diff --git a/ChangeLog.txt b/ChangeLog.txt index 048dfdc5..76b27532 100755 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,6 +1,14 @@ ChangeLog for jsrsasign +extend CertificationRequestInfo class for challengePassword and unstructuredName +* Changes from 10.5.26 to 10.5.27 (2022-Aug-19) + - src/asn1csr.js + - CertificationRequestInfo class + - add support for challengePassword and unstructuredName (#522) + - "attrs" member support in constructure argument + - test/qunit-do-asn1csr.html + CSRUtil class enhancement * Changes from 10.5.25 to 10.5.26 (2022-Jul-14) - src/asn1csr.js diff --git a/api/files.html b/api/files.html index 545d93c3..4cf8c7c5 100644 --- a/api/files.html +++ b/api/files.html @@ -586,7 +586,7 @@

asn1csr-1.0.js

Version:
-
jsrsasign 10.5.26 asn1csr 2.0.6 (2022-Jul-14)
+
jsrsasign 10.5.27 asn1csr 2.0.7 (2022-Aug-19)
diff --git a/api/symbols/KJUR.asn1.cms.Attribute.html b/api/symbols/KJUR.asn1.cms.Attribute.html index fc4d88c3..c0fea1e9 100644 --- a/api/symbols/KJUR.asn1.cms.Attribute.html +++ b/api/symbols/KJUR.asn1.cms.Attribute.html @@ -562,7 +562,7 @@

This is an abstract class for CMS attribute ASN.1 encoder as defined in -RFC 5652 CMS 5.3 SignerInfo. +RFC 5652 CMS 5.3 SignerInfo. @@ -667,7 +667,7 @@

This is an abstract class for CMS attribute ASN.1 encoder as defined in -RFC 5652 CMS 5.3 SignerInfo. +RFC 5652 CMS 5.3 SignerInfo. 
 Attributes ::= SET OF Attribute
 Attribute ::= SEQUENCE {
diff --git a/api/symbols/KJUR.asn1.csr.CertificationRequestInfo.html b/api/symbols/KJUR.asn1.csr.CertificationRequestInfo.html
index 2873ed3c..330a6453 100644
--- a/api/symbols/KJUR.asn1.csr.CertificationRequestInfo.html
+++ b/api/symbols/KJUR.asn1.csr.CertificationRequestInfo.html
@@ -617,13 +617,24 @@ 

   version       INTEGER { v1(0) } (v1,...),
   subject       Name,
   subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
-  attributes    [0] Attributes{{ CRIAttributes }} }
+  attributes    [0] Attributes {{ CRIAttributes }} }


-CAUTION: +NOTE1: Argument "params" JSON value format have been changed without -backward compatibility since jsrsasign 9.0.0 asn1csr 2.0.0. +backward compatibility since jsrsasign 9.0.0 asn1csr 2.0.0.
+NOTE2: +From jsrsasign 10.5.27, "attrs" member in the constructor argument +object have been supported to support more Attributes type. +Currently following Attribute types are supported: + @@ -635,6 +646,20 @@

extreq: [ {extname:"subjectAltName", array:[{dns:"example.com"}]} ]}); +csri.tohex() → "30..." + +// From jsrsasign 10.5.27, "attrs" supported +csri = new KJUR.asn1.csr.CertificationRequestInfo({ + subject: {str: '/C=US/CN=b'}, + sbjpubkey: <>, + attrs: [ + {attr: "challengePassword", password: "secret"}, + {attr: "unstructuredName", names: [{utf8str:"aaa"},{ia5str:"bbb"}]}, + {attr: "extensionRequest", ext: [ + {extname: "basicConstraints", cA: true}, + {extname: "subjectKeyIdentifier", kid: "1a2b..."} + ]} + ]}); csri.tohex() → "30..." @@ -668,6 +693,8 @@

KJUR.asn1.csr.CertificationRequest
+
KJUR.asn1.x509.Extensions
+ diff --git a/api/symbols/src/asn1cades-1.0.js.html b/api/symbols/src/asn1cades-1.0.js.html index 9eee3c6b..a0975b6e 100644 --- a/api/symbols/src/asn1cades-1.0.js.html +++ b/api/symbols/src/asn1cades-1.0.js.html @@ -258,7 +258,7 @@ 251 if (params != undefined) this.setByParam(params); 252 }; 253 extendClass(KJUR.asn1.cades.SignaturePolicyIdentifier, -254 KJUR.asn1.cms.Attribute); +254 KJUR.asn1.cms.Attribute); 255 256 /** 257 * RFC 5126 CAdES SignaturePolicyId ASN.1 structure class<br/> @@ -564,7 +564,7 @@ 557 if (params != null) this.setByParam(params); 558 }; 559 extendClass(KJUR.asn1.cades.SignatureTimeStamp, -560 KJUR.asn1.cms.Attribute); +560 KJUR.asn1.cms.Attribute); 561 562 /** 563 * class for RFC 5126 CAdES CompleteCertificateRefs attribute<br/> @@ -645,7 +645,7 @@ 638 if (params != undefined) this.setByParam(params); 639 }; 640 extendClass(KJUR.asn1.cades.CompleteCertificateRefs, -641 KJUR.asn1.cms.Attribute); +641 KJUR.asn1.cms.Attribute); 642 643 /** 644 * class for OtherCertID ASN.1 object diff --git a/api/symbols/src/asn1cms-1.0.js.html b/api/symbols/src/asn1cms-1.0.js.html index 0c50d210..b24e7e6b 100644 --- a/api/symbols/src/asn1cms-1.0.js.html +++ b/api/symbols/src/asn1cms-1.0.js.html @@ -97,7 +97,7 @@ 90 * This is an abstract class for CMS attribute 91 * ASN.1 encoder as defined in 92 * <a href="https://tools.ietf.org/html/rfc5652#section-5.3"> - 93 * RFC 5652 CMS 5.3 SignerInfo. + 93 * RFC 5652 CMS 5.3 SignerInfo</a>. 94 * <pre> 95 * Attributes ::= SET OF Attribute 96 * Attribute ::= SEQUENCE { diff --git a/api/symbols/src/asn1csr-1.0.js.html b/api/symbols/src/asn1csr-1.0.js.html index 3cd04509..93f5e99c 100644 --- a/api/symbols/src/asn1csr-1.0.js.html +++ b/api/symbols/src/asn1csr-1.0.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
  1 /* asn1csr-2.0.6.js (c) 2015-2022 Kenji Urushima | kjur.github.io/jsrsasign/license
+	
  1 /* asn1csr-2.0.7.js (c) 2015-2022 Kenji Urushima | kjur.github.io/jsrsasign/license
   2  */
   3 /*
   4  * asn1csr.js - ASN.1 DER encoder classes for PKCS#10 CSR
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1csr-1.0.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 10.5.26 asn1csr 2.0.6 (2022-Jul-14)
+ 19  * @version jsrsasign 10.5.27 asn1csr 2.0.7 (2022-Aug-19)
  20  * @since jsrsasign 4.9.0
  21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -226,328 +226,392 @@
 219  * @extends KJUR.asn1.ASN1Object
 220  * @since jsrsasign 4.9.0 asn1csr 1.0.0
 221  * @see KJUR.asn1.csr.CertificationRequest
-222  * @description
-223  * This class provides CertificateRequestInfo ASN.1 structure
-224  * defined in 
-225  * <a href="https://tools.ietf.org/html/rfc2986#page-5">
-226  * RFC 2986 4.1</a>.
-227  * <pre>
-228  * CertificationRequestInfo ::= SEQUENCE {
-229  *   version       INTEGER { v1(0) } (v1,...),
-230  *   subject       Name,
-231  *   subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
-232  *   attributes    [0] Attributes{{ CRIAttributes }} }
-233  * </pre>
-234  * <br/>
+222  * @see KJUR.asn1.x509.Extensions
+223  * @description
+224  * This class provides CertificateRequestInfo ASN.1 structure
+225  * defined in 
+226  * <a href="https://tools.ietf.org/html/rfc2986#page-5">
+227  * RFC 2986 4.1</a>.
+228  * <pre>
+229  * CertificationRequestInfo ::= SEQUENCE {
+230  *   version       INTEGER { v1(0) } (v1,...),
+231  *   subject       Name,
+232  *   subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
+233  *   attributes    [0] Attributes {{ CRIAttributes }} }
+234  * </pre>
 235  * <br/>
-236  * CAUTION: 
-237  * Argument "params" JSON value format have been changed without 
-238  * backward compatibility since jsrsasign 9.0.0 asn1csr 2.0.0.
-239  *
-240  * @example
-241  * csri = new KJUR.asn1.csr.CertificationRequestInfo({
-242  *   subject: {str: '/C=US/CN=b'},
-243  *   sbjpubkey: <<PUBLIC KEY PEM>>,
-244  *   extreq: [
-245  *     {extname:"subjectAltName", array:[{dns:"example.com"}]}
-246  *   ]});
-247  * csri.tohex() → "30..."
-248  */
-249 KJUR.asn1.csr.CertificationRequestInfo = function(params) {
-250     var _KJUR = KJUR,
-251 	_KJUR_asn1 = _KJUR.asn1,
-252 	_DERBitString = _KJUR_asn1.DERBitString,
-253 	_DERSequence = _KJUR_asn1.DERSequence,
-254 	_DERInteger = _KJUR_asn1.DERInteger,
-255 	_DERUTF8String = _KJUR_asn1.DERUTF8String,
-256 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
-257 	_newObject = _KJUR_asn1.ASN1Util.newObject,
-258 	_KJUR_asn1_csr = _KJUR_asn1.csr,
-259 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
-260 	_X500Name = _KJUR_asn1_x509.X500Name,
-261 	_Extensions = _KJUR_asn1_x509.Extensions,
-262 	_SubjectPublicKeyInfo = _KJUR_asn1_x509.SubjectPublicKeyInfo;
-263     
-264     _KJUR_asn1_csr.CertificationRequestInfo.superclass.constructor.call(this);
-265 
-266     this.params = null;
-267 
-268     this.setByParam = function(params) {
-269 	if (params != undefined) this.params = params;
-270     };
-271 
-272     this.tohex = function() {
-273 	var params = this.params;
-274 	var a = [];
-275 	a.push(new _DERInteger({'int': 0})); // version
-276 	a.push(new _X500Name(params.subject));
-277 	a.push(new _SubjectPublicKeyInfo(KEYUTIL.getKey(params.sbjpubkey)));
-278 	if (params.extreq != undefined) {
-279 	    var extseq = new _Extensions(params.extreq);
-280 	    var tagobj = _newObject({
-281 		tag: {
-282 		    tag:'a0',
-283 		    explict:true,
-284 		    obj:{seq: [{oid: "1.2.840.113549.1.9.14"},
-285 			       {set: [extseq]}]}
-286 		}
-287 	    });
-288 	    a.push(tagobj);
-289 	} else {
-290 	    a.push(new _DERTaggedObject({tag:"a0",
-291 					 explicit:false,
-292 					 obj:new _DERUTF8String({str:''})}));
-293 	}
-294 	var seq = new _DERSequence({array: a});
-295 	return seq.tohex();
-296     };
-297     this.getEncodedHex = function() { return this.tohex(); };
+236  * <br/>
+237  * NOTE1: 
+238  * Argument "params" JSON value format have been changed without 
+239  * backward compatibility since jsrsasign 9.0.0 asn1csr 2.0.0.<br/>
+240  * NOTE2:
+241  * From jsrsasign 10.5.27, "attrs" member in the constructor argument
+242  * object have been supported to support more Attributes type.
