diff --git a/ChangeLog.txt b/ChangeLog.txt index 43359bba..85783760 100755 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,6 +1,11 @@ ChangeLog for jsrsasign +X509.getExtSubjectDirectoryAttributes bugfix +* Changes from 10.8.4 to 10.8.5 (2023-Apr-26) + - src/x509.js + - bugfix X509.getExtSubjectDirectoryAttributes method + more SubjectDirectoryExtension support * Changes from 10.8.3 to 10.8.4 (2023-Apr-26) - src/asn1x509.js diff --git a/api/files.html b/api/files.html index 21039485..82c0d132 100644 --- a/api/files.html +++ b/api/files.html @@ -896,7 +896,7 @@

x509-1.1.js

Version:
-
jsrsasign 10.8.4 x509 2.1.4 (2023-Apr-26)
+
jsrsasign 10.8.5 x509 2.1.5 (2023-Apr-26)
diff --git a/api/symbols/src/x509-1.1.js.html b/api/symbols/src/x509-1.1.js.html index c5f91063..7b955b03 100644 --- a/api/symbols/src/x509-1.1.js.html +++ b/api/symbols/src/x509-1.1.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
  1 /* x509-2.1.4.js (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license
+	
  1 /* x509-2.1.5.js (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license
   2  */
   3 /*
   4  * x509.js - X509 class to read subject public key from certificate.
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name x509-1.1.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 10.8.4 x509 2.1.4 (2023-Apr-26)
+ 19  * @version jsrsasign 10.8.5 x509 2.1.5 (2023-Apr-26)
  20  * @since jsrsasign 1.x.x
  21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -2608,1338 +2608,1339 @@
 2601 	    var pASN1 = _ASN1HEX_parse(hExtV);
 2602 	    for (var i = 0; i < pASN1.seq.length; i++) {
 2603 		var aASN1Attribute = pASN1.seq[i];
-2604 		var attrType = aryval(aASN1Attribute, "0.oid");
-2605 		var attrValue = aryval(aASN1Attribute, "1.set");
-2606 		return { attr: attrType, array: attrValue };
-2607 	    }
-2608 	    result.array = aValue;
-2609 	    return result;
-2610 	} catch(ex) {
-2611 	    throw new Error("malformed subjectDirectoryAttributes extension value");
-2612 	}
-2613     }
-2614 
-2615     // ===== BEGIN X500Name related =====================================
-2616     /*
-2617      * convert ASN.1 parsed object to attrTypeAndValue assoc array<br/>
-2618      * @name _convATV
-2619      * @param p associative array of parsed attrTypeAndValue object
-2620      * @return attrTypeAndValue associative array
-2621      * @since jsrsasign 10.5.12 x509 2.0.14
-2622      * @example
-2623      * _convATV({seq: [...]} &rarr: {type:"C",value:"JP",ds:"prn"}
-2624      */
-2625     var _convATV = function(p) {
-2626 	var result = {};
-2627 	try {
-2628 	    var name = p.seq[0].oid;
-2629 	    var oid = KJUR.asn1.x509.OID.name2oid(name);
-2630 	    result.type = KJUR.asn1.x509.OID.oid2atype(oid);
-2631 	    var item1 = p.seq[1];
-2632 	    if (item1.utf8str != undefined) {
-2633 		result.ds = "utf8";
-2634 		result.value = item1.utf8str.str;
-2635 	    } else if (item1.numstr != undefined) {
-2636 		result.ds = "num";
-2637 		result.value = item1.numstr.str;
-2638 	    } else if (item1.telstr != undefined) {
-2639 		result.ds = "tel";
-2640 		result.value = item1.telstr.str;
-2641 	    } else if (item1.prnstr != undefined) {
-2642 		result.ds = "prn";
-2643 		result.value = item1.prnstr.str;
-2644 	    } else if (item1.ia5str != undefined) {
-2645 		result.ds = "ia5";
-2646 		result.value = item1.ia5str.str;
-2647 	    } else if (item1.visstr != undefined) {
-2648 		result.ds = "vis";
-2649 		result.value = item1.visstr.str;
-2650 	    } else if (item1.bmpstr != undefined) {
-2651 		result.ds = "bmp";
-2652 		result.value = item1.bmpstr.str;
-2653 	    } else {
-2654 		throw "error";
-2655 	    }
-2656 	    return result;
-2657 	} catch(ex) {
-2658 	    throw new Erorr("improper ASN.1 parsed AttrTypeAndValue");
-2659 	}
-2660     };
-2661 
-2662     /*
-2663      * convert ASN.1 parsed object to RDN array<br/>
-2664      * @name _convRDN
-2665      * @param p associative array of parsed RDN object
-2666      * @return RDN array
-2667      * @since jsrsasign 10.5.12 x509 2.0.14
-2668      * @example
-2669      * _convRDN({set: [...]} &rarr: [{type:"C",value:"JP",ds:"prn"}]
-2670      */
-2671     var _convRDN = function(p) {
-2672 	try {
-2673 	    return p.set.map(function(pATV){return _convATV(pATV)});
-2674 	} catch(ex) {
-2675 	    throw new Error("improper ASN.1 parsed RDN: " + ex);
-2676 	}
-2677     };
-2678 
-2679     /*
-2680      * convert ASN.1 parsed object to X500Name array<br/>
-2681      * @name _convX500Name
-2682      * @param p associative array of parsed X500Name array object
-2683      * @return RDN array
-2684      * @since jsrsasign 10.5.12 x509 2.0.14
-2685      * @example
-2686      * _convX500Name({seq: [...]} &rarr: [[{type:"C",value:"JP",ds:"prn"}]]
-2687      */
-2688     var _convX500Name = function(p) {
-2689 	try {
-2690 	    return p.seq.map(function(pRDN){return _convRDN(pRDN)});
-2691 	} catch(ex) {
-2692 	    throw new Error("improper ASN.1 parsed X500Name: " + ex);
-2693 	}
-2694     };
-2695 
-2696     this.getX500NameRule = function(aDN) {
-2697 	var isPRNRule = true;
-2698 	var isUTF8Rule = true;
-2699 	var isMixedRule = false;
-2700 	var logfull = "";
-2701 	var logcheck = "";
-2702 	var lasttag = null;
-2703 
-2704 	var a = [];
-2705 	for (var i = 0; i < aDN.length; i++) {
-2706 	    var aRDN = aDN[i];
-2707 	    for (var j = 0; j < aRDN.length; j++) {
-2708 		a.push(aRDN[j]);
-2709 	    }
-2710 	}
-2711 
-2712 	for (var i = 0; i < a.length; i++) {
-2713 	    var item = a[i];
-2714 	    var tag = item.ds;
-2715 	    var value = item.value;
-2716 	    var type = item.type;
-2717 	    logfull += ":" + tag;
-2718 	    
-2719 	    if (tag != "prn" && tag != "utf8" && tag != "ia5") {
-2720 		return "mixed";
-2721 	    }
-2722 	    if (tag == "ia5") {
-2723 		if (type != "CN") {
-2724 		    return "mixed";
-2725 		} else {
-2726 		    if (! KJUR.lang.String.isMail(value)) {
-2727 			return "mixed";
-2728 		    } else {
-2729 			continue;
-2730 		    }
-2731 		}
-2732 	    }
-2733 	    if (type == "C") {
-2734 		if (tag == "prn") {
-2735 		    continue;
-2736 		} else {
-2737 		    return "mixed";
-2738 		}
-2739 	    }
-2740 	    logcheck += ":" + tag;
-2741 	    if (lasttag == null) {
-2742 		lasttag = tag;
-2743 	    } else {
-2744 		if (lasttag !== tag) return "mixed";
-2745 	    }
-2746 	}
-2747 	if (lasttag == null) {
-2748 	    return "prn";
-2749 	} else {
-2750 	    return lasttag;
-2751 	}
-2752     };
-2753 
-2754     /**
-2755      * get AttributeTypeAndValue ASN.1 structure parameter as JSON object<br/>
-2756      * @name getAttrTypeAndValue
-2757      * @memberOf X509#
-2758      * @function
-2759      * @param {String} h hexadecimal string of AttributeTypeAndValue
-2760      * @return {Object} JSON object of AttributeTypeAndValue parameters
-2761      * @since jsrsasign 9.0.0 x509 2.0.0
-2762      * @see X509#getX500Name
-2763      * @see X509#getRDN
-2764      * @description
-2765      * This method will get AttributeTypeAndValue parameters defined in
-2766      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-2767      * RFC 5280 4.1.2.4</a>.
-2768      * <pre>
-2769      * AttributeTypeAndValue ::= SEQUENCE {
-2770      *   type     AttributeType,
-2771      *   value    AttributeValue }
-2772      * AttributeType ::= OBJECT IDENTIFIER
-2773      * AttributeValue ::= ANY -- DEFINED BY AttributeType
-2774      * </pre>
-2775      * <ul>
-2776      * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li>
-2777      * <li>{String}value - raw string of ASN.1 value of AttributeValue</li>
-2778      * <li>{String}ds - DirectoryString type of AttributeValue</li>
-2779      * </ul>
-2780      * "ds" has one of following value:
-2781      * <ul>
-2782      * <li>utf8 - (0x0c) UTF8String</li>
-2783      * <li>num  - (0x12) NumericString</li>
-2784      * <li>prn  - (0x13) PrintableString</li>
-2785      * <li>tel  - (0x14) TeletexString</li>
-2786      * <li>ia5  - (0x16) IA5String</li>
-2787      * <li>vis  - (0x1a) VisibleString</li>
-2788      * <li>bmp  - (0x1e) BMPString</li>
-2789      * </ul>
-2790      * @example
-2791      * x = new X509();
-2792      * x.getAttrTypeAndValue("30...") →
-2793      * {type:"CN",value:"john.smith@example.com",ds:"ia5"} or
-2794      * {type:"O",value:"Sample Corp.",ds:"prn"}
-2795      */
-2796     // unv  - (0x1c??) UniversalString ... for future
-2797     this.getAttrTypeAndValue = function(h) {
-2798 	var p = _ASN1HEX_parse(h);
-2799 	return _convATV(p);
-2800     };
-2801 
-2802     /**
-2803      * get RelativeDistinguishedName ASN.1 structure parameter array<br/>
-2804      * @name getRDN
-2805      * @memberOf X509#
-2806      * @function
-2807      * @param {String} h hexadecimal string of RDN
-2808      * @return {Array} array of AttrTypeAndValue parameters
-2809      * @since jsrsasign 9.0.0 x509 2.0.0
-2810      * @see X509#getX500Name
-2811      * @see X509#getRDN
-2812      * @see X509#getAttrTypeAndValue
-2813      * @description
-2814      * This method will get RelativeDistinguishedName parameters defined in
-2815      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-2816      * RFC 5280 4.1.2.4</a>.
-2817      * <pre>
-2818      * RelativeDistinguishedName ::=
-2819      *   SET SIZE (1..MAX) OF AttributeTypeAndValue
-2820      * </pre>
-2821      * @example
-2822      * x = new X509();
-2823      * x.getRDN("31...") →
-2824      * [{type:"C",value:"US",ds:"prn"}] or
-2825      * [{type:"O",value:"Sample Corp.",ds:"prn"}] or
-2826      * [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
-2827      */
-2828     this.getRDN = function(h) {
-2829 	var p = _ASN1HEX_parse(h);
-2830 	return _convRDN(p);
-2831     };
-2832 
-2833     /**
-2834      * get X.500 Name ASN.1 structure parameter array<br/>
-2835      * @name getX500NameArray
-2836      * @memberOf X509#
-2837      * @function
-2838      * @param {String} h hexadecimal string of Name
-2839      * @return {Array} array of RDN parameter array
-2840      * @since jsrsasign 10.0.6 x509 2.0.9
-2841      * @see X509#getX500Name
-2842      * @see X509#getRDN
-2843      * @see X509#getAttrTypeAndValue
-2844      * @description
-2845      * This method will get Name parameter defined in
-2846      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-2847      * RFC 5280 4.1.2.4</a>.
-2848      * <pre>
-2849      * Name ::= CHOICE { -- only one possibility for now --
-2850      *   rdnSequence  RDNSequence }
-2851      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-2852      * </pre>
-2853      * @example
-2854      * x = new X509();
-2855      * x.getX500NameArray("30...") →
-2856      * [[{type:"C",value:"US",ds:"prn"}],
-2857      *  [{type:"O",value:"Sample Corp.",ds:"utf8"}],
-2858      *  [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]]
-2859      */
-2860     this.getX500NameArray = function(h) {
-2861 	var p = _ASN1HEX_parse(h);
-2862 	return _convX500Name(p);
-2863     };
-2864 
-2865     /**
-2866      * get Name ASN.1 structure parameter array<br/>
-2867      * @name getX500Name
-2868      * @memberOf X509#
-2869      * @function
-2870      * @param {String} h hexadecimal string of Name
-2871      * @param {boolean} flagCanon flag to conclude canonicalized name (DEFAULT false)
-2872      * @param {boolean} flagHex flag to conclude hexadecimal string (DEFAULT false)
-2873      * @return {Array} array of RDN parameter array
-2874      * @since jsrsasign 9.0.0 x509 2.0.0
-2875      * @see X509#getX500NameArray
-2876      * @see X509#getRDN
-2877      * @see X509#getAttrTypeAndValue
-2878      * @see X509#c14nRDNArray
-2879      * @see KJUR.asn1.x509.X500Name
-2880      * @see KJUR.asn1.x509.GeneralName
-2881      * @see KJUR.asn1.x509.GeneralNames
-2882      *
-2883      * @description
-2884      * This method will get Name parameter defined in
-2885      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-2886      * RFC 5280 4.1.2.4</a>.
-2887      * <pre>
-2888      * Name ::= CHOICE { -- only one possibility for now --
-2889      *   rdnSequence  RDNSequence }
-2890      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-2891      * </pre>
-2892      * <br>
-2893      * NOTE: From jsrsasign 10.6.0, flagHex and flagCanon has been 
-2894      * supported to conclude a canonicalized name for caseIgnoreMatch
-2895      * desribed in <a href="https://tools.ietf.org/html/rfc4518">
-2896      * RFC 4518</a>.
-2897      *
-2898      * @example
-2899      * x = new X509();
-2900      * x.getX500Name("30...") →
-2901      * { array: [
-2902      *     [{type:"C",value:"US",ds:"prn"}],
-2903      *     [{type:"O",value:"Sample Corp.",ds:"utf8"}],
-2904      *     [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
-2905      *   ],
-2906      *   str: "/C=US/O=Sample Corp./CN=john.smith@example.com",
-2907      *   hex: "30..." }
-2908      *
-2909      * x.getX500Name("30...", true) →
-2910      * { array: [
-2911      *     [{type:"C",value:"US",ds:"prn"}],
-2912      *     [{type:"O",value:"Sample    Corp.",ds:"utf8"}]
-2913      *   ],
-2914      *   str: "/C=US/O=Sample    Corp.",
-2915      *   canon: "/c=us/o=sample corp.",
-2916      *   hex: "30..." }
-2917      */
-2918     this.getX500Name = function(h, flagCanon, flagHex) {
-2919 	var a = this.getX500NameArray(h);
-2920 	var s = this.dnarraytostr(a);
-2921 	var result = { str: s };
-2922 
-2923 	result.array = a;
-2924 	if (flagHex == true) result.hex = h;
-2925 	if (flagCanon == true) result.canon = this.c14nRDNArray(a);
-2926 	return result;
-2927     };
-2928 
-2929     // ===== END X500Name related =====================================
-2930 
-2931     // ===== BEGIN read certificate =====================================
-2932     /**
-2933      * read PEM formatted X.509 certificate from string.<br/>
-2934      * @name readCertPEM
-2935      * @memberOf X509#
-2936      * @function
-2937      * @param {String} sCertPEM string for PEM formatted X.509 certificate
-2938      * @example
-2939      * x = new X509();
-2940      * x.readCertPEM(sCertPEM); // read certificate
-2941      */
-2942     this.readCertPEM = function(sCertPEM) {
-2943         this.readCertHex(_pemtohex(sCertPEM));
-2944     };
-2945 
-2946     /**
-2947      * read a hexadecimal string of X.509 certificate<br/>
-2948      * @name readCertHex
-2949      * @memberOf X509#
-2950      * @function
-2951      * @param {String} sCertHex hexadecimal string of X.509 certificate
-2952      * @since jsrsasign 7.1.4 x509 1.1.13
-2953      * @description
-2954      * NOTE: {@link X509#parseExt} will called internally since jsrsasign 7.2.0.
-2955      * @example
-2956      * x = new X509();
-2957      * x.readCertHex("3082..."); // read certificate
-2958      */
-2959     this.readCertHex = function(sCertHex) {
-2960         this.hex = sCertHex;
-2961 	this.getVersion(); // set version parameter
-2962 
-2963 	try {
-2964 	    _getIdxbyList(this.hex, 0, [0, 7], "a3"); // has [3] v3ext
-2965 	    this.parseExt();
-2966 	} catch(ex) {};
-2967     };
-2968 
-2969     // ===== END read certificate =====================================
-2970 
-2971     /**
-2972      * get JSON object of certificate parameters<br/>
-2973      * @name getParam
-2974      * @memberOf X509#
-2975      * @function
-2976      * @param {Object} option optional setting for return object
-2977      * @return {Object} JSON object of certificate parameters
-2978      * @since jsrsasign 9.0.0 x509 2.0.0
-2979      * @see KJUR.asn1.x509.X509Util.newCertPEM
-2980      *
-2981      * @description
-2982      * This method returns a JSON object of the certificate
-2983      * parameters. Return value can be passed to
-2984      * {@link KJUR.asn1.x509.X509Util.newCertPEM}.
-2985      * <br/>
-2986      * NOTE1: From jsrsasign 10.5.16, optional argument can be applied.
-2987      * It can have following members:
-2988      * <ul>
-2989      * <li>tbshex - (boolean) tbshex member with hex value of 
-2990      * tbsCertificate will be added if true (DEFAULT undefined)</li>
-2991      * <li>nodnarray - (boolean) array member for subject and
-2992      * issuer will be deleted to simplify it if true (DEFAULT undefined)<li>
-2993      * <li>dncanon - (boolean) add canon member to subject and issuer for DN StringPrep if true(DEFAULT undefined)</li>
-2994      * <li>dnhex - (boolean) add hex member to subject and issuer if true(DEFAULT undefined)</li>
-2995      * </ul>
-2996      * <br/>
-2997      * NOTE2: From jsrsasign 10.6.0, member "dncanon" and "dnhex" supported
-2998      * in the "option" argument.
