1Sig=function(a){if((((a.length/2)*8)%(16*8))!=0){throw"unknown ECDSA concatinated r-s sig length error"}var c=a.substr(0,a.length/2);var b=a.substr(a.length/2);return KJUR.crypto.ECDSA.hexRSSigToASN1Sig(c,b)};KJUR.crypto.ECDSA.hexRSSigToASN1Sig=function(b,a){var d=new BigInteger(b,16);var c=new BigInteger(a,16);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(d,c)};KJUR.crypto.ECDSA.biRSSigToASN1Sig=function(f,d){var c=KJUR.asn1;var b=new c.DERInteger({bigint:f});var a=new c.DERInteger({bigint:d});var e=new c.DERSequence({array:[b,a]});return e.getEncodedHex()};KJUR.crypto.ECDSA.getName=function(a){if(a==="2b8104001f"){return"secp192k1"}if(a==="2a8648ce3d030107"){return"secp256r1"}if(a==="2b8104000a"){return"secp256k1"}if(a==="2b81040021"){return"secp224r1"}if(a==="2b81040022"){return"secp384r1"}if("|secp256r1|NIST P-256|P-256|prime256v1|".indexOf(a)!==-1){return"secp256r1"}if("|secp256k1|".indexOf(a)!==-1){return"secp256k1"}if("|secp224r1|NIST P-224|P-224|".indexOf(a)!==-1){return"secp224r1"}if("|secp384r1|NIST P-384|P-384|".indexOf(a)!==-1){return"secp384r1"}return null}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.ECParameterDB=new function(){var b={};var c={};function a(d){return new BigInteger(d,16)}this.getByName=function(e){var d=e;if(typeof c[d]!="undefined"){d=c[e]}if(typeof b[d]!="undefined"){return b[d]}throw"unregistered EC curve name: "+d};this.regist=function(A,l,o,g,m,e,j,f,k,u,d,x){b[A]={};var s=a(o);var z=a(g);var y=a(m);var t=a(e);var w=a(j);var r=new ECCurveFp(s,z,y);var q=r.decodePointHex("04"+f+k);b[A]["name"]=A;b[A]["keylen"]=l;b[A]["curve"]=r;b[A]["G"]=q;b[A]["n"]=t;b[A]["h"]=w;b[A]["oid"]=d;b[A]["info"]=x;for(var v=0;v=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+A.length}if(w(y,A[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=z(y,A[1]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=z(y,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length}if(w(y,s[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=z(y,s[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=u(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=u(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=t(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var w=r[0];if(t.substr(w,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=u(t,w);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(t.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw"unsupported PKCS#1/5 hexadecimal key"}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+f}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var G=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return G}function B(G){var s=l({seq:[{"int":1},{octstr:{hex:G.prvKeyHex}},{tag:["a0",true,{oid:{name:G.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+G.pubKeyHex}}]}]});return s}function x(s){var G=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return G}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.getEncodedHex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.getEncodedHex();var h=B(b);var t=h.getEncodedHex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(G,s){var I=c(G,s);var H=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:I.pbkdf2Salt}},{"int":I.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:I.encryptionSchemeIV}}]}]}]},{octstr:{hex:I.ciphertext}}]});return H.getEncodedHex()};var c=function(N,O){var H=100;var M=CryptoJS.lib.WordArray.random(8);var L="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var I=CryptoJS.PBKDF2(O,M,{keySize:192/32,iterations:H});var J=CryptoJS.enc.Hex.parse(N);var K=CryptoJS.TripleDES.encrypt(J,I,{iv:s})+"";var G={};G.ciphertext=K;G.pbkdf2Salt=CryptoJS.enc.Hex.stringify(M);G.pbkdf2Iter=H;G.encryptionSchemeAlg=L;G.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return G};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var g=new l({seq:[{"int":1},{octstr:{hex:b.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]}]});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var e=f(g,0);if(e.length<1){throw"malformed CSR(code:002)"}if(g.substr(e[0],2)!="30"){throw"malformed CSR(code:003)"}var a=f(g,e[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWKFromKey=function(d){var b={};if(d instanceof RSAKey&&d.isPrivate){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));b.d=hextob64u(d.d.toString(16));b.p=hextob64u(d.p.toString(16));b.q=hextob64u(d.q.toString(16));b.dp=hextob64u(d.dmp1.toString(16));b.dq=hextob64u(d.dmq1.toString(16));b.qi=hextob64u(d.coeff.toString(16));return b}else{if(d instanceof RSAKey&&d.isPublic){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPrivate){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);b.d=hextob64u(d.prvKeyHex);return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPublic){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);return b}}}}throw"not supported key object"}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/jsrsasign-jwths-min.js b/jsrsasign-jwths-min.js index 555d76ed..0c3be9ed 100644 --- a/jsrsasign-jwths-min.js +++ b/jsrsasign-jwths-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(jwths) 10.0.5 (2020-11-04) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license + * jsrsasign(jwths) 10.1.0 (2020-11-19) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license */ /*! @@ -119,6 +119,6 @@ var rng_state;var rng_pool;var rng_pptr;function rng_seed_int(a){rng_pool[rng_pp /*! Mike Samuel (c) 2009 | code.google.com/p/json-sans-eval */ var jsonParse=(function(){var e="(?:-?\\b(?:0|[1-9][0-9]*)(?:\\.[0-9]+)?(?:[eE][+-]?[0-9]+)?\\b)";var j='(?:[^\\0-\\x08\\x0a-\\x1f"\\\\]|\\\\(?:["/\\\\bfnrt]|u[0-9A-Fa-f]{4}))';var i='(?:"'+j+'*")';var d=new RegExp("(?:false|true|null|[\\{\\}\\[\\]]|"+e+"|"+i+")","g");var k=new RegExp("\\\\(?:([^u])|u(.{4}))","g");var g={'"':'"',"/":"/","\\":"\\",b:"\b",f:"\f",n:"\n",r:"\r",t:"\t"};function h(l,m,n){return m?g[m]:String.fromCharCode(parseInt(n,16))}var c=new String("");var a="\\";var f={"{":Object,"[":Array};var b=Object.hasOwnProperty;return function(u,q){var p=u.match(d);var x;var v=p[0];var l=false;if("{"===v){x={}}else{if("["===v){x=[]}else{x=[];l=true}}var t;var r=[x];for(var o=1-l,m=p.length;o=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); -var KJUR;if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.lang=="undefined"||!KJUR.lang){KJUR.lang={}}KJUR.lang.String=function(){};function Base64x(){}function stoBA(d){var b=new Array();for(var c=0;cf.length){f=c[d]}}e=e.replace(f,"::");return e.slice(1,-1)}function hextoip(b){var d="malformed hex value";if(!b.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){throw d}if(b.length==8){var c;try{c=parseInt(b.substr(0,2),16)+"."+parseInt(b.substr(2,2),16)+"."+parseInt(b.substr(4,2),16)+"."+parseInt(b.substr(6,2),16);return c}catch(a){throw d}}else{if(b.length==32){return hextoipv6(b)}else{return b}}}function iptohex(f){var j="malformed IP address";f=f.toLowerCase(f);if(f.match(/^[0-9.]+$/)){var b=f.split(".");if(b.length!==4){throw j}var g="";try{for(var e=0;e<4;e++){var h=parseInt(b[e]);g+=("0"+h.toString(16)).slice(-2)}return g}catch(c){throw j}}else{if(f.match(/^[0-9a-f:]+$/)&&f.indexOf(":")!==-1){return ipv6tohex(f)}else{throw j}}}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;bf.length){f=c[d]}}e=e.replace(f,"::");return e.slice(1,-1)}function hextoip(b){var d="malformed hex value";if(!b.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){throw d}if(b.length==8){var c;try{c=parseInt(b.substr(0,2),16)+"."+parseInt(b.substr(2,2),16)+"."+parseInt(b.substr(4,2),16)+"."+parseInt(b.substr(6,2),16);return c}catch(a){throw d}}else{if(b.length==32){return hextoipv6(b)}else{return b}}}function iptohex(f){var j="malformed IP address";f=f.toLowerCase(f);if(f.match(/^[0-9.]+$/)){var b=f.split(".");if(b.length!==4){throw j}var g="";try{for(var e=0;e<4;e++){var h=parseInt(b[e]);g+=("0"+h.toString(16)).slice(-2)}return g}catch(c){throw j}}else{if(f.match(/^[0-9a-f:]+$/)&&f.indexOf(":")!==-1){return ipv6tohex(f)}else{throw j}}}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.Util=new function(){this.DIGESTINFOHEAD={sha1:"3021300906052b0e03021a05000414",sha224:"302d300d06096086480165030402040500041c",sha256:"3031300d060960864801650304020105000420",sha384:"3041300d060960864801650304020205000430",sha512:"3051300d060960864801650304020305000440",md2:"3020300c06082a864886f70d020205000410",md5:"3020300c06082a864886f70d020505000410",ripemd160:"3021300906052b2403020105000414",};this.DEFAULTPROVIDER={md5:"cryptojs",sha1:"cryptojs",sha224:"cryptojs",sha256:"cryptojs",sha384:"cryptojs",sha512:"cryptojs",ripemd160:"cryptojs",hmacmd5:"cryptojs",hmacsha1:"cryptojs",hmacsha224:"cryptojs",hmacsha256:"cryptojs",hmacsha384:"cryptojs",hmacsha512:"cryptojs",hmacripemd160:"cryptojs",MD5withRSA:"cryptojs/jsrsa",SHA1withRSA:"cryptojs/jsrsa",SHA224withRSA:"cryptojs/jsrsa",SHA256withRSA:"cryptojs/jsrsa",SHA384withRSA:"cryptojs/jsrsa",SHA512withRSA:"cryptojs/jsrsa",RIPEMD160withRSA:"cryptojs/jsrsa",MD5withECDSA:"cryptojs/jsrsa",SHA1withECDSA:"cryptojs/jsrsa",SHA224withECDSA:"cryptojs/jsrsa",SHA256withECDSA:"cryptojs/jsrsa",SHA384withECDSA:"cryptojs/jsrsa",SHA512withECDSA:"cryptojs/jsrsa",RIPEMD160withECDSA:"cryptojs/jsrsa",SHA1withDSA:"cryptojs/jsrsa",SHA224withDSA:"cryptojs/jsrsa",SHA256withDSA:"cryptojs/jsrsa",MD5withRSAandMGF1:"cryptojs/jsrsa",SHAwithRSAandMGF1:"cryptojs/jsrsa",SHA1withRSAandMGF1:"cryptojs/jsrsa",SHA224withRSAandMGF1:"cryptojs/jsrsa",SHA256withRSAandMGF1:"cryptojs/jsrsa",SHA384withRSAandMGF1:"cryptojs/jsrsa",SHA512withRSAandMGF1:"cryptojs/jsrsa",RIPEMD160withRSAandMGF1:"cryptojs/jsrsa",};this.CRYPTOJSMESSAGEDIGESTNAME={md5:CryptoJS.algo.MD5,sha1:CryptoJS.algo.SHA1,sha224:CryptoJS.algo.SHA224,sha256:CryptoJS.algo.SHA256,sha384:CryptoJS.algo.SHA384,sha512:CryptoJS.algo.SHA512,ripemd160:CryptoJS.algo.RIPEMD160};this.getDigestInfoHex=function(a,b){if(typeof this.DIGESTINFOHEAD[b]=="undefined"){throw"alg not supported in Util.DIGESTINFOHEAD: "+b}return this.DIGESTINFOHEAD[b]+a};this.getPaddedDigestInfoHex=function(h,a,j){var c=this.getDigestInfoHex(h,a);var d=j/4;if(c.length+22>d){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriod=a.length){return null}}var e="";while(++f191)&&(h<224)){e+=String.fromCharCode(((h&31)<<6)|(a[f+1]&63));++f}else{e+=String.fromCharCode(((h&15)<<12)|((a[f+1]&63)<<6)|(a[f+2]&63));f+=2}}}return e}function oaep_mgf1_str(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255]));d+=1}return b}function oaep_unpad(o,b,g,p){var e=KJUR.crypto.MessageDigest;var r=KJUR.crypto.Util;var c=null;if(!g){g="sha1"}if(typeof g==="string"){c=e.getCanonicalAlgName(g);p=e.getHashLength(c);g=function(d){return hextorstr(r.hashHex(rstrtohex(d),c))}}o=o.toByteArray();var h;for(h=0;h0&&a.length>0){this.n=parseBigInt(c,16);this.e=parseInt(a,16);this.d=parseBigInt(b,16)}else{throw"Invalid RSA private key"}}}function RSASetPrivateEx(g,d,e,c,b,a,h,f){this.isPrivate=true;this.isPublic=false;if(g==null){throw"RSASetPrivateEx N == null"}if(d==null){throw"RSASetPrivateEx E == null"}if(g.length==0){throw"RSASetPrivateEx N.length == 0"}if(d.length==0){throw"RSASetPrivateEx E.length == 0"}if(g!=null&&d!=null&&g.length>0&&d.length>0){this.n=parseBigInt(g,16);this.e=parseInt(d,16);this.d=parseBigInt(e,16);this.p=parseBigInt(c,16);this.q=parseBigInt(b,16);this.dmp1=parseBigInt(a,16);this.dmq1=parseBigInt(h,16);this.coeff=parseBigInt(f,16)}else{throw"Invalid RSA private key in RSASetPrivateEx"}}function RSAGenerate(b,i){var a=new SecureRandom();var f=b>>1;this.e=parseInt(i,16);var c=new BigInteger(i,16);for(;;){for(;;){this.p=new BigInteger(b-f,1,a);if(this.p.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.p.isProbablePrime(10)){break}}for(;;){this.q=new BigInteger(f,1,a);if(this.q.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.q.isProbablePrime(10)){break}}if(this.p.compareTo(this.q)<=0){var h=this.p;this.p=this.q;this.q=h}var g=this.p.subtract(BigInteger.ONE);var d=this.q.subtract(BigInteger.ONE);var e=g.multiply(d);if(e.gcd(c).compareTo(BigInteger.ONE)==0){this.n=this.p.multiply(this.q);if(this.n.bitLength()==b){this.d=c.modInverse(e);this.dmp1=this.d.mod(g);this.dmq1=this.d.mod(d);this.coeff=this.q.modInverse(this.p);break}}}this.isPrivate=true}function RSADoPrivate(a){if(this.p==null||this.q==null){return a.modPow(this.d,this.n)}var c=a.mod(this.p).modPow(this.dmp1,this.p);var b=a.mod(this.q).modPow(this.dmq1,this.q);while(c.compareTo(b)<0){c=c.add(this.p)}return c.subtract(b).multiply(this.coeff).mod(this.p).multiply(this.q).add(b)}function RSADecrypt(b){if(b.length!=Math.ceil(this.n.bitLength()/4)){throw new Error("wrong ctext length")}var d=parseBigInt(b,16);var a=this.doPrivate(d);if(a==null){return null}return pkcs1unpad2(a,(this.n.bitLength()+7)>>3)}function RSADecryptOAEP(e,d,b){if(e.length!=Math.ceil(this.n.bitLength()/4)){throw new Error("wrong ctext length")}var f=parseBigInt(e,16);var a=this.doPrivate(f);if(a==null){return null}return oaep_unpad(a,(this.n.bitLength()+7)>>3,d,b)}RSAKey.prototype.doPrivate=RSADoPrivate;RSAKey.prototype.setPrivate=RSASetPrivate;RSAKey.prototype.setPrivateEx=RSASetPrivateEx;RSAKey.prototype.generate=RSAGenerate;RSAKey.prototype.decrypt=RSADecrypt;RSAKey.prototype.decryptOAEP=RSADecryptOAEP; -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw"ASN.1 length too long to represent by 8x: n = "+j.toString(16)}var g=128+h;return g.toString(16)+i}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;ef.length){f=c[d]}}e=e.replace(f,"::");return e.slice(1,-1)}function hextoip(b){var d="malformed hex value";if(!b.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){throw d}if(b.length==8){var c;try{c=parseInt(b.substr(0,2),16)+"."+parseInt(b.substr(2,2),16)+"."+parseInt(b.substr(4,2),16)+"."+parseInt(b.substr(6,2),16);return c}catch(a){throw d}}else{if(b.length==32){return hextoipv6(b)}else{return b}}}function iptohex(f){var j="malformed IP address";f=f.toLowerCase(f);if(f.match(/^[0-9.]+$/)){var b=f.split(".");if(b.length!==4){throw j}var g="";try{for(var e=0;e<4;e++){var h=parseInt(b[e]);g+=("0"+h.toString(16)).slice(-2)}return g}catch(c){throw j}}else{if(f.match(/^[0-9a-f:]+$/)&&f.indexOf(":")!==-1){return ipv6tohex(f)}else{throw j}}}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b15){throw"ASN.1 length too long to represent by 8x: n = "+j.toString(16)}var g=128+h;return g.toString(16)+i}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.getInt=function(d,b,e){if(e==undefined){e=-1}try{if(d.substr(b,2)!="02"){return e}var a=ASN1HEX.getV(d,b);return parseInt(a,16)}catch(c){return e}};ASN1HEX.getOID=function(c,a,d){if(d==undefined){d=null}try{if(c.substr(a,2)!="06"){return d}var e=ASN1HEX.getV(c,a);return hextooid(e)}catch(b){return d}};ASN1HEX.getOIDName=function(d,a,f){if(f==undefined){f=null}try{var e=ASN1HEX.getOID(d,a,f);if(e==f){return f}var b=KJUR.asn1.x509.OID.oid2name(e);if(b==""){return e}return b}catch(c){return f}};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;ef.length){f=c[d]}}e=e.replace(f,"::");return e.slice(1,-1)}function hextoip(b){var d="malformed hex value";if(!b.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){throw d}if(b.length==8){var c;try{c=parseInt(b.substr(0,2),16)+"."+parseInt(b.substr(2,2),16)+"."+parseInt(b.substr(4,2),16)+"."+parseInt(b.substr(6,2),16);return c}catch(a){throw d}}else{if(b.length==32){return hextoipv6(b)}else{return b}}}function iptohex(f){var j="malformed IP address";f=f.toLowerCase(f);if(f.match(/^[0-9.]+$/)){var b=f.split(".");if(b.length!==4){throw j}var g="";try{for(var e=0;e<4;e++){var h=parseInt(b[e]);g+=("0"+h.toString(16)).slice(-2)}return g}catch(c){throw j}}else{if(f.match(/^[0-9a-f:]+$/)&&f.indexOf(":")!==-1){return ipv6tohex(f)}else{throw j}}}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.Util=new function(){this.DIGESTINFOHEAD={sha1:"3021300906052b0e03021a05000414",sha224:"302d300d06096086480165030402040500041c",sha256:"3031300d060960864801650304020105000420",sha384:"3041300d060960864801650304020205000430",sha512:"3051300d060960864801650304020305000440",md2:"3020300c06082a864886f70d020205000410",md5:"3020300c06082a864886f70d020505000410",ripemd160:"3021300906052b2403020105000414",};this.DEFAULTPROVIDER={md5:"cryptojs",sha1:"cryptojs",sha224:"cryptojs",sha256:"cryptojs",sha384:"cryptojs",sha512:"cryptojs",ripemd160:"cryptojs",hmacmd5:"cryptojs",hmacsha1:"cryptojs",hmacsha224:"cryptojs",hmacsha256:"cryptojs",hmacsha384:"cryptojs",hmacsha512:"cryptojs",hmacripemd160:"cryptojs",MD5withRSA:"cryptojs/jsrsa",SHA1withRSA:"cryptojs/jsrsa",SHA224withRSA:"cryptojs/jsrsa",SHA256withRSA:"cryptojs/jsrsa",SHA384withRSA:"cryptojs/jsrsa",SHA512withRSA:"cryptojs/jsrsa",RIPEMD160withRSA:"cryptojs/jsrsa",MD5withECDSA:"cryptojs/jsrsa",SHA1withECDSA:"cryptojs/jsrsa",SHA224withECDSA:"cryptojs/jsrsa",SHA256withECDSA:"cryptojs/jsrsa",SHA384withECDSA:"cryptojs/jsrsa",SHA512withECDSA:"cryptojs/jsrsa",RIPEMD160withECDSA:"cryptojs/jsrsa",SHA1withDSA:"cryptojs/jsrsa",SHA224withDSA:"cryptojs/jsrsa",SHA256withDSA:"cryptojs/jsrsa",MD5withRSAandMGF1:"cryptojs/jsrsa",SHAwithRSAandMGF1:"cryptojs/jsrsa",SHA1withRSAandMGF1:"cryptojs/jsrsa",SHA224withRSAandMGF1:"cryptojs/jsrsa",SHA256withRSAandMGF1:"cryptojs/jsrsa",SHA384withRSAandMGF1:"cryptojs/jsrsa",SHA512withRSAandMGF1:"cryptojs/jsrsa",RIPEMD160withRSAandMGF1:"cryptojs/jsrsa",};this.CRYPTOJSMESSAGEDIGESTNAME={md5:CryptoJS.algo.MD5,sha1:CryptoJS.algo.SHA1,sha224:CryptoJS.algo.SHA224,sha256:CryptoJS.algo.SHA256,sha384:CryptoJS.algo.SHA384,sha512:CryptoJS.algo.SHA512,ripemd160:CryptoJS.algo.RIPEMD160};this.getDigestInfoHex=function(a,b){if(typeof this.DIGESTINFOHEAD[b]=="undefined"){throw"alg not supported in Util.DIGESTINFOHEAD: "+b}return this.DIGESTINFOHEAD[b]+a};this.getPaddedDigestInfoHex=function(h,a,j){var c=this.getDigestInfoHex(h,a);var d=j/4;if(c.length+22>d){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q15){throw"ASN.1 length too long to represent by 8x: n = "+j.toString(16)}var g=128+h;return g.toString(16)+i}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||715){throw"ASN.1 length too long to represent by 8x: n = "+j.toString(16)}var g=128+h;return g.toString(16)+i}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||70){var l=b(m.valhex,p[0]);var o=j(l,0);var s=[];for(var n=0;n1){var q=b(m.valhex,p[1]);m.polhex=q}delete m.valhex};this.getESSCertID=function(n){var o={};var m=j(n,0);if(m.length>0){var p=i(n,m[0]);o.hash=p}if(m.length>1){var l=b(n,m[1]);var q=this.getIssuerSerial(l);if(q.serial!=undefined){o.serial=q.serial}if(q.issuer!=undefined){o.issuer=q.issuer}}return o};this.getIssuerSerial=function(p){var q={};var m=j(p,0);var l=b(p,m[0]);var o=h.getGeneralNames(l);var n=o[0].dn;q.issuer=n;var r=i(p,m[1]);q.serial={hex:r};return q};this.getCertificateSet=function(o){var m=j(o,0);var l=[];for(var n=0;n=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;e=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.getInt=function(d,b,e){if(e==undefined){e=-1}try{if(d.substr(b,2)!="02"){return e}var a=ASN1HEX.getV(d,b);return parseInt(a,16)}catch(c){return e}};ASN1HEX.getOID=function(c,a,d){if(d==undefined){d=null}try{if(c.substr(a,2)!="06"){return d}var e=ASN1HEX.getV(c,a);return hextooid(e)}catch(b){return d}};ASN1HEX.getOIDName=function(d,a,f){if(f==undefined){f=null}try{var e=ASN1HEX.getOID(d,a,f);if(e==f){return f}var b=KJUR.asn1.x509.OID.oid2name(e);if(b==""){return e}return b}catch(c){return f}};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;e1){var n=this.getPKIStatusInfo(b(m,k[0]));var l=b(m,k[1]);var o=this.getToken(l);o.statusinfo=n;return o}}};this.getToken=function(l){var k=new KJUR.asn1.cms.CMSParser;var m=k.getCMSSignedData(l);this.setTSTInfo(m);return m};this.setTSTInfo=function(k){var n=k.econtent;if(n.type=="tstinfo"){var m=n.content.hex;var l=this.getTSTInfo(m);n.content=l}};this.getTSTInfo=function(q){var w={};var r=h(q,0);var o=g(q,r[1]);w.policy=hextooid(o);var n=b(q,r[2]);w.messageImprint=this.getMessageImprint(n);var t=g(q,r[3]);w.serial={hex:t};var x=g(q,r[4]);w.genTime={str:hextoutf8(x)};var p=0;if(r.length>5&&q.substr(r[5],2)=="30"){var u=b(q,r[5]);w.accuracy=this.getAccuracy(u);p++}if(r.length>5+p&&q.substr(r[5+p],2)=="01"){var y=g(q,r[5+p]);if(y=="ff"){w.ordering=true}p++}if(r.length>5+p&&q.substr(r[5+p],2)=="02"){var m=g(q,r[5+p]);w.nonce={hex:m};p++}if(r.length>5+p&&q.substr(r[5+p],2)=="a0"){var l=b(q,r[5+p]);l="30"+l.substr(2);pGeneralNames=f.getGeneralNames(l);var s=pGeneralNames[0].dn;w.tsa=s;p++}if(r.length>5+p&&q.substr(r[5+p],2)=="a1"){var k=b(q,r[5+p]);k="30"+k.substr(2);var v=f.getExtParamArray(k);w.ext=v;p++}return w};this.getAccuracy=function(p){var q={};var n=h(p,0);for(var o=0;o0){n.push(new c({tag:"a3",obj:new j(q.ext)}))}var o=new KJUR.asn1.DERSequence({array:n});return o.getEncodedHex()};if(f!==undefined){this.setByParam(f)}};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extensions=function(d){KJUR.asn1.x509.Extensions.superclass.constructor.call(this);var c=KJUR,b=c.asn1,a=b.DERSequence,e=b.x509;this.aParam=[];this.setByParam=function(f){this.aParam=f};this.getEncodedHex=function(){var f=[];for(var h=0;h-1){i.push(new f({"int":this.pathLen}))}var h=new b({array:i});this.asn1ExtnValue=h;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(g!==undefined){if(g.cA!==undefined){this.cA=g.cA}if(g.pathLen!==undefined){this.pathLen=g.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(e){var f=[];for(var g=0;g0){f.push(new b({array:j}))}}var g=new b({array:f});return g.getEncodedHex()};if(d!==undefined){this.params=d}};YAHOO.lang.extend(KJUR.asn1.x509.PolicyInformation,KJUR.asn1.ASN1Object);KJUR.asn1.x509.PolicyQualifierInfo=function(e){KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,e);var c=KJUR.asn1,b=c.DERSequence,d=c.DERIA5String,f=c.DERObjectIdentifier,a=c.x509.UserNotice;this.params=null;this.getEncodedHex=function(){if(this.params.cps!==undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.1"}),new d({str:this.params.cps})]});return g.getEncodedHex()}if(this.params.unotice!=undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.2"}),new a(this.params.unotice)]});return g.getEncodedHex()}};if(e!==undefined){this.params=e}};YAHOO.lang.extend(KJUR.asn1.x509.PolicyQualifierInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.UserNotice=function(e){KJUR.asn1.x509.UserNotice.superclass.constructor.call(this,e);var a=KJUR.asn1.DERSequence,d=KJUR.asn1.DERInteger,c=KJUR.asn1.x509.DisplayText,b=KJUR.asn1.x509.NoticeReference;this.params=null;this.getEncodedHex=function(){var f=[];if(this.params.noticeref!==undefined){f.push(new b(this.params.noticeref))}if(this.params.exptext!==undefined){f.push(new c(this.params.exptext))}var g=new a({array:f});return g.getEncodedHex()};if(e!==undefined){this.params=e}};YAHOO.lang.extend(KJUR.asn1.x509.UserNotice,KJUR.asn1.ASN1Object);KJUR.asn1.x509.NoticeReference=function(d){KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this,d);var a=KJUR.asn1.DERSequence,c=KJUR.asn1.DERInteger,b=KJUR.asn1.x509.DisplayText;this.params=null;this.getEncodedHex=function(){var f=[];if(this.params.org!==undefined){f.push(new b(this.params.org))}if(this.params.noticenum!==undefined){var h=[];var e=this.params.noticenum;for(var j=0;j0){for(var g=0;g0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.X500Name.ldapToOneline=function(a){return KJUR.asn1.x509.X500Name.ldapToCompat(a)};KJUR.asn1.x509.RDN=function(b){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=[];this.paramArray=[];this.sRule="utf8";var a=KJUR.asn1.x509.AttributeTypeAndValue;this.setByParam=function(c){if(c.rule!==undefined){this.sRule=c.rule}if(c.str!==undefined){this.addByMultiValuedString(c.str)}if(c.array!==undefined){this.paramArray=c.array}};this.addByString=function(c){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:c,rule:this.sRule}))};this.addByMultiValuedString=function(e){var c=KJUR.asn1.x509.RDN.parseString(e);for(var d=0;d0){for(var d=0;d0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(c){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);this.sRule="utf8";this.sType=null;this.sValue=null;this.dsType=null;var a=KJUR,g=a.asn1,d=g.DERSequence,l=g.DERUTF8String,i=g.DERPrintableString,h=g.DERTeletexString,b=g.DERIA5String,e=g.DERVisibleString,k=g.DERBMPString,f=a.lang.String.isMail,j=a.lang.String.isPrintable;this.setByParam=function(o){if(o.rule!==undefined){this.sRule=o.rule}if(o.ds!==undefined){this.dsType=o.ds}if(o.value===undefined&&o.str!==undefined){var n=o.str;var m=n.match(/^([^=]+)=(.+)$/);if(m){this.sType=m[1];this.sValue=m[2]}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}}else{this.sType=o.type;this.sValue=o.value}};this.setByString=function(n,o){if(o!==undefined){this.sRule=o}var m=n.match(/^([^=]+)=(.+)$/);if(m){this.setByAttrTypeAndValueStr(m[1],m[2])}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}};this._getDsType=function(){var o=this.sType;var n=this.sValue;var m=this.sRule;if(m==="prn"){if(o=="CN"&&f(n)){return"ia5"}if(j(n)){return"prn"}return"utf8"}else{if(m==="utf8"){if(o=="CN"&&f(n)){return"ia5"}if(o=="C"){return"prn"}return"utf8"}}return"utf8"};this.setByAttrTypeAndValueStr=function(o,n,m){if(m!==undefined){this.sRule=m}this.sType=o;this.sValue=n};this.getValueObj=function(n,m){if(n=="utf8"){return new l({str:m})}if(n=="prn"){return new i({str:m})}if(n=="tel"){return new h({str:m})}if(n=="ia5"){return new b({str:m})}if(n=="vis"){return new e({str:m})}if(n=="bmp"){return new k({str:m})}throw new Error("unsupported directory string type: type="+n+" value="+m)};this.getEncodedHex=function(){if(this.dsType==null){this.dsType=this._getDsType()}var n=KJUR.asn1.x509.OID.atype2obj(this.sType);var m=this.getValueObj(this.dsType,this.sValue);var p=new d({array:[n,m]});this.TLV=p.getEncodedHex();return this.TLV};if(c!==undefined){this.setByParam(c)}};YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,m=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,o=d.AlgorithmIdentifier,g=a.crypto,n=g.ECDSA,c=g.DSA;this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var p=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return p};this.getEncodedHex=function(){var p=this.getASN1Object();this.hTLV=p.getEncodedHex();return this.hTLV};this.setPubKey=function(q){try{if(q instanceof RSAKey){var u=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var s=u.getEncodedHex();this.asn1AlgId=new o({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+s})}}catch(p){}try{if(q instanceof KJUR.crypto.ECDSA){var r=new m({name:q.curveName});this.asn1AlgId=new o({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})}}catch(p){}try{if(q instanceof KJUR.crypto.DSA){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new o({name:"dsa",asn1params:r});var t=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+t.getEncodedHex()})}}catch(p){}};if(f!==undefined){this.setPubKey(f)}};YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.getEncodedHex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.getEncodedHex();return this.TLV};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};YAHOO.lang.extend(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1,c=a.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;this.getEncodedHex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw new Error("algorithm not specified")}if(this.nameAlg!==null){var f=null;for(var h in c){if(h===this.nameAlg){f=c[h]}}if(f!==null){this.hTLV=f;return this.hTLV}}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var g=[this.asn1Alg];if(this.asn1Params!==null){g.push(this.asn1Params)}var i=new a.DERSequence({array:g});this.hTLV=i.getEncodedHex();return this.hTLV};if(e!==undefined){if(e.name!==undefined){this.nameAlg=e.name}if(e.asn1params!==undefined){this.asn1Params=e.asn1params}if(e.paramempty!==undefined){this.paramEmpty=e.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){if(this.nameAlg.name!==undefined){this.nameAlg=this.nameAlg.name}var d=this.nameAlg.toLowerCase();if(d.substr(-7,7)!=="withdsa"&&d.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:"300d06092a864886f70d01010a3000",SHA256withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",SHA384withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",SHA512withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"};KJUR.asn1.x509.GeneralName=function(e){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var m=null,i=null,k={rfc822:"81",dns:"82",dn:"a4",uri:"86",ip:"87"},b=KJUR,g=b.asn1,f=g.DERSequence,j=g.DEROctetString,d=g.DERIA5String,c=g.DERTaggedObject,l=g.ASN1Object,a=g.x509.X500Name,h=pemtohex;this.explicit=false;this.setByParam=function(p){var r=null;var u=null;if(p===undefined){return}if(p.rfc822!==undefined){this.type="rfc822";u=new d({str:p[this.type]})}if(p.dns!==undefined){this.type="dns";u=new d({str:p[this.type]})}if(p.uri!==undefined){this.type="uri";u=new d({str:p[this.type]})}if(p.dn!==undefined){this.type="dn";this.explicit=true;if(typeof p.dn==="string"){u=new a({str:p.dn})}else{if(p.dn instanceof KJUR.asn1.x509.X500Name){u=p.dn}else{u=new a(p.dn)}}}if(p.ldapdn!==undefined){this.type="dn";this.explicit=true;u=new a({ldapstr:p.ldapdn})}if(p.certissuer!==undefined){this.type="dn";this.explicit=true;var o=p.certissuer;var w=null;if(o.match(/^[0-9A-Fa-f]+$/)){w==o}if(o.indexOf("-----BEGIN ")!=-1){w=h(o)}if(w==null){throw"certissuer param not cert"}var t=new X509();t.hex=w;var y=t.getIssuerHex();u=new l();u.hTLV=y}if(p.certsubj!==undefined){this.type="dn";this.explicit=true;var o=p.certsubj;var w=null;if(o.match(/^[0-9A-Fa-f]+$/)){w==o}if(o.indexOf("-----BEGIN ")!=-1){w=h(o)}if(w==null){throw"certsubj param not cert"}var t=new X509();t.hex=w;var y=t.getSubjectHex();u=new l();u.hTLV=y}if(p.ip!==undefined){this.type="ip";this.explicit=false;var q=p.ip;var s;var n="malformed IP address";if(q.match(/^[0-9.]+[.][0-9.]+$/)){s=intarystrtohex("["+q.split(".").join(",")+"]");if(s.length!==8){throw n}}else{if(q.match(/^[0-9A-Fa-f:]+:[0-9A-Fa-f:]+$/)){s=ipv6tohex(q)}else{if(q.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){s=q}else{throw n}}}u=new j({hex:s})}if(this.type==null){throw"unsupported type in params="+p}this.asn1Obj=new c({explicit:this.explicit,tag:k[this.type],obj:u})};this.getEncodedHex=function(){return this.asn1Obj.getEncodedHex()};if(e!==undefined){this.setByParam(e)}};YAHOO.lang.extend(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e0){n.push(new c({tag:"a3",obj:new j(q.ext)}))}var o=new KJUR.asn1.DERSequence({array:n});return o.getEncodedHex()};if(f!==undefined){this.setByParam(f)}};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extensions=function(d){KJUR.asn1.x509.Extensions.superclass.constructor.call(this);var c=KJUR,b=c.asn1,a=b.DERSequence,e=b.x509;this.aParam=[];this.setByParam=function(f){this.aParam=f};this.getEncodedHex=function(){var f=[];for(var h=0;h-1){i.push(new f({"int":this.pathLen}))}var h=new b({array:i});this.asn1ExtnValue=h;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(g!==undefined){if(g.cA!==undefined){this.cA=g.cA}if(g.pathLen!==undefined){this.pathLen=g.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(e){var f=[];for(var g=0;g0){f.push(new b({array:j}))}}var g=new b({array:f});return g.getEncodedHex()};if(d!==undefined){this.params=d}};YAHOO.lang.extend(KJUR.asn1.x509.PolicyInformation,KJUR.asn1.ASN1Object);KJUR.asn1.x509.PolicyQualifierInfo=function(e){KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,e);var c=KJUR.asn1,b=c.DERSequence,d=c.DERIA5String,f=c.DERObjectIdentifier,a=c.x509.UserNotice;this.params=null;this.getEncodedHex=function(){if(this.params.cps!==undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.1"}),new d({str:this.params.cps})]});return g.getEncodedHex()}if(this.params.unotice!=undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.2"}),new a(this.params.unotice)]});return g.getEncodedHex()}};if(e!==undefined){this.params=e}};YAHOO.lang.extend(KJUR.asn1.x509.PolicyQualifierInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.UserNotice=function(e){KJUR.asn1.x509.UserNotice.superclass.constructor.call(this,e);var a=KJUR.asn1.DERSequence,d=KJUR.asn1.DERInteger,c=KJUR.asn1.x509.DisplayText,b=KJUR.asn1.x509.NoticeReference;this.params=null;this.getEncodedHex=function(){var f=[];if(this.params.noticeref!==undefined){f.push(new b(this.params.noticeref))}if(this.params.exptext!==undefined){f.push(new c(this.params.exptext))}var g=new a({array:f});return g.getEncodedHex()};if(e!==undefined){this.params=e}};YAHOO.lang.extend(KJUR.asn1.x509.UserNotice,KJUR.asn1.ASN1Object);KJUR.asn1.x509.NoticeReference=function(d){KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this,d);var a=KJUR.asn1.DERSequence,c=KJUR.asn1.DERInteger,b=KJUR.asn1.x509.DisplayText;this.params=null;this.getEncodedHex=function(){var f=[];if(this.params.org!==undefined){f.push(new b(this.params.org))}if(this.params.noticenum!==undefined){var h=[];var e=this.params.noticenum;for(var j=0;j0){for(var g=0;g0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.X500Name.ldapToOneline=function(a){return KJUR.asn1.x509.X500Name.ldapToCompat(a)};KJUR.asn1.x509.RDN=function(b){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=[];this.paramArray=[];this.sRule="utf8";var a=KJUR.asn1.x509.AttributeTypeAndValue;this.setByParam=function(c){if(c.rule!==undefined){this.sRule=c.rule}if(c.str!==undefined){this.addByMultiValuedString(c.str)}if(c.array!==undefined){this.paramArray=c.array}};this.addByString=function(c){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:c,rule:this.sRule}))};this.addByMultiValuedString=function(e){var c=KJUR.asn1.x509.RDN.parseString(e);for(var d=0;d0){for(var d=0;d0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(c){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);this.sRule="utf8";this.sType=null;this.sValue=null;this.dsType=null;var a=KJUR,g=a.asn1,d=g.DERSequence,l=g.DERUTF8String,i=g.DERPrintableString,h=g.DERTeletexString,b=g.DERIA5String,e=g.DERVisibleString,k=g.DERBMPString,f=a.lang.String.isMail,j=a.lang.String.isPrintable;this.setByParam=function(o){if(o.rule!==undefined){this.sRule=o.rule}if(o.ds!==undefined){this.dsType=o.ds}if(o.value===undefined&&o.str!==undefined){var n=o.str;var m=n.match(/^([^=]+)=(.+)$/);if(m){this.sType=m[1];this.sValue=m[2]}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}}else{this.sType=o.type;this.sValue=o.value}};this.setByString=function(n,o){if(o!==undefined){this.sRule=o}var m=n.match(/^([^=]+)=(.+)$/);if(m){this.setByAttrTypeAndValueStr(m[1],m[2])}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}};this._getDsType=function(){var o=this.sType;var n=this.sValue;var m=this.sRule;if(m==="prn"){if(o=="CN"&&f(n)){return"ia5"}if(j(n)){return"prn"}return"utf8"}else{if(m==="utf8"){if(o=="CN"&&f(n)){return"ia5"}if(o=="C"){return"prn"}return"utf8"}}return"utf8"};this.setByAttrTypeAndValueStr=function(o,n,m){if(m!==undefined){this.sRule=m}this.sType=o;this.sValue=n};this.getValueObj=function(n,m){if(n=="utf8"){return new l({str:m})}if(n=="prn"){return new i({str:m})}if(n=="tel"){return new h({str:m})}if(n=="ia5"){return new b({str:m})}if(n=="vis"){return new e({str:m})}if(n=="bmp"){return new k({str:m})}throw new Error("unsupported directory string type: type="+n+" value="+m)};this.getEncodedHex=function(){if(this.dsType==null){this.dsType=this._getDsType()}var n=KJUR.asn1.x509.OID.atype2obj(this.sType);var m=this.getValueObj(this.dsType,this.sValue);var p=new d({array:[n,m]});this.TLV=p.getEncodedHex();return this.TLV};if(c!==undefined){this.setByParam(c)}};YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,m=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,o=d.AlgorithmIdentifier,g=a.crypto,n=g.ECDSA,c=g.DSA;this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var p=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return p};this.getEncodedHex=function(){var p=this.getASN1Object();this.hTLV=p.getEncodedHex();return this.hTLV};this.setPubKey=function(q){try{if(q instanceof RSAKey){var u=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var s=u.getEncodedHex();this.asn1AlgId=new o({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+s})}}catch(p){}try{if(q instanceof KJUR.crypto.ECDSA){var r=new m({name:q.curveName});this.asn1AlgId=new o({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})}}catch(p){}try{if(q instanceof KJUR.crypto.DSA){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new o({name:"dsa",asn1params:r});var t=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+t.getEncodedHex()})}}catch(p){}};if(f!==undefined){this.setPubKey(f)}};YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.getEncodedHex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.getEncodedHex();return this.TLV};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};YAHOO.lang.extend(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1,c=a.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;this.getEncodedHex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw new Error("algorithm not specified")}if(this.nameAlg!==null){var f=null;for(var h in c){if(h===this.nameAlg){f=c[h]}}if(f!==null){this.hTLV=f;return this.hTLV}}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var g=[this.asn1Alg];if(this.asn1Params!==null){g.push(this.asn1Params)}var i=new a.DERSequence({array:g});this.hTLV=i.getEncodedHex();return this.hTLV};if(e!==undefined){if(e.name!==undefined){this.nameAlg=e.name}if(e.asn1params!==undefined){this.asn1Params=e.asn1params}if(e.paramempty!==undefined){this.paramEmpty=e.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){if(this.nameAlg.name!==undefined){this.nameAlg=this.nameAlg.name}var d=this.nameAlg.toLowerCase();if(d.substr(-7,7)!=="withdsa"&&d.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:"300d06092a864886f70d01010a3000",SHA256withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",SHA384withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",SHA512withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"};KJUR.asn1.x509.GeneralName=function(e){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var m=null,i=null,k={rfc822:"81",dns:"82",dn:"a4",uri:"86",ip:"87"},b=KJUR,g=b.asn1,f=g.DERSequence,j=g.DEROctetString,d=g.DERIA5String,c=g.DERTaggedObject,l=g.ASN1Object,a=g.x509.X500Name,h=pemtohex;this.explicit=false;this.setByParam=function(p){var r=null;var u=null;if(p===undefined){return}if(p.rfc822!==undefined){this.type="rfc822";u=new d({str:p[this.type]})}if(p.dns!==undefined){this.type="dns";u=new d({str:p[this.type]})}if(p.uri!==undefined){this.type="uri";u=new d({str:p[this.type]})}if(p.dn!==undefined){this.type="dn";this.explicit=true;if(typeof p.dn==="string"){u=new a({str:p.dn})}else{if(p.dn instanceof KJUR.asn1.x509.X500Name){u=p.dn}else{u=new a(p.dn)}}}if(p.ldapdn!==undefined){this.type="dn";this.explicit=true;u=new a({ldapstr:p.ldapdn})}if(p.certissuer!==undefined){this.type="dn";this.explicit=true;var o=p.certissuer;var w=null;if(o.match(/^[0-9A-Fa-f]+$/)){w==o}if(o.indexOf("-----BEGIN ")!=-1){w=h(o)}if(w==null){throw"certissuer param not cert"}var t=new X509();t.hex=w;var y=t.getIssuerHex();u=new l();u.hTLV=y}if(p.certsubj!==undefined){this.type="dn";this.explicit=true;var o=p.certsubj;var w=null;if(o.match(/^[0-9A-Fa-f]+$/)){w==o}if(o.indexOf("-----BEGIN ")!=-1){w=h(o)}if(w==null){throw"certsubj param not cert"}var t=new X509();t.hex=w;var y=t.getSubjectHex();u=new l();u.hTLV=y}if(p.ip!==undefined){this.type="ip";this.explicit=false;var q=p.ip;var s;var n="malformed IP address";if(q.match(/^[0-9.]+[.][0-9.]+$/)){s=intarystrtohex("["+q.split(".").join(",")+"]");if(s.length!==8){throw n}}else{if(q.match(/^[0-9A-Fa-f:]+:[0-9A-Fa-f:]+$/)){s=ipv6tohex(q)}else{if(q.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){s=q}else{throw n}}}u=new j({hex:s})}if(this.type==null){throw"unsupported type in params="+p}this.asn1Obj=new c({explicit:this.explicit,tag:k[this.type],obj:u})};this.getEncodedHex=function(){return this.asn1Obj.getEncodedHex()};if(e!==undefined){this.setByParam(e)}};YAHOO.lang.extend(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;ef.length){f=c[d]}}e=e.replace(f,"::");return e.slice(1,-1)}function hextoip(b){var d="malformed hex value";if(!b.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){throw d}if(b.length==8){var c;try{c=parseInt(b.substr(0,2),16)+"."+parseInt(b.substr(2,2),16)+"."+parseInt(b.substr(4,2),16)+"."+parseInt(b.substr(6,2),16);return c}catch(a){throw d}}else{if(b.length==32){return hextoipv6(b)}else{return b}}}function iptohex(f){var j="malformed IP address";f=f.toLowerCase(f);if(f.match(/^[0-9.]+$/)){var b=f.split(".");if(b.length!==4){throw j}var g="";try{for(var e=0;e<4;e++){var h=parseInt(b[e]);g+=("0"+h.toString(16)).slice(-2)}return g}catch(c){throw j}}else{if(f.match(/^[0-9a-f:]+$/)&&f.indexOf(":")!==-1){return ipv6tohex(f)}else{throw j}}}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;bf.length){f=c[d]}}e=e.replace(f,"::");return e.slice(1,-1)}function hextoip(b){var d="malformed hex value";if(!b.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){throw d}if(b.length==8){var c;try{c=parseInt(b.substr(0,2),16)+"."+parseInt(b.substr(2,2),16)+"."+parseInt(b.substr(4,2),16)+"."+parseInt(b.substr(6,2),16);return c}catch(a){throw d}}else{if(b.length==32){return hextoipv6(b)}else{return b}}}function iptohex(f){var j="malformed IP address";f=f.toLowerCase(f);if(f.match(/^[0-9.]+$/)){var b=f.split(".");if(b.length!==4){throw j}var g="";try{for(var e=0;e<4;e++){var h=parseInt(b[e]);g+=("0"+h.toString(16)).slice(-2)}return g}catch(c){throw j}}else{if(f.match(/^[0-9a-f:]+$/)&&f.indexOf(":")!==-1){return ipv6tohex(f)}else{throw j}}}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c}; \ No newline at end of file diff --git a/min/x509-1.1.min.js b/min/x509-1.1.min.js index 7c4c5570..0836266c 100644 --- a/min/x509-1.1.min.js +++ b/min/x509-1.1.min.js @@ -1 +1 @@ -function X509(q){var j=ASN1HEX,n=j.getChildIdx,g=j.getV,b=j.getTLV,c=j.getVbyList,k=j.getVbyListEx,a=j.getTLVbyList,l=j.getTLVbyListEx,h=j.getIdxbyList,e=j.getIdxbyListEx,i=j.getVidx,p=j.oidname,m=j.hextooidstr,d=X509,r=pemtohex,f;try{f=KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV}catch(o){}this.HEX2STAG={"0c":"utf8","13":"prn","16":"ia5","1a":"vis","1e":"bmp"};this.hex=null;this.version=0;this.foffset=0;this.aExtInfo=null;this.getVersion=function(){if(this.hex===null||this.version!==0){return this.version}if(a(this.hex,0,[0,0])!=="a003020102"){this.version=1;this.foffset=-1;return 1}this.version=3;return 3};this.getSerialNumberHex=function(){return k(this.hex,0,[0,0],"02")};this.getSignatureAlgorithmField=function(){var s=l(this.hex,0,[0,1]);return this.getAlgorithmIdentifierName(s)};this.getAlgorithmIdentifierName=function(s){for(var t in f){if(s===f[t]){return t}}return p(k(s,0,[0],"06"))};this.getIssuer=function(){var s={};s.array=this.getX500Name(this.getIssuerHex());s.str=this.getIssuerString();return s};this.getIssuerHex=function(){return a(this.hex,0,[0,3+this.foffset],"30")};this.getIssuerString=function(){return d.hex2dn(this.getIssuerHex())};this.getSubject=function(){var s={};s.array=this.getX500Name(this.getSubjectHex());s.str=this.getSubjectString();return s};this.getSubjectHex=function(){return a(this.hex,0,[0,5+this.foffset],"30")};this.getSubjectString=function(){return d.hex2dn(this.getSubjectHex())};this.getNotBefore=function(){var t=c(this.hex,0,[0,4+this.foffset,0]);t=t.replace(/(..)/g,"%$1");t=decodeURIComponent(t);return t};this.getNotAfter=function(){var t=c(this.hex,0,[0,4+this.foffset,1]);t=t.replace(/(..)/g,"%$1");t=decodeURIComponent(t);return t};this.getPublicKeyHex=function(){return j.getTLVbyList(this.hex,0,[0,6+this.foffset],"30")};this.getPublicKeyIdx=function(){return h(this.hex,0,[0,6+this.foffset],"30")};this.getPublicKeyContentIdx=function(){var s=this.getPublicKeyIdx();return h(this.hex,s,[1,0],"30")};this.getPublicKey=function(){return KEYUTIL.getKey(this.getPublicKeyHex(),null,"pkcs8pub")};this.getSignatureAlgorithmName=function(){var s=a(this.hex,0,[1],"30");return this.getAlgorithmIdentifierName(s)};this.getSignatureValueHex=function(){return c(this.hex,0,[2],"03",true)};this.verifySignature=function(u){var v=this.getSignatureAlgorithmField();var s=this.getSignatureValueHex();var t=a(this.hex,0,[0],"30");var w=new KJUR.crypto.Signature({alg:v});w.init(u);w.updateHex(t);return w.verify(s)};this.parseExt=function(B){var u,s,w;if(B===undefined){w=this.hex;if(this.version!==3){return -1}u=h(w,0,[0,7,0],"30");s=n(w,u)}else{w=pemtohex(B);var x=h(w,0,[0,3,0,0],"06");if(g(w,x)!="2a864886f70d01090e"){this.aExtInfo=new Array();return}u=h(w,0,[0,3,0,1,0],"30");s=n(w,u);this.hex=w}this.aExtInfo=new Array();for(var v=0;v1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw"ASN.1 length too long to represent by 8x: n = "+j.toString(16)}var g=128+h;return g.toString(16)+i}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;e0){n.push(new c({tag:"a3",obj:new j(q.ext)}))}var o=new KJUR.asn1.DERSequence({array:n});return o.getEncodedHex()};if(f!==undefined){this.setByParam(f)}};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extensions=function(d){KJUR.asn1.x509.Extensions.superclass.constructor.call(this);var c=KJUR,b=c.asn1,a=b.DERSequence,e=b.x509;this.aParam=[];this.setByParam=function(f){this.aParam=f};this.getEncodedHex=function(){var f=[];for(var h=0;h-1){i.push(new f({"int":this.pathLen}))}var h=new b({array:i});this.asn1ExtnValue=h;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(g!==undefined){if(g.cA!==undefined){this.cA=g.cA}if(g.pathLen!==undefined){this.pathLen=g.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(e){var f=[];for(var g=0;g0){f.push(new b({array:j}))}}var g=new b({array:f});return g.getEncodedHex()};if(d!==undefined){this.params=d}};YAHOO.lang.extend(KJUR.asn1.x509.PolicyInformation,KJUR.asn1.ASN1Object);KJUR.asn1.x509.PolicyQualifierInfo=function(e){KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,e);var c=KJUR.asn1,b=c.DERSequence,d=c.DERIA5String,f=c.DERObjectIdentifier,a=c.x509.UserNotice;this.params=null;this.getEncodedHex=function(){if(this.params.cps!==undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.1"}),new d({str:this.params.cps})]});return g.getEncodedHex()}if(this.params.unotice!=undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.2"}),new a(this.params.unotice)]});return g.getEncodedHex()}};if(e!==undefined){this.params=e}};YAHOO.lang.extend(KJUR.asn1.x509.PolicyQualifierInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.UserNotice=function(e){KJUR.asn1.x509.UserNotice.superclass.constructor.call(this,e);var a=KJUR.asn1.DERSequence,d=KJUR.asn1.DERInteger,c=KJUR.asn1.x509.DisplayText,b=KJUR.asn1.x509.NoticeReference;this.params=null;this.getEncodedHex=function(){var f=[];if(this.params.noticeref!==undefined){f.push(new b(this.params.noticeref))}if(this.params.exptext!==undefined){f.push(new c(this.params.exptext))}var g=new a({array:f});return g.getEncodedHex()};if(e!==undefined){this.params=e}};YAHOO.lang.extend(KJUR.asn1.x509.UserNotice,KJUR.asn1.ASN1Object);KJUR.asn1.x509.NoticeReference=function(d){KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this,d);var a=KJUR.asn1.DERSequence,c=KJUR.asn1.DERInteger,b=KJUR.asn1.x509.DisplayText;this.params=null;this.getEncodedHex=function(){var f=[];if(this.params.org!==undefined){f.push(new b(this.params.org))}if(this.params.noticenum!==undefined){var h=[];var e=this.params.noticenum;for(var j=0;j0){for(var g=0;g0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.X500Name.ldapToOneline=function(a){return KJUR.asn1.x509.X500Name.ldapToCompat(a)};KJUR.asn1.x509.RDN=function(b){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=[];this.paramArray=[];this.sRule="utf8";var a=KJUR.asn1.x509.AttributeTypeAndValue;this.setByParam=function(c){if(c.rule!==undefined){this.sRule=c.rule}if(c.str!==undefined){this.addByMultiValuedString(c.str)}if(c.array!==undefined){this.paramArray=c.array}};this.addByString=function(c){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:c,rule:this.sRule}))};this.addByMultiValuedString=function(e){var c=KJUR.asn1.x509.RDN.parseString(e);for(var d=0;d0){for(var d=0;d0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(c){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);this.sRule="utf8";this.sType=null;this.sValue=null;this.dsType=null;var a=KJUR,g=a.asn1,d=g.DERSequence,l=g.DERUTF8String,i=g.DERPrintableString,h=g.DERTeletexString,b=g.DERIA5String,e=g.DERVisibleString,k=g.DERBMPString,f=a.lang.String.isMail,j=a.lang.String.isPrintable;this.setByParam=function(o){if(o.rule!==undefined){this.sRule=o.rule}if(o.ds!==undefined){this.dsType=o.ds}if(o.value===undefined&&o.str!==undefined){var n=o.str;var m=n.match(/^([^=]+)=(.+)$/);if(m){this.sType=m[1];this.sValue=m[2]}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}}else{this.sType=o.type;this.sValue=o.value}};this.setByString=function(n,o){if(o!==undefined){this.sRule=o}var m=n.match(/^([^=]+)=(.+)$/);if(m){this.setByAttrTypeAndValueStr(m[1],m[2])}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}};this._getDsType=function(){var o=this.sType;var n=this.sValue;var m=this.sRule;if(m==="prn"){if(o=="CN"&&f(n)){return"ia5"}if(j(n)){return"prn"}return"utf8"}else{if(m==="utf8"){if(o=="CN"&&f(n)){return"ia5"}if(o=="C"){return"prn"}return"utf8"}}return"utf8"};this.setByAttrTypeAndValueStr=function(o,n,m){if(m!==undefined){this.sRule=m}this.sType=o;this.sValue=n};this.getValueObj=function(n,m){if(n=="utf8"){return new l({str:m})}if(n=="prn"){return new i({str:m})}if(n=="tel"){return new h({str:m})}if(n=="ia5"){return new b({str:m})}if(n=="vis"){return new e({str:m})}if(n=="bmp"){return new k({str:m})}throw new Error("unsupported directory string type: type="+n+" value="+m)};this.getEncodedHex=function(){if(this.dsType==null){this.dsType=this._getDsType()}var n=KJUR.asn1.x509.OID.atype2obj(this.sType);var m=this.getValueObj(this.dsType,this.sValue);var p=new d({array:[n,m]});this.TLV=p.getEncodedHex();return this.TLV};if(c!==undefined){this.setByParam(c)}};YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,m=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,o=d.AlgorithmIdentifier,g=a.crypto,n=g.ECDSA,c=g.DSA;this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var p=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return p};this.getEncodedHex=function(){var p=this.getASN1Object();this.hTLV=p.getEncodedHex();return this.hTLV};this.setPubKey=function(q){try{if(q instanceof RSAKey){var u=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var s=u.getEncodedHex();this.asn1AlgId=new o({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+s})}}catch(p){}try{if(q instanceof KJUR.crypto.ECDSA){var r=new m({name:q.curveName});this.asn1AlgId=new o({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})}}catch(p){}try{if(q instanceof KJUR.crypto.DSA){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new o({name:"dsa",asn1params:r});var t=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+t.getEncodedHex()})}}catch(p){}};if(f!==undefined){this.setPubKey(f)}};YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.getEncodedHex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.getEncodedHex();return this.TLV};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};YAHOO.lang.extend(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1,c=a.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;this.getEncodedHex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw new Error("algorithm not specified")}if(this.nameAlg!==null){var f=null;for(var h in c){if(h===this.nameAlg){f=c[h]}}if(f!==null){this.hTLV=f;return this.hTLV}}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var g=[this.asn1Alg];if(this.asn1Params!==null){g.push(this.asn1Params)}var i=new a.DERSequence({array:g});this.hTLV=i.getEncodedHex();return this.hTLV};if(e!==undefined){if(e.name!==undefined){this.nameAlg=e.name}if(e.asn1params!==undefined){this.asn1Params=e.asn1params}if(e.paramempty!==undefined){this.paramEmpty=e.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){if(this.nameAlg.name!==undefined){this.nameAlg=this.nameAlg.name}var d=this.nameAlg.toLowerCase();if(d.substr(-7,7)!=="withdsa"&&d.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:"300d06092a864886f70d01010a3000",SHA256withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",SHA384withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",SHA512withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"};KJUR.asn1.x509.GeneralName=function(e){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var m=null,i=null,k={rfc822:"81",dns:"82",dn:"a4",uri:"86",ip:"87"},b=KJUR,g=b.asn1,f=g.DERSequence,j=g.DEROctetString,d=g.DERIA5String,c=g.DERTaggedObject,l=g.ASN1Object,a=g.x509.X500Name,h=pemtohex;this.explicit=false;this.setByParam=function(p){var r=null;var u=null;if(p===undefined){return}if(p.rfc822!==undefined){this.type="rfc822";u=new d({str:p[this.type]})}if(p.dns!==undefined){this.type="dns";u=new d({str:p[this.type]})}if(p.uri!==undefined){this.type="uri";u=new d({str:p[this.type]})}if(p.dn!==undefined){this.type="dn";this.explicit=true;if(typeof p.dn==="string"){u=new a({str:p.dn})}else{if(p.dn instanceof KJUR.asn1.x509.X500Name){u=p.dn}else{u=new a(p.dn)}}}if(p.ldapdn!==undefined){this.type="dn";this.explicit=true;u=new a({ldapstr:p.ldapdn})}if(p.certissuer!==undefined){this.type="dn";this.explicit=true;var o=p.certissuer;var w=null;if(o.match(/^[0-9A-Fa-f]+$/)){w==o}if(o.indexOf("-----BEGIN ")!=-1){w=h(o)}if(w==null){throw"certissuer param not cert"}var t=new X509();t.hex=w;var y=t.getIssuerHex();u=new l();u.hTLV=y}if(p.certsubj!==undefined){this.type="dn";this.explicit=true;var o=p.certsubj;var w=null;if(o.match(/^[0-9A-Fa-f]+$/)){w==o}if(o.indexOf("-----BEGIN ")!=-1){w=h(o)}if(w==null){throw"certsubj param not cert"}var t=new X509();t.hex=w;var y=t.getSubjectHex();u=new l();u.hTLV=y}if(p.ip!==undefined){this.type="ip";this.explicit=false;var q=p.ip;var s;var n="malformed IP address";if(q.match(/^[0-9.]+[.][0-9.]+$/)){s=intarystrtohex("["+q.split(".").join(",")+"]");if(s.length!==8){throw n}}else{if(q.match(/^[0-9A-Fa-f:]+:[0-9A-Fa-f:]+$/)){s=ipv6tohex(q)}else{if(q.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){s=q}else{throw n}}}u=new j({hex:s})}if(this.type==null){throw"unsupported type in params="+p}this.asn1Obj=new c({explicit:this.explicit,tag:k[this.type],obj:u})};this.getEncodedHex=function(){return this.asn1Obj.getEncodedHex()};if(e!==undefined){this.setByParam(e)}};YAHOO.lang.extend(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e15){throw"ASN.1 length too long to represent by 8x: n = "+j.toString(16)}var g=128+h;return g.toString(16)+i}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.getInt=function(d,b,e){if(e==undefined){e=-1}try{if(d.substr(b,2)!="02"){return e}var a=ASN1HEX.getV(d,b);return parseInt(a,16)}catch(c){return e}};ASN1HEX.getOID=function(c,a,d){if(d==undefined){d=null}try{if(c.substr(a,2)!="06"){return d}var e=ASN1HEX.getV(c,a);return hextooid(e)}catch(b){return d}};ASN1HEX.getOIDName=function(d,a,f){if(f==undefined){f=null}try{var e=ASN1HEX.getOID(d,a,f);if(e==f){return f}var b=KJUR.asn1.x509.OID.oid2name(e);if(b==""){return e}return b}catch(c){return f}};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;e0){n.push(new c({tag:"a3",obj:new j(q.ext)}))}var o=new KJUR.asn1.DERSequence({array:n});return o.getEncodedHex()};if(f!==undefined){this.setByParam(f)}};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extensions=function(d){KJUR.asn1.x509.Extensions.superclass.constructor.call(this);var c=KJUR,b=c.asn1,a=b.DERSequence,e=b.x509;this.aParam=[];this.setByParam=function(f){this.aParam=f};this.getEncodedHex=function(){var f=[];for(var h=0;h-1){i.push(new f({"int":this.pathLen}))}var h=new b({array:i});this.asn1ExtnValue=h;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(g!==undefined){if(g.cA!==undefined){this.cA=g.cA}if(g.pathLen!==undefined){this.pathLen=g.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(e){var f=[];for(var g=0;g0){f.push(new b({array:j}))}}var g=new b({array:f});return g.getEncodedHex()};if(d!==undefined){this.params=d}};YAHOO.lang.extend(KJUR.asn1.x509.PolicyInformation,KJUR.asn1.ASN1Object);KJUR.asn1.x509.PolicyQualifierInfo=function(e){KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,e);var c=KJUR.asn1,b=c.DERSequence,d=c.DERIA5String,f=c.DERObjectIdentifier,a=c.x509.UserNotice;this.params=null;this.getEncodedHex=function(){if(this.params.cps!==undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.1"}),new d({str:this.params.cps})]});return g.getEncodedHex()}if(this.params.unotice!=undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.2"}),new a(this.params.unotice)]});return g.getEncodedHex()}};if(e!==undefined){this.params=e}};YAHOO.lang.extend(KJUR.asn1.x509.PolicyQualifierInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.UserNotice=function(e){KJUR.asn1.x509.UserNotice.superclass.constructor.call(this,e);var a=KJUR.asn1.DERSequence,d=KJUR.asn1.DERInteger,c=KJUR.asn1.x509.DisplayText,b=KJUR.asn1.x509.NoticeReference;this.params=null;this.getEncodedHex=function(){var f=[];if(this.params.noticeref!