diff --git a/ChangeLog.txt b/ChangeLog.txt index 68978388..5a1c1555 100755 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,17 +1,21 @@ ChangeLog for jsrsasign -* Changes between 5.0.10 to next version +* Changes between 5.0.10 to 5.0.11 + - X509v1 certificate support in KEYUTIL.getKey and + X509.getPublicKeyInfoPropOfCertPEM - sample_node/showcert added - - x509.js 1.1.8 to next version + - x509.js 1.1.8 to 1.1.9 - X509.DN_ATTRHEX added to show EV cert DN + - X509v1 certificate support in X509.getPublicKeyInfoPropOfCertPEM. + This makes KEYUTIL.getKey support X509v1 certificate. - test/qunit-do-x509-getinfo.html - test case added for EV cert DN - tool_{jwt,jwtveri}.html - fix typo. Thanks @ParkinT. - ext/{rsa,rsa2}.js - allow hash func to be passed to OAEP. Thanks @davedoesdev. - - asn1x509.js 1.0.13 to next version + - asn1x509.js 1.0.13 to 1.0.14 - add 'SN' (i.e. SurName) support in distinguished name. Thanks @kurtsson. diff --git a/api/files.html b/api/files.html index c43e85f3..beb8dd91 100644 --- a/api/files.html +++ b/api/files.html @@ -535,7 +535,7 @@

asn1x509-1.0.js

Version:
-
1.0.13 (2015-Oct-01)
+
1.0.14 (2016-May-10)
@@ -782,7 +782,7 @@

x509-1.1.js

Version:
-
x509 1.1.8 (2016-Apr-24)
+
x509 1.1.9 (2016-May-10)
diff --git a/api/symbols/KEYUTIL.html b/api/symbols/KEYUTIL.html index 3c14a20e..67e07939 100644 --- a/api/symbols/KEYUTIL.html +++ b/api/symbols/KEYUTIL.html @@ -1334,7 +1334,7 @@

  • DSA public key parameters: param={p: p, q: q, g: g, y: y}
    NOTE: Each value shall be hexadecimal string of key spec.
  • RSA public key parameters: param={n: n, e: e}
  • -
  • X.509 PEM certificate (RSA/DSA/ECC): param=pemString
  • +
  • X.509v1/v3 PEM certificate (RSA/DSA/ECC): param=pemString
  • PKCS#8 hexadecimal RSA/ECC public key: param=pemString, null, "pkcs8pub"
  • PKCS#8 PEM RSA/DSA/ECC public key: param=pemString
  • PKCS#5 plain hexadecimal RSA private key: param=hexString, null, "pkcs5prv"
  • @@ -1352,7 +1352,8 @@

  • JWT plain RSA private key with P/Q/DP/DQ/COEFF
  • JWT plain RSA private key without P/Q/DP/DQ/COEFF (since jsrsasign 5.0.0)
  • -NOTE: RFC 7517 JSON Web Key(JWK) support for RSA/ECC private/public key from jsrsasign 4.8.1. +NOTE1: RFC 7517 JSON Web Key(JWK) support for RSA/ECC private/public key from jsrsasign 4.8.1.
    +NOTE2: X509v1 support is added since jsrsasign 5.0.11.

    EXAMPLE
    diff --git a/api/symbols/X509.html b/api/symbols/X509.html index f737ea72..9dd389bb 100644 --- a/api/symbols/X509.html +++ b/api/symbols/X509.html @@ -738,12 +738,13 @@

    X509.getPublicKeyInfoPropOfCertPEM(sCertPEM)
    get public key information from PEM certificate -Resulted associative array has following properties: +Resulted associative array has following properties:
    + +NOTE: X509v1 certificate is also supported since x509.js 1.1.9. @@ -2125,12 +2126,13 @@

    get public key information from PEM certificate -Resulted associative array has following properties: +Resulted associative array has following properties:
    +NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
    @@ -2153,7 +2155,7 @@

    Since:
    -
    x509 1.1.1, x509 1.1.1
    +
    x509 1.1.1
    diff --git a/api/symbols/src/asn1x509-1.0.js.html b/api/symbols/src/asn1x509-1.0.js.html index 07bc9759..e31d81a2 100644 --- a/api/symbols/src/asn1x509-1.0.js.html +++ b/api/symbols/src/asn1x509-1.0.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
      1 /*! asn1x509-1.0.13.js (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license
    +	
      1 /*! asn1x509-1.0.14.js (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license
       2  */
       3 /*
       4  * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate
    @@ -23,7 +23,7 @@
      16  * @fileOverview
      17  * @name asn1x509-1.0.js
      18  * @author Kenji Urushima kenji.urushima@gmail.com
    - 19  * @version 1.0.13 (2015-Oct-01)
    + 19  * @version 1.0.14 (2016-May-10)
      20  * @since jsrsasign 2.1
      21  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
      22  */
    @@ -1826,343 +1826,344 @@
     1819         'ST':   '2.5.4.8',
     1820         'L':    '2.5.4.7',
     1821         'CN':   '2.5.4.3',
    -1822         'DN':   '2.5.4.49',
    -1823         'DC':   '0.9.2342.19200300.100.1.25',
    -1824     };
    -1825     this.name2oidList = {
    -1826         'sha1':                 '1.3.14.3.2.26',
    -1827         'sha256':               '2.16.840.1.101.3.4.2.1',
    -1828         'sha384':               '2.16.840.1.101.3.4.2.2',
    -1829         'sha512':               '2.16.840.1.101.3.4.2.3',
    -1830         'sha224':               '2.16.840.1.101.3.4.2.4',
    -1831         'md5':                  '1.2.840.113549.2.5',
    -1832         'md2':                  '1.3.14.7.2.2.1',
    -1833         'ripemd160':            '1.3.36.3.2.1',
    -1834 
    -1835         'MD2withRSA':           '1.2.840.113549.1.1.2',
    -1836         'MD4withRSA':           '1.2.840.113549.1.1.3',
    -1837         'MD5withRSA':           '1.2.840.113549.1.1.4',
    -1838         'SHA1withRSA':          '1.2.840.113549.1.1.5',
    -1839         'SHA224withRSA':        '1.2.840.113549.1.1.14',
    -1840         'SHA256withRSA':        '1.2.840.113549.1.1.11',
    -1841         'SHA384withRSA':        '1.2.840.113549.1.1.12',
    -1842         'SHA512withRSA':        '1.2.840.113549.1.1.13',
    -1843 
    -1844         'SHA1withECDSA':        '1.2.840.10045.4.1',
    -1845         'SHA224withECDSA':      '1.2.840.10045.4.3.1',
    -1846         'SHA256withECDSA':      '1.2.840.10045.4.3.2',
    -1847         'SHA384withECDSA':      '1.2.840.10045.4.3.3',
    -1848         'SHA512withECDSA':      '1.2.840.10045.4.3.4',
    -1849 
    -1850         'dsa':                  '1.2.840.10040.4.1',
    -1851         'SHA1withDSA':          '1.2.840.10040.4.3',
    -1852         'SHA224withDSA':        '2.16.840.1.101.3.4.3.1',
    -1853         'SHA256withDSA':        '2.16.840.1.101.3.4.3.2',
    -1854 
    -1855         'rsaEncryption':        '1.2.840.113549.1.1.1',
    -1856 
    -1857         'countryName':          '2.5.4.6',
    -1858         'organization':         '2.5.4.10',
    -1859         'organizationalUnit':   '2.5.4.11',
    -1860         'stateOrProvinceName':  '2.5.4.8',
    -1861         'locality':             '2.5.4.7',
    -1862         'commonName':           '2.5.4.3',
    -1863 
    -1864         'subjectKeyIdentifier': '2.5.29.14',
    -1865         'keyUsage':             '2.5.29.15',
    -1866         'subjectAltName':       '2.5.29.17',
    -1867         'basicConstraints':     '2.5.29.19',
    -1868         'nameConstraints':      '2.5.29.30',
    -1869         'cRLDistributionPoints':'2.5.29.31',
    -1870         'certificatePolicies':  '2.5.29.32',
    -1871         'authorityKeyIdentifier':'2.5.29.35',
    -1872         'policyConstraints':    '2.5.29.36',
    -1873         'extKeyUsage':          '2.5.29.37',
    -1874 	'authorityInfoAccess':  '1.3.6.1.5.5.7.1.1',
    -1875 
    -1876         'anyExtendedKeyUsage':  '2.5.29.37.0',
    -1877         'serverAuth':           '1.3.6.1.5.5.7.3.1',
    -1878         'clientAuth':           '1.3.6.1.5.5.7.3.2',
    -1879         'codeSigning':          '1.3.6.1.5.5.7.3.3',
    -1880         'emailProtection':      '1.3.6.1.5.5.7.3.4',
    -1881         'timeStamping':         '1.3.6.1.5.5.7.3.8',
    -1882         'ocspSigning':          '1.3.6.1.5.5.7.3.9',
    -1883 
    -1884         'ecPublicKey':          '1.2.840.10045.2.1',
    -1885         'secp256r1':            '1.2.840.10045.3.1.7',
    -1886         'secp256k1':            '1.3.132.0.10',
    -1887         'secp384r1':            '1.3.132.0.34',
    -1888 
    -1889         'pkcs5PBES2':           '1.2.840.113549.1.5.13',
    -1890         'pkcs5PBKDF2':          '1.2.840.113549.1.5.12',
    -1891 
    -1892         'des-EDE3-CBC':         '1.2.840.113549.3.7',
    -1893 
    -1894         'data':                 '1.2.840.113549.1.7.1', // CMS data
    -1895         'signed-data':          '1.2.840.113549.1.7.2', // CMS signed-data
    -1896         'enveloped-data':       '1.2.840.113549.1.7.3', // CMS enveloped-data
    -1897         'digested-data':        '1.2.840.113549.1.7.5', // CMS digested-data
    -1898         'encrypted-data':       '1.2.840.113549.1.7.6', // CMS encrypted-data
    -1899         'authenticated-data':   '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data
    -1900         'tstinfo':              '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo
    -1901     };
    -1902 
    -1903     this.objCache = {};
    -1904 
    -1905     /**
    -1906      * get DERObjectIdentifier by registered OID name
    -1907      * @name name2obj
    -1908      * @memberOf KJUR.asn1.x509.OID
    -1909      * @function
    -1910      * @param {String} name OID
    -1911      * @description
    -1912      * @example
    -1913      * var asn1ObjOID = OID.name2obj('SHA1withRSA');
    -1914      */
    -1915     this.name2obj = function(name) {
    -1916         if (typeof this.objCache[name] != "undefined")
    -1917             return this.objCache[name];
    -1918         if (typeof this.name2oidList[name] == "undefined")
    -1919             throw "Name of ObjectIdentifier not defined: " + name;
    -1920         var oid = this.name2oidList[name];
    -1921         var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
    -1922         this.objCache[name] = obj;
    -1923         return obj;
    -1924     };
    -1925 
    -1926     /**
    -1927      * get DERObjectIdentifier by registered attribyte type name such like 'C' or 'CN'
    -1928      * @name atype2obj
    -1929      * @memberOf KJUR.asn1.x509.OID
    -1930      * @function
    -1931      * @param {String} atype short attribute type name such like 'C' or 'CN'
    -1932      * @description
    -1933      * @example
    -1934      * var asn1ObjOID = OID.atype2obj('CN');
    -1935      */
    -1936     this.atype2obj = function(atype) {
    -1937         if (typeof this.objCache[atype] != "undefined")
    -1938             return this.objCache[atype];
    -1939         if (typeof this.atype2oidList[atype] == "undefined")
    -1940             throw "AttributeType name undefined: " + atype;
    -1941         var oid = this.atype2oidList[atype];
    -1942         var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid});
    -1943         this.objCache[atype] = obj;
    -1944         return obj;
    -1945     };
    -1946 };
    -1947 
    -1948 /*
    -1949  * convert OID to name
    -1950  * @name oid2name
    -1951  * @memberOf KJUR.asn1.x509.OID
    -1952  * @function
    -1953  * @param {String} dot noted Object Identifer string (ex. 1.2.3.4)
    -1954  * @return {String} OID name
    -1955  * @description
    -1956  * This static method converts OID string to its name.
    -1957  * If OID is undefined then it returns empty string (i.e. '').
    -1958  * @example
    -1959  * name = KJUR.asn1.x509.OID.oid2name("1.3.6.1.5.5.7.1.1");
    -1960  * // name will be 'authorityInfoAccess'.
    -1961  * @since asn1x509 1.0.9
    -1962  */
    -1963 KJUR.asn1.x509.OID.oid2name = function(oid) {
    -1964     var list = KJUR.asn1.x509.OID.name2oidList;
    -1965     for (var name in list) {
    -1966         if (list[name] == oid) return name;
    -1967     }
    -1968     return '';
    -1969 };
    -1970 
    -1971 /*
    -1972  * convert name to OID
    -1973  * @name name2oid
    -1974  * @memberOf KJUR.asn1.x509.OID
    -1975  * @function
    -1976  * @param {String} OID name
    -1977  * @return {String} dot noted Object Identifer string (ex. 1.2.3.4)
    -1978  * @description
    -1979  * This static method converts from OID name to OID string.
    -1980  * If OID is undefined then it returns empty string (i.e. '').
    -1981  * @example
    -1982  * name = KJUR.asn1.x509.OID.name2oid("authorityInfoAccess");
    -1983  * // name will be '1.3.6.1.5.5.7.1.1'.
    -1984  * @since asn1x509 1.0.11
    -1985  */
    -1986 KJUR.asn1.x509.OID.name2oid = function(name) {
    -1987     var list = KJUR.asn1.x509.OID.name2oidList;
    -1988     if (list[name] === undefined) return '';
    -1989     return list[name];
    -1990 };
    -1991 
    -1992 /**
    -1993  * X.509 certificate and CRL utilities class
    -1994  * @name KJUR.asn1.x509.X509Util
    -1995  * @class X.509 certificate and CRL utilities class
    -1996  */
    -1997 KJUR.asn1.x509.X509Util = new function() {
    -1998     /**
    -1999      * get PKCS#8 PEM public key string from RSAKey object
    -2000      * @name getPKCS8PubKeyPEMfromRSAKey
    -2001      * @memberOf KJUR.asn1.x509.X509Util
    -2002      * @function
    -2003      * @param {RSAKey} rsaKey RSA public key of {@link RSAKey} object
    -2004      * @description
    -2005      * @example
    -2006      * var pem = KJUR.asn1.x509.X509Util.getPKCS8PubKeyPEMfromRSAKey(pubKey);
    -2007      */
    -2008     this.getPKCS8PubKeyPEMfromRSAKey = function(rsaKey) {
    -2009         var pem = null;
    -2010         var hN = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(rsaKey.n);
    -2011         var hE = KJUR.asn1.ASN1Util.integerToByteHex(rsaKey.e);
    -2012         var iN = new KJUR.asn1.DERInteger({hex: hN});
    -2013         var iE = new KJUR.asn1.DERInteger({hex: hE});
    -2014         var asn1PubKey = new KJUR.asn1.DERSequence({array: [iN, iE]});
    -2015         var hPubKey = asn1PubKey.getEncodedHex();
    -2016         var o1 = new KJUR.asn1.x509.AlgorithmIdentifier({name: 'rsaEncryption'});
    -2017         var o2 = new KJUR.asn1.DERBitString({hex: '00' + hPubKey});
    -2018         var seq = new KJUR.asn1.DERSequence({array: [o1, o2]});
    -2019         var hP8 = seq.getEncodedHex();
    -2020         var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(hP8, "PUBLIC KEY");
    -2021         return pem;
    -2022     };
    -2023 };
    -2024 /**
    -2025  * issue a certificate in PEM format
    -2026  * @name newCertPEM
    -2027  * @memberOf KJUR.asn1.x509.X509Util
    -2028  * @function
    -2029  * @param {Array} param parameter to issue a certificate
    -2030  * @since asn1x509 1.0.6
    -2031  * @description
    -2032  * This method can issue a certificate by a simple
    -2033  * JSON object.
    -2034  * Signature value will be provided by signing with 
    -2035  * private key using 'cakey' parameter or 
    -2036  * hexa decimal signature value by 'sighex' parameter.
    -2037  *
    -2038  * NOTE: When using DSA or ECDSA CA signing key,
    -2039  * use 'paramempty' in 'sigalg' to ommit parameter field
    -2040  * of AlgorithmIdentifer. In case of RSA, parameter
    -2041  * NULL will be specified by default.
    -2042  *
    -2043  * @example
    -2044  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM(
    -2045  * { serial: {int: 4},
    -2046  *   sigalg: {name: 'SHA1withECDSA', paramempty: true},
    -2047  *   issuer: {str: '/C=US/O=a'},
    -2048  *   notbefore: {'str': '130504235959Z'},
    -2049  *   notafter: {'str': '140504235959Z'},
    -2050  *   subject: {str: '/C=US/O=b'},
    -2051  *   sbjpubkey: pubKeyPEM,
    -2052  *   ext: [
    -2053  *     {basicConstraints: {cA: true, critical: true}},
    -2054  *     {keyUsage: {bin: '11'}},
    -2055  *   ],
    -2056  *   cakey: [prvkey, pass]}
    -2057  * );
    -2058  * // -- or --
    -2059  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM(
    -2060  * { serial: {int: 1},
    -2061  *   sigalg: {name: 'SHA1withRSA', paramempty: true},
    -2062  *   issuer: {str: '/C=US/O=T1'},
    -2063  *   notbefore: {'str': '130504235959Z'},
    -2064  *   notafter: {'str': '140504235959Z'},
    -2065  *   subject: {str: '/C=US/O=T1'},
    -2066  *   sbjpubkey: pubKeyObj,
    -2067  *   sighex: '0102030405..'}
    -2068  * );
    -2069  * // for the issuer and subject field, another
    -2070  * // representation is also available
    -2071  * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM(
    -2072  * { serial: {int: 1},
    -2073  *   sigalg: {name: 'SHA1withRSA', paramempty: true},
    -2074  *   issuer: {C: "US", O: "T1"},
    -2075  *   notbefore: {'str': '130504235959Z'},
    -2076  *   notafter: {'str': '140504235959Z'},
    -2077  *   subject: {C: "US", O: "T1", CN: "http://example.com/"},
    -2078  *   sbjpubkey: pubKeyObj,
    -2079  *   sighex: '0102030405..'}
    -2080  * );
    -2081  */
    -2082 KJUR.asn1.x509.X509Util.newCertPEM = function(param) {
    -2083     var ns1 = KJUR.asn1.x509;
    -2084     var o = new ns1.TBSCertificate();
    -2085 
    -2086     if (param.serial !== undefined)
    -2087         o.setSerialNumberByParam(param.serial);
    -2088     else
    -2089         throw "serial number undefined.";
    -2090 
    -2091     if (typeof param.sigalg.name == 'string')
    -2092         o.setSignatureAlgByParam(param.sigalg);
    -2093     else 
    -2094         throw "unproper signature algorithm name";
    -2095 
    -2096     if (param.issuer !== undefined)
    -2097         o.setIssuerByParam(param.issuer);
    -2098     else
    -2099         throw "issuer name undefined.";
    -2100     
    -2101     if (param.notbefore !== undefined)
    -2102         o.setNotBeforeByParam(param.notbefore);
    -2103     else
    -2104         throw "notbefore undefined.";
    -2105 
    -2106     if (param.notafter !== undefined)
    -2107         o.setNotAfterByParam(param.notafter);
    -2108     else
    -2109         throw "notafter undefined.";
    -2110 
    -2111     if (param.subject !== undefined)
    -2112         o.setSubjectByParam(param.subject);
    -2113     else
    -2114         throw "subject name undefined.";
    -2115 
    -2116     if (param.sbjpubkey !== undefined)
    -2117         o.setSubjectPublicKeyByGetKey(param.sbjpubkey);
    -2118     else
    -2119         throw "subject public key undefined.";
    -2120 
    -2121     if (param.ext !== undefined && param.ext.length !== undefined) {
    -2122         for (var i = 0; i < param.ext.length; i++) {
    -2123             for (key in param.ext[i]) {
    -2124                 o.appendExtensionByName(key, param.ext[i][key]);
    -2125             }
    -2126         }
    -2127     }
    -2128 
    -2129     // set signature
    -2130     if (param.cakey === undefined && param.sighex === undefined)
    -2131         throw "param cakey and sighex undefined.";
    -2132 
    -2133     var caKey = null;
    -2134     var cert = null;
    -2135 
    -2136     if (param.cakey) {
    -2137         caKey = KEYUTIL.getKey.apply(null, param.cakey);
    -2138         cert = new ns1.Certificate({'tbscertobj': o, 'prvkeyobj': caKey});
    -2139         cert.sign();
    -2140     }
    -2141 
    -2142     if (param.sighex) {
    -2143         cert = new ns1.Certificate({'tbscertobj': o});
    -2144         cert.setSignatureHex(param.sighex);
    -2145     }
    -2146 
    -2147     return cert.getPEMString();
    -2148 };
    -2149 
    -2150 /*
    -2151   org.bouncycastle.asn1.x500
    -2152   AttributeTypeAndValue
    -2153   DirectoryString
    -2154   RDN
    -2155   X500Name
    -2156   X500NameBuilder
    -2157 
    -2158   org.bouncycastleasn1.x509
    -2159   TBSCertificate
    -2160 */
    -2161 
    \ No newline at end of file +1822
    'SN': '2.5.4.4', +1823 'DN': '2.5.4.49', +1824 'DC': '0.9.2342.19200300.100.1.25', +1825 }; +1826 this.name2oidList = { +1827 'sha1': '1.3.14.3.2.26', +1828 'sha256': '2.16.840.1.101.3.4.2.1', +1829 'sha384': '2.16.840.1.101.3.4.2.2', +1830 'sha512': '2.16.840.1.101.3.4.2.3', +1831 'sha224': '2.16.840.1.101.3.4.2.4', +1832 'md5': '1.2.840.113549.2.5', +1833 'md2': '1.3.14.7.2.2.1', +1834 'ripemd160': '1.3.36.3.2.1', +1835 +1836 'MD2withRSA': '1.2.840.113549.1.1.2', +1837 'MD4withRSA': '1.2.840.113549.1.1.3', +1838 'MD5withRSA': '1.2.840.113549.1.1.4', +1839 'SHA1withRSA': '1.2.840.113549.1.1.5', +1840 'SHA224withRSA': '1.2.840.113549.1.1.14', +1841 'SHA256withRSA': '1.2.840.113549.1.1.11', +1842 'SHA384withRSA': '1.2.840.113549.1.1.12', +1843 'SHA512withRSA': '1.2.840.113549.1.1.13', +1844 +1845 'SHA1withECDSA': '1.2.840.10045.4.1', +1846 'SHA224withECDSA': '1.2.840.10045.4.3.1', +1847 'SHA256withECDSA': '1.2.840.10045.4.3.2', +1848 'SHA384withECDSA': '1.2.840.10045.4.3.3', +1849 'SHA512withECDSA': '1.2.840.10045.4.3.4', +1850 +1851 'dsa': '1.2.840.10040.4.1', +1852 'SHA1withDSA': '1.2.840.10040.4.3', +1853 'SHA224withDSA': '2.16.840.1.101.3.4.3.1', +1854 'SHA256withDSA': '2.16.840.1.101.3.4.3.2', +1855 +1856 'rsaEncryption': '1.2.840.113549.1.1.1', +1857 +1858 'countryName': '2.5.4.6', +1859 'organization': '2.5.4.10', +1860 'organizationalUnit': '2.5.4.11', +1861 'stateOrProvinceName': '2.5.4.8', +1862 'locality': '2.5.4.7', +1863 'commonName': '2.5.4.3', +1864 +1865 'subjectKeyIdentifier': '2.5.29.14', +1866 'keyUsage': '2.5.29.15', +1867 'subjectAltName': '2.5.29.17', +1868 'basicConstraints': '2.5.29.19', +1869 'nameConstraints': '2.5.29.30', +1870 'cRLDistributionPoints':'2.5.29.31', +1871 'certificatePolicies': '2.5.29.32', +1872 'authorityKeyIdentifier':'2.5.29.35', +1873 'policyConstraints': '2.5.29.36', +1874 'extKeyUsage': '2.5.29.37', +1875 'authorityInfoAccess': '1.3.6.1.5.5.7.1.1', +1876 +1877 'anyExtendedKeyUsage': '2.5.29.37.0', +1878 'serverAuth': '1.3.6.1.5.5.7.3.1', +1879 'clientAuth': '1.3.6.1.5.5.7.3.2', +1880 'codeSigning': '1.3.6.1.5.5.7.3.3', +1881 'emailProtection': '1.3.6.1.5.5.7.3.4', +1882 'timeStamping': '1.3.6.1.5.5.7.3.8', +1883 'ocspSigning': '1.3.6.1.5.5.7.3.9', +1884 +1885 'ecPublicKey': '1.2.840.10045.2.1', +1886 'secp256r1': '1.2.840.10045.3.1.7', +1887 'secp256k1': '1.3.132.0.10', +1888 'secp384r1': '1.3.132.0.34', +1889 +1890 'pkcs5PBES2': '1.2.840.113549.1.5.13', +1891 'pkcs5PBKDF2': '1.2.840.113549.1.5.12', +1892 +1893 'des-EDE3-CBC': '1.2.840.113549.3.7', +1894 +1895 'data': '1.2.840.113549.1.7.1', // CMS data +1896 'signed-data': '1.2.840.113549.1.7.2', // CMS signed-data +1897 'enveloped-data': '1.2.840.113549.1.7.3', // CMS enveloped-data +1898 'digested-data': '1.2.840.113549.1.7.5', // CMS digested-data +1899 'encrypted-data': '1.2.840.113549.1.7.6', // CMS encrypted-data +1900 'authenticated-data': '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data +1901 'tstinfo': '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo +1902 }; +1903 +1904 this.objCache = {}; +1905 +1906 /** +1907 * get DERObjectIdentifier by registered OID name +1908 * @name name2obj +1909 * @memberOf KJUR.asn1.x509.OID +1910 * @function +1911 * @param {String} name OID +1912 * @description +1913 * @example +1914 * var asn1ObjOID = OID.name2obj('SHA1withRSA'); +1915 */ +1916 this.name2obj = function(name) { +1917 if (typeof this.objCache[name] != "undefined") +1918 return this.objCache[name]; +1919 if (typeof this.name2oidList[name] == "undefined") +1920 throw "Name of ObjectIdentifier not defined: " + name; +1921 var oid = this.name2oidList[name]; +1922 var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid}); +1923 this.objCache[name] = obj; +1924 return obj; +1925 }; +1926 +1927 /** +1928 * get DERObjectIdentifier by registered attribyte type name such like 'C' or 'CN' +1929 * @name atype2obj +1930 * @memberOf KJUR.asn1.x509.OID +1931 * @function +1932 * @param {String} atype short attribute type name such like 'C' or 'CN' +1933 * @description +1934 * @example +1935 * var asn1ObjOID = OID.atype2obj('CN'); +1936 */ +1937 this.atype2obj = function(atype) { +1938 if (typeof this.objCache[atype] != "undefined") +1939 return this.objCache[atype]; +1940 if (typeof this.atype2oidList[atype] == "undefined") +1941 throw "AttributeType name undefined: " + atype; +1942 var oid = this.atype2oidList[atype]; +1943 var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid}); +1944 this.objCache[atype] = obj; +1945 return obj; +1946 }; +1947 }; +1948 +1949 /* +1950 * convert OID to name +1951 * @name oid2name +1952 * @memberOf KJUR.asn1.x509.OID +1953 * @function +1954 * @param {String} dot noted Object Identifer string (ex. 1.2.3.4) +1955 * @return {String} OID name +1956 * @description +1957 * This static method converts OID string to its name. +1958 * If OID is undefined then it returns empty string (i.e. ''). +1959 * @example +1960 * name = KJUR.asn1.x509.OID.oid2name("1.3.6.1.5.5.7.1.1"); +1961 * // name will be 'authorityInfoAccess'. +1962 * @since asn1x509 1.0.9 +1963 */ +1964 KJUR.asn1.x509.OID.oid2name = function(oid) { +1965 var list = KJUR.asn1.x509.OID.name2oidList; +1966 for (var name in list) { +1967 if (list[name] == oid) return name; +1968 } +1969 return ''; +1970 }; +1971 +1972 /* +1973 * convert name to OID +1974 * @name name2oid +1975 * @memberOf KJUR.asn1.x509.OID +1976 * @function +1977 * @param {String} OID name +1978 * @return {String} dot noted Object Identifer string (ex. 1.2.3.4) +1979 * @description +1980 * This static method converts from OID name to OID string. +1981 * If OID is undefined then it returns empty string (i.e. ''). +1982 * @example +1983 * name = KJUR.asn1.x509.OID.name2oid("authorityInfoAccess"); +1984 * // name will be '1.3.6.1.5.5.7.1.1'. +1985 * @since asn1x509 1.0.11 +1986 */ +1987 KJUR.asn1.x509.OID.name2oid = function(name) { +1988 var list = KJUR.asn1.x509.OID.name2oidList; +1989 if (list[name] === undefined) return ''; +1990 return list[name]; +1991 }; +1992 +1993 /** +1994 * X.509 certificate and CRL utilities class +1995 * @name KJUR.asn1.x509.X509Util +1996 * @class X.509 certificate and CRL utilities class +1997 */ +1998 KJUR.asn1.x509.X509Util = new function() { +1999 /** +2000 * get PKCS#8 PEM public key string from RSAKey object +2001 * @name getPKCS8PubKeyPEMfromRSAKey +2002 * @memberOf KJUR.asn1.x509.X509Util +2003 * @function +2004 * @param {RSAKey} rsaKey RSA public key of {@link RSAKey} object +2005 * @description +2006 * @example +2007 * var pem = KJUR.asn1.x509.X509Util.getPKCS8PubKeyPEMfromRSAKey(pubKey); +2008 */ +2009 this.getPKCS8PubKeyPEMfromRSAKey = function(rsaKey) { +2010 var pem = null; +2011 var hN = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(rsaKey.n); +2012 var hE = KJUR.asn1.ASN1Util.integerToByteHex(rsaKey.e); +2013 var iN = new KJUR.asn1.DERInteger({hex: hN}); +2014 var iE = new KJUR.asn1.DERInteger({hex: hE}); +2015 var asn1PubKey = new KJUR.asn1.DERSequence({array: [iN, iE]}); +2016 var hPubKey = asn1PubKey.getEncodedHex(); +2017 var o1 = new KJUR.asn1.x509.AlgorithmIdentifier({name: 'rsaEncryption'}); +2018 var o2 = new KJUR.asn1.DERBitString({hex: '00' + hPubKey}); +2019 var seq = new KJUR.asn1.DERSequence({array: [o1, o2]}); +2020 var hP8 = seq.getEncodedHex(); +2021 var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(hP8, "PUBLIC KEY"); +2022 return pem; +2023 }; +2024 }; +2025 /** +2026 * issue a certificate in PEM format +2027 * @name newCertPEM +2028 * @memberOf KJUR.asn1.x509.X509Util +2029 * @function +2030 * @param {Array} param parameter to issue a certificate +2031 * @since asn1x509 1.0.6 +2032 * @description +2033 * This method can issue a certificate by a simple +2034 * JSON object. +2035 * Signature value will be provided by signing with +2036 * private key using 'cakey' parameter or +2037 * hexa decimal signature value by 'sighex' parameter. +2038 * +2039 * NOTE: When using DSA or ECDSA CA signing key, +2040 * use 'paramempty' in 'sigalg' to ommit parameter field +2041 * of AlgorithmIdentifer. In case of RSA, parameter +2042 * NULL will be specified by default. +2043 * +2044 * @example +2045 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM( +2046 * { serial: {int: 4}, +2047 * sigalg: {name: 'SHA1withECDSA', paramempty: true}, +2048 * issuer: {str: '/C=US/O=a'}, +2049 * notbefore: {'str': '130504235959Z'}, +2050 * notafter: {'str': '140504235959Z'}, +2051 * subject: {str: '/C=US/O=b'}, +2052 * sbjpubkey: pubKeyPEM, +2053 * ext: [ +2054 * {basicConstraints: {cA: true, critical: true}}, +2055 * {keyUsage: {bin: '11'}}, +2056 * ], +2057 * cakey: [prvkey, pass]} +2058 * ); +2059 * // -- or -- +2060 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM( +2061 * { serial: {int: 1}, +2062 * sigalg: {name: 'SHA1withRSA', paramempty: true}, +2063 * issuer: {str: '/C=US/O=T1'}, +2064 * notbefore: {'str': '130504235959Z'}, +2065 * notafter: {'str': '140504235959Z'}, +2066 * subject: {str: '/C=US/O=T1'}, +2067 * sbjpubkey: pubKeyObj, +2068 * sighex: '0102030405..'