+243  * Currently following Attribute types are supported:
+244  * <ul>
+245  * <li>challengePassword</li>
+246  * <li>unstructuredName - member "names" will be array of 
+247  * DirectoryStrings. (ex. [{prnstr: "aaa"},{utf8str: "bbb"}]</li>
+248  * <li>extensionRequest - any {@link KJUR.asn1.x509.Extensions} 
+249  * constructor argument can be specified for "ext" member value.</li>
+250  * </ul>
+251  *
+252  * @example
+253  * csri = new KJUR.asn1.csr.CertificationRequestInfo({
+254  *   subject: {str: '/C=US/CN=b'},
+255  *   sbjpubkey: <<PUBLIC KEY PEM>>,
+256  *   extreq: [
+257  *     {extname:"subjectAltName", array:[{dns:"example.com"}]}
+258  *   ]});
+259  * csri.tohex() → "30..."
+260  *
+261  * // From jsrsasign 10.5.27, "attrs" supported
+262  * csri = new KJUR.asn1.csr.CertificationRequestInfo({
+263  *   subject: {str: '/C=US/CN=b'},
+264  *   sbjpubkey: <<PUBLIC KEY PEM>>,
+265  *   attrs: [
+266  *     {attr: "challengePassword", password: "secret"},
+267  *     {attr: "unstructuredName", names: [{utf8str:"aaa"},{ia5str:"bbb"}]},
+268  *     {attr: "extensionRequest", ext: [
+269  *       {extname: "basicConstraints", cA: true},
+270  *       {extname: "subjectKeyIdentifier", kid: "1a2b..."}
+271  *     ]}
+272  *   ]});
+273  * csri.tohex() → "30..."
+274  */
+275 KJUR.asn1.csr.CertificationRequestInfo = function(params) {
+276     var _KJUR = KJUR,
+277 	_KJUR_asn1 = _KJUR.asn1,
+278 	_DERBitString = _KJUR_asn1.DERBitString,
+279 	_DERSequence = _KJUR_asn1.DERSequence,
+280 	_DERInteger = _KJUR_asn1.DERInteger,
+281 	_DERUTF8String = _KJUR_asn1.DERUTF8String,
+282 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
+283 	_newObject = _KJUR_asn1.ASN1Util.newObject,
+284 	_KJUR_asn1_csr = _KJUR_asn1.csr,
+285 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
+286 	_X500Name = _KJUR_asn1_x509.X500Name,
+287 	_Extensions = _KJUR_asn1_x509.Extensions,
+288 	_SubjectPublicKeyInfo = _KJUR_asn1_x509.SubjectPublicKeyInfo,
+289 	_AttributeList = _KJUR_asn1_csr.AttributeList;
+290     
+291     _KJUR_asn1_csr.CertificationRequestInfo.superclass.constructor.call(this);
+292 
+293     this.params = null;
+294 
+295     this.setByParam = function(params) {
+296 	if (params != undefined) this.params = params;
+297     };
 298 
-299     if (params != undefined) this.setByParam(params);
-300 };
-301 
-302 extendClass(KJUR.asn1.csr.CertificationRequestInfo, KJUR.asn1.ASN1Object);
-303 
-304 /**
-305  * Certification Request (CSR/PKCS#10) utilities class<br/>
-306  * @name KJUR.asn1.csr.CSRUtil
-307  * @class Certification Request (CSR/PKCS#10) utilities class
-308  * @description
-309  * This class provides utility static methods for CSR/PKCS#10.
-310  * Here is a list of methods:
-311  * <ul>
-312  * <li>{@link KJUR.asn1.csr.CSRUtil.newCSRPEM} (DEPRECATED)</li>
-313  * <li>{@link KJUR.asn1.csr.CSRUtil.getParam}</li>
-314  * </ul>
-315  * <br/>
-316  */
-317 KJUR.asn1.csr.CSRUtil = new function() {
-318 };
-319 
-320 /**
-321  * generate a PEM format of CSR/PKCS#10 certificate signing request (DEPRECATED)<br/>
-322  * @name newCSRPEM
-323  * @memberOf KJUR.asn1.csr.CSRUtil
-324  * @function
-325  * @param {Array} param parameter to generate CSR
-326  * @since jsrsasign 4.9.0 asn1csr 1.0.0
-327  * @deprecated since jsrsasign 9.0.0 asn1csr 2.0.0. please use {@link KJUR.asn1.csr.CertificationRequest} constructor.
-328  * @description
-329  * This method can generate a CSR certificate signing.
-330  * 
-331  * @example
-332  * // 1) by key object
-333  * pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
-334  *   subject: {str: '/C=US/O=Test/CN=example.com'},
-335  *   sbjpubkey: pubKeyObj,
-336  *   sigalg: "SHA256withRSA",
-337  *   sbjprvkey: prvKeyObj,
-338  *   extreq: [{
-339  *     extname: "subjectAltName",
-340  *     array: [{dns:"example.com"}]
-341  *   }]
-342  * });
-343  *
-344  * // 2) by private/public key PEM 
-345  * pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
-346  *   subject: {str: '/C=US/O=Test/CN=example.com'},
-347  *   sbjpubkey: pubKeyPEM,
-348  *   sigalg: "SHA256withRSA",
-349  *   sbjprvkey: prvKeyPEM
-350  * });
-351  *
-352  * // 3) with generateKeypair
-353  * kp = KEYUTIL.generateKeypair("RSA", 2048);
-354  * pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
-355  *   subject: {str: '/C=US/O=Test/CN=example.com'},
-356  *   sbjpubkey: kp.pubKeyObj,
-357  *   sigalg: "SHA256withRSA",
-358  *   sbjprvkey: kp.prvKeyObj
-359  * });
-360  *
-361  * // 4) by private/public key PEM with extension
-362  * pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
-363  *   subject: {str: '/C=US/O=Test/CN=example.com'},
-364  *   ext: [
-365  *     {subjectAltName: {array: [{dns: 'example.net'}]}}
-366  *   ],
-367  *   sbjpubkey: pubKeyPEM,
-368  *   sigalg: "SHA256withRSA",
-369  *   sbjprvkey: prvKeyPEM
-370  * });
-371  */
-372 KJUR.asn1.csr.CSRUtil.newCSRPEM = function(param) {
-373     var _KEYUTIL = KEYUTIL,
-374 	_KJUR_asn1_csr = KJUR.asn1.csr;
-375 
-376     var csr = new _KJUR_asn1_csr.CertificationRequest(param);
-377     var pem = csr.getPEM();
-378     return pem;
-379 };
-380 
-381 /**
-382  * get field values from CSR/PKCS#10 PEM string<br/>
-383  * @name getParam
-384  * @memberOf KJUR.asn1.csr.CSRUtil
-385  * @function
-386  * @param {string} sPEM PEM string of CSR/PKCS#10
-387  * @param {boolean} flagTBS result object also concludes CertificationRequestInfo (OPTION, DEFAULT=false)
-388  * @returns {Array} JSON object with parsed parameters such as name or public key
-389  * @since jsrsasign 9.0.0 asn1csr 2.0.0
-390  * @see KJUR.asn1.csr.CertificationRequest
-391  * @see KJUR.asn1.csr.CertificationRequestInfo
-392  * @see KJUR.asn1.x509.X500Name
-393  * @see X509#getExtParamArray
-394  * @description
-395  * This method parses PEM CSR/PKCS#1 string and retrieves
-396  * fields such as subject name and public key. 
-397  * Following parameters are available in the
-398  * resulted JSON object.
-399  * <ul>
-400  * <li>{X500Name}subject - subject name parameters </li>
-401  * <li>{String}sbjpubkey - PEM string of subject public key</li>
-402  * <li>{Array}extreq - array of extensionRequest parameters</li>
-403  * <li>{String}sigalg - name of signature algorithm field</li>
-404  * <li>{String}sighex - hexadecimal string of signature value</li>
-405  * <li>{String}tbs - a hexadecimal string of CertificationRequestInfo as to be signed(OPTION)</li>
-406  * </ul>
-407  * Returned JSON object can be passed to 
-408  * {@link KJUR.asn1.csr.CertificationRequest} class constructor.
-409  * <br/>
-410  * CAUTION: 
-411  * Returned JSON value format have been changed without 
-412  * backward compatibility since jsrsasign 9.0.0 asn1csr 2.0.0.
-413  * <br/>
-414  * NOTE:
-415  * The "flagTBS" supported since jsrsasign 10.5.26.
-416  *
-417  * @example
-418  * KJUR.asn1.csr.CSRUtil.getParam("-----BEGIN CERTIFICATE REQUEST...") →
-419  * {
-420  *   subject: { array:[[{type:"C",value:"JP",ds:"prn"}],...],
-421  *              str: "/C=JP/O=Test"},
-422  *   sbjpubkey: "-----BEGIN PUBLIC KEY...",
-423  *   extreq: [{extname:"subjectAltName",array:[{dns:"example.com"}]}]
-424  *   sigalg: "SHA256withRSA",
-425  *   sighex: "1ab3df.."
-426  * }
-427  *
-428  * KJUR.asn1.csr.CSRUtil.getParam("-----BEGIN CERTIFICATE REQUEST...", true) →
-429  * result will also have a member "tbs" in the object.