==undefined){f.push(new b(this.params.noticeref))}if(this.params.exptext!==undefined){f.push(new c(this.params.exptext))}var g=new a({array:f});return g.getEncodedHex()};if(e!==undefined){this.params=e}};YAHOO.lang.extend(KJUR.asn1.x509.UserNotice,KJUR.asn1.ASN1Object);KJUR.asn1.x509.NoticeReference=function(d){KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this,d);var a=KJUR.asn1.DERSequence,c=KJUR.asn1.DERInteger,b=KJUR.asn1.x509.DisplayText;this.params=null;this.getEncodedHex=function(){var f=[];if(this.params.org!==undefined){f.push(new b(this.params.org))}if(this.params.noticenum!==undefined){var h=[];var e=this.params.noticenum;for(var j=0;j0){for(var g=0;g0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.X500Name.ldapToOneline=function(a){return KJUR.asn1.x509.X500Name.ldapToCompat(a)};KJUR.asn1.x509.RDN=function(b){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=[];this.paramArray=[];this.sRule="utf8";var a=KJUR.asn1.x509.AttributeTypeAndValue;this.setByParam=function(c){if(c.rule!==undefined){this.sRule=c.rule}if(c.str!==undefined){this.addByMultiValuedString(c.str)}if(c.array!==undefined){this.paramArray=c.array}};this.addByString=function(c){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:c,rule:this.sRule}))};this.addByMultiValuedString=function(e){var c=KJUR.asn1.x509.RDN.parseString(e);for(var d=0;d0){for(var d=0;d0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(c){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);this.sRule="utf8";this.sType=null;this.sValue=null;this.dsType=null;var a=KJUR,g=a.asn1,d=g.DERSequence,l=g.DERUTF8String,i=g.DERPrintableString,h=g.DERTeletexString,b=g.DERIA5String,e=g.DERVisibleString,k=g.DERBMPString,f=a.lang.String.isMail,j=a.lang.String.isPrintable;this.setByParam=function(o){if(o.rule!==undefined){this.sRule=o.rule}if(o.ds!==undefined){this.dsType=o.ds}if(o.value===undefined&&o.str!==undefined){var n=o.str;var m=n.match(/^([^=]+)=(.+)$/);if(m){this.sType=m[1];this.sValue=m[2]}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}}else{this.sType=o.type;this.sValue=o.value}};this.setByString=function(n,o){if(o!==undefined){this.sRule=o}var m=n.match(/^([^=]+)=(.+)$/);if(m){this.setByAttrTypeAndValueStr(m[1],m[2])}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}};this._getDsType=function(){var o=this.sType;var n=this.sValue;var m=this.sRule;if(m==="prn"){if(o=="CN"&&f(n)){return"ia5"}if(j(n)){return"prn"}return"utf8"}else{if(m==="utf8"){if(o=="CN"&&f(n)){return"ia5"}if(o=="C"){return"prn"}return"utf8"}}return"utf8"};this.setByAttrTypeAndValueStr=function(o,n,m){if(m!==undefined){this.sRule=m}this.sType=o;this.sValue=n};this.getValueObj=function(n,m){if(n=="utf8"){return new l({str:m})}if(n=="prn"){return new i({str:m})}if(n=="tel"){return new h({str:m})}if(n=="ia5"){return new b({str:m})}if(n=="vis"){return new e({str:m})}if(n=="bmp"){return new k({str:m})}throw new Error("unsupported directory string type: type="+n+" value="+m)};this.getEncodedHex=function(){if(this.dsType==null){this.dsType=this._getDsType()}var n=KJUR.asn1.x509.OID.atype2obj(this.sType);var m=this.getValueObj(this.dsType,this.sValue);var p=new d({array:[n,m]});this.TLV=p.getEncodedHex();return this.TLV};if(c!==undefined){this.setByParam(c)}};YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,m=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,o=d.AlgorithmIdentifier,g=a.crypto,n=g.ECDSA,c=g.DSA;this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var p=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return p};this.getEncodedHex=function(){var p=this.getASN1Object();this.hTLV=p.getEncodedHex();return this.hTLV};this.setPubKey=function(q){try{if(q instanceof RSAKey){var u=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var s=u.getEncodedHex();this.asn1AlgId=new o({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+s})}}catch(p){}try{if(q instanceof KJUR.crypto.ECDSA){var r=new m({name:q.curveName});this.asn1AlgId=new o({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})}}catch(p){}try{if(q instanceof KJUR.crypto.DSA){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new o({name:"dsa",asn1params:r});var t=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+t.getEncodedHex()})}}catch(p){}};if(f!==undefined){this.setPubKey(f)}};YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.getEncodedHex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.getEncodedHex();return this.TLV};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};YAHOO.lang.extend(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1,c=a.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;this.getEncodedHex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw new Error("algorithm not specified")}if(this.nameAlg!==null){var f=null;for(var h in c){if(h===this.nameAlg){f=c[h]}}if(f!==null){this.hTLV=f;return this.hTLV}}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var g=[this.asn1Alg];if(this.asn1Params!==null){g.push(this.asn1Params)}var i=new a.DERSequence({array:g});this.hTLV=i.getEncodedHex();return this.hTLV};if(e!==undefined){if(e.name!==undefined){this.nameAlg=e.name}if(e.asn1params!==undefined){this.asn1Params=e.asn1params}if(e.paramempty!==undefined){this.paramEmpty=e.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){if(this.nameAlg.name!==undefined){this.nameAlg=this.nameAlg.name}var d=this.nameAlg.toLowerCase();if(d.substr(-7,7)!=="withdsa"&&d.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:"300d06092a864886f70d01010a3000",SHA256withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",SHA384withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",SHA512withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"};KJUR.asn1.x509.GeneralName=function(e){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var m=null,i=null,k={rfc822:"81",dns:"82",dn:"a4",uri:"86",ip:"87"},b=KJUR,g=b.asn1,f=g.DERSequence,j=g.DEROctetString,d=g.DERIA5String,c=g.DERTaggedObject,l=g.ASN1Object,a=g.x509.X500Name,h=pemtohex;this.explicit=false;this.setByParam=function(p){var r=null;var u=null;if(p===undefined){return}if(p.rfc822!==undefined){this.type="rfc822";u=new d({str:p[this.type]})}if(p.dns!==undefined){this.type="dns";u=new d({str:p[this.type]})}if(p.uri!==undefined){this.type="uri";u=new d({str:p[this.type]})}if(p.dn!==undefined){this.type="dn";this.explicit=true;if(typeof p.dn==="string"){u=new a({str:p.dn})}else{if(p.dn instanceof KJUR.asn1.x509.X500Name){u=p.dn}else{u=new a(p.dn)}}}if(p.ldapdn!==undefined){this.type="dn";this.explicit=true;u=new a({ldapstr:p.ldapdn})}if(p.certissuer!==undefined){this.type="dn";this.explicit=true;var o=p.certissuer;var w=null;if(o.match(/^[0-9A-Fa-f]+$/)){w==o}if(o.indexOf("-----BEGIN ")!=-1){w=h(o)}if(w==null){throw"certissuer param not cert"}var t=new X509();t.hex=w;var y=t.getIssuerHex();u=new l();u.hTLV=y}if(p.certsubj!==undefined){this.type="dn";this.explicit=true;var o=p.certsubj;var w=null;if(o.match(/^[0-9A-Fa-f]+$/)){w==o}if(o.indexOf("-----BEGIN ")!=-1){w=h(o)}if(w==null){throw"certsubj param not cert"}var t=new X509();t.hex=w;var y=t.getSubjectHex();u=new l();u.hTLV=y}if(p.ip!==undefined){this.type="ip";this.explicit=false;var q=p.ip;var s;var n="malformed IP address";if(q.match(/^[0-9.]+[.][0-9.]+$/)){s=intarystrtohex("["+q.split(".").join(",")+"]");if(s.length!==8){throw n}}else{if(q.match(/^[0-9A-Fa-f:]+:[0-9A-Fa-f:]+$/)){s=ipv6tohex(q)}else{if(q.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){s=q}else{throw n}}}u=new j({hex:s})}if(this.type==null){throw"unsupported type in params="+p}this.asn1Obj=new c({explicit:this.explicit,tag:k[this.type],obj:u})};this.getEncodedHex=function(){return this.asn1Obj.getEncodedHex()};if(e!==undefined){this.setByParam(e)}};YAHOO.lang.extend(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e0){var l=b(m.valhex,p[0]);var o=j(l,0);var s=[];for(var n=0;n1){var q=b(m.valhex,p[1]);m.polhex=q}delete m.valhex};this.getESSCertID=function(n){var o={};var m=j(n,0);if(m.length>0){var p=i(n,m[0]);o.hash=p}if(m.length>1){var l=b(n,m[1]);var q=this.getIssuerSerial(l);if(q.serial!=undefined){o.serial=q.serial}if(q.issuer!=undefined){o.issuer=q.issuer}}return o};this.getIssuerSerial=function(p){var q={};var m=j(p,0);var l=b(p,m[0]);var o=h.getGeneralNames(l);var n=o[0].dn;q.issuer=n;var r=i(p,m[1]);q.serial={hex:r};return q};this.getCertificateSet=function(o){var m=j(o,0);var l=[];for(var n=0;n1){var n=this.getPKIStatusInfo(b(m,k[0]));var l=b(m,k[1]);var o=this.getToken(l);o.statusinfo=n;return o}}};this.getToken=function(l){var k=new KJUR.asn1.cms.CMSParser;var m=k.getCMSSignedData(l);this.setTSTInfo(m);return m};this.setTSTInfo=function(k){var n=k.econtent;if(n.type=="tstinfo"){var m=n.content.hex;var l=this.getTSTInfo(m);n.content=l}};this.getTSTInfo=function(q){var w={};var r=h(q,0);var o=g(q,r[1]);w.policy=hextooid(o);var n=b(q,r[2]);w.messageImprint=this.getMessageImprint(n);var t=g(q,r[3]);w.serial={hex:t};var x=g(q,r[4]);w.genTime={str:hextoutf8(x)};var p=0;if(r.length>5&&q.substr(r[5],2)=="30"){var u=b(q,r[5]);w.accuracy=this.getAccuracy(u);p++}if(r.length>5+p&&q.substr(r[5+p],2)=="01"){var y=g(q,r[5+p]);if(y=="ff"){w.ordering=true}p++}if(r.length>5+p&&q.substr(r[5+p],2)=="02"){var m=g(q,r[5+p]);w.nonce={hex:m};p++}if(r.length>5+p&&q.substr(r[5+p],2)=="a0"){var l=b(q,r[5+p]);l="30"+l.substr(2);pGeneralNames=f.getGeneralNames(l);var s=pGeneralNames[0].dn;w.tsa=s;p++}if(r.length>5+p&&q.substr(r[5+p],2)=="a1"){var k=b(q,r[5+p]);k="30"+k.substr(2);var v=f.getExtParamArray(k);w.ext=v;p++}return w};this.getAccuracy=function(p){var q={};var n=h(p,0);for(var o=0;of.length){f=c[d]}}e=e.replace(f,"::");return e.slice(1,-1)}function hextoip(b){var d="malformed hex value";if(!b.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){throw d}if(b.length==8){var c;try{c=parseInt(b.substr(0,2),16)+"."+parseInt(b.substr(2,2),16)+"."+parseInt(b.substr(4,2),16)+"."+parseInt(b.substr(6,2),16);return c}catch(a){throw d}}else{if(b.length==32){return hextoipv6(b)}else{return b}}}function iptohex(f){var j="malformed IP address";f=f.toLowerCase(f);if(f.match(/^[0-9.]+$/)){var b=f.split(".");if(b.length!==4){throw j}var g="";try{for(var e=0;e<4;e++){var h=parseInt(b[e]);g+=("0"+h.toString(16)).slice(-2)}return g}catch(c){throw j}}else{if(f.match(/^[0-9a-f:]+$/)&&f.indexOf(":")!==-1){return ipv6tohex(f)}else{throw j}}}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;bf.length){f=c[d]}}e=e.replace(f,"::");return e.slice(1,-1)}function hextoip(b){var d="malformed hex value";if(!b.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){throw d}if(b.length==8){var c;try{c=parseInt(b.substr(0,2),16)+"."+parseInt(b.substr(2,2),16)+"."+parseInt(b.substr(4,2),16)+"."+parseInt(b.substr(6,2),16);return c}catch(a){throw d}}else{if(b.length==32){return hextoipv6(b)}else{return b}}}function iptohex(f){var j="malformed IP address";f=f.toLowerCase(f);if(f.match(/^[0-9.]+$/)){var b=f.split(".");if(b.length!==4){throw j}var g="";try{for(var e=0;e<4;e++){var h=parseInt(b[e]);g+=("0"+h.toString(16)).slice(-2)}return g}catch(c){throw j}}else{if(f.match(/^[0-9a-f:]+$/)&&f.indexOf(":")!==-1){return ipv6tohex(f)}else{throw j}}}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.Util=new function(){this.DIGESTINFOHEAD={sha1:"3021300906052b0e03021a05000414",sha224:"302d300d06096086480165030402040500041c",sha256:"3031300d060960864801650304020105000420",sha384:"3041300d060960864801650304020205000430",sha512:"3051300d060960864801650304020305000440",md2:"3020300c06082a864886f70d020205000410",md5:"3020300c06082a864886f70d020505000410",ripemd160:"3021300906052b2403020105000414",};this.DEFAULTPROVIDER={md5:"cryptojs",sha1:"cryptojs",sha224:"cryptojs",sha256:"cryptojs",sha384:"cryptojs",sha512:"cryptojs",ripemd160:"cryptojs",hmacmd5:"cryptojs",hmacsha1:"cryptojs",hmacsha224:"cryptojs",hmacsha256:"cryptojs",hmacsha384:"cryptojs",hmacsha512:"cryptojs",hmacripemd160:"cryptojs",MD5withRSA:"cryptojs/jsrsa",SHA1withRSA:"cryptojs/jsrsa",SHA224withRSA:"cryptojs/jsrsa",SHA256withRSA:"cryptojs/jsrsa",SHA384withRSA:"cryptojs/jsrsa",SHA512withRSA:"cryptojs/jsrsa",RIPEMD160withRSA:"cryptojs/jsrsa",MD5withECDSA:"cryptojs/jsrsa",SHA1withECDSA:"cryptojs/jsrsa",SHA224withECDSA:"cryptojs/jsrsa",SHA256withECDSA:"cryptojs/jsrsa",SHA384withECDSA:"cryptojs/jsrsa",SHA512withECDSA:"cryptojs/jsrsa",RIPEMD160withECDSA:"cryptojs/jsrsa",SHA1withDSA:"cryptojs/jsrsa",SHA224withDSA:"cryptojs/jsrsa",SHA256withDSA:"cryptojs/jsrsa",MD5withRSAandMGF1:"cryptojs/jsrsa",SHAwithRSAandMGF1:"cryptojs/jsrsa",SHA1withRSAandMGF1:"cryptojs/jsrsa",SHA224withRSAandMGF1:"cryptojs/jsrsa",SHA256withRSAandMGF1:"cryptojs/jsrsa",SHA384withRSAandMGF1:"cryptojs/jsrsa",SHA512withRSAandMGF1:"cryptojs/jsrsa",RIPEMD160withRSAandMGF1:"cryptojs/jsrsa",};this.CRYPTOJSMESSAGEDIGESTNAME={md5:CryptoJS.algo.MD5,sha1:CryptoJS.algo.SHA1,sha224:CryptoJS.algo.SHA224,sha256:CryptoJS.algo.SHA256,sha384:CryptoJS.algo.SHA384,sha512:CryptoJS.algo.SHA512,ripemd160:CryptoJS.algo.RIPEMD160};this.getDigestInfoHex=function(a,b){if(typeof this.DIGESTINFOHEAD[b]=="undefined"){throw"alg not supported in Util.DIGESTINFOHEAD: "+b}return this.DIGESTINFOHEAD[b]+a};this.getPaddedDigestInfoHex=function(h,a,j){var c=this.getDigestInfoHex(h,a);var d=j/4;if(c.length+22>d){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f=0;--u){v=v.twice2D();v.z=f.ONE;if(t.testBit(u)){if(s.testBit(u)){v=v.add2D(y)}else{v=v.add2D(x)}}else{if(s.testBit(u)){v=v.add2D(w)}}}return v}this.getBigRandom=function(r){return new f(r.bitLength(),a).mod(r.subtract(f.ONE)).add(f.ONE)};this.setNamedCurve=function(r){this.ecparams=c.getByName(r);this.prvKeyHex=null;this.pubKeyHex=null;this.curveName=r};this.setPrivateKeyHex=function(r){this.isPrivate=true;this.prvKeyHex=r};this.setPublicKeyHex=function(r){this.isPublic=true;this.pubKeyHex=r};this.getPublicKeyXYHex=function(){var t=this.pubKeyHex;if(t.substr(0,2)!=="04"){throw"this method supports uncompressed format(04) only"}var s=this.ecparams.keylen/4;if(t.length!==2+s*2){throw"malformed public key hex length"}var r={};r.x=t.substr(2,s);r.y=t.substr(2+s);return r};this.getShortNISTPCurveName=function(){var r=this.curveName;if(r==="secp256r1"||r==="NIST P-256"||r==="P-256"||r==="prime256v1"){return"P-256"}if(r==="secp384r1"||r==="NIST P-384"||r==="P-384"){return"P-384"}return null};this.generateKeyPairHex=function(){var t=this.ecparams.n;var w=this.getBigRandom(t);var u=this.ecparams.G.multiply(w);var z=u.getX().toBigInteger();var x=u.getY().toBigInteger();var r=this.ecparams.keylen/4;var v=("0000000000"+w.toString(16)).slice(-r);var A=("0000000000"+z.toString(16)).slice(-r);var y=("0000000000"+x.toString(16)).slice(-r);var s="04"+A+y;this.setPrivateKeyHex(v);this.setPublicKeyHex(s);return{ecprvhex:v,ecpubhex:s}};this.signWithMessageHash=function(r){return this.signHex(r,this.prvKeyHex)};this.signHex=function(x,u){var A=new f(u,16);var v=this.ecparams.n;var z=new f(x.substring(0,this.ecparams.keylen/4),16);do{var w=this.getBigRandom(v);var B=this.ecparams.G;var y=B.multiply(w);var t=y.getX().toBigInteger().mod(v)}while(t.compareTo(f.ZERO)<=0);var C=w.modInverse(v).multiply(z.add(A.multiply(t))).mod(v);return m.biRSSigToASN1Sig(t,C)};this.sign=function(w,B){var z=B;var u=this.ecparams.n;var y=f.fromByteArrayUnsigned(w);do{var v=this.getBigRandom(u);var A=this.ecparams.G;var x=A.multiply(v);var t=x.getX().toBigInteger().mod(u)}while(t.compareTo(BigInteger.ZERO)<=0);var C=v.modInverse(u).multiply(y.add(z.multiply(t))).mod(u);return this.serializeSig(t,C)};this.verifyWithMessageHash=function(s,r){return this.verifyHex(s,r,this.pubKeyHex)};this.verifyHex=function(v,y,u){try{var t,B;var w=m.parseSigHex(y);t=w.r;B=w.s;var x=h.decodeFromHex(this.ecparams.curve,u);var z=new f(v.substring(0,this.ecparams.keylen/4),16);return this.verifyRaw(z,t,B,x)}catch(A){return false}};this.verify=function(z,A,u){var w,t;if(Bitcoin.Util.isArray(A)){var y=this.parseSig(A);w=y.r;t=y.s}else{if("object"===typeof A&&A.r&&A.s){w=A.r;t=A.s}else{throw"Invalid value for signature"}}var v;if(u instanceof ECPointFp){v=u}else{if(Bitcoin.Util.isArray(u)){v=h.decodeFrom(this.ecparams.curve,u)}else{throw"Invalid format for pubkey value, must be byte array or ECPointFp"}}var x=f.fromByteArrayUnsigned(z);return this.verifyRaw(x,w,t,v)};this.verifyRaw=function(z,t,E,y){var x=this.ecparams.n;var D=this.ecparams.G;if(t.compareTo(f.ONE)<0||t.compareTo(x)>=0){return false}if(E.compareTo(f.ONE)<0||E.compareTo(x)>=0){return false}var A=E.modInverse(x);var w=z.multiply(A).mod(x);var u=t.multiply(A).mod(x);var B=D.multiply(w).add(y.multiply(u));var C=B.getX().toBigInteger().mod(x);return C.equals(t)};this.serializeSig=function(v,u){var w=v.toByteArraySigned();var t=u.toByteArraySigned();var x=[];x.push(2);x.push(w.length);x=x.concat(w);x.push(2);x.push(t.length);x=x.concat(t);x.unshift(x.length);x.unshift(48);return x};this.parseSig=function(y){var x;if(y[0]!=48){throw new Error("Signature not a valid DERSequence")}x=2;if(y[x]!=2){throw new Error("First element in signature must be a DERInteger")}var w=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];if(y[x]!=2){throw new Error("Second element in signature must be a DERInteger")}var t=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];var v=f.fromByteArrayUnsigned(w);var u=f.fromByteArrayUnsigned(t);return{r:v,s:u}};this.parseSigCompact=function(w){if(w.length!==65){throw"Signature has the wrong length"}var t=w[0]-27;if(t<0||t>7){throw"Invalid signature type"}var x=this.ecparams.n;var v=f.fromByteArrayUnsigned(w.slice(1,33)).mod(x);var u=f.fromByteArrayUnsigned(w.slice(33,65)).mod(x);return{r:v,s:u,i:t}};this.readPKCS5PrvKeyHex=function(u){if(k(u)===false){throw new Error("not ASN.1 hex string")}var r,t,v;try{r=n(u,0,["[0]",0],"06");t=n(u,0,[1],"04");try{v=n(u,0,["[1]",0],"03")}catch(s){}}catch(s){throw new Error("malformed PKCS#1/5 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v);this.setPrivateKeyHex(t);this.isPublic=false};this.readPKCS8PrvKeyHex=function(v){if(k(v)===false){throw new j("not ASN.1 hex string")}var t,r,u,w;try{t=n(v,0,[1,0],"06");r=n(v,0,[1,1],"06");u=n(v,0,[2,0,1],"04");try{w=n(v,0,[2,0,"[1]",0],"03")}catch(s){}}catch(s){throw new j("malformed PKCS#8 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(w);this.setPrivateKeyHex(u);this.isPublic=false};this.readPKCS8PubKeyHex=function(u){if(k(u)===false){throw new j("not ASN.1 hex string")}var t,r,v;try{t=n(u,0,[0,0],"06");r=n(u,0,[0,1],"06");v=n(u,0,[1],"03")}catch(s){throw new j("malformed PKCS#8 ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v)};this.readCertPubKeyHex=function(t,v){if(k(t)===false){throw new j("not ASN.1 hex string")}var r,u;try{r=n(t,0,[0,5,0,1],"06");u=n(t,0,[0,5,1],"03")}catch(s){throw new j("malformed X.509 certificate ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(u)};if(e!==undefined){if(e.curve!==undefined){this.curveName=e.curve}}if(this.curveName===undefined){this.curveName=g}this.setNamedCurve(this.curveName);if(e!==undefined){if(e.prv!==undefined){this.setPrivateKeyHex(e.prv)}if(e.pub!==undefined){this.setPublicKeyHex(e.pub)}}};KJUR.crypto.ECDSA.parseSigHex=function(a){var b=KJUR.crypto.ECDSA.parseSigHexInHexRS(a);var d=new BigInteger(b.r,16);var c=new BigInteger(b.s,16);return{r:d,s:c}};KJUR.crypto.ECDSA.parseSigHexInHexRS=function(f){var j=ASN1HEX,i=j.getChildIdx,g=j.getV;j.checkStrictDER(f,0);if(f.substr(0,2)!="30"){throw new Error("signature is not a ASN.1 sequence")}var h=i(f,0);if(h.length!=2){throw new Error("signature shall have two elements")}var e=h[0];var d=h[1];if(f.substr(e,2)!="02"){throw new Error("1st item not ASN.1 integer")}if(f.substr(d,2)!="02"){throw new Error("2nd item not ASN.1 integer")}var c=g(f,e);var b=g(f,d);return{r:c,s:b}};KJUR.crypto.ECDSA.asn1SigToConcatSig=function(c){var d=KJUR.crypto.ECDSA.parseSigHexInHexRS(c);var b=d.r;var a=d.s;if(b.substr(0,2)=="00"&&(b.length%32)==2){b=b.substr(2)}if(a.substr(0,2)=="00"&&(a.length%32)==2){a=a.substr(2)}if((b.length%32)==30){b="00"+b}if((a.length%32)==30){a="00"+a}if(b.length%32!=0){throw"unknown ECDSA sig r length error"}if(a.length%32!=0){throw"unknown ECDSA sig s length error"}return b+a};KJUR.crypto.ECDSA.concatSigToASN1Sig=function(a){if((((a.length/2)*8)%(16*8))!=0){throw"unknown ECDSA concatinated r-s sig length error"}var c=a.substr(0,a.length/2);var b=a.substr(a.length/2);return KJUR.crypto.ECDSA.hexRSSigToASN1Sig(c,b)};KJUR.crypto.ECDSA.hexRSSigToASN1Sig=function(b,a){var d=new BigInteger(b,16);var c=new BigInteger(a,16);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(d,c)};KJUR.crypto.ECDSA.biRSSigToASN1Sig=function(f,d){var c=KJUR.asn1;var b=new c.DERInteger({bigint:f});var a=new c.DERInteger({bigint:d});var e=new c.DERSequence({array:[b,a]});return e.getEncodedHex()};KJUR.crypto.ECDSA.getName=function(a){if(a==="2b8104001f"){return"secp192k1"}if(a==="2a8648ce3d030107"){return"secp256r1"}if(a==="2b8104000a"){return"secp256k1"}if(a==="2b81040021"){return"secp224r1"}if(a==="2b81040022"){return"secp384r1"}if("|secp256r1|NIST P-256|P-256|prime256v1|".indexOf(a)!==-1){return"secp256r1"}if("|secp256k1|".indexOf(a)!==-1){return"secp256k1"}if("|secp224r1|NIST P-224|P-224|".indexOf(a)!==-1){return"secp224r1"}if("|secp384r1|NIST P-384|P-384|".indexOf(a)!==-1){return"secp384r1"}return null}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.ECParameterDB=new function(){var b={};var c={};function a(d){return new BigInteger(d,16)}this.getByName=function(e){var d=e;if(typeof c[d]!="undefined"){d=c[e]}if(typeof b[d]!="undefined"){return b[d]}throw"unregistered EC curve name: "+d};this.regist=function(A,l,o,g,m,e,j,f,k,u,d,x){b[A]={};var s=a(o);var z=a(g);var y=a(m);var t=a(e);var w=a(j);var r=new ECCurveFp(s,z,y);var q=r.decodePointHex("04"+f+k);b[A]["name"]=A;b[A]["keylen"]=l;b[A]["curve"]=r;b[A]["G"]=q;b[A]["n"]=t;b[A]["h"]=w;b[A]["oid"]=d;b[A]["info"]=x;for(var v=0;v=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+A.length}if(w(y,A[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=z(y,A[1]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=z(y,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length}if(w(y,s[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=z(y,s[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=u(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=u(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=t(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var w=r[0];if(t.substr(w,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=u(t,w);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(t.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw"unsupported PKCS#1/5 hexadecimal key"}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+f}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var G=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return G}function B(G){var s=l({seq:[{"int":1},{octstr:{hex:G.prvKeyHex}},{tag:["a0",true,{oid:{name:G.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+G.pubKeyHex}}]}]});return s}function x(s){var G=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return G}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.getEncodedHex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.getEncodedHex();var h=B(b);var t=h.getEncodedHex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(G,s){var I=c(G,s);var H=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:I.pbkdf2Salt}},{"int":I.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:I.encryptionSchemeIV}}]}]}]},{octstr:{hex:I.ciphertext}}]});return H.getEncodedHex()};var c=function(N,O){var H=100;var M=CryptoJS.lib.WordArray.random(8);var L="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var I=CryptoJS.PBKDF2(O,M,{keySize:192/32,iterations:H});var J=CryptoJS.enc.Hex.parse(N);var K=CryptoJS.TripleDES.encrypt(J,I,{iv:s})+"";var G={};G.ciphertext=K;G.pbkdf2Salt=CryptoJS.enc.Hex.stringify(M);G.pbkdf2Iter=H;G.encryptionSchemeAlg=L;G.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return G};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var g=new l({seq:[{"int":1},{octstr:{hex:b.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]}]});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var e=f(g,0);if(e.length<1){throw"malformed CSR(code:002)"}if(g.substr(e[0],2)!="30"){throw"malformed CSR(code:003)"}var a=f(g,e[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWKFromKey=function(d){var b={};if(d instanceof RSAKey&&d.isPrivate){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));b.d=hextob64u(d.d.toString(16));b.p=hextob64u(d.p.toString(16));b.q=hextob64u(d.q.toString(16));b.dp=hextob64u(d.dmp1.toString(16));b.dq=hextob64u(d.dmq1.toString(16));b.qi=hextob64u(d.coeff.toString(16));return b}else{if(d instanceof RSAKey&&d.isPublic){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPrivate){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);b.d=hextob64u(d.prvKeyHex);return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPublic){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);return b}}}}throw"not supported key object"}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/npm/lib/jsrsasign-jwths-min.js b/npm/lib/jsrsasign-jwths-min.js index 555d76ed..0c3be9ed 100644 --- a/npm/lib/jsrsasign-jwths-min.js +++ b/npm/lib/jsrsasign-jwths-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(jwths) 10.0.5 (2020-11-04) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license + * jsrsasign(jwths) 10.1.0 (2020-11-19) (c) 2010-2020 Kenji Urushima | kjur.github.com/jsrsasign/license */ /*! @@ -119,6 +119,6 @@ var rng_state;var rng_pool;var rng_pptr;function rng_seed_int(a){rng_pool[rng_pp /*! Mike Samuel (c) 2009 | code.google.com/p/json-sans-eval */ var jsonParse=(function(){var e="(?:-?\\b(?:0|[1-9][0-9]*)(?:\\.[0-9]+)?(?:[eE][+-]?[0-9]+)?\\b)";var j='(?:[^\\0-\\x08\\x0a-\\x1f"\\\\]|\\\\(?:["/\\\\bfnrt]|u[0-9A-Fa-f]{4}))';var i='(?:"'+j+'*")';var d=new RegExp("(?:false|true|null|[\\{\\}\\[\\]]|"+e+"|"+i+")","g");var k=new RegExp("\\\\(?:([^u])|u(.{4}))","g");var g={'"':'"',"/":"/","\\":"\\",b:"\b",f:"\f",n:"\n",r:"\r",t:"\t"};function h(l,m,n){return m?g[m]:String.fromCharCode(parseInt(n,16))}var c=new String("");var a="\\";var f={"{":Object,"[":Array};var b=Object.hasOwnProperty;return function(u,q){var p=u.match(d);var x;var v=p[0];var l=false;if("{"===v){x={}}else{if("["===v){x=[]}else{x=[];l=true}}var t;var r=[x];for(var o=1-l,m=p.length;o=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); -var KJUR;if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.lang=="undefined"||!KJUR.lang){KJUR.lang={}}KJUR.lang.String=function(){};function Base64x(){}function stoBA(d){var b=new Array();for(var c=0;cf.length){f=c[d]}}e=e.replace(f,"::");return e.slice(1,-1)}function hextoip(b){var d="malformed hex value";if(!b.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){throw d}if(b.length==8){var c;try{c=parseInt(b.substr(0,2),16)+"."+parseInt(b.substr(2,2),16)+"."+parseInt(b.substr(4,2),16)+"."+parseInt(b.substr(6,2),16);return c}catch(a){throw d}}else{if(b.length==32){return hextoipv6(b)}else{return b}}}function iptohex(f){var j="malformed IP address";f=f.toLowerCase(f);if(f.match(/^[0-9.]+$/)){var b=f.split(".");if(b.length!==4){throw j}var g="";try{for(var e=0;e<4;e++){var h=parseInt(b[e]);g+=("0"+h.toString(16)).slice(-2)}return g}catch(c){throw j}}else{if(f.match(/^[0-9a-f:]+$/)&&f.indexOf(":")!==-1){return ipv6tohex(f)}else{throw j}}}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;bf.length){f=c[d]}}e=e.replace(f,"::");return e.slice(1,-1)}function hextoip(b){var d="malformed hex value";if(!b.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){throw d}if(b.length==8){var c;try{c=parseInt(b.substr(0,2),16)+"."+parseInt(b.substr(2,2),16)+"."+parseInt(b.substr(4,2),16)+"."+parseInt(b.substr(6,2),16);return c}catch(a){throw d}}else{if(b.length==32){return hextoipv6(b)}else{return b}}}function iptohex(f){var j="malformed IP address";f=f.toLowerCase(f);if(f.match(/^[0-9.]+$/)){var b=f.split(".");if(b.length!==4){throw j}var g="";try{for(var e=0;e<4;e++){var h=parseInt(b[e]);g+=("0"+h.toString(16)).slice(-2)}return g}catch(c){throw j}}else{if(f.match(/^[0-9a-f:]+$/)&&f.indexOf(":")!==-1){return ipv6tohex(f)}else{throw j}}}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.Util=new function(){this.DIGESTINFOHEAD={sha1:"3021300906052b0e03021a05000414",sha224:"302d300d06096086480165030402040500041c",sha256:"3031300d060960864801650304020105000420",sha384:"3041300d060960864801650304020205000430",sha512:"3051300d060960864801650304020305000440",md2:"3020300c06082a864886f70d020205000410",md5:"3020300c06082a864886f70d020505000410",ripemd160:"3021300906052b2403020105000414",};this.DEFAULTPROVIDER={md5:"cryptojs",sha1:"cryptojs",sha224:"cryptojs",sha256:"cryptojs",sha384:"cryptojs",sha512:"cryptojs",ripemd160:"cryptojs",hmacmd5:"cryptojs",hmacsha1:"cryptojs",hmacsha224:"cryptojs",hmacsha256:"cryptojs",hmacsha384:"cryptojs",hmacsha512:"cryptojs",hmacripemd160:"cryptojs",MD5withRSA:"cryptojs/jsrsa",SHA1withRSA:"cryptojs/jsrsa",SHA224withRSA:"cryptojs/jsrsa",SHA256withRSA:"cryptojs/jsrsa",SHA384withRSA:"cryptojs/jsrsa",SHA512withRSA:"cryptojs/jsrsa",RIPEMD160withRSA:"cryptojs/jsrsa",MD5withECDSA:"cryptojs/jsrsa",SHA1withECDSA:"cryptojs/jsrsa",SHA224withECDSA:"cryptojs/jsrsa",SHA256withECDSA:"cryptojs/jsrsa",SHA384withECDSA:"cryptojs/jsrsa",SHA512withECDSA:"cryptojs/jsrsa",RIPEMD160withECDSA:"cryptojs/jsrsa",SHA1withDSA:"cryptojs/jsrsa",SHA224withDSA:"cryptojs/jsrsa",SHA256withDSA:"cryptojs/jsrsa",MD5withRSAandMGF1:"cryptojs/jsrsa",SHAwithRSAandMGF1:"cryptojs/jsrsa",SHA1withRSAandMGF1:"cryptojs/jsrsa",SHA224withRSAandMGF1:"cryptojs/jsrsa",SHA256withRSAandMGF1:"cryptojs/jsrsa",SHA384withRSAandMGF1:"cryptojs/jsrsa",SHA512withRSAandMGF1:"cryptojs/jsrsa",RIPEMD160withRSAandMGF1:"cryptojs/jsrsa",};this.CRYPTOJSMESSAGEDIGESTNAME={md5:CryptoJS.algo.MD5,sha1:CryptoJS.algo.SHA1,sha224:CryptoJS.algo.SHA224,sha256:CryptoJS.algo.SHA256,sha384:CryptoJS.algo.SHA384,sha512:CryptoJS.algo.SHA512,ripemd160:CryptoJS.algo.RIPEMD160};this.getDigestInfoHex=function(a,b){if(typeof this.DIGESTINFOHEAD[b]=="undefined"){throw"alg not supported in Util.DIGESTINFOHEAD: "+b}return this.DIGESTINFOHEAD[b]+a};this.getPaddedDigestInfoHex=function(h,a,j){var c=this.getDigestInfoHex(h,a);var d=j/4;if(c.length+22>d){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriod=a.length){return null}}var e="";while(++f191)&&(h<224)){e+=String.fromCharCode(((h&31)<<6)|(a[f+1]&63));++f}else{e+=String.fromCharCode(((h&15)<<12)|((a[f+1]&63)<<6)|(a[f+2]&63));f+=2}}}return e}function oaep_mgf1_str(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255]));d+=1}return b}function oaep_unpad(o,b,g,p){var e=KJUR.crypto.MessageDigest;var r=KJUR.crypto.Util;var c=null;if(!g){g="sha1"}if(typeof g==="string"){c=e.getCanonicalAlgName(g);p=e.getHashLength(c);g=function(d){return hextorstr(r.hashHex(rstrtohex(d),c))}}o=o.toByteArray();var h;for(h=0;h0&&a.length>0){this.n=parseBigInt(c,16);this.e=parseInt(a,16);this.d=parseBigInt(b,16)}else{throw"Invalid RSA private key"}}}function RSASetPrivateEx(g,d,e,c,b,a,h,f){this.isPrivate=true;this.isPublic=false;if(g==null){throw"RSASetPrivateEx N == null"}if(d==null){throw"RSASetPrivateEx E == null"}if(g.length==0){throw"RSASetPrivateEx N.length == 0"}if(d.length==0){throw"RSASetPrivateEx E.length == 0"}if(g!=null&&d!=null&&g.length>0&&d.length>0){this.n=parseBigInt(g,16);this.e=parseInt(d,16);this.d=parseBigInt(e,16);this.p=parseBigInt(c,16);this.q=parseBigInt(b,16);this.dmp1=parseBigInt(a,16);this.dmq1=parseBigInt(h,16);this.coeff=parseBigInt(f,16)}else{throw"Invalid RSA private key in RSASetPrivateEx"}}function RSAGenerate(b,i){var a=new SecureRandom();var f=b>>1;this.e=parseInt(i,16);var c=new BigInteger(i,16);for(;;){for(;;){this.p=new BigInteger(b-f,1,a);if(this.p.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.p.isProbablePrime(10)){break}}for(;;){this.q=new BigInteger(f,1,a);if(this.q.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.q.isProbablePrime(10)){break}}if(this.p.compareTo(this.q)<=0){var h=this.p;this.p=this.q;this.q=h}var g=this.p.subtract(BigInteger.ONE);var d=this.q.subtract(BigInteger.ONE);var e=g.multiply(d);if(e.gcd(c).compareTo(BigInteger.ONE)==0){this.n=this.p.multiply(this.q);if(this.n.bitLength()==b){this.d=c.modInverse(e);this.dmp1=this.d.mod(g);this.dmq1=this.d.mod(d);this.coeff=this.q.modInverse(this.p);break}}}this.isPrivate=true}function RSADoPrivate(a){if(this.p==null||this.q==null){return a.modPow(this.d,this.n)}var c=a.mod(this.p).modPow(this.dmp1,this.p);var b=a.mod(this.q).modPow(this.dmq1,this.q);while(c.compareTo(b)<0){c=c.add(this.p)}return c.subtract(b).multiply(this.coeff).mod(this.p).multiply(this.q).add(b)}function RSADecrypt(b){if(b.length!=Math.ceil(this.n.bitLength()/4)){throw new Error("wrong ctext length")}var d=parseBigInt(b,16);var a=this.doPrivate(d);if(a==null){return null}return pkcs1unpad2(a,(this.n.bitLength()+7)>>3)}function RSADecryptOAEP(e,d,b){if(e.length!=Math.ceil(this.n.bitLength()/4)){throw new Error("wrong ctext length")}var f=parseBigInt(e,16);var a=this.doPrivate(f);if(a==null){return null}return oaep_unpad(a,(this.n.bitLength()+7)>>3,d,b)}RSAKey.prototype.doPrivate=RSADoPrivate;RSAKey.prototype.setPrivate=RSASetPrivate;RSAKey.prototype.setPrivateEx=RSASetPrivateEx;RSAKey.prototype.generate=RSAGenerate;RSAKey.prototype.decrypt=RSADecrypt;RSAKey.prototype.decryptOAEP=RSADecryptOAEP; -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw"ASN.1 length too long to represent by 8x: n = "+j.toString(16)}var g=128+h;return g.toString(16)+i}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;ef.length){f=c[d]}}e=e.replace(f,"::");return e.slice(1,-1)}function hextoip(b){var d="malformed hex value";if(!b.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){throw d}if(b.length==8){var c;try{c=parseInt(b.substr(0,2),16)+"."+parseInt(b.substr(2,2),16)+"."+parseInt(b.substr(4,2),16)+"."+parseInt(b.substr(6,2),16);return c}catch(a){throw d}}else{if(b.length==32){return hextoipv6(b)}else{return b}}}function iptohex(f){var j="malformed IP address";f=f.toLowerCase(f);if(f.match(/^[0-9.]+$/)){var b=f.split(".");if(b.length!==4){throw j}var g="";try{for(var e=0;e<4;e++){var h=parseInt(b[e]);g+=("0"+h.toString(16)).slice(-2)}return g}catch(c){throw j}}else{if(f.match(/^[0-9a-f:]+$/)&&f.indexOf(":")!==-1){return ipv6tohex(f)}else{throw j}}}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b15){throw"ASN.1 length too long to represent by 8x: n = "+j.toString(16)}var g=128+h;return g.toString(16)+i}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.getInt=function(d,b,e){if(e==undefined){e=-1}try{if(d.substr(b,2)!="02"){return e}var a=ASN1HEX.getV(d,b);return parseInt(a,16)}catch(c){return e}};ASN1HEX.getOID=function(c,a,d){if(d==undefined){d=null}try{if(c.substr(a,2)!="06"){return d}var e=ASN1HEX.getV(c,a);return hextooid(e)}catch(b){return d}};ASN1HEX.getOIDName=function(d,a,f){if(f==undefined){f=null}try{var e=ASN1HEX.getOID(d,a,f);if(e==f){return f}var b=KJUR.asn1.x509.OID.oid2name(e);if(b==""){return e}return b}catch(c){return f}};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;ef.length){f=c[d]}}e=e.replace(f,"::");return e.slice(1,-1)}function hextoip(b){var d="malformed hex value";if(!b.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){throw d}if(b.length==8){var c;try{c=parseInt(b.substr(0,2),16)+"."+parseInt(b.substr(2,2),16)+"."+parseInt(b.substr(4,2),16)+"."+parseInt(b.substr(6,2),16);return c}catch(a){throw d}}else{if(b.length==32){return hextoipv6(b)}else{return b}}}function iptohex(f){var j="malformed IP address";f=f.toLowerCase(f);if(f.match(/^[0-9.]+$/)){var b=f.split(".");if(b.length!==4){throw j}var g="";try{for(var e=0;e<4;e++){var h=parseInt(b[e]);g+=("0"+h.toString(16)).slice(-2)}return g}catch(c){throw j}}else{if(f.match(/^[0-9a-f:]+$/)&&f.indexOf(":")!==-1){return ipv6tohex(f)}else{throw j}}}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.Util=new function(){this.DIGESTINFOHEAD={sha1:"3021300906052b0e03021a05000414",sha224:"302d300d06096086480165030402040500041c",sha256:"3031300d060960864801650304020105000420",sha384:"3041300d060960864801650304020205000430",sha512:"3051300d060960864801650304020305000440",md2:"3020300c06082a864886f70d020205000410",md5:"3020300c06082a864886f70d020505000410",ripemd160:"3021300906052b2403020105000414",};this.DEFAULTPROVIDER={md5:"cryptojs",sha1:"cryptojs",sha224:"cryptojs",sha256:"cryptojs",sha384:"cryptojs",sha512:"cryptojs",ripemd160:"cryptojs",hmacmd5:"cryptojs",hmacsha1:"cryptojs",hmacsha224:"cryptojs",hmacsha256:"cryptojs",hmacsha384:"cryptojs",hmacsha512:"cryptojs",hmacripemd160:"cryptojs",MD5withRSA:"cryptojs/jsrsa",SHA1withRSA:"cryptojs/jsrsa",SHA224withRSA:"cryptojs/jsrsa",SHA256withRSA:"cryptojs/jsrsa",SHA384withRSA:"cryptojs/jsrsa",SHA512withRSA:"cryptojs/jsrsa",RIPEMD160withRSA:"cryptojs/jsrsa",MD5withECDSA:"cryptojs/jsrsa",SHA1withECDSA:"cryptojs/jsrsa",SHA224withECDSA:"cryptojs/jsrsa",SHA256withECDSA:"cryptojs/jsrsa",SHA384withECDSA:"cryptojs/jsrsa",SHA512withECDSA:"cryptojs/jsrsa",RIPEMD160withECDSA:"cryptojs/jsrsa",SHA1withDSA:"cryptojs/jsrsa",SHA224withDSA:"cryptojs/jsrsa",SHA256withDSA:"cryptojs/jsrsa",MD5withRSAandMGF1:"cryptojs/jsrsa",SHAwithRSAandMGF1:"cryptojs/jsrsa",SHA1withRSAandMGF1:"cryptojs/jsrsa",SHA224withRSAandMGF1:"cryptojs/jsrsa",SHA256withRSAandMGF1:"cryptojs/jsrsa",SHA384withRSAandMGF1:"cryptojs/jsrsa",SHA512withRSAandMGF1:"cryptojs/jsrsa",RIPEMD160withRSAandMGF1:"cryptojs/jsrsa",};this.CRYPTOJSMESSAGEDIGESTNAME={md5:CryptoJS.algo.MD5,sha1:CryptoJS.algo.SHA1,sha224:CryptoJS.algo.SHA224,sha256:CryptoJS.algo.SHA256,sha384:CryptoJS.algo.SHA384,sha512:CryptoJS.algo.SHA512,ripemd160:CryptoJS.algo.RIPEMD160};this.getDigestInfoHex=function(a,b){if(typeof this.DIGESTINFOHEAD[b]=="undefined"){throw"alg not supported in Util.DIGESTINFOHEAD: "+b}return this.DIGESTINFOHEAD[b]+a};this.getPaddedDigestInfoHex=function(h,a,j){var c=this.getDigestInfoHex(h,a);var d=j/4;if(c.length+22>d){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw"ASN.1 length too long to represent by 8x: n = "+j.toString(16)}var g=128+h;return g.toString(16)+i}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;e0){n.push(new c({tag:"a3",obj:new j(q.ext)}))}var o=new KJUR.asn1.DERSequence({array:n});return o.getEncodedHex()};if(f!==undefined){this.setByParam(f)}};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extensions=function(d){KJUR.asn1.x509.Extensions.superclass.constructor.call(this);var c=KJUR,b=c.asn1,a=b.DERSequence,e=b.x509;this.aParam=[];this.setByParam=function(f){this.aParam=f};this.getEncodedHex=function(){var f=[];for(var h=0;h-1){i.push(new f({"int":this.pathLen}))}var h=new b({array:i});this.asn1ExtnValue=h;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(g!==undefined){if(g.cA!==undefined){this.cA=g.cA}if(g.pathLen!==undefined){this.pathLen=g.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(e){var f=[];for(var g=0;g0){f.push(new b({array:j}))}}var g=new b({array:f});return g.getEncodedHex()};if(d!==undefined){this.params=d}};YAHOO.lang.extend(KJUR.asn1.x509.PolicyInformation,KJUR.asn1.ASN1Object);KJUR.asn1.x509.PolicyQualifierInfo=function(e){KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,e);var c=KJUR.asn1,b=c.DERSequence,d=c.DERIA5String,f=c.DERObjectIdentifier,a=c.x509.UserNotice;this.params=null;this.getEncodedHex=function(){if(this.params.cps!==undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.1"}),new d({str:this.params.cps})]});return g.getEncodedHex()}if(this.params.unotice!=undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.2"}),new a(this.params.unotice)]});return g.getEncodedHex()}};if(e!==undefined){this.params=e}};YAHOO.lang.extend(KJUR.asn1.x509.PolicyQualifierInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.UserNotice=function(e){KJUR.asn1.x509.UserNotice.superclass.constructor.call(this,e);var a=KJUR.asn1.DERSequence,d=KJUR.asn1.DERInteger,c=KJUR.asn1.x509.DisplayText,b=KJUR.asn1.x509.NoticeReference;this.params=null;this.getEncodedHex=function(){var f=[];if(this.params.noticeref!==undefined){f.push(new b(this.params.noticeref))}if(this.params.exptext!==undefined){f.push(new c(this.params.exptext))}var g=new a({array:f});return g.getEncodedHex()};if(e!==undefined){this.params=e}};YAHOO.lang.extend(KJUR.asn1.x509.UserNotice,KJUR.asn1.ASN1Object);KJUR.asn1.x509.NoticeReference=function(d){KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this,d);var a=KJUR.asn1.DERSequence,c=KJUR.asn1.DERInteger,b=KJUR.asn1.x509.DisplayText;this.params=null;this.getEncodedHex=function(){var f=[];if(this.params.org!==undefined){f.push(new b(this.params.org))}if(this.params.noticenum!==undefined){var h=[];var e=this.params.noticenum;for(var j=0;j0){for(var g=0;g0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.X500Name.ldapToOneline=function(a){return KJUR.asn1.x509.X500Name.ldapToCompat(a)};KJUR.asn1.x509.RDN=function(b){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=[];this.paramArray=[];this.sRule="utf8";var a=KJUR.asn1.x509.AttributeTypeAndValue;this.setByParam=function(c){if(c.rule!==undefined){this.sRule=c.rule}if(c.str!==undefined){this.addByMultiValuedString(c.str)}if(c.array!==undefined){this.paramArray=c.array}};this.addByString=function(c){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:c,rule:this.sRule}))};this.addByMultiValuedString=function(e){var c=KJUR.asn1.x509.RDN.parseString(e);for(var d=0;d0){for(var d=0;d0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(c){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);this.sRule="utf8";this.sType=null;this.sValue=null;this.dsType=null;var a=KJUR,g=a.asn1,d=g.DERSequence,l=g.DERUTF8String,i=g.DERPrintableString,h=g.DERTeletexString,b=g.DERIA5String,e=g.DERVisibleString,k=g.DERBMPString,f=a.lang.String.isMail,j=a.lang.String.isPrintable;this.setByParam=function(o){if(o.rule!==undefined){this.sRule=o.rule}if(o.ds!==undefined){this.dsType=o.ds}if(o.value===undefined&&o.str!==undefined){var n=o.str;var m=n.match(/^([^=]+)=(.+)$/);if(m){this.sType=m[1];this.sValue=m[2]}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}}else{this.sType=o.type;this.sValue=o.value}};this.setByString=function(n,o){if(o!==undefined){this.sRule=o}var m=n.match(/^([^=]+)=(.+)$/);if(m){this.setByAttrTypeAndValueStr(m[1],m[2])}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}};this._getDsType=function(){var o=this.sType;var n=this.sValue;var m=this.sRule;if(m==="prn"){if(o=="CN"&&f(n)){return"ia5"}if(j(n)){return"prn"}return"utf8"}else{if(m==="utf8"){if(o=="CN"&&f(n)){return"ia5"}if(o=="C"){return"prn"}return"utf8"}}return"utf8"};this.setByAttrTypeAndValueStr=function(o,n,m){if(m!==undefined){this.sRule=m}this.sType=o;this.sValue=n};this.getValueObj=function(n,m){if(n=="utf8"){return new l({str:m})}if(n=="prn"){return new i({str:m})}if(n=="tel"){return new h({str:m})}if(n=="ia5"){return new b({str:m})}if(n=="vis"){return new e({str:m})}if(n=="bmp"){return new k({str:m})}throw new Error("unsupported directory string type: type="+n+" value="+m)};this.getEncodedHex=function(){if(this.dsType==null){this.dsType=this._getDsType()}var n=KJUR.asn1.x509.OID.atype2obj(this.sType);var m=this.getValueObj(this.dsType,this.sValue);var p=new d({array:[n,m]});this.TLV=p.getEncodedHex();return this.TLV};if(c!==undefined){this.setByParam(c)}};YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,m=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,o=d.AlgorithmIdentifier,g=a.crypto,n=g.ECDSA,c=g.DSA;this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var p=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return p};this.getEncodedHex=function(){var p=this.getASN1Object();this.hTLV=p.getEncodedHex();return this.hTLV};this.setPubKey=function(q){try{if(q instanceof RSAKey){var u=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var s=u.getEncodedHex();this.asn1AlgId=new o({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+s})}}catch(p){}try{if(q instanceof KJUR.crypto.ECDSA){var r=new m({name:q.curveName});this.asn1AlgId=new o({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})}}catch(p){}try{if(q instanceof KJUR.crypto.DSA){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new o({name:"dsa",asn1params:r});var t=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+t.getEncodedHex()})}}catch(p){}};if(f!==undefined){this.setPubKey(f)}};YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.getEncodedHex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.getEncodedHex();return this.TLV};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};YAHOO.lang.extend(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1,c=a.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;this.getEncodedHex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw new Error("algorithm not specified")}if(this.nameAlg!==null){var f=null;for(var h in c){if(h===this.nameAlg){f=c[h]}}if(f!==null){this.hTLV=f;return this.hTLV}}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var g=[this.asn1Alg];if(this.asn1Params!==null){g.push(this.asn1Params)}var i=new a.DERSequence({array:g});this.hTLV=i.getEncodedHex();return this.hTLV};if(e!==undefined){if(e.name!==undefined){this.nameAlg=e.name}if(e.asn1params!==undefined){this.asn1Params=e.asn1params}if(e.paramempty!==undefined){this.paramEmpty=e.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){if(this.nameAlg.name!==undefined){this.nameAlg=this.nameAlg.name}var d=this.nameAlg.toLowerCase();if(d.substr(-7,7)!=="withdsa"&&d.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:"300d06092a864886f70d01010a3000",SHA256withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",SHA384withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",SHA512withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"};KJUR.asn1.x509.GeneralName=function(e){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var m=null,i=null,k={rfc822:"81",dns:"82",dn:"a4",uri:"86",ip:"87"},b=KJUR,g=b.asn1,f=g.DERSequence,j=g.DEROctetString,d=g.DERIA5String,c=g.DERTaggedObject,l=g.ASN1Object,a=g.x509.X500Name,h=pemtohex;this.explicit=false;this.setByParam=function(p){var r=null;var u=null;if(p===undefined){return}if(p.rfc822!==undefined){this.type="rfc822";u=new d({str:p[this.type]})}if(p.dns!==undefined){this.type="dns";u=new d({str:p[this.type]})}if(p.uri!==undefined){this.type="uri";u=new d({str:p[this.type]})}if(p.dn!==undefined){this.type="dn";this.explicit=true;if(typeof p.dn==="string"){u=new a({str:p.dn})}else{if(p.dn instanceof KJUR.asn1.x509.X500Name){u=p.dn}else{u=new a(p.dn)}}}if(p.ldapdn!==undefined){this.type="dn";this.explicit=true;u=new a({ldapstr:p.ldapdn})}if(p.certissuer!==undefined){this.type="dn";this.explicit=true;var o=p.certissuer;var w=null;if(o.match(/^[0-9A-Fa-f]+$/)){w==o}if(o.indexOf("-----BEGIN ")!=-1){w=h(o)}if(w==null){throw"certissuer param not cert"}var t=new X509();t.hex=w;var y=t.getIssuerHex();u=new l();u.hTLV=y}if(p.certsubj!==undefined){this.type="dn";this.explicit=true;var o=p.certsubj;var w=null;if(o.match(/^[0-9A-Fa-f]+$/)){w==o}if(o.indexOf("-----BEGIN ")!=-1){w=h(o)}if(w==null){throw"certsubj param not cert"}var t=new X509();t.hex=w;var y=t.getSubjectHex();u=new l();u.hTLV=y}if(p.ip!==undefined){this.type="ip";this.explicit=false;var q=p.ip;var s;var n="malformed IP address";if(q.match(/^[0-9.]+[.][0-9.]+$/)){s=intarystrtohex("["+q.split(".").join(",")+"]");if(s.length!==8){throw n}}else{if(q.match(/^[0-9A-Fa-f:]+:[0-9A-Fa-f:]+$/)){s=ipv6tohex(q)}else{if(q.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){s=q}else{throw n}}}u=new j({hex:s})}if(this.type==null){throw"unsupported type in params="+p}this.asn1Obj=new c({explicit:this.explicit,tag:k[this.type],obj:u})};this.getEncodedHex=function(){return this.asn1Obj.getEncodedHex()};if(e!==undefined){this.setByParam(e)}};YAHOO.lang.extend(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e15){throw"ASN.1 length too long to represent by 8x: n = "+j.toString(16)}var g=128+h;return g.toString(16)+i}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.getEncodedHex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.getInt=function(d,b,e){if(e==undefined){e=-1}try{if(d.substr(b,2)!="02"){return e}var a=ASN1HEX.getV(d,b);return parseInt(a,16)}catch(c){return e}};ASN1HEX.getOID=function(c,a,d){if(d==undefined){d=null}try{if(c.substr(a,2)!="06"){return d}var e=ASN1HEX.getV(c,a);return hextooid(e)}catch(b){return d}};ASN1HEX.getOIDName=function(d,a,f){if(f==undefined){f=null}try{var e=ASN1HEX.getOID(d,a,f);if(e==f){return f}var b=KJUR.asn1.x509.OID.oid2name(e);if(b==""){return e}return b}catch(c){return f}};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.getEncodedHex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;e0){n.push(new c({tag:"a3",obj:new j(q.ext)}))}var o=new KJUR.asn1.DERSequence({array:n});return o.getEncodedHex()};if(f!==undefined){this.setByParam(f)}};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extensions=function(d){KJUR.asn1.x509.Extensions.superclass.constructor.call(this);var c=KJUR,b=c.asn1,a=b.DERSequence,e=b.x509;this.aParam=[];this.setByParam=function(f){this.aParam=f};this.getEncodedHex=function(){var f=[];for(var h=0;h-1){i.push(new f({"int":this.pathLen}))}var h=new b({array:i});this.asn1ExtnValue=h;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(g!==undefined){if(g.cA!==undefined){this.cA=g.cA}if(g.pathLen!==undefined){this.pathLen=g.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(e){var f=[];for(var g=0;g0){f.push(new b({array:j}))}}var g=new b({array:f});return g.getEncodedHex()};if(d!==undefined){this.params=d}};YAHOO.lang.extend(KJUR.asn1.x509.PolicyInformation,KJUR.asn1.ASN1Object);KJUR.asn1.x509.PolicyQualifierInfo=function(e){KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,e);var c=KJUR.asn1,b=c.DERSequence,d=c.DERIA5String,f=c.DERObjectIdentifier,a=c.x509.UserNotice;this.params=null;this.getEncodedHex=function(){if(this.params.cps!==undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.1"}),new d({str:this.params.cps})]});return g.getEncodedHex()}if(this.params.unotice!=undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.2"}),new a(this.params.unotice)]});return g.getEncodedHex()}};if(e!==undefined){this.params=e}};YAHOO.lang.extend(KJUR.asn1.x509.PolicyQualifierInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.UserNotice=function(e){KJUR.asn1.x509.UserNotice.superclass.constructor.call(this,e);var a=KJUR.asn1.DERSequence,d=KJUR.asn1.DERInteger,c=KJUR.asn1.x509.DisplayText,b=KJUR.asn1.x509.NoticeReference;this.params=null;this.getEncodedHex=function(){var f=[];if(this.params.noticeref!==undefined){f.push(new b(this.params.noticeref))}if(this.params.exptext!==undefined){f.push(new c(this.params.exptext))}var g=new a({array:f});return g.getEncodedHex()};if(e!==undefined){this.params=e}};YAHOO.lang.extend(KJUR.asn1.x509.UserNotice,KJUR.asn1.ASN1Object);KJUR.asn1.x509.NoticeReference=function(d){KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this,d);var a=KJUR.asn1.DERSequence,c=KJUR.asn1.DERInteger,b=KJUR.asn1.x509.DisplayText;this.params=null;this.getEncodedHex=function(){var f=[];if(this.params.org!==undefined){f.push(new b(this.params.org))}if(this.params.noticenum!==undefined){var h=[];var e=this.params.noticenum;for(var j=0;j0){for(var g=0;g0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.X500Name.ldapToOneline=function(a){return KJUR.asn1.x509.X500Name.ldapToCompat(a)};KJUR.asn1.x509.RDN=function(b){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=[];this.paramArray=[];this.sRule="utf8";var a=KJUR.asn1.x509.AttributeTypeAndValue;this.setByParam=function(c){if(c.rule!==undefined){this.sRule=c.rule}if(c.str!==undefined){this.addByMultiValuedString(c.str)}if(c.array!==undefined){this.paramArray=c.array}};this.addByString=function(c){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:c,rule:this.sRule}))};this.addByMultiValuedString=function(e){var c=KJUR.asn1.x509.RDN.parseString(e);for(var d=0;d0){for(var d=0;d0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(c){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);this.sRule="utf8";this.sType=null;this.sValue=null;this.dsType=null;var a=KJUR,g=a.asn1,d=g.DERSequence,l=g.DERUTF8String,i=g.DERPrintableString,h=g.DERTeletexString,b=g.DERIA5String,e=g.DERVisibleString,k=g.DERBMPString,f=a.lang.String.isMail,j=a.lang.String.isPrintable;this.setByParam=function(o){if(o.rule!==undefined){this.sRule=o.rule}if(o.ds!==undefined){this.dsType=o.ds}if(o.value===undefined&&o.str!==undefined){var n=o.str;var m=n.match(/^([^=]+)=(.+)$/);if(m){this.sType=m[1];this.sValue=m[2]}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}}else{this.sType=o.type;this.sValue=o.value}};this.setByString=function(n,o){if(o!==undefined){this.sRule=o}var m=n.match(/^([^=]+)=(.+)$/);if(m){this.setByAttrTypeAndValueStr(m[1],m[2])}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}};this._getDsType=function(){var o=this.sType;var n=this.sValue;var m=this.sRule;if(m==="prn"){if(o=="CN"&&f(n)){return"ia5"}if(j(n)){return"prn"}return"utf8"}else{if(m==="utf8"){if(o=="CN"&&f(n)){return"ia5"}if(o=="C"){return"prn"}return"utf8"}}return"utf8"};this.setByAttrTypeAndValueStr=function(o,n,m){if(m!==undefined){this.sRule=m}this.sType=o;this.sValue=n};this.getValueObj=function(n,m){if(n=="utf8"){return new l({str:m})}if(n=="prn"){return new i({str:m})}if(n=="tel"){return new h({str:m})}if(n=="ia5"){return new b({str:m})}if(n=="vis"){return new e({str:m})}if(n=="bmp"){return new k({str:m})}throw new Error("unsupported directory string type: type="+n+" value="+m)};this.getEncodedHex=function(){if(this.dsType==null){this.dsType=this._getDsType()}var n=KJUR.asn1.x509.OID.atype2obj(this.sType);var m=this.getValueObj(this.dsType,this.sValue);var p=new d({array:[n,m]});this.TLV=p.getEncodedHex();return this.TLV};if(c!==undefined){this.setByParam(c)}};YAHOO.lang.extend(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,m=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,o=d.AlgorithmIdentifier,g=a.crypto,n=g.ECDSA,c=g.DSA;this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var p=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return p};this.getEncodedHex=function(){var p=this.getASN1Object();this.hTLV=p.getEncodedHex();return this.hTLV};this.setPubKey=function(q){try{if(q instanceof RSAKey){var u=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var s=u.getEncodedHex();this.asn1AlgId=new o({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+s})}}catch(p){}try{if(q instanceof KJUR.crypto.ECDSA){var r=new m({name:q.curveName});this.asn1AlgId=new o({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})}}catch(p){}try{if(q instanceof KJUR.crypto.DSA){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new o({name:"dsa",asn1params:r});var t=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+t.getEncodedHex()})}}catch(p){}};if(f!==undefined){this.setPubKey(f)}};YAHOO.lang.extend(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.getEncodedHex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.getEncodedHex();return this.TLV};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};YAHOO.lang.extend(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1,c=a.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;this.getEncodedHex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw new Error("algorithm not specified")}if(this.nameAlg!==null){var f=null;for(var h in c){if(h===this.nameAlg){f=c[h]}}if(f!==null){this.hTLV=f;return this.hTLV}}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var g=[this.asn1Alg];if(this.asn1Params!==null){g.push(this.asn1Params)}var i=new a.DERSequence({array:g});this.hTLV=i.getEncodedHex();return this.hTLV};if(e!==undefined){if(e.name!==undefined){this.nameAlg=e.name}if(e.asn1params!==undefined){this.asn1Params=e.asn1params}if(e.paramempty!==undefined){this.paramEmpty=e.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){if(this.nameAlg.name!==undefined){this.nameAlg=this.nameAlg.name}var d=this.nameAlg.toLowerCase();if(d.substr(-7,7)!=="withdsa"&&d.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};YAHOO.lang.extend(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:"300d06092a864886f70d01010a3000",SHA256withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",SHA384withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",SHA512withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"};KJUR.asn1.x509.GeneralName=function(e){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var m=null,i=null,k={rfc822:"81",dns:"82",dn:"a4",uri:"86",ip:"87"},b=KJUR,g=b.asn1,f=g.DERSequence,j=g.DEROctetString,d=g.DERIA5String,c=g.DERTaggedObject,l=g.ASN1Object,a=g.x509.X500Name,h=pemtohex;this.explicit=false;this.setByParam=function(p){var r=null;var u=null;if(p===undefined){return}if(p.rfc822!==undefined){this.type="rfc822";u=new d({str:p[this.type]})}if(p.dns!