} +2069 * ); +2070 * // for the issuer and subject field, another +2071 * // representation is also available +2072 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM( +2073 * { serial: {int: 1}, +2074 * sigalg: {name: 'SHA1withRSA', paramempty: true}, +2075 * issuer: {C: "US", O: "T1"}, +2076 * notbefore: {'str': '130504235959Z'}, +2077 * notafter: {'str': '140504235959Z'}, +2078 * subject: {C: "US", O: "T1", CN: "http://example.com/"}, +2079 * sbjpubkey: pubKeyObj, +2080 * sighex: '0102030405..'} +2081 * ); +2082 */ +2083 KJUR.asn1.x509.X509Util.newCertPEM = function(param) { +2084 var ns1 = KJUR.asn1.x509; +2085 var o = new ns1.TBSCertificate(); +2086 +2087 if (param.serial !== undefined) +2088 o.setSerialNumberByParam(param.serial); +2089 else +2090 throw "serial number undefined."; +2091 +2092 if (typeof param.sigalg.name == 'string') +2093 o.setSignatureAlgByParam(param.sigalg); +2094 else +2095 throw "unproper signature algorithm name"; +2096 +2097 if (param.issuer !== undefined) +2098 o.setIssuerByParam(param.issuer); +2099 else +2100 throw "issuer name undefined."; +2101 +2102 if (param.notbefore !== undefined) +2103 o.setNotBeforeByParam(param.notbefore); +2104 else +2105 throw "notbefore undefined."; +2106 +2107 if (param.notafter !== undefined) +2108 o.setNotAfterByParam(param.notafter); +2109 else +2110 throw "notafter undefined."; +2111 +2112 if (param.subject !== undefined) +2113 o.setSubjectByParam(param.subject); +2114 else +2115 throw "subject name undefined."; +2116 +2117 if (param.sbjpubkey !== undefined) +2118 o.setSubjectPublicKeyByGetKey(param.sbjpubkey); +2119 else +2120 throw "subject public key undefined."; +2121 +2122 if (param.ext !== undefined && param.ext.length !== undefined) { +2123 for (var i = 0; i < param.ext.length; i++) { +2124 for (key in param.ext[i]) { +2125 o.appendExtensionByName(key, param.ext[i][key]); +2126 } +2127 } +2128 } +2129 +2130 // set signature +2131 if (param.cakey === undefined && param.sighex === undefined) +2132 throw "param cakey and sighex undefined."; +2133 +2134 var caKey = null; +2135 var cert = null; +2136 +2137 if (param.cakey) { +2138 caKey = KEYUTIL.getKey.apply(null, param.cakey); +2139 cert = new ns1.Certificate({'tbscertobj': o, 'prvkeyobj': caKey}); +2140 cert.sign(); +2141 } +2142 +2143 if (param.sighex) { +2144 cert = new ns1.Certificate({'tbscertobj': o}); +2145 cert.setSignatureHex(param.sighex); +2146 } +2147 +2148 return cert.getPEMString(); +2149 }; +2150 +2151 /* +2152 org.bouncycastle.asn1.x500 +2153 AttributeTypeAndValue +2154 DirectoryString +2155 RDN +2156 X500Name +2157 X500NameBuilder +2158 +2159 org.bouncycastleasn1.x509 +2160 TBSCertificate +2161 */ +2162
    \ No newline at end of file diff --git a/api/symbols/src/keyutil-1.0.js.html b/api/symbols/src/keyutil-1.0.js.html index 46cd531a..7ef050d1 100644 --- a/api/symbols/src/keyutil-1.0.js.html +++ b/api/symbols/src/keyutil-1.0.js.html @@ -1237,7 +1237,7 @@ 1230 * <li>DSA public key parameters: param={p: p, q: q, g: g, y: y}<br/> 1231 * NOTE: Each value shall be hexadecimal string of key spec.</li> 1232 * <li>RSA public key parameters: param={n: n, e: e} </li> -1233 * <li>X.509 PEM certificate (RSA/DSA/ECC): param=pemString</li> +1233 * <li>X.509v1/v3 PEM certificate (RSA/DSA/ECC): param=pemString</li> 1234 * <li>PKCS#8 hexadecimal RSA/ECC public key: param=pemString, null, "pkcs8pub"</li> 1235 * <li>PKCS#8 PEM RSA/DSA/ECC public key: param=pemString</li> 1236 * <li>PKCS#5 plain hexadecimal RSA private key: param=hexString, null, "pkcs5prv"</li> @@ -1255,773 +1255,774 @@ 1248 * <li>JWT plain RSA private key with P/Q/DP/DQ/COEFF</li> 1249 * <li>JWT plain RSA private key without P/Q/DP/DQ/COEFF (since jsrsasign 5.0.0)</li> 1250 * </ul> -1251 * NOTE: <a href="https://tools.ietf.org/html/rfc7517">RFC 7517 JSON Web Key(JWK)</a> support for RSA/ECC private/public key from jsrsasign 4.8.1. -1252 * -1253 * <h5>EXAMPLE</h5> -1254 * @example -1255 * // 1. loading private key from PEM string -1256 * keyObj = KEYUTIL.getKey("-----BEGIN RSA PRIVATE KEY..."); -1257 * keyObj = KEYUTIL.getKey("-----BEGIN RSA PRIVATE KEY..., "passcode"); -1258 * keyObj = KEYUTIL.getKey("-----BEGIN PRIVATE KEY..."); -1259 * keyObj = KEYUTIL.getKey("-----BEGIN PRIVATE KEY...", "passcode"); -1260 * // 2. loading public key from PEM string -1261 * keyObj = KEYUTIL.getKey("-----BEGIN PUBLIC KEY..."); -1262 * keyObj = KEYUTIL.getKey("-----BEGIN X509 CERTIFICATE..."); -1263 * // 3. loading hexadecimal PKCS#5/PKCS#8 key -1264 * keyObj = KEYUTIL.getKey("308205c1...", null, "pkcs8pub"); -1265 * keyObj = KEYUTIL.getKey("3082048b...", null, "pkcs5prv"); -1266 * // 4. loading JSON Web Key(JWK) -1267 * keyObj = KEYUTIL.getKey({kty: "RSA", n: "0vx7...", e: "AQAB"}); -1268 * keyObj = KEYUTIL.getKey({kty: "EC", crv: "P-256", -1269 * x: "MKBC...", y: "4Etl6...", d: "870Mb..."}); -1270 * // 5. bare hexadecimal key -1271 * keyObj = KEYUTIL.getKey({n: "75ab..", e: "010001"}); -1272 */ -1273 KEYUTIL.getKey = function(param, passcode, hextype) { -1274 // 1. by key RSAKey/KJUR.crypto.ECDSA/KJUR.crypto.DSA object -1275 if (typeof RSAKey != 'undefined' && param instanceof RSAKey) -1276 return param; -1277 if (typeof KJUR.crypto.ECDSA != 'undefined' && param instanceof KJUR.crypto.ECDSA) -1278 return param; -1279 if (typeof KJUR.crypto.DSA != 'undefined' && param instanceof KJUR.crypto.DSA) -1280 return param; -1281 -1282 // 2. by parameters of key -1283 -1284 // 2.1. bare ECC -1285 // 2.1.1. bare ECC public key by hex values -1286 if (param.curve !== undefined && -1287 param.xy !== undefined && param.d === undefined) { -1288 return new KJUR.crypto.ECDSA({pub: param.xy, curve: param.curve}); -1289 } -1290 -1291 // 2.1.2. bare ECC private key by hex values -1292 if (param.curve !== undefined && param.d !== undefined) { -1293 return new KJUR.crypto.ECDSA({prv: param.d, curve: param.curve}); -1294 } -1295 -1296 // 2.2. bare RSA -1297 // 2.2.1. bare RSA public key by hex values -1298 if (param.kty === undefined && -1299 param.n !== undefined && param.e !== undefined && -1300 param.d === undefined) { -1301 var key = new RSAKey(); -1302 key.setPublic(param.n, param.e); -1303 return key; -1304 } -1305 -1306 // 2.2.2. bare RSA private key with P/Q/DP/DQ/COEFF by hex values -1307 if (param.kty === undefined && -1308 param.n !== undefined && -1309 param.e !== undefined && -1310 param.d !== undefined && -1311 param.p !== undefined && -1312 param.q !== undefined && -1313 param.dp !== undefined && -1314 param.dq !== undefined && -1315 param.co !== undefined && -1316 param.qi === undefined) { -1317 var key = new RSAKey(); -1318 key.setPrivateEx(param.n, param.e, param.d, param.p, param.q, -1319 param.dp, param.dq, param.co); -1320 return key; -1321 } -1322 -1323 // 2.2.3. bare RSA public key without P/Q/DP/DQ/COEFF by hex values -1324 if (param.kty === undefined && -1325 param.n !== undefined && -1326 param.e !== undefined && -1327 param.d !== undefined && -1328 param.p === undefined) { -1329 var key = new RSAKey(); -1330 key.setPrivate(param.n, param.e, param.d); -1331 return key; -1332 } -1333 -1334 // 2.3. bare DSA -1335 // 2.3.1. bare DSA public key by hex values -1336 if (param.p !== undefined && param.q !== undefined && -1337 param.g !== undefined && -1338 param.y !== undefined && param.x === undefined) { -1339 var key = new KJUR.crypto.DSA(); -1340 key.setPublic(param.p, param.q, param.g, param.y); -1341 return key; -1342 } -1343 -1344 // 2.3.2. bare DSA private key by hex values -1345 if (param.p !== undefined && param.q !== undefined && -1346 param.g !== undefined && -1347 param.y !== undefined && param.x !== undefined) { -1348 var key = new KJUR.crypto.DSA(); -1349 key.setPrivate(param.p, param.q, param.g, param.y, param.x); -1350 return key; -1351 } -1352 -1353 // 3. JWK -1354 // 3.1. JWK RSA -1355 // 3.1.1. JWK RSA public key by b64u values -1356 if (param.kty === "RSA" && -1357 param.n !== undefined && -1358 param.e !== undefined && -1359 param.d === undefined) { -1360 var key = new RSAKey(); -1361 key.setPublic(b64utohex(param.n), b64utohex(param.e)); -1362 return key; -1363 } -1364 -1365 // 3.1.2. JWK RSA private key with p/q/dp/dq/coeff by b64u values -1366 if (param.kty === "RSA" && -1367 param.n !== undefined && -1368 param.e !== undefined && -1369 param.d !== undefined && -1370 param.p !== undefined && -1371 param.q !== undefined && -1372 param.dp !== undefined && -1373 param.dq !== undefined && -1374 param.qi !== undefined) { -1375 var key = new RSAKey(); -1376 key.setPrivateEx(b64utohex(param.n), -1377 b64utohex(param.e), -1378 b64utohex(param.d), -1379 b64utohex(param.p), -1380 b64utohex(param.q), -1381 b64utohex(param.dp), -1382 b64utohex(param.dq), -1383 b64utohex(param.qi)); -1384 return key; -1385 } -1386 -1387 // 3.1.3. JWK RSA private key without p/q/dp/dq/coeff by b64u -1388 // since jsrsasign 5.0.0 keyutil 1.0.11 -1389 if (param.kty === "RSA" && -1390 param.n !== undefined && -1391 param.e !== undefined && -1392 param.d !== undefined) { -1393 var key = new RSAKey(); -1394 key.setPrivate(b64utohex(param.n), -1395 b64utohex(param.e), -1396 b64utohex(param.d)); -1397 return key; -1398 } -1399 -1400 // 3.2. JWK ECC -1401 // 3.2.1. JWK ECC public key by b64u values -1402 if (param.kty === "EC" && -1403 param.crv !== undefined && -1404 param.x !== undefined && -1405 param.y !== undefined && -1406 param.d === undefined) { -1407 var ec = new KJUR.crypto.ECDSA({"curve": param.crv}); -1408 var charlen = ec.ecparams.keylen / 4; -1409 var hX = ("0000000000" + b64utohex(param.x)).slice(- charlen); -1410 var hY = ("0000000000" + b64utohex(param.y)).slice(- charlen); -1411 var hPub = "04" + hX + hY; -1412 ec.setPublicKeyHex(hPub); -1413 return ec; -1414 } -1415 -1416 // 3.2.2. JWK ECC private key by b64u values -1417 if (param.kty === "EC" && -1418 param.crv !== undefined && -1419 param.x !== undefined && -1420 param.y !== undefined && -1421 param.d !== undefined) { -1422 var ec = new KJUR.crypto.ECDSA({"curve": param.crv}); -1423 var charlen = ec.ecparams.keylen / 4; -1424 var hPrv = ("0000000000" + b64utohex(param.d)).slice(- charlen); -1425 ec.setPrivateKeyHex(hPrv); -1426 return ec; -1427 } -1428 -1429 // 4. by PEM certificate (-----BEGIN ... CERTIFITE----) -1430 if (param.indexOf("-END CERTIFICATE-", 0) != -1 || -1431 param.indexOf("-END X509 CERTIFICATE-", 0) != -1 || -1432 param.indexOf("-END TRUSTED CERTIFICATE-", 0) != -1) { -1433 return X509.getPublicKeyFromCertPEM(param); -1434 } -1435 -1436 // 4. public key by PKCS#8 hexadecimal string -1437 if (hextype === "pkcs8pub") { -1438 return KEYUTIL.getKeyFromPublicPKCS8Hex(param); -1439 } -1440 -1441 // 5. public key by PKCS#8 PEM string -1442 if (param.indexOf("-END PUBLIC KEY-") != -1) { -1443 return KEYUTIL.getKeyFromPublicPKCS8PEM(param); -1444 } -1445 -1446 // 6. private key by PKCS#5 plain hexadecimal RSA string -1447 if (hextype === "pkcs5prv") { -1448 var key = new RSAKey(); -1449 key.readPrivateKeyFromASN1HexString(param); -1450 return key; -1451 } -1452 -1453 // 7. private key by plain PKCS#5 hexadecimal RSA string -1454 if (hextype === "pkcs5prv") { -1455 var key = new RSAKey(); -1456 key.readPrivateKeyFromASN1HexString(param); -1457 return key; -1458 } -1459 -1460 // 8. private key by plain PKCS#5 PEM RSA string -1461 // getKey("-----BEGIN RSA PRIVATE KEY-...") -1462 if (param.indexOf("-END RSA PRIVATE KEY-") != -1 && -1463 param.indexOf("4,ENCRYPTED") == -1) { -1464 var hex = KEYUTIL.getHexFromPEM(param, "RSA PRIVATE KEY"); -1465 return KEYUTIL.getKey(hex, null, "pkcs5prv"); -1466 } -1467 -1468 // 8.2. private key by plain PKCS#5 PEM DSA string -1469 if (param.indexOf("-END DSA PRIVATE KEY-") != -1 && -1470 param.indexOf("4,ENCRYPTED") == -1) { -1471 -1472 var hKey = this.getHexFromPEM(param, "DSA PRIVATE KEY"); -1473 var p = ASN1HEX.getVbyList(hKey, 0, [1], "02"); -1474 var q = ASN1HEX.getVbyList(hKey, 0, [2], "02"); -1475 var g = ASN1HEX.getVbyList(hKey, 0, [3], "02"); -1476 var y = ASN1HEX.getVbyList(hKey, 0, [4], "02"); -1477 var x = ASN1HEX.getVbyList(hKey, 0, [5], "02"); -1478 var key = new KJUR.crypto.DSA(); -1479 key.setPrivate(new BigInteger(p, 16), -1480 new BigInteger(q, 16), -1481 new BigInteger(g, 16), -1482 new BigInteger(y, 16), -1483 new BigInteger(x, 16)); -1484 return key; -1485 } -1486 -1487 // 9. private key by plain PKCS#8 PEM ECC/RSA string -1488 if (param.indexOf("-END PRIVATE KEY-") != -1) { -1489 return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(param); -1490 } -1491 -1492 // 10. private key by encrypted PKCS#5 PEM RSA string -1493 if (param.indexOf("-END RSA PRIVATE KEY-") != -1 && -1494 param.indexOf("4,ENCRYPTED") != -1) { -1495 return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(param, passcode); -1496 } -1497 -1498 // 10.2. private key by encrypted PKCS#5 PEM ECDSA string -1499 if (param.indexOf("-END EC PRIVATE KEY-") != -1 && -1500 param.indexOf("4,ENCRYPTED") != -1) { -1501 var hKey = KEYUTIL.getDecryptedKeyHex(param, passcode); -1502 -1503 var key = ASN1HEX.getVbyList(hKey, 0, [1], "04"); -1504 var curveNameOidHex = ASN1HEX.getVbyList(hKey, 0, [2,0], "06"); -1505 var pubkey = ASN1HEX.getVbyList(hKey, 0, [3,0], "03").substr(2); -1506 var curveName = ""; -1507 -1508 if (KJUR.crypto.OID.oidhex2name[curveNameOidHex] !== undefined) { -1509 curveName = KJUR.crypto.OID.oidhex2name[curveNameOidHex]; -1510 } else { -1511 throw "undefined OID(hex) in KJUR.crypto.OID: " + curveNameOidHex; -1512 } -1513 -1514 var ec = new KJUR.crypto.ECDSA({'name': curveName}); -1515 ec.setPublicKeyHex(pubkey); -1516 ec.setPrivateKeyHex(key); -1517 ec.isPublic = false; -1518 return ec; -1519 } -1520 -1521 // 10.3. private key by encrypted PKCS#5 PEM DSA string -1522 if (param.indexOf("-END DSA PRIVATE KEY-") != -1 && -1523 param.indexOf("4,ENCRYPTED") != -1) { -1524 var hKey = KEYUTIL.getDecryptedKeyHex(param, passcode); -1525 var p = ASN1HEX.getVbyList(hKey, 0, [1], "02"); -1526 var q = ASN1HEX.getVbyList(hKey, 0, [2], "02"); -1527 var g = ASN1HEX.getVbyList(hKey, 0, [3], "02"); -1528 var y = ASN1HEX.getVbyList(hKey, 0, [4], "02"); -1529 var x = ASN1HEX.getVbyList(hKey, 0, [5], "02"); -1530 var key = new KJUR.crypto.DSA(); -1531 key.setPrivate(new BigInteger(p, 16), -1532 new BigInteger(q, 16), -1533 new BigInteger(g, 16), -1534 new BigInteger(y, 16), -1535 new BigInteger(x, 16)); -1536 return key; -1537 } -1538 -1539 // 11. private key by encrypted PKCS#8 hexadecimal RSA/ECDSA string -1540 if (param.indexOf("-END ENCRYPTED PRIVATE KEY-") != -1) { -1541 return KEYUTIL.getKeyFromEncryptedPKCS8PEM(param, passcode); -1542 } -1543 -1544 throw "not supported argument"; -1545 }; -1546 -1547 /** -1548 * @name generateKeypair -1549 * @memberOf KEYUTIL -1550 * @function -1551 * @static -1552 * @param {String} alg 'RSA' or 'EC' -1553 * @param {Object} keylenOrCurve key length for RSA or curve name for EC -1554 * @return {Array} associative array of keypair which has prvKeyObj and pubKeyObj parameters -1555 * @since keyutil 1.0.1 -1556 * @description -1557 * This method generates a key pair of public key algorithm. -1558 * The result will be an associative array which has following -1559 * parameters: -1560 * <ul> -1561 * <li>prvKeyObj - RSAKey or ECDSA object of private key</li> -1562 * <li>pubKeyObj - RSAKey or ECDSA object of public key</li> -1563 * </ul> -1564 * NOTE1: As for RSA algoirthm, public exponent has fixed -1565 * value '0x10001'. -1566 * NOTE2: As for EC algorithm, supported names of curve are -1567 * secp256r1, secp256k1 and secp384r1. -1568 * NOTE3: DSA is not supported yet. -1569 * @example -1570 * var rsaKeypair = KEYUTIL.generateKeypair("RSA", 1024); -1571 * var ecKeypair = KEYUTIL.generateKeypair("EC", "secp256r1"); -1572 * -1573 */ -1574 KEYUTIL.generateKeypair = function(alg, keylenOrCurve) { -1575 if (alg == "RSA") { -1576 var keylen = keylenOrCurve; -1577 var prvKey = new RSAKey(); -1578 prvKey.generate(keylen, '10001'); -1579 prvKey.isPrivate = true; -1580 prvKey.isPublic = true; -1581 -1582 var pubKey = new RSAKey(); -1583 var hN = prvKey.n.toString(16); -1584 var hE = prvKey.e.toString(16); -1585 pubKey.setPublic(hN, hE); -1586 pubKey.isPrivate = false; -1587 pubKey.isPublic = true; -1588 -1589 var result = {}; -1590 result.prvKeyObj = prvKey; -1591 result.pubKeyObj = pubKey; -1592 return result; -1593 } else if (alg == "EC") { -1594 var curve = keylenOrCurve; -1595 var ec = new KJUR.crypto.ECDSA({curve: curve}); -1596 var keypairHex = ec.generateKeyPairHex(); -1597 -1598 var prvKey = new KJUR.crypto.ECDSA({curve: curve}); -1599 prvKey.setPrivateKeyHex(keypairHex.ecprvhex); -1600 prvKey.isPrivate = true; -1601 prvKey.isPublic = false; -1602 -1603 var pubKey = new KJUR.crypto.ECDSA({curve: curve}); -1604 pubKey.setPublicKeyHex(keypairHex.ecpubhex); -1605 pubKey.isPrivate = false; -1606 pubKey.isPublic = true; -1607 -1608 var result = {}; -1609 result.prvKeyObj = prvKey; -1610 result.pubKeyObj = pubKey; -1611 return result; -1612 } else { -1613 throw "unknown algorithm: " + alg; -1614 } -1615 }; -1616 -1617 /** -1618 * get PEM formatted private or public key file from a RSA/ECDSA/DSA key object -1619 * @name getPEM -1620 * @memberOf KEYUTIL -1621 * @function -1622 * @static -1623 * @param {Object} keyObjOrHex key object {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} to encode to -1624 * @param {String} formatType (OPTION) output format type of "PKCS1PRV", "PKCS5PRV" or "PKCS8PRV" for private key -1625 * @param {String} passwd (OPTION) password to protect private key -1626 * @param {String} encAlg (OPTION) encryption algorithm for PKCS#5. currently supports DES-CBC, DES-EDE3-CBC and AES-{128,192,256}-CBC -1627 * @since keyutil 1.0.4 -1628 * @description -1629 * <dl> -1630 * <dt><b>NOTE1:</b> -1631 * <dd> -1632 * PKCS#5 encrypted private key protection algorithm supports DES-CBC, -1633 * DES-EDE3-CBC and AES-{128,192,256}-CBC -1634 * <dt><b>NOTE2:</b> -1635 * <dd> -1636 * OpenSSL supports -1637 * </dl> -1638 * @example -1639 * KEUUTIL.getPEM(publicKey) => generates PEM PKCS#8 public key -1640 * KEUUTIL.getPEM(privateKey, "PKCS1PRV") => generates PEM PKCS#1 plain private key -1641 * KEUUTIL.getPEM(privateKey, "PKCS5PRV", "pass") => generates PEM PKCS#5 encrypted private key -1642 * with DES-EDE3-CBC (DEFAULT) -1643 * KEUUTIL.getPEM(privateKey, "PKCS5PRV", "pass", "DES-CBC") => generates PEM PKCS#5 encrypted -1644 * private key with DES-CBC -1645 * KEUUTIL.getPEM(privateKey, "PKCS8PRV") => generates PEM PKCS#8 plain private key -1646 * KEUUTIL.getPEM(privateKey, "PKCS8PRV", "pass") => generates PEM PKCS#8 encrypted private key -1647 * with PBKDF2_HmacSHA1_3DES -1648 */ -1649 KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) { -1650 var ns1 = KJUR.asn1; -1651 var ns2 = KJUR.crypto; -1652 -1653 function _rsaprv2asn1obj(keyObjOrHex) { -1654 var asn1Obj = KJUR.asn1.ASN1Util.newObject({ -1655 "seq": [ -1656 {"int": 0 }, -1657 {"int": {"bigint": keyObjOrHex.n}}, -1658 {"int": keyObjOrHex.e}, -1659 {"int": {"bigint": keyObjOrHex.d}}, -1660 {"int": {"bigint": keyObjOrHex.p}}, -1661 {"int": {"bigint": keyObjOrHex.q}}, -1662 {"int": {"bigint": keyObjOrHex.dmp1}}, -1663 {"int": {"bigint": keyObjOrHex.dmq1}}, -1664 {"int": {"bigint": keyObjOrHex.coeff}} -1665 ] -1666 }); -1667 return asn1Obj; -1668 }; -1669 -1670 function _ecdsaprv2asn1obj(keyObjOrHex) { -1671 var asn1Obj2 = KJUR.asn1.ASN1Util.newObject({ -1672 "seq": [ -1673 {"int": 1 }, -1674 {"octstr": {"hex": keyObjOrHex.prvKeyHex}}, -1675 {"tag": ['a0', true, {'oid': {'name': keyObjOrHex.curveName}}]}, -1676 {"tag": ['a1', true, {'bitstr': {'hex': '00' + keyObjOrHex.pubKeyHex}}]} -1677 ] -1678 }); -1679 return asn1Obj2; -1680 }; -1681 -1682 function _dsaprv2asn1obj(keyObjOrHex) { -1683 var asn1Obj = KJUR.asn1.ASN1Util.newObject({ -1684 "seq": [ -1685 {"int": 0 }, -1686 {"int": {"bigint": keyObjOrHex.p}}, -1687 {"int": {"bigint": keyObjOrHex.q}}, -1688 {"int": {"bigint": keyObjOrHex.g}}, -1689 {"int": {"bigint": keyObjOrHex.y}}, -1690 {"int": {"bigint": keyObjOrHex.x}} -1691 ] -1692 }); -1693 return asn1Obj; -1694 }; -1695 -1696 // 1. public key -1697 -1698 // x. PEM PKCS#8 public key of RSA/ECDSA/DSA public key object -1699 if (((typeof RSAKey != "undefined" && keyObjOrHex instanceof RSAKey) || -1700 (typeof ns2.DSA != "undefined" && keyObjOrHex instanceof ns2.DSA) || -1701 (typeof ns2.ECDSA != "undefined" && keyObjOrHex instanceof ns2.ECDSA)) && -1702 keyObjOrHex.isPublic == true && -1703 (formatType === undefined || formatType == "PKCS8PUB")) { -1704 var asn1Obj = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObjOrHex); -1705 var asn1Hex = asn1Obj.getEncodedHex(); -1706 return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PUBLIC KEY"); -1707 } -1708 -1709 // 2. private -1710 -1711 // x. PEM PKCS#1 plain private key of RSA private key object -1712 if (formatType == "PKCS1PRV" && -1713 typeof RSAKey != "undefined" && -1714 keyObjOrHex instanceof RSAKey && -1715 (passwd === undefined || passwd == null) && -1716 keyObjOrHex.isPrivate == true) { -1717 -1718 var asn1Obj = _rsaprv2asn1obj(keyObjOrHex); -1719 var asn1Hex = asn1Obj.getEncodedHex(); -1720 return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "RSA PRIVATE KEY"); -1721 } -1722 -1723 // x. PEM PKCS#1 plain private key of ECDSA private key object -1724 if (formatType == "PKCS1PRV" && -1725 typeof RSAKey != "undefined" && -1726 keyObjOrHex instanceof KJUR.crypto.ECDSA && -1727 (passwd === undefined || passwd == null) && -1728 keyObjOrHex.isPrivate == true) { -1729 -1730 var asn1Obj1 = new KJUR.asn1.DERObjectIdentifier({'name': keyObjOrHex.curveName}); -1731 var asn1Hex1 = asn1Obj1.getEncodedHex(); -1732 var asn1Obj2 = _ecdsaprv2asn1obj(keyObjOrHex); -1733 var asn1Hex2 = asn1Obj2.getEncodedHex(); -1734 -1735 var s = ""; -1736 s += ns1.ASN1Util.getPEMStringFromHex(asn1Hex1, "EC PARAMETERS"); -1737 s += ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "EC PRIVATE KEY"); -1738 return s; -1739 } -1740 -1741 // x. PEM PKCS#1 plain private key of DSA private key object -1742 if (formatType == "PKCS1PRV" && -1743 typeof KJUR.crypto.DSA != "undefined" && -1744 keyObjOrHex instanceof KJUR.crypto.DSA && -1745 (passwd === undefined || passwd == null) && -1746 keyObjOrHex.isPrivate == true) { -1747 -1748 var asn1Obj = _dsaprv2asn1obj(keyObjOrHex); -1749 var asn1Hex = asn1Obj.getEncodedHex(); -1750 return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "DSA PRIVATE KEY"); -1751 } -1752 -1753 // 3. private -1754 -1755 // x. PEM PKCS#5 encrypted private key of RSA private key object -1756 if (formatType == "PKCS5PRV" && -1757 typeof RSAKey != "undefined" && -1758 keyObjOrHex instanceof RSAKey && -1759 (passwd !== undefined && passwd != null) && -1760 keyObjOrHex.isPrivate == true) { -1761 -1762 var asn1Obj = _rsaprv2asn1obj(keyObjOrHex); -1763 var asn1Hex = asn1Obj.getEncodedHex(); -1764 -1765 if (encAlg === undefined) encAlg = "DES-EDE3-CBC"; -1766 return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA", asn1Hex, passwd, encAlg); -1767 } -1768 -1769 // x. PEM PKCS#5 encrypted private key of ECDSA private key object -1770 if (formatType == "PKCS5PRV" && -1771 typeof KJUR.crypto.ECDSA != "undefined" && -1772 keyObjOrHex instanceof KJUR.crypto.ECDSA && -1773 (passwd !== undefined && passwd != null) && -1774 keyObjOrHex.isPrivate == true) { -1775 -1776 var asn1Obj = _ecdsaprv2asn1obj(keyObjOrHex); -1777 var asn1Hex = asn1Obj.getEncodedHex(); -1778 -1779 if (encAlg === undefined) encAlg = "DES-EDE3-CBC"; -1780 return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC", asn1Hex, passwd, encAlg); -1781 } -1782 -1783 // x. PEM PKCS#5 encrypted private key of DSA private key object -1784 if (formatType == "PKCS5PRV" && -1785 typeof KJUR.crypto.DSA != "undefined" && -1786 keyObjOrHex instanceof KJUR.crypto.DSA && -1787 (passwd !