-2999      *
-3000      * @example
-3001      * x = new X509();
-3002      * x.readCertPEM("-----BEGIN CERTIFICATE...");
-3003      * x.getParam() →
-3004      * {version:3,
-3005      *  serial:{hex:"12ab"},
-3006      *  sigalg:"SHA256withRSA",
-3007      *  issuer: {array:[[{type:'CN',value:'CA1',ds:'prn'}]],str:"/O=CA1"},
-3008      *  notbefore:"160403023700Z",
-3009      *  notafter:"160702023700Z",
-3010      *  subject: {array:[[{type:'CN',value:'Test1',ds:'prn'}]],str:"/CN=Test1"},
-3011      *  sbjpubkey:"-----BEGIN PUBLIC KEY...",
-3012      *  ext:[
-3013      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
-3014      *   {extname:"basicConstraints",critical:true},
-3015      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
-3016      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-3017      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
-3018      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
-3019      *  ],
-3020      *  sighex:"0b76...8"
-3021      * };
-3022      *
-3023      * x.getParam({tbshex: true}) → { ... , tbshex: "30..." }
-3024      * x.getParam({nodnarray: true}) → {issuer: {str: "/C=JP"}, ...}
-3025      * x.getParam({dncanon: true}) → {... {issuer: {canon: "/c=jp/o=..."} ...} ...}
-3026      * x.getParam({dnhex: true}) → {... {issuer: {hex: "30..."} ...} ...}
-3027      */
-3028     this.getParam = function(option) {
-3029 	var result = {};
-3030 	if (option == undefined) option = {};
-3031 
-3032 	result.version = this.getVersion();
-3033 	result.serial = {hex: this.getSerialNumberHex()};
-3034 	result.sigalg = this.getSignatureAlgorithmField();
-3035 	result.issuer = this.getIssuer(option.dncanon, option.dnhex);
-3036 	result.notbefore = this.getNotBefore();
-3037 	result.notafter = this.getNotAfter();
-3038 	result.subject = this.getSubject(option.dncanon, option.dnhex);
-3039 	result.sbjpubkey = hextopem(this.getPublicKeyHex(), "PUBLIC KEY");
-3040 	if (this.aExtInfo != undefined &&
-3041 	    this.aExtInfo.length > 0) {
-3042 	    result.ext = this.getExtParamArray();
-3043 	}
-3044 	result.sighex = this.getSignatureValueHex();
-3045 
-3046 	// for options
-3047 	if (option.tbshex == true) {
-3048 	    result.tbshex = _getTLVbyList(this.hex, 0, [0]);
-3049 	}
-3050 	if (option.nodnarray == true) {
-3051 	    delete result.issuer.array;
-3052 	    delete result.subject.array;
-3053 	}
-3054 
-3055 	return result;
-3056     };
-3057 
-3058     /** 
-3059      * get array of certificate extension parameter JSON object<br/>
-3060      * @name getExtParamArray
-3061      * @memberOf X509#
-3062      * @function
-3063      * @param {String} hExtSeq hexadecimal string of SEQUENCE of Extension
-3064      * @return {Array} array of certificate extension parameter JSON object
-3065      * @since jsrsasign 9.0.0 x509 2.0.0
-3066      * @see KJUR.asn1.x509.X509Util.newCertPEM
-3067      * @see X509#getParam
-3068      * @see X509#getExtParam
-3069      * @see X509CRL#getParam
-3070      * @see KJUR.asn1.csr.CSRUtil.getParam
-3071      *
-3072      * @description
-3073      * This method returns an array of certificate extension
-3074      * parameters. 
-3075      * <br/>
-3076      * NOTE: Argument "hExtSeq" have been supported since jsrsasign 9.1.1.
-3077      *
-3078      * @example
-3079      * x = new X509();
-3080      * x.readCertPEM("-----BEGIN CERTIFICATE...");
-3081      * x.getExtParamArray() →
-3082      * [ {extname:"keyUsage",critical:true,names:["digitalSignature"]},
-3083      *   {extname:"basicConstraints",critical:true},
-3084      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
-3085      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-3086      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
-3087      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}]
-3088      */
-3089     this.getExtParamArray = function(hExtSeq) {
-3090 	if (hExtSeq == undefined) {
-3091 	    // for X.509v3 certificate
-3092 	    var idx1 = _getIdxbyListEx(this.hex, 0, [0, "[3]"]);
-3093 	    if (idx1 != -1) {
-3094 		hExtSeq = _getTLVbyListEx(this.hex, 0, [0, "[3]", 0], "30");
-3095 	    }
-3096 	}
-3097 	var result = [];
-3098 	var aIdx = _getChildIdx(hExtSeq, 0);
-3099 
-3100 	for (var i = 0; i < aIdx.length; i++) {
-3101 	    var hExt = _getTLV(hExtSeq, aIdx[i]);
-3102 	    var extParam = this.getExtParam(hExt);
-3103 	    if (extParam != null) result.push(extParam);
-3104 	}
-3105 
-3106 	return result;
-3107     };
-3108 
-3109     /** 
-3110      * get a extension parameter JSON object<br/>
-3111      * @name getExtParam
-3112      * @memberOf X509#
-3113      * @function
-3114      * @param {String} hExt hexadecimal string of Extension
-3115      * @return {Array} Extension parameter JSON object
-3116      * @since jsrsasign 9.1.1 x509 2.0.1
-3117      * @see KJUR.asn1.x509.X509Util.newCertPEM
-3118      * @see X509#getParam
-3119      * @see X509#getExtParamArray
-3120      * @see X509CRL#getParam
-3121      * @see KJUR.asn1.csr.CSRUtil.getParam
-3122      *
-3123      * @description
-3124      * This method returns a extension parameters as JSON object. 
-3125      *
-3126      * @example
-3127      * x = new X509();
-3128      * ...
-3129      * x.getExtParam("30...") →
-3130      * {extname:"keyUsage",critical:true,names:["digitalSignature"]}
-3131      */
-3132     this.getExtParam = function(hExt) {
-3133 	var result = {};
-3134 	var aIdx = _getChildIdx(hExt, 0);
-3135 	var aIdxLen = aIdx.length;
-3136 	if (aIdxLen != 2 && aIdxLen != 3)
-3137 	    throw new Error("wrong number elements in Extension: " + 
-3138 			    aIdxLen + " " + hExt);
-3139 
-3140 	var oid = _hextooidstr(_getVbyList(hExt, 0, [0], "06"));
-3141 
-3142 	var critical = false;
-3143 	if (aIdxLen == 3 && _getTLVbyList(hExt, 0, [1]) == "0101ff")
-3144 	    critical = true;
-3145 
-3146 	var hExtV = _getTLVbyList(hExt, 0, [aIdxLen - 1, 0]);
-3147 
-3148 	var extParam = undefined;
-3149 	if (oid == "2.5.29.14") {
-3150 	    extParam = this.getExtSubjectKeyIdentifier(hExtV, critical);
-3151 	} else if (oid == "2.5.29.15") {
-3152 	    extParam = this.getExtKeyUsage(hExtV, critical);
-3153 	} else if (oid == "2.5.29.17") {
-3154 	    extParam = this.getExtSubjectAltName(hExtV, critical);
-3155 	} else if (oid == "2.5.29.18") {
-3156 	    extParam = this.getExtIssuerAltName(hExtV, critical);
-3157 	} else if (oid == "2.5.29.19") {
-3158 	    extParam = this.getExtBasicConstraints(hExtV, critical);
-3159 	} else if (oid == "2.5.29.30") {
-3160 	    extParam = this.getExtNameConstraints(hExtV, critical);
-3161 	} else if (oid == "2.5.29.31") {
-3162 	    extParam = this.getExtCRLDistributionPoints(hExtV, critical);
-3163 	} else if (oid == "2.5.29.32") {
-3164 	    extParam = this.getExtCertificatePolicies(hExtV, critical);
-3165 	} else if (oid == "2.5.29.33") {
-3166 	    extParam = this.getExtPolicyMappings(hExtV, critical);
-3167 	} else if (oid == "2.5.29.35") {
-3168 	    extParam = this.getExtAuthorityKeyIdentifier(hExtV, critical);
-3169 	} else if (oid == "2.5.29.36") {
-3170 	    extParam = this.getExtPolicyConstraints(hExtV, critical);
-3171 	} else if (oid == "2.5.29.37") {
-3172 	    extParam = this.getExtExtKeyUsage(hExtV, critical);
-3173 	} else if (oid == "2.5.29.54") {
-3174 	    extParam = this.getExtInhibitAnyPolicy(hExtV, critical);
-3175 	} else if (oid == "1.3.6.1.5.5.7.1.1") {
-3176 	    extParam = this.getExtAuthorityInfoAccess(hExtV, critical);
-3177 	} else if (oid == "2.5.29.20") {
-3178 	    extParam = this.getExtCRLNumber(hExtV, critical);
-3179 	} else if (oid == "2.5.29.21") {
-3180 	    extParam = this.getExtCRLReason(hExtV, critical);
-3181 	} else if (oid == "2.5.29.9") {
-3182 	    extParam = this.getExtSubjectDirectoryAttributes(hExtV, critical);
-3183 	} else if (oid == "1.3.6.1.5.5.7.48.1.2") {
-3184 	    extParam = this.getExtOcspNonce(hExtV, critical);
-3185 	} else if (oid == "1.3.6.1.5.5.7.48.1.5") {
-3186 	    extParam = this.getExtOcspNoCheck(hExtV, critical);
-3187 	} else if (oid == "1.2.840.113583.1.1.9.1") {
-3188 	    extParam = this.getExtAdobeTimeStamp(hExtV, critical);
-3189 	} else if (X509.EXT_PARSER[oid] != undefined) {
-3190 	    extParam = X509.EXT_PARSER[oid](oid, critical, hExtV);
-3191 	}
-3192 	if (extParam != undefined) return extParam;
-3193 
-3194 	// for private or unsupported extension
-3195 	var privateParam = { extname: oid, extn: hExtV };
-3196 	try {
-3197 	    privateParam.extn = _ASN1HEX_parse(hExtV);
-3198 	} catch(ex) {}
-3199 	if (critical) privateParam.critical = true;
-3200 	return privateParam;
-3201     };
-3202 
-3203     /**
-3204      * find extension parameter in array<br/>
-3205      * @name findExt
-3206      * @memberOf X509#
-3207      * @function
-3208      * @param {Array} aExt array of extension parameters
-3209      * @param {String} extname extension name
-3210      * @return {Array} extension parameter in the array or null
-3211      * @since jsrsasign 10.0.3 x509 2.0.7
-3212      * @see X509#getParam
-3213      *
-3214      * @description
-3215      * This method returns an extension parameter for
-3216      * specified extension name in the array.
-3217      * This method is useful to update extension parameter value.
-3218      * When there is no such extension with the extname,
-3219      * this returns "null".
-3220      *
-3221      * @example
-3222      * // (1) 
-3223      * x = new X509(CERTPEM);
-3224      * params = x.getParam();
-3225      * pSKID = x.findExt(params.ext, "subjectKeyIdentifier");
-3226      * pSKID.kid = "1234abced..."; // skid in the params is updated.
-3227      *   // then params was updated
-3228      *
-3229      * // (2) another example
-3230      * aExt = [
-3231      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
-3232      *   {extname:"basicConstraints",critical:true},
-3233      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
-3234      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-3235      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
-3236      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
-3237      * ];
-3238      * var x = new X509();
-3239      * x.findExt(aExt, "authorityKeyInfoAccess").array[0].ocsp = "http://aaa.com";
-3240      * pKU = x.findExt(aExt, "keyUsage");
-3241      * delete pKU["critical"]; // clear criticla flag
-3242      * pKU.names = ["keyCertSign", "cRLSign"];
-3243      *   // then aExt was updated
-3244      */
-3245     this.findExt = function(aExt, extname) {
-3246 	for (var i = 0; i < aExt.length; i++) {
-3247 	    if (aExt[i].extname == extname) return aExt[i];
-3248 	}
-3249 	return null;
-3250 
-3251     };
-3252 
-3253     /**
-3254      * update CRLDistributionPoints Full URI in parameter<br/>
-3255      * @name updateCDPFullURI
-3256      * @memberOf X509#
-3257      * @function
-3258      * @param {Array} aExt array of extension parameters
-3259      * @param {String} newURI string of new uri
-3260      * @since jsrsasign 10.0.4 x509 2.0.8
-3261      * @see X509#findExt
-3262      * @see KJUR.asn1.x509.CRLDistributionPoints
-3263      *
-3264      * @description
-3265      * This method updates Full URI of CRLDistributionPoints extension
-3266      * in the extension parameter array if it exists.
-3267      *
-3268      * @example
-3269      * aExt = [
-3270      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-3271      *   {extname:"cRLDistributionPoints",
-3272      *    array:[{dpname:{full:[{uri:"http://example.com/a.crl"}]}}]},
-3273      * ];
-3274      * x = new X509();
-3275      * x.updateCDPFullURI(aExt, "http://crl2.example.new/b.crl");
-3276      */
-3277     this.updateExtCDPFullURI = function(aExt, newURI) {
-3278 	var pExt = this.findExt(aExt, "cRLDistributionPoints");
-3279 	if (pExt == null) return;
-3280 	if (pExt.array == undefined) return;
-3281 	var aDP = pExt.array;
-3282 	for (var i = 0; i < aDP.length; i++) {
-3283 	    if (aDP[i].dpname == undefined) continue;
-3284 	    if (aDP[i].dpname.full == undefined) continue;
-3285 	    var aURI = aDP[i].dpname.full;
-3286 	    for (var j = 0; j < aURI.length; j++) {
-3287 		var pURI = aURI[i];
-3288 		if (pURI.uri == undefined) continue;
-3289 		pURI.uri = newURI;
-3290 	    }
-3291 	}
-3292     };
-3293 
-3294     /**
-3295      * update authorityInfoAccess ocsp in parameter<br/>
-3296      * @name updateAIAOCSP
-3297      * @memberOf X509#
-3298      * @function
-3299      * @param {Array} aExt array of extension parameters
-3300      * @param {String} newURI string of new uri
-3301      * @since jsrsasign 10.0.4 x509 2.0.8
-3302      * @see X509#findExt
-3303      * @see KJUR.asn1.x509.AuthorityInfoAccess
-3304      *
-3305      * @description
-3306      * This method updates "ocsp" accessMethod URI of 
-3307      * AuthorityInfoAccess extension
-3308      * in the extension parameter array if it exists.
-3309      *
-3310      * @example
-3311      * aExt = [
-3312      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-3313      *   {extname:"authoriyInfoAccess",
-3314      *    array:[
-3315      *      {ocsp: "http://ocsp1.example.com"},
-3316      *      {caissuer: "http://example.com/a.crt"}
-3317      *    ]}
-3318      * ];
-3319      * x = new X509();
-3320      * x.updateAIAOCSP(aExt, "http://ocsp2.example.net");
-3321      */
-3322     this.updateExtAIAOCSP = function(aExt, newURI) {
-3323 	var pExt = this.findExt(aExt, "authorityInfoAccess");
-3324 	if (pExt == null) return;
-3325 	if (pExt.array == undefined) return;
-3326 	var a = pExt.array;
-3327 	for (var i = 0; i < a.length; i++) {
-3328 	    if (a[i].ocsp != undefined) a[i].ocsp = newURI;
-3329 	}
-3330     };
-3331 
-3332     /**
-3333      * update authorityInfoAccess caIssuer in parameter<br/>
-3334      * @name updateAIACAIssuer
-3335      * @memberOf X509#
-3336      * @function
-3337      * @param {Array} aExt array of extension parameters
-3338      * @param {String} newURI string of new uri
-3339      * @since jsrsasign 10.0.4 x509 2.0.8
-3340      * @see X509#findExt
-3341      * @see KJUR.asn1.x509.AuthorityInfoAccess
-3342      *
-3343      * @description
-3344      * This method updates "caIssuer" accessMethod URI of 
-3345      * AuthorityInfoAccess extension
-3346      * in the extension parameter array if it exists.
-3347      *
-3348      * @example
-3349      * aExt = [
-3350      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-3351      *   {extname:"authoriyInfoAccess",
-3352      *    array:[
-3353      *      {ocsp: "http://ocsp1.example.com"},
-3354      *      {caissuer: "http://example.com/a.crt"}
-3355      *    ]}
-3356      * ];
-3357      * x = new X509();
-3358      * x.updateAIACAIssuer(aExt, "http://example.net/b.crt");
-3359      */
-3360     this.updateExtAIACAIssuer = function(aExt, newURI) {
-3361 	var pExt = this.findExt(aExt, "authorityInfoAccess");
-3362 	if (pExt == null) return;
-3363 	if (pExt.array == undefined) return;
-3364 	var a = pExt.array;
-3365 	for (var i = 0; i < a.length; i++) {
-3366 	    if (a[i].caissuer != undefined) a[i].caissuer = newURI;
-3367 	}
-3368     };
-3369 
-3370     /**
-3371      * convert array for X500 distinguish name to distinguish name string<br/>
-3372      * @name dnarraytostr
-3373      * @memberOf X509#
-3374      * @function
-3375      * @param {Array} aDN array for X500 distinguish name
-3376      * @return {String} distinguish name
-3377      * @since jsrsasign 10.0.6 x509 2.0.8
-3378      * @see X509#getX500Name
-3379      * @see X509#getX500NameArray
-3380      * @see KJUR.asn1.x509.X500Name
-3381      *
-3382      * @description
-3383      * This method converts from an array representation of 
-3384      * X.500 distinguished name to X.500 name string.
-3385      * This supports multi-valued RDN.