==undefined){this.type="dns";u=new d({str:p[this.type]})}if(p.uri!==undefined){this.type="uri";u=new d({str:p[this.type]})}if(p.dn!==undefined){this.type="dn";this.explicit=true;if(typeof p.dn==="string"){u=new a({str:p.dn})}else{if(p.dn instanceof KJUR.asn1.x509.X500Name){u=p.dn}else{u=new a(p.dn)}}}if(p.ldapdn!==undefined){this.type="dn";this.explicit=true;u=new a({ldapstr:p.ldapdn})}if(p.certissuer!==undefined){this.type="dn";this.explicit=true;var o=p.certissuer;var w=null;if(o.match(/^[0-9A-Fa-f]+$/)){w==o}if(o.indexOf("-----BEGIN ")!=-1){w=h(o)}if(w==null){throw"certissuer param not cert"}var t=new X509();t.hex=w;var y=t.getIssuerHex();u=new l();u.hTLV=y}if(p.certsubj!==undefined){this.type="dn";this.explicit=true;var o=p.certsubj;var w=null;if(o.match(/^[0-9A-Fa-f]+$/)){w==o}if(o.indexOf("-----BEGIN ")!=-1){w=h(o)}if(w==null){throw"certsubj param not cert"}var t=new X509();t.hex=w;var y=t.getSubjectHex();u=new l();u.hTLV=y}if(p.ip!==undefined){this.type="ip";this.explicit=false;var q=p.ip;var s;var n="malformed IP address";if(q.match(/^[0-9.]+[.][0-9.]+$/)){s=intarystrtohex("["+q.split(".").join(",")+"]");if(s.length!==8){throw n}}else{if(q.match(/^[0-9A-Fa-f:]+:[0-9A-Fa-f:]+$/)){s=ipv6tohex(q)}else{if(q.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){s=q}else{throw n}}}u=new j({hex:s})}if(this.type==null){throw"unsupported type in params="+p}this.asn1Obj=new c({explicit:this.explicit,tag:k[this.type],obj:u})};this.getEncodedHex=function(){return this.asn1Obj.getEncodedHex()};if(e!==undefined){this.setByParam(e)}};YAHOO.lang.extend(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e0){var l=b(m.valhex,p[0]);var o=j(l,0);var s=[];for(var n=0;n1){var q=b(m.valhex,p[1]);m.polhex=q}delete m.valhex};this.getESSCertID=function(n){var o={};var m=j(n,0);if(m.length>0){var p=i(n,m[0]);o.hash=p}if(m.length>1){var l=b(n,m[1]);var q=this.getIssuerSerial(l);if(q.serial!=undefined){o.serial=q.serial}if(q.issuer!=undefined){o.issuer=q.issuer}}return o};this.getIssuerSerial=function(p){var q={};var m=j(p,0);var l=b(p,m[0]);var o=h.getGeneralNames(l);var n=o[0].dn;q.issuer=n;var r=i(p,m[1]);q.serial={hex:r};return q};this.getCertificateSet=function(o){var m=j(o,0);var l=[];for(var n=0;n1){var n=this.getPKIStatusInfo(b(m,k[0]));var l=b(m,k[1]);var o=this.getToken(l);o.statusinfo=n;return o}}};this.getToken=function(l){var k=new KJUR.asn1.cms.CMSParser;var m=k.getCMSSignedData(l);this.setTSTInfo(m);return m};this.setTSTInfo=function(k){var n=k.econtent;if(n.type=="tstinfo"){var m=n.content.hex;var l=this.getTSTInfo(m);n.content=l}};this.getTSTInfo=function(q){var w={};var r=h(q,0);var o=g(q,r[1]);w.policy=hextooid(o);var n=b(q,r[2]);w.messageImprint=this.getMessageImprint(n);var t=g(q,r[3]);w.serial={hex:t};var x=g(q,r[4]);w.genTime={str:hextoutf8(x)};var p=0;if(r.length>5&&q.substr(r[5],2)=="30"){var u=b(q,r[5]);w.accuracy=this.getAccuracy(u);p++}if(r.length>5+p&&q.substr(r[5+p],2)=="01"){var y=g(q,r[5+p]);if(y=="ff"){w.ordering=true}p++}if(r.length>5+p&&q.substr(r[5+p],2)=="02"){var m=g(q,r[5+p]);w.nonce={hex:m};p++}if(r.length>5+p&&q.substr(r[5+p],2)=="a0"){var l=b(q,r[5+p]);l="30"+l.substr(2);pGeneralNames=f.getGeneralNames(l);var s=pGeneralNames[0].dn;w.tsa=s;p++}if(r.length>5+p&&q.substr(r[5+p],2)=="a1"){var k=b(q,r[5+p]);k="30"+k.substr(2);var v=f.getExtParamArray(k);w.ext=v;p++}return w};this.getAccuracy=function(p){var q={};var n=h(p,0);for(var o=0;of.length){f=c[d]}}e=e.replace(f,"::");return e.slice(1,-1)}function hextoip(b){var d="malformed hex value";if(!b.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){throw d}if(b.length==8){var c;try{c=parseInt(b.substr(0,2),16)+"."+parseInt(b.substr(2,2),16)+"."+parseInt(b.substr(4,2),16)+"."+parseInt(b.substr(6,2),16);return c}catch(a){throw d}}else{if(b.length==32){return hextoipv6(b)}else{return b}}}function iptohex(f){var j="malformed IP address";f=f.toLowerCase(f);if(f.match(/^[0-9.]+$/)){var b=f.split(".");if(b.length!==4){throw j}var g="";try{for(var e=0;e<4;e++){var h=parseInt(b[e]);g+=("0"+h.toString(16)).slice(-2)}return g}catch(c){throw j}}else{if(f.match(/^[0-9a-f:]+$/)&&f.indexOf(":")!==-1){return ipv6tohex(f)}else{throw j}}}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;bf.length){f=c[d]}}e=e.replace(f,"::");return e.slice(1,-1)}function hextoip(b){var d="malformed hex value";if(!b.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/)){throw d}if(b.length==8){var c;try{c=parseInt(b.substr(0,2),16)+"."+parseInt(b.substr(2,2),16)+"."+parseInt(b.substr(4,2),16)+"."+parseInt(b.substr(6,2),16);return c}catch(a){throw d}}else{if(b.length==32){return hextoipv6(b)}else{return b}}}function iptohex(f){var j="malformed IP address";f=f.toLowerCase(f);if(f.match(/^[0-9.]+$/)){var b=f.split(".");if(b.length!==4){throw j}var g="";try{for(var e=0;e<4;e++){var h=parseInt(b[e]);g+=("0"+h.toString(16)).slice(-2)}return g}catch(c){throw j}}else{if(f.match(/^[0-9a-f:]+$/)&&f.indexOf(":")!==-1){return ipv6tohex(f)}else{throw j}}}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.Util=new function(){this.DIGESTINFOHEAD={sha1:"3021300906052b0e03021a05000414",sha224:"302d300d06096086480165030402040500041c",sha256:"3031300d060960864801650304020105000420",sha384:"3041300d060960864801650304020205000430",sha512:"3051300d060960864801650304020305000440",md2:"3020300c06082a864886f70d020205000410",md5:"3020300c06082a864886f70d020505000410",ripemd160:"3021300906052b2403020105000414",};this.DEFAULTPROVIDER={md5:"cryptojs",sha1:"cryptojs",sha224:"cryptojs",sha256:"cryptojs",sha384:"cryptojs",sha512:"cryptojs",ripemd160:"cryptojs",hmacmd5:"cryptojs",hmacsha1:"cryptojs",hmacsha224:"cryptojs",hmacsha256:"cryptojs",hmacsha384:"cryptojs",hmacsha512:"cryptojs",hmacripemd160:"cryptojs",MD5withRSA:"cryptojs/jsrsa",SHA1withRSA:"cryptojs/jsrsa",SHA224withRSA:"cryptojs/jsrsa",SHA256withRSA:"cryptojs/jsrsa",SHA384withRSA:"cryptojs/jsrsa",SHA512withRSA:"cryptojs/jsrsa",RIPEMD160withRSA:"cryptojs/jsrsa",MD5withECDSA:"cryptojs/jsrsa",SHA1withECDSA:"cryptojs/jsrsa",SHA224withECDSA:"cryptojs/jsrsa",SHA256withECDSA:"cryptojs/jsrsa",SHA384withECDSA:"cryptojs/jsrsa",SHA512withECDSA:"cryptojs/jsrsa",RIPEMD160withECDSA:"cryptojs/jsrsa",SHA1withDSA:"cryptojs/jsrsa",SHA224withDSA:"cryptojs/jsrsa",SHA256withDSA:"cryptojs/jsrsa",MD5withRSAandMGF1:"cryptojs/jsrsa",SHAwithRSAandMGF1:"cryptojs/jsrsa",SHA1withRSAandMGF1:"cryptojs/jsrsa",SHA224withRSAandMGF1:"cryptojs/jsrsa",SHA256withRSAandMGF1:"cryptojs/jsrsa",SHA384withRSAandMGF1:"cryptojs/jsrsa",SHA512withRSAandMGF1:"cryptojs/jsrsa",RIPEMD160withRSAandMGF1:"cryptojs/jsrsa",};this.CRYPTOJSMESSAGEDIGESTNAME={md5:CryptoJS.algo.MD5,sha1:CryptoJS.algo.SHA1,sha224:CryptoJS.algo.SHA224,sha256:CryptoJS.algo.SHA256,sha384:CryptoJS.algo.SHA384,sha512:CryptoJS.algo.SHA512,ripemd160:CryptoJS.algo.RIPEMD160};this.getDigestInfoHex=function(a,b){if(typeof this.DIGESTINFOHEAD[b]=="undefined"){throw"alg not supported in Util.DIGESTINFOHEAD: "+b}return this.DIGESTINFOHEAD[b]+a};this.getPaddedDigestInfoHex=function(h,a,j){var c=this.getDigestInfoHex(h,a);var d=j/4;if(c.length+22>d){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f=0;--u){v=v.twice2D();v.z=f.ONE;if(t.testBit(u)){if(s.testBit(u)){v=v.add2D(y)}else{v=v.add2D(x)}}else{if(s.testBit(u)){v=v.add2D(w)}}}return v}this.getBigRandom=function(r){return new f(r.bitLength(),a).mod(r.subtract(f.ONE)).add(f.ONE)};this.setNamedCurve=function(r){this.ecparams=c.getByName(r);this.prvKeyHex=null;this.pubKeyHex=null;this.curveName=r};this.setPrivateKeyHex=function(r){this.isPrivate=true;this.prvKeyHex=r};this.setPublicKeyHex=function(r){this.isPublic=true;this.pubKeyHex=r};this.getPublicKeyXYHex=function(){var t=this.pubKeyHex;if(t.substr(0,2)!=="04"){throw"this method supports uncompressed format(04) only"}var s=this.ecparams.keylen/4;if(t.length!==2+s*2){throw"malformed public key hex length"}var r={};r.x=t.substr(2,s);r.y=t.substr(2+s);return r};this.getShortNISTPCurveName=function(){var r=this.curveName;if(r==="secp256r1"||r==="NIST P-256"||r==="P-256"||r==="prime256v1"){return"P-256"}if(r==="secp384r1"||r==="NIST P-384"||r==="P-384"){return"P-384"}return null};this.generateKeyPairHex=function(){var t=this.ecparams.n;var w=this.getBigRandom(t);var u=this.ecparams.G.multiply(w);var z=u.getX().toBigInteger();var x=u.getY().toBigInteger();var r=this.ecparams.keylen/4;var v=("0000000000"+w.toString(16)).slice(-r);var A=("0000000000"+z.toString(16)).slice(-r);var y=("0000000000"+x.toString(16)).slice(-r);var s="04"+A+y;this.setPrivateKeyHex(v);this.setPublicKeyHex(s);return{ecprvhex:v,ecpubhex:s}};this.signWithMessageHash=function(r){return this.signHex(r,this.prvKeyHex)};this.signHex=function(x,u){var A=new f(u,16);var v=this.ecparams.n;var z=new f(x.substring(0,this.ecparams.keylen/4),16);do{var w=this.getBigRandom(v);var B=this.ecparams.G;var y=B.multiply(w);var t=y.getX().toBigInteger().mod(v)}while(t.compareTo(f.ZERO)<=0);var C=w.modInverse(v).multiply(z.add(A.multiply(t))).mod(v);return m.biRSSigToASN1Sig(t,C)};this.sign=function(w,B){var z=B;var u=this.ecparams.n;var y=f.fromByteArrayUnsigned(w);do{var v=this.getBigRandom(u);var A=this.ecparams.G;var x=A.multiply(v);var t=x.getX().toBigInteger().mod(u)}while(t.compareTo(BigInteger.ZERO)<=0);var C=v.modInverse(u).multiply(y.add(z.multiply(t))).mod(u);return this.serializeSig(t,C)};this.verifyWithMessageHash=function(s,r){return this.verifyHex(s,r,this.pubKeyHex)};this.verifyHex=function(v,y,u){try{var t,B;var w=m.parseSigHex(y);t=w.r;B=w.s;var x=h.decodeFromHex(this.ecparams.curve,u);var z=new f(v.substring(0,this.ecparams.keylen/4),16);return this.verifyRaw(z,t,B,x)}catch(A){return false}};this.verify=function(z,A,u){var w,t;if(Bitcoin.Util.isArray(A)){var y=this.parseSig(A);w=y.r;t=y.s}else{if("object"===typeof A&&A.r&&A.s){w=A.r;t=A.s}else{throw"Invalid value for signature"}}var v;if(u instanceof ECPointFp){v=u}else{if(Bitcoin.Util.isArray(u)){v=h.decodeFrom(this.ecparams.curve,u)}else{throw"Invalid format for pubkey value, must be byte array or ECPointFp"}}var x=f.fromByteArrayUnsigned(z);return this.verifyRaw(x,w,t,v)};this.verifyRaw=function(z,t,E,y){var x=this.ecparams.n;var D=this.ecparams.G;if(t.compareTo(f.ONE)<0||t.compareTo(x)>=0){return false}if(E.compareTo(f.ONE)<0||E.compareTo(x)>=0){return false}var A=E.modInverse(x);var w=z.multiply(A).mod(x);var u=t.multiply(A).mod(x);var B=D.multiply(w).add(y.multiply(u));var C=B.getX().toBigInteger().mod(x);return C.equals(t)};this.serializeSig=function(v,u){var w=v.toByteArraySigned();var t=u.toByteArraySigned();var x=[];x.push(2);x.push(w.length);x=x.concat(w);x.push(2);x.push(t.length);x=x.concat(t);x.unshift(x.length);x.unshift(48);return x};this.parseSig=function(y){var x;if(y[0]!=48){throw new Error("Signature not a valid DERSequence")}x=2;if(y[x]!=2){throw new Error("First element in signature must be a DERInteger")}var w=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];if(y[x]!=2){throw new Error("Second element in signature must be a DERInteger")}var t=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];var v=f.fromByteArrayUnsigned(w);var u=f.fromByteArrayUnsigned(t);return{r:v,s:u}};this.parseSigCompact=function(w){if(w.length!==65){throw"Signature has the wrong length"}var t=w[0]-27;if(t<0||t>7){throw"Invalid signature type"}var x=this.ecparams.n;var v=f.fromByteArrayUnsigned(w.slice(1,33)).mod(x);var u=f.fromByteArrayUnsigned(w.slice(33,65)).mod(x);return{r:v,s:u,i:t}};this.readPKCS5PrvKeyHex=function(u){if(k(u)===false){throw new Error("not ASN.1 hex string")}var r,t,v;try{r=n(u,0,["[0]",0],"06");t=n(u,0,[1],"04");try{v=n(u,0,["[1]",0],"03")}catch(s){}}catch(s){throw new Error("malformed PKCS#1/5 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v);this.setPrivateKeyHex(t);this.isPublic=false};this.readPKCS8PrvKeyHex=function(v){if(k(v)===false){throw new j("not ASN.1 hex string")}var t,r,u,w;try{t=n(v,0,[1,0],"06");r=n(v,0,[1,1],"06");u=n(v,0,[2,0,1],"04");try{w=n(v,0,[2,0,"[1]",0],"03")}catch(s){}}catch(s){throw new j("malformed PKCS#8 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(w);this.setPrivateKeyHex(u);this.isPublic=false};this.readPKCS8PubKeyHex=function(u){if(k(u)===false){throw new j("not ASN.1 hex string")}var t,r,v;try{t=n(u,0,[0,0],"06");r=n(u,0,[0,1],"06");v=n(u,0,[1],"03")}catch(s){throw new j("malformed PKCS#8 ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v)};this.readCertPubKeyHex=function(t,v){if(k(t)===false){throw new j("not ASN.1 hex string")}var r,u;try{r=n(t,0,[0,5,0,1],"06");u=n(t,0,[0,5,1],"03")}catch(s){throw new j("malformed X.509 certificate ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(u)};if(e!==undefined){if(e.curve!==undefined){this.curveName=e.curve}}if(this.curveName===undefined){this.curveName=g}this.setNamedCurve(this.curveName);if(e!==undefined){if(e.prv!==undefined){this.setPrivateKeyHex(e.prv)}if(e.pub!==undefined){this.setPublicKeyHex(e.pub)}}};KJUR.crypto.ECDSA.parseSigHex=function(a){var b=KJUR.crypto.ECDSA.parseSigHexInHexRS(a);var d=new BigInteger(b.r,16);var c=new BigInteger(b.s,16);return{r:d,s:c}};KJUR.crypto.ECDSA.parseSigHexInHexRS=function(f){var j=ASN1HEX,i=j.getChildIdx,g=j.getV;j.checkStrictDER(f,0);if(f.substr(0,2)!="30"){throw new Error("signature is not a ASN.1 sequence")}var h=i(f,0);if(h.length!=2){throw new Error("signature shall have two elements")}var e=h[0];var d=h[1];if(f.substr(e,2)!="02"){throw new Error("1st item not ASN.1 integer")}if(f.substr(d,2)!="02"){throw new Error("2nd item not ASN.1 integer")}var c=g(f,e);var b=g(f,d);return{r:c,s:b}};KJUR.crypto.ECDSA.asn1SigToConcatSig=function(c){var d=KJUR.crypto.ECDSA.parseSigHexInHexRS(c);var b=d.r;var a=d.s;if(b.substr(0,2)=="00"&&(b.length%32)==2){b=b.substr(2)}if(a.substr(0,2)=="00"&&(a.length%32)==2){a=a.substr(2)}if((b.length%32)==30){b="00"+b}if((a.length%32)==30){a="00"+a}if(b.length%32!=0){throw"unknown ECDSA sig r length error"}if(a.length%32!=0){throw"unknown ECDSA sig s length error"}return b+a};KJUR.crypto.ECDSA.concatSigToASN1Sig=function(a){if((((a.length/2)*8)%(16*8))!=0){throw"unknown ECDSA concatinated r-s sig length error"}var c=a.substr(0,a.length/2);var b=a.substr(a.length/2);return KJUR.crypto.ECDSA.hexRSSigToASN1Sig(c,b)};KJUR.crypto.ECDSA.hexRSSigToASN1Sig=function(b,a){var d=new BigInteger(b,16);var c=new BigInteger(a,16);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(d,c)};KJUR.crypto.ECDSA.biRSSigToASN1Sig=function(f,d){var c=KJUR.asn1;var b=new c.DERInteger({bigint:f});var a=new c.DERInteger({bigint:d});var e=new c.DERSequence({array:[b,a]});return e.getEncodedHex()};KJUR.crypto.ECDSA.getName=function(a){if(a==="2b8104001f"){return"secp192k1"}if(a==="2a8648ce3d030107"){return"secp256r1"}if(a==="2b8104000a"){return"secp256k1"}if(a==="2b81040021"){return"secp224r1"}if(a==="2b81040022"){return"secp384r1"}if("|secp256r1|NIST P-256|P-256|prime256v1|".indexOf(a)!==-1){return"secp256r1"}if("|secp256k1|".indexOf(a)!==-1){return"secp256k1"}if("|secp224r1|NIST P-224|P-224|".indexOf(a)!==-1){return"secp224r1"}if("|secp384r1|NIST P-384|P-384|".indexOf(a)!==-1){return"secp384r1"}return null}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.ECParameterDB=new function(){var b={};var c={};function a(d){return new BigInteger(d,16)}this.getByName=function(e){var d=e;if(typeof c[d]!="undefined"){d=c[e]}if(typeof b[d]!="undefined"){return b[d]}throw"unregistered EC curve name: "+d};this.regist=function(A,l,o,g,m,e,j,f,k,u,d,x){b[A]={};var s=a(o);var z=a(g);var y=a(m);var t=a(e);var w=a(j);var r=new ECCurveFp(s,z,y);var q=r.decodePointHex("04"+f+k);b[A]["name"]=A;b[A]["keylen"]=l;b[A]["curve"]=r;b[A]["G"]=q;b[A]["n"]=t;b[A]["h"]=w;b[A]["oid"]=d;b[A]["info"]=x;for(var v=0;v=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+A.length}if(w(y,A[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=z(y,A[1]);if(A.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=z(y,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length}if(w(y,s[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=z(y,s[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=u(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=u(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw"unsupported private key algorithm"}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw"unsupported PKCS#8 public key hex"}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=t(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var w=r[0];if(t.substr(w,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=u(t,w);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(t.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keylen/4;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw"unsupported PKCS#1/5 hexadecimal key"}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+f}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var G=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return G}function B(G){var s=l({seq:[{"int":1},{octstr:{hex:G.prvKeyHex}},{tag:["a0",true,{oid:{name:G.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+G.pubKeyHex}}]}]});return s}function x(s){var G=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return G}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.getEncodedHex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.getEncodedHex();var h=B(b);var t=h.getEncodedHex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.getEncodedHex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(G,s){var I=c(G,s);var H=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:I.pbkdf2Salt}},{"int":I.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:I.encryptionSchemeIV}}]}]}]},{octstr:{hex:I.ciphertext}}]});return H.getEncodedHex()};var c=function(N,O){var H=100;var M=CryptoJS.lib.WordArray.random(8);var L="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var I=CryptoJS.PBKDF2(O,M,{keySize:192/32,iterations:H});var J=CryptoJS.enc.Hex.parse(N);var K=CryptoJS.TripleDES.encrypt(J,I,{iv:s})+"";var G={};G.ciphertext=K;G.pbkdf2Salt=CryptoJS.enc.Hex.stringify(M);G.pbkdf2Iter=H;G.encryptionSchemeAlg=L;G.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return G};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var g=new l({seq:[{"int":1},{octstr:{hex:b.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]}]});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.getEncodedHex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.getEncodedHex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var e=f(g,0);if(e.length<1){throw"malformed CSR(code:002)"}if(g.substr(e[0],2)!="30"){throw"malformed CSR(code:003)"}var a=f(g,e[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWKFromKey=function(d){var b={};if(d instanceof RSAKey&&d.isPrivate){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));b.d=hextob64u(d.d.toString(16));b.p=hextob64u(d.p.toString(16));b.q=hextob64u(d.q.toString(16));b.dp=hextob64u(d.dmp1.toString(16));b.dq=hextob64u(d.dmq1.toString(16));b.qi=hextob64u(d.coeff.toString(16));return b}else{if(d instanceof RSAKey&&d.isPublic){b.kty="RSA";b.n=hextob64u(d.n.toString(16));b.e=hextob64u(d.e.toString(16));return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPrivate){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);b.d=hextob64u(d.prvKeyHex);return b}else{if(d instanceof KJUR.crypto.ECDSA&&d.isPublic){var a=d.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"){throw"unsupported curve name for JWT: "+a}var c=d.getPublicKeyXYHex();b.kty="EC";b.crv=a;b.x=hextob64u(c.x);b.y=hextob64u(c.y);return b}}}}throw"not supported key object"}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w1){var z=b(v,u[1]);var t=this.getGeneralName(z);if(t.uri!=undefined){s.uri=t.uri}}if(u.length>2){var w=b(v,u[2]);if(w=="0101ff"){s.reqauth=true}if(w=="010100"){s.reqauth=false}}return s};this.getX500NameRule=function(s){var z=true;var D=true;var C=false;var t="";var w="";var F=null;var A=[];for(var v=0;v0){s.ext=this.getExtParamArray()}s.sighex=this.getSignatureValueHex();return s};this.getExtParamArray=function(t){if(t==undefined){var v=e(this.hex,0,[0,"[3]"]);if(v!=-1){t=l(this.hex,0,[0,"[3]",0],"30")}}var s=[];var u=n(t,0);for(var w=0;w0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; exports.SecureRandom = SecureRandom; diff --git a/npm/package.json b/npm/package.json index ba41c153..308a4401 100755 --- a/npm/package.json +++ b/npm/package.json @@ -1,6 +1,6 @@ { "name": "jsrsasign", - "version": "10.0.5", + "version": "10.1.0", "description": "opensource free pure JavaScript cryptographic library supports RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp and CAdES and JSON Web Signature(JWS)/Token(JWT)/Key(JWK).", "main": "lib/jsrsasign.js", "scripts": { diff --git a/src/asn1-1.0.js b/src/asn1-1.0.js index b46a47f2..8aa5aa10 100644 --- a/src/asn1-1.0.js +++ b/src/asn1-1.0.js @@ -1,4 +1,4 @@ -/* asn1-1.0.20.js (c) 2013-2020 Kenji Urushima | kjur.github.com/jsrsasign/license +/* asn1-1.0.21.js (c) 2013-2020 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * asn1.js - ASN.1 DER encoder classes @@ -16,7 +16,7 @@ * @fileOverview * @name asn1-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 10.0.1 asn1 1.0.20 (2020-Oct-11) + * @version jsrsasign 10.1.0 asn1 1.0.21 (2020-Nov-18) * @since jsrsasign 2.1 * @license MIT License */ @@ -368,7 +368,7 @@ KJUR.asn1.ASN1Util.oidHexToInt = function(hex) { }; /** - * get hexadecimal value of object identifier from dot noted oid value + * get hexadecimal value of object identifier from dot noted oid value (DEPRECATED) * @name oidIntToHex * @memberOf KJUR.asn1.ASN1Util * @function @@ -376,6 +376,8 @@ KJUR.asn1.ASN1Util.oidHexToInt = function(hex) { * @return {String} hexadecimal value of object identifier * @since jsrsasign 4.8.3 asn1 1.0.7 * @see {@link ASN1HEX.hextooidstr} + * @deprecated from jsrsasign 10.0.6. please use {@link oidtohex} + * * @description * This static method converts from object identifier value string. * to hexadecimal string representation of it. @@ -1135,6 +1137,8 @@ YAHOO.lang.extend(KJUR.asn1.DERNull, KJUR.asn1.ASN1Object); * @class class for ASN.1 DER ObjectIdentifier * @param {Object} JSON object or string of parameters (ex. {'oid': '2.5.4.5'}) * @extends KJUR.asn1.ASN1Object + * @see oidtohex + * * @description *
    * As for argument 'params' for constructor, you can specify one of @@ -1152,28 +1156,6 @@ YAHOO.lang.extend(KJUR.asn1.DERNull, KJUR.asn1.ASN1Object); * new DERObjectIdentifier("SHA1withRSA") */ KJUR.asn1.DERObjectIdentifier = function(params) { - var itox = function(i) { - var h = i.toString(16); - if (h.length == 1) h = '0' + h; - return h; - }; - var roidtox = function(roid) { - var h = ''; - var bi = new BigInteger(roid, 10); - var b = bi.toString(2); - var padLen = 7 - b.length % 7; - if (padLen == 7) padLen = 0; - var bPad = ''; - for (var i = 0; i < padLen; i++) bPad += '0'; - b = bPad + b; - for (var i = 0; i < b.length - 1; i += 7) { - var b8 = b.substr(i, 7); - if (i != b.length - 7) b8 = '1' + b8; - h += itox(parseInt(b8, 2)); - } - return h; - } - KJUR.asn1.DERObjectIdentifier.superclass.constructor.call(this); this.hT = "06"; @@ -1202,17 +1184,9 @@ KJUR.asn1.DERObjectIdentifier = function(params) { * o.setValueOidString("2.5.4.13"); */ this.setValueOidString = function(oidString) { - if (! oidString.match(/^[0-9.]+$/)) { + var h = oidtohex(oidString); + if (h == null) throw new Error("malformed oid string: " + oidString); - } - var h = ''; - var a = oidString.split('.'); - var i0 = parseInt(a[0]) * 40 + parseInt(a[1]); - h += itox(i0); - a.splice(0, 2); - for (var i = 0; i < a.length; i++) { - h += roidtox(a[i]); - } this.hTLV = null; this.isModified = true; this.s = null; diff --git a/src/asn1cms-1.0.js b/src/asn1cms-1.0.js index b499c091..289315db 100644 --- a/src/asn1cms-1.0.js +++ b/src/asn1cms-1.0.js @@ -1,4 +1,4 @@ -/* asn1cms-2.0.0.js (c) 2013-2020 Kenji Urushima | kjur.github.io/jsrsasign/license +/* asn1cms-2.0.1.js (c) 2013-2020 Kenji Urushima | kjur.github.io/jsrsasign/license */ /* * asn1cms.js - ASN.1 DER encoder and verifier classes for Cryptographic Message Syntax(CMS) @@ -16,7 +16,7 @@ * @fileOverview * @name asn1cms-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 10.0.0 asn1cms 2.0.0 (2020-Sep-22) + * @version jsrsasign 10.1.0 asn1cms 2.0.1 (2020-Nov-18) * @since jsrsasign 4.2.4 * @license MIT License */ @@ -860,7 +860,7 @@ YAHOO.lang.extend(KJUR.asn1.cms.SignerIdentifier, KJUR.asn1.ASN1Object); * @example * // specify by X500Name and DERInteger * o = new KJUR.asn1.cms.IssuerAndSerialNumber( - * {issuer: {str: '/C=US/O=T1'}, serial {int: 3}}); + * {issuer: {str: '/C=US/O=T1'}, serial: {int: 3}}); * // specify by PEM certificate * o = new KJUR.asn1.cms.IssuerAndSerialNumber({cert: certPEM}); * o = new KJUR.asn1.cms.IssuerAndSerialNumber(certPEM); // since 1.0.3 @@ -2239,3 +2239,817 @@ KJUR.asn1.cms.CMSUtil.verifySignedData = function(param) { return result; }; + +/** + * class for parsing CMS SignedData
    + * @name KJUR.asn1.cms.CMSParser + * @class CMS SignedData parser class + * @since jsrsasign 10.1.0 asn1cms 2.0.1 + * + * @description + * This is an ASN.1 parser for CMS SignedData defined in + * RFC 5652 + * Cryptographic Message Syntax (CMS). + * 
    + * ContentInfo ::= SEQUENCE {
+ *    contentType ContentType,
+ *    content [0] EXPLICIT ANY DEFINED BY contentType }
+ * ContentType ::= OBJECT IDENTIFIER
+ * SignedData ::= SEQUENCE {
+ *    version CMSVersion,
+ *    digestAlgorithms DigestAlgorithmIdentifiers,
+ *    encapContentInfo EncapsulatedContentInfo,
+ *    certificates [0] IMPLICIT CertificateSet OPTIONAL,
+ *    crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
+ *    signerInfos SignerInfos }
+ * SignerInfos ::= SET OF SignerInfo
+ * CertificateSet ::= SET OF CertificateChoices
+ * DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
+ * CertificateSet ::= SET OF CertificateChoices
+ * RevocationInfoChoices ::= SET OF RevocationInfoChoice
+ *
    + */ +KJUR.asn1.cms.CMSParser = function() { + var _Error = Error, + _X509 = X509, + _x509obj = new _X509(), + _ASN1HEX = ASN1HEX, + _getV = _ASN1HEX.getV, + _getTLV = _ASN1HEX.getTLV, + _getIdxbyList = _ASN1HEX.getIdxbyList, + _getTLVbyList = _ASN1HEX.getTLVbyList, + _getTLVbyListEx = _ASN1HEX.getTLVbyListEx, + _getVbyList = _ASN1HEX.getVbyList, + _getChildIdx = _ASN1HEX.getChildIdx; + + /** + * parse ASN.1 ContentInfo with SignedData
    + * @name getCMSSignedData + * @memberOf KJUR.asn1.cms.CMSParser# + * @function + * @param {String} h hexadecimal string of ASN.1 ContentInfo with SignedData + * @return {Array} array of JSON object of SignedData parameter + * @see KJUR.asn1.cms.SignedData + * @see KJUR.asn1.cms.CMSParser#getSignedData + * + * @description + * This method parses ASN.1 ContentInfo with SignedData defined in + * RFC 5652 + * section 3 + * and + * section 5. + * The result parameter can be passed to + * {@link KJUR.asn1.cms.SignedData} constructor. + * + * @example + * parser = new KJUR.asn1.cms.CMSParser(); + * parser.getCMSSignedData("30...") → + * { + * version: 1, + * hashalgs: ["sha1"], + * econtent: { + * type: "data", + * content: {hex:"616161"} + * }, + * certs: [PEM1,...], + * sinfos: [{ + * version: 1, + * id: {type:'isssn',issuer:{str:'/C=US/O=T1'},serial:{int: 1}}, + * hashalg: "sha1", + * sattrs: {array: [{ + * attr: "contentType", + * type: '1.2.840.113549.1.7.1' + * },{ + * attr: "messageDigest", + * hex: 'abcd' + * }]}, + * sigalg: "SHA1withRSA", + * sighex: "1234abcd..." + * }] + * } + */ + this.getCMSSignedData = function(h) { + var hSignedData = _getTLVbyList(h, 0, [1, 0]); + var pResult = this.getSignedData(hSignedData); + return pResult; + }; + + /** + * parse ASN.1 SignedData
    + * @name getSignedData + * @memberOf KJUR.asn1.cms.CMSParser# + * @function + * @param {String} h hexadecimal string of ASN.1 SignedData + * @return {Array} array of JSON object of SignedData parameter + * @see KJUR.asn1.cms.SignedData + * @see KJUR.asn1.cms.CMSParser#getSignedData + * + * @description + * This method parses ASN.1 SignedData defined in + * RFC 5652 + * section 5. + * The result parameter can be passed to + * {@link KJUR.asn1.cms.SignedData} constructor. + * + * @example + * parser = new KJUR.asn1.cms.CMSParser(); + * parser.getSignedData("30...") + */ + this.getSignedData = function(h) { + var aIdx = _getChildIdx(h, 0); + var pResult = {}; + + var hVersion = _getV(h, aIdx[0]); + var iVersion = parseInt(hVersion, 16); + pResult.version = iVersion; + + var hHashAlgs = _getTLV(h, aIdx[1]); + pResult.hashalgs = this.getHashAlgArray(hHashAlgs); + + var hEContent = _getTLV(h, aIdx[2]); + pResult.econtent = this.getEContent(hEContent); + + var hCerts = _getTLVbyListEx(h, 0, ["[0]"]); + if (hCerts != null) { + pResult.certs = this.getCertificateSet(hCerts); + } + + // RevocationInfoChoices not supported yet + var hRevInfos = _getTLVbyListEx(h, 0, ["[1]"]); + if (hRevInfos != null) { + } + + var hSignerInfos = _getTLVbyListEx(h, 0, [3]); + pResult.sinfos = this.getSignerInfos(hSignerInfos); + + return pResult; + }; + + /** + * parse ASN.1 DigestAlgorithmIdentifiers
    + * @name getHashAlgArray + * @memberOf KJUR.asn1.cms.CMSParser# + * @function + * @param {String} h hexadecimal string of ASN.1 DigestAlgorithmIdentifiers + * @return {Array} array of JSON object of digest algorithm names + * @see KJUR.asn1.cms.SignedData + * @see KJUR.asn1.cms.CMSParser#getSignedData + * + * @description + * This method parses ASN.1 SignedData defined in + * RFC 5652 + * + * section 5.1. + * + * @example + * parser = new KJUR.asn1.cms.CMSParser(); + * parser.getHashAlgArray("30...") → ["sha256"] + */ + this.getHashAlgArray = function(h) { + var aIdx = _getChildIdx(h, 0); + var x = new _X509(); + var a = []; + for (var i = 0; i < aIdx.length; i++) { + var hAlg = _getTLV(h, aIdx[i]); + var sAlg = x.getAlgorithmIdentifierName(hAlg); + a.push(sAlg); + } + return a; + }; + + /** + * parse ASN.1 EncapsulatedContentInfo
    + * @name getEContent + * @memberOf KJUR.asn1.cms.CMSParser# + * @function + * @param {String} h hexadecimal string of ASN.1 EncapsulatedContentInfo + * @return {Array} array of JSON object of EncapsulatedContentInfo parameter + * @see KJUR.asn1.cms.EncapsulatedContentInfo + * @see KJUR.asn1.cms.CMSParser#getSignedData + * + * @description + * This method parses ASN.1 SignedData defined in + * RFC 5652 + * + * section 5. + * The result parameter can be passed to + * {@link KJUR.asn1.cms.EncapsulatedContentInfo} constructor. + * + * @example + * parser = new KJUR.asn1.cms.CMSParser(); + * parser.getEContent("30...") → + * {type: "tstinfo", content: {hex: "30..."}} + */ + this.getEContent = function(h) { + var pResult = {}; + var hType = _getVbyList(h, 0, [0]); + var hContent = _getVbyList(h, 0, [1, 0]); + pResult.type = KJUR.asn1.x509.OID.oid2name(ASN1HEX.hextooidstr(hType)); + pResult.content = {hex: hContent}; + return pResult; + }; + + /** + * parse ASN.1 SignerInfos
    + * @name getSignerInfos + * @memberOf KJUR.asn1.cms.CMSParser# + * @function + * @param {String} h hexadecimal string of ASN.1 SignerInfos + * @return {Array} array of JSON object of SignerInfos parameter + * @see KJUR.asn1.cms.SignerInfos + * @see KJUR.asn1.cms.CMSParser#getSignedData + * + * @description + * This method parses ASN.1 SignerInfos defined in + * RFC 5652 + * + * section 5. + * + * @example + * parser = new KJUR.asn1.cms.CMSParser(); + * parser.getSignerInfos("30...") → + * [{ + * version: 1, + * id: {type: 'isssn', issuer: {str: '/C=US/O=T1'}, serial: {int: 1}}, + * hashalg: "sha1", + * sattrs: {array: [{ + * attr: "contentType", + * type: '1.2.840.113549.1.7.1' + * },{ + * attr: "messageDigest", + * hex: 'a1a2a3a4a5a6a7a8a9a0a1a2a3a4a5a6a7a8a9a0' + * }]}, + * sigalg: "SHA1withRSA", + * sighex: 'b1b2b...' + * }] + */ + this.getSignerInfos = function(h) { + var aResult = []; + + var aIdx = _getChildIdx(h, 0); + for (var i = 0; i < aIdx.length; i++) { + var hSignerInfo = _getTLV(h, aIdx[i]); + var pSignerInfo = this.getSignerInfo(hSignerInfo); + aResult.push(pSignerInfo); + } + + return aResult; + }; + + /** + * parse ASN.1 SignerInfo
    + * @name getSignerInfo + * @memberOf KJUR.asn1.cms.CMSParser# + * @function + * @param {String} h hexadecimal string of ASN.1 SignerInfo + * @return {Array} array of JSON object of SignerInfo parameter + * @see KJUR.asn1.cms.SignerInfo + * @see KJUR.asn1.cms.CMSParser#getSignedData + * + * @description + * This method parses ASN.1 SignerInfos defined in + * RFC 5652 + * + * section 5. + * 
    +     * SignerInfo ::= SEQUENCE {
+     *    version CMSVersion,
+     *    sid SignerIdentifier,
+     *    digestAlgorithm DigestAlgorithmIdentifier,
+     *    signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
+     *    signatureAlgorithm SignatureAlgorithmIdentifier,
+     *    signature SignatureValue,
+     *    unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
+     *
    + * The result parameter can be passed to + * {@link KJUR.asn1.cms.SignerInfo} constructor. + * + * @example + * parser = new KJUR.asn1.cms.CMSParser(); + * parser.getSignerInfos("30...") → + * [{ + * version: 1, + * id: {type: 'isssn', issuer: {str: '/C=US/O=T1'}, serial: {int: 1}}, + * hashalg: "sha1", + * sattrs: {array: [{ + * attr: "contentType", + * type: '1.2.840.113549.1.7.1' + * },{ + * attr: "messageDigest", + * hex: 'a1a2a3a4a5a6a7a8a9a0a1a2a3a4a5a6a7a8a9a0' + * }]}, + * sigalg: "SHA1withRSA", + * sighex: 'b1b2b...' + * }] + */ + this.getSignerInfo = function(h) { + var pResult = {}; + var aIdx = _getChildIdx(h, 0); + + var iVersion = _ASN1HEX.getInt(h, aIdx[0], -1); + if (iVersion != -1) pResult.version = iVersion; + + var hSI = _getTLV(h, aIdx[1]); + var pSI = this.getIssuerAndSerialNumber(hSI); + pResult.id = pSI; + + var hAlg = _getTLV(h, aIdx[2]); + //alert(hAlg); + var sAlg = _x509obj.getAlgorithmIdentifierName(hAlg); + pResult.hashalg = sAlg; + + var hSattrs = _getTLVbyListEx(h, 0, ["[0]"]); + if (hSattrs != null) { + var aSattrs = this.getAttributeArray(hSattrs); + pResult.sattrs = aSattrs; + } + + var hSigAlg = _getTLVbyListEx(h, 0, [3]); + var sSigAlg = _x509obj.getAlgorithmIdentifierName(hSigAlg); + pResult.sigalg = sSigAlg; + + var hSigHex = _getTLVbyListEx(h, 0, [4]); + pResult.sighex = hSigHex; + + var hUattrs = _getTLVbyListEx(h, 0, ["[1]"]); + if (hUattrs != null) { + var aUattrs = this.getAttributeArray(hUattrs); + pResult.uattrs = aUattrs; + } + + return pResult; + }; + + /** + * parse ASN.1 SignerIdentifier
    + * @name getSignerIdentifier + * @memberOf KJUR.asn1.cms.CMSParser# + * @function + * @param {String} h hexadecimal string of ASN.1 SignerIdentifier + * @return {Array} array of JSON object of SignerIdentifier parameter + * @see KJUR.asn1.cms.SignerInfo + * @see KJUR.asn1.cms.SignerIdentifier + * @see KJUR.asn1.cms.CMSParser#getSignedData + * + * @description + * This method parses ASN.1 SignerIdentifier defined in + * RFC 5652 + * + * section 5. + * + * @example + * parser = new KJUR.asn1.cms.CMSParser(); + * parser.getSignerIdentifier("30...") → + * { type: "isssn", + * issuer: { + * array: [[{type:"C",value:"JP",ds:"prn"},...]] + * str: '/C=US/O=T1' + * }, + * serial: {int: 1} } + */ + this.getSignerIdentifier = function(h) { + if (h.substr(0, 2) == "30") { + return this.getIssuerAndSerialNumber(h); + } else { + throw new Error("SKID of signerIdentifier not supported"); + } + }; + + /** + * parse ASN.1 IssuerAndSerialNumber
    + * @name getIssuerAndSerialNumber + * @memberOf KJUR.asn1.cms.CMSParser# + * @function + * @param {String} h hexadecimal string of ASN.1 IssuerAndSerialNumber + * @return {Array} array of JSON object of IssuerAndSerialNumber parameter + * @see KJUR.asn1.cms.SignerInfo + * @see KJUR.asn1.cms.CMSParser#getSignedData + * + * @description + * This method parses ASN.1 IssuerAndSerialNumber defined in + * RFC 5652 + * + * section 5. + * + * @example + * parser = new KJUR.asn1.cms.CMSParser(); + * parser.getIssuerAndSerialNumber("30...") → + * { type: "isssn", + * issuer: { + * array: [[{type:"C",value:"JP",ds:"prn"},...]] + * str: '/C=US/O=T1' + * }, + * serial: {int: 1} } + */ + this.getIssuerAndSerialNumber = function(h) { + var pResult = {type: "isssn"}; + + var aIdx = _getChildIdx(h, 0); + + var hName = _getTLV(h, aIdx[0]); + pResult.issuer = _x509obj.getX500Name(hName); + + var hSerial = _getV(h, aIdx[1]); + pResult.serial = {hex: hSerial}; + + return pResult; + }; + + /** + * parse ASN.1 SET OF Attributes
    + * @name getAttributeArray + * @memberOf KJUR.asn1.cms.CMSParser# + * @function + * @param {String} h hexadecimal string of ASN.1 SET OF Attribute + * @return {Array} array of JSON object of Attribute parameter + * @see KJUR.asn1.cms.SignerInfo + * @see KJUR.asn1.cms.CMSParser#getAttribute + * + * @description + * This method parses ASN.1 SET OF Attribute defined in + * RFC 5652 + * + * section 5. + * This can be used for SignedAttributes and UnsignedAttributes. + * + * @example + * parser = new KJUR.asn1.cms.CMSParser(); + * parser.getAttributeArray("30...") → + * [{attr: "contentType", type: "tstinfo"}, + * {attr: "messageDigest", hex: "1234abcd..."}] + */ + this.getAttributeArray = function(h) { + var aResult = []; + + var aIdx = _getChildIdx(h, 0); + for (var i = 0; i < aIdx.length; i++) { + var hAttr = _getTLV(h, aIdx[i]); + var pAttr = this.getAttribute(hAttr); + aResult.push(pAttr); + } + + return aResult; + }; + + /** + * parse ASN.1 Attributes
    + * @name getAttribute + * @memberOf KJUR.asn1.cms.CMSParser# + * @function + * @param {String} h hexadecimal string of ASN.1 Attribute + * @return {Array} array of JSON object of Attribute parameter + * @see KJUR.asn1.cms.SignerInfo + * @see KJUR.asn1.cms.CMSParser#getAttributeArray + * + * @description + * This method parses ASN.1 Attribute defined in + * RFC 5652 + * + * section 5. + * Following attribute type are supported in the + * latest version: + *
      + *
    • contentType
      • + *
    • messageDigest
      • + *
    • signingTime
      • + *
    • signingCertificate
      • + *
    + * + * @example + * parser = new KJUR.asn1.cms.CMSParser(); + * parser.getAttribute("30...") → + * {attr: "contentType", type: "tstinfo"} + */ + this.getAttribute = function(h) { + var pResult = {}; + var aIdx = _getChildIdx(h, 0); + + var attrTypeOID = _ASN1HEX.getOID(h, aIdx[0]); + var attrType = KJUR.asn1.x509.OID.oid2name(attrTypeOID); + pResult.attr = attrType; + + var hSet = _getTLV(h, aIdx[1]); + var aSetIdx = _getChildIdx(hSet, 0); + if (aSetIdx.length == 1) { + pResult.valhex = _getTLV(hSet, aSetIdx[0]); + } else { + var a = []; + for (var i = 0; i < aSetIdx.length; i++) { + a.push(_getTLV(hSet, aSetIdx[i])); + } + pResult.valhex = a; + } + + if (attrType == "contentType") { + this.setContentType(pResult); + } else if (attrType == "messageDigest") { + this.setMessageDigest(pResult); + } else if (attrType == "signingTime") { + this.setSigningTime(pResult); + } else if (attrType == "signingCertificate") { + this.setSigningCertificate(pResult); + } + + return pResult; + }; + + /** + * set ContentType attribute
    + * @name setContentType + * @memberOf KJUR.asn1.cms.CMSParser# + * @function + * @param {Array} pAttr JSON object of attribute parameter + * @see KJUR.asn1.cms.CMSParser#getAttribute + * + * @description + * This sets an attribute as ContentType defined in + * RFC 5652 + * + * section 5. + * + * @example + * parser = new KJUR.asn1.cms.CMSParser(); + * pAttr = { + * attr: "contentType" + * valhex: '060b2a864886f70d0109100104' + * }; + * parser.setContentInfo(pAttr); + * pAttr → { + * attr: "contentType" + * type: "tstinfo" + * } + */ + this.setContentType = function(pAttr) { + var contentType = _ASN1HEX.getOIDName(pAttr.valhex, 0, null); + if (contentType != null) { + pAttr.type = contentType; + delete pAttr.valhex; + } + }; + + /** + * set SigningTime attribute
    + * @name setSigningTime + * @memberOf KJUR.asn1.cms.CMSParser# + * @function + * @param {Array} pAttr JSON object of attribute parameter + * @see KJUR.asn1.cms.CMSParser#getAttribute + * + * @description + * This sets an attribute as SigningTime defined in + * RFC 5652 + * + * section 5. + * + * @example + * parser = new KJUR.asn1.cms.CMSParser(); + * pAttr = { + * attr: "signingTime" + * valhex: '170d3230313233313233353935395a' + * }; + * parser.setSigningTime(pAttr); + * pAttr → { + * attr: "signingTime", + * str: "2012315959Z" + * } + */ + this.setSigningTime = function(pAttr) { + var hSigningTime = _getV(pAttr.valhex, 0); + var signingTime = hextoutf8(hSigningTime); + pAttr.str = signingTime; + delete pAttr.valhex; + }; + + /** + * set MessageDigest attribute
    + * @name setMessageDigest + * @memberOf KJUR.asn1.cms.CMSParser# + * @function + * @param {Array} pAttr JSON object of attribute parameter + * @see KJUR.asn1.cms.CMSParser#getAttribute + * + * @description + * This sets an attribute as SigningTime defined in + * RFC 5652 + * + * section 5. + * + * @example + * parser = new KJUR.asn1.cms.CMSParser(); + * pAttr = { + * attr: "messageDigest" + * valhex: '0403123456' + * }; + * parser.setMessageDigest(pAttr); + * pAttr → { + * attr: "messageDigest", + * hex: "123456" + * } + */ + this.setMessageDigest = function(pAttr) { + var hMD = _getV(pAttr.valhex, 0); + pAttr.hex = hMD; + delete pAttr.valhex; + }; + + /** + * set SigningCertificate attribute
    + * @name setSigningCertificate + * @memberOf KJUR.asn1.cms.CMSParser# + * @function + * @param {Array} pAttr JSON object of attribute parameter + * @see KJUR.asn1.cms.CMSParser#getAttribute + * + * @description + * This sets an attribute as SigningCertificate defined in + * + * RFC 5035 section 5. + * + * @example + * parser = new KJUR.asn1.cms.CMSParser(); + * pAttr = { + * attr: "signingCertificate" + * valhex: '...' + * }; + * parser.setSigningCertificate(pAttr); + * pAttr → { + * attr: "signingCertificate", + * array: [{ + * hash: "123456...", + * issuer: { + * array: [[{type:"C",value:"JP",ds:"prn"},...]], + * str: "/C=JP/O=T1" + * }, + * serial: {hex: "123456..."} + * }] + * } + */ + this.setSigningCertificate = function(pAttr) { + var aIdx = _getChildIdx(pAttr.valhex, 0); + if (aIdx.length > 0) { + var hCerts = _getTLV(pAttr.valhex, aIdx[0]); + var aCertIdx = _getChildIdx(hCerts, 0); + var a = []; + for (var i = 0; i < aCertIdx.length; i++) { + var hESSCertID = _getTLV(hCerts, aCertIdx[i]); + var pESSCertID = this.getESSCertID(hESSCertID); + a.push(pESSCertID); + } + pAttr.array = a; + } + + if (aIdx.length > 1) { + var hPolicies = _getTLV(pAttr.valhex, aIdx[1]); + pAttr.polhex = hPolicies; + } + delete pAttr.valhex; + }; + + /** + * parse ASN.1 ESSCertID
    + * @name getESSCertID + * @memberOf KJUR.asn1.cms.CMSParser# + * @function + * @param {String} h hexadecimal string of ASN.1 ESSCertID + * @return {Array} array of JSON object of ESSCertID parameter + * @see KJUR.asn1.cms.ESSCertID + * + * @description + * This method parses ASN.1 ESSCertID defined in + * + * RFC 5035 section 6. + * 
    +     * ESSCertID ::= SEQUENCE {
+     *    certHash Hash,
+     *    issuerSerial IssuerSerial OPTIONAL }
+     * IssuerSerial ::= SEQUENCE {
+     *    issuer GeneralNames,
+     *    serialNumber CertificateSerialNumber }
+     *
    + * + * @example + * parser = new KJUR.asn1.cms.CMSParser(); + * parser.getESSCertID("30...") → + * { hash: "12ab...", + * issuer: { + * array: [[{type:"C",value:"JP",ds:"prn"}],...], + * str: "/C=JP/O=T1" + * }, + * serial: {hex: "12ab..."} } + */ + this.getESSCertID = function(h) { + var pResult = {}; + var aIdx = _getChildIdx(h, 0); + + if (aIdx.length > 0) { + var hCertHash = _getV(h, aIdx[0]); + pResult.hash = hCertHash; + } + + if (aIdx.length > 1) { + var hIssuerSerial = _getTLV(h, aIdx[1]); + var pIssuerSerial = + this.getIssuerSerial(hIssuerSerial); + + if (pIssuerSerial.serial != undefined) + pResult.serial = pIssuerSerial.serial; + + if (pIssuerSerial.issuer != undefined) + pResult.issuer = pIssuerSerial.issuer; + } + + return pResult; + }; + + /** + * parse ASN.1 IssuerSerial
    + * @name getIssuerSerial + * @memberOf KJUR.asn1.cms.CMSParser# + * @function + * @param {String} h hexadecimal string of ASN.1 IssuerSerial + * @return {Array} array of JSON object of IssuerSerial parameter + * @see KJUR.asn1.cms.IssuerSerial + * @see KJUR.asn1.x509.X500Name + * + * @description + * This method parses ASN.1 IssuerSerial defined in + * + * RFC 5035 section 6. + * 
    +     * IssuerSerial ::= SEQUENCE {
+     *    issuer GeneralNames,
+     *    serialNumber CertificateSerialNumber }
+     *
    + * + * @example + * parser = new KJUR.asn1.cms.CMSParser(); + * parser.getIssuerSerial("30...") → + * { issuer: { + * array: [[{type:"C",value:"JP",ds:"prn"}],...], + * str: "/C=JP/O=T1", + * }, + * serial: {hex: "12ab..."} } + */ + this.getIssuerSerial = function(h) { + var pResult = {}; + var aIdx = _getChildIdx(h, 0); + + var hIssuer = _getTLV(h, aIdx[0]); + var pIssuerGN = _x509obj.getGeneralNames(hIssuer); + var pIssuerName = pIssuerGN[0].dn; + pResult.issuer = pIssuerName; + + var hSerial = _getV(h, aIdx[1]); + pResult.serial = {hex: hSerial}; + + return pResult; + }; + + /** + * parse ASN.1 CertificateSet
    + * @name getCertificateSet + * @memberOf KJUR.asn1.cms.CMSParser# + * @function + * @param {String} h hexadecimal string of ASN.1 CertificateSet + * @return {Array} array of JSON object of CertificateSet parameter + * @see KJUR.asn1.cms.CertificateSet + * + * @description + * This method parses ASN.1 IssuerSerial defined in + * + * RFC 5652 CMS section 10.2.3 and + * + * section 10.2.2. + * 
    +     * CertificateSet ::= SET OF CertificateChoices
+     * CertificateChoices ::= CHOICE {
+     *   certificate Certificate,
+     *   extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
+     *   v1AttrCert [1] IMPLICIT AttributeCertificateV1,       -- Obsolete
+     *   v2AttrCert [2] IMPLICIT AttributeCertificateV2,
+     *   other [3] IMPLICIT OtherCertificateFormat }
+     * OtherCertificateFormat ::= SEQUENCE {
+     *   otherCertFormat OBJECT IDENTIFIER,
+     *   otherCert ANY DEFINED BY otherCertFormat }
+     *
    + * Currently only "certificate" is supported in + * CertificateChoices. + * + * @example + * parser = new KJUR.asn1.cms.CMSParser(); + * parser.getCertificateSet("a0...") → + * [ "-----BEGIN CERTIFICATE...", ... ] + */ + this.getCertificateSet = function(h) { + var aIdx = _getChildIdx(h, 0); + var a = []; + for (var i = 0; i < aIdx.length; i++) { + var hCert = _getTLV(h, aIdx[i]); + if (hCert.substr(0, 2) == "30") { + var pem = hextopem(hCert, "CERTIFICATE"); + a.push(pem); + } + } + return a; + }; +}; diff --git a/src/asn1csr-1.0.js b/src/asn1csr-1.0.js index d7e04082..5b3c619d 100644 --- a/src/asn1csr-1.0.js +++ b/src/asn1csr-1.0.js @@ -1,4 +1,4 @@ -/* asn1csr-2.0.2.js (c) 2015-2020 Kenji Urushima | kjur.github.com/jsrsasign/license +/* asn1csr-2.0.3.js (c) 2015-2020 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * asn1csr.js - ASN.1 DER encoder classes for PKCS#10 CSR @@ -16,7 +16,7 @@ * @fileOverview * @name asn1csr-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 9.1.1 asn1csr 2.0.2 (2020-Aug-26) + * @version jsrsasign 10.1.0 asn1csr 2.0.3 (2020-Nov-18) * @since jsrsasign 4.9.0 * @license MIT License */ @@ -448,10 +448,12 @@ KJUR.asn1.csr.CSRUtil.getParam = function(sPEM) { try { var hSubject = _getTLVbyListEx(hex, 0, [0, 1]); - var x = new X509(); - result.subject = {}; - result.subject.array = x.getX500Name(hSubject); - result.subject.str = X509.hex2dn(hSubject); + if (hSubject == "3000") { + result.subject = {}; + } else { + var x = new X509(); + result.subject = x.getX500Name(hSubject); + } } catch (ex) {}; var hPubKey = _getTLVbyListEx(hex, 0, [0, 2]); diff --git a/src/asn1hex-1.1.js b/src/asn1hex-1.1.js index dc9a20c1..f5787ddd 100644 --- a/src/asn1hex-1.1.js +++ b/src/asn1hex-1.1.js @@ -1,4 +1,4 @@ -/* asn1hex-1.2.6.js (c) 2012-2020 Kenji Urushima | kjur.github.com/jsrsasign/license +/* asn1hex-1.2.7.js (c) 2012-2020 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * asn1hex.js - Hexadecimal represented ASN.1 string library @@ -16,7 +16,7 @@ * @fileOverview * @name asn1hex-1.1.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 9.1.6 asn1hex 1.2.6 (2020-Sep-04) + * @version jsrsasign 10.1.0 asn1hex 1.2.7 (2020-Nov-18) * @license MIT License */ @@ -590,6 +590,89 @@ ASN1HEX.getVbyListEx = function(h, currentIndex, nthList, checkingTag, removeUnu return v; }; +/** + * get integer value from ASN.1 V(value)
    + * @name getInt + * @memberOf ASN1HEX + * @function + * @param {String} h hexadecimal string + * @param {Number} idx string index in h to get ASN.1 DER Integer + * @param {Object} errorReturn (OPTION) error return value (DEFAULT: -1) + * @return {Number} DER Integer value + * @since jsrsasign 10.1.0 asn1hex 1.2.7 + * + * @example + * ASN1HEX.getInt("xxxx020103xxxxxx", 4) &rarr 3 + */ +ASN1HEX.getInt = function(h, idx, errorReturn) { + if (errorReturn == undefined) errorReturn = -1; + try { + if (h.substr(idx, 2) != "02") return errorReturn; + var hV = ASN1HEX.getV(h, idx); + return parseInt(hV, 16); + } catch(ex) { + return errorReturn; + } +}; + +/** + * get object identifier string from ASN.1 V(value)
    + * @name getOID + * @memberOf ASN1HEX + * @function + * @param {String} h hexadecimal string + * @param {Number} idx string index in h to get ASN.1 DER ObjectIdentifier + * @param {Object} errorReturn (OPTION) error return value (DEFAULT: null) + * @return {String} object identifier string (ex. "1.2.3.4") + * @since jsrsasign 10.1.0 asn1hex 1.2.7 + * + * @example + * ASN1HEX.getInt("xxxx06032a0304xxxxxx", 4) &rarr "1.2.3.4" + */ +ASN1HEX.getOID = function(h, idx, errorReturn) { + if (errorReturn == undefined) errorReturn = null; + try { + if (h.substr(idx, 2) != "06") return errorReturn; + var hOID = ASN1HEX.getV(h, idx); + return hextooid(hOID); + } catch(ex) { + return errorReturn; + } +}; + +/** + * get object identifier name from ASN.1 V(value)
    + * @name getOIDName + * @memberOf ASN1HEX + * @function + * @param {String} h hexadecimal string + * @param {Number} idx string index in h to get ASN.1 DER ObjectIdentifier + * @param {Object} errorReturn (OPTION) error return value (DEFAULT: null) + * @return {String} object identifier name (ex. "sha256") oir OID string + * @since jsrsasign 10.1.0 asn1hex 1.2.7 + * + * @description + * This static method returns object identifier name such as "sha256" + * if registered. If not registered, it returns OID string. + * (ex. "1.2.3.4") + * + * @example + * ASN1HEX.getOIDName("xxxx0609608648016503040201xxxxxx", 4) &rarr "sha256" + * ASN1HEX.getOIDName("xxxx06032a0304xxxxxx", 4) &rarr "1.2.3.4" + */ +ASN1HEX.getOIDName = function(h, idx, errorReturn) { + if (errorReturn == undefined) errorReturn = null; + try { + var oid = ASN1HEX.getOID(h, idx, errorReturn); + if (oid == errorReturn) return errorReturn; + var name = KJUR.asn1.x509.OID.oid2name(oid); + if (name == '') return oid; + return name; + } catch(ex) { + return errorReturn; + } +}; + /** * get OID string from hexadecimal encoded value
    * @name hextooidstr diff --git a/src/asn1tsp-1.0.js b/src/asn1tsp-1.0.js index e18fcdf1..a23c49fc 100644 --- a/src/asn1tsp-1.0.js +++ b/src/asn1tsp-1.0.js @@ -1,4 +1,4 @@ -/* asn1tsp-2.0.0.js (c) 2014-2020 Kenji Urushima | kjur.github.com/jsrsasign/license +/* asn1tsp-2.0.1.js (c) 2014-2020 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * asn1tsp.js - ASN.1 DER encoder classes for RFC 3161 Time Stamp Protocol @@ -16,7 +16,7 @@ * @fileOverview * @name asn1tsp-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 10.0.0 asn1tsp 2.0.0 (2020-Sep-22) + * @version jsrsasign 10.1.0 asn1tsp 2.0.1 (2020-Nov-18) * @since jsrsasign 4.5.1 * @license MIT License */ @@ -992,3 +992,389 @@ KJUR.asn1.tsp.TSPUtil.parseMessageImprint = function(miHex) { return json; }; +/** + * class for parsing RFC 3161 TimeStamp protocol data
    + * @name KJUR.asn1.tsp.TSPParser + * @class RFC 3161 TimeStamp protocol parser class + * @since jsrsasign 10.1.0 asn1tsp 2.0.1 + * + * @description + * This is an ASN.1 parser for + * RFC 3161. + */ +KJUR.asn1.tsp.TSPParser = function() { + var _Error = Error, + _X509 = X509, + _x509obj = new _X509(), + _ASN1HEX = ASN1HEX, + _getV = _ASN1HEX.getV, + _getTLV = _ASN1HEX.getTLV, + _getIdxbyList = _ASN1HEX.getIdxbyList, + _getTLVbyListEx = _ASN1HEX.getTLVbyListEx, + _getChildIdx = _ASN1HEX.getChildIdx; + var _aSTATUSSTR = [ + "granted", "grantedWithMods", "rejection", "waiting", + "revocationWarning", "revocationNotification" ]; + + /** + * parse ASN.1 TimeStampResp
    + * @name getResponse + * @memberOf KJUR.asn1.tsp.TSPParser# + * @function + * @param {String} h hexadecimal string of ASN.1 TimeStampResp + * @return {Array} JSON object of TimeStampResp parameter + * @see KJUR.asn1.tsp.TimeStampResp + * @see KJUR.asn1.tsp.TimeStampToken + * @see KJUR.asn1.cms.CMSParser#getCMSSignedData + * + * @description + * This method parses ASN.1 TimeStampRsp defined in RFC 3161. + * 
    +     * TimeStampResp ::= SEQUENCE {
+     *   status          PKIStatusInfo,
+     *   timeStampToken  TimeStampToken  OPTIONAL }
+     *
    + * When "h" is a TSP error response, + * returned parameter contains "statusinfo" only. + * + * @example + * parser = new KJUR.asn1.tsp.TSPParser(); + * parser.getResponse("30...") → + * { + * statusinfo: 'granted', + * ... // almost the same as CMS SignedData parameters + * econtent: { + * type: "tstinfo", + * content: { // TSTInfo parameter + * policy: '1.2.3.4.5', + * messageImprint: {alg: 'sha256', hash: 'a1a2a3a4...'}, + * serialNumber: {'int': 3}, + * genTime: {str: '20131231235959.123Z'}, + * accuracy: {millis: 500}, + * ordering: true, + * nonce: {int: 3} + * } + * }, + * ... + * } + */ + this.getResponse = function(h) { + var aIdx = _getChildIdx(h, 0); + + if (aIdx.length == 1) { + return this.getPKIStatusInfo(_getTLV(h, aIdx[0])); + } else if (aIdx.length > 1) { + var pPKIStatusInfo = this.getPKIStatusInfo(_getTLV(h, aIdx[0])); + var hTST = _getTLV(h, aIdx[1]); + var pResult = this.getToken(hTST); + pResult.statusinfo = pPKIStatusInfo; + return pResult; + } + }; + + /** + * parse ASN.1 TimeStampToken
    + * @name getToken + * @memberOf KJUR.asn1.tsp.TSPParser# + * @function + * @param {String} h hexadecimal string of ASN.1 TimeStampToken + * @return {Array} JSON object of TimeStampToken parameter + * @see KJUR.asn1.tsp.TimeStampToken + * @see KJUR.asn1.cms.CMSParser#getCMSSignedData + * @see KJUR.asn1.tsp.TSPParser#setTSTInfo + * + * @description + * This method parses ASN.1 TimeStampRsp defined in RFC 3161. + * This method will parse "h" as CMS SigneData by + * {@link KJUR.asn1.cms.CMSParser#getCMSSignedData}, then + * parse and modify "econtent.content" parameter by + * {@link KJUR.asn1.tsp.TSPParser#setTSTInfo} method. + * + * @example + * parser = new KJUR.asn1.tsp.TSPParser(); + * parser.getToken("30...") → + * { + * ... // almost the same as CMS SignedData parameters + * econtent: { + * type: "tstinfo", + * content: { // TSTInfo parameter + * policy: '1.2.3.4.5', + * messageImprint: {alg: 'sha256', hash: 'a1a2a3a4...'}, + * serialNumber: {'int': 3}, + * genTime: {str: '20131231235959.123Z'}, + * accuracy: {millis: 500}, + * ordering: true, + * nonce: {int: 3} + * } + * }, + * ... + * } + */ + this.getToken = function(h) { + var _CMSParser = new KJUR.asn1.cms.CMSParser; + var p = _CMSParser.getCMSSignedData(h); + this.setTSTInfo(p); + return p; + }; + + /** + * set ASN.1 TSTInfo parameter to CMS SignedData parameter
    + * @name setTSTInfo + * @memberOf KJUR.asn1.tsp.TSPParser# + * @function + * @param {Array} pCMSSignedData JSON object of CMS SignedData parameter + * @see KJUR.asn1.tsp.TimeStampToken + * @see KJUR.asn1.cms.CMSParser#getCMSSignedData + * + * @description + * This method modifies "econtent.content" of CMS SignedData parameter + * to parsed TSTInfo. + * 
    +     *
+     * @example
+     * parser = new KJUR.asn1.tsp.TSPParser();
+     * pCMSSignedData = { 
+     *   ... // almost the same as CMS SignedData parameters
+     *   econtent: {
+     *     type: "tstinfo",
+     *     content: { hex: "30..." }
+     *   },
+     *   ...
+     * };
+     * parser.setTSTInfo(pCMSSignedData);
+     * pCMSSignedData → { 
+     *   ... // almost the same as CMS SignedData parameters
+     *   econtent: {
+     *     type: "tstinfo",
+     *     content: { // TSTInfo parameter
+     *       policy: '1.2.3.4.5',
+     *       messageImprint: {alg: 'sha256', hash: 'a1a2a3a4...'},
+     *       serialNumber: {int: 3},
+     *       genTime: {str: '20131231235959.123Z'},
+     *       accuracy: {millis: 500},
+     *       ordering: true,
+     *       nonce: {int: 3}
+     *     }
+     *   },
+     *   ...
+     * };
+     */
+    this.setTSTInfo = function(pCMSSignedData) {
+	var pEContent = pCMSSignedData.econtent;
+	if (pEContent.type == "tstinfo") {
+	    var hContent = pEContent.content.hex;
+	    var pTSTInfo = this.getTSTInfo(hContent);
+	    //pTSTInfo.hex_ = hContent;
+	    pEContent.content = pTSTInfo;
+	}
+    };
+
+    /**
+     * parse ASN.1 TSTInfo
    