== undefined && passwd != null) && -1788 keyObjOrHex.isPrivate == true) { -1789 -1790 var asn1Obj = _dsaprv2asn1obj(keyObjOrHex); -1791 var asn1Hex = asn1Obj.getEncodedHex(); -1792 -1793 if (encAlg === undefined) encAlg = "DES-EDE3-CBC"; -1794 return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA", asn1Hex, passwd, encAlg); -1795 } -1796 -1797 // x. ====================================================================== -1798 -1799 var _getEncryptedPKCS8 = function(plainKeyHex, passcode) { -1800 var info = _getEencryptedPKCS8Info(plainKeyHex, passcode); -1801 //alert("iv=" + info.encryptionSchemeIV); -1802 //alert("info.ciphertext2[" + info.ciphertext.length + "=" + info.ciphertext); -1803 var asn1Obj = new KJUR.asn1.ASN1Util.newObject({ -1804 "seq": [ -1805 {"seq": [ -1806 {"oid": {"name": "pkcs5PBES2"}}, -1807 {"seq": [ -1808 {"seq": [ -1809 {"oid": {"name": "pkcs5PBKDF2"}}, -1810 {"seq": [ -1811 {"octstr": {"hex": info.pbkdf2Salt}}, -1812 {"int": info.pbkdf2Iter} -1813 ]} -1814 ]}, -1815 {"seq": [ -1816 {"oid": {"name": "des-EDE3-CBC"}}, -1817 {"octstr": {"hex": info.encryptionSchemeIV}} -1818 ]} -1819 ]} -1820 ]}, -1821 {"octstr": {"hex": info.ciphertext}} -1822 ] -1823 }); -1824 return asn1Obj.getEncodedHex(); -1825 }; -1826 -1827 var _getEencryptedPKCS8Info = function(plainKeyHex, passcode) { -1828 var pbkdf2Iter = 100; -1829 var pbkdf2SaltWS = CryptoJS.lib.WordArray.random(8); -1830 var encryptionSchemeAlg = "DES-EDE3-CBC"; -1831 var encryptionSchemeIVWS = CryptoJS.lib.WordArray.random(8); -1832 // PBKDF2 key -1833 var pbkdf2KeyWS = CryptoJS.PBKDF2(passcode, -1834 pbkdf2SaltWS, { "keySize": 192/32, -1835 "iterations": pbkdf2Iter }); -1836 // ENCRYPT -1837 var plainKeyWS = CryptoJS.enc.Hex.parse(plainKeyHex); -1838 var encryptedKeyHex = -1839 CryptoJS.TripleDES.encrypt(plainKeyWS, pbkdf2KeyWS, { "iv": encryptionSchemeIVWS }) + ""; -1840 -1841 //alert("encryptedKeyHex=" + encryptedKeyHex); -1842 -1843 var info = {}; -1844 info.ciphertext = encryptedKeyHex; -1845 //alert("info.ciphertext=" + info.ciphertext); -1846 info.pbkdf2Salt = CryptoJS.enc.Hex.stringify(pbkdf2SaltWS); -1847 info.pbkdf2Iter = pbkdf2Iter; -1848 info.encryptionSchemeAlg = encryptionSchemeAlg; -1849 info.encryptionSchemeIV = CryptoJS.enc.Hex.stringify(encryptionSchemeIVWS); -1850 return info; -1851 }; -1852 -1853 // x. PEM PKCS#8 plain private key of RSA private key object -1854 if (formatType == "PKCS8PRV" && -1855 typeof RSAKey != "undefined" && -1856 keyObjOrHex instanceof RSAKey && -1857 keyObjOrHex.isPrivate == true) { -1858 -1859 var keyObj = _rsaprv2asn1obj(keyObjOrHex); -1860 var keyHex = keyObj.getEncodedHex(); -1861 -1862 var asn1Obj = KJUR.asn1.ASN1Util.newObject({ -1863 "seq": [ -1864 {"int": 0}, -1865 {"seq": [{"oid": {"name": "rsaEncryption"}},{"null": true}]}, -1866 {"octstr": {"hex": keyHex}} -1867 ] -1868 }); -1869 var asn1Hex = asn1Obj.getEncodedHex(); -1870 -1871 if (passwd === undefined || passwd == null) { -1872 return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY"); -1873 } else { -1874 var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd); -1875 return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY"); -1876 } -1877 } -1878 -1879 // x. PEM PKCS#8 plain private key of ECDSA private key object -1880 if (formatType == "PKCS8PRV" && -1881 typeof KJUR.crypto.ECDSA != "undefined" && -1882 keyObjOrHex instanceof KJUR.crypto.ECDSA && -1883 keyObjOrHex.isPrivate == true) { -1884 -1885 var keyObj = new KJUR.asn1.ASN1Util.newObject({ -1886 "seq": [ -1887 {"int": 1}, -1888 {"octstr": {"hex": keyObjOrHex.prvKeyHex}}, -1889 {"tag": ['a1', true, {"bitstr": {"hex": "00" + keyObjOrHex.pubKeyHex}}]} -1890 ] -1891 }); -1892 var keyHex = keyObj.getEncodedHex(); -1893 -1894 var asn1Obj = KJUR.asn1.ASN1Util.newObject({ -1895 "seq": [ -1896 {"int": 0}, -1897 {"seq": [ -1898 {"oid": {"name": "ecPublicKey"}}, -1899 {"oid": {"name": keyObjOrHex.curveName}} -1900 ]}, -1901 {"octstr": {"hex": keyHex}} -1902 ] -1903 }); -1904 -1905 var asn1Hex = asn1Obj.getEncodedHex(); -1906 if (passwd === undefined || passwd == null) { -1907 return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY"); -1908 } else { -1909 var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd); -1910 return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY"); -1911 } -1912 } -1913 -1914 // x. PEM PKCS#8 plain private key of DSA private key object -1915 if (formatType == "PKCS8PRV" && -1916 typeof KJUR.crypto.DSA != "undefined" && -1917 keyObjOrHex instanceof KJUR.crypto.DSA && -1918 keyObjOrHex.isPrivate == true) { -1919 -1920 var keyObj = new KJUR.asn1.DERInteger({'bigint': keyObjOrHex.x}); -1921 var keyHex = keyObj.getEncodedHex(); -1922 -1923 var asn1Obj = KJUR.asn1.ASN1Util.newObject({ -1924 "seq": [ -1925 {"int": 0}, -1926 {"seq": [ -1927 {"oid": {"name": "dsa"}}, -1928 {"seq": [ -1929 {"int": {"bigint": keyObjOrHex.p}}, -1930 {"int": {"bigint": keyObjOrHex.q}}, -1931 {"int": {"bigint": keyObjOrHex.g}} -1932 ]} -1933 ]}, -1934 {"octstr": {"hex": keyHex}} -1935 ] -1936 }); -1937 -1938 var asn1Hex = asn1Obj.getEncodedHex(); -1939 if (passwd === undefined || passwd == null) { -1940 return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY"); -1941 } else { -1942 var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd); -1943 return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY"); -1944 } -1945 } -1946 -1947 throw "unsupported object nor format"; -1948 }; -1949 -1950 // -- PUBLIC METHODS FOR CSR ------------------------------------------------------- -1951 -1952 /** -1953 * get RSAKey/DSA/ECDSA public key object from PEM formatted PKCS#10 CSR string -1954 * @name getKeyFromCSRPEM -1955 * @memberOf KEYUTIL -1956 * @function -1957 * @param {String} csrPEM PEM formatted PKCS#10 CSR string -1958 * @return {Object} RSAKey/DSA/ECDSA public key object -1959 * @since keyutil 1.0.5 -1960 */ -1961 KEYUTIL.getKeyFromCSRPEM = function(csrPEM) { -1962 var csrHex = KEYUTIL.getHexFromPEM(csrPEM, "CERTIFICATE REQUEST"); -1963 var key = KEYUTIL.getKeyFromCSRHex(csrHex); -1964 return key; -1965 }; -1966 -1967 /** -1968 * get RSAKey/DSA/ECDSA public key object from hexadecimal string of PKCS#10 CSR -1969 * @name getKeyFromCSRHex -1970 * @memberOf KEYUTIL -1971 * @function -1972 * @param {String} csrHex hexadecimal string of PKCS#10 CSR -1973 * @return {Object} RSAKey/DSA/ECDSA public key object -1974 * @since keyutil 1.0.5 -1975 */ -1976 KEYUTIL.getKeyFromCSRHex = function(csrHex) { -1977 var info = KEYUTIL.parseCSRHex(csrHex); -1978 var key = KEYUTIL.getKey(info.p8pubkeyhex, null, "pkcs8pub"); -1979 return key; -1980 }; -1981 -1982 /** -1983 * parse hexadecimal string of PKCS#10 CSR (certificate signing request) -1984 * @name parseCSRHex -1985 * @memberOf KEYUTIL -1986 * @function -1987 * @param {String} csrHex hexadecimal string of PKCS#10 CSR -1988 * @return {Array} associative array of parsed CSR -1989 * @since keyutil 1.0.5 -1990 * @description -1991 * Resulted associative array has following properties: -1992 * <ul> -1993 * <li>p8pubkeyhex - hexadecimal string of subject public key in PKCS#8</li> -1994 * </ul> -1995 */ -1996 KEYUTIL.parseCSRHex = function(csrHex) { -1997 var result = {}; -1998 var h = csrHex; -1999 -2000 // 1. sequence -2001 if (h.substr(0, 2) != "30") -2002 throw "malformed CSR(code:001)"; // not sequence -2003 -2004 var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(h, 0); -2005 if (a1.length < 1) -2006 throw "malformed CSR(code:002)"; // short length -2007 -2008 // 2. 2nd sequence -2009 if (h.substr(a1[0], 2) != "30") -2010 throw "malformed CSR(code:003)"; // not sequence -2011 -2012 var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(h, a1[0]); -2013 if (a2.length < 3) -2014 throw "malformed CSR(code:004)"; // 2nd seq short elem -2015 -2016 result.p8pubkeyhex = ASN1HEX.getHexOfTLV_AtObj(h, a2[2]); -2017 -2018 return result; -2019 }; -2020 \ No newline at end of file +1251 * NOTE1: <a href="https://tools.ietf.org/html/rfc7517">RFC 7517 JSON Web Key(JWK)</a> support for RSA/ECC private/public key from jsrsasign 4.8.1.<br/> +1252 * NOTE2: X509v1 support is added since jsrsasign 5.0.11. +1253 * +1254 * <h5>EXAMPLE</h5> +1255 * @example +1256 * // 1. loading private key from PEM string +1257 * keyObj = KEYUTIL.getKey("-----BEGIN RSA PRIVATE KEY..."); +1258 * keyObj = KEYUTIL.getKey("-----BEGIN RSA PRIVATE KEY..., "passcode"); +1259 * keyObj = KEYUTIL.getKey("-----BEGIN PRIVATE KEY..."); +1260 * keyObj = KEYUTIL.getKey("-----BEGIN PRIVATE KEY...", "passcode"); +1261 * // 2. loading public key from PEM string +1262 * keyObj = KEYUTIL.getKey("-----BEGIN PUBLIC KEY..."); +1263 * keyObj = KEYUTIL.getKey("-----BEGIN X509 CERTIFICATE..."); +1264 * // 3. loading hexadecimal PKCS#5/PKCS#8 key +1265 * keyObj = KEYUTIL.getKey("308205c1...", null, "pkcs8pub"); +1266 * keyObj = KEYUTIL.getKey("3082048b...", null, "pkcs5prv"); +1267 * // 4. loading JSON Web Key(JWK) +1268 * keyObj = KEYUTIL.getKey({kty: "RSA", n: "0vx7...", e: "AQAB"}); +1269 * keyObj = KEYUTIL.getKey({kty: "EC", crv: "P-256", +1270 * x: "MKBC...", y: "4Etl6...", d: "870Mb..."}); +1271 * // 5. bare hexadecimal key +1272 * keyObj = KEYUTIL.getKey({n: "75ab..", e: "010001"}); +1273 */ +1274 KEYUTIL.getKey = function(param, passcode, hextype) { +1275 // 1. by key RSAKey/KJUR.crypto.ECDSA/KJUR.crypto.DSA object +1276 if (typeof RSAKey != 'undefined' && param instanceof RSAKey) +1277 return param; +1278 if (typeof KJUR.crypto.ECDSA != 'undefined' && param instanceof KJUR.crypto.ECDSA) +1279 return param; +1280 if (typeof KJUR.crypto.DSA != 'undefined' && param instanceof KJUR.crypto.DSA) +1281 return param; +1282 +1283 // 2. by parameters of key +1284 +1285 // 2.1. bare ECC +1286 // 2.1.1. bare ECC public key by hex values +1287 if (param.curve !== undefined && +1288 param.xy !== undefined && param.d === undefined) { +1289 return new KJUR.crypto.ECDSA({pub: param.xy, curve: param.curve}); +1290 } +1291 +1292 // 2.1.2. bare ECC private key by hex values +1293 if (param.curve !== undefined && param.d !== undefined) { +1294 return new KJUR.crypto.ECDSA({prv: param.d, curve: param.curve}); +1295 } +1296 +1297 // 2.2. bare RSA +1298 // 2.2.1. bare RSA public key by hex values +1299 if (param.kty === undefined && +1300 param.n !== undefined && param.e !== undefined && +1301 param.d === undefined) { +1302 var key = new RSAKey(); +1303 key.setPublic(param.n, param.e); +1304 return key; +1305 } +1306 +1307 // 2.2.2. bare RSA private key with P/Q/DP/DQ/COEFF by hex values +1308 if (param.kty === undefined && +1309 param.n !== undefined && +1310 param.e !== undefined && +1311 param.d !== undefined && +1312 param.p !== undefined && +1313 param.q !== undefined && +1314 param.dp !== undefined && +1315 param.dq !== undefined && +1316 param.co !== undefined && +1317 param.qi === undefined) { +1318 var key = new RSAKey(); +1319 key.setPrivateEx(param.n, param.e, param.d, param.p, param.q, +1320 param.dp, param.dq, param.co); +1321 return key; +1322 } +1323 +1324 // 2.2.3. bare RSA public key without P/Q/DP/DQ/COEFF by hex values +1325 if (param.kty === undefined && +1326 param.n !== undefined && +1327 param.e !== undefined && +1328 param.d !== undefined && +1329 param.p === undefined) { +1330 var key = new RSAKey(); +1331 key.setPrivate(param.n, param.e, param.d); +1332 return key; +1333 } +1334 +1335 // 2.3. bare DSA +1336 // 2.3.1. bare DSA public key by hex values +1337 if (param.p !== undefined && param.q !== undefined && +1338 param.g !== undefined && +1339 param.y !== undefined && param.x === undefined) { +1340 var key = new KJUR.crypto.DSA(); +1341 key.setPublic(param.p, param.q, param.g, param.y); +1342 return key; +1343 } +1344 +1345 // 2.3.2. bare DSA private key by hex values +1346 if (param.p !== undefined && param.q !== undefined && +1347 param.g !== undefined && +1348 param.y !== undefined && param.x !== undefined) { +1349 var key = new KJUR.crypto.DSA(); +1350 key.setPrivate(param.p, param.q, param.g, param.y, param.x); +1351 return key; +1352 } +1353 +1354 // 3. JWK +1355 // 3.1. JWK RSA +1356 // 3.1.1. JWK RSA public key by b64u values +1357 if (param.kty === "RSA" && +1358 param.n !== undefined && +1359 param.e !== undefined && +1360 param.d === undefined) { +1361 var key = new RSAKey(); +1362 key.setPublic(b64utohex(param.n), b64utohex(param.e)); +1363 return key; +1364 } +1365 +1366 // 3.1.2. JWK RSA private key with p/q/dp/dq/coeff by b64u values +1367 if (param.kty === "RSA" && +1368 param.n !== undefined && +1369 param.e !== undefined && +1370 param.d !== undefined && +1371 param.p !== undefined && +1372 param.q !== undefined && +1373 param.dp !== undefined && +1374 param.dq !== undefined && +1375 param.qi !== undefined) { +1376 var key = new RSAKey(); +1377 key.setPrivateEx(b64utohex(param.n), +1378 b64utohex(param.e), +1379 b64utohex(param.d), +1380 b64utohex(param.p), +1381 b64utohex(param.q), +1382 b64utohex(param.dp), +1383 b64utohex(param.dq), +1384 b64utohex(param.qi)); +1385 return key; +1386 } +1387 +1388 // 3.1.3. JWK RSA private key without p/q/dp/dq/coeff by b64u +1389 // since jsrsasign 5.0.0 keyutil 1.0.11 +1390 if (param.kty === "RSA" && +1391 param.n !== undefined && +1392 param.e !== undefined && +1393 param.d !== undefined) { +1394 var key = new RSAKey(); +1395 key.setPrivate(b64utohex(param.n), +1396 b64utohex(param.e), +1397 b64utohex(param.d)); +1398 return key; +1399 } +1400 +1401 // 3.2. JWK ECC +1402 // 3.2.1. JWK ECC public key by b64u values +1403 if (param.kty === "EC" && +1404 param.crv !== undefined && +1405 param.x !== undefined && +1406 param.y !== undefined && +1407 param.d === undefined) { +1408 var ec = new KJUR.crypto.ECDSA({"curve": param.crv}); +1409 var charlen = ec.ecparams.keylen / 4; +1410 var hX = ("0000000000" + b64utohex(param.x)).slice(- charlen); +1411 var hY = ("0000000000" + b64utohex(param.y)).slice(- charlen); +1412 var hPub = "04" + hX + hY; +1413 ec.setPublicKeyHex(hPub); +1414 return ec; +1415 } +1416 +1417 // 3.2.2. JWK ECC private key by b64u values +1418 if (param.kty === "EC" && +1419 param.crv !== undefined && +1420 param.x !== undefined && +1421 param.y !== undefined && +1422 param.d !== undefined) { +1423 var ec = new KJUR.crypto.ECDSA({"curve": param.crv}); +1424 var charlen = ec.ecparams.keylen / 4; +1425 var hPrv = ("0000000000" + b64utohex(param.d)).slice(- charlen); +1426 ec.setPrivateKeyHex(hPrv); +1427 return ec; +1428 } +1429 +1430 // 4. by PEM certificate (-----BEGIN ... CERTIFITE----) +1431 if (param.indexOf("-END CERTIFICATE-", 0) != -1 || +1432 param.indexOf("-END X509 CERTIFICATE-", 0) != -1 || +1433 param.indexOf("-END TRUSTED CERTIFICATE-", 0) != -1) { +1434 return X509.getPublicKeyFromCertPEM(param); +1435 } +1436 +1437 // 4. public key by PKCS#8 hexadecimal string +1438 if (hextype === "pkcs8pub") { +1439 return KEYUTIL.getKeyFromPublicPKCS8Hex(param); +1440 } +1441 +1442 // 5. public key by PKCS#8 PEM string +1443 if (param.indexOf("-END PUBLIC KEY-") != -1) { +1444 return KEYUTIL.getKeyFromPublicPKCS8PEM(param); +1445 } +1446 +1447 // 6. private key by PKCS#5 plain hexadecimal RSA string +1448 if (hextype === "pkcs5prv") { +1449 var key = new RSAKey(); +1450 key.readPrivateKeyFromASN1HexString(param); +1451 return key; +1452 } +1453 +1454 // 7. private key by plain PKCS#5 hexadecimal RSA string +1455 if (hextype === "pkcs5prv") { +1456 var key = new RSAKey(); +1457 key.readPrivateKeyFromASN1HexString(param); +1458 return key; +1459 } +1460 +1461 // 8. private key by plain PKCS#5 PEM RSA string +1462 // getKey("-----BEGIN RSA PRIVATE KEY-...") +1463 if (param.indexOf("-END RSA PRIVATE KEY-") != -1 && +1464 param.indexOf("4,ENCRYPTED") == -1) { +1465 var hex = KEYUTIL.getHexFromPEM(param, "RSA PRIVATE KEY"); +1466 return KEYUTIL.getKey(hex, null, "pkcs5prv"); +1467 } +1468 +1469 // 8.2. private key by plain PKCS#5 PEM DSA string +1470 if (param.indexOf("-END DSA PRIVATE KEY-") != -1 && +1471 param.indexOf("4,ENCRYPTED") == -1) { +1472 +1473 var hKey = this.getHexFromPEM(param, "DSA PRIVATE KEY"); +1474 var p = ASN1HEX.getVbyList(hKey, 0, [1], "02"); +1475 var q = ASN1HEX.getVbyList(hKey, 0, [2], "02"); +1476 var g = ASN1HEX.getVbyList(hKey, 0, [3], "02"); +1477 var y = ASN1HEX.getVbyList(hKey, 0, [4], "02"); +1478 var x = ASN1HEX.getVbyList(hKey, 0, [5], "02"); +1479 var key = new KJUR.crypto.DSA(); +1480 key.setPrivate(new BigInteger(p, 16), +1481 new BigInteger(q, 16), +1482 new BigInteger(g, 16), +1483 new BigInteger(y, 16), +1484 new BigInteger(x, 16)); +1485 return key; +1486 } +1487 +1488 // 9. private key by plain PKCS#8 PEM ECC/RSA string +1489 if (param.indexOf("-END PRIVATE KEY-") != -1) { +1490 return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(param); +1491 } +1492 +1493 // 10. private key by encrypted PKCS#5 PEM RSA string +1494 if (param.indexOf("-END RSA PRIVATE KEY-") != -1 && +1495 param.indexOf("4,ENCRYPTED") != -1) { +1496 return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(param, passcode); +1497 } +1498 +1499 // 10.2. private key by encrypted PKCS#5 PEM ECDSA string +1500 if (param.indexOf("-END EC PRIVATE KEY-") != -1 && +1501 param.indexOf("4,ENCRYPTED") != -1) { +1502 var hKey = KEYUTIL.getDecryptedKeyHex(param, passcode); +1503 +1504 var key = ASN1HEX.getVbyList(hKey, 0, [1], "04"); +1505 var curveNameOidHex = ASN1HEX.getVbyList(hKey, 0, [2,0], "06"); +1506 var pubkey = ASN1HEX.getVbyList(hKey, 0, [3,0], "03").substr(2); +1507 var curveName = ""; +1508 +1509 if (KJUR.crypto.OID.oidhex2name[curveNameOidHex] !== undefined) { +1510 curveName = KJUR.crypto.OID.oidhex2name[curveNameOidHex]; +1511 } else { +1512 throw "undefined OID(hex) in KJUR.crypto.OID: " + curveNameOidHex; +1513 } +1514 +1515 var ec = new KJUR.crypto.ECDSA({'name': curveName}); +1516 ec.setPublicKeyHex(pubkey); +1517 ec.setPrivateKeyHex(key); +1518 ec.isPublic = false; +1519 return ec; +1520 } +1521 +1522 // 10.3. private key by encrypted PKCS#5 PEM DSA string +1523 if (param.indexOf("-END DSA PRIVATE KEY-") != -1 && +1524 param.indexOf("4,ENCRYPTED") != -1) { +1525 var hKey = KEYUTIL.getDecryptedKeyHex(param, passcode); +1526 var p = ASN1HEX.getVbyList(hKey, 0, [1], "02"); +1527 var q = ASN1HEX.getVbyList(hKey, 0, [2], "02"); +1528 var g = ASN1HEX.getVbyList(hKey, 0, [3], "02"); +1529 var y = ASN1HEX.getVbyList(hKey, 0, [4], "02"); +1530 var x = ASN1HEX.getVbyList(hKey, 0, [5], "02"); +1531 var key = new KJUR.crypto.DSA(); +1532 key.setPrivate(new BigInteger(p, 16), +1533 new BigInteger(q, 16), +1534 new BigInteger(g, 16), +1535 new BigInteger(y, 16), +1536 new BigInteger(x, 16)); +1537 return key; +1538 } +1539 +1540 // 11. private key by encrypted PKCS#8 hexadecimal RSA/ECDSA string +1541 if (param.indexOf("-END ENCRYPTED PRIVATE KEY-") != -1) { +1542 return KEYUTIL.getKeyFromEncryptedPKCS8PEM(param, passcode); +1543 } +1544 +1545 throw "not supported argument"; +1546 }; +1547 +1548 /** +1549 * @name generateKeypair +1550 * @memberOf KEYUTIL +1551 * @function +1552 * @static +1553 * @param {String} alg 'RSA' or 'EC' +1554 * @param {Object} keylenOrCurve key length for RSA or curve name for EC +1555 * @return {Array} associative array of keypair which has prvKeyObj and pubKeyObj parameters +1556 * @since keyutil 1.0.1 +1557 * @description +1558 * This method generates a key pair of public key algorithm. +1559 * The result will be an associative array which has following +1560 * parameters: +1561 * <ul> +1562 * <li>prvKeyObj - RSAKey or ECDSA object of private key</li> +1563 * <li>pubKeyObj - RSAKey or ECDSA object of public key</li> +1564 * </ul> +1565 * NOTE1: As for RSA algoirthm, public exponent has fixed +1566 * value '0x10001'. +1567 * NOTE2: As for EC algorithm, supported names of curve are +1568 * secp256r1, secp256k1 and secp384r1. +1569 * NOTE3: DSA is not supported yet. +1570 * @example +1571 * var rsaKeypair = KEYUTIL.generateKeypair("RSA", 1024); +1572 * var ecKeypair = KEYUTIL.generateKeypair("EC", "secp256r1"); +1573 * +1574 */ +1575 KEYUTIL.generateKeypair = function(alg, keylenOrCurve) { +1576 if (alg == "RSA") { +1577 var keylen = keylenOrCurve; +1578 var prvKey = new RSAKey(); +1579 prvKey.generate(keylen, '10001'); +1580 prvKey.isPrivate = true; +1581 prvKey.isPublic = true; +1582 +1583 var pubKey = new RSAKey(); +1584 var hN = prvKey.n.toString(16); +1585 var hE = prvKey.e.toString(16); +1586 pubKey.setPublic(hN, hE); +1587 pubKey.isPrivate = false; +1588 pubKey.isPublic = true; +1589 +1590 var result = {}; +1591 result.prvKeyObj = prvKey; +1592 result.pubKeyObj = pubKey; +1593 return result; +1594 } else if (alg == "EC") { +1595 var curve = keylenOrCurve; +1596 var ec = new KJUR.crypto.ECDSA({curve: curve}); +1597 var keypairHex = ec.generateKeyPairHex(); +1598 +1599 var prvKey = new KJUR.crypto.ECDSA({curve: curve}); +1600 prvKey.setPrivateKeyHex(keypairHex.ecprvhex); +1601 prvKey.isPrivate = true; +1602 prvKey.isPublic = false; +1603 +1604 var pubKey = new KJUR.crypto.ECDSA({curve: curve}); +1605 pubKey.setPublicKeyHex(keypairHex.ecpubhex); +1606 pubKey.isPrivate = false; +1607 pubKey.isPublic = true; +1608 +1609 var result = {}; +1610 result.prvKeyObj = prvKey; +1611 result.pubKeyObj = pubKey; +1612 return result; +1613 } else { +1614 throw "unknown algorithm: " + alg; +1615 } +1616 }; +1617 +1618 /** +1619 * get PEM formatted private or public key file from a RSA/ECDSA/DSA key object +1620 * @name getPEM +1621 * @memberOf KEYUTIL +1622 * @function +1623 * @static +1624 * @param {Object} keyObjOrHex key object {@link RSAKey}, {@link KJUR.crypto.ECDSA} or {@link KJUR.crypto.DSA} to encode to +1625 * @param {String} formatType (OPTION) output format type of "PKCS1PRV", "PKCS5PRV" or "PKCS8PRV" for private key +1626 * @param {String} passwd (OPTION) password to protect private key +1627 * @param {String} encAlg (OPTION) encryption algorithm for PKCS#5. currently supports DES-CBC, DES-EDE3-CBC and AES-{128,192,256}-CBC +1628 * @since keyutil 1.0.4 +1629 * @description +1630 * <dl> +1631 * <dt><b>NOTE1:</b> +1632 * <dd> +1633 * PKCS#5 encrypted private key protection algorithm supports DES-CBC, +1634 * DES-EDE3-CBC and AES-{128,192,256}-CBC +1635 * <dt><b>NOTE2:</b> +1636 * <dd> +1637 * OpenSSL supports +1638 * </dl> +1639 * @example +1640 * KEUUTIL.getPEM(publicKey) => generates PEM PKCS#8 public key +1641 * KEUUTIL.getPEM(privateKey, "PKCS1PRV") => generates PEM PKCS#1 plain private key +1642 * KEUUTIL.getPEM(privateKey, "PKCS5PRV", "pass") => generates PEM PKCS#5 encrypted private key +1643 * with DES-EDE3-CBC (DEFAULT) +1644 * KEUUTIL.getPEM(privateKey, "PKCS5PRV", "pass", "DES-CBC") => generates PEM PKCS#5 encrypted +1645 * private key with DES-CBC +1646 * KEUUTIL.getPEM(privateKey, "PKCS8PRV") => generates PEM PKCS#8 plain private key +1647 * KEUUTIL.getPEM(privateKey, "PKCS8PRV", "pass") => generates PEM PKCS#8 encrypted private key +1648 * with PBKDF2_HmacSHA1_3DES +1649 */ +1650 KEYUTIL.getPEM = function(keyObjOrHex, formatType, passwd, encAlg, hexType) { +1651 var ns1 = KJUR.asn1; +1652 var ns2 = KJUR.crypto; +1653 +1654 function _rsaprv2asn1obj(keyObjOrHex) { +1655 var asn1Obj = KJUR.asn1.ASN1Util.newObject({ +1656 "seq": [ +1657 {"int": 0 }, +1658 {"int": {"bigint": keyObjOrHex.n}}, +1659 {"int": keyObjOrHex.e}, +1660 {"int": {"bigint": keyObjOrHex.d}}, +1661 {"int": {"bigint": keyObjOrHex.p}}, +1662 {"int": {"bigint": keyObjOrHex.q}}, +1663 {"int": {"bigint": keyObjOrHex.dmp1}}, +1664 {"int": {"bigint": keyObjOrHex.dmq1}}, +1665 {"int": {"bigint": keyObjOrHex.coeff}} +1666 ] +1667 }); +1668 return asn1Obj; +1669 }; +1670 +1671 function _ecdsaprv2asn1obj(keyObjOrHex) { +1672 var asn1Obj2 = KJUR.asn1.ASN1Util.newObject({ +1673 "seq": [ +1674 {"int": 1 }, +1675 {"octstr": {"hex": keyObjOrHex.prvKeyHex}}, +1676 {"tag": ['a0', true, {'oid': {'name': keyObjOrHex.curveName}}]}, +1677 {"tag": ['a1', true, {'bitstr': {'hex': '00' + keyObjOrHex.pubKeyHex}}]} +1678 ] +1679 }); +1680 return asn1Obj2; +1681 }; +1682 +1683 function _dsaprv2asn1obj(keyObjOrHex) { +1684 var asn1Obj = KJUR.asn1.ASN1Util.newObject({ +1685 "seq": [ +1686 {"int": 0 }, +1687 {"int": {"bigint": keyObjOrHex.p}}, +1688 {"int": {"bigint": keyObjOrHex.q}}, +1689 {"int": {"bigint": keyObjOrHex.g}}, +1690 {"int": {"bigint": keyObjOrHex.y}}, +1691 {"int": {"bigint": keyObjOrHex.x}} +1692 ] +1693 }); +1694 return asn1Obj; +1695 }; +1696 +1697 // 1. public key +1698 +1699 // x. PEM PKCS#8 public key of RSA/ECDSA/DSA public key object +1700 if (((typeof RSAKey != "undefined" && keyObjOrHex instanceof RSAKey) || +1701 (typeof ns2.DSA != "undefined" && keyObjOrHex instanceof ns2.DSA) || +1702 (typeof ns2.ECDSA != "undefined" && keyObjOrHex instanceof ns2.ECDSA)) && +1703 keyObjOrHex.isPublic == true && +1704 (formatType === undefined || formatType == "PKCS8PUB")) { +1705 var asn1Obj = new KJUR.asn1.x509.SubjectPublicKeyInfo(keyObjOrHex); +1706 var asn1Hex = asn1Obj.getEncodedHex(); +1707 return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PUBLIC KEY"); +1708 } +1709 +1710 // 2. private +1711 +1712 // x. PEM PKCS#1 plain private key of RSA private key object +1713 if (formatType == "PKCS1PRV" && +1714 typeof RSAKey != "undefined" && +1715 keyObjOrHex instanceof RSAKey && +1716 (passwd === undefined || passwd == null) && +1717 keyObjOrHex.isPrivate == true) { +1718 +1719 var asn1Obj = _rsaprv2asn1obj(keyObjOrHex); +1720 var asn1Hex = asn1Obj.getEncodedHex(); +1721 return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "RSA PRIVATE KEY"); +1722 } +1723 +1724 // x. PEM PKCS#1 plain private key of ECDSA private key object +1725 if (formatType == "PKCS1PRV" && +1726 typeof RSAKey != "undefined" && +1727 keyObjOrHex instanceof KJUR.crypto.ECDSA && +1728 (passwd === undefined || passwd == null) && +1729 keyObjOrHex.isPrivate == true) { +1730 +1731 var asn1Obj1 = new KJUR.asn1.DERObjectIdentifier({'name': keyObjOrHex.curveName}); +1732 var asn1Hex1 = asn1Obj1.getEncodedHex(); +1733 var asn1Obj2 = _ecdsaprv2asn1obj(keyObjOrHex); +1734 var asn1Hex2 = asn1Obj2.getEncodedHex(); +1735 +1736 var s = ""; +1737 s += ns1.ASN1Util.getPEMStringFromHex(asn1Hex1, "EC PARAMETERS"); +1738 s += ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "EC PRIVATE KEY"); +1739 return s; +1740 } +1741 +1742 // x. PEM PKCS#1 plain private key of DSA private key object +1743 if (formatType == "PKCS1PRV" && +1744 typeof KJUR.crypto.DSA != "undefined" && +1745 keyObjOrHex instanceof KJUR.crypto.DSA && +1746 (passwd === undefined || passwd == null) && +1747 keyObjOrHex.isPrivate == true) { +1748 +1749 var asn1Obj = _dsaprv2asn1obj(keyObjOrHex); +1750 var asn1Hex = asn1Obj.getEncodedHex(); +1751 return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "DSA PRIVATE KEY"); +1752 } +1753 +1754 // 3. private +1755 +1756 // x. PEM PKCS#5 encrypted private key of RSA private key object +1757 if (formatType == "PKCS5PRV" && +1758 typeof RSAKey != "undefined" && +1759 keyObjOrHex instanceof RSAKey && +1760 (passwd !