-430  */
-431 KJUR.asn1.csr.CSRUtil.getParam = function(sPEM, flagTBS) {
-432     var _ASN1HEX = ASN1HEX,
-433 	_getV = _ASN1HEX.getV,
-434 	_getIdxbyList = _ASN1HEX.getIdxbyList,
-435 	_getTLVbyList = _ASN1HEX.getTLVbyList,
-436 	_getTLVbyListEx = _ASN1HEX.getTLVbyListEx,
-437 	_getVbyListEx = _ASN1HEX.getVbyListEx;
-438 
-439     /*
-440      * get a hexadecimal string of sequence of extension request attribute value
-441      * @param {String} h hexadecimal string of whole CSR
-442      * @return {String} hexadecimal string of SEQUENCE of extension request attribute value
-443      */
-444     var _getExtReqSeqHex = function(h) {
-445 	var idx1 = _getIdxbyList(h, 0, [0, 3, 0, 0], "06"); // extreq attr OID idx
-446 	if (_getV(h, idx1) != "2a864886f70d01090e") {
-447 	    return null;
-448 	}
-449 
-450 	return _getTLVbyList(h, 0, [0, 3, 0, 1, 0], "30"); // ext seq idx
-451     };
-452 
-453     var result = {};
-454 
-455     if (sPEM.indexOf("-----BEGIN CERTIFICATE REQUEST") == -1)
-456 	throw new Error("argument is not PEM file");
-457 
-458     var hex = pemtohex(sPEM, "CERTIFICATE REQUEST");
-459 
-460     if (flagTBS) {
-461 	result.tbs = _getTLVbyList(hex, 0, [0]);
-462     }
-463 
-464     try {
-465 	var hSubject = _getTLVbyListEx(hex, 0, [0, 1]);
-466 	if (hSubject == "3000") {
-467 	    result.subject = {};
-468 	} else {
-469 	    var x = new X509();
-470 	    result.subject = x.getX500Name(hSubject);
-471 	}
-472     } catch (ex) {};
-473 
-474     var hPubKey = _getTLVbyListEx(hex, 0, [0, 2]);
-475     var pubkeyobj = KEYUTIL.getKey(hPubKey, null, "pkcs8pub");
-476     result.sbjpubkey = KEYUTIL.getPEM(pubkeyobj, "PKCS8PUB");
-477 
-478     var hExtReqSeq = _getExtReqSeqHex(hex);
-479     var x = new X509();
-480     if (hExtReqSeq != null) {
-481 	result.extreq = x.getExtParamArray(hExtReqSeq);
-482     }
-483 
-484     try {
-485 	var hSigAlg = _getTLVbyListEx(hex, 0, [1], "30");
-486 	var x = new X509();
-487 	result.sigalg = x.getAlgorithmIdentifierName(hSigAlg);
-488     } catch (ex) {};
-489 
-490     try {
-491 	var hSig = _getVbyListEx(hex, 0, [2]);
-492 	result.sighex = hSig;
-493     } catch (ex) {};
-494 
-495     return result;
-496 };
-497 
-498 /**
-499  * verify self-signed CSR/PKCS#10 signature<br/>
-500  * @name verifySignature
-501  * @memberOf KJUR.asn1.csr.CSRUtil
-502  * @function
-503  * @param {object} csr PEM CSR string or parsed JSON object of CSR
-504  * @returns {boolean} true if self-signed signature is valid otherwise false
-505  * @since jsrsasign 10.5.26 asn1csr 2.0.6
-506  * @see KJUR.asn1.csr.CertificationRequest
-507  * @see KJUR.asn1.csr.CertificationRequestInfo
-508  * @see KJUR.asn1.csr.CSRUtil#getParam
-509  * @description
-510  * This method verifies self-signed signature of CSR/PKCS#10
-511  * with its public key which is concluded in the CSR.
-512  *
-513  * @example
-514  * KJUR.asn1.csr.CSRUtil.verifySignatrue("-----BEGIN CERTIFICATE REQUEST...") → true or false
-515  * 
-516  * p = KJUR.asn1.csr.CSRUtil.getParam("-----BEGIN CERTIFICATE REQUEST-----", true); // with tbs
-517  * KJUR.asn1.csr.CSRUtil.verifySignatrue(p) → true or false
-518  */
-519 KJUR.asn1.csr.CSRUtil.verifySignature = function(csr) {
-520     try {
-521 	var pCSR = null;
-522 	if (typeof csr == "string" &&
-523 	    csr.indexOf("-----BEGIN CERTIFICATE REQUEST") != -1) {
-524 	    pCSR = KJUR.asn1.csr.CSRUtil.getParam(csr, true);
-525 	} else if (typeof csr == "object" &&
-526 		   csr.sbjpubkey != undefined &&
-527 		   csr.sigalg != undefined &&
-528 		   csr.sighex != undefined &&
-529 		   csr.tbs != undefined) {
-530 	    pCSR = csr;
-531 	}
-532 	if (pCSR == null) return false;
-533 
-534 	// verify self-signed signature
-535 	var sig = new KJUR.crypto.Signature({alg: pCSR.sigalg});
-536 	sig.init(pCSR.sbjpubkey);
-537 	sig.updateHex(pCSR.tbs);
-538 	return sig.verify(pCSR.sighex);
-539     } catch(ex) {
-540 	alert(ex);
-541 	return false;
-542     }
-543 };
-544 
-545 
-546 

\ No newline at end of file
+299     this.tohex = function() {
+300 	var params = this.params;
+301 	var a = [];
+302 	a.push(new _DERInteger({'int': 0})); // version
+303 	a.push(new _X500Name(params.subject));
+304 	a.push(new _SubjectPublicKeyInfo(KEYUTIL.getKey(params.sbjpubkey)));
+305 	if (params.attrs != undefined) {
+306 	    var asn1Param = _conv(params.attrs);
+307 	    var tagobj = _newObject({tag: {tage: "a0", obj: asn1Param}});
+308 	    a.push(tagobj);
+309 	} else if (params.extreq != undefined) {
+310 	    var extseq = new _Extensions(params.extreq);
+311 	    var tagobj = _newObject({
+312 		tag: {
+313 		    tage:'a0',
+314 		    obj:{seq: [{oid: "1.2.840.113549.1.9.14"},
+315 			       {set: [extseq]}]}
+316 		}
+317 	    });
+318 	    a.push(tagobj);
+319 	} else {
+320 	    a.push(new _DERTaggedObject({tag:"a0",
+321 					 explicit:false,
+322 					 obj:new _DERUTF8String({str:''})}));
+323 	}
+324 	var seq = new _DERSequence({array: a});
+325 	return seq.tohex();
+326     };
+327     this.getEncodedHex = function() { return this.tohex(); };
+328 
+329     /*
+330      * converter from attrs member value to newObject acceptable data
+331      */
+332     function _conv(aAttrParam) {
+333 	var _Error = Error,
+334 	    _Extensions = KJUR.asn1.x509.Extensions;
+335 	var a = [];
+336 	for (var i = 0; i < aAttrParam.length; i++) {
+337 	    var pAttr = aAttrParam[i];
+338 	    var attrName = pAttr.attr;
+339 	    if (attrName == "extensionRequest") {
+340 		var oExt = new _Extensions(pAttr.ext);
+341 		var p = {seq: [{oid: "1.2.840.113549.1.9.14"},{set: [oExt]}]};
+342 		a.push(p);
+343 	    } else if (attrName == "unstructuredName") {
+344 		var p = {seq: [{oid: "1.2.840.113549.1.9.2"},{set: pAttr.names}]};
+345 		a.push(p);
+346 	    } else if (attrName == "challengePassword") {
+347 		var p = {seq: [{oid: "1.2.840.113549.1.9.7"},
+348 			       {set: [{utf8str: pAttr.password}]}]};
+349 		a.push(p);
+350 	    } else {
+351 		throw new _Error("unknown CSR attribute");
+352 	    }
+353 	}
+354 	return {set: a};
+355     }
+356 
+357     if (params != undefined) this.setByParam(params);
+358 };
+359 extendClass(KJUR.asn1.csr.CertificationRequestInfo, KJUR.asn1.ASN1Object);
+360 
+361 KJUR.asn1.csr.AttributeList = function(aParam) {
+362     function _paramToASN1Param(aParam) {
+363     }
+364 };
+365 extendClass(KJUR.asn1.csr.AttributeList, KJUR.asn1.ASN1Object);
+366 
+367 
+368 /**
+369  * Certification Request (CSR/PKCS#10) utilities class<br/>
+370  * @name KJUR.asn1.csr.CSRUtil
+371  * @class Certification Request (CSR/PKCS#10) utilities class
+372  * @description
+373  * This class provides utility static methods for CSR/PKCS#10.
+374  * Here is a list of methods:
+375  * <ul>
+376  * <li>{@link KJUR.asn1.csr.CSRUtil.newCSRPEM} (DEPRECATED)</li>
+377  * <li>{@link KJUR.asn1.csr.CSRUtil.getParam}</li>
+378  * </ul>
+379  * <br/>
+380  */
+381 KJUR.asn1.csr.CSRUtil = new function() {
+382 };
+383 
+384 /**
+385  * generate a PEM format of CSR/PKCS#10 certificate signing request (DEPRECATED)<br/>
+386  * @name newCSRPEM
+387  * @memberOf KJUR.asn1.csr.CSRUtil
+388  * @function
+389  * @param {Array} param parameter to generate CSR
+390  * @since jsrsasign 4.9.0 asn1csr 1.0.0
+391  * @deprecated since jsrsasign 9.0.0 asn1csr 2.0.0. please use {@link KJUR.asn1.csr.CertificationRequest} constructor.
+392  * @description
+393  * This method can generate a CSR certificate signing.
+394  * 
+395  * @example
+396  * // 1) by key object
+397  * pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
+398  *   subject: {str: '/C=US/O=Test/CN=example.com'},
+399  *   sbjpubkey: pubKeyObj,
+400  *   sigalg: "SHA256withRSA",
+401  *   sbjprvkey: prvKeyObj,
+402  *   extreq: [{
+403  *     extname: "subjectAltName",
+404  *     array: [{dns:"example.com"}]
+405  *   }]
+406  * });
+407  *
+408  * // 2) by private/public key PEM 
+409  * pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
+410  *   subject: {str: '/C=US/O=Test/CN=example.com'},
+411  *   sbjpubkey: pubKeyPEM,
+412  *   sigalg: "SHA256withRSA",
+413  *   sbjprvkey: prvKeyPEM
+414  * });
+415  *
+416  * // 3) with generateKeypair
+417  * kp = KEYUTIL.generateKeypair("RSA", 2048);
+418  * pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
+419  *   subject: {str: '/C=US/O=Test/CN=example.com'},
+420  *   sbjpubkey: kp.pubKeyObj,
+421  *   sigalg: "SHA256withRSA",
+422  *   sbjprvkey: kp.prvKeyObj
+423  * });
+424  *
+425  * // 4) by private/public key PEM with extension
+426  * pem = KJUR.asn1.csr.CSRUtil.newCSRPEM({
+427  *   subject: {str: '/C=US/O=Test/CN=example.com'},
+428  *   ext: [
+429  *     {subjectAltName: {array: [{dns: 'example.net'}]}}
+430  *   ],
+431  *   sbjpubkey: pubKeyPEM,
+432  *   sigalg: "SHA256withRSA",
+433  *   sbjprvkey: prvKeyPEM
+434  * });
+435  */
+436 KJUR.asn1.csr.CSRUtil.newCSRPEM = function(param) {
+437     var _KEYUTIL = KEYUTIL,
+438 	_KJUR_asn1_csr = KJUR.asn1.csr;
+439 
+440     var csr = new _KJUR_asn1_csr.CertificationRequest(param);
+441     var pem = csr.getPEM();
+442     return pem;
+443 };
+444 
+445 /**
+446  * get field values from CSR/PKCS#10 PEM string<br/>
+447  * @name getParam
+448  * @memberOf KJUR.asn1.csr.CSRUtil
+449  * @function
+450  * @param {string} sPEM PEM string of CSR/PKCS#10
+451  * @param {boolean} flagTBS result object also concludes CertificationRequestInfo (OPTION, DEFAULT=false)
+452  * @returns {Array} JSON object with parsed parameters such as name or public key
+453  * @since jsrsasign 9.0.0 asn1csr 2.0.0
+454  * @see KJUR.asn1.csr.CertificationRequest
+455  * @see KJUR.asn1.csr.CertificationRequestInfo
+456  * @see KJUR.asn1.x509.X500Name
+457  * @see X509#getExtParamArray
+458  * @description
+459  * This method parses PEM CSR/PKCS#1 string and retrieves
+460  * fields such as subject name and public key. 