+     * @name getTSTInfo
+     * @memberOf KJUR.asn1.tsp.TSPParser#
+     * @function
+     * @param {String} h hexadecimal string of ASN.1 TSTInfo
+     * @return {Array} JSON object of TSTInfo parameter
+     * @see KJUR.asn1.tsp.TSTInfo
+     *
+     * @description
+     * This method parses ASN.1 TSTInfo defined in RFC 3161.
+     * 
    +     * TSTInfo ::= SEQUENCE  {
+     *    version          INTEGER  { v1(1) },
+     *    policy           TSAPolicyId,
+     *    messageImprint   MessageImprint,
+     *    serialNumber     INTEGER,
+     *    genTime          GeneralizedTime,
+     *    accuracy         Accuracy                 OPTIONAL,
+     *    ordering         BOOLEAN             DEFAULT FALSE,
+     *    nonce            INTEGER                  OPTIONAL,
+     *    tsa              [0] GeneralName          OPTIONAL,
+     *    extensions       [1] IMPLICIT Extensions  OPTIONAL }
+     * 
    
+     *
+     * @example
+     * parser = new KJUR.asn1.tsp.TSPParser();
+     * parser.getTSTInfo("30...") →
+     * {
+     *   policy: '1.2.3.4.5',
+     *   messageImprint: {alg: 'sha256', hash: 'a1a2a3a4...'},
+     *   serialNumber: {'int': 3},
+     *   genTime: {str: '20131231235959.123Z'},
+     *   accuracy: {millis: 500},
+     *   ordering: true,
+     *   nonce: {int: 3}
+     * }
+     */
+    this.getTSTInfo = function(h) {
+	var pResult = {};
+	var aIdx = _getChildIdx(h, 0);
+
+	var hPolicy = _getV(h, aIdx[1]);
+	pResult.policy = hextooid(hPolicy);
+
+	var hMessageImprint = _getTLV(h, aIdx[2]);
+	pResult.messageImprint = this.getMessageImprint(hMessageImprint);
+
+	var hSerial = _getV(h, aIdx[3]);
+	pResult.serial = {hex: hSerial};
+
+	var hGenTime = _getV(h, aIdx[4]);
+	pResult.genTime = {str: hextoutf8(hGenTime)};
+
+	var offset = 0;
+
+	if (aIdx.length > 5 && h.substr(aIdx[5], 2) == "30") {
+	    var hAccuracy = _getTLV(h, aIdx[5]);
+	    pResult.accuracy = this.getAccuracy(hAccuracy);
+	    offset++;
+	}
+
+	if (aIdx.length > 5 + offset && 
+	    h.substr(aIdx[5 + offset], 2) == "01") {
+	    var hOrdering = _getV(h, aIdx[5 + offset]);
+	    if (hOrdering == "ff") pResult.ordering = true;
+	    offset++;
+	}
+
+	if (aIdx.length > 5 + offset &&
+	    h.substr(aIdx[5 + offset], 2) == "02") {
+	    var hNonce = _getV(h, aIdx[5 + offset]);
+	    pResult.nonce = {hex: hNonce};
+	    offset++;
+	}
+
+	if (aIdx.length > 5 + offset &&
+	    h.substr(aIdx[5 + offset], 2) == "a0") {
+	    var hGeneralNames = _getTLV(h, aIdx[5 + offset]);
+	    hGeneralNames = "30" + hGeneralNames.substr(2);
+	    pGeneralNames = _x509obj.getGeneralNames(hGeneralNames);
+	    var pName = pGeneralNames[0].dn;
+	    pResult.tsa = pName;
+	    offset++;
+	}
+
+	if (aIdx.length > 5 + offset &&
+	    h.substr(aIdx[5 + offset], 2) == "a1") {
+	    var hExt = _getTLV(h, aIdx[5 + offset]);
+	    hExt = "30" + hExt.substr(2);
+	    var aExt = _x509obj.getExtParamArray(hExt);
+	    pResult.ext = aExt;
+	    offset++;
+	}
+
+	return pResult;
+    };
+
+    /**
+     * parse ASN.1 Accuracy
    