-3386      * 
-3387      * @example
-3388      * var x = new X509();
-3389      * x.dnarraytostr(
-3390      *   [[{type:"C",value:"JP",ds:"prn"}],
-3391      *   [{type:"O",value:"T1",ds:"prn"}]]) → "/C=JP/O=T1"
-3392      * x.dnarraytostr(
-3393      *   [[{type:"C",value:"JP",ds:"prn"}],
-3394      *   [{type:"O",value:"T1",ds:"prn"}
-3395      *    {type:"CN",value:"Bob",ds:"prn"}]]) → "/C=JP/O=T1+CN=Bob"
-3396      */
-3397     this.dnarraytostr = function(aDN) {
-3398 	function rdnarraytostr(aRDN) {
-3399 	    return aRDN.map(function(x){return atvtostr(x).replace(/\+/,"\\+");}).join("+");
-3400 	};
-3401 
-3402 	function atvtostr(pATV) {
-3403 	    return pATV.type + "=" + pATV.value;
-3404 	};
-3405 
-3406 	return "/" + aDN.map(function(x){return rdnarraytostr(x).replace(/\//, "\\/");}).join("/");
-3407     };
-3408 
-3409     /**
-3410      * set canonicalized DN to a DN parameter<br/>
-3411      * @name setCanonicalizedDN
-3412      * @memberOf X509#
-3413      * @function
-3414      * @param {object} pDN DN parameter associative array
-3415      * @since jsrsasign 10.6.0 x509 2.1.0
-3416      * 
-3417      * @description
-3418      * This method canonicalizes a DN string as following:
-3419      * <ul>
-3420      * <li>convert to lower case</li>
-3421      * <li>convert from all multiple spaces to a space</li>
-3422      * </ul>
-3423      * 
-3424      * @example
-3425      * var x = new X509();
-3426      * var pDN = {
-3427      *   array: [
-3428      *     [{type:'C',value:'JP',ds:'prn'}],
-3429      *     [{type:'O',value:'Test    1',ds:'prn'}] ],
-3430      *   str: "/C=JP/O=Test    1" };
-3431      * x.setCanonicalizedDN(pDN);
-3432 
-3433      * // pDN will become following
-3434      * pDN = {
-3435      *   array: [
-3436      *     [{type:'C',value:'JP',ds:'prn'}],
-3437      *     [{type:'O',value:'Test    1',ds:'prn'}] ],
-3438      *   str: "/C=JP/O=Test    1",
-3439      *   canon: "/c=jp/o=test 1" };
-3440      */
-3441     this.setCanonicalizedDN = function(pDN) {
-3442 	var aRDN;
-3443 	if (pDN.str != undefined && pDN.array == undefined) {
-3444 	    var dDN = new KJUR.asn1.x509.X500Name({str: pDN.str});
-3445 	    var hDN = dDN.tohex();
-3446 	    aRDN = this.getX500NameArray(hDN);
-3447 	} else {
-3448 	    aRDN = pDN.array;
-3449 	}
-3450 	if (pDN.canon == undefined) {
-3451 	    pDN.canon = this.c14nRDNArray(aRDN);
-3452 	}
-3453     };
-3454 
-3455     /**
-3456      * simple canonicalization(c14n) for RDN array<br/>
-3457      * @name c14nRDNArray
-3458      * @memberOf X509#
-3459      * @function
-3460      * @param {array} aRDN array of RDN parameters
-3461      * @return {string} canonicalized distinguish name (ex. "/c=jp/o=test ca")
-3462      * @since jsrsasign 10.6.0 x509 2.1.0
-3463      * 
-3464      * @description
-3465      * This method canonicalizes a DN string according to
-3466      * <a href="https://datatracker.ietf.org/doc/html/rfc4518#appendix-B">
-3467      * "RFC 4518 StringPrep Appendix B Substring Matching"</a> as following:
-3468      * <ul>
-3469      * <li>convert to lower case</li>
-3470      * <li>convert from all sequence of spaces to a space</li>
-3471      * <li>remove leading and trailing spaces</li>
-3472      * </ul>
-3473      * 
-3474      * @example
-3475      * var x = new X509();
-3476      * x.c14nRDNArray([
-3477      *   [{type:"C", value:"JP", ds: "prn"}],
-3478      *   [{type:"O", value:"    Test    1234     ", ds: "utf8"}],
-3479      *   [{type:"OU", value:"HR   45", ds: "utf8"}]
-3480      * ]) → "/c=jp/o=test 1234/ou=hr 45"
-3481      */
-3482     this.c14nRDNArray = function(aRDN) {
-3483 	var a = [];
-3484 	for (var i = 0; i < aRDN.length; i++) {
-3485 	    var aAVA = aRDN[i];
-3486 	    var a2 = [];
-3487 	    for (var j = 0; j < aAVA.length; j++) {
-3488 		var pAVA = aAVA[j];
-3489 		var value = pAVA.value;
-3490 		value = value.replace(/^\s*/, '');
-3491 		value = value.replace(/\s*$/, '');
-3492 		value = value.replace(/\s+/g, ' ');
-3493 		value = value.toLowerCase();
-3494 		a2.push(pAVA.type.toLowerCase() + "=" + value);
-3495 	    }
-3496 	    a.push(a2.join("+"));
-3497 	}
-3498 	return "/" + a.join("/");
-3499     };
-3500 
-3501     /**
-3502      * get certificate information as string.<br/>
-3503      * @name getInfo
-3504      * @memberOf X509#
-3505      * @function
-3506      * @return {String} certificate information string
-3507      * @since jsrsasign 5.0.10 x509 1.1.8
-3508      * @example
-3509      * x = new X509();
-3510      * x.readCertPEM(certPEM);
-3511      * console.log(x.getInfo());
-3512      * // this shows as following
-3513      * Basic Fields
-3514      *   serial number: 02ac5c266a0b409b8f0b79f2ae462577
-3515      *   signature algorithm: SHA1withRSA
-3516      *   issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-3517      *   notBefore: 061110000000Z
-3518      *   notAfter: 311110000000Z
-3519      *   subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-3520      *   subject public key info:
-3521      *     key algorithm: RSA
-3522      *     n=c6cce573e6fbd4bb...
-3523      *     e=10001
-3524      * X509v3 Extensions:
-3525      *   keyUsage CRITICAL:
-3526      *     digitalSignature,keyCertSign,cRLSign
-3527      *   basicConstraints CRITICAL:
-3528      *     cA=true
-3529      *   subjectKeyIdentifier :
-3530      *     b13ec36903f8bf4701d498261a0802ef63642bc3
-3531      *   authorityKeyIdentifier :
-3532      *     kid=b13ec36903f8bf4701d498261a0802ef63642bc3
-3533      * signature algorithm: SHA1withRSA
-3534      * signature: 1c1a0697dcd79c9f...
-3535      */
-3536     this.getInfo = function() {
-3537 	var _getSubjectAltNameStr = function(params) {
-3538 	    var s = "";
-3539 	    var indent = "    ";
-3540 	    var NL = "\n";
-3541 	    var a = params.array;
-3542 	    for (var i = 0; i < a.length; i++) {
-3543 		var pGN = a[i];
-3544 		if (pGN.dn != undefined)	s += indent + "dn: " + pGN.dn.str + NL;
-3545 		if (pGN.ip != undefined)	s += indent + "ip: " + pGN.ip + NL;
-3546 		if (pGN.rfc822 != undefined)	s += indent + "rfc822: " + pGN.rfc822 + NL;
-3547 		if (pGN.dns != undefined)	s += indent + "dns: " + pGN.dns + NL;
-3548 		if (pGN.uri != undefined)	s += indent + "uri: " + pGN.uri + NL;
-3549 		if (pGN.other != undefined) {
-3550 		    var oidname = pGN.other.oid;
-3551 		    var value = JSON.stringify(pGN.other.value).replace(/\"/g, '');
-3552 		    s += indent + "other: " + oidname + "=" + value + NL;
-3553 		}
-3554 	    }
-3555 	    s = s.replace(/\n$/, '');
-3556 	    return s;
-3557 	};
-3558 	var _getCertificatePoliciesStr = function(params) {
-3559 	    var s = "";
-3560 	    var a = params.array;
-3561 	    for (var i = 0; i < a.length; i++) {
-3562 		var pi = a[i];
-3563 		s += "    policy oid: " + pi.policyoid + "\n";
-3564 		if (pi.array === undefined) continue;
-3565 		for (var j = 0; j < pi.array.length; j++) {
-3566 		    var pqi = pi.array[j];
-3567 		    if (pqi.cps !== undefined) {
-3568 			s += "    cps: " + pqi.cps + "\n";
-3569 		    }
-3570 		}
-3571 	    }
-3572 	    return s;
-3573 	};
-3574 	var _getCRLDistributionPointsStr = function(params) {
-3575 	    var s = "";
-3576 	    var a = params.array;
-3577 	    for (var i = 0; i < a.length; i++) {
-3578 		var dp = a[i];
-3579 		try {
-3580 		    if (dp.dpname.full[0].uri !== undefined)
-3581 			s += "    " + dp.dpname.full[0].uri + "\n";
-3582 		} catch(ex) {};
-3583 		try {
-3584 		    if (dp.dname.full[0].dn.hex !== undefined)
-3585 			s += "    " + X509.hex2dn(dp.dpname.full[0].dn.hex) + "\n";
-3586 		} catch(ex) {};
-3587 	    }
-3588 	    return s;
-3589 	}
-3590 	var _getAuthorityInfoAccessStr = function(params) {
-3591 	    var s = "";
-3592 	    var a = params.array;
-3593 	    for (var i = 0; i < a.length; i++) {
-3594 		var ad = a[i];
-3595 
-3596 		if (ad.caissuer !== undefined)
-3597 		    s += "    caissuer: " + ad.caissuer + "\n";
-3598 		if (ad.ocsp !== undefined)
-3599 		    s += "    ocsp: " + ad.ocsp + "\n";
-3600 	    }
-3601 	    return s;
-3602 	};
-3603 	var _X509 = X509;
-3604 	var s, pubkey, aExt;
-3605 	s  = "Basic Fields\n";
-3606         s += "  serial number: " + this.getSerialNumberHex() + "\n";
-3607 	s += "  signature algorithm: " + this.getSignatureAlgorithmField() + "\n";
-3608 	s += "  issuer: " + this.getIssuerString() + "\n";
-3609 	s += "  notBefore: " + this.getNotBefore() + "\n";
-3610 	s += "  notAfter: " + this.getNotAfter() + "\n";
-3611 	s += "  subject: " + this.getSubjectString() + "\n";
-3612 	s += "  subject public key info: " + "\n";
-3613 
-3614 	// subject public key info
-3615 	pubkey = this.getPublicKey();
-3616 	s += "    key algorithm: " + pubkey.type + "\n";
-3617 
-3618 	if (pubkey.type === "RSA") {
-3619 	    s += "    n=" + hextoposhex(pubkey.n.toString(16)).substr(0, 16) + "...\n";
-3620 	    s += "    e=" + hextoposhex(pubkey.e.toString(16)) + "\n";
-3621 	}
-3622 
-3623 	// X.509v3 Extensions
-3624         aExt = this.aExtInfo;
-3625 
-3626 	if (aExt !== undefined && aExt !== null) {
-3627             s += "X509v3 Extensions:\n";
-3628 	    
-3629             for (var i = 0; i < aExt.length; i++) {
-3630 		var info = aExt[i];
-3631 
-3632 		// show extension name and critical flag
-3633 		var extName = KJUR.asn1.x509.OID.oid2name(info["oid"]);
-3634 		if (extName === '') extName = info["oid"];
-3635 
-3636 		var critical = '';
-3637 		if (info["critical"] === true) critical = "CRITICAL";
-3638 
-3639 		s += "  " + extName + " " + critical + ":\n";
-3640 
-3641 		// show extension value if supported
-3642 		if (extName === "basicConstraints") {
-3643 		    var bc = this.getExtBasicConstraints();
-3644 		    if (bc.cA === undefined) {
-3645 			s += "    {}\n";
-3646 		    } else {
-3647 			s += "    cA=true";
-3648 			if (bc.pathLen !== undefined)
-3649 			    s += ", pathLen=" + bc.pathLen;
-3650 			s += "\n";
-3651 		    }
-3652 		} else if (extName == "policyMappings") {
-3653 		    var a = this.getExtPolicyMappings().array;
-3654 		    var sMap = a.map(function(item){
-3655 			var aPolicy = item;
-3656 			return aPolicy[0] + ":" + aPolicy[1];
-3657 		    }).join(", ");
-3658 		    s += "    " + sMap + "\n";
-3659 		} else if (extName == "policyConstraints") {
-3660 		    var p = this.getExtPolicyConstraints();
-3661 		    s += "    ";
-3662 		    if (p.reqexp != undefined) s += " reqexp=" + p.reqexp;
-3663 		    if (p.inhibit != undefined) s += " inhibit=" + p.inhibit;
-3664 		    s += "\n";
-3665 		} else if (extName == "inhibitAnyPolicy") {
-3666 		    var p = this.getExtInhibitAnyPolicy();
-3667 		    s += "    skip=" + p.skip + "\n";
-3668 		} else if (extName == "keyUsage") {
-3669 		    s += "    " + this.getExtKeyUsageString() + "\n";
-3670 		} else if (extName == "subjectKeyIdentifier") {
-3671 		    s += "    " + this.getExtSubjectKeyIdentifier().kid.hex + "\n";
-3672 		} else if (extName == "authorityKeyIdentifier") {
-3673 		    var akid = this.getExtAuthorityKeyIdentifier();
-3674 		    if (akid.kid !== undefined)
-3675 			s += "    kid=" + akid.kid.hex + "\n";
-3676 		} else if (extName == "extKeyUsage") {
-3677 		    var eku = this.getExtExtKeyUsage().array;
-3678 		    s += "    " + eku.join(", ") + "\n";
-3679 		} else if (extName == "subjectAltName") {
-3680 		    var san = _getSubjectAltNameStr(this.getExtSubjectAltName());
-3681 		    s += san + "\n";
-3682 		} else if (extName == "cRLDistributionPoints") {
-3683 		    var cdp = this.getExtCRLDistributionPoints();
-3684 		    s += _getCRLDistributionPointsStr(cdp);
-3685 		} else if (extName == "authorityInfoAccess") {
-3686 		    var aia = this.getExtAuthorityInfoAccess();
-3687 		    s += _getAuthorityInfoAccessStr(aia);
-3688 		} else if (extName == "certificatePolicies") {
-3689 		    s += _getCertificatePoliciesStr(this.getExtCertificatePolicies());
-3690 		}
-3691 	    }
-3692         }
-3693 
-3694 	s += "signature algorithm: " + this.getSignatureAlgorithmName() + "\n";
-3695 	s += "signature: " + this.getSignatureValueHex().substr(0, 16) + "...\n";
-3696 	return s;
-3697     };
-3698 
-3699     if (typeof params == "string") {
-3700 	if (params.indexOf("-----BEGIN") != -1) {
-3701 	    this.readCertPEM(params);
-3702 	} else if (KJUR.lang.String.isHex(params)) {
-3703 	    this.readCertHex(params);
-3704 	}
-3705     }
-3706 };
-3707 // ----- END of X509 class -----
-3708 
-3709 /**
-3710  * additional definition for X.509 extension parsers<br/>
-3711  * @see X509.registExtParser
-3712  */
-3713 X509.EXT_PARSER = {
-3714 };
-3715 
-3716 /**
-3717  * define X.509 extension parser for specified OID<br/>
-3718  * @name registExtParser
-3719  * @memberOf X509
-3720  * @function
-3721  * @param {string} oid extension OID string (ex. "1.2.3.4")
-3722  * @param {function} func registering func extension value parsing function
-3723  * @return unspecified
-3724  * @since jsrsasign 10.7.0 x509 2.1.2
-3725  * 
-3726  * @description
-3727  * <p>
-3728  * This static method specifies a X.509 extension value parsing function
-3729  * for specified an extension OID.
-3730  * </p>
-3731  * <p>
-3732  * Extension parser function must have following three arguments:
-3733  * <ul>
-3734  * <li>{string} oid - OID for extension (ex. "1.2.3.4")</li>
-3735  * <li>{boolean} critical - critical flag of extension</li>
-3736  * <li>{string} hExtV - hexadecimal string of extension value</li>
-3737  * </ul>
-3738  * The funcition must return an associative array for the extension
-3739  * when hExtV can be parsed properly. Otherwise it must return
-3740  * value "undefined".
-3741  * </p>
-3742  *
-3743  * @example
-3744  * function _extparser1(oid, critical, hExtV) {
-3745  *   try {
-3746  *     var result = { extname: oid, value: ASN1HEX.parse(hExtV).utf8str.str };
-3747  *     if (critical) result.critical = true;
-3748  *     return result;
-3749  *   } catch(ex) {
-3750  *     return undefined;
-3751  *   }
-3752  * }
-3753  * X509.registExtParser("1.2.3.4", _extparser1);
-3754  */
-3755 X509.registExtParser = function(oid, func) {
-3756     X509.EXT_PARSER[oid] = func;
-3757 };
-3758 
-3759 /**
-3760  * get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name<br/>
-3761  * @name hex2dn
-3762  * @memberOf X509
-3763  * @function
-3764  * @param {String} hex hexadecimal string of ASN.1 DER distinguished name
-3765  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-3766  * @return {String} OpenSSL online format distinguished name
-3767  * @description
-3768  * This static method converts from a hexadecimal string of 
-3769  * distinguished name (DN)
-3770  * specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
-3771  * @example
-3772  * X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1
-3773  */
-3774 X509.hex2dn = function(hex, idx) {
-3775     if (idx === undefined) idx = 0;
-3776     var x = new X509();
-3777     var hDN = ASN1HEX.getTLV(hex, idx);
-3778     var pDN = x.getX500Name(hex);
-3779     return pDN.str;
-3780 };
-3781 
-3782 /**
-3783  * get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN<br/>
-3784  * @name hex2rdn
-3785  * @memberOf X509
-3786  * @function
-3787  * @param {String} hex hexadecimal string of ASN.1 DER concludes relative distinguished name
-3788  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-3789  * @return {String} OpenSSL online format relative distinguished name
-3790  * @description
-3791  * This static method converts from a hexadecimal string of 
-3792  * relative distinguished name (RDN)
-3793  * specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).<br/>
-3794  * NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
-3795  * @example
-3796  * X509.hex2rdn("310a3008060355040a0c0161") → O=a
-3797  * X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b
-3798  */
-3799 X509.hex2rdn = function(hex, idx) {
-3800     if (idx === undefined) idx = 0;
-3801     if (hex.substr(idx, 2) !== "31") throw new Error("malformed RDN");
-3802 
-3803     var a = new Array();
-3804 
-3805     var aIdx = ASN1HEX.getChildIdx(hex, idx);
-3806     for (var i = 0; i < aIdx.length; i++) {
-3807 	a.push(X509.hex2attrTypeValue(hex, aIdx[i]));
-3808     }
-3809 
-3810     a = a.map(function(s) { return s.replace("+", "\\+"); });
-3811     return a.join("+");
-3812 };
-3813 
-3814 /**
-3815  * get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue<br/>
-3816  * @name hex2attrTypeValue
-3817  * @memberOf X509
-3818  * @function
-3819  * @param {String} hex hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue
-3820  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-3821  * @return {String} string representation of AttributeTypeAndValue (ex. C=US)
-3822  * @description
-3823  * This static method converts from a hexadecimal string of AttributeTypeAndValue
-3824  * specified by 'hex' and 'idx' to LDAP string representation (ex. C=US).