== undefined && passwd != null) && +1761 keyObjOrHex.isPrivate == true) { +1762 +1763 var asn1Obj = _rsaprv2asn1obj(keyObjOrHex); +1764 var asn1Hex = asn1Obj.getEncodedHex(); +1765 +1766 if (encAlg === undefined) encAlg = "DES-EDE3-CBC"; +1767 return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA", asn1Hex, passwd, encAlg); +1768 } +1769 +1770 // x. PEM PKCS#5 encrypted private key of ECDSA private key object +1771 if (formatType == "PKCS5PRV" && +1772 typeof KJUR.crypto.ECDSA != "undefined" && +1773 keyObjOrHex instanceof KJUR.crypto.ECDSA && +1774 (passwd !== undefined && passwd != null) && +1775 keyObjOrHex.isPrivate == true) { +1776 +1777 var asn1Obj = _ecdsaprv2asn1obj(keyObjOrHex); +1778 var asn1Hex = asn1Obj.getEncodedHex(); +1779 +1780 if (encAlg === undefined) encAlg = "DES-EDE3-CBC"; +1781 return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC", asn1Hex, passwd, encAlg); +1782 } +1783 +1784 // x. PEM PKCS#5 encrypted private key of DSA private key object +1785 if (formatType == "PKCS5PRV" && +1786 typeof KJUR.crypto.DSA != "undefined" && +1787 keyObjOrHex instanceof KJUR.crypto.DSA && +1788 (passwd !== undefined && passwd != null) && +1789 keyObjOrHex.isPrivate == true) { +1790 +1791 var asn1Obj = _dsaprv2asn1obj(keyObjOrHex); +1792 var asn1Hex = asn1Obj.getEncodedHex(); +1793 +1794 if (encAlg === undefined) encAlg = "DES-EDE3-CBC"; +1795 return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA", asn1Hex, passwd, encAlg); +1796 } +1797 +1798 // x. ====================================================================== +1799 +1800 var _getEncryptedPKCS8 = function(plainKeyHex, passcode) { +1801 var info = _getEencryptedPKCS8Info(plainKeyHex, passcode); +1802 //alert("iv=" + info.encryptionSchemeIV); +1803 //alert("info.ciphertext2[" + info.ciphertext.length + "=" + info.ciphertext); +1804 var asn1Obj = new KJUR.asn1.ASN1Util.newObject({ +1805 "seq": [ +1806 {"seq": [ +1807 {"oid": {"name": "pkcs5PBES2"}}, +1808 {"seq": [ +1809 {"seq": [ +1810 {"oid": {"name": "pkcs5PBKDF2"}}, +1811 {"seq": [ +1812 {"octstr": {"hex": info.pbkdf2Salt}}, +1813 {"int": info.pbkdf2Iter} +1814 ]} +1815 ]}, +1816 {"seq": [ +1817 {"oid": {"name": "des-EDE3-CBC"}}, +1818 {"octstr": {"hex": info.encryptionSchemeIV}} +1819 ]} +1820 ]} +1821 ]}, +1822 {"octstr": {"hex": info.ciphertext}} +1823 ] +1824 }); +1825 return asn1Obj.getEncodedHex(); +1826 }; +1827 +1828 var _getEencryptedPKCS8Info = function(plainKeyHex, passcode) { +1829 var pbkdf2Iter = 100; +1830 var pbkdf2SaltWS = CryptoJS.lib.WordArray.random(8); +1831 var encryptionSchemeAlg = "DES-EDE3-CBC"; +1832 var encryptionSchemeIVWS = CryptoJS.lib.WordArray.random(8); +1833 // PBKDF2 key +1834 var pbkdf2KeyWS = CryptoJS.PBKDF2(passcode, +1835 pbkdf2SaltWS, { "keySize": 192/32, +1836 "iterations": pbkdf2Iter }); +1837 // ENCRYPT +1838 var plainKeyWS = CryptoJS.enc.Hex.parse(plainKeyHex); +1839 var encryptedKeyHex = +1840 CryptoJS.TripleDES.encrypt(plainKeyWS, pbkdf2KeyWS, { "iv": encryptionSchemeIVWS }) + ""; +1841 +1842 //alert("encryptedKeyHex=" + encryptedKeyHex); +1843 +1844 var info = {}; +1845 info.ciphertext = encryptedKeyHex; +1846 //alert("info.ciphertext=" + info.ciphertext); +1847 info.pbkdf2Salt = CryptoJS.enc.Hex.stringify(pbkdf2SaltWS); +1848 info.pbkdf2Iter = pbkdf2Iter; +1849 info.encryptionSchemeAlg = encryptionSchemeAlg; +1850 info.encryptionSchemeIV = CryptoJS.enc.Hex.stringify(encryptionSchemeIVWS); +1851 return info; +1852 }; +1853 +1854 // x. PEM PKCS#8 plain private key of RSA private key object +1855 if (formatType == "PKCS8PRV" && +1856 typeof RSAKey != "undefined" && +1857 keyObjOrHex instanceof RSAKey && +1858 keyObjOrHex.isPrivate == true) { +1859 +1860 var keyObj = _rsaprv2asn1obj(keyObjOrHex); +1861 var keyHex = keyObj.getEncodedHex(); +1862 +1863 var asn1Obj = KJUR.asn1.ASN1Util.newObject({ +1864 "seq": [ +1865 {"int": 0}, +1866 {"seq": [{"oid": {"name": "rsaEncryption"}},{"null": true}]}, +1867 {"octstr": {"hex": keyHex}} +1868 ] +1869 }); +1870 var asn1Hex = asn1Obj.getEncodedHex(); +1871 +1872 if (passwd === undefined || passwd == null) { +1873 return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY"); +1874 } else { +1875 var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd); +1876 return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY"); +1877 } +1878 } +1879 +1880 // x. PEM PKCS#8 plain private key of ECDSA private key object +1881 if (formatType == "PKCS8PRV" && +1882 typeof KJUR.crypto.ECDSA != "undefined" && +1883 keyObjOrHex instanceof KJUR.crypto.ECDSA && +1884 keyObjOrHex.isPrivate == true) { +1885 +1886 var keyObj = new KJUR.asn1.ASN1Util.newObject({ +1887 "seq": [ +1888 {"int": 1}, +1889 {"octstr": {"hex": keyObjOrHex.prvKeyHex}}, +1890 {"tag": ['a1', true, {"bitstr": {"hex": "00" + keyObjOrHex.pubKeyHex}}]} +1891 ] +1892 }); +1893 var keyHex = keyObj.getEncodedHex(); +1894 +1895 var asn1Obj = KJUR.asn1.ASN1Util.newObject({ +1896 "seq": [ +1897 {"int": 0}, +1898 {"seq": [ +1899 {"oid": {"name": "ecPublicKey"}}, +1900 {"oid": {"name": keyObjOrHex.curveName}} +1901 ]}, +1902 {"octstr": {"hex": keyHex}} +1903 ] +1904 }); +1905 +1906 var asn1Hex = asn1Obj.getEncodedHex(); +1907 if (passwd === undefined || passwd == null) { +1908 return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY"); +1909 } else { +1910 var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd); +1911 return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY"); +1912 } +1913 } +1914 +1915 // x. PEM PKCS#8 plain private key of DSA private key object +1916 if (formatType == "PKCS8PRV" && +1917 typeof KJUR.crypto.DSA != "undefined" && +1918 keyObjOrHex instanceof KJUR.crypto.DSA && +1919 keyObjOrHex.isPrivate == true) { +1920 +1921 var keyObj = new KJUR.asn1.DERInteger({'bigint': keyObjOrHex.x}); +1922 var keyHex = keyObj.getEncodedHex(); +1923 +1924 var asn1Obj = KJUR.asn1.ASN1Util.newObject({ +1925 "seq": [ +1926 {"int": 0}, +1927 {"seq": [ +1928 {"oid": {"name": "dsa"}}, +1929 {"seq": [ +1930 {"int": {"bigint": keyObjOrHex.p}}, +1931 {"int": {"bigint": keyObjOrHex.q}}, +1932 {"int": {"bigint": keyObjOrHex.g}} +1933 ]} +1934 ]}, +1935 {"octstr": {"hex": keyHex}} +1936 ] +1937 }); +1938 +1939 var asn1Hex = asn1Obj.getEncodedHex(); +1940 if (passwd === undefined || passwd == null) { +1941 return ns1.ASN1Util.getPEMStringFromHex(asn1Hex, "PRIVATE KEY"); +1942 } else { +1943 var asn1Hex2 = _getEncryptedPKCS8(asn1Hex, passwd); +1944 return ns1.ASN1Util.getPEMStringFromHex(asn1Hex2, "ENCRYPTED PRIVATE KEY"); +1945 } +1946 } +1947 +1948 throw "unsupported object nor format"; +1949 }; +1950 +1951 // -- PUBLIC METHODS FOR CSR ------------------------------------------------------- +1952 +1953 /** +1954 * get RSAKey/DSA/ECDSA public key object from PEM formatted PKCS#10 CSR string +1955 * @name getKeyFromCSRPEM +1956 * @memberOf KEYUTIL +1957 * @function +1958 * @param {String} csrPEM PEM formatted PKCS#10 CSR string +1959 * @return {Object} RSAKey/DSA/ECDSA public key object +1960 * @since keyutil 1.0.5 +1961 */ +1962 KEYUTIL.getKeyFromCSRPEM = function(csrPEM) { +1963 var csrHex = KEYUTIL.getHexFromPEM(csrPEM, "CERTIFICATE REQUEST"); +1964 var key = KEYUTIL.getKeyFromCSRHex(csrHex); +1965 return key; +1966 }; +1967 +1968 /** +1969 * get RSAKey/DSA/ECDSA public key object from hexadecimal string of PKCS#10 CSR +1970 * @name getKeyFromCSRHex +1971 * @memberOf KEYUTIL +1972 * @function +1973 * @param {String} csrHex hexadecimal string of PKCS#10 CSR +1974 * @return {Object} RSAKey/DSA/ECDSA public key object +1975 * @since keyutil 1.0.5 +1976 */ +1977 KEYUTIL.getKeyFromCSRHex = function(csrHex) { +1978 var info = KEYUTIL.parseCSRHex(csrHex); +1979 var key = KEYUTIL.getKey(info.p8pubkeyhex, null, "pkcs8pub"); +1980 return key; +1981 }; +1982 +1983 /** +1984 * parse hexadecimal string of PKCS#10 CSR (certificate signing request) +1985 * @name parseCSRHex +1986 * @memberOf KEYUTIL +1987 * @function +1988 * @param {String} csrHex hexadecimal string of PKCS#10 CSR +1989 * @return {Array} associative array of parsed CSR +1990 * @since keyutil 1.0.5 +1991 * @description +1992 * Resulted associative array has following properties: +1993 * <ul> +1994 * <li>p8pubkeyhex - hexadecimal string of subject public key in PKCS#8</li> +1995 * </ul> +1996 */ +1997 KEYUTIL.parseCSRHex = function(csrHex) { +1998 var result = {}; +1999 var h = csrHex; +2000 +2001 // 1. sequence +2002 if (h.substr(0, 2) != "30") +2003 throw "malformed CSR(code:001)"; // not sequence +2004 +2005 var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(h, 0); +2006 if (a1.length < 1) +2007 throw "malformed CSR(code:002)"; // short length +2008 +2009 // 2. 2nd sequence +2010 if (h.substr(a1[0], 2) != "30") +2011 throw "malformed CSR(code:003)"; // not sequence +2012 +2013 var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(h, a1[0]); +2014 if (a2.length < 3) +2015 throw "malformed CSR(code:004)"; // 2nd seq short elem +2016 +2017 result.p8pubkeyhex = ASN1HEX.getHexOfTLV_AtObj(h, a2[2]); +2018 +2019 return result; +2020 }; +2021 \ No newline at end of file diff --git a/api/symbols/src/x509-1.1.js.html b/api/symbols/src/x509-1.1.js.html index c382925a..d46898d1 100644 --- a/api/symbols/src/x509-1.1.js.html +++ b/api/symbols/src/x509-1.1.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
      1 /*! x509-1.1.8.js (c) 2012-2016 Kenji Urushima | kjur.github.com/jsrsasign/license
    +	
      1 /*! x509-1.1.9.js (c) 2012-2016 Kenji Urushima | kjur.github.com/jsrsasign/license
       2  */
       3 /* 
       4  * x509.js - X509 class to read subject public key from certificate.
    @@ -23,7 +23,7 @@
      16  * @fileOverview
      17  * @name x509-1.1.js
      18  * @author Kenji Urushima kenji.urushima@gmail.com
    - 19  * @version x509 1.1.8 (2016-Apr-24)
    + 19  * @version x509 1.1.9 (2016-May-10)
      20  * @since jsrsasign 1.x.x
      21  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
      22  */
    @@ -496,739 +496,747 @@
     489     "0603550405": "SN",
     490     "0603550408": "ST",
     491     "0603550407": "L",
    -492 };
    -493 
    -494 /**
    -495  * get RSAKey/ECDSA public key object from PEM certificate string
    -496  * @name getPublicKeyFromCertPEM
    -497  * @memberOf X509
    -498  * @function
    -499  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
    -500  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
    -501  * @since x509 1.1.1
    -502  * @description
    -503  * NOTE: DSA is also supported since x509 1.1.2.
    -504  */
    -505 X509.getPublicKeyFromCertPEM = function(sCertPEM) {
    -506     var info = X509.getPublicKeyInfoPropOfCertPEM(sCertPEM);
    -507 
    -508     if (info.algoid == "2a864886f70d010101") { // RSA
    -509         var aRSA = KEYUTIL.parsePublicRawRSAKeyHex(info.keyhex);
    -510         var key = new RSAKey();
    -511         key.setPublic(aRSA.n, aRSA.e);
    -512         return key;
    -513     } else if (info.algoid == "2a8648ce3d0201") { // ECC
    -514         var curveName = KJUR.crypto.OID.oidhex2name[info.algparam];
    -515         var key = new KJUR.crypto.ECDSA({'curve': curveName, 'info': info.keyhex});
    -516         key.setPublicKeyHex(info.keyhex);
    +492     "0603550409": "streetAddress",
    +493     "060355040f": "businessCategory",
    +494     "0603550411": "postalCode",
    +495     "060b2b0601040182373c020102": "jurisdictionOfIncorporationSP",
    +496     "060b2b0601040182373c020103": "jurisdictionOfIncorporationC",
    +497 };
    +498 
    +499 /**
    +500  * get RSAKey/ECDSA public key object from PEM certificate string
    +501  * @name getPublicKeyFromCertPEM
    +502  * @memberOf X509
    +503  * @function
    +504  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
    +505  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
    +506  * @since x509 1.1.1
    +507  * @description
    +508  * NOTE: DSA is also supported since x509 1.1.2.
    +509  */
    +510 X509.getPublicKeyFromCertPEM = function(sCertPEM) {
    +511     var info = X509.getPublicKeyInfoPropOfCertPEM(sCertPEM);
    +512 
    +513     if (info.algoid == "2a864886f70d010101") { // RSA
    +514         var aRSA = KEYUTIL.parsePublicRawRSAKeyHex(info.keyhex);
    +515         var key = new RSAKey();
    +516         key.setPublic(aRSA.n, aRSA.e);
     517         return key;
    -518     } else if (info.algoid == "2a8648ce380401") { // DSA 1.2.840.10040.4.1
    -519         var p = ASN1HEX.getVbyList(info.algparam, 0, [0], "02");
    -520         var q = ASN1HEX.getVbyList(info.algparam, 0, [1], "02");
    -521         var g = ASN1HEX.getVbyList(info.algparam, 0, [2], "02");
    -522         var y = ASN1HEX.getHexOfV_AtObj(info.keyhex, 0);
    -523         y = y.substr(2);
    -524         var key = new KJUR.crypto.DSA();
    -525         key.setPublic(new BigInteger(p, 16),
    -526                       new BigInteger(q, 16),
    -527                       new BigInteger(g, 16),
    -528                       new BigInteger(y, 16));
    -529         return key;
    -530     } else {
    -531         throw "unsupported key";
    -532     }
    -533 };
    -534 
    -535 /**
    -536  * get public key information from PEM certificate
    -537  * @name getPublicKeyInfoPropOfCertPEM
    -538  * @memberOf X509
    -539  * @function
    -540  * @param {String} sCertPEM string of PEM formatted certificate
    -541  * @return {Hash} hash of information for public key
    -542  * @since x509 1.1.1
    -543  * @description
    -544  * Resulted associative array has following properties:
    -545  * <ul>
    -546  * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
    -547  * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
    -548  * <li>keyhex - hexadecimal string of key in the certificate</li>
    -549  * </ul>
    -550  * @since x509 1.1.1
    -551  */
    -552 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) {
    -553     var result = {};
    -554     result.algparam = null;
    -555     var hCert = X509.pemToHex(sCertPEM);
    -556 
    -557     // 1. Certificate ASN.1
    -558     var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, 0); 
    -559     if (a1.length != 3)
    -560         throw "malformed X.509 certificate PEM (code:001)"; // not 3 item of seq Cert
    +518     } else if (info.algoid == "2a8648ce3d0201") { // ECC
    +519         var curveName = KJUR.crypto.OID.oidhex2name[info.algparam];
    +520         var key = new KJUR.crypto.ECDSA({'curve': curveName, 'info': info.keyhex});
    +521         key.setPublicKeyHex(info.keyhex);
    +522         return key;
    +523     } else if (info.algoid == "2a8648ce380401") { // DSA 1.2.840.10040.4.1
    +524         var p = ASN1HEX.getVbyList(info.algparam, 0, [0], "02");
    +525         var q = ASN1HEX.getVbyList(info.algparam, 0, [1], "02");
    +526         var g = ASN1HEX.getVbyList(info.algparam, 0, [2], "02");
    +527         var y = ASN1HEX.getHexOfV_AtObj(info.keyhex, 0);
    +528         y = y.substr(2);
    +529         var key = new KJUR.crypto.DSA();
    +530         key.setPublic(new BigInteger(p, 16),
    +531                       new BigInteger(q, 16),
    +532                       new BigInteger(g, 16),
    +533                       new BigInteger(y, 16));
    +534         return key;
    +535     } else {
    +536         throw "unsupported key";
    +537     }
    +538 };
    +539 
    +540 /**
    +541  * get public key information from PEM certificate
    +542  * @name getPublicKeyInfoPropOfCertPEM
    +543  * @memberOf X509
    +544  * @function
    +545  * @param {String} sCertPEM string of PEM formatted certificate
    +546  * @return {Hash} hash of information for public key
    +547  * @since x509 1.1.1
    +548  * @description
    +549  * Resulted associative array has following properties:<br/>
    +550  * <ul>
    +551  * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
    +552  * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
    +553  * <li>keyhex - hexadecimal string of key in the certificate</li>
    +554  * </ul>
    +555  * NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
    +556  */
    +557 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) {
    +558     var result = {};
    +559     result.algparam = null;
    +560     var hCert = X509.pemToHex(sCertPEM);
     561 
    -562     // 2. tbsCertificate
    -563     if (hCert.substr(a1[0], 2) != "30")
    -564         throw "malformed X.509 certificate PEM (code:002)"; // tbsCert not seq 
    -565 
    -566     var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a1[0]); 
    -567 
    -568     // 3. subjectPublicKeyInfo
    -569     if (a2.length < 7)
    -570         throw "malformed X.509 certificate PEM (code:003)"; // no subjPubKeyInfo
    -571 
    -572     var a3 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a2[6]); 
    -573 
    -574     if (a3.length != 2)
    -575         throw "malformed X.509 certificate PEM (code:004)"; // not AlgId and PubKey
    +562     // 1. Certificate ASN.1
    +563     var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, 0); 
    +564     if (a1.length != 3)
    +565         throw "malformed X.509 certificate PEM (code:001)"; // not 3 item of seq Cert
    +566 
    +567     // 2. tbsCertificate
    +568     if (hCert.substr(a1[0], 2) != "30")
    +569         throw "malformed X.509 certificate PEM (code:002)"; // tbsCert not seq 
    +570 
    +571     var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a1[0]); 
    +572 
    +573     // 3. subjectPublicKeyInfo
    +574     var idx_spi = 6; // subjectPublicKeyInfo index in tbsCert for v3 cert
    +575     if (hCert.substr(a2[0], 2) !== "a0") idx_spi = 5;
     576 
    -577     // 4. AlgId
    -578     var a4 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a3[0]); 
    +577     if (a2.length < idx_spi + 1)
    +578         throw "malformed X.509 certificate PEM (code:003)"; // no subjPubKeyInfo
     579 
    -580     if (a4.length != 2)
    -581         throw "malformed X.509 certificate PEM (code:005)"; // not 2 item in AlgId
    -582 
    -583     result.algoid = ASN1HEX.getHexOfV_AtObj(hCert, a4[0]);
    +580     var a3 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a2[idx_spi]); 
    +581 
    +582     if (a3.length != 2)
    +583         throw "malformed X.509 certificate PEM (code:004)"; // not AlgId and PubKey
     584 
    -585     if (hCert.substr(a4[1], 2) == "06") { // EC
    -586         result.algparam = ASN1HEX.getHexOfV_AtObj(hCert, a4[1]);
    -587     } else if (hCert.substr(a4[1], 2) == "30") { // DSA
    -588         result.algparam = ASN1HEX.getHexOfTLV_AtObj(hCert, a4[1]);
    -589     }
    +585     // 4. AlgId
    +586     var a4 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a3[0]); 
    +587 
    +588     if (a4.length != 2)
    +589         throw "malformed X.509 certificate PEM (code:005)"; // not 2 item in AlgId
     590 
    -591     // 5. Public Key Hex
    -592     if (hCert.substr(a3[1], 2) != "03")
    -593         throw "malformed X.509 certificate PEM (code:006)"; // not bitstring
    -594 
    -595     var unusedBitAndKeyHex = ASN1HEX.getHexOfV_AtObj(hCert, a3[1]);
    -596     result.keyhex = unusedBitAndKeyHex.substr(2);
    -597 
    -598     return result;
    -599 };
    -600 
    -601 /**
    -602  * get position of subjectPublicKeyInfo field from HEX certificate
    -603  * @name getPublicKeyInfoPosOfCertHEX
    -604  * @memberOf X509
    -605  * @function
    -606  * @param {String} hCert hexadecimal string of certificate
    -607  * @return {Integer} position in hexadecimal string
    -608  * @since x509 1.1.4
    -609  * @description
    -610  * get position for SubjectPublicKeyInfo field in the hexadecimal string of
    -611  * certificate.
    -612  */
    -613 X509.getPublicKeyInfoPosOfCertHEX = function(hCert) {
    -614     // 1. Certificate ASN.1
    -615     var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, 0); 
    -616     if (a1.length != 3)
    -617         throw "malformed X.509 certificate PEM (code:001)"; // not 3 item of seq Cert
    -618 
    -619     // 2. tbsCertificate
    -620     if (hCert.substr(a1[0], 2) != "30")
    -621         throw "malformed X.509 certificate PEM (code:002)"; // tbsCert not seq 
    -622 
    -623     var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a1[0]); 
    -624 
    -625     // 3. subjectPublicKeyInfo
    -626     if (a2.length < 7)
    -627         throw "malformed X.509 certificate PEM (code:003)"; // no subjPubKeyInfo
    -628     
    -629     return a2[6];
    -630 };
    -631 
    -632 /**
    -633  * get array of X.509 V3 extension value information in hex string of certificate
    -634  * @name getV3ExtInfoListOfCertHex
    -635  * @memberOf X509
    -636  * @function
    -637  * @param {String} hCert hexadecimal string of X.509 certificate binary
    -638  * @return {Array} array of result object by {@link X509.getV3ExtInfoListOfCertHex}
    -639  * @since x509 1.1.5
    -640  * @description
    -641  * This method will get all extension information of a X.509 certificate.
    -642  * Items of resulting array has following properties:
    -643  * <ul>
    -644  * <li>posTLV - index of ASN.1 TLV for the extension. same as 'pos' argument.</li>
    -645  * <li>oid - dot noted string of extension oid (ex. 2.5.29.14)</li>
    -646  * <li>critical - critical flag value for this extension</li>
    -647  * <li>posV - index of ASN.1 TLV for the extension value.
    -648  * This is a position of a content of ENCAPSULATED OCTET STRING.</li>
    -649  * </ul>
    -650  * @example
    -651  * hCert = X509.pemToHex(certGithubPEM);
    -652  * a = X509.getV3ExtInfoListOfCertHex(hCert);
    -653  * // Then a will be an array of like following:
    -654  * [{posTLV: 1952, oid: "2.5.29.35", critical: false, posV: 1968},
    -655  *  {posTLV: 1974, oid: "2.5.29.19", critical: true, posV: 1986}, ...]
    -656  */
    -657 X509.getV3ExtInfoListOfCertHex = function(hCert) {
    -658     // 1. Certificate ASN.1
    -659     var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, 0); 
    -660     if (a1.length != 3)
    -661         throw "malformed X.509 certificate PEM (code:001)"; // not 3 item of seq Cert
    -662 
    -663     // 2. tbsCertificate
    -664     if (hCert.substr(a1[0], 2) != "30")
    -665         throw "malformed X.509 certificate PEM (code:002)"; // tbsCert not seq 
    -666 
    -667     var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a1[0]); 
    -668 
    -669     // 3. v3Extension EXPLICIT Tag [3]
    -670     // ver, seri, alg, iss, validity, subj, spki, (iui,) (sui,) ext
    -671     if (a2.length < 8)
    -672         throw "malformed X.509 certificate PEM (code:003)"; // tbsCert num field too short
    -673 
    -674     if (hCert.substr(a2[7], 2) != "a3")
    -675         throw "malformed X.509 certificate PEM (code:004)"; // not [3] tag
    +591     result.algoid = ASN1HEX.getHexOfV_AtObj(hCert, a4[0]);
    +592 
    +593     if (hCert.substr(a4[1], 2) == "06") { // EC
    +594         result.algparam = ASN1HEX.getHexOfV_AtObj(hCert, a4[1]);
    +595     } else if (hCert.substr(a4[1], 2) == "30") { // DSA
    +596         result.algparam = ASN1HEX.getHexOfTLV_AtObj(hCert, a4[1]);
    +597     }
    +598 
    +599     // 5. Public Key Hex
    +600     if (hCert.substr(a3[1], 2) != "03")
    +601         throw "malformed X.509 certificate PEM (code:006)"; // not bitstring
    +602 
    +603     var unusedBitAndKeyHex = ASN1HEX.getHexOfV_AtObj(hCert, a3[1]);
    +604     result.keyhex = unusedBitAndKeyHex.substr(2);
    +605 
    +606     return result;
    +607 };
    +608 
    +609 /**
    +610  * get position of subjectPublicKeyInfo field from HEX certificate
    +611  * @name getPublicKeyInfoPosOfCertHEX
    +612  * @memberOf X509
    +613  * @function
    +614  * @param {String} hCert hexadecimal string of certificate
    +615  * @return {Integer} position in hexadecimal string
    +616  * @since x509 1.1.4
    +617  * @description
    +618  * get position for SubjectPublicKeyInfo field in the hexadecimal string of
    +619  * certificate.
    +620  */
    +621 X509.getPublicKeyInfoPosOfCertHEX = function(hCert) {
    +622     // 1. Certificate ASN.1
    +623     var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, 0); 
    +624     if (a1.length != 3)
    +625         throw "malformed X.509 certificate PEM (code:001)"; // not 3 item of seq Cert
    +626 
    +627     // 2. tbsCertificate
    +628     if (hCert.substr(a1[0], 2) != "30")
    +629         throw "malformed X.509 certificate PEM (code:002)"; // tbsCert not seq 
    +630 
    +631     var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a1[0]); 
    +632 
    +633     // 3. subjectPublicKeyInfo
    +634     if (a2.length < 7)
    +635         throw "malformed X.509 certificate PEM (code:003)"; // no subjPubKeyInfo
    +636     
    +637     return a2[6];
    +638 };
    +639 
    +640 /**
    +641  * get array of X.509 V3 extension value information in hex string of certificate
    +642  * @name getV3ExtInfoListOfCertHex
    +643  * @memberOf X509
    +644  * @function
    +645  * @param {String} hCert hexadecimal string of X.509 certificate binary
    +646  * @return {Array} array of result object by {@link X509.getV3ExtInfoListOfCertHex}
    +647  * @since x509 1.1.5
    +648  * @description
    +649  * This method will get all extension information of a X.509 certificate.
    +650  * Items of resulting array has following properties:
    +651  * <ul>
    +652  * <li>posTLV - index of ASN.1 TLV for the extension. same as 'pos' argument.</li>
    +653  * <li>oid - dot noted string of extension oid (ex. 2.5.29.14)</li>
    +654  * <li>critical - critical flag value for this extension</li>
    +655  * <li>posV - index of ASN.1 TLV for the extension value.
    +656  * This is a position of a content of ENCAPSULATED OCTET STRING.</li>
    +657  * </ul>
    +658  * @example
    +659  * hCert = X509.pemToHex(certGithubPEM);
    +660  * a = X509.getV3ExtInfoListOfCertHex(hCert);
    +661  * // Then a will be an array of like following:
    +662  * [{posTLV: 1952, oid: "2.5.29.35", critical: false, posV: 1968},
    +663  *  {posTLV: 1974, oid: "2.5.29.19", critical: true, posV: 1986}, ...]