+     * @name getAccuracy
+     * @memberOf KJUR.asn1.tsp.TSPParser#
+     * @function
+     * @param {String} h hexadecimal string of ASN.1 Accuracy
+     * @return {Array} JSON object of Accuracy parameter
+     * @see KJUR.asn1.tsp.Accuracy
+     *
+     * @description
+     * This method parses ASN.1 Accuracy defined in RFC 3161.
+     * 
    +     * Accuracy ::= SEQUENCE {
+     *    seconds        INTEGER              OPTIONAL,
+     *    millis     [0] INTEGER  (1..999)    OPTIONAL,
+     *    micros     [1] INTEGER  (1..999)    OPTIONAL  }
+     * 
    
+     *
+     * @example
+     * parser = new KJUR.asn1.tsp.TSPParser();
+     * parser.getAccuracy("30...") → {millis: 500}
+     */
+    this.getAccuracy = function(h) {
+	var pResult = {};
+
+	var aIdx = _getChildIdx(h, 0);
+
+	for (var i = 0; i < aIdx.length; i++) {
+	    var tag = h.substr(aIdx[i], 2);
+	    var hV = _getV(h, aIdx[i]);
+	    var iV = parseInt(hV, 16);
+
+	    if (tag == "02") {
+		pResult.seconds = iV;
+	    } else if (tag == "80") {
+		pResult.millis = iV;
+	    } else if (tag == "81") {
+		pResult.micros = iV;
+	    }
+	}
+
+	return pResult;
+    };
+
+    /**
+     * parse ASN.1 MessageImprint
    