+461  * Following parameters are available in the
+462  * resulted JSON object.
+463  * <ul>
+464  * <li>{X500Name}subject - subject name parameters </li>
+465  * <li>{String}sbjpubkey - PEM string of subject public key</li>
+466  * <li>{Array}extreq - array of extensionRequest parameters</li>
+467  * <li>{String}sigalg - name of signature algorithm field</li>
+468  * <li>{String}sighex - hexadecimal string of signature value</li>
+469  * <li>{String}tbs - a hexadecimal string of CertificationRequestInfo as to be signed(OPTION)</li>
+470  * </ul>
+471  * Returned JSON object can be passed to 
+472  * {@link KJUR.asn1.csr.CertificationRequest} class constructor.
+473  * <br/>
+474  * CAUTION: 
+475  * Returned JSON value format have been changed without 
+476  * backward compatibility since jsrsasign 9.0.0 asn1csr 2.0.0.
+477  * <br/>
+478  * NOTE:
+479  * The "flagTBS" supported since jsrsasign 10.5.26.
+480  *
+481  * @example
+482  * KJUR.asn1.csr.CSRUtil.getParam("-----BEGIN CERTIFICATE REQUEST...") →
+483  * {
+484  *   subject: { array:[[{type:"C",value:"JP",ds:"prn"}],...],
+485  *              str: "/C=JP/O=Test"},
+486  *   sbjpubkey: "-----BEGIN PUBLIC KEY...",
+487  *   extreq: [{extname:"subjectAltName",array:[{dns:"example.com"}]}]
+488  *   sigalg: "SHA256withRSA",
+489  *   sighex: "1ab3df.."
+490  * }
+491  *
+492  * KJUR.asn1.csr.CSRUtil.getParam("-----BEGIN CERTIFICATE REQUEST...", true) →
+493  * result will also have a member "tbs" in the object.
+494  */
+495 KJUR.asn1.csr.CSRUtil.getParam = function(sPEM, flagTBS) {
+496     var _ASN1HEX = ASN1HEX,
+497 	_getV = _ASN1HEX.getV,
+498 	_getIdxbyList = _ASN1HEX.getIdxbyList,
+499 	_getTLVbyList = _ASN1HEX.getTLVbyList,
+500 	_getTLVbyListEx = _ASN1HEX.getTLVbyListEx,
+501 	_getVbyListEx = _ASN1HEX.getVbyListEx;
+502 
+503     /*
+504      * get a hexadecimal string of sequence of extension request attribute value
+505      * @param {String} h hexadecimal string of whole CSR
+506      * @return {String} hexadecimal string of SEQUENCE of extension request attribute value
+507      */
+508     var _getExtReqSeqHex = function(h) {
+509 	var idx1 = _getIdxbyList(h, 0, [0, 3, 0, 0], "06"); // extreq attr OID idx
+510 	if (_getV(h, idx1) != "2a864886f70d01090e") {
+511 	    return null;
+512 	}
+513 
+514 	return _getTLVbyList(h, 0, [0, 3, 0, 1, 0], "30"); // ext seq idx
+515     };
+516 
+517     var result = {};
+518 
+519     if (sPEM.indexOf("-----BEGIN CERTIFICATE REQUEST") == -1)
+520 	throw new Error("argument is not PEM file");
+521 
+522     var hex = pemtohex(sPEM, "CERTIFICATE REQUEST");
+523 
+524     if (flagTBS) {
+525 	result.tbs = _getTLVbyList(hex, 0, [0]);
+526     }
+527 
+528     try {
+529 	var hSubject = _getTLVbyListEx(hex, 0, [0, 1]);
+530 	if (hSubject == "3000") {
+531 	    result.subject = {};
+532 	} else {
+533 	    var x = new X509();
+534 	    result.subject = x.getX500Name(hSubject);
+535 	}
+536     } catch (ex) {};
+537 
+538     var hPubKey = _getTLVbyListEx(hex, 0, [0, 2]);
+539     var pubkeyobj = KEYUTIL.getKey(hPubKey, null, "pkcs8pub");
+540     result.sbjpubkey = KEYUTIL.getPEM(pubkeyobj, "PKCS8PUB");
+541 
+542     var hExtReqSeq = _getExtReqSeqHex(hex);
+543     var x = new X509();
+544     if (hExtReqSeq != null) {
+545 	result.extreq = x.getExtParamArray(hExtReqSeq);
+546     }
+547 
+548     try {
+549 	var hSigAlg = _getTLVbyListEx(hex, 0, [1], "30");
+550 	var x = new X509();
+551 	result.sigalg = x.getAlgorithmIdentifierName(hSigAlg);
+552     } catch (ex) {};
+553 
+554     try {
+555 	var hSig = _getVbyListEx(hex, 0, [2]);
+556 	result.sighex = hSig;
+557     } catch (ex) {};
+558 
+559     return result;
+560 };
+561 
+562 /**
+563  * verify self-signed CSR/PKCS#10 signature<br/>
+564  * @name verifySignature
+565  * @memberOf KJUR.asn1.csr.CSRUtil
+566  * @function
+567  * @param {object} csr PEM CSR string or parsed JSON object of CSR
+568  * @returns {boolean} true if self-signed signature is valid otherwise false
+569  * @since jsrsasign 10.5.26 asn1csr 2.0.6
+570  * @see KJUR.asn1.csr.CertificationRequest
+571  * @see KJUR.asn1.csr.CertificationRequestInfo
+572  * @see KJUR.asn1.csr.CSRUtil#getParam
+573  * @description
+574  * This method verifies self-signed signature of CSR/PKCS#10
+575  * with its public key which is concluded in the CSR.
+576  *
+577  * @example
+578  * KJUR.asn1.csr.CSRUtil.verifySignatrue("-----BEGIN CERTIFICATE REQUEST...") → true or false
+579  * 
+580  * p = KJUR.asn1.csr.CSRUtil.getParam("-----BEGIN CERTIFICATE REQUEST-----", true); // with tbs
+581  * KJUR.asn1.csr.CSRUtil.verifySignatrue(p) → true or false
+582  */
+583 KJUR.asn1.csr.CSRUtil.verifySignature = function(csr) {
+584     try {
+585 	var pCSR = null;
+586 	if (typeof csr == "string" &&
+587 	    csr.indexOf("-----BEGIN CERTIFICATE REQUEST") != -1) {
+588 	    pCSR = KJUR.asn1.csr.CSRUtil.getParam(csr, true);
+589 	} else if (typeof csr == "object" &&
+590 		   csr.sbjpubkey != undefined &&
+591 		   csr.sigalg != undefined &&
+592 		   csr.sighex != undefined &&
+593 		   csr.tbs != undefined) {
+594 	    pCSR = csr;
+595 	}
+596 	if (pCSR == null) return false;
+597 
+598 	// verify self-signed signature
+599 	var sig = new KJUR.crypto.Signature({alg: pCSR.sigalg});
+600 	sig.init(pCSR.sbjpubkey);
+601 	sig.updateHex(pCSR.tbs);
+602 	return sig.verify(pCSR.sighex);
+603     } catch(ex) {
+604 	alert(ex);
+605 	return false;
+606     }
+607 };
+608 
+609 
+610
\ No newline at end of file diff --git a/bower.json b/bower.json index 634089e2..08132934 100644 --- a/bower.json +++ b/bower.json @@ -1,6 +1,6 @@ { "name": "kjur-jsrsasign", - "version": "10.5.26", + "version": "10.5.27", "main": "jsrsasign-all-min.js", "description": "The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES, JWS and JWT in pure JavaScript.", "license": "MIT", diff --git a/jsrsasign-all-min.js b/jsrsasign-all-min.js index 3fff1ae9..004b6276 100644 --- a/jsrsasign-all-min.js +++ b/jsrsasign-all-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(all) 10.5.26 (2022-07-14) (c) 2010-2022 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(all) 10.5.27 (2022-08-19) (c) 2010-2022 Kenji Urushima | kjur.github.io/jsrsasign/license */ /*! CryptoJS v3.1.2 core-fix.js @@ -223,7 +223,7 @@ if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!K if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}if(typeof KJUR.asn1.cms=="undefined"||!KJUR.asn1.cms){KJUR.asn1.cms={}}KJUR.asn1.cms.Attribute=function(f){var e=Error,d=KJUR,c=d.asn1,b=c.DERSequence,a=c.DERSet,g=c.DERObjectIdentifier;this.params=null;this.typeOid=null;this.setByParam=function(h){this.params=h};this.getValueArray=function(){throw new e("not yet implemented abstract")};this.tohex=function(){var j=new g({oid:this.typeOid});var h=new a({array:this.getValueArray()});var i=new b({array:[j,h]});return i.tohex()};this.getEncodedHex=function(){return this.tohex()}};extendClass(KJUR.asn1.cms.Attribute,KJUR.asn1.ASN1Object);KJUR.asn1.cms.ContentType=function(c){var b=KJUR,a=b.asn1;a.cms.ContentType.superclass.constructor.call(this);this.typeOid="1.2.840.113549.1.9.3";this.getValueArray=function(){var d=new a.DERObjectIdentifier(this.params.type);return[d]};if(c!=undefined){this.setByParam(c)}};extendClass(KJUR.asn1.cms.ContentType,KJUR.asn1.cms.Attribute);KJUR.asn1.cms.MessageDigest=function(e){var b=KJUR,a=b.asn1,c=a.DEROctetString,d=a.cms;d.MessageDigest.superclass.constructor.call(this);this.typeOid="1.2.840.113549.1.9.4";this.getValueArray=function(){var f=new c(this.params);return[f]};if(e!=undefined){this.setByParam(e)}};extendClass(KJUR.asn1.cms.MessageDigest,KJUR.asn1.cms.Attribute);KJUR.asn1.cms.SigningTime=function(c){var b=KJUR,a=b.asn1;a.cms.SigningTime.superclass.constructor.call(this);this.typeOid="1.2.840.113549.1.9.5";this.getValueArray=function(){var d=new a.x509.Time(this.params);return[d]};if(c!