-3825  * @example
-3826  * X509.hex2attrTypeValue("3008060355040a0c0161") → O=a
-3827  * X509.hex2attrTypeValue("300806035504060c0161") → C=a
-3828  * X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a
-3829  */
-3830 X509.hex2attrTypeValue = function(hex, idx) {
-3831     var _ASN1HEX = ASN1HEX;
-3832     var _getV = _ASN1HEX.getV;
-3833 
-3834     if (idx === undefined) idx = 0;
-3835     if (hex.substr(idx, 2) !== "30") 
-3836 	throw new Error("malformed attribute type and value");
-3837 
-3838     var aIdx = _ASN1HEX.getChildIdx(hex, idx);
-3839     if (aIdx.length !== 2 || hex.substr(aIdx[0], 2) !== "06")
-3840 	"malformed attribute type and value";
-3841 
-3842     var oidHex = _getV(hex, aIdx[0]);
-3843     var oidInt = KJUR.asn1.ASN1Util.oidHexToInt(oidHex);
-3844     var atype = KJUR.asn1.x509.OID.oid2atype(oidInt);
-3845 
-3846     var hV = _getV(hex, aIdx[1]);
-3847     var rawV = hextorstr(hV);
-3848 
-3849     return atype + "=" + rawV;
-3850 };
-3851 
-3852 /**
-3853  * get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string<br/>
-3854  * @name getPublicKeyFromCertHex
-3855  * @memberOf X509
-3856  * @function
-3857  * @param {String} h hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key
-3858  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
-3859  * @since jsrasign 7.1.0 x509 1.1.11
-3860  */
-3861 X509.getPublicKeyFromCertHex = function(h) {
-3862     var x = new X509();
-3863     x.readCertHex(h);
-3864     return x.getPublicKey();
-3865 };
-3866 
-3867 /**
-3868  * get RSA/DSA/ECDSA public key object from PEM certificate string
-3869  * @name getPublicKeyFromCertPEM
-3870  * @memberOf X509
-3871  * @function
-3872  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
-3873  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
-3874  * @since x509 1.1.1
-3875  * @description
-3876  * NOTE: DSA is also supported since x509 1.1.2.
-3877  */
-3878 X509.getPublicKeyFromCertPEM = function(sCertPEM) {
-3879     var x = new X509();
-3880     x.readCertPEM(sCertPEM);
-3881     return x.getPublicKey();
-3882 };
-3883 
-3884 /**
-3885  * get public key information from PEM certificate
-3886  * @name getPublicKeyInfoPropOfCertPEM
-3887  * @memberOf X509
-3888  * @function
-3889  * @param {String} sCertPEM string of PEM formatted certificate
-3890  * @return {Hash} hash of information for public key
-3891  * @since x509 1.1.1
-3892  * @description
-3893  * Resulted associative array has following properties:<br/>
-3894  * <ul>
-3895  * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
-3896  * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
-3897  * <li>keyhex - hexadecimal string of key in the certificate</li>
-3898  * </ul>
-3899  * NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
-3900  */
-3901 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) {
-3902     var _ASN1HEX = ASN1HEX;
-3903     var _getVbyList = _ASN1HEX.getVbyList;
-3904 
-3905     var result = {};
-3906     var x, hSPKI, pubkey;
-3907     result.algparam = null;
-3908 
-3909     x = new X509();
-3910     x.readCertPEM(sCertPEM);
-3911 
-3912     hSPKI = x.getPublicKeyHex();
-3913     result.keyhex = _getVbyList(hSPKI, 0, [1], "03").substr(2);
-3914     result.algoid = _getVbyList(hSPKI, 0, [0, 0], "06");
-3915 
-3916     if (result.algoid === "2a8648ce3d0201") { // ecPublicKey
-3917 	result.algparam = _getVbyList(hSPKI, 0, [0, 1], "06");
-3918     };
-3919 
-3920     return result;
-3921 };
-3922 
-3923 /* ======================================================================
-3924  *   Specific V3 Extensions
-3925  * ====================================================================== */
-3926 
-3927 X509.KEYUSAGE_NAME = [
-3928     "digitalSignature",
-3929     "nonRepudiation",
-3930     "keyEncipherment",
-3931     "dataEncipherment",
-3932     "keyAgreement",
-3933     "keyCertSign",
-3934     "cRLSign",
-3935     "encipherOnly",
-3936     "decipherOnly"
-3937 ];
-3938 

\ No newline at end of file
+2604 		var attrType = aryval(aASN1Attribute, "seq.0.oid");
+2605 		var attrValue = aryval(aASN1Attribute, "seq.1.set");
+2606 		if (attrType == undefined || attrValue == undefined) throw "error";
+2607 		return { attr: attrType, array: attrValue };
+2608 	    }
+2609 	    result.array = aValue;
+2610 	    return result;
+2611 	} catch(ex) {
+2612 	    throw new Error("malformed subjectDirectoryAttributes extension value");
+2613 	}
+2614     }
+2615 
+2616     // ===== BEGIN X500Name related =====================================
+2617     /*
+2618      * convert ASN.1 parsed object to attrTypeAndValue assoc array<br/>
+2619      * @name _convATV
+2620      * @param p associative array of parsed attrTypeAndValue object
+2621      * @return attrTypeAndValue associative array
+2622      * @since jsrsasign 10.5.12 x509 2.0.14
+2623      * @example
+2624      * _convATV({seq: [...]} &rarr: {type:"C",value:"JP",ds:"prn"}
+2625      */
+2626     var _convATV = function(p) {
+2627 	var result = {};
+2628 	try {
+2629 	    var name = p.seq[0].oid;
+2630 	    var oid = KJUR.asn1.x509.OID.name2oid(name);
+2631 	    result.type = KJUR.asn1.x509.OID.oid2atype(oid);
+2632 	    var item1 = p.seq[1];
+2633 	    if (item1.utf8str != undefined) {
+2634 		result.ds = "utf8";
+2635 		result.value = item1.utf8str.str;
+2636 	    } else if (item1.numstr != undefined) {
+2637 		result.ds = "num";
+2638 		result.value = item1.numstr.str;
+2639 	    } else if (item1.telstr != undefined) {
+2640 		result.ds = "tel";
+2641 		result.value = item1.telstr.str;
+2642 	    } else if (item1.prnstr != undefined) {
+2643 		result.ds = "prn";
+2644 		result.value = item1.prnstr.str;
+2645 	    } else if (item1.ia5str != undefined) {
+2646 		result.ds = "ia5";
+2647 		result.value = item1.ia5str.str;
+2648 	    } else if (item1.visstr != undefined) {
+2649 		result.ds = "vis";
+2650 		result.value = item1.visstr.str;
+2651 	    } else if (item1.bmpstr != undefined) {
+2652 		result.ds = "bmp";
+2653 		result.value = item1.bmpstr.str;
+2654 	    } else {
+2655 		throw "error";
+2656 	    }
+2657 	    return result;
+2658 	} catch(ex) {
+2659 	    throw new Erorr("improper ASN.1 parsed AttrTypeAndValue");
+2660 	}
+2661     };
+2662 
+2663     /*
+2664      * convert ASN.1 parsed object to RDN array<br/>
+2665      * @name _convRDN
+2666      * @param p associative array of parsed RDN object
+2667      * @return RDN array
+2668      * @since jsrsasign 10.5.12 x509 2.0.14
+2669      * @example
+2670      * _convRDN({set: [...]} &rarr: [{type:"C",value:"JP",ds:"prn"}]
+2671      */
+2672     var _convRDN = function(p) {
+2673 	try {
+2674 	    return p.set.map(function(pATV){return _convATV(pATV)});
+2675 	} catch(ex) {
+2676 	    throw new Error("improper ASN.1 parsed RDN: " + ex);
+2677 	}
+2678     };
+2679 
+2680     /*
+2681      * convert ASN.1 parsed object to X500Name array<br/>
+2682      * @name _convX500Name
+2683      * @param p associative array of parsed X500Name array object
+2684      * @return RDN array
+2685      * @since jsrsasign 10.5.12 x509 2.0.14
+2686      * @example
+2687      * _convX500Name({seq: [...]} &rarr: [[{type:"C",value:"JP",ds:"prn"}]]
+2688      */
+2689     var _convX500Name = function(p) {
+2690 	try {
+2691 	    return p.seq.map(function(pRDN){return _convRDN(pRDN)});
+2692 	} catch(ex) {
+2693 	    throw new Error("improper ASN.1 parsed X500Name: " + ex);
+2694 	}
+2695     };
+2696 
+2697     this.getX500NameRule = function(aDN) {
+2698 	var isPRNRule = true;
+2699 	var isUTF8Rule = true;
+2700 	var isMixedRule = false;
+2701 	var logfull = "";
+2702 	var logcheck = "";
+2703 	var lasttag = null;
+2704 
+2705 	var a = [];
+2706 	for (var i = 0; i < aDN.length; i++) {
+2707 	    var aRDN = aDN[i];
+2708 	    for (var j = 0; j < aRDN.length; j++) {
+2709 		a.push(aRDN[j]);
+2710 	    }
+2711 	}
+2712 
+2713 	for (var i = 0; i < a.length; i++) {
+2714 	    var item = a[i];
+2715 	    var tag = item.ds;
+2716 	    var value = item.value;
+2717 	    var type = item.type;
+2718 	    logfull += ":" + tag;
+2719 	    
+2720 	    if (tag != "prn" && tag != "utf8" && tag != "ia5") {
+2721 		return "mixed";
+2722 	    }
+2723 	    if (tag == "ia5") {
+2724 		if (type != "CN") {
+2725 		    return "mixed";
+2726 		} else {
+2727 		    if (! KJUR.lang.String.isMail(value)) {
+2728 			return "mixed";
+2729 		    } else {
+2730 			continue;
+2731 		    }
+2732 		}
+2733 	    }
+2734 	    if (type == "C") {
+2735 		if (tag == "prn") {
+2736 		    continue;
+2737 		} else {
+2738 		    return "mixed";
+2739 		}
+2740 	    }
+2741 	    logcheck += ":" + tag;
+2742 	    if (lasttag == null) {
+2743 		lasttag = tag;
+2744 	    } else {
+2745 		if (lasttag !== tag) return "mixed";
+2746 	    }
+2747 	}
+2748 	if (lasttag == null) {
+2749 	    return "prn";
+2750 	} else {
+2751 	    return lasttag;
+2752 	}
+2753     };
+2754 
+2755     /**
+2756      * get AttributeTypeAndValue ASN.1 structure parameter as JSON object<br/>
+2757      * @name getAttrTypeAndValue
+2758      * @memberOf X509#
+2759      * @function
+2760      * @param {String} h hexadecimal string of AttributeTypeAndValue
+2761      * @return {Object} JSON object of AttributeTypeAndValue parameters
+2762      * @since jsrsasign 9.0.0 x509 2.0.0
+2763      * @see X509#getX500Name
+2764      * @see X509#getRDN
+2765      * @description
+2766      * This method will get AttributeTypeAndValue parameters defined in
+2767      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2768      * RFC 5280 4.1.2.4</a>.
+2769      * <pre>
+2770      * AttributeTypeAndValue ::= SEQUENCE {
+2771      *   type     AttributeType,
+2772      *   value    AttributeValue }
+2773      * AttributeType ::= OBJECT IDENTIFIER
+2774      * AttributeValue ::= ANY -- DEFINED BY AttributeType
+2775      * </pre>
+2776      * <ul>
+2777      * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li>
+2778      * <li>{String}value - raw string of ASN.1 value of AttributeValue</li>
+2779      * <li>{String}ds - DirectoryString type of AttributeValue</li>
+2780      * </ul>
+2781      * "ds" has one of following value:
+2782      * <ul>
+2783      * <li>utf8 - (0x0c) UTF8String</li>
+2784      * <li>num  - (0x12) NumericString</li>
+2785      * <li>prn  - (0x13) PrintableString</li>
+2786      * <li>tel  - (0x14) TeletexString</li>
+2787      * <li>ia5  - (0x16) IA5String</li>
+2788      * <li>vis  - (0x1a) VisibleString</li>
+2789      * <li>bmp  - (0x1e) BMPString</li>
+2790      * </ul>
+2791      * @example
+2792      * x = new X509();
+2793      * x.getAttrTypeAndValue("30...") →
+2794      * {type:"CN",value:"john.smith@example.com",ds:"ia5"} or
+2795      * {type:"O",value:"Sample Corp.",ds:"prn"}
+2796      */
+2797     // unv  - (0x1c??) UniversalString ... for future
+2798     this.getAttrTypeAndValue = function(h) {
+2799 	var p = _ASN1HEX_parse(h);
+2800 	return _convATV(p);
+2801     };
+2802 
+2803     /**
+2804      * get RelativeDistinguishedName ASN.1 structure parameter array<br/>
+2805      * @name getRDN
+2806      * @memberOf X509#
+2807      * @function
+2808      * @param {String} h hexadecimal string of RDN
+2809      * @return {Array} array of AttrTypeAndValue parameters
+2810      * @since jsrsasign 9.0.0 x509 2.0.0
+2811      * @see X509#getX500Name
+2812      * @see X509#getRDN
+2813      * @see X509#getAttrTypeAndValue
+2814      * @description
+2815      * This method will get RelativeDistinguishedName parameters defined in
+2816      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2817      * RFC 5280 4.1.2.4</a>.
+2818      * <pre>
+2819      * RelativeDistinguishedName ::=
+2820      *   SET SIZE (1..MAX) OF AttributeTypeAndValue
+2821      * </pre>
+2822      * @example
+2823      * x = new X509();
+2824      * x.getRDN("31...") →
+2825      * [{type:"C",value:"US",ds:"prn"}] or
+2826      * [{type:"O",value:"Sample Corp.",ds:"prn"}] or
+2827      * [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
+2828      */
+2829     this.getRDN = function(h) {
+2830 	var p = _ASN1HEX_parse(h);
+2831 	return _convRDN(p);
+2832     };
+2833 
+2834     /**
+2835      * get X.500 Name ASN.1 structure parameter array<br/>
+2836      * @name getX500NameArray
+2837      * @memberOf X509#
+2838      * @function
+2839      * @param {String} h hexadecimal string of Name
+2840      * @return {Array} array of RDN parameter array
+2841      * @since jsrsasign 10.0.6 x509 2.0.9
+2842      * @see X509#getX500Name
+2843      * @see X509#getRDN
+2844      * @see X509#getAttrTypeAndValue
+2845      * @description
+2846      * This method will get Name parameter defined in
+2847      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2848      * RFC 5280 4.1.2.4</a>.
+2849      * <pre>
+2850      * Name ::= CHOICE { -- only one possibility for now --
+2851      *   rdnSequence  RDNSequence }
+2852      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+2853      * </pre>
+2854      * @example
+2855      * x = new X509();
+2856      * x.getX500NameArray("30...") →
+2857      * [[{type:"C",value:"US",ds:"prn"}],
+2858      *  [{type:"O",value:"Sample Corp.",ds:"utf8"}],
+2859      *  [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]]
+2860      */
+2861     this.getX500NameArray = function(h) {
+2862 	var p = _ASN1HEX_parse(h);
+2863 	return _convX500Name(p);
+2864     };
+2865 
+2866     /**
+2867      * get Name ASN.1 structure parameter array<br/>
+2868      * @name getX500Name
+2869      * @memberOf X509#
+2870      * @function
+2871      * @param {String} h hexadecimal string of Name
+2872      * @param {boolean} flagCanon flag to conclude canonicalized name (DEFAULT false)
+2873      * @param {boolean} flagHex flag to conclude hexadecimal string (DEFAULT false)
+2874      * @return {Array} array of RDN parameter array
+2875      * @since jsrsasign 9.0.0 x509 2.0.0
+2876      * @see X509#getX500NameArray
+2877      * @see X509#getRDN
+2878      * @see X509#getAttrTypeAndValue
+2879      * @see X509#c14nRDNArray
+2880      * @see KJUR.asn1.x509.X500Name
+2881      * @see KJUR.asn1.x509.GeneralName
+2882      * @see KJUR.asn1.x509.GeneralNames
+2883      *
+2884      * @description
+2885      * This method will get Name parameter defined in
+2886      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2887      * RFC 5280 4.1.2.4</a>.
+2888      * <pre>
+2889      * Name ::= CHOICE { -- only one possibility for now --
+2890      *   rdnSequence  RDNSequence }
+2891      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+2892      * </pre>
+2893      * <br>
+2894      * NOTE: From jsrsasign 10.6.0, flagHex and flagCanon has been 
+2895      * supported to conclude a canonicalized name for caseIgnoreMatch
+2896      * desribed in <a href="https://tools.ietf.org/html/rfc4518">
+2897      * RFC 4518</a>.