+     * @name getMessageImprint
+     * @memberOf KJUR.asn1.tsp.TSPParser#
+     * @function
+     * @param {String} h hexadecimal string of ASN.1 MessageImprint
+     * @return {Array} JSON object of MessageImprint parameter
+     * @see KJUR.asn1.tsp.MessageImprint
+     *
+     * @description
+     * This method parses ASN.1 MessageImprint defined in RFC 3161.
+     *
+     * @example
+     * parser = new KJUR.asn1.tsp.TSPParser();
+     * parser.getMessageImprint("30...") → 
+     * { alg: "sha256", hash: "12ab..." }
+     */
+    this.getMessageImprint = function(h) {
+	if (h.substr(0, 2) != "30")
+            throw new Error("head of messageImprint hex shall be x30");
+
+	var json = {};
+	var idxList = _getChildIdx(h, 0);
+	var hashAlgOidIdx = _getIdxbyList(h, 0, [0, 0]);
+	var hashAlgHex = _getV(h, hashAlgOidIdx);
+	var hashAlgOid = _ASN1HEX.hextooidstr(hashAlgHex);
+	var hashAlgName = KJUR.asn1.x509.OID.oid2name(hashAlgOid);
+	if (hashAlgName == '')
+            throw new Error("hashAlg name undefined: " + hashAlgOid);
+	var hashAlg = hashAlgName;
+	var hashValueIdx = _getIdxbyList(h, 0, [1]);
+	
+	json.alg = hashAlg;
+	json.hash = _getV(h, hashValueIdx); 
+
+	return json;
+    };
+
+    /**
+     * parse ASN.1 PKIStatusInfo
    