    +664  */
    +665 X509.getV3ExtInfoListOfCertHex = function(hCert) {
    +666     // 1. Certificate ASN.1
    +667     var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, 0); 
    +668     if (a1.length != 3)
    +669         throw "malformed X.509 certificate PEM (code:001)"; // not 3 item of seq Cert
    +670 
    +671     // 2. tbsCertificate
    +672     if (hCert.substr(a1[0], 2) != "30")
    +673         throw "malformed X.509 certificate PEM (code:002)"; // tbsCert not seq 
    +674 
    +675     var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a1[0]); 
     676 
    -677     var a3 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a2[7]);
    -678     if (a3.length != 1)
    -679         throw "malformed X.509 certificate PEM (code:005)"; // [3]tag numChild!=1
    -680 
    -681     // 4. v3Extension SEQUENCE
    -682     if (hCert.substr(a3[0], 2) != "30")
    -683         throw "malformed X.509 certificate PEM (code:006)"; // not SEQ
    +677     // 3. v3Extension EXPLICIT Tag [3]
    +678     // ver, seri, alg, iss, validity, subj, spki, (iui,) (sui,) ext
    +679     if (a2.length < 8)
    +680         throw "malformed X.509 certificate PEM (code:003)"; // tbsCert num field too short
    +681 
    +682     if (hCert.substr(a2[7], 2) != "a3")
    +683         throw "malformed X.509 certificate PEM (code:004)"; // not [3] tag
     684 
    -685     var a4 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a3[0]);
    -686 
    -687     // 5. v3Extension item position
    -688     var numExt = a4.length;
    -689     var aInfo = new Array(numExt);
    -690     for (var i = 0; i < numExt; i++) {
    -691 	aInfo[i] = X509.getV3ExtItemInfo_AtObj(hCert, a4[i]);
    -692     }
    -693     return aInfo;
    -694 };
    -695 
    -696 /**
    -697  * get X.509 V3 extension value information at the specified position
    -698  * @name getV3ExtItemInfo_AtObj
    -699  * @memberOf X509
    -700  * @function
    -701  * @param {String} hCert hexadecimal string of X.509 certificate binary
    -702  * @param {Integer} pos index of hexadecimal string for the extension
    -703  * @return {Object} properties for the extension
    -704  * @since x509 1.1.5
    -705  * @description
    -706  * This method will get some information of a X.509 V extension 
    -707  * which is referred by an index of hexadecimal string of X.509 
    -708  * certificate. 
    -709  * Resulting object has following properties:
    -710  * <ul>
    -711  * <li>posTLV - index of ASN.1 TLV for the extension. same as 'pos' argument.</li>
    -712  * <li>oid - dot noted string of extension oid (ex. 2.5.29.14)</li>
    -713  * <li>critical - critical flag value for this extension</li>
    -714  * <li>posV - index of ASN.1 TLV for the extension value.
    -715  * This is a position of a content of ENCAPSULATED OCTET STRING.</li>
    -716  * </ul>
    -717  * This method is used by {@link X509.getV3ExtInfoListOfCertHex} internally.
    -718  */
    -719 X509.getV3ExtItemInfo_AtObj = function(hCert, pos) {
    -720     var info = {};
    -721 
    -722     // posTLV - extension TLV
    -723     info.posTLV = pos;
    -724 
    -725     var a  = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, pos);
    -726     if (a.length != 2 && a.length != 3)
    -727         throw "malformed X.509v3 Ext (code:001)"; // oid,(critical,)val
    -728 
    -729     // oid - extension OID
    -730     if (hCert.substr(a[0], 2) != "06")
    -731         throw "malformed X.509v3 Ext (code:002)"; // not OID "06"
    -732     var valueHex = ASN1HEX.getHexOfV_AtObj(hCert, a[0]);
    -733     info.oid = ASN1HEX.hextooidstr(valueHex); 
    -734 
    -735     // critical - extension critical flag
    -736     info.critical = false; // critical false by default
    -737     if (a.length == 3) info.critical = true;
    -738 
    -739     // posV - content TLV position of encapsulated
    -740     //        octet string of V3 extension value.
    -741     var posExtV = a[a.length - 1];
    -742     if (hCert.substr(posExtV, 2) != "04")
    -743         throw "malformed X.509v3 Ext (code:003)"; // not EncapOctet "04"
    -744     info.posV = ASN1HEX.getStartPosOfV_AtObj(hCert, posExtV);
    -745     
    -746     return info;
    -747 };
    -748 
    -749 /**
    -750  * get X.509 V3 extension value ASN.1 TLV for specified oid or name
    -751  * @name getHexOfTLV_V3ExtValue
    -752  * @memberOf X509
    -753  * @function
    -754  * @param {String} hCert hexadecimal string of X.509 certificate binary
    -755  * @param {String} oidOrName oid or name for extension (ex. 'keyUsage' or '2.5.29.15')
    -756  * @return {String} hexadecimal string of extension ASN.1 TLV
    -757  * @since x509 1.1.6
    -758  * @description
    -759  * This method will get X.509v3 extension value of ASN.1 TLV
    -760  * which is specifyed by extension name or oid. 
    -761  * If there is no such extension in the certificate, it returns null.
    -762  * @example
    -763  * hExtValue = X509.getHexOfTLV_V3ExtValue(hCert, "keyUsage");
    -764  * // hExtValue will be such like '030205a0'.
    -765  */
    -766 X509.getHexOfTLV_V3ExtValue = function(hCert, oidOrName) {
    -767     var pos = X509.getPosOfTLV_V3ExtValue(hCert, oidOrName);
    -768     if (pos == -1) return null;
    -769     return ASN1HEX.getHexOfTLV_AtObj(hCert, pos);
    -770 };
    -771 
    -772 /**
    -773  * get X.509 V3 extension value ASN.1 V for specified oid or name
    -774  * @name getHexOfV_V3ExtValue
    -775  * @memberOf X509
    -776  * @function
    -777  * @param {String} hCert hexadecimal string of X.509 certificate binary
    -778  * @param {String} oidOrName oid or name for extension (ex. 'keyUsage' or '2.5.29.15')
    -779  * @return {String} hexadecimal string of extension ASN.1 TLV
    -780  * @since x509 1.1.6
    -781  * @description
    -782  * This method will get X.509v3 extension value of ASN.1 value
    -783  * which is specifyed by extension name or oid. 
    -784  * If there is no such extension in the certificate, it returns null.
    -785  * Available extension names and oids are defined
    -786  * in the {@link KJUR.asn1.x509.OID} class.
    -787  * @example
    -788  * hExtValue = X509.getHexOfV_V3ExtValue(hCert, "keyUsage");
    -789  * // hExtValue will be such like '05a0'.
    -790  */
    -791 X509.getHexOfV_V3ExtValue = function(hCert, oidOrName) {
    -792     var pos = X509.getPosOfTLV_V3ExtValue(hCert, oidOrName);
    -793     if (pos == -1) return null;
    -794     return ASN1HEX.getHexOfV_AtObj(hCert, pos);
    -795 };
    -796 
    -797 /**
    -798  * get index in the certificate hexa string for specified oid or name specified extension
    -799  * @name getPosOfTLV_V3ExtValue
    -800  * @memberOf X509
    -801  * @function
    -802  * @param {String} hCert hexadecimal string of X.509 certificate binary
    -803  * @param {String} oidOrName oid or name for extension (ex. 'keyUsage' or '2.5.29.15')
    -804  * @return {Integer} index in the hexadecimal string of certficate for specified extension
    -805  * @since x509 1.1.6
    -806  * @description
    -807  * This method will get X.509v3 extension value of ASN.1 V(value)
    -808  * which is specifyed by extension name or oid. 
    -809  * If there is no such extension in the certificate,
    -810  * it returns -1.
    -811  * Available extension names and oids are defined
    -812  * in the {@link KJUR.asn1.x509.OID} class.
    -813  * @example
    -814  * idx = X509.getPosOfV_V3ExtValue(hCert, "keyUsage");
    -815  * // The 'idx' will be index in the string for keyUsage value ASN.1 TLV.
    -816  */
    -817 X509.getPosOfTLV_V3ExtValue = function(hCert, oidOrName) {
    -818     var oid = oidOrName;
    -819     if (! oidOrName.match(/^[0-9.]+$/)) oid = KJUR.asn1.x509.OID.name2oid(oidOrName);
    -820     if (oid == '') return -1;
    -821 
    -822     var infoList = X509.getV3ExtInfoListOfCertHex(hCert);
    -823     for (var i = 0; i < infoList.length; i++) {
    -824 	var info = infoList[i];
    -825 	if (info.oid == oid) return info.posV;
    -826     }
    -827     return -1;
    -828 };
    +685     var a3 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a2[7]);
    +686     if (a3.length != 1)
    +687         throw "malformed X.509 certificate PEM (code:005)"; // [3]tag numChild!=1
    +688 
    +689     // 4. v3Extension SEQUENCE
    +690     if (hCert.substr(a3[0], 2) != "30")
    +691         throw "malformed X.509 certificate PEM (code:006)"; // not SEQ
    +692 
    +693     var a4 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a3[0]);
    +694 
    +695     // 5. v3Extension item position
    +696     var numExt = a4.length;
    +697     var aInfo = new Array(numExt);
    +698     for (var i = 0; i < numExt; i++) {
    +699 	aInfo[i] = X509.getV3ExtItemInfo_AtObj(hCert, a4[i]);
    +700     }
    +701     return aInfo;
    +702 };
    +703 
    +704 /**
    +705  * get X.509 V3 extension value information at the specified position
    +706  * @name getV3ExtItemInfo_AtObj
    +707  * @memberOf X509
    +708  * @function
    +709  * @param {String} hCert hexadecimal string of X.509 certificate binary
    +710  * @param {Integer} pos index of hexadecimal string for the extension
    +711  * @return {Object} properties for the extension
    +712  * @since x509 1.1.5
    +713  * @description
    +714  * This method will get some information of a X.509 V extension 
    +715  * which is referred by an index of hexadecimal string of X.509 
    +716  * certificate. 
    +717  * Resulting object has following properties:
    +718  * <ul>
    +719  * <li>posTLV - index of ASN.1 TLV for the extension. same as 'pos' argument.</li>
    +720  * <li>oid - dot noted string of extension oid (ex. 2.5.29.14)</li>
    +721  * <li>critical - critical flag value for this extension</li>
    +722  * <li>posV - index of ASN.1 TLV for the extension value.
    +723  * This is a position of a content of ENCAPSULATED OCTET STRING.</li>
    +724  * </ul>
    +725  * This method is used by {@link X509.getV3ExtInfoListOfCertHex} internally.
    +726  */
    +727 X509.getV3ExtItemInfo_AtObj = function(hCert, pos) {
    +728     var info = {};
    +729 
    +730     // posTLV - extension TLV
    +731     info.posTLV = pos;
    +732 
    +733     var a  = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, pos);
    +734     if (a.length != 2 && a.length != 3)
    +735         throw "malformed X.509v3 Ext (code:001)"; // oid,(critical,)val
    +736 
    +737     // oid - extension OID
    +738     if (hCert.substr(a[0], 2) != "06")
    +739         throw "malformed X.509v3 Ext (code:002)"; // not OID "06"
    +740     var valueHex = ASN1HEX.getHexOfV_AtObj(hCert, a[0]);
    +741     info.oid = ASN1HEX.hextooidstr(valueHex); 
    +742 
    +743     // critical - extension critical flag
    +744     info.critical = false; // critical false by default
    +745     if (a.length == 3) info.critical = true;
    +746 
    +747     // posV - content TLV position of encapsulated
    +748     //        octet string of V3 extension value.
    +749     var posExtV = a[a.length - 1];
    +750     if (hCert.substr(posExtV, 2) != "04")
    +751         throw "malformed X.509v3 Ext (code:003)"; // not EncapOctet "04"
    +752     info.posV = ASN1HEX.getStartPosOfV_AtObj(hCert, posExtV);
    +753     
    +754     return info;
    +755 };
    +756 
    +757 /**
    +758  * get X.509 V3 extension value ASN.1 TLV for specified oid or name
    +759  * @name getHexOfTLV_V3ExtValue
    +760  * @memberOf X509
    +761  * @function
    +762  * @param {String} hCert hexadecimal string of X.509 certificate binary
    +763  * @param {String} oidOrName oid or name for extension (ex. 'keyUsage' or '2.5.29.15')
    +764  * @return {String} hexadecimal string of extension ASN.1 TLV
    +765  * @since x509 1.1.6
    +766  * @description
    +767  * This method will get X.509v3 extension value of ASN.1 TLV
    +768  * which is specifyed by extension name or oid. 
    +769  * If there is no such extension in the certificate, it returns null.
    +770  * @example
    +771  * hExtValue = X509.getHexOfTLV_V3ExtValue(hCert, "keyUsage");
    +772  * // hExtValue will be such like '030205a0'.
    +773  */
    +774 X509.getHexOfTLV_V3ExtValue = function(hCert, oidOrName) {
    +775     var pos = X509.getPosOfTLV_V3ExtValue(hCert, oidOrName);
    +776     if (pos == -1) return null;
    +777     return ASN1HEX.getHexOfTLV_AtObj(hCert, pos);
    +778 };
    +779 
    +780 /**
    +781  * get X.509 V3 extension value ASN.1 V for specified oid or name
    +782  * @name getHexOfV_V3ExtValue
    +783  * @memberOf X509
    +784  * @function
    +785  * @param {String} hCert hexadecimal string of X.509 certificate binary
    +786  * @param {String} oidOrName oid or name for extension (ex. 'keyUsage' or '2.5.29.15')
    +787  * @return {String} hexadecimal string of extension ASN.1 TLV
    +788  * @since x509 1.1.6
    +789  * @description
    +790  * This method will get X.509v3 extension value of ASN.1 value
    +791  * which is specifyed by extension name or oid. 
    +792  * If there is no such extension in the certificate, it returns null.
    +793  * Available extension names and oids are defined
    +794  * in the {@link KJUR.asn1.x509.OID} class.
    +795  * @example
    +796  * hExtValue = X509.getHexOfV_V3ExtValue(hCert, "keyUsage");
    +797  * // hExtValue will be such like '05a0'.
    +798  */
    +799 X509.getHexOfV_V3ExtValue = function(hCert, oidOrName) {
    +800     var pos = X509.getPosOfTLV_V3ExtValue(hCert, oidOrName);
    +801     if (pos == -1) return null;
    +802     return ASN1HEX.getHexOfV_AtObj(hCert, pos);
    +803 };
    +804 
    +805 /**
    +806  * get index in the certificate hexa string for specified oid or name specified extension
    +807  * @name getPosOfTLV_V3ExtValue
    +808  * @memberOf X509
    +809  * @function
    +810  * @param {String} hCert hexadecimal string of X.509 certificate binary
    +811  * @param {String} oidOrName oid or name for extension (ex. 'keyUsage' or '2.5.29.15')
    +812  * @return {Integer} index in the hexadecimal string of certficate for specified extension
    +813  * @since x509 1.1.6
    +814  * @description
    +815  * This method will get X.509v3 extension value of ASN.1 V(value)
    +816  * which is specifyed by extension name or oid. 
    +817  * If there is no such extension in the certificate,
    +818  * it returns -1.
    +819  * Available extension names and oids are defined
    +820  * in the {@link KJUR.asn1.x509.OID} class.
    +821  * @example
    +822  * idx = X509.getPosOfV_V3ExtValue(hCert, "keyUsage");
    +823  * // The 'idx' will be index in the string for keyUsage value ASN.1 TLV.
    +824  */
    +825 X509.getPosOfTLV_V3ExtValue = function(hCert, oidOrName) {
    +826     var oid = oidOrName;
    +827     if (! oidOrName.match(/^[0-9.]+$/)) oid = KJUR.asn1.x509.OID.name2oid(oidOrName);
    +828     if (oid == '') return -1;
     829 
    -830 /* ======================================================================
    -831  *   Specific V3 Extensions
    -832  * ====================================================================== */
    -833 
    -834 /**
    -835  * get BasicConstraints extension value as object in the certificate
    -836  * @name getExtBasicConstraints
    -837  * @memberOf X509
    -838  * @function
    -839  * @param {String} hCert hexadecimal string of X.509 certificate binary
    -840  * @return {Object} associative array which may have "cA" and "pathLen" parameters
    -841  * @since x509 1.1.7
    -842  * @description
    -843  * This method will get basic constraints extension value as object with following paramters.
    -844  * <ul>
    -845  * <li>cA - CA flag whether CA or not</li>
    -846  * <li>pathLen - maximum intermediate certificate length</li>
    -847  * </ul>
    -848  * There are use cases for return values:
    -849  * <ul>
    -850  * <li>{cA:true, pathLen:3} - cA flag is true and pathLen is 3</li>
    -851  * <li>{cA:true} - cA flag is true and no pathLen</li>
    -852  * <li>{} - basic constraints has no value in case of end entity certificate</li>
    -853  * <li>null - there is no basic constraints extension</li>
    -854  * </ul>
    -855  * @example
    -856  * obj = X509.getExtBasicConstraints(hCert);
    -857  */
    -858 X509.getExtBasicConstraints = function(hCert) {
    -859     var hBC = X509.getHexOfV_V3ExtValue(hCert, "basicConstraints");
    -860     if (hBC === null) return null;
    -861     if (hBC === '') return {};
    -862     if (hBC === '0101ff') return { "cA": true };
    -863     if (hBC.substr(0, 8) === '0101ff02') {
    -864 	var pathLexHex = ASN1HEX.getHexOfV_AtObj(hBC, 6);
    -865 	var pathLen = parseInt(pathLexHex, 16);
    -866 	return { "cA": true, "pathLen": pathLen };
    -867     }
    -868     throw "unknown error";
    -869 };
    -870 
    -871 X509.KEYUSAGE_NAME = [
    -872     "digitalSignature",
    -873     "nonRepudiation",
    -874     "keyEncipherment",
    -875     "dataEncipherment",
    -876     "keyAgreement",
    -877     "keyCertSign",
    -878     "cRLSign",
    -879     "encipherOnly",
    -880     "decipherOnly"
    -881 ];
    -882 
    -883 /**
    -884  * get KeyUsage extension value as binary string in the certificate
    -885  * @name getExtKeyUsageBin
    -886  * @memberOf X509
    -887  * @function
    -888  * @param {String} hCert hexadecimal string of X.509 certificate binary
    -889  * @return {String} binary string of key usage bits (ex. '101')
    -890  * @since x509 1.1.6
    -891  * @description
    -892  * This method will get key usage extension value
    -893  * as binary string such like '101'.
    -894  * Key usage bits definition is in the RFC 5280.
    -895  * If there is no key usage extension in the certificate,
    -896  * it returns empty string (i.e. '').
    -897  * @example
    -898  * bKeyUsage = X509.getExtKeyUsageBin(hCert);
    -899  * // bKeyUsage will be such like '101'.
    -900  * // 1 - digitalSignature 
    -901  * // 0 - nonRepudiation
    -902  * // 1 - keyEncipherment
    -903  */
    -904 X509.getExtKeyUsageBin = function(hCert) {
    -905     var hKeyUsage = X509.getHexOfV_V3ExtValue(hCert, "keyUsage");
    -906     if (hKeyUsage == '') return '';
    -907     if (hKeyUsage.length % 2 != 0 || hKeyUsage.length <= 2)
    -908 	throw "malformed key usage value";
    -909     var unusedBits = parseInt(hKeyUsage.substr(0, 2));
    -910     var bKeyUsage = parseInt(hKeyUsage.substr(2), 16).toString(2);
    -911     return bKeyUsage.substr(0, bKeyUsage.length - unusedBits);
    -912 };
    -913 
    -914 /**
    -915  * get KeyUsage extension value as names in the certificate
    -916  * @name getExtKeyUsageString
    -917  * @memberOf X509
    -918  * @function
    -919  * @param {String} hCert hexadecimal string of X.509 certificate binary
    -920  * @return {String} comma separated string of key usage
    -921  * @since x509 1.1.6
    -922  * @description
    -923  * This method will get key usage extension value
    -924  * as comma separated string of usage names.
    -925  * If there is no key usage extension in the certificate,
    -926  * it returns empty string (i.e. '').
    -927  * @example
    -928  * sKeyUsage = X509.getExtKeyUsageString(hCert);
    -929  * // sKeyUsage will be such like 'digitalSignature,keyEncipherment'.
    -930  */
    -931 X509.getExtKeyUsageString = function(hCert) {
    -932     var bKeyUsage = X509.getExtKeyUsageBin(hCert);
    -933     var a = new Array();
    -934     for (var i = 0; i < bKeyUsage.length; i++) {
    -935 	if (bKeyUsage.substr(i, 1) == "1") a.push(X509.KEYUSAGE_NAME[i]);
    -936     }
    -937     return a.join(",");
    -938 };
    -939 
    -940 /**
    -941  * get subjectKeyIdentifier value as hexadecimal string in the certificate
    -942  * @name getExtSubjectKeyIdentifier
    -943  * @memberOf X509
    -944  * @function
    -945  * @param {String} hCert hexadecimal string of X.509 certificate binary
    -946  * @return {String} hexadecimal string of subject key identifier or null
    -947  * @since jsrsasign 5.0.10 x509 1.1.8
    -948  * @description
    -949  * This method will get subject key identifier extension value
    -950  * as hexadecimal string.
    -951  * If there is no its extension in the certificate,
    -952  * it returns null.
    -953  * @example
    -954  * skid = X509.getExtSubjectKeyIdentifier(hCert);
    -955  */
    -956 X509.getExtSubjectKeyIdentifier = function(hCert) {
    -957     var hSKID = X509.getHexOfV_V3ExtValue(hCert, "subjectKeyIdentifier");
    -958     return hSKID;
    -959 };
    -960 
    -961 /**
    -962  * get authorityKeyIdentifier value as JSON object in the certificate
    -963  * @name getExtAuthorityKeyIdentifier
    -964  * @memberOf X509
    -965  * @function
    -966  * @param {String} hCert hexadecimal string of X.509 certificate binary
    -967  * @return {Object} JSON object of authority key identifier or null
    -968  * @since jsrsasign 5.0.10 x509 1.1.8
    -969  * @description
    -970  * This method will get authority key identifier extension value
    -971  * as JSON object.
    -972  * If there is no its extension in the certificate,
    -973  * it returns null.
    -974  * <br>
    -975  * NOTE: Currently this method only supports keyIdentifier so that
    -976  * authorityCertIssuer and authorityCertSerialNumber will not
    -977  * be return in the JSON object.
    -978  * @example
    -979  * akid = X509.getExtAuthorityKeyIdentifier(hCert);
    -980  * // returns following JSON object
    -981  * { kid: "1234abcd..." }
    -982  */
    -983 X509.getExtAuthorityKeyIdentifier = function(hCert) {
    -984     var result = {};
    -985     var hAKID = X509.getHexOfTLV_V3ExtValue(hCert, "authorityKeyIdentifier");
    -986     if (hAKID === null) return null;
    -987 
    -988     var a = ASN1HEX.getPosArrayOfChildren_AtObj(hAKID, 0); 
    -989     for (var i = 0; i < a.length; i++) {
    -990 	if (hAKID.substr(a[i], 2) === "80")
    -991 	    result.kid = ASN1HEX.getHexOfV_AtObj(hAKID, a[i]);
    -992     }
    -993     
    -994     return result;
    -995 };
    -996 
    -997 /**
    -998  * get extKeyUsage value as array of name string in the certificate
    -999  * @name getExtExtKeyUsageName
    -1000  * @memberOf X509
    -1001  * @function
    -1002  * @param {String} hCert hexadecimal string of X.509 certificate binary
    -1003  * @return {Object} array of extended key usage ID name or oid
    -1004  * @since jsrsasign 5.0.10 x509 1.1.8
    -1005  * @description
    -1006  * This method will get extended key usage extension value
    -1007  * as array of name or OID string.
    -1008  * If there is no its extension in the certificate,
    -1009  * it returns null.
    -1010  * <br>
    -1011  * NOTE: Supported extended key usage ID names are defined in
    -1012  * name2oidList parameter in asn1x509.js file.
    -1013  * @example
    -1014  * eku = X509.getExtExtKeyUsageName(hCert);
    -1015  * // returns following array:
    -1016  * ["serverAuth", "clientAuth", "0.1.2.3.4.5"]
    -1017  */
    -1018 X509.getExtExtKeyUsageName = function(hCert) {
    -1019     var result = new Array();
    -1020     var h = X509.getHexOfTLV_V3ExtValue(hCert, "extKeyUsage");
    -1021     if (h === null) return null;
    -1022 
    -1023     var a = ASN1HEX.getPosArrayOfChildren_AtObj(h, 0); 
    -1024     for (var i = 0; i < a.length; i++) {
    -1025 	var hex = ASN1HEX.getHexOfV_AtObj(h, a[i]);
    -1026 	var oid = KJUR.asn1.ASN1Util.oidHexToInt(hex);
    -1027 	var name = KJUR.asn1.x509.OID.oid2name(oid);
    -1028 	result.push(name);
    -1029     }
    -1030     
    -1031     return result;
    -1032 };
    -1033 
    -1034 /**
    -1035  * get subjectAltName value as array of string in the certificate
    -1036  * @name getExtSubjectAltName
    -1037  * @memberOf X509
    -1038  * @function
    -1039  * @param {String} hCert hexadecimal string of X.509 certificate binary
    -1040  * @return {Object} array of alt names
    -1041  * @since jsrsasign 5.0.10 x509 1.1.8
    -1042  * @description
    -1043  * This method will get subject alt name extension value
    -1044  * as array of name.
    -1045  * If there is no its extension in the certificate,
    -1046  * it returns null.
    -1047  * <br>
    -1048  * NOTE: Currently this method supports only dNSName so that
    -1049  * other name type such like iPAddress or generalName will not be returned.
    -1050  * @example
    -1051  * san = X509.getExtSubjectAltName(hCert);
    -1052  * // returns following array:
    -1053  * ["example.com", "example.org"]
    -1054  */
    -1055 X509.getExtSubjectAltName = function(hCert) {
    -1056     var result = new Array();
    -1057     var h = X509.getHexOfTLV_V3ExtValue(hCert, "subjectAltName");
    -1058     
    -1059     var a = ASN1HEX.getPosArrayOfChildren_AtObj(h, 0); 
    -1060     for (var i = 0; i < a.length; i++) {
    -1061 	if (h.substr(a[i], 2) === "82") {
    -1062 	    var fqdn = hextoutf8(ASN1HEX.getHexOfV_AtObj(h, a[i]));
    -1063 	    result.push(fqdn);
    -1064 	}
    -1065     }
    -1066 
    -1067     return result;
    -1068 };
    -1069 
    -1070 /**
    -1071  * get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate
    -1072  * @name getExtCRLDistributionPointsURI
    -1073  * @memberOf X509
    -1074  * @function
    -1075  * @param {String} hCert hexadecimal string of X.509 certificate binary
    -1076  * @return {Object} array of fullName URIs of CDP of the certificate
    -1077  * @since jsrsasign 5.0.10 x509 1.1.8
    -1078  * @description
    -1079  * This method will get all fullName URIs of cRLDistributionPoints extension
    -1080  * in the certificate as array of URI string.
    -1081  * If there is no its extension in the certificate,
    -1082  * it returns null.
    -1083  * <br>
    -1084  * NOTE: Currently this method supports only fullName URI so that
    -1085  * other parameters will not be returned.