+2898      *
+2899      * @example
+2900      * x = new X509();
+2901      * x.getX500Name("30...") →
+2902      * { array: [
+2903      *     [{type:"C",value:"US",ds:"prn"}],
+2904      *     [{type:"O",value:"Sample Corp.",ds:"utf8"}],
+2905      *     [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
+2906      *   ],
+2907      *   str: "/C=US/O=Sample Corp./CN=john.smith@example.com",
+2908      *   hex: "30..." }
+2909      *
+2910      * x.getX500Name("30...", true) →
+2911      * { array: [
+2912      *     [{type:"C",value:"US",ds:"prn"}],
+2913      *     [{type:"O",value:"Sample    Corp.",ds:"utf8"}]
+2914      *   ],
+2915      *   str: "/C=US/O=Sample    Corp.",
+2916      *   canon: "/c=us/o=sample corp.",
+2917      *   hex: "30..." }
+2918      */
+2919     this.getX500Name = function(h, flagCanon, flagHex) {
+2920 	var a = this.getX500NameArray(h);
+2921 	var s = this.dnarraytostr(a);
+2922 	var result = { str: s };
+2923 
+2924 	result.array = a;
+2925 	if (flagHex == true) result.hex = h;
+2926 	if (flagCanon == true) result.canon = this.c14nRDNArray(a);
+2927 	return result;
+2928     };
+2929 
+2930     // ===== END X500Name related =====================================
+2931 
+2932     // ===== BEGIN read certificate =====================================
+2933     /**
+2934      * read PEM formatted X.509 certificate from string.<br/>
+2935      * @name readCertPEM
+2936      * @memberOf X509#
+2937      * @function
+2938      * @param {String} sCertPEM string for PEM formatted X.509 certificate
+2939      * @example
+2940      * x = new X509();
+2941      * x.readCertPEM(sCertPEM); // read certificate
+2942      */
+2943     this.readCertPEM = function(sCertPEM) {
+2944         this.readCertHex(_pemtohex(sCertPEM));
+2945     };
+2946 
+2947     /**
+2948      * read a hexadecimal string of X.509 certificate<br/>
+2949      * @name readCertHex
+2950      * @memberOf X509#
+2951      * @function
+2952      * @param {String} sCertHex hexadecimal string of X.509 certificate
+2953      * @since jsrsasign 7.1.4 x509 1.1.13
+2954      * @description
+2955      * NOTE: {@link X509#parseExt} will called internally since jsrsasign 7.2.0.
+2956      * @example
+2957      * x = new X509();
+2958      * x.readCertHex("3082..."); // read certificate
+2959      */
+2960     this.readCertHex = function(sCertHex) {
+2961         this.hex = sCertHex;
+2962 	this.getVersion(); // set version parameter
+2963 
+2964 	try {
+2965 	    _getIdxbyList(this.hex, 0, [0, 7], "a3"); // has [3] v3ext
+2966 	    this.parseExt();
+2967 	} catch(ex) {};
+2968     };
+2969 
+2970     // ===== END read certificate =====================================
+2971 
+2972     /**
+2973      * get JSON object of certificate parameters<br/>
+2974      * @name getParam
+2975      * @memberOf X509#
+2976      * @function
+2977      * @param {Object} option optional setting for return object
+2978      * @return {Object} JSON object of certificate parameters
+2979      * @since jsrsasign 9.0.0 x509 2.0.0
+2980      * @see KJUR.asn1.x509.X509Util.newCertPEM
+2981      *
+2982      * @description
+2983      * This method returns a JSON object of the certificate
+2984      * parameters. Return value can be passed to
+2985      * {@link KJUR.asn1.x509.X509Util.newCertPEM}.
+2986      * <br/>
+2987      * NOTE1: From jsrsasign 10.5.16, optional argument can be applied.
+2988      * It can have following members:
+2989      * <ul>
+2990      * <li>tbshex - (boolean) tbshex member with hex value of 
+2991      * tbsCertificate will be added if true (DEFAULT undefined)</li>
+2992      * <li>nodnarray - (boolean) array member for subject and
+2993      * issuer will be deleted to simplify it if true (DEFAULT undefined)<li>
+2994      * <li>dncanon - (boolean) add canon member to subject and issuer for DN StringPrep if true(DEFAULT undefined)</li>
+2995      * <li>dnhex - (boolean) add hex member to subject and issuer if true(DEFAULT undefined)</li>
+2996      * </ul>
+2997      * <br/>
+2998      * NOTE2: From jsrsasign 10.6.0, member "dncanon" and "dnhex" supported
+2999      * in the "option" argument.
+3000      *
+3001      * @example
+3002      * x = new X509();
+3003      * x.readCertPEM("-----BEGIN CERTIFICATE...");
+3004      * x.getParam() →
+3005      * {version:3,
+3006      *  serial:{hex:"12ab"},
+3007      *  sigalg:"SHA256withRSA",
+3008      *  issuer: {array:[[{type:'CN',value:'CA1',ds:'prn'}]],str:"/O=CA1"},
+3009      *  notbefore:"160403023700Z",
+3010      *  notafter:"160702023700Z",
+3011      *  subject: {array:[[{type:'CN',value:'Test1',ds:'prn'}]],str:"/CN=Test1"},
+3012      *  sbjpubkey:"-----BEGIN PUBLIC KEY...",
+3013      *  ext:[
+3014      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
+3015      *   {extname:"basicConstraints",critical:true},
+3016      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
+3017      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+3018      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
+3019      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
+3020      *  ],
+3021      *  sighex:"0b76...8"
+3022      * };
+3023      *
+3024      * x.getParam({tbshex: true}) → { ... , tbshex: "30..." }
+3025      * x.getParam({nodnarray: true}) → {issuer: {str: "/C=JP"}, ...}
+3026      * x.getParam({dncanon: true}) → {... {issuer: {canon: "/c=jp/o=..."} ...} ...}
+3027      * x.getParam({dnhex: true}) → {... {issuer: {hex: "30..."} ...} ...}
+3028      */
+3029     this.getParam = function(option) {
+3030 	var result = {};
+3031 	if (option == undefined) option = {};
+3032 
+3033 	result.version = this.getVersion();
+3034 	result.serial = {hex: this.getSerialNumberHex()};
+3035 	result.sigalg = this.getSignatureAlgorithmField();
+3036 	result.issuer = this.getIssuer(option.dncanon, option.dnhex);
+3037 	result.notbefore = this.getNotBefore();
+3038 	result.notafter = this.getNotAfter();
+3039 	result.subject = this.getSubject(option.dncanon, option.dnhex);
+3040 	result.sbjpubkey = hextopem(this.getPublicKeyHex(), "PUBLIC KEY");
+3041 	if (this.aExtInfo != undefined &&
+3042 	    this.aExtInfo.length > 0) {
+3043 	    result.ext = this.getExtParamArray();
+3044 	}
+3045 	result.sighex = this.getSignatureValueHex();
+3046 
+3047 	// for options
+3048 	if (option.tbshex == true) {
+3049 	    result.tbshex = _getTLVbyList(this.hex, 0, [0]);
+3050 	}
+3051 	if (option.nodnarray == true) {
+3052 	    delete result.issuer.array;
+3053 	    delete result.subject.array;
+3054 	}
+3055 
+3056 	return result;
+3057     };
+3058 
+3059     /** 
+3060      * get array of certificate extension parameter JSON object<br/>
+3061      * @name getExtParamArray
+3062      * @memberOf X509#
+3063      * @function
+3064      * @param {String} hExtSeq hexadecimal string of SEQUENCE of Extension
+3065      * @return {Array} array of certificate extension parameter JSON object
+3066      * @since jsrsasign 9.0.0 x509 2.0.0
+3067      * @see KJUR.asn1.x509.X509Util.newCertPEM
+3068      * @see X509#getParam
+3069      * @see X509#getExtParam
+3070      * @see X509CRL#getParam
+3071      * @see KJUR.asn1.csr.CSRUtil.getParam
+3072      *
+3073      * @description
+3074      * This method returns an array of certificate extension
+3075      * parameters. 
+3076      * <br/>
+3077      * NOTE: Argument "hExtSeq" have been supported since jsrsasign 9.1.1.
+3078      *
+3079      * @example
+3080      * x = new X509();
+3081      * x.readCertPEM("-----BEGIN CERTIFICATE...");
+3082      * x.getExtParamArray() →
+3083      * [ {extname:"keyUsage",critical:true,names:["digitalSignature"]},
+3084      *   {extname:"basicConstraints",critical:true},
+3085      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
+3086      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+3087      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
+3088      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}]
+3089      */
+3090     this.getExtParamArray = function(hExtSeq) {
+3091 	if (hExtSeq == undefined) {
+3092 	    // for X.509v3 certificate
+3093 	    var idx1 = _getIdxbyListEx(this.hex, 0, [0, "[3]"]);
+3094 	    if (idx1 != -1) {
+3095 		hExtSeq = _getTLVbyListEx(this.hex, 0, [0, "[3]", 0], "30");
+3096 	    }
+3097 	}
+3098 	var result = [];
+3099 	var aIdx = _getChildIdx(hExtSeq, 0);
+3100 
+3101 	for (var i = 0; i < aIdx.length; i++) {
+3102 	    var hExt = _getTLV(hExtSeq, aIdx[i]);
+3103 	    var extParam = this.getExtParam(hExt);
+3104 	    if (extParam != null) result.push(extParam);
+3105 	}
+3106 
+3107 	return result;
+3108     };
+3109 
+3110     /** 
+3111      * get a extension parameter JSON object<br/>
+3112      * @name getExtParam
+3113      * @memberOf X509#
+3114      * @function
+3115      * @param {String} hExt hexadecimal string of Extension
+3116      * @return {Array} Extension parameter JSON object
+3117      * @since jsrsasign 9.1.1 x509 2.0.1
+3118      * @see KJUR.asn1.x509.X509Util.newCertPEM
+3119      * @see X509#getParam
+3120      * @see X509#getExtParamArray
+3121      * @see X509CRL#getParam
+3122      * @see KJUR.asn1.csr.CSRUtil.getParam
+3123      *
+3124      * @description
+3125      * This method returns a extension parameters as JSON object. 
+3126      *
+3127      * @example
+3128      * x = new X509();
+3129      * ...
+3130      * x.getExtParam("30...") →
+3131      * {extname:"keyUsage",critical:true,names:["digitalSignature"]}
+3132      */
+3133     this.getExtParam = function(hExt) {
+3134 	var result = {};
+3135 	var aIdx = _getChildIdx(hExt, 0);
+3136 	var aIdxLen = aIdx.length;
+3137 	if (aIdxLen != 2 && aIdxLen != 3)
+3138 	    throw new Error("wrong number elements in Extension: " + 
+3139 			    aIdxLen + " " + hExt);
+3140 
+3141 	var oid = _hextooidstr(_getVbyList(hExt, 0, [0], "06"));
+3142 
+3143 	var critical = false;
+3144 	if (aIdxLen == 3 && _getTLVbyList(hExt, 0, [1]) == "0101ff")
+3145 	    critical = true;
+3146 
+3147 	var hExtV = _getTLVbyList(hExt, 0, [aIdxLen - 1, 0]);
+3148 
+3149 	var extParam = undefined;
+3150 	if (oid == "2.5.29.14") {
+3151 	    extParam = this.getExtSubjectKeyIdentifier(hExtV, critical);
+3152 	} else if (oid == "2.5.29.15") {
+3153 	    extParam = this.getExtKeyUsage(hExtV, critical);
+3154 	} else if (oid == "2.5.29.17") {
+3155 	    extParam = this.getExtSubjectAltName(hExtV, critical);
+3156 	} else if (oid == "2.5.29.18") {
+3157 	    extParam = this.getExtIssuerAltName(hExtV, critical);
+3158 	} else if (oid == "2.5.29.19") {
+3159 	    extParam = this.getExtBasicConstraints(hExtV, critical);
+3160 	} else if (oid == "2.5.29.30") {
+3161 	    extParam = this.getExtNameConstraints(hExtV, critical);
+3162 	} else if (oid == "2.5.29.31") {
+3163 	    extParam = this.getExtCRLDistributionPoints(hExtV, critical);
+3164 	} else if (oid == "2.5.29.32") {
+3165 	    extParam = this.getExtCertificatePolicies(hExtV, critical);
+3166 	} else if (oid == "2.5.29.33") {
+3167 	    extParam = this.getExtPolicyMappings(hExtV, critical);
+3168 	} else if (oid == "2.5.29.35") {
+3169 	    extParam = this.getExtAuthorityKeyIdentifier(hExtV, critical);
+3170 	} else if (oid == "2.5.29.36") {
+3171 	    extParam = this.getExtPolicyConstraints(hExtV, critical);
+3172 	} else if (oid == "2.5.29.37") {
+3173 	    extParam = this.getExtExtKeyUsage(hExtV, critical);
+3174 	} else if (oid == "2.5.29.54") {
+3175 	    extParam = this.getExtInhibitAnyPolicy(hExtV, critical);
+3176 	} else if (oid == "1.3.6.1.5.5.7.1.1") {
+3177 	    extParam = this.getExtAuthorityInfoAccess(hExtV, critical);
+3178 	} else if (oid == "2.5.29.20") {
+3179 	    extParam = this.getExtCRLNumber(hExtV, critical);
+3180 	} else if (oid == "2.5.29.21") {
+3181 	    extParam = this.getExtCRLReason(hExtV, critical);
+3182 	} else if (oid == "2.5.29.9") {
+3183 	    extParam = this.getExtSubjectDirectoryAttributes(hExtV, critical);
+3184 	} else if (oid == "1.3.6.1.5.5.7.48.1.2") {
+3185 	    extParam = this.getExtOcspNonce(hExtV, critical);
+3186 	} else if (oid == "1.3.6.1.5.5.7.48.1.5") {
+3187 	    extParam = this.getExtOcspNoCheck(hExtV, critical);
+3188 	} else if (oid == "1.2.840.113583.1.1.9.1") {
+3189 	    extParam = this.getExtAdobeTimeStamp(hExtV, critical);
+3190 	} else if (X509.EXT_PARSER[oid] != undefined) {
+3191 	    extParam = X509.EXT_PARSER[oid](oid, critical, hExtV);
+3192 	}
+3193 	if (extParam != undefined) return extParam;
+3194 
+3195 	// for private or unsupported extension
+3196 	var privateParam = { extname: oid, extn: hExtV };
+3197 	try {
+3198 	    privateParam.extn = _ASN1HEX_parse(hExtV);
+3199 	} catch(ex) {}
+3200 	if (critical) privateParam.critical = true;
+3201 	return privateParam;
+3202     };
+3203 
+3204     /**
+3205      * find extension parameter in array<br/>
+3206      * @name findExt
+3207      * @memberOf X509#
+3208      * @function
+3209      * @param {Array} aExt array of extension parameters
+3210      * @param {String} extname extension name
+3211      * @return {Array} extension parameter in the array or null
+3212      * @since jsrsasign 10.0.3 x509 2.0.7
+3213      * @see X509#getParam
+3214      *
+3215      * @description
+3216      * This method returns an extension parameter for
+3217      * specified extension name in the array.
+3218      * This method is useful to update extension parameter value.
+3219      * When there is no such extension with the extname,
+3220      * this returns "null".
+3221      *
+3222      * @example
+3223      * // (1) 
+3224      * x = new X509(CERTPEM);
+3225      * params = x.getParam();
+3226      * pSKID = x.findExt(params.ext, "subjectKeyIdentifier");
+3227      * pSKID.kid = "1234abced..."; // skid in the params is updated.
+3228      *   // then params was updated
+3229      *
+3230      * // (2) another example
+3231      * aExt = [
+3232      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
+3233      *   {extname:"basicConstraints",critical:true},
+3234      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
+3235      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+3236      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
+3237      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
+3238      * ];
+3239      * var x = new X509();
+3240      * x.findExt(aExt, "authorityKeyInfoAccess").array[0].ocsp = "http://aaa.com";
+3241      * pKU = x.findExt(aExt, "keyUsage");
+3242      * delete pKU["critical"]; // clear criticla flag
+3243      * pKU.names = ["keyCertSign", "cRLSign"];
+3244      *   // then aExt was updated
+3245      */
+3246     this.findExt = function(aExt, extname) {
+3247 	for (var i = 0; i < aExt.length; i++) {
+3248 	    if (aExt[i].extname == extname) return aExt[i];
+3249 	}
+3250 	return null;
+3251 
+3252     };
+3253 
+3254     /**
+3255      * update CRLDistributionPoints Full URI in parameter<br/>
+3256      * @name updateCDPFullURI
+3257      * @memberOf X509#
+3258      * @function
+3259      * @param {Array} aExt array of extension parameters
+3260      * @param {String} newURI string of new uri
+3261      * @since jsrsasign 10.0.4 x509 2.0.8
+3262      * @see X509#findExt
+3263      * @see KJUR.asn1.x509.CRLDistributionPoints
+3264      *
+3265      * @description
+3266      * This method updates Full URI of CRLDistributionPoints extension
+3267      * in the extension parameter array if it exists.
+3268      *
+3269      * @example
+3270      * aExt = [
+3271      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+3272      *   {extname:"cRLDistributionPoints",
+3273      *    array:[{dpname:{full:[{uri:"http://example.com/a.crl"}]}}]},
+3274      * ];
+3275      * x = new X509();
+3276      * x.updateCDPFullURI(aExt, "http://crl2.example.new/b.crl");
+3277      */
+3278     this.updateExtCDPFullURI = function(aExt, newURI) {
+3279 	var pExt = this.findExt(aExt, "cRLDistributionPoints");
+3280 	if (pExt == null) return;
+3281 	if (pExt.array == undefined) return;
+3282 	var aDP = pExt.array;
+3283 	for (var i = 0; i < aDP.length; i++) {
+3284 	    if (aDP[i].dpname == undefined) continue;
+3285 	    if (aDP[i].dpname.full == undefined) continue;
+3286 	    var aURI = aDP[i].dpname.full;
+3287 	    for (var j = 0; j < aURI.length; j++) {
+3288 		var pURI = aURI[i];
+3289 		if (pURI.uri == undefined) continue;
+3290 		pURI.uri = newURI;
+3291 	    }
+3292 	}
+3293     };
+3294 
+3295     /**
+3296      * update authorityInfoAccess ocsp in parameter<br/>
+3297      * @name updateAIAOCSP
+3298      * @memberOf X509#
+3299      * @function
+3300      * @param {Array} aExt array of extension parameters
+3301      * @param {String} newURI string of new uri
+3302      * @since jsrsasign 10.0.4 x509 2.0.8
+3303      * @see X509#findExt
+3304      * @see KJUR.asn1.x509.AuthorityInfoAccess
+3305      *
+3306      * @description
+3307      * This method updates "ocsp" accessMethod URI of 
+3308      * AuthorityInfoAccess extension
+3309      * in the extension parameter array if it exists.