+     * @name getPKIStatusInfo
+     * @memberOf KJUR.asn1.tsp.TSPParser#
+     * @function
+     * @param {String} h hexadecimal string of ASN.1 PKIStatusInfo
+     * @return {Array} JSON object of PKIStatusInfo parameter
+     * @see KJUR.asn1.tsp.PKIStatusInfo
+     *
+     * @description
+     * This method parses ASN.1 PKIStatusInfo defined in RFC 3161.
+     *
+     * @example
+     * parser = new KJUR.asn1.tsp.TSPParser();
+     * parser.getPKIStatusInfo("30...") → 
+     * { status: "granted" }
+     */
+    this.getPKIStatusInfo = function(h) {
+	var pResult = {};
+	var aIdx = _getChildIdx(h, 0);
+	try {
+	    var hStatus = _getV(h, aIdx[0]);
+	    var iStatus = parseInt(hStatus, 16);
+	    pResult.status = _aSTATUSSTR[iStatus];
+	} catch(ex) {};
+	
+	return pResult;
+    };
+};
\ No newline at end of file
diff --git a/src/asn1x509-1.0.js b/src/asn1x509-1.0.js
index 2582b8ac..6b5a887e 100644
--- a/src/asn1x509-1.0.js
+++ b/src/asn1x509-1.0.js
@@ -1,4 +1,4 @@
-/* asn1x509-2.1.5.js (c) 2013-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
+/* asn1x509-2.1.6.js (c) 2013-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
  */
 /*
  * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate
@@ -16,7 +16,7 @@
  * @fileOverview
  * @name asn1x509-1.0.js
  * @author Kenji Urushima kenji.urushima@gmail.com
- * @version jsrsasign 10.0.5 asn1x509 2.1.5 (2020-Nov-04)
+ * @version jsrsasign 10.1.0 asn1x509 2.1.6 (2020-Nov-18)
  * @since jsrsasign 2.1
  * @license MIT License
  */
@@ -223,8 +223,13 @@ KJUR.asn1.x509.Certificate = function(params) {
      */
     this.sign = function() {
 	var params = this.params;
+
+	var sigalg = params.sigalg;
+	if (params.sigalg.name != undefined) 
+	    sigalg = params.sigalg.name;
+
 	var hTBS = params.tbsobj.getEncodedHex();
-	var sig = new KJUR.crypto.Signature({alg: params.sigalg});
+	var sig = new KJUR.crypto.Signature({alg: sigalg});
 	sig.init(params.cakey);
 	sig.updateHex(hTBS);
 	params.sighex = sig.sign();
@@ -362,8 +367,8 @@ KJUR.asn1.x509.TBSCertificate = function(params) {
 	a.push(new _DERInteger(params.serial));
 	a.push(new _AlgorithmIdentifier({name: params.sigalg}));
 	a.push(new _X500Name(params.issuer));
-	a.push(new _DERSequence({array:[new _Time({str: params.notbefore}),
-					new _Time({str: params.notafter})]}));
+	a.push(new _DERSequence({array:[new _Time(params.notbefore),
+					new _Time(params.notafter)]}));
 	a.push(new _X500Name(params.subject));
 	a.push(new _SubjectPublicKeyInfo(KEYUTIL.getKey(params.sbjpubkey)));
 	if (params.ext !== undefined && params.ext.length > 0) {
diff --git a/src/base64x-1.1.js b/src/base64x-1.1.js
index 835b167a..ff09ba7c 100644
--- a/src/base64x-1.1.js
+++ b/src/base64x-1.1.js
@@ -1,4 +1,4 @@
-/* base64x-1.1.17 (c) 2012-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
+/* base64x-1.1.18 (c) 2012-2020 Kenji Urushima | kjur.github.com/jsrsasign/license
  */
 /*
  * base64x.js - Base64url and supplementary functions for Tom Wu's base64.js library
@@ -16,7 +16,7 @@
  * @fileOverview
  * @name base64x-1.1.js
  * @author Kenji Urushima kenji.urushima@gmail.com
- * @version jsrsasign 10.0.5 base64x 1.1.17 (2020-Nov-04)
+ * @version jsrsasign 10.1.0 base64x 1.1.18 (2020-Nov-18)
  * @since jsrsasign 2.1
  * @license MIT License
  */
@@ -998,7 +998,7 @@ KJUR.lang.String.isInteger = function(s) {
 };
 
 /**
- * check whether a string is an hexadecimal string or not
    
+ * check whether a string is an hexadecimal string or not (DEPRECATED)
    
  * @name isHex
  * @memberOf KJUR.lang.String
  * @function
@@ -1006,6 +1006,8 @@ KJUR.lang.String.isInteger = function(s) {
  * @param {String} s input string
  * @return {Boolean} true if a string "s" is an hexadecimal string otherwise false
  * @since base64x 1.1.7 jsrsasign 5.0.13
+ * @deprecated from 10.0.6. please use {@link ishex}
+ * @see ishex
  * @example
  * KJUR.lang.String.isHex("1234") → true
  * KJUR.lang.String.isHex("12ab") → true
@@ -1014,6 +1016,25 @@ KJUR.lang.String.isInteger = function(s) {
  * KJUR.lang.String.isHex("121") → false -- odd length
  */
 KJUR.lang.String.isHex = function(s) {
+    return ishex(s);
+};
+
+/**
+ * check whether a string is an hexadecimal string or not
    
+ * @name ishex
+ * @function
+ * @static
+ * @param {String} s input string
+ * @return {Boolean} true if a string "s" is an hexadecimal string otherwise false
+ * @since base64x 1.1.7 jsrsasign 5.0.13
+ * @example
+ * ishex("1234") → true
+ * ishex("12ab") → true
+ * ishex("12AB") → true
+ * ishex("12ZY") → false
+ * ishex("121") → false -- odd length
+ */
+function ishex(s) {
     if (s.length % 2 == 0 &&
 	(s.match(/^[0-9a-f]+$/) || s.match(/^[0-9A-F]+$/))) {
 	return true;
@@ -1250,4 +1271,137 @@ var strdiffidx = function(s1, s2) {
     return -1; // same
 };
 
+/**
+ * get hexadecimal value of object identifier from dot noted oid value
+ * @name oidtohex
+ * @function
+ * @param {String} oidString dot noted string of object identifier
+ * @return {String} hexadecimal value of object identifier
+ * @since jsrsasign 10.1.0 base64x 1.1.18
+ * @see hextooid
+ * @see ASN1HEX.hextooidstr
+ * @see KJUR.asn1.ASN1Util.oidIntToHex
+ * @description
+ * This static method converts from object identifier value string.
+ * to hexadecimal string representation of it.
+ * {@link hextooid} is a reverse function of this.
+ * @example
+ * oidtohex("2.5.4.6") → "550406"
+ */
+function oidtohex(oidString) {
+    var itox = function(i) {
+        var h = i.toString(16);
+        if (h.length == 1) h = '0' + h;
+        return h;
+    };
+
+    var roidtox = function(roid) {
+        var h = '';
+        var bi = parseInt(roid, 10);
+        var b = bi.toString(2);
+
+        var padLen = 7 - b.length % 7;
+        if (padLen == 7) padLen = 0;
+        var bPad = '';
+        for (var i = 0; i < padLen; i++) bPad += '0';
+        b = bPad + b;
+        for (var i = 0; i < b.length - 1; i += 7) {
+            var b8 = b.substr(i, 7);
+            if (i != b.length - 7) b8 = '1' + b8;
+            h += itox(parseInt(b8, 2));
+        }
+        return h;
+    };
+    
+    try {
+	if (! oidString.match(/^[0-9.]+$/)) return null;
+    
+	var h = '';
+	var a = oidString.split('.');
+	var i0 = parseInt(a[0], 10) * 40 + parseInt(a[1], 10);
+	h += itox(i0);
+	a.splice(0, 2);
+	for (var i = 0; i < a.length; i++) {
+            h += roidtox(a[i]);
+	}
+	return h;
+    } catch(ex) {
+	return null;
+    }
+};
+
+/**
+ * get oid string from hexadecimal value of object identifier
    
+ * @name hextooid
+ * @function
+ * @param {String} h hexadecimal value of object identifier
+ * @return {String} dot noted string of object identifier (ex. "1.2.3.4")
+ * @since jsrsasign 10.1.0 base64x 1.1.18
+ * @see oidtohex
+ * @see ASN1HEX.hextooidstr
+ * @see KJUR.asn1.ASN1Util.oidIntToHex
+ * @description
+ * This static method converts from hexadecimal object identifier value 
+ * to dot noted OID value (ex. "1.2.3.4").
+ * {@link oidtohex} is a reverse function of this.
+ * @example
+ * hextooid("550406") → "2.5.4.6"
+ */
+function hextooid(h) {
+    if (! ishex(h)) return null;
+    try {
+	var a = [];
+
+	// a[0], a[1]
+	var hex0 = h.substr(0, 2);
+	var i0 = parseInt(hex0, 16);
+	a[0] = new String(Math.floor(i0 / 40));
+	a[1] = new String(i0 % 40);
+
+	// a[2]..a[n]
+	var hex1 = h.substr(2);
+	var b = [];
+	for (var i = 0; i < hex1.length / 2; i++) {
+	    b.push(parseInt(hex1.substr(i * 2, 2), 16));
+	}
+	var c = [];
+	var cbin = "";
+	for (var i = 0; i < b.length; i++) {
+            if (b[i] & 0x80) {
+		cbin = cbin + strpad((b[i] & 0x7f).toString(2), 7);
+            } else {
+		cbin = cbin + strpad((b[i] & 0x7f).toString(2), 7);
+		c.push(new String(parseInt(cbin, 2)));
+		cbin = "";
+            }
+	}
+
+	var s = a.join(".");
+	if (c.length > 0) s = s + "." + c.join(".");
+	return s;
+    } catch(ex) {
+	return null;
+    }
+};
+
+/**
+ * string padding
    
+ * @name spad
+ * @function
+ * @param {String} s input string
+ * @param {Number} len output string length
+ * @param {String} padchar padding character (default is "0")
+ * @return {String} padded string
+ * @since jsrsasign 10.1.0 base64x 1.1.18
+ * @example
+ * strpad("1234", 10, "0") → "0000001234"
+ * strpad("1234", 10, " ") → "      1234"
+ * strpad("1234", 10)      → "0000001234"
+ */
+var strpad = function(s, len, padchar) {
+    if (padchar == undefined) padchar = "0";
+    if (s.length >= len) return s;
+    return new Array(len - s.length + 1).join(padchar) + s;
+};
+
 
diff --git a/src/x509-1.1.js b/src/x509-1.1.js
index 14544296..f4d40d4f 100644
--- a/src/x509-1.1.js
+++ b/src/x509-1.1.js
@@ -1,4 +1,4 @@
-/* x509-2.0.8.js (c) 2012-2020 Kenji Urushima | kjur.github.io/jsrsasign/license
+/* x509-2.0.9.js (c) 2012-2020 Kenji Urushima | kjur.github.io/jsrsasign/license
  */
 /*
  * x509.js - X509 class to read subject public key from certificate.
@@ -16,7 +16,7 @@
  * @fileOverview
  * @name x509-1.1.js
  * @author Kenji Urushima kenji.urushima@gmail.com
- * @version jsrsasign 10.0.4 x509 2.0.8 (2020-Oct-23)
+ * @version jsrsasign 10.1.0 x509 2.0.9 (2020-Nov-18)
  * @since jsrsasign 1.x.x
  * @license MIT License
  */
@@ -232,19 +232,16 @@ function X509(params) {
      * @function
      * @return {Array} JSON object of issuer field
      * @since jsrsasign 9.0.0 x509 2.0.0
+     * @see X509#getX500Name
      * @description
      * @example
-     * var x = new X509();
-     * x.readCertPEM(sCertPEM);
+     * var x = new X509(sCertPEM);
      * x.getIssuer() →
      * { array: [[{type:'C',value:'JP',ds:'prn'}],...],
-     *   str: "30..." }
+     *   str: "/C=JP/..." }
      */
     this.getIssuer = function() {
-	var result = {};
-	result.array = this.getX500Name(this.getIssuerHex());
-	result.str = this.getIssuerString();
-	return result;
+	return this.getX500Name(this.getIssuerHex())
     };
 
     /**
@@ -285,19 +282,16 @@ function X509(params) {
      * @function
      * @return {Array} JSON object of subject field
      * @since jsrsasign 9.0.0 x509 2.0.0
+     * @see X509#getX500Name
      * @description
      * @example
-     * var x = new X509();
-     * x.readCertPEM(sCertPEM);
-     * x.getIssuer() →
+     * var x = new X509(sCertPEM);
+     * x.getSubject() →
      * { array: [[{type:'C',value:'JP',ds:'prn'}],...],
-     *   str: "30..." }
+     *   str: "/C=JP/..." }
      */
     this.getSubject = function() {
-	var result = {};
-	result.array = this.getX500Name(this.getSubjectHex());
-	result.str = this.getSubjectString();
-	return result;
+	return this.getX500Name(this.getSubjectHex());
     };
 
     /**
@@ -1158,6 +1152,14 @@ function X509(params) {
      * x = new X509();
      * x.getGeneralNames("3011860f687474703a2f2f6161612e636f6d2f")
      * → [{uri: "http://aaa.com/"}]
+     *
+     * x.getGeneralNames("301ea41c30...") →
+     * [{ dn: {
+     *     array: [
+     *       [{type:"C", value:"JP", ds:"prn"}],
+     *       [{type:"O", value:"T1", ds:"utf8"}]
+     *     ],
+     *     str: "/C=JP/O=T1" } }]
      */
     this.getGeneralNames = function(h) {
 	var aIdx = _getChildIdx(h, 0);
@@ -1201,6 +1203,13 @@ function X509(params) {
      * x = new X509();
      * x.getGeneralName("860f687474703a2f2f6161612e636f6d2f") 
      * → {uri: "http://aaa.com/"}
+     * x.getGeneralName("a41c30...") →
+     * { dn: {
+     *     array: [
+     *       [{type:"C", value:"JP", ds:"prn"}],
+     *       [{type:"O", value:"T1", ds:"utf8"}]
+     *     ],
+     *     str: "/C=JP/O=T1" } }
      */
     this.getGeneralName = function(h) {
 	var tag = h.substr(0, 2);
@@ -1208,9 +1217,9 @@ function X509(params) {
 	var sValue = hextorstr(hValue);
 	if (tag == "81") return {rfc822: sValue};
 	if (tag == "82") return {dns: sValue};
-	if (tag == "a4") return {dn: {hex: hValue}};
 	if (tag == "86") return {uri: sValue};
 	if (tag == "87") return {ip: hextoip(hValue)};
+	if (tag == "a4") return {dn: this.getX500Name(hValue)};
 	return undefined;
     };
 
@@ -2069,9 +2078,12 @@ function X509(params) {
      * @param {String} h hexadecimal string of Name
      * @return {Array} array of RDN parameter array
      * @since jsrsasign 9.0.0 x509 2.0.0
-     * @see X509#getX500Name
+     * @see X509#getX500NameArray
      * @see X509#getRDN
      * @see X509#getAttrTypeAndValue
+     * @see KJUR.asn1.x509.X500Name
+     * @see KJUR.asn1.x509.GeneralName
+     * @see KJUR.asn1.x509.GeneralNames
      * @description
      * This method will get Name parameter defined in
      * 
@@ -2084,11 +2096,49 @@ function X509(params) {
      * @example
      * x = new X509();
      * x.getX500Name("30...") →
+     * { array: [
+     *     [{type:"C",value:"US",ds:"prn"}],
+     *     [{type:"O",value:"Sample Corp.",ds:"utf8"}],
+     *     [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
+     *   ],
+     *   str: "/C=US/O=Sample Corp./CN=john.smith@example.com",
+     *   hex: "30..."
+     * }
+     */
+    this.getX500Name = function(h) {
+	var a = this.getX500NameArray(h);
+	var s = this.dnarraytostr(a);
+	return { array: a, str: s };
+    };
+
+    /**
+     * get X.500 Name ASN.1 structure parameter array
    
+     * @name getX500NameArray
+     * @memberOf X509#
+     * @function
+     * @param {String} h hexadecimal string of Name
+     * @return {Array} array of RDN parameter array
+     * @since jsrsasign 10.0.6 x509 2.0.9
+     * @see X509#getX500Name
+     * @see X509#getRDN
+     * @see X509#getAttrTypeAndValue
+     * @description
+     * This method will get Name parameter defined in
+     *     
+     * RFC 5280 4.1.2.4.
+     * 
    +     * Name ::= CHOICE { -- only one possibility for now --
+     *   rdnSequence  RDNSequence }
+     * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+     * 
    
+     * @example
+     * x = new X509();
+     * x.getX500NameArray("30...") →
      * [[{type:"C",value:"US",ds:"prn"}],
      *  [{type:"O",value:"Sample Corp.",ds:"utf8"}],
      *  [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]]
      */
-    this.getX500Name = function(h) {
+    this.getX500NameArray = function(h) {
 	var result = [];
 	var a = _getChildIdx(h, 0);
 	for (var i = 0; i < a.length; i++) {
@@ -2577,6 +2627,45 @@ function X509(params) {
 	}
     };
 
+    /**
+     * convert array for X500 distinguish name to distinguish name string
    
+     * @name dnarraytostr
+     * @memberOf X509#
+     * @function
+     * @param {Array} aDN array for X500 distinguish name
+     * @return {String} distinguish name
+     * @since jsrsasign 10.0.6 x509 2.0.8
+     * @see X509#getX500Name
+     * @see X509#getX500NameArray
+     * @see KJUR.asn1.x509.X500Name
+     *
+     * @description
+     * This method converts from an array representation of 
+     * X.500 distinguished name to X.500 name string.
+     * This supports multi-valued RDN.
+     * 
+     * @example
+     * var x = new X509();
+     * x.dnarraytostr(
+     *   [[{type:"C",value:"JP",ds:"prn"}],
+     *   [{type:"O",value:"T1",ds:"prn"}]]) → "/C=JP/O=T1"
+     * x.dnarraytostr(
+     *   [[{type:"C",value:"JP",ds:"prn"}],
+     *   [{type:"O",value:"T1",ds:"prn"}
+     *    {type:"CN",value:"Bob",ds:"prn"}]]) → "/C=JP/O=T1+CN=Bob"
+     */
+    this.dnarraytostr = function(aDN) {
+	function rdnarraytostr(aRDN) {
+	    return aRDN.map(function(x){return atvtostr(x);}).join("+");
+	};
+
+	function atvtostr(pATV) {
+	    return pATV.type + "=" + pATV.value;
+	};
+
+	return "/" + aDN.map(function(x){return rdnarraytostr(x);}).join("/");
+    };
+
     /**
      * get certificate information as string.
    