=undefined){this.setByParam(c)}};extendClass(KJUR.asn1.cms.SigningTime,KJUR.asn1.cms.Attribute);KJUR.asn1.cms.SigningCertificate=function(h){var e=Error,d=KJUR,c=d.asn1,b=c.DERSequence,g=c.cms,a=g.ESSCertID,f=d.crypto;g.SigningCertificate.superclass.constructor.call(this);this.typeOid="1.2.840.113549.1.9.16.2.12";this.getValueArray=function(){if(this.params==null||this.params==undefined||this.params.array==undefined){throw new e("parameter 'array' not specified")}var o=this.params.array;var k=[];for(var l=0;l0){var m=b(n.valhex,q[0]);var p=j(m,0);var t=[];for(var o=0;o1){var r=b(n.valhex,q[1]);n.polhex=r}delete n.valhex};this.setSignaturePolicyIdentifier=function(s){var q=j(s.valhex,0);if(q.length>0){var r=l.getOID(s.valhex,q[0]);s.oid=r}if(q.length>1){var m=new a();var t=j(s.valhex,q[1]);var p=b(s.valhex,t[0]);var o=m.getAlgorithmIdentifierName(p);s.alg=o;var n=i(s.valhex,t[1]);s.hash=n}delete s.valhex};this.setSigningCertificateV2=function(o){var s=j(o.valhex,0);if(s.length>0){var n=b(o.valhex,s[0]);var r=j(n,0);var u=[];for(var q=0;q1){var t=b(o.valhex,s[1]);o.polhex=t}delete o.valhex};this.getESSCertID=function(o){var p={};var n=j(o,0);if(n.length>0){var q=i(o,n[0]);p.hash=q}if(n.length>1){var m=b(o,n[1]);var r=this.getIssuerSerial(m);if(r.serial!=undefined){p.serial=r.serial}if(r.issuer!=undefined){p.issuer=r.issuer}}return p};this.getESSCertIDv2=function(q){var s={};var p=j(q,0);if(p.length<1||3r+1){var m=b(q,p[r+1]);var t=this.getIssuerSerial(m);s.issuer=t.issuer;s.serial=t.serial}return s};this.getIssuerSerial=function(q){var r={};var n=j(q,0);var m=b(q,n[0]);var p=h.getGeneralNames(m);var o=p[0].dn;r.issuer=o;var s=i(q,n[1]);r.serial={hex:s};return r};this.getCertificateSet=function(p){var n=j(p,0);var m=[];for(var o=0;o=0;j--){l+=k[j]}return l}else{if(typeof n=="string"&&a[n]!=undefined){return namearraytobinstr([n],a)}else{if(typeof n=="object"&&n.length!=undefined){return namearraytobinstr(n,a)}else{throw new f("wrong params")}}}return};this.tohex=function(){var j=this.params;var i=this.getBinValue();return(new g({bin:i})).tohex()};this.getEncodedHex=function(){return this.tohex()};if(h!=undefined){this.setByParam(h)}};extendClass(KJUR.asn1.tsp.PKIFailureInfo,KJUR.asn1.ASN1Object);KJUR.asn1.tsp.AbstractTSAAdapter=function(a){this.getTSTHex=function(c,b){throw"not implemented yet"}};KJUR.asn1.tsp.SimpleTSAAdapter=function(e){var d=KJUR,c=d.asn1,a=c.tsp,b=d.crypto.Util.hashHex;a.SimpleTSAAdapter.superclass.constructor.call(this);this.params=null;this.serial=0;this.getTSTHex=function(g,f){var i=b(g,f);this.params.econtent.content.messageImprint={alg:f,hash:i};this.params.econtent.content.serial={"int":this.serial++};var h=Math.floor(Math.random()*1000000000);this.params.econtent.content.nonce={"int":h};var j=new a.TimeStampToken(this.params);return j.getContentInfoEncodedHex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.tsp.SimpleTSAAdapter,KJUR.asn1.tsp.AbstractTSAAdapter);KJUR.asn1.tsp.FixedTSAAdapter=function(e){var d=KJUR,c=d.asn1,a=c.tsp,b=d.crypto.Util.hashHex;a.FixedTSAAdapter.superclass.constructor.call(this);this.params=null;this.getTSTHex=function(g,f){var h=b(g,f);this.params.econtent.content.messageImprint={alg:f,hash:h};var i=new a.TimeStampToken(this.params);return i.getContentInfoEncodedHex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.tsp.FixedTSAAdapter,KJUR.asn1.tsp.AbstractTSAAdapter);KJUR.asn1.tsp.TSPUtil=new function(){};KJUR.asn1.tsp.TSPUtil.newTimeStampToken=function(a){return new KJUR.asn1.tsp.TimeStampToken(a)};KJUR.asn1.tsp.TSPUtil.parseTimeStampReq=function(a){var b=new KJUR.asn1.tsp.TSPParser();return b.getTimeStampReq(a)};KJUR.asn1.tsp.TSPUtil.parseMessageImprint=function(a){var b=new KJUR.asn1.tsp.TSPParser();return b.getMessageImprint(a)};KJUR.asn1.tsp.TSPParser=function(){var e=Error,a=X509,f=new a(),k=ASN1HEX,g=k.getV,b=k.getTLV,d=k.getIdxbyList,c=k.getTLVbyListEx,i=k.getChildIdx;var j=["granted","grantedWithMods","rejection","waiting","revocationWarning","revocationNotification"];var h={0:"badAlg",2:"badRequest",5:"badDataFormat",14:"timeNotAvailable",15:"unacceptedPolicy",16:"unacceptedExtension",17:"addInfoNotAvailable",25:"systemFailure"};this.getResponse=function(n){var l=i(n,0);if(l.length==1){return this.getPKIStatusInfo(b(n,l[0]))}else{if(l.length>1){var o=this.getPKIStatusInfo(b(n,l[0]));var m=b(n,l[1]);var p=this.getToken(m);p.statusinfo=o;return p}}};this.getToken=function(m){var l=new KJUR.asn1.cms.CMSParser;var n=l.getCMSSignedData(m);this.setTSTInfo(n);return n};this.setTSTInfo=function(l){var o=l.econtent;if(o.type=="tstinfo"){var n=o.content.hex;var m=this.getTSTInfo(n);o.content=m}};this.getTSTInfo=function(r){var x={};var s=i(r,0);var p=g(r,s[1]);x.policy=hextooid(p);var o=b(r,s[2]);x.messageImprint=this.getMessageImprint(o);var u=g(r,s[3]);x.serial={hex:u};var y=g(r,s[4]);x.genTime={str:hextoutf8(y)};var q=0;if(s.length>5&&r.substr(s[5],2)=="30"){var v=b(r,s[5]);x.accuracy=this.getAccuracy(v);q++}if(s.length>5+q&&r.substr(s[5+q],2)=="01"){var z=g(r,s[5+q]);if(z=="ff"){x.ordering=true}q++}if(s.length>5+q&&r.substr(s[5+q],2)=="02"){var n=g(r,s[5+q]);x.nonce={hex:n};q++}if(s.length>5+q&&r.substr(s[5+q],2)=="a0"){var m=b(r,s[5+q]);m="30"+m.substr(2);pGeneralNames=f.getGeneralNames(m);var t=pGeneralNames[0].dn;x.tsa=t;q++}if(s.length>5+q&&r.substr(s[5+q],2)=="a1"){var l=b(r,s[5+q]);l="30"+l.substr(2);var w=f.getExtParamArray(l);x.ext=w;q++}return x};this.getAccuracy=function(q){var r={};var o=i(q,0);for(var p=0;p1&&o.substr(r[1],2)=="30"){var m=b(o,r[1]);t.statusstr=this.getPKIFreeText(m);n++}if(r.length>n&&o.substr(r[1+n],2)=="03"){var q=b(o,r[1+n]);t.failinfo=this.getPKIFailureInfo(q)}return t};this.getPKIFreeText=function(n){var o=[];var l=i(n,0);for(var m=0;m>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function extendClass(c,a){var b=function(){};b.prototype=a.prototype;c.prototype=new b();c.prototype.constructor=c;c.superclass=a.prototype;if(a.prototype.constructor==Object.prototype.constructor){a.prototype.constructor=a}}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.Util=new function(){this.DIGESTINFOHEAD={sha1:"3021300906052b0e03021a05000414",sha224:"302d300d06096086480165030402040500041c",sha256:"3031300d060960864801650304020105000420",sha384:"3041300d060960864801650304020205000430",sha512:"3051300d060960864801650304020305000440",md2:"3020300c06082a864886f70d020205000410",md5:"3020300c06082a864886f70d020505000410",ripemd160:"3021300906052b2403020105000414",};this.DEFAULTPROVIDER={md5:"cryptojs",sha1:"cryptojs",sha224:"cryptojs",sha256:"cryptojs",sha384:"cryptojs",sha512:"cryptojs",ripemd160:"cryptojs",hmacmd5:"cryptojs",hmacsha1:"cryptojs",hmacsha224:"cryptojs",hmacsha256:"cryptojs",hmacsha384:"cryptojs",hmacsha512:"cryptojs",hmacripemd160:"cryptojs",MD5withRSA:"cryptojs/jsrsa",SHA1withRSA:"cryptojs/jsrsa",SHA224withRSA:"cryptojs/jsrsa",SHA256withRSA:"cryptojs/jsrsa",SHA384withRSA:"cryptojs/jsrsa",SHA512withRSA:"cryptojs/jsrsa",RIPEMD160withRSA:"cryptojs/jsrsa",MD5withECDSA:"cryptojs/jsrsa",SHA1withECDSA:"cryptojs/jsrsa",SHA224withECDSA:"cryptojs/jsrsa",SHA256withECDSA:"cryptojs/jsrsa",SHA384withECDSA:"cryptojs/jsrsa",SHA512withECDSA:"cryptojs/jsrsa",RIPEMD160withECDSA:"cryptojs/jsrsa",SHA1withDSA:"cryptojs/jsrsa",SHA224withDSA:"cryptojs/jsrsa",SHA256withDSA:"cryptojs/jsrsa",MD5withRSAandMGF1:"cryptojs/jsrsa",SHAwithRSAandMGF1:"cryptojs/jsrsa",SHA1withRSAandMGF1:"cryptojs/jsrsa",SHA224withRSAandMGF1:"cryptojs/jsrsa",SHA256withRSAandMGF1:"cryptojs/jsrsa",SHA384withRSAandMGF1:"cryptojs/jsrsa",SHA512withRSAandMGF1:"cryptojs/jsrsa",RIPEMD160withRSAandMGF1:"cryptojs/jsrsa",};this.CRYPTOJSMESSAGEDIGESTNAME={md5:CryptoJS.algo.MD5,sha1:CryptoJS.algo.SHA1,sha224:CryptoJS.algo.SHA224,sha256:CryptoJS.algo.SHA256,sha384:CryptoJS.algo.SHA384,sha512:CryptoJS.algo.SHA512,ripemd160:CryptoJS.algo.RIPEMD160};this.getDigestInfoHex=function(a,b){if(typeof this.DIGESTINFOHEAD[b]=="undefined"){throw"alg not supported in Util.DIGESTINFOHEAD: "+b}return this.DIGESTINFOHEAD[b]+a};this.getPaddedDigestInfoHex=function(h,a,j){var c=this.getDigestInfoHex(h,a);var d=j/4;if(c.length+22>d){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f0){var m=b(n.valhex,q[0]);var p=j(m,0);var t=[];for(var o=0;o1){var r=b(n.valhex,q[1]);n.polhex=r}delete n.valhex};this.setSignaturePolicyIdentifier=function(s){var q=j(s.valhex,0);if(q.length>0){var r=l.getOID(s.valhex,q[0]);s.oid=r}if(q.length>1){var m=new a();var t=j(s.valhex,q[1]);var p=b(s.valhex,t[0]);var o=m.getAlgorithmIdentifierName(p);s.alg=o;var n=i(s.valhex,t[1]);s.hash=n}delete s.valhex};this.setSigningCertificateV2=function(o){var s=j(o.valhex,0);if(s.length>0){var n=b(o.valhex,s[0]);var r=j(n,0);var u=[];for(var q=0;q1){var t=b(o.valhex,s[1]);o.polhex=t}delete o.valhex};this.getESSCertID=function(o){var p={};var n=j(o,0);if(n.length>0){var q=i(o,n[0]);p.hash=q}if(n.length>1){var m=b(o,n[1]);var r=this.getIssuerSerial(m);if(r.serial!