+3310      *
+3311      * @example
+3312      * aExt = [
+3313      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+3314      *   {extname:"authoriyInfoAccess",
+3315      *    array:[
+3316      *      {ocsp: "http://ocsp1.example.com"},
+3317      *      {caissuer: "http://example.com/a.crt"}
+3318      *    ]}
+3319      * ];
+3320      * x = new X509();
+3321      * x.updateAIAOCSP(aExt, "http://ocsp2.example.net");
+3322      */
+3323     this.updateExtAIAOCSP = function(aExt, newURI) {
+3324 	var pExt = this.findExt(aExt, "authorityInfoAccess");
+3325 	if (pExt == null) return;
+3326 	if (pExt.array == undefined) return;
+3327 	var a = pExt.array;
+3328 	for (var i = 0; i < a.length; i++) {
+3329 	    if (a[i].ocsp != undefined) a[i].ocsp = newURI;
+3330 	}
+3331     };
+3332 
+3333     /**
+3334      * update authorityInfoAccess caIssuer in parameter<br/>
+3335      * @name updateAIACAIssuer
+3336      * @memberOf X509#
+3337      * @function
+3338      * @param {Array} aExt array of extension parameters
+3339      * @param {String} newURI string of new uri
+3340      * @since jsrsasign 10.0.4 x509 2.0.8
+3341      * @see X509#findExt
+3342      * @see KJUR.asn1.x509.AuthorityInfoAccess
+3343      *
+3344      * @description
+3345      * This method updates "caIssuer" accessMethod URI of 
+3346      * AuthorityInfoAccess extension
+3347      * in the extension parameter array if it exists.
+3348      *
+3349      * @example
+3350      * aExt = [
+3351      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+3352      *   {extname:"authoriyInfoAccess",
+3353      *    array:[
+3354      *      {ocsp: "http://ocsp1.example.com"},
+3355      *      {caissuer: "http://example.com/a.crt"}
+3356      *    ]}
+3357      * ];
+3358      * x = new X509();
+3359      * x.updateAIACAIssuer(aExt, "http://example.net/b.crt");
+3360      */
+3361     this.updateExtAIACAIssuer = function(aExt, newURI) {
+3362 	var pExt = this.findExt(aExt, "authorityInfoAccess");
+3363 	if (pExt == null) return;
+3364 	if (pExt.array == undefined) return;
+3365 	var a = pExt.array;
+3366 	for (var i = 0; i < a.length; i++) {
+3367 	    if (a[i].caissuer != undefined) a[i].caissuer = newURI;
+3368 	}
+3369     };
+3370 
+3371     /**
+3372      * convert array for X500 distinguish name to distinguish name string<br/>
+3373      * @name dnarraytostr
+3374      * @memberOf X509#
+3375      * @function
+3376      * @param {Array} aDN array for X500 distinguish name
+3377      * @return {String} distinguish name
+3378      * @since jsrsasign 10.0.6 x509 2.0.8
+3379      * @see X509#getX500Name
+3380      * @see X509#getX500NameArray
+3381      * @see KJUR.asn1.x509.X500Name
+3382      *
+3383      * @description
+3384      * This method converts from an array representation of 
+3385      * X.500 distinguished name to X.500 name string.
+3386      * This supports multi-valued RDN.
+3387      * 
+3388      * @example
+3389      * var x = new X509();
+3390      * x.dnarraytostr(
+3391      *   [[{type:"C",value:"JP",ds:"prn"}],
+3392      *   [{type:"O",value:"T1",ds:"prn"}]]) → "/C=JP/O=T1"
+3393      * x.dnarraytostr(
+3394      *   [[{type:"C",value:"JP",ds:"prn"}],
+3395      *   [{type:"O",value:"T1",ds:"prn"}
+3396      *    {type:"CN",value:"Bob",ds:"prn"}]]) → "/C=JP/O=T1+CN=Bob"
+3397      */
+3398     this.dnarraytostr = function(aDN) {
+3399 	function rdnarraytostr(aRDN) {
+3400 	    return aRDN.map(function(x){return atvtostr(x).replace(/\+/,"\\+");}).join("+");
+3401 	};
+3402 
+3403 	function atvtostr(pATV) {
+3404 	    return pATV.type + "=" + pATV.value;
+3405 	};
+3406 
+3407 	return "/" + aDN.map(function(x){return rdnarraytostr(x).replace(/\//, "\\/");}).join("/");
+3408     };
+3409 
+3410     /**
+3411      * set canonicalized DN to a DN parameter<br/>
+3412      * @name setCanonicalizedDN
+3413      * @memberOf X509#
+3414      * @function
+3415      * @param {object} pDN DN parameter associative array
+3416      * @since jsrsasign 10.6.0 x509 2.1.0
+3417      * 
+3418      * @description
+3419      * This method canonicalizes a DN string as following:
+3420      * <ul>
+3421      * <li>convert to lower case</li>
+3422      * <li>convert from all multiple spaces to a space</li>
+3423      * </ul>
+3424      * 
+3425      * @example
+3426      * var x = new X509();
+3427      * var pDN = {
+3428      *   array: [
+3429      *     [{type:'C',value:'JP',ds:'prn'}],
+3430      *     [{type:'O',value:'Test    1',ds:'prn'}] ],
+3431      *   str: "/C=JP/O=Test    1" };
+3432      * x.setCanonicalizedDN(pDN);
+3433 
+3434      * // pDN will become following
+3435      * pDN = {
+3436      *   array: [
+3437      *     [{type:'C',value:'JP',ds:'prn'}],
+3438      *     [{type:'O',value:'Test    1',ds:'prn'}] ],
+3439      *   str: "/C=JP/O=Test    1",
+3440      *   canon: "/c=jp/o=test 1" };
+3441      */
+3442     this.setCanonicalizedDN = function(pDN) {
+3443 	var aRDN;
+3444 	if (pDN.str != undefined && pDN.array == undefined) {
+3445 	    var dDN = new KJUR.asn1.x509.X500Name({str: pDN.str});
+3446 	    var hDN = dDN.tohex();
+3447 	    aRDN = this.getX500NameArray(hDN);
+3448 	} else {
+3449 	    aRDN = pDN.array;
+3450 	}
+3451 	if (pDN.canon == undefined) {
+3452 	    pDN.canon = this.c14nRDNArray(aRDN);
+3453 	}
+3454     };
+3455 
+3456     /**
+3457      * simple canonicalization(c14n) for RDN array<br/>
+3458      * @name c14nRDNArray
+3459      * @memberOf X509#
+3460      * @function
+3461      * @param {array} aRDN array of RDN parameters
+3462      * @return {string} canonicalized distinguish name (ex. "/c=jp/o=test ca")
+3463      * @since jsrsasign 10.6.0 x509 2.1.0
+3464      * 
+3465      * @description
+3466      * This method canonicalizes a DN string according to
+3467      * <a href="https://datatracker.ietf.org/doc/html/rfc4518#appendix-B">
+3468      * "RFC 4518 StringPrep Appendix B Substring Matching"</a> as following:
+3469      * <ul>
+3470      * <li>convert to lower case</li>
+3471      * <li>convert from all sequence of spaces to a space</li>
+3472      * <li>remove leading and trailing spaces</li>
+3473      * </ul>
+3474      * 
+3475      * @example
+3476      * var x = new X509();
+3477      * x.c14nRDNArray([
+3478      *   [{type:"C", value:"JP", ds: "prn"}],
+3479      *   [{type:"O", value:"    Test    1234     ", ds: "utf8"}],
+3480      *   [{type:"OU", value:"HR   45", ds: "utf8"}]
+3481      * ]) → "/c=jp/o=test 1234/ou=hr 45"
+3482      */
+3483     this.c14nRDNArray = function(aRDN) {
+3484 	var a = [];
+3485 	for (var i = 0; i < aRDN.length; i++) {
+3486 	    var aAVA = aRDN[i];
+3487 	    var a2 = [];
+3488 	    for (var j = 0; j < aAVA.length; j++) {
+3489 		var pAVA = aAVA[j];
+3490 		var value = pAVA.value;
+3491 		value = value.replace(/^\s*/, '');
+3492 		value = value.replace(/\s*$/, '');
+3493 		value = value.replace(/\s+/g, ' ');
+3494 		value = value.toLowerCase();
+3495 		a2.push(pAVA.type.toLowerCase() + "=" + value);
+3496 	    }
+3497 	    a.push(a2.join("+"));
+3498 	}
+3499 	return "/" + a.join("/");
+3500     };
+3501 
+3502     /**
+3503      * get certificate information as string.<br/>
+3504      * @name getInfo
+3505      * @memberOf X509#
+3506      * @function
+3507      * @return {String} certificate information string
+3508      * @since jsrsasign 5.0.10 x509 1.1.8
+3509      * @example
+3510      * x = new X509();
+3511      * x.readCertPEM(certPEM);
+3512      * console.log(x.getInfo());
+3513      * // this shows as following
+3514      * Basic Fields
+3515      *   serial number: 02ac5c266a0b409b8f0b79f2ae462577
+3516      *   signature algorithm: SHA1withRSA
+3517      *   issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
+3518      *   notBefore: 061110000000Z
+3519      *   notAfter: 311110000000Z
+3520      *   subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
+3521      *   subject public key info:
+3522      *     key algorithm: RSA
+3523      *     n=c6cce573e6fbd4bb...
+3524      *     e=10001
+3525      * X509v3 Extensions:
+3526      *   keyUsage CRITICAL:
+3527      *     digitalSignature,keyCertSign,cRLSign
+3528      *   basicConstraints CRITICAL:
+3529      *     cA=true
+3530      *   subjectKeyIdentifier :
+3531      *     b13ec36903f8bf4701d498261a0802ef63642bc3
+3532      *   authorityKeyIdentifier :
+3533      *     kid=b13ec36903f8bf4701d498261a0802ef63642bc3
+3534      * signature algorithm: SHA1withRSA
+3535      * signature: 1c1a0697dcd79c9f...
+3536      */
+3537     this.getInfo = function() {
+3538 	var _getSubjectAltNameStr = function(params) {
+3539 	    var s = "";
+3540 	    var indent = "    ";
+3541 	    var NL = "\n";
+3542 	    var a = params.array;
+3543 	    for (var i = 0; i < a.length; i++) {
+3544 		var pGN = a[i];
+3545 		if (pGN.dn != undefined)	s += indent + "dn: " + pGN.dn.str + NL;
+3546 		if (pGN.ip != undefined)	s += indent + "ip: " + pGN.ip + NL;
+3547 		if (pGN.rfc822 != undefined)	s += indent + "rfc822: " + pGN.rfc822 + NL;
+3548 		if (pGN.dns != undefined)	s += indent + "dns: " + pGN.dns + NL;
+3549 		if (pGN.uri != undefined)	s += indent + "uri: " + pGN.uri + NL;
+3550 		if (pGN.other != undefined) {
+3551 		    var oidname = pGN.other.oid;
+3552 		    var value = JSON.stringify(pGN.other.value).replace(/\"/g, '');
+3553 		    s += indent + "other: " + oidname + "=" + value + NL;
+3554 		}
+3555 	    }
+3556 	    s = s.replace(/\n$/, '');
+3557 	    return s;
+3558 	};
+3559 	var _getCertificatePoliciesStr = function(params) {
+3560 	    var s = "";
+3561 	    var a = params.array;
+3562 	    for (var i = 0; i < a.length; i++) {
+3563 		var pi = a[i];
+3564 		s += "    policy oid: " + pi.policyoid + "\n";
+3565 		if (pi.array === undefined) continue;
+3566 		for (var j = 0; j < pi.array.length; j++) {
+3567 		    var pqi = pi.array[j];
+3568 		    if (pqi.cps !== undefined) {
+3569 			s += "    cps: " + pqi.cps + "\n";
+3570 		    }
+3571 		}
+3572 	    }
+3573 	    return s;
+3574 	};
+3575 	var _getCRLDistributionPointsStr = function(params) {
+3576 	    var s = "";
+3577 	    var a = params.array;
+3578 	    for (var i = 0; i < a.length; i++) {
+3579 		var dp = a[i];
+3580 		try {
+3581 		    if (dp.dpname.full[0].uri !== undefined)
+3582 			s += "    " + dp.dpname.full[0].uri + "\n";
+3583 		} catch(ex) {};
+3584 		try {
+3585 		    if (dp.dname.full[0].dn.hex !== undefined)
+3586 			s += "    " + X509.hex2dn(dp.dpname.full[0].dn.hex) + "\n";
+3587 		} catch(ex) {};
+3588 	    }
+3589 	    return s;
+3590 	}
+3591 	var _getAuthorityInfoAccessStr = function(params) {
+3592 	    var s = "";
+3593 	    var a = params.array;
+3594 	    for (var i = 0; i < a.length; i++) {
+3595 		var ad = a[i];
+3596 
+3597 		if (ad.caissuer !== undefined)
+3598 		    s += "    caissuer: " + ad.caissuer + "\n";
+3599 		if (ad.ocsp !== undefined)
+3600 		    s += "    ocsp: " + ad.ocsp + "\n";
+3601 	    }
+3602 	    return s;
+3603 	};
+3604 	var _X509 = X509;
+3605 	var s, pubkey, aExt;
+3606 	s  = "Basic Fields\n";
+3607         s += "  serial number: " + this.getSerialNumberHex() + "\n";
+3608 	s += "  signature algorithm: " + this.getSignatureAlgorithmField() + "\n";
+3609 	s += "  issuer: " + this.getIssuerString() + "\n";
+3610 	s += "  notBefore: " + this.getNotBefore() + "\n";
+3611 	s += "  notAfter: " + this.getNotAfter() + "\n";
+3612 	s += "  subject: " + this.getSubjectString() + "\n";
+3613 	s += "  subject public key info: " + "\n";
+3614 
+3615 	// subject public key info
+3616 	pubkey = this.getPublicKey();
+3617 	s += "    key algorithm: " + pubkey.type + "\n";
+3618 
+3619 	if (pubkey.type === "RSA") {
+3620 	    s += "    n=" + hextoposhex(pubkey.n.toString(16)).substr(0, 16) + "...\n";
+3621 	    s += "    e=" + hextoposhex(pubkey.e.toString(16)) + "\n";
+3622 	}
+3623 
+3624 	// X.509v3 Extensions
+3625         aExt = this.aExtInfo;
+3626 
+3627 	if (aExt !== undefined && aExt !== null) {
+3628             s += "X509v3 Extensions:\n";
+3629 	    
+3630             for (var i = 0; i < aExt.length; i++) {
+3631 		var info = aExt[i];
+3632 
+3633 		// show extension name and critical flag
+3634 		var extName = KJUR.asn1.x509.OID.oid2name(info["oid"]);
+3635 		if (extName === '') extName = info["oid"];
+3636 
+3637 		var critical = '';
+3638 		if (info["critical"] === true) critical = "CRITICAL";
+3639 
+3640 		s += "  " + extName + " " + critical + ":\n";
+3641 
+3642 		// show extension value if supported
+3643 		if (extName === "basicConstraints") {
+3644 		    var bc = this.getExtBasicConstraints();
+3645 		    if (bc.cA === undefined) {
+3646 			s += "    {}\n";
+3647 		    } else {
+3648 			s += "    cA=true";
+3649 			if (bc.pathLen !== undefined)
+3650 			    s += ", pathLen=" + bc.pathLen;
+3651 			s += "\n";
+3652 		    }
+3653 		} else if (extName == "policyMappings") {
+3654 		    var a = this.getExtPolicyMappings().array;
+3655 		    var sMap = a.map(function(item){
+3656 			var aPolicy = item;
+3657 			return aPolicy[0] + ":" + aPolicy[1];
+3658 		    }).join(", ");
+3659 		    s += "    " + sMap + "\n";
+3660 		} else if (extName == "policyConstraints") {
+3661 		    var p = this.getExtPolicyConstraints();
+3662 		    s += "    ";
+3663 		    if (p.reqexp != undefined) s += " reqexp=" + p.reqexp;
+3664 		    if (p.inhibit != undefined) s += " inhibit=" + p.inhibit;
+3665 		    s += "\n";
+3666 		} else if (extName == "inhibitAnyPolicy") {
+3667 		    var p = this.getExtInhibitAnyPolicy();
+3668 		    s += "    skip=" + p.skip + "\n";
+3669 		} else if (extName == "keyUsage") {
+3670 		    s += "    " + this.getExtKeyUsageString() + "\n";
+3671 		} else if (extName == "subjectKeyIdentifier") {
+3672 		    s += "    " + this.getExtSubjectKeyIdentifier().kid.hex + "\n";
+3673 		} else if (extName == "authorityKeyIdentifier") {
+3674 		    var akid = this.getExtAuthorityKeyIdentifier();
+3675 		    if (akid.kid !== undefined)
+3676 			s += "    kid=" + akid.kid.hex + "\n";
+3677 		} else if (extName == "extKeyUsage") {
+3678 		    var eku = this.getExtExtKeyUsage().array;
+3679 		    s += "    " + eku.join(", ") + "\n";
+3680 		} else if (extName == "subjectAltName") {
+3681 		    var san = _getSubjectAltNameStr(this.getExtSubjectAltName());
+3682 		    s += san + "\n";
+3683 		} else if (extName == "cRLDistributionPoints") {
+3684 		    var cdp = this.getExtCRLDistributionPoints();
+3685 		    s += _getCRLDistributionPointsStr(cdp);
+3686 		} else if (extName == "authorityInfoAccess") {
+3687 		    var aia = this.getExtAuthorityInfoAccess();
+3688 		    s += _getAuthorityInfoAccessStr(aia);
+3689 		} else if (extName == "certificatePolicies") {
+3690 		    s += _getCertificatePoliciesStr(this.getExtCertificatePolicies());
+3691 		}
+3692 	    }
+3693         }
+3694 
+3695 	s += "signature algorithm: " + this.getSignatureAlgorithmName() + "\n";
+3696 	s += "signature: " + this.getSignatureValueHex().substr(0, 16) + "...\n";
+3697 	return s;
+3698     };
+3699 
+3700     if (typeof params == "string") {
+3701 	if (params.indexOf("-----BEGIN") != -1) {
+3702 	    this.readCertPEM(params);
+3703 	} else if (KJUR.lang.String.isHex(params)) {
+3704 	    this.readCertHex(params);
+3705 	}
+3706     }
+3707 };
+3708 // ----- END of X509 class -----
+3709 
+3710 /**
+3711  * additional definition for X.509 extension parsers<br/>
+3712  * @see X509.registExtParser
+3713  */
+3714 X509.EXT_PARSER = {
+3715 };
+3716 
+3717 /**
+3718  * define X.509 extension parser for specified OID<br/>
+3719  * @name registExtParser
+3720  * @memberOf X509
+3721  * @function
+3722  * @param {string} oid extension OID string (ex. "1.2.3.4")
+3723  * @param {function} func registering func extension value parsing function
+3724  * @return unspecified
+3725  * @since jsrsasign 10.7.0 x509 2.1.2
+3726  * 
+3727  * @description
+3728  * <p>
+3729  * This static method specifies a X.509 extension value parsing function
+3730  * for specified an extension OID.