      * @name getInfo
diff --git a/src/x509crl.js b/src/x509crl.js
index b7a05d1c..9e00b93e 100644
--- a/src/x509crl.js
+++ b/src/x509crl.js
@@ -16,8 +16,8 @@
  * @fileOverview
  * @name x509crl.js
  * @author Kenji Urushima kenji.urushima@gmail.com
- * @version jsrsasign 9.1.4 x509crl 1.0.1 (2020-Aug-26)
- * @since jsrsasign 9.1.1
+ * @version jsrsasign 10.1.0 x509crl 1.0.2 (2020-Nov-18)
+ * @since jsrsasign 10.1.0
  * @license MIT License
  */
 
@@ -155,6 +155,7 @@ var X509CRL = function(params) {
      * @function
      * @return {Array} JSON object of issuer field
      * @see X509#getIssuer
+     * @see X509#getX500Name
      * @see KJUR.asn1.x509.X500Name
      *
      * @description
@@ -164,13 +165,12 @@ var X509CRL = function(params) {
      * @example
      * crl = new X509CRL("-----BEGIN X509 CRL...");
      * x.getIssuer() →
-     * { array: [[{type:'C',value:'JP',ds:'prn'}],...] }
+     * { array: [[{type:'C',value:'JP',ds:'prn'}],...],
+     *   str: "/C=JP/..." }
      */
     this.getIssuer = function() {
 	var hIssuer = _getTLVbyList(this.hex, 0, [0, this.posSigAlg + 1], "30");
-	var result = {};
-	result.array = _x509obj.getX500Name(hIssuer);
-	return result;
+	return _x509obj.getX500Name(hIssuer);
     };
 
     /**
diff --git a/test/qunit-do-asn1cms.html b/test/qunit-do-asn1cms.html
index 68c15d1e..d25ed54a 100755
--- a/test/qunit-do-asn1cms.html
+++ b/test/qunit-do-asn1cms.html
@@ -1075,6 +1075,32 @@
   //deepEqual(result, "", "result");
 });
 
+test("CMSParser.getAttribute signingCertificate", function() {
+var parser = new KJUR.asn1.cms.CMSParser();
+
+var hIn = "3050060b2a864886f70d010910020c3141303f303d303b041476c19d787741bdaf76cab1c42d166cb536aa83f83023301ea41c301a310b3009060355040613025553310b3009060355040a0c025a34020101";
+var pExpect = {
+  attr: "signingCertificate",
+  array: [{
+    hash: "76c19d787741bdaf76cab1c42d166cb536aa83f8",
+    issuer: {
+      array: [
+        [{type:"C",value:"US",ds:"prn"}],
+        [{type:"O",value:"Z4",ds:"utf8"}]
+      ],
+      str: "/C=US/O=Z4"
+    },
+    serial: {hex: "01"}
+  }]
+};
+deepEqual(parser.getAttribute(hIn), pExpect, "attr");
+
+var hIn = "a08207c3308207bf308205a7a0030201020210406a1417b3309f78ff5de3bc931fc064300d06092a864886f70d01010b05003081b7310b3009060355040613024348311e301c0603550461131556415443482d4348452d3232312e3033322e353733313e303c060355040a133542756e646573616d74206675657220496e666f726d6174696b20756e642054656c656b6f6d6d756e696b6174696f6e202842495429311d301b060355040b1314537769737320476f7665726e6d656e7420504b493129302706035504031320537769737320476f7665726e6d656e7420526567756c61746564204341203032301e170d3139303530373038313730385a170d3232303530373038313730385a3081d8310b3009060355040613024348310d300b06035504070c044265726e311e301c0603550461131556415443482d4348452d3232312e3033322e353733313e303c060355040a0c3542756e646573616d74206675657220496e666f726d6174696b20756e642054656c656b6f6d6d756e696b6174696f6e202842495429311d301b060355040b0c14537769737320476f7665726e6d656e7420504b49311c301a060355040b0c1354696d65205374616d70205365727669636573311d301b06035504030c14537769737320476f7665726e6d656e742054534130820122300d06092a864886f70d01010105000382010f003082010a0282010100c03ebdc580e752ac7c7d295fcd5aa76878ff8581c24cd93966d1735277f45d26da968f85893008cbf23af61e590b7dee26838329f98ba056af360defd6269ef67a5abcb93b888140d712245b3aebcb90989d0d319a12df8990e25b5302b4ab1123fac5217901082a2ee6387be5d1f2f1855bcbe086c2b02afb20ef255d505baebe151a2148075692cc53cd6c1d529a6d35862b5e7caca45e9f4e7d40e212d38ed343b3fded2dfc0ac74884995ef209c014c338464c94d68b2504ca8f47ea7922512b5e4ab2e4ea15b5861e2ce7c89ac7440b7e3271b1a8ee4d3c5ade47e803681676d8e5b23c55f0e88c84b867774d58761f41f67ea0a0a236f140b994a107e30203010001a38202a23082029e30819306082b06010505070103048186308183300a06082b06010505070b023009060704008bec4901023008060604008e460104304b060604008e4601053041303f1639687474703a2f2f7777772e706b692e61646d696e2e63682f6370732f5044532d5347504b495f526567756c617465645f43415f30322e7064661302454e3013060604008e4601063009060704008e46010602300e0603551d0f0101ff04040302078030160603551d250101ff040c300a06082b060105050703083081d60603551d200481ce3081cb3081c806096085740111030502043081ba304306082b060105050702011637687474703a2f2f7777772e706b692e61646d696e2e63682f6370732f4350535f325f31365f3735365f315f31375f335f355f302e706466307306082b0601050507020230670c6554686973206973206120726567756c61746564206365727469666963617465206f662074686520537769737320476f7665726e6d656e7420526567756c617465642043412030322043505320666f722074696d657374616d70696e6720707572706f736573307706082b06010505070101046b3069303906082b06010505073002862d687474703a2f2f7777772e706b692e61646d696e2e63682f6169612f526567756c61746564434130322e637274302c06082b060105050730018620687474703a2f2f7777772e706b692e61646d696e2e63682f6169612f6f637370303e0603551d1f043730353033a031a02f862d687474703a2f2f7777772e706b692e61646d696e2e63682f63726c2f526567756c61746564434130322e63726c301f0603551d23041830168014340bbef2153ea40f5707e241648b3211d1290b61301d0603551d0e04160414e493988ac4bd3720d3b06950adedb7433fac9abe300c0603551d130101ff04023000300d06092a864886f70d01010b0500038202010098a5eb8bb576916f18550d84250c0cbf63976d7b90256ca0e06fcf41908d1320bcd6cdf806ffb6a34653b7a07b988b3a29fc0683a58dcec61dc2cd3ded8ce346f2017ac7d3563ceaaa3b2b5d62c2a6df58b1c58545216e74404ee3f5306f684b06b0a94776afef082fde274775c5e32560b73ce3613b80101d6cbec22f6537c98f443bb03cef12a321ffe44b5453c26d95267dc34f466488cf5f6a6d4fa7ee9cacd3e2d02551fc52cfe6672a281b930106c7a76a12e3be1a8636b024d0b1493bff33ab5a31d316cce684732f6d0438dc5cad2a71b3ead582b2f6085c11e7a70d1b2a0b33a9a37c98af41e47efa8375cb4c74012344e71f743cf4c2a99b3dde0485816553916b731ca9ddafdc0c3eddda821639a157f1c41f0cfb71db0ddd96d949a9b3bfb59886126d816a9096b2a2c2e495c0a8503131d49b2711b5d55e43f40c857ac89387f5884a8d1b1c7340ced06ea2f888653739e76b52292ad486110c2ee5c21240f8792a2b468c21d270144e4cb2b45c3cc31ccdffce5d59f30d24bc9d174d32f5c7a9d7b5df3872c988aa75aee285954a99a456973f5894c4c58dd9fd05054daaa6306f35336392207b72c414e589168a0b13cbd7e3ee26ad5e15478302e6d81df72cfcff982c765d16c91facafc5e599675cc5215c4599316df9a2d5479bd6bf40781134ed61dc59242a1aed0dd4c3068297c6e589aea449a9794c";
+var aOut = ["-----BEGIN CERTIFICATE-----\r\nMIIHvzCCBaegAwIBAgIQQGoUF7Mwn3j/XeO8kx/AZDANBgkqhkiG9w0BAQsFADCB\r\ntzELMAkGA1UEBhMCQ0gxHjAcBgNVBGETFVZBVENILUNIRS0yMjEuMDMyLjU3MzE+\r\nMDwGA1UEChM1QnVuZGVzYW10IGZ1ZXIgSW5mb3JtYXRpayB1bmQgVGVsZWtvbW11\r\nbmlrYXRpb24gKEJJVCkxHTAbBgNVBAsTFFN3aXNzIEdvdmVybm1lbnQgUEtJMSkw\r\nJwYDVQQDEyBTd2lzcyBHb3Zlcm5tZW50IFJlZ3VsYXRlZCBDQSAwMjAeFw0xOTA1\r\nMDcwODE3MDhaFw0yMjA1MDcwODE3MDhaMIHYMQswCQYDVQQGEwJDSDENMAsGA1UE\r\nBwwEQmVybjEeMBwGA1UEYRMVVkFUQ0gtQ0hFLTIyMS4wMzIuNTczMT4wPAYDVQQK\r\nDDVCdW5kZXNhbXQgZnVlciBJbmZvcm1hdGlrIHVuZCBUZWxla29tbXVuaWthdGlv\r\nbiAoQklUKTEdMBsGA1UECwwUU3dpc3MgR292ZXJubWVudCBQS0kxHDAaBgNVBAsM\r\nE1RpbWUgU3RhbXAgU2VydmljZXMxHTAbBgNVBAMMFFN3aXNzIEdvdmVybm1lbnQg\r\nVFNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwD69xYDnUqx8fSlf\r\nzVqnaHj/hYHCTNk5ZtFzUnf0XSbalo+FiTAIy/I69h5ZC33uJoODKfmLoFavNg3v\r\n1iae9npavLk7iIFA1xIkWzrry5CYnQ0xmhLfiZDiW1MCtKsRI/rFIXkBCCou5jh7\r\n5dHy8YVby+CGwrAq+yDvJV1QW66+FRohSAdWksxTzWwdUpptNYYrXnyspF6fTn1A\r\n4hLTjtNDs/3tLfwKx0iEmV7yCcAUwzhGTJTWiyUEyo9H6nkiUSteSrLk6hW1hh4s\r\n58iax0QLfjJxsajuTTxa3kfoA2gWdtjlsjxV8OiMhLhnd01Ydh9B9n6goKI28UC5\r\nlKEH4wIDAQABo4ICojCCAp4wgZMGCCsGAQUFBwEDBIGGMIGDMAoGCCsGAQUFBwsC\r\nMAkGBwQAi+xJAQIwCAYGBACORgEEMEsGBgQAjkYBBTBBMD8WOWh0dHA6Ly93d3cu\r\ncGtpLmFkbWluLmNoL2Nwcy9QRFMtU0dQS0lfUmVndWxhdGVkX0NBXzAyLnBkZhMC\r\nRU4wEwYGBACORgEGMAkGBwQAjkYBBgIwDgYDVR0PAQH/BAQDAgeAMBYGA1UdJQEB\r\n/wQMMAoGCCsGAQUFBwMIMIHWBgNVHSAEgc4wgcswgcgGCWCFdAERAwUCBDCBujBD\r\nBggrBgEFBQcCARY3aHR0cDovL3d3dy5wa2kuYWRtaW4uY2gvY3BzL0NQU18yXzE2\r\nXzc1Nl8xXzE3XzNfNV8wLnBkZjBzBggrBgEFBQcCAjBnDGVUaGlzIGlzIGEgcmVn\r\ndWxhdGVkIGNlcnRpZmljYXRlIG9mIHRoZSBTd2lzcyBHb3Zlcm5tZW50IFJlZ3Vs\r\nYXRlZCBDQSAwMiBDUFMgZm9yIHRpbWVzdGFtcGluZyBwdXJwb3NlczB3BggrBgEF\r\nBQcBAQRrMGkwOQYIKwYBBQUHMAKGLWh0dHA6Ly93d3cucGtpLmFkbWluLmNoL2Fp\r\nYS9SZWd1bGF0ZWRDQTAyLmNydDAsBggrBgEFBQcwAYYgaHR0cDovL3d3dy5wa2ku\r\nYWRtaW4uY2gvYWlhL29jc3AwPgYDVR0fBDcwNTAzoDGgL4YtaHR0cDovL3d3dy5w\r\na2kuYWRtaW4uY2gvY3JsL1JlZ3VsYXRlZENBMDIuY3JsMB8GA1UdIwQYMBaAFDQL\r\nvvIVPqQPVwfiQWSLMhHRKQthMB0GA1UdDgQWBBTkk5iKxL03INOwaVCt7bdDP6ya\r\nvjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4ICAQCYpeuLtXaRbxhVDYQl\r\nDAy/Y5dte5AlbKDgb89BkI0TILzWzfgG/7ajRlO3oHuYizop/AaDpY3Oxh3CzT3t\r\njONG8gF6x9NWPOqqOytdYsKm31ixxYVFIW50QE7j9TBvaEsGsKlHdq/vCC/eJ0d1\r\nxeMlYLc842E7gBAdbL7CL2U3yY9EO7A87xKjIf/kS1RTwm2VJn3DT0ZkiM9fam1P\r\np+6crNPi0CVR/FLP5mcqKBuTAQbHp2oS474ahjawJNCxSTv/M6taMdMWzOaEcy9t\r\nBDjcXK0qcbPq1YKy9ghcEeenDRsqCzOpo3yYr0HkfvqDdctMdAEjROcfdDz0wqmb\r\nPd4EhYFlU5Frcxyp3a/cDD7d2oIWOaFX8cQfDPtx2w3dltlJqbO/tZiGEm2BapCW\r\nsqLC5JXAqFAxMdSbJxG11V5D9AyFesiTh/WISo0bHHNAztBuoviIZTc552tSKSrU\r\nhhEMLuXCEkD4eSorRowh0nAUTkyytFw8wxzN/85dWfMNJLydF00y9cep17XfOHLJ\r\niKp1ruKFlUqZpFaXP1iUxMWN2f0FBU2qpjBvNTNjkiB7csQU5YkWigsTy9fj7iat\r\nXhVHgwLm2B33LPz/mCx2XRbJH6yvxeWZZ1zFIVxFmTFt+aLVR5vWv0B4ETTtYdxZ\r\nJCoa7Q3UwwaCl8blia6kSal5TA==\r\n-----END CERTIFICATE-----\r\n"];
+deepEqual(parser.getCertificateSet(hIn), aOut, "set");
+
+});
+
 });
 -->
 
diff --git a/test/qunit-do-asn1hex.html b/test/qunit-do-asn1hex.html
index 5a83c7c2..243d06a5 100755
--- a/test/qunit-do-asn1hex.html
+++ b/test/qunit-do-asn1hex.html
@@ -302,7 +302,6 @@
  */
 
 test("hextooidstr", function() {
-  expect(3);
   equal(ASN1HEX.hextooidstr("2a"), "1.2", "2a->1.2");
   equal(ASN1HEX.hextooidstr("608648016503040201"),  // SHA256
         "2.16.840.1.101.3.4.2.1", "sha256");
diff --git a/test/qunit-do-asn1tsp.html b/test/qunit-do-asn1tsp.html
index 966365b1..5da34b9a 100755
--- a/test/qunit-do-asn1tsp.html
+++ b/test/qunit-do-asn1tsp.html
@@ -561,6 +561,91 @@
 equal(tsa.getTSTHex('626262', 'sha256').substr(0, 2), '30', 'bbb 2');
 });
 
+test("TSPParser test", function() {
+var hTSR = "3082024130030201003082023806092a864886f70d010702a082022930820225020103310f300d060960864801650304020105003053060b2a864886f70d0109100104a0440442304002010106042a0304053011300906052b0e03021a05000404a1a2a3a4020103181332303133313233313233353935392e3132335a3004800201f40101ff020103318201b8308201b40201013020301b310b3009060355040613025553310c300a060355040a0c0343413102014d300d06096086480165030402010500a06b301a06092a864886f70d010903310d060b2a864886f70d0109100104301c06092a864886f70d010905310f170d3133313233313233353935395a302f06092a864886f70d0109043122042024e488bbec64ebd7696c0e1aeff2743c697950f50d82404a4fb620d29f430259300d06092a864886f70d01010b0500048201003c2ef00801d245023bd1e519c7188e1585675550822de111b25db4cf6f3a400caec35758a5ceb08fb4a689eeb1541001f0c3ed5e1c2390cb9165bcde64cc6ed9e53752bfb8833784920be7f3838959180a46a6ade9b5cd901c4d845c95182cbedd37df79afc3096dc276d2e0c4b0ea514807e40d6bdac2c8fc83869f550968ccc0405b9f4e455ddb5683cc06bdc125afee75c898d29d1069a644721f12a51689508a1b09695978b828ff9025e877fd4b31ecde81ca1647be347dc47e8f2c85dc7d34e051382fa8ca5e834f8de224418f469d1eb78a631fa04f910a3de86c7badc273e212dba2b60791b0aec251046521fe9c2bd2d84f717f520035baa9a4577e";
+
+var parser = new KJUR.asn1.tsp.TSPParser();
+
+deepEqual(parser.getPKIStatusInfo("3003030100"), {status: "granted"}, "PKIStatusInfo granted");
+
+var pExpect1 = {
+  statusinfo: {status: "granted"},
+  version: 3,
+  hashalgs: ["sha256"],
+  econtent: {
+    type: "tstinfo",
+    content: {
+      policy: "1.2.3.4.5",
+      messageImprint: {
+        "alg": "sha1",
+        "hash": "a1a2a3a4"
+      },
+      genTime: {str: "20131231235959.123Z"},
+      serial: {hex: "03"},
+      accuracy: {millis: 500},
+      ordering: true,
+      nonce: {hex: "03"}
+    }
+  },
+  sinfos: [{
+    version: 1,
+    hashalg: "sha256",
+    id: {
+      type: "isssn",
+      issuer: {
+        array: [
+          [{type:"C",value:"US",ds:"prn"}],
+          [{type:"O",value:"CA1",ds:"utf8"}]
+        ],
+        str: "/C=US/O=CA1"
+      },
+      serial: {hex: "4d"}
+    },
+    sattrs: [{
+      attr: "contentType",
+      type: "tstinfo"
+    },{
+      attr: "signingTime",
+      str: "131231235959Z"
+    },{
+      attr: "messageDigest",
+      hex: "24e488bbec64ebd7696c0e1aeff2743c697950f50d82404a4fb620d29f430259"
+    }],
+    sigalg: "SHA256withRSA",
+    sighex: "048201003c2ef00801d245023bd1e519c7188e1585675550822de111b25db4cf6f3a400caec35758a5ceb08fb4a689eeb1541001f0c3ed5e1c2390cb9165bcde64cc6ed9e53752bfb8833784920be7f3838959180a46a6ade9b5cd901c4d845c95182cbedd37df79afc3096dc276d2e0c4b0ea514807e40d6bdac2c8fc83869f550968ccc0405b9f4e455ddb5683cc06bdc125afee75c898d29d1069a644721f12a51689508a1b09695978b828ff9025e877fd4b31ecde81ca1647be347dc47e8f2c85dc7d34e051382fa8ca5e834f8de224418f469d1eb78a631fa04f910a3de86c7badc273e212dba2b60791b0aec251046521fe9c2bd2d84f717f520035baa9a4577e"
+  }],
+};
+deepEqual(parser.getResponse(hTSR), pExpect1, "TimeStampResp");
+
+var hIn2 = "3009020107800107810107";
+var pExpect2 = {seconds: 7, millis: 7, micros: 7};
+deepEqual(parser.getAccuracy(hIn2), pExpect2, "accuracy=7,7,7");
+
+var hIn3 = "3004800201f4";
+var pExpect3 = {millis: 500};
+deepEqual(parser.getAccuracy(hIn3), pExpect3, "accuracy=-,500,-");
+
+var hIn4 = "306202010106042a0304053011300906052b0e03021a05000404a1a2a3a4020103181332303133313233313233353935392e3132335a3004800201f40101ff020103a020a41e301c310b3009060355040613025553310d300b060355040a0c0454535031";
+var pExpect4 = {
+  policy: "1.2.3.4.5",
+  messageImprint: {alg: "sha1", hash: "a1a2a3a4"},
+  serial: {hex: "03"},
+  genTime: {str: "20131231235959.123Z"},
+  accuracy: {millis: 500},
+  ordering: true,
+  nonce: {hex: "03"},
+  tsa: {
+    array: [
+      [{type:"C",value:"US",ds:"prn"}],
+      [{type:"O",value:"TSP1",ds:"utf8"}]
+    ],
+    str: "/C=US/O=TSP1"
+  }
+};
+deepEqual(parser.getTSTInfo(hIn4), pExpect4, "tstinfo");
+
+});
+
 });
 -->
 
diff --git a/test/qunit-do-asn1x509-newcert-veri.html b/test/qunit-do-asn1x509-newcert-veri.html
index 7ac76727..f69362bd 100755
--- a/test/qunit-do-asn1x509-newcert-veri.html
+++ b/test/qunit-do-asn1x509-newcert-veri.html
@@ -58,10 +58,10 @@
    subject: {str: '/C=US/O=b'},
    sbjpubkey: null,
    ext: [
-     {basicConstraints: {cA: true, critical: true}},
-     {keyUsage: {bin: '11'}},
-     {cRLDistributionPoints: {uri: 'http://aaa.com/a.crl'}},
-     {extKeyUsage: {array: [{name: 'clientAuth'}]}},
+     {extname: "basicConstraints", cA: true, critical: true},
+     {extname: "keyUsage", bin: '11'},
+     {extname: "cRLDistributionPoints", uri: 'http://aaa.com/a.crl'},
+     {extname: "extKeyUsage", array: [{name: 'clientAuth'}]},
    ],
    cakey: null
 };
diff --git a/test/qunit-do-base64x.html b/test/qunit-do-base64x.html
index a5c5bfae..7cc204e5 100755
--- a/test/qunit-do-base64x.html
+++ b/test/qunit-do-base64x.html
@@ -292,6 +292,27 @@
         '2001:db8::abcd:ef12');
 });
 
+test("oidtohex", function() {
+equal(oidtohex("2.16.840.1.101.3.4.2.1"), "608648016503040201", "sha256");
+equal(oidtohex("1.2.840.113549.1.1.5"), "2a864886f70d010105", "SHA1withRSA");
+equal(oidtohex("2.5.4.6"), "550406", "2.5.4.6=550406");
+equal(oidtohex("2.5.12345"), "55e039", "2.5.12345=55e039");
+equal(oidtohex("2.5.b30="), null, "2.5.b30==null");
+});
+
+test("hextooid", function() {
+equal(hextooid("608648016503040201"), "2.16.840.1.101.3.4.2.1", "sha256");
+equal(hextooid("2a864886f70d010105"), "1.2.840.113549.1.1.5", "SHA1withRSA");
+equal(hextooid("=-=-"), null, "=-=- > null");
+});
+
+test("strpad", function() {
+equal(strpad("1234", 10, "0"), "0000001234", "1234 10 0");
+equal(strpad("1234", 10, " "), "      1234", "1234 10 _");
+equal(strpad("1234", 10), "0000001234", "1234 10");
+equal(strpad("1234", 3), "1234", "1234 3");
+});
+
 });
 
   
diff --git a/test/qunit-do-x509-ext.html b/test/qunit-do-x509-ext.html
index 0dccf96e..88fcfdef 100755
--- a/test/qunit-do-x509-ext.html
+++ b/test/qunit-do-x509-ext.html
@@ -476,13 +476,25 @@
 "for DigiCert EV root");
 
 var x = new X509();
-deepEqual(
-x.getExtAuthorityKeyIdentifier("3039801427e00502504b088259f76ece524799e2246e30eba11ea41c301a310b3009060355040613024a50310b3009060355040a0c025431820101", true),
-{extname:"authorityKeyIdentifier",
+var hIn3 = "3039801427e00502504b088259f76ece524799e2246e30eba11ea41c301a310b3009060355040613024a50310b3009060355040a0c025431820101";
+var pExp3 = {
+ extname:"authorityKeyIdentifier",
  kid: {hex: "27e00502504b088259f76ece524799e2246e30eb"},
- issuer: {hex: "301a310b3009060355040613024a50310b3009060355040a0c025431"},
+ issuer: {
+  array: [
+   [{type:"C",value:"JP",ds:"prn"}],
+   [{type:"O",value:"T1",ds:"utf8"}]
+  ],
+  str: "/C=JP/O=T1"
+ },
  sn: {hex: "01"},
- critical:true},
+ critical:true
+};
+
+
+deepEqual(
+x.getExtAuthorityKeyIdentifier(hIn3, true),
+pExp3,
 "hoge");
 });
 
@@ -827,18 +839,44 @@
 
 test("getGeneralNames test" , function() {
 var x = new X509();
-deepEqual(
-x.getGeneralNames("a011860f687474703a2f2f6161612e636f6d2f"),
-[{uri: "http://aaa.com/"}],
-"[{uri: http://aaa.com/}]");
+
+var hIn1 = "a011860f687474703a2f2f6161612e636f6d2f";
+var pExpect1 = [{uri: "http://aaa.com/"}];
+deepEqual(x.getGeneralNames(hIn1), pExpect1, "[{uri}]");
+
+var hIn2 = "301ea41c301a310b3009060355040613024a50310b3009060355040a0c025431";
+var pExpect2 = [{
+  dn: {
+    array: [
+      [{type:"C", value:"JP", ds:"prn"}],
+      [{type:"O", value:"T1", ds:"utf8"}]
+    ],
+    str: "/C=JP/O=T1"
+  }
+}];
+deepEqual(x.getGeneralNames(hIn2), pExpect2, "[{dn}]");
+
 });
 
 test("getGeneralName test" , function() {
 var x = new X509();
-deepEqual(
-x.getGeneralName("860f687474703a2f2f6161612e636f6d2f"),
-{uri: "http://aaa.com/"},
-"{uri: http://aaa.com/}");
+
+var hIn1 = "860f687474703a2f2f6161612e636f6d2f";
+var pExpect1 = {uri: "http://aaa.com/"};
+deepEqual(x.getGeneralName(hIn1), pExpect1, "uri");
+
+var hIn2 = "a41c301a310b3009060355040613024a50310b3009060355040a0c025431";
+var pExpect2 = {
+  dn: {
+    array: [
+      [{type:"C", value:"JP", ds:"prn"}],
+      [{type:"O", value:"T1", ds:"utf8"}]
+    ],
+    str: "/C=JP/O=T1"
+  }
+};
+deepEqual(x.getGeneralName(hIn2), pExpect2, "dn");
+
 });
 
 test("getX500NameRule test", function() {
@@ -864,12 +902,18 @@
 
 test("getX500Name test", function() {
 var x = new X509();
-deepEqual(
-x.getX500Name("302a310b3009060355040613024a50310a3008060355040a0c0162310f300d060355040316066140612e6a70"),
-[[{type:"C",value:"JP",ds:"prn"}],
-[{type:"O",value:"b",ds:"utf8"}],
-[{type:"CN",value:"a@a.jp",ds:"ia5"}]],
-"[CN a@a.jp ia5]");
+
+var hIn1 = "302a310b3009060355040613024a50310a3008060355040a0c0162310f300d060355040316066140612e6a70";
+var pExpect = {
+  array: [
+    [{type:"C",value:"JP",ds:"prn"}],
+    [{type:"O",value:"b",ds:"utf8"}],
+    [{type:"CN",value:"a@a.jp",ds:"ia5"}]
+  ],
+  str: "/C=JP/O=b/CN=a@a.jp"
+};
+
+deepEqual(x.getX500Name(hIn1), pExpect, "/C=JP/O=b/CN=a@a.jp")
 });
 
 test("getRDN test", function() {
@@ -900,6 +944,22 @@
 "C JP prn");
 });
 
+test("X509.dnarraytostr", function() {
+var x = new X509();
+
+var a1 = [[{type:"C",value:"JP",ds:"prn"}],[{type:"O",value:"T1",ds:"prn"}]];
+var s1 = "/C=JP/O=T1";
+equal(x.dnarraytostr(a1), s1, s1);
+
+var a2 = [
+  [{type:"C",value:"JP",ds:"prn"}],
+  [{type:"O",value:"T1",ds:"prn"},{type:"CN",value:"Bob",ds:"prn"}]
+];
+var s2 = "/C=JP/O=T1+CN=Bob";
+equal(x.dnarraytostr(a2), s2, s2);
+});
+
+
 });
 
   
diff --git a/test/x509crl.html b/test/x509crl.html
index 908fbd14..0a366afe 100755
--- a/test/x509crl.html
+++ b/test/x509crl.html
@@ -111,7 +111,8 @@
    [{type:"O",value:"DigiCert Inc",ds:"prn"}],
    [{type:"OU",value:"www.digicert.com",ds:"prn"}],
    [{type:"CN",value:"DigiCert Global Root CA",ds:"prn"}]
-  ]
+  ],
+  str: "/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA"
  },
  thisupdate: "200820212434Z",
  nextupdate: "200910212434Z",