=undefined){p.serial=r.serial}if(r.issuer!=undefined){p.issuer=r.issuer}}return p};this.getESSCertIDv2=function(q){var s={};var p=j(q,0);if(p.length<1||3r+1){var m=b(q,p[r+1]);var t=this.getIssuerSerial(m);s.issuer=t.issuer;s.serial=t.serial}return s};this.getIssuerSerial=function(q){var r={};var n=j(q,0);var m=b(q,n[0]);var p=h.getGeneralNames(m);var o=p[0].dn;r.issuer=o;var s=i(q,n[1]);r.serial={hex:s};return r};this.getCertificateSet=function(p){var n=j(p,0);var m=[];for(var o=0;o=0;j--){l+=k[j]}return l}else{if(typeof n=="string"&&a[n]!=undefined){return namearraytobinstr([n],a)}else{if(typeof n=="object"&&n.length!=undefined){return namearraytobinstr(n,a)}else{throw new f("wrong params")}}}return};this.tohex=function(){var j=this.params;var i=this.getBinValue();return(new g({bin:i})).tohex()};this.getEncodedHex=function(){return this.tohex()};if(h!=undefined){this.setByParam(h)}};extendClass(KJUR.asn1.tsp.PKIFailureInfo,KJUR.asn1.ASN1Object);KJUR.asn1.tsp.AbstractTSAAdapter=function(a){this.getTSTHex=function(c,b){throw"not implemented yet"}};KJUR.asn1.tsp.SimpleTSAAdapter=function(e){var d=KJUR,c=d.asn1,a=c.tsp,b=d.crypto.Util.hashHex;a.SimpleTSAAdapter.superclass.constructor.call(this);this.params=null;this.serial=0;this.getTSTHex=function(g,f){var i=b(g,f);this.params.econtent.content.messageImprint={alg:f,hash:i};this.params.econtent.content.serial={"int":this.serial++};var h=Math.floor(Math.random()*1000000000);this.params.econtent.content.nonce={"int":h};var j=new a.TimeStampToken(this.params);return j.getContentInfoEncodedHex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.tsp.SimpleTSAAdapter,KJUR.asn1.tsp.AbstractTSAAdapter);KJUR.asn1.tsp.FixedTSAAdapter=function(e){var d=KJUR,c=d.asn1,a=c.tsp,b=d.crypto.Util.hashHex;a.FixedTSAAdapter.superclass.constructor.call(this);this.params=null;this.getTSTHex=function(g,f){var h=b(g,f);this.params.econtent.content.messageImprint={alg:f,hash:h};var i=new a.TimeStampToken(this.params);return i.getContentInfoEncodedHex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.tsp.FixedTSAAdapter,KJUR.asn1.tsp.AbstractTSAAdapter);KJUR.asn1.tsp.TSPUtil=new function(){};KJUR.asn1.tsp.TSPUtil.newTimeStampToken=function(a){return new KJUR.asn1.tsp.TimeStampToken(a)};KJUR.asn1.tsp.TSPUtil.parseTimeStampReq=function(a){var b=new KJUR.asn1.tsp.TSPParser();return b.getTimeStampReq(a)};KJUR.asn1.tsp.TSPUtil.parseMessageImprint=function(a){var b=new KJUR.asn1.tsp.TSPParser();return b.getMessageImprint(a)};KJUR.asn1.tsp.TSPParser=function(){var e=Error,a=X509,f=new a(),k=ASN1HEX,g=k.getV,b=k.getTLV,d=k.getIdxbyList,c=k.getTLVbyListEx,i=k.getChildIdx;var j=["granted","grantedWithMods","rejection","waiting","revocationWarning","revocationNotification"];var h={0:"badAlg",2:"badRequest",5:"badDataFormat",14:"timeNotAvailable",15:"unacceptedPolicy",16:"unacceptedExtension",17:"addInfoNotAvailable",25:"systemFailure"};this.getResponse=function(n){var l=i(n,0);if(l.length==1){return this.getPKIStatusInfo(b(n,l[0]))}else{if(l.length>1){var o=this.getPKIStatusInfo(b(n,l[0]));var m=b(n,l[1]);var p=this.getToken(m);p.statusinfo=o;return p}}};this.getToken=function(m){var l=new KJUR.asn1.cms.CMSParser;var n=l.getCMSSignedData(m);this.setTSTInfo(n);return n};this.setTSTInfo=function(l){var o=l.econtent;if(o.type=="tstinfo"){var n=o.content.hex;var m=this.getTSTInfo(n);o.content=m}};this.getTSTInfo=function(r){var x={};var s=i(r,0);var p=g(r,s[1]);x.policy=hextooid(p);var o=b(r,s[2]);x.messageImprint=this.getMessageImprint(o);var u=g(r,s[3]);x.serial={hex:u};var y=g(r,s[4]);x.genTime={str:hextoutf8(y)};var q=0;if(s.length>5&&r.substr(s[5],2)=="30"){var v=b(r,s[5]);x.accuracy=this.getAccuracy(v);q++}if(s.length>5+q&&r.substr(s[5+q],2)=="01"){var z=g(r,s[5+q]);if(z=="ff"){x.ordering=true}q++}if(s.length>5+q&&r.substr(s[5+q],2)=="02"){var n=g(r,s[5+q]);x.nonce={hex:n};q++}if(s.length>5+q&&r.substr(s[5+q],2)=="a0"){var m=b(r,s[5+q]);m="30"+m.substr(2);pGeneralNames=f.getGeneralNames(m);var t=pGeneralNames[0].dn;x.tsa=t;q++}if(s.length>5+q&&r.substr(s[5+q],2)=="a1"){var l=b(r,s[5+q]);l="30"+l.substr(2);var w=f.getExtParamArray(l);x.ext=w;q++}return x};this.getAccuracy=function(q){var r={};var o=i(q,0);for(var p=0;p1&&o.substr(r[1],2)=="30"){var m=b(o,r[1]);t.statusstr=this.getPKIFreeText(m);n++}if(r.length>n&&o.substr(r[1+n],2)=="03"){var q=b(o,r[1+n]);t.failinfo=this.getPKIFailureInfo(q)}return t};this.getPKIFreeText=function(n){var o=[];var l=i(n,0);for(var m=0;m>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function extendClass(c,a){var b=function(){};b.prototype=a.prototype;c.prototype=new b();c.prototype.constructor=c;c.superclass=a.prototype;if(a.prototype.constructor==Object.prototype.constructor){a.prototype.constructor=a}}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.Util=new function(){this.DIGESTINFOHEAD={sha1:"3021300906052b0e03021a05000414",sha224:"302d300d06096086480165030402040500041c",sha256:"3031300d060960864801650304020105000420",sha384:"3041300d060960864801650304020205000430",sha512:"3051300d060960864801650304020305000440",md2:"3020300c06082a864886f70d020205000410",md5:"3020300c06082a864886f70d020505000410",ripemd160:"3021300906052b2403020105000414",};this.DEFAULTPROVIDER={md5:"cryptojs",sha1:"cryptojs",sha224:"cryptojs",sha256:"cryptojs",sha384:"cryptojs",sha512:"cryptojs",ripemd160:"cryptojs",hmacmd5:"cryptojs",hmacsha1:"cryptojs",hmacsha224:"cryptojs",hmacsha256:"cryptojs",hmacsha384:"cryptojs",hmacsha512:"cryptojs",hmacripemd160:"cryptojs",MD5withRSA:"cryptojs/jsrsa",SHA1withRSA:"cryptojs/jsrsa",SHA224withRSA:"cryptojs/jsrsa",SHA256withRSA:"cryptojs/jsrsa",SHA384withRSA:"cryptojs/jsrsa",SHA512withRSA:"cryptojs/jsrsa",RIPEMD160withRSA:"cryptojs/jsrsa",MD5withECDSA:"cryptojs/jsrsa",SHA1withECDSA:"cryptojs/jsrsa",SHA224withECDSA:"cryptojs/jsrsa",SHA256withECDSA:"cryptojs/jsrsa",SHA384withECDSA:"cryptojs/jsrsa",SHA512withECDSA:"cryptojs/jsrsa",RIPEMD160withECDSA:"cryptojs/jsrsa",SHA1withDSA:"cryptojs/jsrsa",SHA224withDSA:"cryptojs/jsrsa",SHA256withDSA:"cryptojs/jsrsa",MD5withRSAandMGF1:"cryptojs/jsrsa",SHAwithRSAandMGF1:"cryptojs/jsrsa",SHA1withRSAandMGF1:"cryptojs/jsrsa",SHA224withRSAandMGF1:"cryptojs/jsrsa",SHA256withRSAandMGF1:"cryptojs/jsrsa",SHA384withRSAandMGF1:"cryptojs/jsrsa",SHA512withRSAandMGF1:"cryptojs/jsrsa",RIPEMD160withRSAandMGF1:"cryptojs/jsrsa",};this.CRYPTOJSMESSAGEDIGESTNAME={md5:CryptoJS.algo.MD5,sha1:CryptoJS.algo.SHA1,sha224:CryptoJS.algo.SHA224,sha256:CryptoJS.algo.SHA256,sha384:CryptoJS.algo.SHA384,sha512:CryptoJS.algo.SHA512,ripemd160:CryptoJS.algo.RIPEMD160};this.getDigestInfoHex=function(a,b){if(typeof this.DIGESTINFOHEAD[b]=="undefined"){throw"alg not supported in Util.DIGESTINFOHEAD: "+b}return this.DIGESTINFOHEAD[b]+a};this.getPaddedDigestInfoHex=function(h,a,j){var c=this.getDigestInfoHex(h,a);var d=j/4;if(c.length+22>d){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f0){var m=b(n.valhex,q[0]);var p=j(m,0);var t=[];for(var o=0;o1){var r=b(n.valhex,q[1]);n.polhex=r}delete n.valhex};this.setSignaturePolicyIdentifier=function(s){var q=j(s.valhex,0);if(q.length>0){var r=l.getOID(s.valhex,q[0]);s.oid=r}if(q.length>1){var m=new a();var t=j(s.valhex,q[1]);var p=b(s.valhex,t[0]);var o=m.getAlgorithmIdentifierName(p);s.alg=o;var n=i(s.valhex,t[1]);s.hash=n}delete s.valhex};this.setSigningCertificateV2=function(o){var s=j(o.valhex,0);if(s.length>0){var n=b(o.valhex,s[0]);var r=j(n,0);var u=[];for(var q=0;q1){var t=b(o.valhex,s[1]);o.polhex=t}delete o.valhex};this.getESSCertID=function(o){var p={};var n=j(o,0);if(n.length>0){var q=i(o,n[0]);p.hash=q}if(n.length>1){var m=b(o,n[1]);var r=this.getIssuerSerial(m);if(r.serial!