+3731  * </p>
+3732  * <p>
+3733  * Extension parser function must have following three arguments:
+3734  * <ul>
+3735  * <li>{string} oid - OID for extension (ex. "1.2.3.4")</li>
+3736  * <li>{boolean} critical - critical flag of extension</li>
+3737  * <li>{string} hExtV - hexadecimal string of extension value</li>
+3738  * </ul>
+3739  * The funcition must return an associative array for the extension
+3740  * when hExtV can be parsed properly. Otherwise it must return
+3741  * value "undefined".
+3742  * </p>
+3743  *
+3744  * @example
+3745  * function _extparser1(oid, critical, hExtV) {
+3746  *   try {
+3747  *     var result = { extname: oid, value: ASN1HEX.parse(hExtV).utf8str.str };
+3748  *     if (critical) result.critical = true;
+3749  *     return result;
+3750  *   } catch(ex) {
+3751  *     return undefined;
+3752  *   }
+3753  * }
+3754  * X509.registExtParser("1.2.3.4", _extparser1);
+3755  */
+3756 X509.registExtParser = function(oid, func) {
+3757     X509.EXT_PARSER[oid] = func;
+3758 };
+3759 
+3760 /**
+3761  * get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name<br/>
+3762  * @name hex2dn
+3763  * @memberOf X509
+3764  * @function
+3765  * @param {String} hex hexadecimal string of ASN.1 DER distinguished name
+3766  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+3767  * @return {String} OpenSSL online format distinguished name
+3768  * @description
+3769  * This static method converts from a hexadecimal string of 
+3770  * distinguished name (DN)
+3771  * specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
+3772  * @example
+3773  * X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1
+3774  */
+3775 X509.hex2dn = function(hex, idx) {
+3776     if (idx === undefined) idx = 0;
+3777     var x = new X509();
+3778     var hDN = ASN1HEX.getTLV(hex, idx);
+3779     var pDN = x.getX500Name(hex);
+3780     return pDN.str;
+3781 };
+3782 
+3783 /**
+3784  * get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN<br/>
+3785  * @name hex2rdn
+3786  * @memberOf X509
+3787  * @function
+3788  * @param {String} hex hexadecimal string of ASN.1 DER concludes relative distinguished name
+3789  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+3790  * @return {String} OpenSSL online format relative distinguished name
+3791  * @description
+3792  * This static method converts from a hexadecimal string of 
+3793  * relative distinguished name (RDN)
+3794  * specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).<br/>
+3795  * NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
+3796  * @example
+3797  * X509.hex2rdn("310a3008060355040a0c0161") → O=a
+3798  * X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b
+3799  */
+3800 X509.hex2rdn = function(hex, idx) {
+3801     if (idx === undefined) idx = 0;
+3802     if (hex.substr(idx, 2) !== "31") throw new Error("malformed RDN");
+3803 
+3804     var a = new Array();
+3805 
+3806     var aIdx = ASN1HEX.getChildIdx(hex, idx);
+3807     for (var i = 0; i < aIdx.length; i++) {
+3808 	a.push(X509.hex2attrTypeValue(hex, aIdx[i]));
+3809     }
+3810 
+3811     a = a.map(function(s) { return s.replace("+", "\\+"); });
+3812     return a.join("+");
+3813 };
+3814 
+3815 /**
+3816  * get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue<br/>
+3817  * @name hex2attrTypeValue
+3818  * @memberOf X509
+3819  * @function
+3820  * @param {String} hex hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue
+3821  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+3822  * @return {String} string representation of AttributeTypeAndValue (ex. C=US)
+3823  * @description
+3824  * This static method converts from a hexadecimal string of AttributeTypeAndValue
+3825  * specified by 'hex' and 'idx' to LDAP string representation (ex. C=US).
+3826  * @example
+3827  * X509.hex2attrTypeValue("3008060355040a0c0161") → O=a
+3828  * X509.hex2attrTypeValue("300806035504060c0161") → C=a
+3829  * X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a
+3830  */
+3831 X509.hex2attrTypeValue = function(hex, idx) {
+3832     var _ASN1HEX = ASN1HEX;
+3833     var _getV = _ASN1HEX.getV;
+3834 
+3835     if (idx === undefined) idx = 0;
+3836     if (hex.substr(idx, 2) !== "30") 
+3837 	throw new Error("malformed attribute type and value");
+3838 
+3839     var aIdx = _ASN1HEX.getChildIdx(hex, idx);
+3840     if (aIdx.length !== 2 || hex.substr(aIdx[0], 2) !== "06")
+3841 	"malformed attribute type and value";
+3842 
+3843     var oidHex = _getV(hex, aIdx[0]);
+3844     var oidInt = KJUR.asn1.ASN1Util.oidHexToInt(oidHex);
+3845     var atype = KJUR.asn1.x509.OID.oid2atype(oidInt);
+3846 
+3847     var hV = _getV(hex, aIdx[1]);
+3848     var rawV = hextorstr(hV);
+3849 
+3850     return atype + "=" + rawV;
+3851 };
+3852 
+3853 /**
+3854  * get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string<br/>
+3855  * @name getPublicKeyFromCertHex
+3856  * @memberOf X509
+3857  * @function
+3858  * @param {String} h hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key
+3859  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
+3860  * @since jsrasign 7.1.0 x509 1.1.11
+3861  */
+3862 X509.getPublicKeyFromCertHex = function(h) {
+3863     var x = new X509();
+3864     x.readCertHex(h);
+3865     return x.getPublicKey();
+3866 };
+3867 
+3868 /**
+3869  * get RSA/DSA/ECDSA public key object from PEM certificate string
+3870  * @name getPublicKeyFromCertPEM
+3871  * @memberOf X509
+3872  * @function
+3873  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
+3874  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
+3875  * @since x509 1.1.1
+3876  * @description
+3877  * NOTE: DSA is also supported since x509 1.1.2.
+3878  */
+3879 X509.getPublicKeyFromCertPEM = function(sCertPEM) {
+3880     var x = new X509();
+3881     x.readCertPEM(sCertPEM);
+3882     return x.getPublicKey();
+3883 };
+3884 
+3885 /**
+3886  * get public key information from PEM certificate
+3887  * @name getPublicKeyInfoPropOfCertPEM
+3888  * @memberOf X509
+3889  * @function
+3890  * @param {String} sCertPEM string of PEM formatted certificate
+3891  * @return {Hash} hash of information for public key
+3892  * @since x509 1.1.1
+3893  * @description
+3894  * Resulted associative array has following properties:<br/>
+3895  * <ul>
+3896  * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
+3897  * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
+3898  * <li>keyhex - hexadecimal string of key in the certificate</li>
+3899  * </ul>
+3900  * NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
+3901  */
+3902 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) {
+3903     var _ASN1HEX = ASN1HEX;
+3904     var _getVbyList = _ASN1HEX.getVbyList;
+3905 
+3906     var result = {};
+3907     var x, hSPKI, pubkey;
+3908     result.algparam = null;
+3909 
+3910     x = new X509();
+3911     x.readCertPEM(sCertPEM);
+3912 
+3913     hSPKI = x.getPublicKeyHex();
+3914     result.keyhex = _getVbyList(hSPKI, 0, [1], "03").substr(2);
+3915     result.algoid = _getVbyList(hSPKI, 0, [0, 0], "06");
+3916 
+3917     if (result.algoid === "2a8648ce3d0201") { // ecPublicKey
+3918 	result.algparam = _getVbyList(hSPKI, 0, [0, 1], "06");
+3919     };
+3920 
+3921     return result;
+3922 };
+3923 
+3924 /* ======================================================================
+3925  *   Specific V3 Extensions
+3926  * ====================================================================== */
+3927 
+3928 X509.KEYUSAGE_NAME = [
+3929     "digitalSignature",
+3930     "nonRepudiation",
+3931     "keyEncipherment",
+3932     "dataEncipherment",
+3933     "keyAgreement",
+3934     "keyCertSign",
+3935     "cRLSign",
+3936     "encipherOnly",
+3937     "decipherOnly"
+3938 ];
+3939
\ No newline at end of file diff --git a/bower.json b/bower.json index f05664af..70d67173 100644 --- a/bower.json +++ b/bower.json @@ -1,6 +1,6 @@ { "name": "kjur-jsrsasign", - "version": "10.8.4", + "version": "10.8.5", "main": "jsrsasign-all-min.js", "description": "The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES, JWS and JWT in pure JavaScript.", "license": "MIT", diff --git a/jsrsasign-all-min.js b/jsrsasign-all-min.js index d49f103b..8e64e136 100644 --- a/jsrsasign-all-min.js +++ b/jsrsasign-all-min.js @@ -1,8 +1,8 @@ /* - * jsrsasign(all) 10.8.4 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(all) 10.8.5 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license */ -var VERSION = "10.8.4"; -var VERSION_FULL = "jsrsasign(all) 10.8.4 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; +var VERSION = "10.8.5"; +var VERSION_FULL = "jsrsasign(all) 10.8.5 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; /*! CryptoJS v3.1.2 core-fix.js * code.google.com/p/crypto-js @@ -235,7 +235,7 @@ if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"|| var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(v){var w={};var q=v.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(q){w.cipher=q[1];w.ivsalt=q[2]}var p=v.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(p){w.type=p[1]}var u=-1;var x=0;if(v.indexOf("\r\n\r\n")!=-1){u=v.indexOf("\r\n\r\n");x=2}if(v.indexOf("\n\n")!=-1){u=v.indexOf("\n\n");x=1}var t=v.indexOf("-----END");if(u!=-1&&t!=-1){var r=v.substring(u+x*2,t-x);r=r.replace(/\s+/g,"");w.data=r}return w};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw new Error("KEYUTIL unsupported algorithm: "+t)}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw new Error("malformed format: SEQUENCE(0).items != 2: "+r.length)}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0).items != 2: "+A.length)}if(w(y,A[0])!="2a864886f70d01050d"){throw new Error("this only supports pkcs5PBES2")}var p=z(y,A[1]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1).items != 2: "+p.length)}var q=z(y,p[1]);if(q.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length)}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length)}if(w(y,s[0])!="2a864886f70d01050c"){throw new Error("this only supports pkcs5PBKDF2")}var x=z(y,s[1]);if(x.length<2){throw new Error("malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length)}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw new Error("malformed format pbkdf2Iter: "+u)}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw new Error("malformed plain PKCS8 private key(code:001)")}var r=u(s,0);if(r.length<3){throw new Error("malformed plain PKCS8 private key(code:002)")}if(s.substr(r[1],2)!="30"){throw new Error("malformed PKCS8 private key(code:003)")}var p=u(s,r[1]);if(p.length!=2){throw new Error("malformed PKCS8 private key(code:004)")}if(s.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 private key(code:005)")}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw new Error("malformed PKCS8 private key(code:006)")}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported private key algorithm")}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported PKCS#8 public key hex")}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw new Error("malformed RSA key(code:001)")}var q=t(r,0);if(q.length!=2){throw new Error("malformed RSA key(code:002)")}if(r.substr(q[0],2)!="02"){throw new Error("malformed RSA key(code:003)")}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw new Error("malformed RSA key(code:004)")}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw new Error("outer DERSequence shall have 2 elements: "+r.length)}var w=r[0];if(t.substr(w,2)!="30"){throw new Error("malformed PKCS8 public key(code:001)")}var p=u(t,w);if(p.length!=2){throw new Error("malformed PKCS8 public key(code:002)")}if(t.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 public key(code:003)")}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw new Error("malformed PKCS8 public key(code:004)")}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw new Error("unsupported PKCS#1/5 hexadecimal key")}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw new Error("undefined OID(hex) in KJUR.crypto.OID: "+f)}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw new Error("unknown algorithm: "+a)}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var H=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return H}function B(H){var s=l({seq:[{"int":1},{octstr:{hex:H.prvKeyHex}},{tag:["a0",true,{oid:{name:H.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+H.pubKeyHex}}]}]});return s}function x(s){var H=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return H}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.tohex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.tohex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.tohex();var h=B(b);var t=h.tohex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.tohex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(H,s){var J=c(H,s);var I=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:J.pbkdf2Salt}},{"int":J.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:J.encryptionSchemeIV}}]}]}]},{octstr:{hex:J.ciphertext}}]});return I.tohex()};var c=function(O,P){var I=100;var N=CryptoJS.lib.WordArray.random(8);var M="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var J=CryptoJS.PBKDF2(P,N,{keySize:192/32,iterations:I});var K=CryptoJS.enc.Hex.parse(O);var L=CryptoJS.TripleDES.encrypt(K,J,{iv:s})+"";var H={};H.ciphertext=L;H.pbkdf2Salt=CryptoJS.enc.Hex.stringify(N);H.pbkdf2Iter=I;H.encryptionSchemeAlg=M;H.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return H};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var G={seq:[{"int":1},{octstr:{hex:b.prvKeyHex}}]};if(typeof b.pubKeyHex=="string"){G.seq.push({tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]})}var g=new l(G);var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw new Error("malformed CSR(code:001)")}var e=f(g,0);if(e.length<1){throw new Error("malformed CSR(code:002)")}if(g.substr(e[0],2)!="30"){throw new Error("malformed CSR(code:003)")}var a=f(g,e[0]);if(a.length<3){throw new Error("malformed CSR(code:004)")}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWK=function(d,h,g,b,f){var i;var k={};var e;var c=KJUR.crypto.Util.hashHex;if(typeof d=="string"){i=KEYUTIL.getKey(d);if(d.indexOf("CERTIFICATE")!=-1){e=pemtohex(d)}}else{if(typeof d=="object"){if(d instanceof X509){i=d.getPublicKey();e=d.hex}else{i=d}}else{throw new Error("unsupported keyinfo type")}}if(i instanceof RSAKey&&i.isPrivate){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16));k.d=hextob64u(i.d.toString(16));k.p=hextob64u(i.p.toString(16));k.q=hextob64u(i.q.toString(16));k.dp=hextob64u(i.dmp1.toString(16));k.dq=hextob64u(i.dmq1.toString(16));k.qi=hextob64u(i.coeff.toString(16))}else{if(i instanceof RSAKey&&i.isPublic){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16))}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPrivate){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y);k.d=hextob64u(i.prvKeyHex)}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPublic){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y)}}}}if(k.kty==undefined){throw new Error("unsupported keyinfo")}if((!i.isPrivate)&&h!=true){k.kid=KJUR.jws.JWS.getJWKthumbprint(k)}if(e!=undefined&&g!=true){k.x5c=[hex2b64(e)]}if(e!=undefined&&b!=true){k.x5t=b64tob64u(hex2b64(c(e,"sha1")))}if(e!=undefined&&f!=true){k["x5t#S256"]=b64tob64u(hex2b64(c(e,"sha256")))}return k};KEYUTIL.getJWKFromKey=function(a){return KEYUTIL.getJWK(a,true,true,true,true)}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dk){return false}var j=this.doPublic(b);var i=j.toString(16);if(i.length+3!=k/4){return false}var e=i.replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(m){return KJUR.crypto.Util.hashString(m,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q0){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};this.getExtSubjectDirectoryAttributes=function(H,G){if(H===undefined&&G===undefined){var B=this.getExtInfo("subjectDirectoryAttributes");if(B===undefined){return undefined}H=b(this.hex,B.vidx);G=B.critical}var I={extname:"subjectDirectoryAttributes"};if(G){I.critical=true}try{var z=j(H);for(var D=0;D0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};this.getExtSubjectDirectoryAttributes=function(H,G){if(H===undefined&&G===undefined){var B=this.getExtInfo("subjectDirectoryAttributes");if(B===undefined){return undefined}H=b(this.hex,B.vidx);G=B.critical}var I={extname:"subjectDirectoryAttributes"};if(G){I.critical=true}try{var z=j(H);for(var D=0;D0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;if(!isBase64URLDot(e)){return false}var k=e.split(".");if(k.length!=3){return false}var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/jsrsasign-jwths-min.js b/jsrsasign-jwths-min.js index e9100723..4207bf0e 100644 --- a/jsrsasign-jwths-min.js +++ b/jsrsasign-jwths-min.js @@ -1,8 +1,8 @@ /* - * jsrsasign(jwths) 10.8.4 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(jwths) 10.8.5 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license */ -var VERSION = "10.8.4"; -var VERSION_FULL = "jsrsasign(jwths) 10.8.4 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; +var VERSION = "10.8.5"; +var VERSION_FULL = "jsrsasign(jwths) 10.8.5 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; /*! CryptoJS v3.1.2 core-fix.js * code.google.com/p/crypto-js diff --git a/jsrsasign-rsa-min.js b/jsrsasign-rsa-min.js index aa5ef486..95fa3285 100644 --- a/jsrsasign-rsa-min.js +++ b/jsrsasign-rsa-min.js @@ -1,8 +1,8 @@ /* - * jsrsasign(rsa) 10.8.4 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(rsa) 10.8.5 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license */ -var VERSION = "10.8.4"; -var VERSION_FULL = "jsrsasign(rsa) 10.8.4 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; +var VERSION = "10.8.5"; +var VERSION_FULL = "jsrsasign(rsa) 10.8.5 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; /*! CryptoJS v3.1.2 core-fix.js * code.google.com/p/crypto-js diff --git a/min/x509-1.1.min.js b/min/x509-1.1.min.js index 8366b73c..02751643 100644 --- a/min/x509-1.1.min.js +++ b/min/x509-1.1.min.js @@ -1 +1 @@ -function X509(v){var o=ASN1HEX,s=o.getChildIdx,k=o.getV,y=o.dump,j=o.parse,b=o.getTLV,c=o.getVbyList,p=o.getVbyListEx,a=o.getTLVbyList,q=o.getTLVbyListEx,l=o.getIdxbyList,f=o.getIdxbyListEx,n=o.getVidx,x=o.getInt,u=o.oidname,r=o.hextooidstr,d=X509,w=pemtohex,g,m=Error;try{g=KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV}catch(t){}this.HEX2STAG={"0c":"utf8","13":"prn","16":"ia5","1a":"vis","1e":"bmp"};this.hex=null;this.version=0;this.foffset=0;this.aExtInfo=null;this.getVersion=function(){if(this.hex===null||this.version!