    -1086  * @example
    -1087  * cdpuri = X509.getExtCRLDistributionPointsURI(hCert);
    -1088  * // returns following array:
    -1089  * ["http://example.com/aaa.crl", "http://example.org/aaa.crl"]
    -1090  */
    -1091 X509.getExtCRLDistributionPointsURI = function(hCert) {
    -1092     var result = new Array();
    -1093     var h = X509.getHexOfTLV_V3ExtValue(hCert, "cRLDistributionPoints");
    -1094 
    -1095     var a = ASN1HEX.getPosArrayOfChildren_AtObj(h, 0); 
    -1096     for (var i = 0; i < a.length; i++) {
    -1097 	var hDP = ASN1HEX.getHexOfTLV_AtObj(h, a[i]);
    -1098 
    -1099 	var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(hDP, 0); 
    -1100 	for (var j = 0; j < a1.length; j++) {
    -1101 	    if (hDP.substr(a1[j], 2) === "a0") {
    -1102 		var hDPN = ASN1HEX.getHexOfV_AtObj(hDP, a1[j]);
    -1103 		if (hDPN.substr(0, 2) === "a0") {
    -1104 		    var hFullName = ASN1HEX.getHexOfV_AtObj(hDPN, 0);
    -1105 		    if (hFullName.substr(0, 2) === "86") {
    -1106 			var hURI = ASN1HEX.getHexOfV_AtObj(hFullName, 0);
    -1107 			var uri = hextoutf8(hURI);
    -1108 			result.push(uri);
    -1109 		    }
    -1110 		}
    -1111 	    }
    -1112 	}
    -1113     }
    -1114 
    -1115     return result;
    -1116 };
    -1117 
    -1118 /**
    -1119  * get AuthorityInfoAccess extension value in the certificate as associative array
    -1120  * @name getExtAIAInfo
    -1121  * @memberOf X509
    -1122  * @function
    -1123  * @param {String} hCert hexadecimal string of X.509 certificate binary
    -1124  * @return {Object} associative array of AIA extension properties
    -1125  * @since x509 1.1.6
    -1126  * @description
    -1127  * This method will get authority info access value
    -1128  * as associate array which has following properties:
    -1129  * <ul>
    -1130  * <li>ocsp - array of string for OCSP responder URL</li>
    -1131  * <li>caissuer - array of string for caIssuer value (i.e. CA certificates URL)</li>
    -1132  * </ul>
    -1133  * If there is no key usage extension in the certificate,
    -1134  * it returns null;
    -1135  * @example
    -1136  * oAIA = X509.getExtAIAInfo(hCert);
    -1137  * // result will be such like:
    -1138  * // oAIA.ocsp = ["http://ocsp.foo.com"];
    -1139  * // oAIA.caissuer = ["http://rep.foo.com/aaa.p8m"];
    -1140  */
    -1141 X509.getExtAIAInfo = function(hCert) {
    -1142     var result = {};
    -1143     result.ocsp = [];
    -1144     result.caissuer = [];
    -1145     var pos1 = X509.getPosOfTLV_V3ExtValue(hCert, "authorityInfoAccess");
    -1146     if (pos1 == -1) return null;
    -1147     if (hCert.substr(pos1, 2) != "30") // extnValue SEQUENCE
    -1148 	throw "malformed AIA Extn Value";
    -1149     
    -1150     var posAccDescList = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, pos1);
    -1151     for (var i = 0; i < posAccDescList.length; i++) {
    -1152 	var p = posAccDescList[i];
    -1153 	var posAccDescChild = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, p);
    -1154 	if (posAccDescChild.length != 2)
    -1155 	    throw "malformed AccessDescription of AIA Extn";
    -1156 	var pOID = posAccDescChild[0];
    -1157 	var pName = posAccDescChild[1];
    -1158 	if (ASN1HEX.getHexOfV_AtObj(hCert, pOID) == "2b06010505073001") {
    -1159 	    if (hCert.substr(pName, 2) == "86") {
    -1160 		result.ocsp.push(hextoutf8(ASN1HEX.getHexOfV_AtObj(hCert, pName)));
    -1161 	    }
    -1162 	}
    -1163 	if (ASN1HEX.getHexOfV_AtObj(hCert, pOID) == "2b06010505073002") {
    -1164 	    if (hCert.substr(pName, 2) == "86") {
    -1165 		result.caissuer.push(hextoutf8(ASN1HEX.getHexOfV_AtObj(hCert, pName)));
    -1166 	    }
    -1167 	}
    -1168     }
    -1169     return result;
    -1170 };
    -1171 
    -1172 /**
    -1173  * get signature algorithm name from hexadecimal certificate data
    -1174  * @name getSignatureAlgorithmName
    -1175  * @memberOf X509
    -1176  * @function
    -1177  * @param {String} hCert hexadecimal string of X.509 certificate binary
    -1178  * @return {String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA)
    -1179  * @since x509 1.1.7
    -1180  * @description
    -1181  * This method will get signature algorithm name of certificate:
    -1182  * @example
    -1183  * algName = X509.getSignatureAlgorithmName(hCert);
    -1184  */
    -1185 X509.getSignatureAlgorithmName = function(hCert) {
    -1186     var sigAlgOidHex = ASN1HEX.getDecendantHexVByNthList(hCert, 0, [1, 0]);
    -1187     var sigAlgOidInt = KJUR.asn1.ASN1Util.oidHexToInt(sigAlgOidHex);
    -1188     var sigAlgName = KJUR.asn1.x509.OID.oid2name(sigAlgOidInt);
    -1189     return sigAlgName;
    -1190 };
    -1191 
    -1192 /**
    -1193  * get signature value in hexadecimal string
    -1194  * @name getSignatureValueHex
    -1195  * @memberOf X509
    -1196  * @function
    -1197  * @param {String} hCert hexadecimal string of X.509 certificate binary
    -1198  * @return {String} signature value hexadecimal string without BitString unused bits
    -1199  * @since x509 1.1.7
    -1200  * @description
    -1201  * This method will get signature value of certificate:
    -1202  * @example
    -1203  * sigHex = X509.getSignatureValueHex(hCert);
    -1204  */
    -1205 X509.getSignatureValueHex = function(hCert) {
    -1206     var h = ASN1HEX.getDecendantHexVByNthList(hCert, 0, [2]);
    -1207     if (h.substr(0, 2) !== "00")
    -1208 	throw "can't get signature value";
    -1209     return h.substr(2);
    -1210 };
    -1211 
    -1212 X509.getSerialNumberHex = function(hCert) {
    -1213     return ASN1HEX.getDecendantHexVByNthList(hCert, 0, [0, 1]);
    -1214 };
    -1215 
    -1216 /*
    -1217   X509.prototype.readCertPEM = _x509_readCertPEM;
    -1218   X509.prototype.readCertPEMWithoutRSAInit = _x509_readCertPEMWithoutRSAInit;
    -1219   X509.prototype.getSerialNumberHex = _x509_getSerialNumberHex;
    -1220   X509.prototype.getIssuerHex = _x509_getIssuerHex;
    -1221   X509.prototype.getSubjectHex = _x509_getSubjectHex;
    -1222   X509.prototype.getIssuerString = _x509_getIssuerString;
    -1223   X509.prototype.getSubjectString = _x509_getSubjectString;
    -1224   X509.prototype.getNotBefore = _x509_getNotBefore;
    -1225   X509.prototype.getNotAfter = _x509_getNotAfter;
    -1226 */
    -1227 
    \ No newline at end of file +830
    var infoList = X509.getV3ExtInfoListOfCertHex(hCert); +831 for (var i = 0; i < infoList.length; i++) { +832 var info = infoList[i]; +833 if (info.oid == oid) return info.posV; +834 } +835 return -1; +836 }; +837 +838 /* ====================================================================== +839 * Specific V3 Extensions +840 * ====================================================================== */ +841 +842 /** +843 * get BasicConstraints extension value as object in the certificate +844 * @name getExtBasicConstraints +845 * @memberOf X509 +846 * @function +847 * @param {String} hCert hexadecimal string of X.509 certificate binary +848 * @return {Object} associative array which may have "cA" and "pathLen" parameters +849 * @since x509 1.1.7 +850 * @description +851 * This method will get basic constraints extension value as object with following paramters. +852 * <ul> +853 * <li>cA - CA flag whether CA or not</li> +854 * <li>pathLen - maximum intermediate certificate length</li> +855 * </ul> +856 * There are use cases for return values: +857 * <ul> +858 * <li>{cA:true, pathLen:3} - cA flag is true and pathLen is 3</li> +859 * <li>{cA:true} - cA flag is true and no pathLen</li> +860 * <li>{} - basic constraints has no value in case of end entity certificate</li> +861 * <li>null - there is no basic constraints extension</li> +862 * </ul> +863 * @example +864 * obj = X509.getExtBasicConstraints(hCert); +865 */ +866 X509.getExtBasicConstraints = function(hCert) { +867 var hBC = X509.getHexOfV_V3ExtValue(hCert, "basicConstraints"); +868 if (hBC === null) return null; +869 if (hBC === '') return {}; +870 if (hBC === '0101ff') return { "cA": true }; +871 if (hBC.substr(0, 8) === '0101ff02') { +872 var pathLexHex = ASN1HEX.getHexOfV_AtObj(hBC, 6); +873 var pathLen = parseInt(pathLexHex, 16); +874 return { "cA": true, "pathLen": pathLen }; +875 } +876 throw "unknown error"; +877 }; +878 +879 X509.KEYUSAGE_NAME = [ +880 "digitalSignature", +881 "nonRepudiation", +882 "keyEncipherment", +883 "dataEncipherment", +884 "keyAgreement", +885 "keyCertSign", +886 "cRLSign", +887 "encipherOnly", +888 "decipherOnly" +889 ]; +890 +891 /** +892 * get KeyUsage extension value as binary string in the certificate +893 * @name getExtKeyUsageBin +894 * @memberOf X509 +895 * @function +896 * @param {String} hCert hexadecimal string of X.509 certificate binary +897 * @return {String} binary string of key usage bits (ex. '101') +898 * @since x509 1.1.6 +899 * @description +900 * This method will get key usage extension value +901 * as binary string such like '101'. +902 * Key usage bits definition is in the RFC 5280. +903 * If there is no key usage extension in the certificate, +904 * it returns empty string (i.e. ''). +905 * @example +906 * bKeyUsage = X509.getExtKeyUsageBin(hCert); +907 * // bKeyUsage will be such like '101'. +908 * // 1 - digitalSignature +909 * // 0 - nonRepudiation +910 * // 1 - keyEncipherment +911 */ +912 X509.getExtKeyUsageBin = function(hCert) { +913 var hKeyUsage = X509.getHexOfV_V3ExtValue(hCert, "keyUsage"); +914 if (hKeyUsage == '') return ''; +915 if (hKeyUsage.length % 2 != 0 || hKeyUsage.length <= 2) +916 throw "malformed key usage value"; +917 var unusedBits = parseInt(hKeyUsage.substr(0, 2)); +918 var bKeyUsage = parseInt(hKeyUsage.substr(2), 16).toString(2); +919 return bKeyUsage.substr(0, bKeyUsage.length - unusedBits); +920 }; +921 +922 /** +923 * get KeyUsage extension value as names in the certificate +924 * @name getExtKeyUsageString +925 * @memberOf X509 +926 * @function +927 * @param {String} hCert hexadecimal string of X.509 certificate binary +928 * @return {String} comma separated string of key usage +929 * @since x509 1.1.6 +930 * @description +931 * This method will get key usage extension value +932 * as comma separated string of usage names. +933 * If there is no key usage extension in the certificate, +934 * it returns empty string (i.e. ''). +935 * @example +936 * sKeyUsage = X509.getExtKeyUsageString(hCert); +937 * // sKeyUsage will be such like 'digitalSignature,keyEncipherment'. +938 */ +939 X509.getExtKeyUsageString = function(hCert) { +940 var bKeyUsage = X509.getExtKeyUsageBin(hCert); +941 var a = new Array(); +942 for (var i = 0; i < bKeyUsage.length; i++) { +943 if (bKeyUsage.substr(i, 1) == "1") a.push(X509.KEYUSAGE_NAME[i]); +944 } +945 return a.join(","); +946 }; +947 +948 /** +949 * get subjectKeyIdentifier value as hexadecimal string in the certificate +950 * @name getExtSubjectKeyIdentifier +951 * @memberOf X509 +952 * @function +953 * @param {String} hCert hexadecimal string of X.509 certificate binary +954 * @return {String} hexadecimal string of subject key identifier or null +955 * @since jsrsasign 5.0.10 x509 1.1.8 +956 * @description +957 * This method will get subject key identifier extension value +958 * as hexadecimal string. +959 * If there is no its extension in the certificate, +960 * it returns null. +961 * @example +962 * skid = X509.getExtSubjectKeyIdentifier(hCert); +963 */ +964 X509.getExtSubjectKeyIdentifier = function(hCert) { +965 var hSKID = X509.getHexOfV_V3ExtValue(hCert, "subjectKeyIdentifier"); +966 return hSKID; +967 }; +968 +969 /** +970 * get authorityKeyIdentifier value as JSON object in the certificate +971 * @name getExtAuthorityKeyIdentifier +972 * @memberOf X509 +973 * @function +974 * @param {String} hCert hexadecimal string of X.509 certificate binary +975 * @return {Object} JSON object of authority key identifier or null +976 * @since jsrsasign 5.0.10 x509 1.1.8 +977 * @description +978 * This method will get authority key identifier extension value +979 * as JSON object. +980 * If there is no its extension in the certificate, +981 * it returns null. +982 * <br> +983 * NOTE: Currently this method only supports keyIdentifier so that +984 * authorityCertIssuer and authorityCertSerialNumber will not +985 * be return in the JSON object. +986 * @example +987 * akid = X509.getExtAuthorityKeyIdentifier(hCert); +988 * // returns following JSON object +989 * { kid: "1234abcd..." } +990 */ +991 X509.getExtAuthorityKeyIdentifier = function(hCert) { +992 var result = {}; +993 var hAKID = X509.getHexOfTLV_V3ExtValue(hCert, "authorityKeyIdentifier"); +994 if (hAKID === null) return null; +995 +996 var a = ASN1HEX.getPosArrayOfChildren_AtObj(hAKID, 0); +997 for (var i = 0; i < a.length; i++) { +998 if (hAKID.substr(a[i], 2) === "80") +999 result.kid = ASN1HEX.getHexOfV_AtObj(hAKID, a[i]); +1000 } +1001 +1002 return result; +1003 }; +1004 +1005 /** +1006 * get extKeyUsage value as array of name string in the certificate +1007 * @name getExtExtKeyUsageName +1008 * @memberOf X509 +1009 * @function +1010 * @param {String} hCert hexadecimal string of X.509 certificate binary +1011 * @return {Object} array of extended key usage ID name or oid +1012 * @since jsrsasign 5.0.10 x509 1.1.8 +1013 * @description +1014 * This method will get extended key usage extension value +1015 * as array of name or OID string. +1016 * If there is no its extension in the certificate, +1017 * it returns null. +1018 * <br> +1019 * NOTE: Supported extended key usage ID names are defined in +1020 * name2oidList parameter in asn1x509.js file. +1021 * @example +1022 * eku = X509.getExtExtKeyUsageName(hCert); +1023 * // returns following array: +1024 * ["serverAuth", "clientAuth", "0.1.2.3.4.5"] +1025 */ +1026 X509.getExtExtKeyUsageName = function(hCert) { +1027 var result = new Array(); +1028 var h = X509.getHexOfTLV_V3ExtValue(hCert, "extKeyUsage"); +1029 if (h === null) return null; +1030 +1031 var a = ASN1HEX.getPosArrayOfChildren_AtObj(h, 0); +1032 for (var i = 0; i < a.length; i++) { +1033 var hex = ASN1HEX.getHexOfV_AtObj(h, a[i]); +1034 var oid = KJUR.asn1.ASN1Util.oidHexToInt(hex); +1035 var name = KJUR.asn1.x509.OID.oid2name(oid); +1036 result.push(name); +1037 } +1038 +1039 return result; +1040 }; +1041 +1042 /** +1043 * get subjectAltName value as array of string in the certificate +1044 * @name getExtSubjectAltName +1045 * @memberOf X509 +1046 * @function +1047 * @param {String} hCert hexadecimal string of X.509 certificate binary +1048 * @return {Object} array of alt names +1049 * @since jsrsasign 5.0.10 x509 1.1.8 +1050 * @description +1051 * This method will get subject alt name extension value +1052 * as array of name. +1053 * If there is no its extension in the certificate, +1054 * it returns null. +1055 * <br> +1056 * NOTE: Currently this method supports only dNSName so that +1057 * other name type such like iPAddress or generalName will not be returned. +1058 * @example +1059 * san = X509.getExtSubjectAltName(hCert); +1060 * // returns following array: +1061 * ["example.com", "example.org"] +1062 */ +1063 X509.getExtSubjectAltName = function(hCert) { +1064 var result = new Array(); +1065 var h = X509.getHexOfTLV_V3ExtValue(hCert, "subjectAltName"); +1066 +1067 var a = ASN1HEX.getPosArrayOfChildren_AtObj(h, 0); +1068 for (var i = 0; i < a.length; i++) { +1069 if (h.substr(a[i], 2) === "82") { +1070 var fqdn = hextoutf8(ASN1HEX.getHexOfV_AtObj(h, a[i])); +1071 result.push(fqdn); +1072 } +1073 } +1074 +1075 return result; +1076 }; +1077 +1078 /** +1079 * get array of string for fullName URIs in cRLDistributionPoints(CDP) in the certificate +1080 * @name getExtCRLDistributionPointsURI +1081 * @memberOf X509 +1082 * @function +1083 * @param {String} hCert hexadecimal string of X.509 certificate binary +1084 * @return {Object} array of fullName URIs of CDP of the certificate +1085 * @since jsrsasign 5.0.10 x509 1.1.8 +1086 * @description +1087 * This method will get all fullName URIs of cRLDistributionPoints extension +1088 * in the certificate as array of URI string. +1089 * If there is no its extension in the certificate, +1090 * it returns null. +1091 * <br> +1092 * NOTE: Currently this method supports only fullName URI so that +1093 * other parameters will not be returned. +1094 * @example +1095 * cdpuri = X509.getExtCRLDistributionPointsURI(hCert); +1096 * // returns following array: +1097 * ["http://example.com/aaa.crl", "http://example.org/aaa.crl"] +1098 */ +1099 X509.getExtCRLDistributionPointsURI = function(hCert) { +1100 var result = new Array(); +1101 var h = X509.getHexOfTLV_V3ExtValue(hCert, "cRLDistributionPoints"); +1102 +1103 var a = ASN1HEX.getPosArrayOfChildren_AtObj(h, 0); +1104 for (var i = 0; i < a.length; i++) { +1105 var hDP = ASN1HEX.getHexOfTLV_AtObj(h, a[i]); +1106 +1107 var a1 = ASN1HEX.getPosArrayOfChildren_AtObj(hDP, 0); +1108 for (var j = 0; j < a1.length; j++) { +1109 if (hDP.substr(a1[j], 2) === "a0") { +1110 var hDPN = ASN1HEX.getHexOfV_AtObj(hDP, a1[j]); +1111 if (hDPN.substr(0, 2) === "a0") { +1112 var hFullName = ASN1HEX.getHexOfV_AtObj(hDPN, 0); +1113 if (hFullName.substr(0, 2) === "86") { +1114 var hURI = ASN1HEX.getHexOfV_AtObj(hFullName, 0); +1115 var uri = hextoutf8(hURI); +1116 result.push(uri); +1117 } +1118 } +1119 } +1120 } +1121 } +1122 +1123 return result; +1124 }; +1125 +1126 /** +1127 * get AuthorityInfoAccess extension value in the certificate as associative array +1128 * @name getExtAIAInfo +1129 * @memberOf X509 +1130 * @function +1131 * @param {String} hCert hexadecimal string of X.509 certificate binary +1132 * @return {Object} associative array of AIA extension properties +1133 * @since x509 1.1.6 +1134 * @description +1135 * This method will get authority info access value +1136 * as associate array which has following properties: +1137 * <ul> +1138 * <li>ocsp - array of string for OCSP responder URL</li> +1139 * <li>caissuer - array of string for caIssuer value (i.e. CA certificates URL)</li> +1140 * </ul> +1141 * If there is no key usage extension in the certificate, +1142 * it returns null; +1143 * @example +1144 * oAIA = X509.getExtAIAInfo(hCert); +1145 * // result will be such like: +1146 * // oAIA.ocsp = ["http://ocsp.foo.com"]; +1147 * // oAIA.caissuer = ["http://rep.foo.com/aaa.p8m"]; +1148 */ +1149 X509.getExtAIAInfo = function(hCert) { +1150 var result = {}; +1151 result.ocsp = []; +1152 result.caissuer = []; +1153 var pos1 = X509.getPosOfTLV_V3ExtValue(hCert, "authorityInfoAccess"); +1154 if (pos1 == -1) return null; +1155 if (hCert.substr(pos1, 2) != "30") // extnValue SEQUENCE +1156 throw "malformed AIA Extn Value"; +1157 +1158 var posAccDescList = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, pos1); +1159 for (var i = 0; i < posAccDescList.length; i++) { +1160 var p = posAccDescList[i]; +1161 var posAccDescChild = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, p); +1162 if (posAccDescChild.length != 2) +1163 throw "malformed AccessDescription of AIA Extn"; +1164 var pOID = posAccDescChild[0]; +1165 var pName = posAccDescChild[1]; +1166 if (ASN1HEX.getHexOfV_AtObj(hCert, pOID) == "2b06010505073001") { +1167 if (hCert.substr(pName, 2) == "86") { +1168 result.ocsp.push(hextoutf8(ASN1HEX.getHexOfV_AtObj(hCert, pName))); +1169 } +1170 } +1171 if (ASN1HEX.getHexOfV_AtObj(hCert, pOID) == "2b06010505073002") { +1172 if (hCert.substr(pName, 2) == "86") { +1173 result.caissuer.push(hextoutf8(ASN1HEX.getHexOfV_AtObj(hCert, pName))); +1174 } +1175 } +1176 } +1177 return result; +1178 }; +1179 +1180 /** +1181 * get signature algorithm name from hexadecimal certificate data +1182 * @name getSignatureAlgorithmName +1183 * @memberOf X509 +1184 * @function +1185 * @param {String} hCert hexadecimal string of X.509 certificate binary +1186 * @return {String} signature algorithm name (ex. SHA1withRSA, SHA256withECDSA) +1187 * @since x509 1.1.7 +1188 * @description +1189 * This method will get signature algorithm name of certificate: +1190 * @example +1191 * algName = X509.getSignatureAlgorithmName(hCert); +1192 */ +1193 X509.getSignatureAlgorithmName = function(hCert) { +1194 var sigAlgOidHex = ASN1HEX.getDecendantHexVByNthList(hCert, 0, [1, 0]); +1195 var sigAlgOidInt = KJUR.asn1.ASN1Util.oidHexToInt(sigAlgOidHex); +1196 var sigAlgName = KJUR.asn1.x509.OID.oid2name(sigAlgOidInt); +1197 return sigAlgName; +1198 }; +1199 +1200 /** +1201 * get signature value in hexadecimal string +1202 * @name getSignatureValueHex +1203 * @memberOf X509 +1204 * @function +1205 * @param {String} hCert hexadecimal string of X.509 certificate binary +1206 * @return {String} signature value hexadecimal string without BitString unused bits +1207 * @since x509 1.1.7 +1208 * @description +1209 * This method will get signature value of certificate: +1210 * @example +1211 * sigHex = X509.getSignatureValueHex(hCert); +1212 */ +1213 X509.getSignatureValueHex = function(hCert) { +1214 var h = ASN1HEX.getDecendantHexVByNthList(hCert, 0, [2]); +1215 if (h.substr(0, 2) !== "00") +1216 throw "can't get signature value"; +1217 return h.substr(2); +1218 }; +1219 +1220 X509.getSerialNumberHex = function(hCert) { +1221 return ASN1HEX.getDecendantHexVByNthList(hCert, 0, [0, 1]); +1222 }; +1223 +1224 /* +1225 X509.prototype.readCertPEM = _x509_readCertPEM; +1226 X509.prototype.readCertPEMWithoutRSAInit = _x509_readCertPEMWithoutRSAInit; +1227 X509.prototype.getSerialNumberHex = _x509_getSerialNumberHex; +1228 X509.prototype.getIssuerHex = _x509_getIssuerHex; +1229 X509.prototype.getSubjectHex = _x509_getSubjectHex; +1230 X509.prototype.getIssuerString = _x509_getIssuerString; +1231 X509.prototype.getSubjectString = _x509_getSubjectString; +1232 X509.prototype.getNotBefore = _x509_getNotBefore; +1233 X509.prototype.getNotAfter = _x509_getNotAfter; +1234 */ +1235
    \ No newline at end of file diff --git a/asn1x509-1.0.js b/asn1x509-1.0.js index af20504d..ba990f69 100644 --- a/asn1x509-1.0.js +++ b/asn1x509-1.0.js @@ -1,4 +1,4 @@ -/*! asn1x509-1.0.13.js (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! asn1x509-1.0.14.js (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate @@ -16,7 +16,7 @@ * @fileOverview * @name asn1x509-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version 1.0.13 (2015-Oct-01) + * @version 1.0.14 (2016-May-10) * @since jsrsasign 2.1 * @license MIT License */ diff --git a/bower.json b/bower.json index d0e1bcb7..579ef600 100644 --- a/bower.json +++ b/bower.json @@ -1,6 +1,6 @@ { "name": "kjur-jsrsasign", - "version": "5.0.10", + "version": "5.0.11", "main": "jsrsasign-latest-all-min.js", "description": "The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL CMS SignedData, TimeStamp, CAdES, JWS and JWT in pure JavaScript.", "license": "MIT", diff --git a/jsrsasign-latest-all-min.js b/jsrsasign-latest-all-min.js index eb455a34..200784de 100644 --- a/jsrsasign-latest-all-min.js +++ b/jsrsasign-latest-all-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign 5.0.10 (c) 2010-2016 Kenji Urushima | kjur.github.com/jsrsasign/license + * jsrsasign 5.0.11 (c) 2010-2016 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* @@ -233,9 +233,9 @@ if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!K /*! asn1hex-1.1.6.js (c) 2012-2015 Kenji Urushima | kjur.github.com/jsrsasign/license */ var ASN1HEX=new function(){this.getByteLengthOfL_AtObj=function(b,c){if(b.substring(c+2,c+3)!="8"){return 1}var a=parseInt(b.substring(c+3,c+4));if(a==0){return -1}if(0=(b*2))){break}if(d>=200){break}c.push(e);g=e;d++}return c};this.getNthChildIndex_AtObj=function(d,b,e){var c=this.getPosArrayOfChildren_AtObj(d,b);return c[e]};this.getDecendantIndexByNthList=function(e,d,c){if(c.length==0){return d}var f=c.shift();var b=this.getPosArrayOfChildren_AtObj(e,d);return this.getDecendantIndexByNthList(e,b[f],c)};this.getDecendantHexTLVByNthList=function(d,c,b){var a=this.getDecendantIndexByNthList(d,c,b);return this.getHexOfTLV_AtObj(d,a)};this.getDecendantHexVByNthList=function(d,c,b){var a=this.getDecendantIndexByNthList(d,c,b);return this.getHexOfV_AtObj(d,a)}};ASN1HEX.getVbyList=function(d,c,b,e){var a=this.getDecendantIndexByNthList(d,c,b);if(a===undefined){throw"can't find nthList object"}if(e!==undefined){if(d.substr(a,2)!=e){throw"checking tag doesn't match: "+d.substr(a,2)+"!="+e}}return this.getHexOfV_AtObj(d,a)};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(e,c,k,g){var o=function(w,i){if(w.length<=i*2){return w}else{var v=w.substr(0,i)+"..(total "+w.length/2+"bytes).."+w.substr(w.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(k===undefined){k=0}if(g===undefined){g=""}var r=c.ommit_long_octet;if(e.substr(k,2)=="01"){var h=ASN1HEX.getHexOfV_AtObj(e,k);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(e.substr(k,2)=="02"){var h=ASN1HEX.getHexOfV_AtObj(e,k);return g+"INTEGER "+o(h,r)+"\n"}if(e.substr(k,2)=="03"){var h=ASN1HEX.getHexOfV_AtObj(e,k);return g+"BITSTRING "+o(h,r)+"\n"}if(e.substr(k,2)=="04"){var h=ASN1HEX.getHexOfV_AtObj(e,k);if(ASN1HEX.isASN1HEX(h)){var j=g+"OCTETSTRING, encapsulates\n";j=j+ASN1HEX.dump(h,c,0,g+" ");return j}else{return g+"OCTETSTRING "+o(h,r)+"\n"}}if(e.substr(k,2)=="05"){return g+"NULL\n"}if(e.substr(k,2)=="06"){var l=ASN1HEX.getHexOfV_AtObj(e,k);var a=KJUR.asn1.ASN1Util.oidHexToInt(l);var n=KJUR.asn1.x509.OID.oid2name(a);var b=a.replace(/\./g," ");if(n!=""){return g+"ObjectIdentifier "+n+" ("+b+")\n"}else{return g+"ObjectIdentifier ("+b+")\n"}}if(e.substr(k,2)=="0c"){return g+"UTF8String '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="13"){return g+"PrintableString '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="14"){return g+"TeletexString '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="16"){return g+"IA5String '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="17"){return g+"UTCTime "+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"\n"}if(e.substr(k,2)=="18"){return g+"GeneralizedTime "+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"\n"}if(e.substr(k,2)=="30"){if(e.substr(k,4)=="3000"){return g+"SEQUENCE {}\n"}var j=g+"SEQUENCE\n";var d=ASN1HEX.getPosArrayOfChildren_AtObj(e,k);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var t=ASN1HEX.getHexOfV_AtObj(e,d[0]);var a=KJUR.asn1.ASN1Util.oidHexToInt(t);var n=KJUR.asn1.x509.OID.oid2name(a);var p=JSON.parse(JSON.stringify(c));p.x509ExtName=n;f=p}for(var q=0;q0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(b){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(c){var d=c.split("/");d.shift();for(var e=0;e0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(b){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(c){var d=c.split("/");d.shift();for(var e=0;e0){h=new a.DERTaggedObject({obj:this.dUnsignedAttrs,tag:"a1",explicit:false})}var g=[this.dCMSVersion,this.dSignerIdentifier,this.dDigestAlgorithm,e,this.dSigAlg,this.dSig,];if(h!=null){g.push(h)}var f=new a.DERSequence({array:g});this.hTLV=f.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.SignerInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.EncapsulatedContentInfo=function(c){KJUR.asn1.cms.EncapsulatedContentInfo.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dEContentType=new a.DERObjectIdentifier({name:"data"});this.dEContent=null;this.isDetached=false;this.eContentValueHex=null;this.setContentType=function(e){if(e.match(/^[0-2][.][0-9.]+$/)){this.dEContentType=new a.DERObjectIdentifier({oid:e})}else{this.dEContentType=new a.DERObjectIdentifier({name:e})}};this.setContentValue=function(e){if(typeof e!="undefined"){if(typeof e.hex=="string"){this.eContentValueHex=e.hex}else{if(typeof e.str=="string"){this.eContentValueHex=utf8tohex(e.str)}}}};this.setContentValueHex=function(e){this.eContentValueHex=e};this.setContentValueStr=function(e){this.eContentValueHex=utf8tohex(e)};this.getEncodedHex=function(){if(typeof this.eContentValueHex!="string"){throw"eContentValue not yet set"}var g=new a.DEROctetString({hex:this.eContentValueHex});this.dEContent=new a.DERTaggedObject({obj:g,tag:"a0",explicit:true});var e=[this.dEContentType];if(!this.isDetached){e.push(this.dEContent)}var f=new a.DERSequence({array:e});this.hTLV=f.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.EncapsulatedContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.ContentInfo=function(c){KJUR.asn1.cms.ContentInfo.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dContentType=null;this.dContent=null;this.setContentType=function(e){if(typeof e=="string"){this.dContentType=d.OID.name2obj(e)}};this.getEncodedHex=function(){var f=new a.DERTaggedObject({obj:this.dContent,tag:"a0",explicit:true});var e=new a.DERSequence({array:[this.dContentType,f]});this.hTLV=e.getEncodedHex();return this.hTLV};if(typeof c!="undefined"){if(c.type){this.setContentType(c.type)}if(c.obj&&c.obj instanceof a.ASN1Object){this.dContent=c.obj}}};YAHOO.lang.extend(KJUR.asn1.cms.ContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.SignedData=function(c){KJUR.asn1.cms.SignedData.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dCMSVersion=new a.DERInteger({"int":1});this.dDigestAlgs=null;this.digestAlgNameList=[];this.dEncapContentInfo=new b.EncapsulatedContentInfo();this.dCerts=null;this.certificateList=[];this.crlList=[];this.signerInfoList=[new b.SignerInfo()];this.addCertificatesByPEM=function(e){var f=KEYUTIL.getHexFromPEM(e);var g=new a.ASN1Object();g.hTLV=f;this.certificateList.push(g)};this.getEncodedHex=function(){if(typeof this.hTLV=="string"){return this.hTLV}if(this.dDigestAlgs==null){var k=[];for(var j=0;j0){var l=new a.DERSet({array:this.certificateList});this.dCerts=new a.DERTaggedObject({obj:l,tag:"a0",explicit:false})}}if(this.dCerts!=null){e.push(this.dCerts)}var g=new a.DERSet({array:this.signerInfoList});e.push(g);var f=new a.DERSequence({array:e});this.hTLV=f.getEncodedHex();return this.hTLV};this.getContentInfo=function(){this.getEncodedHex();var e=new b.ContentInfo({type:"signed-data",obj:this});return e};this.getContentInfoEncodedHex=function(){var e=this.getContentInfo();var f=e.getEncodedHex();return f};this.getPEM=function(){var e=this.getContentInfoEncodedHex();var f=a.ASN1Util.getPEMStringFromHex(e,"CMS");return f}};YAHOO.lang.extend(KJUR.asn1.cms.SignedData,KJUR.asn1.ASN1Object);KJUR.asn1.cms.CMSUtil=new function(){};KJUR.asn1.cms.CMSUtil.newSignedData=function(a){var h=KJUR.asn1.cms;var g=KJUR.asn1.cades;var f=new h.SignedData();f.dEncapContentInfo.setContentValue(a.content);if(typeof a.certs=="object"){for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}function _rsasign_signStringPSS(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)}function _rsasign_signWithMessageHashPSS(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw"invalid salt length"}}}if(c<(g+k+2)){throw"data too long"}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)}function _rsasign_verifyWithMessageHash(e,a){a=a.replace(_RE_HEXDECONLY,"");a=a.replace(/[ \n]+/g,"");var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)}function _rsasign_verifyStringPSS(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)}function _rsasign_verifyWithMessageHashPSS(f,s,l,c){var k=new BigInteger(s,16);if(k.bitLength()>this.n.bitLength()){return false}var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw"invalid salt length"}}}if(m<(h+c+2)){throw"data too long"}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw"bits beyond keysize not zero"}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q0){var c=":"+j.join(":")+":";if(c.indexOf(":"+h+":")==-1){throw"algorithm '"+h+"' not accepted in the list"}}if(h!="none"&&t===null){throw"key shall be specified to verify."}if(typeof t=="string"&&t.indexOf("-----BEGIN ")!=-1){t=KEYUTIL.getKey(t)}if(s=="RS"||s=="PS"){if(!(t instanceof RSAKey)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(s=="ES"){if(!(t instanceof KJUR.crypto.ECDSA)){throw"key shall be a ECDSA obj for ES* algs"}}if(h=="none"){}var n=null;if(m.jwsalg2sigalg[i.alg]===undefined){throw"unsupported alg name: "+h}else{n=m.jwsalg2sigalg[h]}if(n=="none"){throw"not supported"}else{if(n.substr(0,4)=="Hmac"){var k=null;if(t===undefined){throw"hexadecimal key shall be specified for HMAC"}var g=new KJUR.crypto.Mac({alg:n,pass:t});g.updateString(b);k=g.doFinal();return r==k}else{if(n.indexOf("withECDSA")!=-1){var f=null;try{f=KJUR.crypto.ECDSA.concatSigToASN1Sig(r)}catch(o){return false}var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(f)}else{var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(r)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(d,j,l){var h=KJUR.jws.JWS;var i=d.split(".");var c=i[0];var g=i[1];var m=c+"."+g;var k=b64utohex(i[2]);var f=h.readSafeJSONString(b64utoutf8(c));var e=h.readSafeJSONString(b64utoutf8(g));if(f.alg===undefined){return false}if(l.alg===undefined){throw"acceptField.alg shall be specified"}if(!h.inArray(f.alg,l.alg)){return false}if(e.iss!==undefined&&typeof l.iss==="object"){if(!h.inArray(e.iss,l.iss)){return false}}if(e.sub!==undefined&&typeof l.sub==="object"){if(!h.inArray(e.sub,l.sub)){return false}}if(e.aud!==undefined&&typeof l.aud==="object"){if(typeof e.aud=="string"){if(!h.inArray(e.aud,l.aud)){return false}}else{if(typeof e.aud=="object"){if(!h.includedArray(e.aud,l.aud)){return false}}}}var b=KJUR.jws.IntDate.getNow();if(l.verifyAt!==undefined&&typeof l.verifyAt=="number"){b=l.verifyAt}if(e.exp!==undefined&&typeof e.exp=="number"){if(e.expDSA public key parameters: param={p: p, q: q, g: g, y: y}
    * NOTE: Each value shall be hexadecimal string of key spec. *
  • RSA public key parameters: param={n: n, e: e}
  • - *
  • X.509 PEM certificate (RSA/DSA/ECC): param=pemString
  • + *
  • X.509v1/v3 PEM certificate (RSA/DSA/ECC): param=pemString
  • *
  • PKCS#8 hexadecimal RSA/ECC public key: param=pemString, null, "pkcs8pub"
  • *
  • PKCS#8 PEM RSA/DSA/ECC public key: param=pemString
  • *
  • PKCS#5 plain hexadecimal RSA private key: param=hexString, null, "pkcs5prv"
  • @@ -1248,7 +1248,8 @@ var KEYUTIL = function() { *
  • JWT plain RSA private key with P/Q/DP/DQ/COEFF
  • *
  • JWT plain RSA private key without P/Q/DP/DQ/COEFF (since jsrsasign 5.0.0)
  • * - * NOTE: RFC 7517 JSON Web Key(JWK) support for RSA/ECC private/public key from jsrsasign 4.8.1. + * NOTE1: RFC 7517 JSON Web Key(JWK) support for RSA/ECC private/public key from jsrsasign 4.8.1.