=undefined){p.serial=r.serial}if(r.issuer!=undefined){p.issuer=r.issuer}}return p};this.getESSCertIDv2=function(q){var s={};var p=j(q,0);if(p.length<1||3r+1){var m=b(q,p[r+1]);var t=this.getIssuerSerial(m);s.issuer=t.issuer;s.serial=t.serial}return s};this.getIssuerSerial=function(q){var r={};var n=j(q,0);var m=b(q,n[0]);var p=h.getGeneralNames(m);var o=p[0].dn;r.issuer=o;var s=i(q,n[1]);r.serial={hex:s};return r};this.getCertificateSet=function(p){var n=j(p,0);var m=[];for(var o=0;o=0;j--){l+=k[j]}return l}else{if(typeof n=="string"&&a[n]!=undefined){return namearraytobinstr([n],a)}else{if(typeof n=="object"&&n.length!=undefined){return namearraytobinstr(n,a)}else{throw new f("wrong params")}}}return};this.tohex=function(){var j=this.params;var i=this.getBinValue();return(new g({bin:i})).tohex()};this.getEncodedHex=function(){return this.tohex()};if(h!=undefined){this.setByParam(h)}};extendClass(KJUR.asn1.tsp.PKIFailureInfo,KJUR.asn1.ASN1Object);KJUR.asn1.tsp.AbstractTSAAdapter=function(a){this.getTSTHex=function(c,b){throw"not implemented yet"}};KJUR.asn1.tsp.SimpleTSAAdapter=function(e){var d=KJUR,c=d.asn1,a=c.tsp,b=d.crypto.Util.hashHex;a.SimpleTSAAdapter.superclass.constructor.call(this);this.params=null;this.serial=0;this.getTSTHex=function(g,f){var i=b(g,f);this.params.econtent.content.messageImprint={alg:f,hash:i};this.params.econtent.content.serial={"int":this.serial++};var h=Math.floor(Math.random()*1000000000);this.params.econtent.content.nonce={"int":h};var j=new a.TimeStampToken(this.params);return j.getContentInfoEncodedHex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.tsp.SimpleTSAAdapter,KJUR.asn1.tsp.AbstractTSAAdapter);KJUR.asn1.tsp.FixedTSAAdapter=function(e){var d=KJUR,c=d.asn1,a=c.tsp,b=d.crypto.Util.hashHex;a.FixedTSAAdapter.superclass.constructor.call(this);this.params=null;this.getTSTHex=function(g,f){var h=b(g,f);this.params.econtent.content.messageImprint={alg:f,hash:h};var i=new a.TimeStampToken(this.params);return i.getContentInfoEncodedHex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.tsp.FixedTSAAdapter,KJUR.asn1.tsp.AbstractTSAAdapter);KJUR.asn1.tsp.TSPUtil=new function(){};KJUR.asn1.tsp.TSPUtil.newTimeStampToken=function(a){return new KJUR.asn1.tsp.TimeStampToken(a)};KJUR.asn1.tsp.TSPUtil.parseTimeStampReq=function(a){var b=new KJUR.asn1.tsp.TSPParser();return b.getTimeStampReq(a)};KJUR.asn1.tsp.TSPUtil.parseMessageImprint=function(a){var b=new KJUR.asn1.tsp.TSPParser();return b.getMessageImprint(a)};KJUR.asn1.tsp.TSPParser=function(){var e=Error,a=X509,f=new a(),k=ASN1HEX,g=k.getV,b=k.getTLV,d=k.getIdxbyList,c=k.getTLVbyListEx,i=k.getChildIdx;var j=["granted","grantedWithMods","rejection","waiting","revocationWarning","revocationNotification"];var h={0:"badAlg",2:"badRequest",5:"badDataFormat",14:"timeNotAvailable",15:"unacceptedPolicy",16:"unacceptedExtension",17:"addInfoNotAvailable",25:"systemFailure"};this.getResponse=function(n){var l=i(n,0);if(l.length==1){return this.getPKIStatusInfo(b(n,l[0]))}else{if(l.length>1){var o=this.getPKIStatusInfo(b(n,l[0]));var m=b(n,l[1]);var p=this.getToken(m);p.statusinfo=o;return p}}};this.getToken=function(m){var l=new KJUR.asn1.cms.CMSParser;var n=l.getCMSSignedData(m);this.setTSTInfo(n);return n};this.setTSTInfo=function(l){var o=l.econtent;if(o.type=="tstinfo"){var n=o.content.hex;var m=this.getTSTInfo(n);o.content=m}};this.getTSTInfo=function(r){var x={};var s=i(r,0);var p=g(r,s[1]);x.policy=hextooid(p);var o=b(r,s[2]);x.messageImprint=this.getMessageImprint(o);var u=g(r,s[3]);x.serial={hex:u};var y=g(r,s[4]);x.genTime={str:hextoutf8(y)};var q=0;if(s.length>5&&r.substr(s[5],2)=="30"){var v=b(r,s[5]);x.accuracy=this.getAccuracy(v);q++}if(s.length>5+q&&r.substr(s[5+q],2)=="01"){var z=g(r,s[5+q]);if(z=="ff"){x.ordering=true}q++}if(s.length>5+q&&r.substr(s[5+q],2)=="02"){var n=g(r,s[5+q]);x.nonce={hex:n};q++}if(s.length>5+q&&r.substr(s[5+q],2)=="a0"){var m=b(r,s[5+q]);m="30"+m.substr(2);pGeneralNames=f.getGeneralNames(m);var t=pGeneralNames[0].dn;x.tsa=t;q++}if(s.length>5+q&&r.substr(s[5+q],2)=="a1"){var l=b(r,s[5+q]);l="30"+l.substr(2);var w=f.getExtParamArray(l);x.ext=w;q++}return x};this.getAccuracy=function(q){var r={};var o=i(q,0);for(var p=0;p1&&o.substr(r[1],2)=="30"){var m=b(o,r[1]);t.statusstr=this.getPKIFreeText(m);n++}if(r.length>n&&o.substr(r[1+n],2)=="03"){var q=b(o,r[1+n]);t.failinfo=this.getPKIFailureInfo(q)}return t};this.getPKIFreeText=function(n){var o=[];var l=i(n,0);for(var m=0;m>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function extendClass(c,a){var b=function(){};b.prototype=a.prototype;c.prototype=new b();c.prototype.constructor=c;c.superclass=a.prototype;if(a.prototype.constructor==Object.prototype.constructor){a.prototype.constructor=a}}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.Util=new function(){this.DIGESTINFOHEAD={sha1:"3021300906052b0e03021a05000414",sha224:"302d300d06096086480165030402040500041c",sha256:"3031300d060960864801650304020105000420",sha384:"3041300d060960864801650304020205000430",sha512:"3051300d060960864801650304020305000440",md2:"3020300c06082a864886f70d020205000410",md5:"3020300c06082a864886f70d020505000410",ripemd160:"3021300906052b2403020105000414",};this.DEFAULTPROVIDER={md5:"cryptojs",sha1:"cryptojs",sha224:"cryptojs",sha256:"cryptojs",sha384:"cryptojs",sha512:"cryptojs",ripemd160:"cryptojs",hmacmd5:"cryptojs",hmacsha1:"cryptojs",hmacsha224:"cryptojs",hmacsha256:"cryptojs",hmacsha384:"cryptojs",hmacsha512:"cryptojs",hmacripemd160:"cryptojs",MD5withRSA:"cryptojs/jsrsa",SHA1withRSA:"cryptojs/jsrsa",SHA224withRSA:"cryptojs/jsrsa",SHA256withRSA:"cryptojs/jsrsa",SHA384withRSA:"cryptojs/jsrsa",SHA512withRSA:"cryptojs/jsrsa",RIPEMD160withRSA:"cryptojs/jsrsa",MD5withECDSA:"cryptojs/jsrsa",SHA1withECDSA:"cryptojs/jsrsa",SHA224withECDSA:"cryptojs/jsrsa",SHA256withECDSA:"cryptojs/jsrsa",SHA384withECDSA:"cryptojs/jsrsa",SHA512withECDSA:"cryptojs/jsrsa",RIPEMD160withECDSA:"cryptojs/jsrsa",SHA1withDSA:"cryptojs/jsrsa",SHA224withDSA:"cryptojs/jsrsa",SHA256withDSA:"cryptojs/jsrsa",MD5withRSAandMGF1:"cryptojs/jsrsa",SHAwithRSAandMGF1:"cryptojs/jsrsa",SHA1withRSAandMGF1:"cryptojs/jsrsa",SHA224withRSAandMGF1:"cryptojs/jsrsa",SHA256withRSAandMGF1:"cryptojs/jsrsa",SHA384withRSAandMGF1:"cryptojs/jsrsa",SHA512withRSAandMGF1:"cryptojs/jsrsa",RIPEMD160withRSAandMGF1:"cryptojs/jsrsa",};this.CRYPTOJSMESSAGEDIGESTNAME={md5:CryptoJS.algo.MD5,sha1:CryptoJS.algo.SHA1,sha224:CryptoJS.algo.SHA224,sha256:CryptoJS.algo.SHA256,sha384:CryptoJS.algo.SHA384,sha512:CryptoJS.algo.SHA512,ripemd160:CryptoJS.algo.RIPEMD160};this.getDigestInfoHex=function(a,b){if(typeof this.DIGESTINFOHEAD[b]=="undefined"){throw"alg not supported in Util.DIGESTINFOHEAD: "+b}return this.DIGESTINFOHEAD[b]+a};this.getPaddedDigestInfoHex=function(h,a,j){var c=this.getDigestInfoHex(h,a);var d=j/4;if(c.length+22>d){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f @@ -557,7 +557,7 @@ KJUR.asn1.cades.SignatureTimeStamp = function(params) { if (params != null) this.setByParam(params); }; extendClass(KJUR.asn1.cades.SignatureTimeStamp, - KJUR.asn1.cms.Attribute); + KJUR.asn1.cms.Attribute); /** * class for RFC 5126 CAdES CompleteCertificateRefs attribute