==0){return this.version}var A=a(this.hex,0,[0,0]);if(A.substr(0,2)=="a0"){var B=a(A,0,[0]);var z=x(B,0);if(z<0||20){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};this.getExtSubjectDirectoryAttributes=function(H,G){if(H===undefined&&G===undefined){var B=this.getExtInfo("subjectDirectoryAttributes");if(B===undefined){return undefined}H=b(this.hex,B.vidx);G=B.critical}var I={extname:"subjectDirectoryAttributes"};if(G){I.critical=true}try{var z=j(H);for(var D=0;D0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};this.getExtSubjectDirectoryAttributes=function(H,G){if(H===undefined&&G===undefined){var B=this.getExtInfo("subjectDirectoryAttributes");if(B===undefined){return undefined}H=b(this.hex,B.vidx);G=B.critical}var I={extname:"subjectDirectoryAttributes"};if(G){I.critical=true}try{var z=j(H);for(var D=0;D0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw new Error("KEYUTIL unsupported algorithm: "+t)}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw new Error("malformed format: SEQUENCE(0).items != 2: "+r.length)}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0).items != 2: "+A.length)}if(w(y,A[0])!="2a864886f70d01050d"){throw new Error("this only supports pkcs5PBES2")}var p=z(y,A[1]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1).items != 2: "+p.length)}var q=z(y,p[1]);if(q.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length)}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length)}if(w(y,s[0])!="2a864886f70d01050c"){throw new Error("this only supports pkcs5PBKDF2")}var x=z(y,s[1]);if(x.length<2){throw new Error("malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length)}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw new Error("malformed format pbkdf2Iter: "+u)}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw new Error("malformed plain PKCS8 private key(code:001)")}var r=u(s,0);if(r.length<3){throw new Error("malformed plain PKCS8 private key(code:002)")}if(s.substr(r[1],2)!="30"){throw new Error("malformed PKCS8 private key(code:003)")}var p=u(s,r[1]);if(p.length!=2){throw new Error("malformed PKCS8 private key(code:004)")}if(s.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 private key(code:005)")}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw new Error("malformed PKCS8 private key(code:006)")}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported private key algorithm")}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported PKCS#8 public key hex")}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw new Error("malformed RSA key(code:001)")}var q=t(r,0);if(q.length!=2){throw new Error("malformed RSA key(code:002)")}if(r.substr(q[0],2)!="02"){throw new Error("malformed RSA key(code:003)")}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw new Error("malformed RSA key(code:004)")}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw new Error("outer DERSequence shall have 2 elements: "+r.length)}var w=r[0];if(t.substr(w,2)!="30"){throw new Error("malformed PKCS8 public key(code:001)")}var p=u(t,w);if(p.length!=2){throw new Error("malformed PKCS8 public key(code:002)")}if(t.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 public key(code:003)")}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw new Error("malformed PKCS8 public key(code:004)")}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw new Error("unsupported PKCS#1/5 hexadecimal key")}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw new Error("undefined OID(hex) in KJUR.crypto.OID: "+f)}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw new Error("unknown algorithm: "+a)}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var H=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return H}function B(H){var s=l({seq:[{"int":1},{octstr:{hex:H.prvKeyHex}},{tag:["a0",true,{oid:{name:H.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+H.pubKeyHex}}]}]});return s}function x(s){var H=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return H}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.tohex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.tohex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.tohex();var h=B(b);var t=h.tohex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.tohex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(H,s){var J=c(H,s);var I=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:J.pbkdf2Salt}},{"int":J.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:J.encryptionSchemeIV}}]}]}]},{octstr:{hex:J.ciphertext}}]});return I.tohex()};var c=function(O,P){var I=100;var N=CryptoJS.lib.WordArray.random(8);var M="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var J=CryptoJS.PBKDF2(P,N,{keySize:192/32,iterations:I});var K=CryptoJS.enc.Hex.parse(O);var L=CryptoJS.TripleDES.encrypt(K,J,{iv:s})+"";var H={};H.ciphertext=L;H.pbkdf2Salt=CryptoJS.enc.Hex.stringify(N);H.pbkdf2Iter=I;H.encryptionSchemeAlg=M;H.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return H};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var G={seq:[{"int":1},{octstr:{hex:b.prvKeyHex}}]};if(typeof b.pubKeyHex=="string"){G.seq.push({tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]})}var g=new l(G);var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw new Error("malformed CSR(code:001)")}var e=f(g,0);if(e.length<1){throw new Error("malformed CSR(code:002)")}if(g.substr(e[0],2)!="30"){throw new Error("malformed CSR(code:003)")}var a=f(g,e[0]);if(a.length<3){throw new Error("malformed CSR(code:004)")}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWK=function(d,h,g,b,f){var i;var k={};var e;var c=KJUR.crypto.Util.hashHex;if(typeof d=="string"){i=KEYUTIL.getKey(d);if(d.indexOf("CERTIFICATE")!=-1){e=pemtohex(d)}}else{if(typeof d=="object"){if(d instanceof X509){i=d.getPublicKey();e=d.hex}else{i=d}}else{throw new Error("unsupported keyinfo type")}}if(i instanceof RSAKey&&i.isPrivate){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16));k.d=hextob64u(i.d.toString(16));k.p=hextob64u(i.p.toString(16));k.q=hextob64u(i.q.toString(16));k.dp=hextob64u(i.dmp1.toString(16));k.dq=hextob64u(i.dmq1.toString(16));k.qi=hextob64u(i.coeff.toString(16))}else{if(i instanceof RSAKey&&i.isPublic){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16))}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPrivate){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y);k.d=hextob64u(i.prvKeyHex)}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPublic){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y)}}}}if(k.kty==undefined){throw new Error("unsupported keyinfo")}if((!i.isPrivate)&&h!=true){k.kid=KJUR.jws.JWS.getJWKthumbprint(k)}if(e!=undefined&&g!=true){k.x5c=[hex2b64(e)]}if(e!=undefined&&b!=true){k.x5t=b64tob64u(hex2b64(c(e,"sha1")))}if(e!=undefined&&f!=true){k["x5t#S256"]=b64tob64u(hex2b64(c(e,"sha256")))}return k};KEYUTIL.getJWKFromKey=function(a){return KEYUTIL.getJWK(a,true,true,true,true)}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dk){return false}var j=this.doPublic(b);var i=j.toString(16);if(i.length+3!=k/4){return false}var e=i.replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(m){return KJUR.crypto.Util.hashString(m,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q0){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};this.getExtSubjectDirectoryAttributes=function(H,G){if(H===undefined&&G===undefined){var B=this.getExtInfo("subjectDirectoryAttributes");if(B===undefined){return undefined}H=b(this.hex,B.vidx);G=B.critical}var I={extname:"subjectDirectoryAttributes"};if(G){I.critical=true}try{var z=j(H);for(var D=0;D0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};this.getExtSubjectDirectoryAttributes=function(H,G){if(H===undefined&&G===undefined){var B=this.getExtInfo("subjectDirectoryAttributes");if(B===undefined){return undefined}H=b(this.hex,B.vidx);G=B.critical}var I={extname:"subjectDirectoryAttributes"};if(G){I.critical=true}try{var z=j(H);for(var D=0;D0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;if(!isBase64URLDot(e)){return false}var k=e.split(".");if(k.length!=3){return false}var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/npm/lib/jsrsasign-jwths-min.js b/npm/lib/jsrsasign-jwths-min.js index e9100723..4207bf0e 100644 --- a/npm/lib/jsrsasign-jwths-min.js +++ b/npm/lib/jsrsasign-jwths-min.js @@ -1,8 +1,8 @@ /* - * jsrsasign(jwths) 10.8.4 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(jwths) 10.8.5 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license */ -var VERSION = "10.8.4"; -var VERSION_FULL = "jsrsasign(jwths) 10.8.4 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; +var VERSION = "10.8.5"; +var VERSION_FULL = "jsrsasign(jwths) 10.8.5 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; /*! CryptoJS v3.1.2 core-fix.js * code.google.com/p/crypto-js diff --git a/npm/lib/jsrsasign-rsa-min.js b/npm/lib/jsrsasign-rsa-min.js index aa5ef486..95fa3285 100644 --- a/npm/lib/jsrsasign-rsa-min.js +++ b/npm/lib/jsrsasign-rsa-min.js @@ -1,8 +1,8 @@ /* - * jsrsasign(rsa) 10.8.4 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(rsa) 10.8.5 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license */ -var VERSION = "10.8.4"; -var VERSION_FULL = "jsrsasign(rsa) 10.8.4 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; +var VERSION = "10.8.5"; +var VERSION_FULL = "jsrsasign(rsa) 10.8.5 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; /*! CryptoJS v3.1.2 core-fix.js * code.google.com/p/crypto-js diff --git a/npm/lib/jsrsasign.js b/npm/lib/jsrsasign.js index 4b4155c0..bc588eaf 100755 --- a/npm/lib/jsrsasign.js +++ b/npm/lib/jsrsasign.js @@ -4,10 +4,10 @@ navigator.userAgent = false; var window = {}; /* - * jsrsasign(all) 10.8.4 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(all) 10.8.5 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license */ -var VERSION = "10.8.4"; -var VERSION_FULL = "jsrsasign(all) 10.8.4 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; +var VERSION = "10.8.5"; +var VERSION_FULL = "jsrsasign(all) 10.8.5 (2023-04-26) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; /*! CryptoJS v3.1.2 core-fix.js * code.google.com/p/crypto-js @@ -240,7 +240,7 @@ if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"|| var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(v){var w={};var q=v.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));if(q){w.cipher=q[1];w.ivsalt=q[2]}var p=v.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));if(p){w.type=p[1]}var u=-1;var x=0;if(v.indexOf("\r\n\r\n")!=-1){u=v.indexOf("\r\n\r\n");x=2}if(v.indexOf("\n\n")!=-1){u=v.indexOf("\n\n");x=1}var t=v.indexOf("-----END");if(u!=-1&&t!=-1){var r=v.substring(u+x*2,t-x);r=r.replace(/\s+/g,"");w.data=r}return w};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw new Error("KEYUTIL unsupported algorithm: "+t)}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw new Error("malformed format: SEQUENCE(0).items != 2: "+r.length)}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0).items != 2: "+A.length)}if(w(y,A[0])!="2a864886f70d01050d"){throw new Error("this only supports pkcs5PBES2")}var p=z(y,A[1]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1).items != 2: "+p.length)}var q=z(y,p[1]);if(q.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length)}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length)}if(w(y,s[0])!="2a864886f70d01050c"){throw new Error("this only supports pkcs5PBKDF2")}var x=z(y,s[1]);if(x.length<2){throw new Error("malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length)}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw new Error("malformed format pbkdf2Iter: "+u)}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw new Error("malformed plain PKCS8 private key(code:001)")}var r=u(s,0);if(r.length<3){throw new Error("malformed plain PKCS8 private key(code:002)")}if(s.substr(r[1],2)!="30"){throw new Error("malformed PKCS8 private key(code:003)")}var p=u(s,r[1]);if(p.length!=2){throw new Error("malformed PKCS8 private key(code:004)")}if(s.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 private key(code:005)")}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw new Error("malformed PKCS8 private key(code:006)")}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported private key algorithm")}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported PKCS#8 public key hex")}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw new Error("malformed RSA key(code:001)")}var q=t(r,0);if(q.length!=2){throw new Error("malformed RSA key(code:002)")}if(r.substr(q[0],2)!="02"){throw new Error("malformed RSA key(code:003)")}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw new Error("malformed RSA key(code:004)")}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw new Error("outer DERSequence shall have 2 elements: "+r.length)}var w=r[0];if(t.substr(w,2)!="30"){throw new Error("malformed PKCS8 public key(code:001)")}var p=u(t,w);if(p.length!=2){throw new Error("malformed PKCS8 public key(code:002)")}if(t.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 public key(code:003)")}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw new Error("malformed PKCS8 public key(code:004)")}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw new Error("unsupported PKCS#1/5 hexadecimal key")}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw new Error("undefined OID(hex) in KJUR.crypto.OID: "+f)}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw new Error("unknown algorithm: "+a)}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var H=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return H}function B(H){var s=l({seq:[{"int":1},{octstr:{hex:H.prvKeyHex}},{tag:["a0",true,{oid:{name:H.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+H.pubKeyHex}}]}]});return s}function x(s){var H=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return H}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.tohex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.tohex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.tohex();var h=B(b);var t=h.tohex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.tohex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(H,s){var J=c(H,s);var I=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:J.pbkdf2Salt}},{"int":J.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:J.encryptionSchemeIV}}]}]}]},{octstr:{hex:J.ciphertext}}]});return I.tohex()};var c=function(O,P){var I=100;var N=CryptoJS.lib.WordArray.random(8);var M="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var J=CryptoJS.PBKDF2(P,N,{keySize:192/32,iterations:I});var K=CryptoJS.enc.Hex.parse(O);var L=CryptoJS.TripleDES.encrypt(K,J,{iv:s})+"";var H={};H.ciphertext=L;H.pbkdf2Salt=CryptoJS.enc.Hex.stringify(N);H.pbkdf2Iter=I;H.encryptionSchemeAlg=M;H.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return H};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var G={seq:[{"int":1},{octstr:{hex:b.prvKeyHex}}]};if(typeof b.pubKeyHex=="string"){G.seq.push({tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]})}var g=new l(G);var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw new Error("malformed CSR(code:001)")}var e=f(g,0);if(e.length<1){throw new Error("malformed CSR(code:002)")}if(g.substr(e[0],2)!="30"){throw new Error("malformed CSR(code:003)")}var a=f(g,e[0]);if(a.length<3){throw new Error("malformed CSR(code:004)")}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWK=function(d,h,g,b,f){var i;var k={};var e;var c=KJUR.crypto.Util.hashHex;if(typeof d=="string"){i=KEYUTIL.getKey(d);if(d.indexOf("CERTIFICATE")!=-1){e=pemtohex(d)}}else{if(typeof d=="object"){if(d instanceof X509){i=d.getPublicKey();e=d.hex}else{i=d}}else{throw new Error("unsupported keyinfo type")}}if(i instanceof RSAKey&&i.isPrivate){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16));k.d=hextob64u(i.d.toString(16));k.p=hextob64u(i.p.toString(16));k.q=hextob64u(i.q.toString(16));k.dp=hextob64u(i.dmp1.toString(16));k.dq=hextob64u(i.dmq1.toString(16));k.qi=hextob64u(i.coeff.toString(16))}else{if(i instanceof RSAKey&&i.isPublic){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16))}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPrivate){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y);k.d=hextob64u(i.prvKeyHex)}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPublic){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y)}}}}if(k.kty==undefined){throw new Error("unsupported keyinfo")}if((!i.isPrivate)&&h!=true){k.kid=KJUR.jws.JWS.getJWKthumbprint(k)}if(e!=undefined&&g!=true){k.x5c=[hex2b64(e)]}if(e!=undefined&&b!=true){k.x5t=b64tob64u(hex2b64(c(e,"sha1")))}if(e!=undefined&&f!=true){k["x5t#S256"]=b64tob64u(hex2b64(c(e,"sha256")))}return k};KEYUTIL.getJWKFromKey=function(a){return KEYUTIL.getJWK(a,true,true,true,true)}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dk){return false}var j=this.doPublic(b);var i=j.toString(16);if(i.length+3!=k/4){return false}var e=i.replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(m){return KJUR.crypto.Util.hashString(m,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q0){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};this.getExtSubjectDirectoryAttributes=function(H,G){if(H===undefined&&G===undefined){var B=this.getExtInfo("subjectDirectoryAttributes");if(B===undefined){return undefined}H=b(this.hex,B.vidx);G=B.critical}var I={extname:"subjectDirectoryAttributes"};if(G){I.critical=true}try{var z=j(H);for(var D=0;D0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};this.getExtSubjectDirectoryAttributes=function(H,G){if(H===undefined&&G===undefined){var B=this.getExtInfo("subjectDirectoryAttributes");if(B===undefined){return undefined}H=b(this.hex,B.vidx);G=B.critical}var I={extname:"subjectDirectoryAttributes"};if(G){I.critical=true}try{var z=j(H);for(var D=0;D0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;if(!isBase64URLDot(e)){return false}var k=e.split(".");if(k.length!=3){return false}var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/npm/package.json b/npm/package.json index 02363dde..fc332f56 100755 --- a/npm/package.json +++ b/npm/package.json @@ -1,6 +1,6 @@ { "name": "jsrsasign", - "version": "10.8.4", + "version": "10.8.5", "description": "opensource free pure JavaScript cryptographic library supports RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp and CAdES and JSON Web Signature(JWS)/Token(JWT)/Key(JWK).", "main": "lib/jsrsasign.js", "scripts": { diff --git a/src/x509-1.1.js b/src/x509-1.1.js index 748c464c..f0699f48 100644 --- a/src/x509-1.1.js +++ b/src/x509-1.1.js @@ -1,4 +1,4 @@ -/* x509-2.1.4.js (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license +/* x509-2.1.5.js (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license */ /* * x509.js - X509 class to read subject public key from certificate. @@ -16,7 +16,7 @@ * @fileOverview * @name x509-1.1.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 10.8.4 x509 2.1.4 (2023-Apr-26) + * @version jsrsasign 10.8.5 x509 2.1.5 (2023-Apr-26) * @since jsrsasign 1.x.x * @license MIT License */ @@ -2601,8 +2601,9 @@ function X509(params) { var pASN1 = _ASN1HEX_parse(hExtV); for (var i = 0; i < pASN1.seq.length; i++) { var aASN1Attribute = pASN1.seq[i]; - var attrType = aryval(aASN1Attribute, "0.oid"); - var attrValue = aryval(aASN1Attribute, "1.set"); + var attrType = aryval(aASN1Attribute, "seq.0.oid"); + var attrValue = aryval(aASN1Attribute, "seq.1.set"); + if (attrType == undefined || attrValue == undefined) throw "error"; return { attr: attrType, array: attrValue }; } result.array = aValue;