    + * NOTE2: X509v1 support is added since jsrsasign 5.0.11. * *
    EXAMPLE
    * @example diff --git a/lib/jsrsasign-5.0.10-all-min.js b/lib/jsrsasign-5.0.10-all-min.js deleted file mode 100644 index eb455a34..00000000 --- a/lib/jsrsasign-5.0.10-all-min.js +++ /dev/null @@ -1,289 +0,0 @@ -/* - * jsrsasign 5.0.10 (c) 2010-2016 Kenji Urushima | kjur.github.com/jsrsasign/license - */ - -/* -yahoo-min.js -Copyright (c) 2011, Yahoo! Inc. All rights reserved. -Code licensed under the BSD License: -http://developer.yahoo.com/yui/license.html -version: 2.9.0 -*/ -if(typeof YAHOO=="undefined"||!YAHOO){var YAHOO={};}YAHOO.namespace=function(){var b=arguments,g=null,e,c,f;for(e=0;e":">",'"':""","'":"'","/":"/","`":"`"},d=["toString","valueOf"],e={isArray:function(j){return a.toString.apply(j)===c;},isBoolean:function(j){return typeof j==="boolean";},isFunction:function(j){return(typeof j==="function")||a.toString.apply(j)===h;},isNull:function(j){return j===null;},isNumber:function(j){return typeof j==="number"&&isFinite(j);},isObject:function(j){return(j&&(typeof j==="object"||f.isFunction(j)))||false;},isString:function(j){return typeof j==="string";},isUndefined:function(j){return typeof j==="undefined";},_IEEnumFix:(YAHOO.env.ua.ie)?function(l,k){var j,n,m;for(j=0;j"'\/`]/g,function(k){return g[k];});},extend:function(m,n,l){if(!n||!m){throw new Error("extend failed, please check that "+"all dependencies are included.");}var k=function(){},j;k.prototype=n.prototype;m.prototype=new k();m.prototype.constructor=m;m.superclass=n.prototype;if(n.prototype.constructor==a.constructor){n.prototype.constructor=n;}if(l){for(j in l){if(f.hasOwnProperty(l,j)){m.prototype[j]=l[j];}}f._IEEnumFix(m.prototype,l);}},augmentObject:function(n,m){if(!m||!n){throw new Error("Absorb failed, verify dependencies.");}var j=arguments,l,o,k=j[2];if(k&&k!==true){for(l=2;l0)?f.dump(j[l],p-1):t);}else{r.push(j[l]);}r.push(q);}if(r.length>1){r.pop();}r.push("]");}else{r.push("{");for(l in j){if(f.hasOwnProperty(j,l)){r.push(l+m);if(f.isObject(j[l])){r.push((p>0)?f.dump(j[l],p-1):t);}else{r.push(j[l]);}r.push(q);}}if(r.length>1){r.pop();}r.push("}");}return r.join("");},substitute:function(x,y,E,l){var D,C,B,G,t,u,F=[],p,z=x.length,A="dump",r=" ",q="{",m="}",n,w;for(;;){D=x.lastIndexOf(q,z);if(D<0){break;}C=x.indexOf(m,D);if(D+1>C){break;}p=x.substring(D+1,C);G=p;u=null;B=G.indexOf(r);if(B>-1){u=G.substring(B+1);G=G.substring(0,B);}t=y[G];if(E){t=E(G,t,u);}if(f.isObject(t)){if(f.isArray(t)){t=f.dump(t,parseInt(u,10));}else{u=u||"";n=u.indexOf(A);if(n>-1){u=u.substring(4);}w=t.toString();if(w===i||n>-1){t=f.dump(t,parseInt(u,10));}else{t=w;}}}else{if(!f.isString(t)&&!f.isNumber(t)){t="~-"+F.length+"-~";F[F.length]=p;}}x=x.substring(0,D)+t+x.substring(C+1);if(l===false){z=D-1;}}for(D=F.length-1;D>=0;D=D-1){x=x.replace(new RegExp("~-"+D+"-~"),"{"+F[D]+"}","g");}return x;},trim:function(j){try{return j.replace(/^\s+|\s+$/g,"");}catch(k){return j; -}},merge:function(){var n={},k=arguments,j=k.length,m;for(m=0;m>>2]>>>(24-(r%4)*8))&255;q[(n+r)>>>2]|=o<<(24-((n+r)%4)*8)}}else{for(var r=0;r>>2]=p[r>>>2]}}this.sigBytes+=s;return this},clamp:function(){var o=this.words;var n=this.sigBytes;o[n>>>2]&=4294967295<<(32-(n%4)*8);o.length=e.ceil(n/4)},clone:function(){var n=j.clone.call(this);n.words=this.words.slice(0);return n},random:function(p){var o=[];for(var n=0;n>>2]>>>(24-(n%4)*8))&255;q.push((s>>>4).toString(16));q.push((s&15).toString(16))}return q.join("")},parse:function(p){var n=p.length;var q=[];for(var o=0;o>>3]|=parseInt(p.substr(o,2),16)<<(24-(o%8)*4)}return new l.init(q,n/2)}};var d=m.Latin1={stringify:function(q){var r=q.words;var p=q.sigBytes;var n=[];for(var o=0;o>>2]>>>(24-(o%4)*8))&255;n.push(String.fromCharCode(s))}return n.join("")},parse:function(p){var n=p.length;var q=[];for(var o=0;o>>2]|=(p.charCodeAt(o)&255)<<(24-(o%4)*8)}return new l.init(q,n)}};var c=m.Utf8={stringify:function(n){try{return decodeURIComponent(escape(d.stringify(n)))}catch(o){throw new Error("Malformed UTF-8 data")}},parse:function(n){return d.parse(unescape(encodeURIComponent(n)))}};var i=b.BufferedBlockAlgorithm=j.extend({reset:function(){this._data=new l.init();this._nDataBytes=0},_append:function(n){if(typeof n=="string"){n=c.parse(n)}this._data.concat(n);this._nDataBytes+=n.sigBytes},_process:function(w){var q=this._data;var x=q.words;var n=q.sigBytes;var t=this.blockSize;var v=t*4;var u=n/v;if(w){u=e.ceil(u)}else{u=e.max((u|0)-this._minBufferSize,0)}var s=u*t;var r=e.min(s*4,n);if(s){for(var p=0;p>>2]&255}};f.BlockCipher=n.extend({cfg:n.cfg.extend({mode:m,padding:h}),reset:function(){n.reset.call(this);var a=this.cfg,b=a.iv,a=a.mode;if(this._xformMode==this._ENC_XFORM_MODE)var c=a.createEncryptor;else c=a.createDecryptor,this._minBufferSize=1; -this._mode=c.call(a,this,b&&b.words)},_doProcessBlock:function(a,b){this._mode.processBlock(a,b)},_doFinalize:function(){var a=this.cfg.padding;if(this._xformMode==this._ENC_XFORM_MODE){a.pad(this._data,this.blockSize);var b=this._process(!0)}else b=this._process(!0),a.unpad(b);return b},blockSize:4});var p=f.CipherParams=k.extend({init:function(a){this.mixIn(a)},toString:function(a){return(a||this.formatter).stringify(this)}}),m=(g.format={}).OpenSSL={stringify:function(a){var b=a.ciphertext;a=a.salt; -return(a?l.create([1398893684,1701076831]).concat(a).concat(b):b).toString(r)},parse:function(a){a=r.parse(a);var b=a.words;if(1398893684==b[0]&&1701076831==b[1]){var c=l.create(b.slice(2,4));b.splice(0,4);a.sigBytes-=16}return p.create({ciphertext:a,salt:c})}},j=f.SerializableCipher=k.extend({cfg:k.extend({format:m}),encrypt:function(a,b,c,d){d=this.cfg.extend(d);var e=a.createEncryptor(c,d);b=e.finalize(b);e=e.cfg;return p.create({ciphertext:b,key:c,iv:e.iv,algorithm:a,mode:e.mode,padding:e.padding, -blockSize:a.blockSize,formatter:d.format})},decrypt:function(a,b,c,d){d=this.cfg.extend(d);b=this._parse(b,d.format);return a.createDecryptor(c,d).finalize(b.ciphertext)},_parse:function(a,b){return"string"==typeof a?b.parse(a,this):a}}),g=(g.kdf={}).OpenSSL={execute:function(a,b,c,d){d||(d=l.random(8));a=v.create({keySize:b+c}).compute(a,d);c=l.create(a.words.slice(b),4*c);a.sigBytes=4*b;return p.create({key:a,iv:c,salt:d})}},s=f.PasswordBasedCipher=j.extend({cfg:j.cfg.extend({kdf:g}),encrypt:function(a, -b,c,d){d=this.cfg.extend(d);c=d.kdf.execute(c,a.keySize,a.ivSize);d.iv=c.iv;a=j.encrypt.call(this,a,b,c.key,d);a.mixIn(c);return a},decrypt:function(a,b,c,d){d=this.cfg.extend(d);b=this._parse(b,d.format);c=d.kdf.execute(c,a.keySize,a.ivSize,b.salt);d.iv=c.iv;return j.decrypt.call(this,a,b,c.key,d)}})}(); - -/* -CryptoJS v3.1.2 aes-min.js -code.google.com/p/crypto-js -(c) 2009-2013 by Jeff Mott. All rights reserved. -code.google.com/p/crypto-js/wiki/License -*/ -(function(){for(var q=CryptoJS,x=q.lib.BlockCipher,r=q.algo,j=[],y=[],z=[],A=[],B=[],C=[],s=[],u=[],v=[],w=[],g=[],k=0;256>k;k++)g[k]=128>k?k<<1:k<<1^283;for(var n=0,l=0,k=0;256>k;k++){var f=l^l<<1^l<<2^l<<3^l<<4,f=f>>>8^f&255^99;j[n]=f;y[f]=n;var t=g[n],D=g[t],E=g[D],b=257*g[f]^16843008*f;z[n]=b<<24|b>>>8;A[n]=b<<16|b>>>16;B[n]=b<<8|b>>>24;C[n]=b;b=16843009*E^65537*D^257*t^16843008*n;s[f]=b<<24|b>>>8;u[f]=b<<16|b>>>16;v[f]=b<<8|b>>>24;w[f]=b;n?(n=t^g[g[g[E^t]]],l^=g[g[l]]):n=l=1}var F=[0,1,2,4,8, -16,32,64,128,27,54],r=r.AES=x.extend({_doReset:function(){for(var c=this._key,e=c.words,a=c.sigBytes/4,c=4*((this._nRounds=a+6)+1),b=this._keySchedule=[],h=0;h>>24]<<24|j[d>>>16&255]<<16|j[d>>>8&255]<<8|j[d&255]):(d=d<<8|d>>>24,d=j[d>>>24]<<24|j[d>>>16&255]<<16|j[d>>>8&255]<<8|j[d&255],d^=F[h/a|0]<<24);b[h]=b[h-a]^d}e=this._invKeySchedule=[];for(a=0;aa||4>=h?d:s[j[d>>>24]]^u[j[d>>>16&255]]^v[j[d>>> -8&255]]^w[j[d&255]]},encryptBlock:function(c,e){this._doCryptBlock(c,e,this._keySchedule,z,A,B,C,j)},decryptBlock:function(c,e){var a=c[e+1];c[e+1]=c[e+3];c[e+3]=a;this._doCryptBlock(c,e,this._invKeySchedule,s,u,v,w,y);a=c[e+1];c[e+1]=c[e+3];c[e+3]=a},_doCryptBlock:function(c,e,a,b,h,d,j,m){for(var n=this._nRounds,f=c[e]^a[0],g=c[e+1]^a[1],k=c[e+2]^a[2],p=c[e+3]^a[3],l=4,t=1;t>>24]^h[g>>>16&255]^d[k>>>8&255]^j[p&255]^a[l++],r=b[g>>>24]^h[k>>>16&255]^d[p>>>8&255]^j[f&255]^a[l++],s= -b[k>>>24]^h[p>>>16&255]^d[f>>>8&255]^j[g&255]^a[l++],p=b[p>>>24]^h[f>>>16&255]^d[g>>>8&255]^j[k&255]^a[l++],f=q,g=r,k=s;q=(m[f>>>24]<<24|m[g>>>16&255]<<16|m[k>>>8&255]<<8|m[p&255])^a[l++];r=(m[g>>>24]<<24|m[k>>>16&255]<<16|m[p>>>8&255]<<8|m[f&255])^a[l++];s=(m[k>>>24]<<24|m[p>>>16&255]<<16|m[f>>>8&255]<<8|m[g&255])^a[l++];p=(m[p>>>24]<<24|m[f>>>16&255]<<16|m[g>>>8&255]<<8|m[k&255])^a[l++];c[e]=q;c[e+1]=r;c[e+2]=s;c[e+3]=p},keySize:8});q.AES=x._createHelper(r)})(); - -/* -CryptoJS v3.1.2 tripledes-min.js -code.google.com/p/crypto-js -(c) 2009-2013 by Jeff Mott. All rights reserved. -code.google.com/p/crypto-js/wiki/License -*/ -(function(){function j(b,c){var a=(this._lBlock>>>b^this._rBlock)&c;this._rBlock^=a;this._lBlock^=a<>>b^this._lBlock)&c;this._lBlock^=a;this._rBlock^=a<a;a++){var f=q[a]-1;c[a]=b[f>>>5]>>>31-f%32&1}b=this._subKeys=[];for(f=0;16>f;f++){for(var d=b[f]=[],e=r[f],a=0;24>a;a++)d[a/6|0]|=c[(p[a]-1+e)%28]<<31-a%6,d[4+(a/6|0)]|=c[28+(p[a+24]-1+e)%28]<<31-a%6;d[0]=d[0]<<1|d[0]>>>31;for(a=1;7>a;a++)d[a]>>>= -4*(a-1)+3;d[7]=d[7]<<5|d[7]>>>27}c=this._invSubKeys=[];for(a=0;16>a;a++)c[a]=b[15-a]},encryptBlock:function(b,c){this._doCryptBlock(b,c,this._subKeys)},decryptBlock:function(b,c){this._doCryptBlock(b,c,this._invSubKeys)},_doCryptBlock:function(b,c,a){this._lBlock=b[c];this._rBlock=b[c+1];j.call(this,4,252645135);j.call(this,16,65535);l.call(this,2,858993459);l.call(this,8,16711935);j.call(this,1,1431655765);for(var f=0;16>f;f++){for(var d=a[f],e=this._lBlock,h=this._rBlock,g=0,k=0;8>k;k++)g|=s[k][((h^ -d[k])&t[k])>>>0];this._lBlock=h;this._rBlock=e^g}a=this._lBlock;this._lBlock=this._rBlock;this._rBlock=a;j.call(this,1,1431655765);l.call(this,8,16711935);l.call(this,2,858993459);j.call(this,16,65535);j.call(this,4,252645135);b[c]=this._lBlock;b[c+1]=this._rBlock},keySize:2,ivSize:2,blockSize:2});h.DES=e._createHelper(m);g=g.TripleDES=e.extend({_doReset:function(){var b=this._key.words;this._des1=m.createEncryptor(n.create(b.slice(0,2)));this._des2=m.createEncryptor(n.create(b.slice(2,4)));this._des3= -m.createEncryptor(n.create(b.slice(4,6)))},encryptBlock:function(b,c){this._des1.encryptBlock(b,c);this._des2.decryptBlock(b,c);this._des3.encryptBlock(b,c)},decryptBlock:function(b,c){this._des3.decryptBlock(b,c);this._des2.encryptBlock(b,c);this._des1.decryptBlock(b,c)},keySize:6,ivSize:2,blockSize:2});h.TripleDES=e._createHelper(g)})(); - -/* -CryptoJS v3.1.2 enc-base64-min.js -code.google.com/p/crypto-js -(c) 2009-2013 by Jeff Mott. All rights reserved. -code.google.com/p/crypto-js/wiki/License -*/ -(function(){var h=CryptoJS,j=h.lib.WordArray;h.enc.Base64={stringify:function(b){var e=b.words,f=b.sigBytes,c=this._map;b.clamp();b=[];for(var a=0;a>>2]>>>24-8*(a%4)&255)<<16|(e[a+1>>>2]>>>24-8*((a+1)%4)&255)<<8|e[a+2>>>2]>>>24-8*((a+2)%4)&255,g=0;4>g&&a+0.75*g>>6*(3-g)&63));if(e=c.charAt(64))for(;b.length%4;)b.push(e);return b.join("")},parse:function(b){var e=b.length,f=this._map,c=f.charAt(64);c&&(c=b.indexOf(c),-1!=c&&(e=c));for(var c=[],a=0,d=0;d< -e;d++)if(d%4){var g=f.indexOf(b.charAt(d-1))<<2*(d%4),h=f.indexOf(b.charAt(d))>>>6-2*(d%4);c[a>>>2]|=(g|h)<<24-8*(a%4);a++}return j.create(c,a)},_map:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="}})(); - -/* -CryptoJS v3.1.2 md5-min.js -code.google.com/p/crypto-js -(c) 2009-2013 by Jeff Mott. All rights reserved. -code.google.com/p/crypto-js/wiki/License -*/ -(function(E){function h(a,f,g,j,p,h,k){a=a+(f&g|~f&j)+p+k;return(a<>>32-h)+f}function k(a,f,g,j,p,h,k){a=a+(f&j|g&~j)+p+k;return(a<>>32-h)+f}function l(a,f,g,j,h,k,l){a=a+(f^g^j)+h+l;return(a<>>32-k)+f}function n(a,f,g,j,h,k,l){a=a+(g^(f|~j))+h+l;return(a<>>32-k)+f}for(var r=CryptoJS,q=r.lib,F=q.WordArray,s=q.Hasher,q=r.algo,a=[],t=0;64>t;t++)a[t]=4294967296*E.abs(E.sin(t+1))|0;q=q.MD5=s.extend({_doReset:function(){this._hash=new F.init([1732584193,4023233417,2562383102,271733878])}, -_doProcessBlock:function(m,f){for(var g=0;16>g;g++){var j=f+g,p=m[j];m[j]=(p<<8|p>>>24)&16711935|(p<<24|p>>>8)&4278255360}var g=this._hash.words,j=m[f+0],p=m[f+1],q=m[f+2],r=m[f+3],s=m[f+4],t=m[f+5],u=m[f+6],v=m[f+7],w=m[f+8],x=m[f+9],y=m[f+10],z=m[f+11],A=m[f+12],B=m[f+13],C=m[f+14],D=m[f+15],b=g[0],c=g[1],d=g[2],e=g[3],b=h(b,c,d,e,j,7,a[0]),e=h(e,b,c,d,p,12,a[1]),d=h(d,e,b,c,q,17,a[2]),c=h(c,d,e,b,r,22,a[3]),b=h(b,c,d,e,s,7,a[4]),e=h(e,b,c,d,t,12,a[5]),d=h(d,e,b,c,u,17,a[6]),c=h(c,d,e,b,v,22,a[7]), -b=h(b,c,d,e,w,7,a[8]),e=h(e,b,c,d,x,12,a[9]),d=h(d,e,b,c,y,17,a[10]),c=h(c,d,e,b,z,22,a[11]),b=h(b,c,d,e,A,7,a[12]),e=h(e,b,c,d,B,12,a[13]),d=h(d,e,b,c,C,17,a[14]),c=h(c,d,e,b,D,22,a[15]),b=k(b,c,d,e,p,5,a[16]),e=k(e,b,c,d,u,9,a[17]),d=k(d,e,b,c,z,14,a[18]),c=k(c,d,e,b,j,20,a[19]),b=k(b,c,d,e,t,5,a[20]),e=k(e,b,c,d,y,9,a[21]),d=k(d,e,b,c,D,14,a[22]),c=k(c,d,e,b,s,20,a[23]),b=k(b,c,d,e,x,5,a[24]),e=k(e,b,c,d,C,9,a[25]),d=k(d,e,b,c,r,14,a[26]),c=k(c,d,e,b,w,20,a[27]),b=k(b,c,d,e,B,5,a[28]),e=k(e,b, -c,d,q,9,a[29]),d=k(d,e,b,c,v,14,a[30]),c=k(c,d,e,b,A,20,a[31]),b=l(b,c,d,e,t,4,a[32]),e=l(e,b,c,d,w,11,a[33]),d=l(d,e,b,c,z,16,a[34]),c=l(c,d,e,b,C,23,a[35]),b=l(b,c,d,e,p,4,a[36]),e=l(e,b,c,d,s,11,a[37]),d=l(d,e,b,c,v,16,a[38]),c=l(c,d,e,b,y,23,a[39]),b=l(b,c,d,e,B,4,a[40]),e=l(e,b,c,d,j,11,a[41]),d=l(d,e,b,c,r,16,a[42]),c=l(c,d,e,b,u,23,a[43]),b=l(b,c,d,e,x,4,a[44]),e=l(e,b,c,d,A,11,a[45]),d=l(d,e,b,c,D,16,a[46]),c=l(c,d,e,b,q,23,a[47]),b=n(b,c,d,e,j,6,a[48]),e=n(e,b,c,d,v,10,a[49]),d=n(d,e,b,c, -C,15,a[50]),c=n(c,d,e,b,t,21,a[51]),b=n(b,c,d,e,A,6,a[52]),e=n(e,b,c,d,r,10,a[53]),d=n(d,e,b,c,y,15,a[54]),c=n(c,d,e,b,p,21,a[55]),b=n(b,c,d,e,w,6,a[56]),e=n(e,b,c,d,D,10,a[57]),d=n(d,e,b,c,u,15,a[58]),c=n(c,d,e,b,B,21,a[59]),b=n(b,c,d,e,s,6,a[60]),e=n(e,b,c,d,z,10,a[61]),d=n(d,e,b,c,q,15,a[62]),c=n(c,d,e,b,x,21,a[63]);g[0]=g[0]+b|0;g[1]=g[1]+c|0;g[2]=g[2]+d|0;g[3]=g[3]+e|0},_doFinalize:function(){var a=this._data,f=a.words,g=8*this._nDataBytes,j=8*a.sigBytes;f[j>>>5]|=128<<24-j%32;var h=E.floor(g/ -4294967296);f[(j+64>>>9<<4)+15]=(h<<8|h>>>24)&16711935|(h<<24|h>>>8)&4278255360;f[(j+64>>>9<<4)+14]=(g<<8|g>>>24)&16711935|(g<<24|g>>>8)&4278255360;a.sigBytes=4*(f.length+1);this._process();a=this._hash;f=a.words;for(g=0;4>g;g++)j=f[g],f[g]=(j<<8|j>>>24)&16711935|(j<<24|j>>>8)&4278255360;return a},clone:function(){var a=s.clone.call(this);a._hash=this._hash.clone();return a}});r.MD5=s._createHelper(q);r.HmacMD5=s._createHmacHelper(q)})(Math); - -/* -CryptoJS v3.1.2 sha1-min.js -code.google.com/p/crypto-js -(c) 2009-2013 by Jeff Mott. All rights reserved. -code.google.com/p/crypto-js/wiki/License -*/ -(function(){var k=CryptoJS,b=k.lib,m=b.WordArray,l=b.Hasher,d=[],b=k.algo.SHA1=l.extend({_doReset:function(){this._hash=new m.init([1732584193,4023233417,2562383102,271733878,3285377520])},_doProcessBlock:function(n,p){for(var a=this._hash.words,e=a[0],f=a[1],h=a[2],j=a[3],b=a[4],c=0;80>c;c++){if(16>c)d[c]=n[p+c]|0;else{var g=d[c-3]^d[c-8]^d[c-14]^d[c-16];d[c]=g<<1|g>>>31}g=(e<<5|e>>>27)+b+d[c];g=20>c?g+((f&h|~f&j)+1518500249):40>c?g+((f^h^j)+1859775393):60>c?g+((f&h|f&j|h&j)-1894007588):g+((f^h^ -j)-899497514);b=j;j=h;h=f<<30|f>>>2;f=e;e=g}a[0]=a[0]+e|0;a[1]=a[1]+f|0;a[2]=a[2]+h|0;a[3]=a[3]+j|0;a[4]=a[4]+b|0},_doFinalize:function(){var b=this._data,d=b.words,a=8*this._nDataBytes,e=8*b.sigBytes;d[e>>>5]|=128<<24-e%32;d[(e+64>>>9<<4)+14]=Math.floor(a/4294967296);d[(e+64>>>9<<4)+15]=a;b.sigBytes=4*d.length;this._process();return this._hash},clone:function(){var b=l.clone.call(this);b._hash=this._hash.clone();return b}});k.SHA1=l._createHelper(b);k.HmacSHA1=l._createHmacHelper(b)})(); - -/* -CryptoJS v3.1.2 sha256-min.js -code.google.com/p/crypto-js -(c) 2009-2013 by Jeff Mott. All rights reserved. -code.google.com/p/crypto-js/wiki/License -*/ -(function(k){for(var g=CryptoJS,h=g.lib,v=h.WordArray,j=h.Hasher,h=g.algo,s=[],t=[],u=function(q){return 4294967296*(q-(q|0))|0},l=2,b=0;64>b;){var d;a:{d=l;for(var w=k.sqrt(d),r=2;r<=w;r++)if(!(d%r)){d=!1;break a}d=!0}d&&(8>b&&(s[b]=u(k.pow(l,0.5))),t[b]=u(k.pow(l,1/3)),b++);l++}var n=[],h=h.SHA256=j.extend({_doReset:function(){this._hash=new v.init(s.slice(0))},_doProcessBlock:function(q,h){for(var a=this._hash.words,c=a[0],d=a[1],b=a[2],k=a[3],f=a[4],g=a[5],j=a[6],l=a[7],e=0;64>e;e++){if(16>e)n[e]= -q[h+e]|0;else{var m=n[e-15],p=n[e-2];n[e]=((m<<25|m>>>7)^(m<<14|m>>>18)^m>>>3)+n[e-7]+((p<<15|p>>>17)^(p<<13|p>>>19)^p>>>10)+n[e-16]}m=l+((f<<26|f>>>6)^(f<<21|f>>>11)^(f<<7|f>>>25))+(f&g^~f&j)+t[e]+n[e];p=((c<<30|c>>>2)^(c<<19|c>>>13)^(c<<10|c>>>22))+(c&d^c&b^d&b);l=j;j=g;g=f;f=k+m|0;k=b;b=d;d=c;c=m+p|0}a[0]=a[0]+c|0;a[1]=a[1]+d|0;a[2]=a[2]+b|0;a[3]=a[3]+k|0;a[4]=a[4]+f|0;a[5]=a[5]+g|0;a[6]=a[6]+j|0;a[7]=a[7]+l|0},_doFinalize:function(){var d=this._data,b=d.words,a=8*this._nDataBytes,c=8*d.sigBytes; -b[c>>>5]|=128<<24-c%32;b[(c+64>>>9<<4)+14]=k.floor(a/4294967296);b[(c+64>>>9<<4)+15]=a;d.sigBytes=4*b.length;this._process();return this._hash},clone:function(){var b=j.clone.call(this);b._hash=this._hash.clone();return b}});g.SHA256=j._createHelper(h);g.HmacSHA256=j._createHmacHelper(h)})(Math); - -/* -CryptoJS v3.1.2 sha224-min.js -code.google.com/p/crypto-js -(c) 2009-2013 by Jeff Mott. All rights reserved. -code.google.com/p/crypto-js/wiki/License -*/ -(function(){var b=CryptoJS,d=b.lib.WordArray,a=b.algo,c=a.SHA256,a=a.SHA224=c.extend({_doReset:function(){this._hash=new d.init([3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428])},_doFinalize:function(){var a=c._doFinalize.call(this);a.sigBytes-=4;return a}});b.SHA224=c._createHelper(a);b.HmacSHA224=c._createHmacHelper(a)})(); - -/* -CryptoJS v3.1.2 sha512-min.js -code.google.com/p/crypto-js -(c) 2009-2013 by Jeff Mott. All rights reserved. -code.google.com/p/crypto-js/wiki/License -*/ -(function(){function a(){return d.create.apply(d,arguments)}for(var n=CryptoJS,r=n.lib.Hasher,e=n.x64,d=e.Word,T=e.WordArray,e=n.algo,ea=[a(1116352408,3609767458),a(1899447441,602891725),a(3049323471,3964484399),a(3921009573,2173295548),a(961987163,4081628472),a(1508970993,3053834265),a(2453635748,2937671579),a(2870763221,3664609560),a(3624381080,2734883394),a(310598401,1164996542),a(607225278,1323610764),a(1426881987,3590304994),a(1925078388,4068182383),a(2162078206,991336113),a(2614888103,633803317), -a(3248222580,3479774868),a(3835390401,2666613458),a(4022224774,944711139),a(264347078,2341262773),a(604807628,2007800933),a(770255983,1495990901),a(1249150122,1856431235),a(1555081692,3175218132),a(1996064986,2198950837),a(2554220882,3999719339),a(2821834349,766784016),a(2952996808,2566594879),a(3210313671,3203337956),a(3336571891,1034457026),a(3584528711,2466948901),a(113926993,3758326383),a(338241895,168717936),a(666307205,1188179964),a(773529912,1546045734),a(1294757372,1522805485),a(1396182291, -2643833823),a(1695183700,2343527390),a(1986661051,1014477480),a(2177026350,1206759142),a(2456956037,344077627),a(2730485921,1290863460),a(2820302411,3158454273),a(3259730800,3505952657),a(3345764771,106217008),a(3516065817,3606008344),a(3600352804,1432725776),a(4094571909,1467031594),a(275423344,851169720),a(430227734,3100823752),a(506948616,1363258195),a(659060556,3750685593),a(883997877,3785050280),a(958139571,3318307427),a(1322822218,3812723403),a(1537002063,2003034995),a(1747873779,3602036899), -a(1955562222,1575990012),a(2024104815,1125592928),a(2227730452,2716904306),a(2361852424,442776044),a(2428436474,593698344),a(2756734187,3733110249),a(3204031479,2999351573),a(3329325298,3815920427),a(3391569614,3928383900),a(3515267271,566280711),a(3940187606,3454069534),a(4118630271,4000239992),a(116418474,1914138554),a(174292421,2731055270),a(289380356,3203993006),a(460393269,320620315),a(685471733,587496836),a(852142971,1086792851),a(1017036298,365543100),a(1126000580,2618297676),a(1288033470, -3409855158),a(1501505948,4234509866),a(1607167915,987167468),a(1816402316,1246189591)],v=[],w=0;80>w;w++)v[w]=a();e=e.SHA512=r.extend({_doReset:function(){this._hash=new T.init([new d.init(1779033703,4089235720),new d.init(3144134277,2227873595),new d.init(1013904242,4271175723),new d.init(2773480762,1595750129),new d.init(1359893119,2917565137),new d.init(2600822924,725511199),new d.init(528734635,4215389547),new d.init(1541459225,327033209)])},_doProcessBlock:function(a,d){for(var f=this._hash.words, -F=f[0],e=f[1],n=f[2],r=f[3],G=f[4],H=f[5],I=f[6],f=f[7],w=F.high,J=F.low,X=e.high,K=e.low,Y=n.high,L=n.low,Z=r.high,M=r.low,$=G.high,N=G.low,aa=H.high,O=H.low,ba=I.high,P=I.low,ca=f.high,Q=f.low,k=w,g=J,z=X,x=K,A=Y,y=L,U=Z,B=M,l=$,h=N,R=aa,C=O,S=ba,D=P,V=ca,E=Q,m=0;80>m;m++){var s=v[m];if(16>m)var j=s.high=a[d+2*m]|0,b=s.low=a[d+2*m+1]|0;else{var j=v[m-15],b=j.high,p=j.low,j=(b>>>1|p<<31)^(b>>>8|p<<24)^b>>>7,p=(p>>>1|b<<31)^(p>>>8|b<<24)^(p>>>7|b<<25),u=v[m-2],b=u.high,c=u.low,u=(b>>>19|c<<13)^(b<< -3|c>>>29)^b>>>6,c=(c>>>19|b<<13)^(c<<3|b>>>29)^(c>>>6|b<<26),b=v[m-7],W=b.high,t=v[m-16],q=t.high,t=t.low,b=p+b.low,j=j+W+(b>>>0