@@ -638,7 +638,7 @@ KJUR.asn1.cades.CompleteCertificateRefs = function(params) { if (params != undefined) this.setByParam(params); }; extendClass(KJUR.asn1.cades.CompleteCertificateRefs, - KJUR.asn1.cms.Attribute); + KJUR.asn1.cms.Attribute); /** * class for OtherCertID ASN.1 object diff --git a/src/asn1cms-1.0.js b/src/asn1cms-1.0.js index 35062c6d..4f0a2171 100644 --- a/src/asn1cms-1.0.js +++ b/src/asn1cms-1.0.js @@ -90,7 +90,7 @@ if (typeof KJUR.asn1.cms == "undefined" || !KJUR.asn1.cms) KJUR.asn1.cms = {}; * This is an abstract class for CMS attribute * ASN.1 encoder as defined in * - * RFC 5652 CMS 5.3 SignerInfo. + * RFC 5652 CMS 5.3 SignerInfo. * 
  * Attributes ::= SET OF Attribute
  * Attribute ::= SEQUENCE {
diff --git a/src/asn1csr-1.0.js b/src/asn1csr-1.0.js
index b5a9c6ad..bd148b28 100644
--- a/src/asn1csr-1.0.js
+++ b/src/asn1csr-1.0.js
@@ -1,4 +1,4 @@
-/* asn1csr-2.0.6.js (c) 2015-2022 Kenji Urushima | kjur.github.io/jsrsasign/license
+/* asn1csr-2.0.7.js (c) 2015-2022 Kenji Urushima | kjur.github.io/jsrsasign/license
  */
 /*
  * asn1csr.js - ASN.1 DER encoder classes for PKCS#10 CSR
@@ -16,7 +16,7 @@
  * @fileOverview
  * @name asn1csr-1.0.js
  * @author Kenji Urushima kenji.urushima@gmail.com
- * @version jsrsasign 10.5.26 asn1csr 2.0.6 (2022-Jul-14)
+ * @version jsrsasign 10.5.27 asn1csr 2.0.7 (2022-Aug-19)
  * @since jsrsasign 4.9.0
  * @license MIT License
  */
@@ -219,6 +219,7 @@ extendClass(KJUR.asn1.csr.CertificationRequest, KJUR.asn1.ASN1Object);
  * @extends KJUR.asn1.ASN1Object
  * @since jsrsasign 4.9.0 asn1csr 1.0.0
  * @see KJUR.asn1.csr.CertificationRequest
+ * @see KJUR.asn1.x509.Extensions
  * @description
  * This class provides CertificateRequestInfo ASN.1 structure
  * defined in 
@@ -229,13 +230,24 @@ extendClass(KJUR.asn1.csr.CertificationRequest, KJUR.asn1.ASN1Object);
  *   version       INTEGER { v1(0) } (v1,...),
  *   subject       Name,
  *   subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
- *   attributes    [0] Attributes{{ CRIAttributes }} }
+ *   attributes    [0] Attributes {{ CRIAttributes }} }
  *
*
*
- * CAUTION: + * NOTE1: * Argument "params" JSON value format have been changed without - * backward compatibility since jsrsasign 9.0.0 asn1csr 2.0.0. + * backward compatibility since jsrsasign 9.0.0 asn1csr 2.0.0.
+ * NOTE2: + * From jsrsasign 10.5.27, "attrs" member in the constructor argument + * object have been supported to support more Attributes type. + * Currently following Attribute types are supported: + *
    + *
  • challengePassword
    • + *
  • unstructuredName - member "names" will be array of + * DirectoryStrings. (ex. [{prnstr: "aaa"},{utf8str: "bbb"}]
    • + *
  • extensionRequest - any {@link KJUR.asn1.x509.Extensions} + * constructor argument can be specified for "ext" member value.
    • + *
* * @example * csri = new KJUR.asn1.csr.CertificationRequestInfo({ @@ -245,6 +257,20 @@ extendClass(KJUR.asn1.csr.CertificationRequest, KJUR.asn1.ASN1Object); * {extname:"subjectAltName", array:[{dns:"example.com"}]} * ]}); * csri.tohex() → "30..." + * + * // From jsrsasign 10.5.27, "attrs" supported + * csri = new KJUR.asn1.csr.CertificationRequestInfo({ + * subject: {str: '/C=US/CN=b'}, + * sbjpubkey: <>, + * attrs: [ + * {attr: "challengePassword", password: "secret"}, + * {attr: "unstructuredName", names: [{utf8str:"aaa"},{ia5str:"bbb"}]}, + * {attr: "extensionRequest", ext: [ + * {extname: "basicConstraints", cA: true}, + * {extname: "subjectKeyIdentifier", kid: "1a2b..."} + * ]} + * ]}); + * csri.tohex() → "30..." */ KJUR.asn1.csr.CertificationRequestInfo = function(params) { var _KJUR = KJUR, @@ -259,7 +285,8 @@ KJUR.asn1.csr.CertificationRequestInfo = function(params) { _KJUR_asn1_x509 = _KJUR_asn1.x509, _X500Name = _KJUR_asn1_x509.X500Name, _Extensions = _KJUR_asn1_x509.Extensions, - _SubjectPublicKeyInfo = _KJUR_asn1_x509.SubjectPublicKeyInfo; + _SubjectPublicKeyInfo = _KJUR_asn1_x509.SubjectPublicKeyInfo, + _AttributeList = _KJUR_asn1_csr.AttributeList; _KJUR_asn1_csr.CertificationRequestInfo.superclass.constructor.call(this); @@ -275,12 +302,15 @@ KJUR.asn1.csr.CertificationRequestInfo = function(params) { a.push(new _DERInteger({'int': 0})); // version a.push(new _X500Name(params.subject)); a.push(new _SubjectPublicKeyInfo(KEYUTIL.getKey(params.sbjpubkey))); - if (params.extreq != undefined) { + if (params.attrs != undefined) { + var asn1Param = _conv(params.attrs); + var tagobj = _newObject({tag: {tage: "a0", obj: asn1Param}}); + a.push(tagobj); + } else if (params.extreq != undefined) { var extseq = new _Extensions(params.extreq); var tagobj = _newObject({ tag: { - tag:'a0', - explict:true, + tage:'a0', obj:{seq: [{oid: "1.2.840.113549.1.9.14"}, {set: [extseq]}]} } @@ -296,11 +326,45 @@ KJUR.asn1.csr.CertificationRequestInfo = function(params) { }; this.getEncodedHex = function() { return this.tohex(); }; + /* + * converter from attrs member value to newObject acceptable data + */ + function _conv(aAttrParam) { + var _Error = Error, + _Extensions = KJUR.asn1.x509.Extensions; + var a = []; + for (var i = 0; i < aAttrParam.length; i++) { + var pAttr = aAttrParam[i]; + var attrName = pAttr.attr; + if (attrName == "extensionRequest") { + var oExt = new _Extensions(pAttr.ext); + var p = {seq: [{oid: "1.2.840.113549.1.9.14"},{set: [oExt]}]}; + a.push(p); + } else if (attrName == "unstructuredName") { + var p = {seq: [{oid: "1.2.840.113549.1.9.2"},{set: pAttr.names}]}; + a.push(p); + } else if (attrName == "challengePassword") { + var p = {seq: [{oid: "1.2.840.113549.1.9.7"}, + {set: [{utf8str: pAttr.password}]}]}; + a.push(p); + } else { + throw new _Error("unknown CSR attribute"); + } + } + return {set: a}; + } + if (params != undefined) this.setByParam(params); }; - extendClass(KJUR.asn1.csr.CertificationRequestInfo, KJUR.asn1.ASN1Object); +KJUR.asn1.csr.AttributeList = function(aParam) { + function _paramToASN1Param(aParam) { + } +}; +extendClass(KJUR.asn1.csr.AttributeList, KJUR.asn1.ASN1Object); + + /** * Certification Request (CSR/PKCS#10) utilities class
* @name KJUR.asn1.csr.CSRUtil diff --git a/test/qunit-do-asn1csr.html b/test/qunit-do-asn1csr.html index 7872088d..bfa99783 100755 --- a/test/qunit-do-asn1csr.html +++ b/test/qunit-do-asn1csr.html @@ -289,6 +289,24 @@ equal(ASN1HEX.dump(csri.getEncodedHex()), ASN1HEX.dump(hExpect), "dump"); }); +test("(2-1) CertificationRequestInfo with attrs[unstructuredName,challengePassword,extensionRequest]", function() { +var param = { +subject: {str: '/C=US/CN=b'}, +sbjpubkey: z1PubP8PEM, +attrs: [ + {attr:"challengePassword", password: "PassWord"}, + {attr:"unstructuredName", names: [{ia5str:"aaa"},{utf8str:"bbb"}]}, + {attr:"extensionRequest", ext: [ + {extname: "basicConstraints", cA: true} + ]} +] +}; +var hExpect = "3081d10201003019310b3009060355040613025553310a300806035504030c0162305c300d06092a864886f70d0101010500034b003048024100e8664dd2b40529121568f3b39bc97a62e7ba3c09babdc4f0dcd8df90eb790b9bb645a2b70e3112747b4d3c41b51424895115fef88f79d43eae5b1a4e3518fd590203010001a0533151301706092a864886f70d010902310a0c036262621603616161301706092a864886f70d010907310a0c0850617373576f7264301d06092a864886f70d01090e3110300e300c0603551d13040530030101ff"; +var csri = new KJUR.asn1.csr.CertificationRequestInfo(param); +equal(csri.tohex(), hExpect, "hex"); +equal(ASN1HEX.dump(csri.tohex()), ASN1HEX.dump(hExpect), "dump"); +}); + test("(3) CertificationRequestInfo.appendExtensionByName", function() { var hExpect = "3081ad0201003019310b3009060355040613025553310a300806035504030c0162305c300d06092a864886f70d0101010500034b003048024100e8664dd2b40529121568f3b39bc97a62e7ba3c09babdc4f0dcd8df90eb790b9bb645a2b70e3112747b4d3c41b51424895115fef88f79d43eae5b1a4e3518fd590203010001a02f302d06092a864886f70d01090e3120301e300b0603551d0f0404030206c0300f0603551d130101ff040530030101ff"; var param = {