    >>0?1:0),b=b+c,j=j+u+(b>>>0>>0?1:0),b=b+t,j=j+q+(b>>>0>>0?1:0);s.high=j;s.low=b}var W=l&R^~l&S,t=h&C^~h&D,s=k&z^k&A^z&A,T=g&x^g&y^x&y,p=(k>>>28|g<<4)^(k<<30|g>>>2)^(k<<25|g>>>7),u=(g>>>28|k<<4)^(g<<30|k>>>2)^(g<<25|k>>>7),c=ea[m],fa=c.high,da=c.low,c=E+((h>>>14|l<<18)^(h>>>18|l<<14)^(h<<23|l>>>9)),q=V+((l>>>14|h<<18)^(l>>>18|h<<14)^(l<<23|h>>>9))+(c>>>0>>0?1: -0),c=c+t,q=q+W+(c>>>0>>0?1:0),c=c+da,q=q+fa+(c>>>0>>0?1:0),c=c+b,q=q+j+(c>>>0>>0?1:0),b=u+T,s=p+s+(b>>>0>>0?1:0),V=S,E=D,S=R,D=C,R=l,C=h,h=B+c|0,l=U+q+(h>>>0>>0?1:0)|0,U=A,B=y,A=z,y=x,z=k,x=g,g=c+b|0,k=q+s+(g>>>0>>0?1:0)|0}J=F.low=J+g;F.high=w+k+(J>>>0>>0?1:0);K=e.low=K+x;e.high=X+z+(K>>>0>>0?1:0);L=n.low=L+y;n.high=Y+A+(L>>>0>>0?1:0);M=r.low=M+B;r.high=Z+U+(M>>>0>>0?1:0);N=G.low=N+h;G.high=$+l+(N>>>0>>0?1:0);O=H.low=O+C;H.high=aa+R+(O>>>0>>0?1:0);P=I.low=P+D; -I.high=ba+S+(P>>>0>>0?1:0);Q=f.low=Q+E;f.high=ca+V+(Q>>>0>>0?1:0)},_doFinalize:function(){var a=this._data,d=a.words,f=8*this._nDataBytes,e=8*a.sigBytes;d[e>>>5]|=128<<24-e%32;d[(e+128>>>10<<5)+30]=Math.floor(f/4294967296);d[(e+128>>>10<<5)+31]=f;a.sigBytes=4*d.length;this._process();return this._hash.toX32()},clone:function(){var a=r.clone.call(this);a._hash=this._hash.clone();return a},blockSize:32});n.SHA512=r._createHelper(e);n.HmacSHA512=r._createHmacHelper(e)})(); - -/* -CryptoJS v3.1.2 sha384-min.js -code.google.com/p/crypto-js -(c) 2009-2013 by Jeff Mott. All rights reserved. -code.google.com/p/crypto-js/wiki/License -*/ -(function(){var c=CryptoJS,a=c.x64,b=a.Word,e=a.WordArray,a=c.algo,d=a.SHA512,a=a.SHA384=d.extend({_doReset:function(){this._hash=new e.init([new b.init(3418070365,3238371032),new b.init(1654270250,914150663),new b.init(2438529370,812702999),new b.init(355462360,4144912697),new b.init(1731405415,4290775857),new b.init(2394180231,1750603025),new b.init(3675008525,1694076839),new b.init(1203062813,3204075428)])},_doFinalize:function(){var a=d._doFinalize.call(this);a.sigBytes-=16;return a}});c.SHA384= -d._createHelper(a);c.HmacSHA384=d._createHmacHelper(a)})(); - -/* -CryptoJS v3.1.2 ripemd160-min.js -code.google.com/p/crypto-js -(c) 2009-2013 by Jeff Mott. All rights reserved. -code.google.com/p/crypto-js/wiki/License -*/ -/* - -(c) 2012 by Cedric Mesnil. All rights reserved. - -Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - - - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ -(function(){var q=CryptoJS,d=q.lib,n=d.WordArray,p=d.Hasher,d=q.algo,x=n.create([0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13]),y=n.create([5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11]),z=n.create([11,14,15,12, -5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6]),A=n.create([8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11]),B=n.create([0,1518500249,1859775393,2400959708,2840853838]),C=n.create([1352829926,1548603684,1836072691, -2053994217,0]),d=d.RIPEMD160=p.extend({_doReset:function(){this._hash=n.create([1732584193,4023233417,2562383102,271733878,3285377520])},_doProcessBlock:function(e,v){for(var b=0;16>b;b++){var c=v+b,f=e[c];e[c]=(f<<8|f>>>24)&16711935|(f<<24|f>>>8)&4278255360}var c=this._hash.words,f=B.words,d=C.words,n=x.words,q=y.words,p=z.words,w=A.words,t,g,h,j,r,u,k,l,m,s;u=t=c[0];k=g=c[1];l=h=c[2];m=j=c[3];s=r=c[4];for(var a,b=0;80>b;b+=1)a=t+e[v+n[b]]|0,a=16>b?a+((g^h^j)+f[0]):32>b?a+((g&h|~g&j)+f[1]):48>b? -a+(((g|~h)^j)+f[2]):64>b?a+((g&j|h&~j)+f[3]):a+((g^(h|~j))+f[4]),a|=0,a=a<>>32-p[b],a=a+r|0,t=r,r=j,j=h<<10|h>>>22,h=g,g=a,a=u+e[v+q[b]]|0,a=16>b?a+((k^(l|~m))+d[0]):32>b?a+((k&m|l&~m)+d[1]):48>b?a+(((k|~l)^m)+d[2]):64>b?a+((k&l|~k&m)+d[3]):a+((k^l^m)+d[4]),a|=0,a=a<>>32-w[b],a=a+s|0,u=s,s=m,m=l<<10|l>>>22,l=k,k=a;a=c[1]+h+m|0;c[1]=c[2]+j+s|0;c[2]=c[3]+r+u|0;c[3]=c[4]+t+k|0;c[4]=c[0]+g+l|0;c[0]=a},_doFinalize:function(){var e=this._data,d=e.words,b=8*this._nDataBytes,c=8*e.sigBytes; -d[c>>>5]|=128<<24-c%32;d[(c+64>>>9<<4)+14]=(b<<8|b>>>24)&16711935|(b<<24|b>>>8)&4278255360;e.sigBytes=4*(d.length+1);this._process();e=this._hash;d=e.words;for(b=0;5>b;b++)c=d[b],d[b]=(c<<8|c>>>24)&16711935|(c<<24|c>>>8)&4278255360;return e},clone:function(){var d=p.clone.call(this);d._hash=this._hash.clone();return d}});q.RIPEMD160=p._createHelper(d);q.HmacRIPEMD160=p._createHmacHelper(d)})(Math); - -/* -CryptoJS v3.1.2 hmac-min.js -code.google.com/p/crypto-js -(c) 2009-2013 by Jeff Mott. All rights reserved. -code.google.com/p/crypto-js/wiki/License -*/ -(function(){var c=CryptoJS,k=c.enc.Utf8;c.algo.HMAC=c.lib.Base.extend({init:function(a,b){a=this._hasher=new a.init;"string"==typeof b&&(b=k.parse(b));var c=a.blockSize,e=4*c;b.sigBytes>e&&(b=a.finalize(b));b.clamp();for(var f=this._oKey=b.clone(),g=this._iKey=b.clone(),h=f.words,j=g.words,d=0;d>6)+b64map.charAt(e&63)}if(b+1==d.length){e=parseInt(d.substring(b,b+1),16);a+=b64map.charAt(e<<2)}else{if(b+2==d.length){e=parseInt(d.substring(b,b+2),16);a+=b64map.charAt(e>>2)+b64map.charAt((e&3)<<4)}}if(b64pad){while((a.length&3)>0){a+=b64pad}}return a}function b64tohex(f){var d="";var e;var b=0;var c;var a;for(e=0;e>2);c=a&3;b=1}else{if(b==1){d+=int2char((c<<2)|(a>>4));c=a&15;b=2}else{if(b==2){d+=int2char(c);d+=int2char(a>>2);c=a&3;b=3}else{d+=int2char((c<<2)|(a>>4));d+=int2char(a&15);b=0}}}}if(b==1){d+=int2char(c<<2)}return d}function b64toBA(e){var d=b64tohex(e);var c;var b=new Array();for(c=0;2*c=0){var d=a*this[f++]+b[e]+h;h=Math.floor(d/67108864);b[e++]=d&67108863}return h}function am2(f,q,r,e,o,a){var k=q&32767,p=q>>15;while(--a>=0){var d=this[f]&32767;var g=this[f++]>>15;var b=p*d+g*k;d=k*d+((b&32767)<<15)+r[e]+(o&1073741823);o=(d>>>30)+(b>>>15)+p*g+(o>>>30);r[e++]=d&1073741823}return o}function am3(f,q,r,e,o,a){var k=q&16383,p=q>>14;while(--a>=0){var d=this[f]&16383;var g=this[f++]>>14;var b=p*d+g*k;d=k*d+((b&16383)<<14)+r[e]+o;o=(d>>28)+(b>>14)+p*g;r[e++]=d&268435455}return o}if(j_lm&&(navigator.appName=="Microsoft Internet Explorer")){BigInteger.prototype.am=am2;dbits=30}else{if(j_lm&&(navigator.appName!="Netscape")){BigInteger.prototype.am=am1;dbits=26}else{BigInteger.prototype.am=am3;dbits=28}}BigInteger.prototype.DB=dbits;BigInteger.prototype.DM=((1<=0;--a){b[a]=this[a]}b.t=this.t;b.s=this.s}function bnpFromInt(a){this.t=1;this.s=(a<0)?-1:0;if(a>0){this[0]=a}else{if(a<-1){this[0]=a+this.DV}else{this.t=0}}}function nbv(a){var b=nbi();b.fromInt(a);return b}function bnpFromString(h,c){var e;if(c==16){e=4}else{if(c==8){e=3}else{if(c==256){e=8}else{if(c==2){e=1}else{if(c==32){e=5}else{if(c==4){e=2}else{this.fromRadix(h,c);return}}}}}}this.t=0;this.s=0;var g=h.length,d=false,f=0;while(--g>=0){var a=(e==8)?h[g]&255:intAt(h,g);if(a<0){if(h.charAt(g)=="-"){d=true}continue}d=false;if(f==0){this[this.t++]=a}else{if(f+e>this.DB){this[this.t-1]|=(a&((1<<(this.DB-f))-1))<>(this.DB-f))}else{this[this.t-1]|=a<=this.DB){f-=this.DB}}if(e==8&&(h[0]&128)!=0){this.s=-1;if(f>0){this[this.t-1]|=((1<<(this.DB-f))-1)<0&&this[this.t-1]==a){--this.t}}function bnToString(c){if(this.s<0){return"-"+this.negate().toString(c)}var e;if(c==16){e=4}else{if(c==8){e=3}else{if(c==2){e=1}else{if(c==32){e=5}else{if(c==4){e=2}else{return this.toRadix(c)}}}}}var g=(1<0){if(j>j)>0){a=true;h=int2char(l)}while(f>=0){if(j>(j+=this.DB-e)}else{l=(this[f]>>(j-=e))&g;if(j<=0){j+=this.DB;--f}}if(l>0){a=true}if(a){h+=int2char(l)}}}return a?h:"0"}function bnNegate(){var a=nbi();BigInteger.ZERO.subTo(this,a);return a}function bnAbs(){return(this.s<0)?this.negate():this}function bnCompareTo(b){var d=this.s-b.s;if(d!=0){return d}var c=this.t;d=c-b.t;if(d!=0){return(this.s<0)?-d:d}while(--c>=0){if((d=this[c]-b[c])!=0){return d}}return 0}function nbits(a){var c=1,b;if((b=a>>>16)!=0){a=b;c+=16}if((b=a>>8)!=0){a=b;c+=8}if((b=a>>4)!=0){a=b;c+=4}if((b=a>>2)!=0){a=b;c+=2}if((b=a>>1)!=0){a=b;c+=1}return c}function bnBitLength(){if(this.t<=0){return 0}return this.DB*(this.t-1)+nbits(this[this.t-1]^(this.s&this.DM))}function bnpDLShiftTo(c,b){var a;for(a=this.t-1;a>=0;--a){b[a+c]=this[a]}for(a=c-1;a>=0;--a){b[a]=0}b.t=this.t+c;b.s=this.s}function bnpDRShiftTo(c,b){for(var a=c;a=0;--d){e[d+f+1]=(this[d]>>a)|h;h=(this[d]&g)<=0;--d){e[d]=0}e[f]=h;e.t=this.t+f+1;e.s=this.s;e.clamp()}function bnpRShiftTo(g,d){d.s=this.s;var e=Math.floor(g/this.DB);if(e>=this.t){d.t=0;return}var b=g%this.DB;var a=this.DB-b;var f=(1<>b;for(var c=e+1;c>b}if(b>0){d[this.t-e-1]|=(this.s&f)<>=this.DB}if(d.t>=this.DB}g+=this.s}else{g+=this.s;while(e>=this.DB}g-=d.s}f.s=(g<0)?-1:0;if(g<-1){f[e++]=this.DV+g}else{if(g>0){f[e++]=g}}f.t=e;f.clamp()}function bnpMultiplyTo(c,e){var b=this.abs(),f=c.abs();var d=b.t;e.t=d+f.t;while(--d>=0){e[d]=0}for(d=0;d=0){d[b]=0}for(b=0;b=a.DV){d[b+a.t]-=a.DV;d[b+a.t+1]=1}}if(d.t>0){d[d.t-1]+=a.am(b,a[b],d,2*b,0,1)}d.s=0;d.clamp()}function bnpDivRemTo(n,h,g){var w=n.abs();if(w.t<=0){return}var k=this.abs();if(k.t0){w.lShiftTo(v,d);k.lShiftTo(v,g)}else{w.copyTo(d);k.copyTo(g)}var p=d.t;var b=d[p-1];if(b==0){return}var o=b*(1<1)?d[p-2]>>this.F2:0);var A=this.FV/o,z=(1<=0){g[g.t++]=1;g.subTo(f,g)}BigInteger.ONE.dlShiftTo(p,f);f.subTo(d,d);while(d.t=0){var c=(g[--u]==b)?this.DM:Math.floor(g[u]*A+(g[u-1]+x)*z);if((g[u]+=d.am(0,c,g,s,0,p))0){g.rShiftTo(v,g)}if(a<0){BigInteger.ZERO.subTo(g,g)}}function bnMod(b){var c=nbi();this.abs().divRemTo(b,null,c);if(this.s<0&&c.compareTo(BigInteger.ZERO)>0){b.subTo(c,c)}return c}function Classic(a){this.m=a}function cConvert(a){if(a.s<0||a.compareTo(this.m)>=0){return a.mod(this.m)}else{return a}}function cRevert(a){return a}function cReduce(a){a.divRemTo(this.m,null,a)}function cMulTo(a,c,b){a.multiplyTo(c,b);this.reduce(b)}function cSqrTo(a,b){a.squareTo(b);this.reduce(b)}Classic.prototype.convert=cConvert;Classic.prototype.revert=cRevert;Classic.prototype.reduce=cReduce;Classic.prototype.mulTo=cMulTo;Classic.prototype.sqrTo=cSqrTo;function bnpInvDigit(){if(this.t<1){return 0}var a=this[0];if((a&1)==0){return 0}var b=a&3;b=(b*(2-(a&15)*b))&15;b=(b*(2-(a&255)*b))&255;b=(b*(2-(((a&65535)*b)&65535)))&65535;b=(b*(2-a*b%this.DV))%this.DV;return(b>0)?this.DV-b:-b}function Montgomery(a){this.m=a;this.mp=a.invDigit();this.mpl=this.mp&32767;this.mph=this.mp>>15;this.um=(1<<(a.DB-15))-1;this.mt2=2*a.t}function montConvert(a){var b=nbi();a.abs().dlShiftTo(this.m.t,b);b.divRemTo(this.m,null,b);if(a.s<0&&b.compareTo(BigInteger.ZERO)>0){this.m.subTo(b,b)}return b}function montRevert(a){var b=nbi();a.copyTo(b);this.reduce(b);return b}function montReduce(a){while(a.t<=this.mt2){a[a.t++]=0}for(var c=0;c>15)*this.mpl)&this.um)<<15))&a.DM;b=c+this.m.t;a[b]+=this.m.am(0,d,a,c,0,this.m.t);while(a[b]>=a.DV){a[b]-=a.DV;a[++b]++}}a.clamp();a.drShiftTo(this.m.t,a);if(a.compareTo(this.m)>=0){a.subTo(this.m,a)}}function montSqrTo(a,b){a.squareTo(b);this.reduce(b)}function montMulTo(a,c,b){a.multiplyTo(c,b);this.reduce(b)}Montgomery.prototype.convert=montConvert;Montgomery.prototype.revert=montRevert;Montgomery.prototype.reduce=montReduce;Montgomery.prototype.mulTo=montMulTo;Montgomery.prototype.sqrTo=montSqrTo;function bnpIsEven(){return((this.t>0)?(this[0]&1):this.s)==0}function bnpExp(h,j){if(h>4294967295||h<1){return BigInteger.ONE}var f=nbi(),a=nbi(),d=j.convert(this),c=nbits(h)-1;d.copyTo(f);while(--c>=0){j.sqrTo(f,a);if((h&(1<0){j.mulTo(a,d,f)}else{var b=f;f=a;a=b}}return j.revert(f)}function bnModPowInt(b,a){var c;if(b<256||a.isEven()){c=new Classic(a)}else{c=new Montgomery(a)}return this.exp(b,c)}BigInteger.prototype.copyTo=bnpCopyTo;BigInteger.prototype.fromInt=bnpFromInt;BigInteger.prototype.fromString=bnpFromString;BigInteger.prototype.clamp=bnpClamp;BigInteger.prototype.dlShiftTo=bnpDLShiftTo;BigInteger.prototype.drShiftTo=bnpDRShiftTo;BigInteger.prototype.lShiftTo=bnpLShiftTo;BigInteger.prototype.rShiftTo=bnpRShiftTo;BigInteger.prototype.subTo=bnpSubTo;BigInteger.prototype.multiplyTo=bnpMultiplyTo;BigInteger.prototype.squareTo=bnpSquareTo;BigInteger.prototype.divRemTo=bnpDivRemTo;BigInteger.prototype.invDigit=bnpInvDigit;BigInteger.prototype.isEven=bnpIsEven;BigInteger.prototype.exp=bnpExp;BigInteger.prototype.toString=bnToString;BigInteger.prototype.negate=bnNegate;BigInteger.prototype.abs=bnAbs;BigInteger.prototype.compareTo=bnCompareTo;BigInteger.prototype.bitLength=bnBitLength;BigInteger.prototype.mod=bnMod;BigInteger.prototype.modPowInt=bnModPowInt;BigInteger.ZERO=nbv(0);BigInteger.ONE=nbv(1); -/*! (c) Tom Wu | http://www-cs-students.stanford.edu/~tjw/jsbn/ - */ -function bnClone(){var a=nbi();this.copyTo(a);return a}function bnIntValue(){if(this.s<0){if(this.t==1){return this[0]-this.DV}else{if(this.t==0){return -1}}}else{if(this.t==1){return this[0]}else{if(this.t==0){return 0}}}return((this[1]&((1<<(32-this.DB))-1))<>24}function bnShortValue(){return(this.t==0)?this.s:(this[0]<<16)>>16}function bnpChunkSize(a){return Math.floor(Math.LN2*this.DB/Math.log(a))}function bnSigNum(){if(this.s<0){return -1}else{if(this.t<=0||(this.t==1&&this[0]<=0)){return 0}else{return 1}}}function bnpToRadix(c){if(c==null){c=10}if(this.signum()==0||c<2||c>36){return"0"}var f=this.chunkSize(c);var e=Math.pow(c,f);var i=nbv(e),j=nbi(),h=nbi(),g="";this.divRemTo(i,j,h);while(j.signum()>0){g=(e+h.intValue()).toString(c).substr(1)+g;j.divRemTo(i,j,h)}return h.intValue().toString(c)+g}function bnpFromRadix(m,h){this.fromInt(0);if(h==null){h=10}var f=this.chunkSize(h);var g=Math.pow(h,f),e=false,a=0,l=0;for(var c=0;c=f){this.dMultiply(g);this.dAddOffset(l,0);a=0;l=0}}if(a>0){this.dMultiply(Math.pow(h,a));this.dAddOffset(l,0)}if(e){BigInteger.ZERO.subTo(this,this)}}function bnpFromNumber(f,e,h){if("number"==typeof e){if(f<2){this.fromInt(1)}else{this.fromNumber(f,h);if(!this.testBit(f-1)){this.bitwiseTo(BigInteger.ONE.shiftLeft(f-1),op_or,this)}if(this.isEven()){this.dAddOffset(1,0)}while(!this.isProbablePrime(e)){this.dAddOffset(2,0);if(this.bitLength()>f){this.subTo(BigInteger.ONE.shiftLeft(f-1),this)}}}}else{var d=new Array(),g=f&7;d.length=(f>>3)+1;e.nextBytes(d);if(g>0){d[0]&=((1<0){if(e>e)!=(this.s&this.DM)>>e){c[a++]=f|(this.s<<(this.DB-e))}while(b>=0){if(e<8){f=(this[b]&((1<>(e+=this.DB-8)}else{f=(this[b]>>(e-=8))&255;if(e<=0){e+=this.DB;--b}}if((f&128)!=0){f|=-256}if(a==0&&(this.s&128)!=(f&128)){++a}if(a>0||f!=this.s){c[a++]=f}}}return c}function bnEquals(b){return(this.compareTo(b)==0)}function bnMin(b){return(this.compareTo(b)<0)?this:b}function bnMax(b){return(this.compareTo(b)>0)?this:b}function bnpBitwiseTo(c,h,e){var d,g,b=Math.min(c.t,this.t);for(d=0;d>=16;b+=16}if((a&255)==0){a>>=8;b+=8}if((a&15)==0){a>>=4;b+=4}if((a&3)==0){a>>=2;b+=2}if((a&1)==0){++b}return b}function bnGetLowestSetBit(){for(var a=0;a=this.t){return(this.s!=0)}return((this[a]&(1<<(b%this.DB)))!=0)}function bnpChangeBit(c,b){var a=BigInteger.ONE.shiftLeft(c);this.bitwiseTo(a,b,a);return a}function bnSetBit(a){return this.changeBit(a,op_or)}function bnClearBit(a){return this.changeBit(a,op_andnot)}function bnFlipBit(a){return this.changeBit(a,op_xor)}function bnpAddTo(d,f){var e=0,g=0,b=Math.min(d.t,this.t);while(e>=this.DB}if(d.t>=this.DB}g+=this.s}else{g+=this.s;while(e>=this.DB}g+=d.s}f.s=(g<0)?-1:0;if(g>0){f[e++]=g}else{if(g<-1){f[e++]=this.DV+g}}f.t=e;f.clamp()}function bnAdd(b){var c=nbi();this.addTo(b,c);return c}function bnSubtract(b){var c=nbi();this.subTo(b,c);return c}function bnMultiply(b){var c=nbi();this.multiplyTo(b,c);return c}function bnSquare(){var a=nbi();this.squareTo(a);return a}function bnDivide(b){var c=nbi();this.divRemTo(b,c,null);return c}function bnRemainder(b){var c=nbi();this.divRemTo(b,null,c);return c}function bnDivideAndRemainder(b){var d=nbi(),c=nbi();this.divRemTo(b,d,c);return new Array(d,c)}function bnpDMultiply(a){this[this.t]=this.am(0,a-1,this,0,0,this.t);++this.t;this.clamp()}function bnpDAddOffset(b,a){if(b==0){return}while(this.t<=a){this[this.t++]=0}this[a]+=b;while(this[a]>=this.DV){this[a]-=this.DV;if(++a>=this.t){this[this.t++]=0}++this[a]}}function NullExp(){}function nNop(a){return a}function nMulTo(a,c,b){a.multiplyTo(c,b)}function nSqrTo(a,b){a.squareTo(b)}NullExp.prototype.convert=nNop;NullExp.prototype.revert=nNop;NullExp.prototype.mulTo=nMulTo;NullExp.prototype.sqrTo=nSqrTo;function bnPow(a){return this.exp(a,new NullExp())}function bnpMultiplyLowerTo(b,f,e){var d=Math.min(this.t+b.t,f);e.s=0;e.t=d;while(d>0){e[--d]=0}var c;for(c=e.t-this.t;d=0){d[c]=0}for(c=Math.max(e-this.t,0);c2*this.m.t){return a.mod(this.m)}else{if(a.compareTo(this.m)<0){return a}else{var b=nbi();a.copyTo(b);this.reduce(b);return b}}}function barrettRevert(a){return a}function barrettReduce(a){a.drShiftTo(this.m.t-1,this.r2);if(a.t>this.m.t+1){a.t=this.m.t+1;a.clamp()}this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3);this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2);while(a.compareTo(this.r2)<0){a.dAddOffset(1,this.m.t+1)}a.subTo(this.r2,a);while(a.compareTo(this.m)>=0){a.subTo(this.m,a)}}function barrettSqrTo(a,b){a.squareTo(b);this.reduce(b)}function barrettMulTo(a,c,b){a.multiplyTo(c,b);this.reduce(b)}Barrett.prototype.convert=barrettConvert;Barrett.prototype.revert=barrettRevert;Barrett.prototype.reduce=barrettReduce;Barrett.prototype.mulTo=barrettMulTo;Barrett.prototype.sqrTo=barrettSqrTo;function bnModPow(q,f){var o=q.bitLength(),h,b=nbv(1),v;if(o<=0){return b}else{if(o<18){h=1}else{if(o<48){h=3}else{if(o<144){h=4}else{if(o<768){h=5}else{h=6}}}}}if(o<8){v=new Classic(f)}else{if(f.isEven()){v=new Barrett(f)}else{v=new Montgomery(f)}}var p=new Array(),d=3,s=h-1,a=(1<1){var A=nbi();v.sqrTo(p[1],A);while(d<=a){p[d]=nbi();v.mulTo(A,p[d-2],p[d]);d+=2}}var l=q.t-1,x,u=true,c=nbi(),y;o=nbits(q[l])-1;while(l>=0){if(o>=s){x=(q[l]>>(o-s))&a}else{x=(q[l]&((1<<(o+1))-1))<<(s-o);if(l>0){x|=q[l-1]>>(this.DB+o-s)}}d=h;while((x&1)==0){x>>=1;--d}if((o-=d)<0){o+=this.DB;--l}if(u){p[x].copyTo(b);u=false}else{while(d>1){v.sqrTo(b,c);v.sqrTo(c,b);d-=2}if(d>0){v.sqrTo(b,c)}else{y=b;b=c;c=y}v.mulTo(c,p[x],b)}while(l>=0&&(q[l]&(1<0){b.rShiftTo(f,b);h.rShiftTo(f,h)}while(b.signum()>0){if((d=b.getLowestSetBit())>0){b.rShiftTo(d,b)}if((d=h.getLowestSetBit())>0){h.rShiftTo(d,h)}if(b.compareTo(h)>=0){b.subTo(h,b);b.rShiftTo(1,b)}else{h.subTo(b,h);h.rShiftTo(1,h)}}if(f>0){h.lShiftTo(f,h)}return h}function bnpModInt(e){if(e<=0){return 0}var c=this.DV%e,b=(this.s<0)?e-1:0;if(this.t>0){if(c==0){b=this[0]%e}else{for(var a=this.t-1;a>=0;--a){b=(c*b+this[a])%e}}}return b}function bnModInverse(f){var j=f.isEven();if((this.isEven()&&j)||f.signum()==0){return BigInteger.ZERO}var i=f.clone(),h=this.clone();var g=nbv(1),e=nbv(0),l=nbv(0),k=nbv(1);while(i.signum()!=0){while(i.isEven()){i.rShiftTo(1,i);if(j){if(!g.isEven()||!e.isEven()){g.addTo(this,g);e.subTo(f,e)}g.rShiftTo(1,g)}else{if(!e.isEven()){e.subTo(f,e)}}e.rShiftTo(1,e)}while(h.isEven()){h.rShiftTo(1,h);if(j){if(!l.isEven()||!k.isEven()){l.addTo(this,l);k.subTo(f,k)}l.rShiftTo(1,l)}else{if(!k.isEven()){k.subTo(f,k)}}k.rShiftTo(1,k)}if(i.compareTo(h)>=0){i.subTo(h,i);if(j){g.subTo(l,g)}e.subTo(k,e)}else{h.subTo(i,h);if(j){l.subTo(g,l)}k.subTo(e,k)}}if(h.compareTo(BigInteger.ONE)!=0){return BigInteger.ZERO}if(k.compareTo(f)>=0){return k.subtract(f)}if(k.signum()<0){k.addTo(f,k)}else{return k}if(k.signum()<0){return k.add(f)}else{return k}}var lowprimes=[2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997];var lplim=(1<<26)/lowprimes[lowprimes.length-1];function bnIsProbablePrime(e){var d,b=this.abs();if(b.t==1&&b[0]<=lowprimes[lowprimes.length-1]){for(d=0;d>1;if(f>lowprimes.length){f=lowprimes.length}var b=nbi();for(var e=0;e>8)&255;rng_pool[rng_pptr++]^=(a>>16)&255;rng_pool[rng_pptr++]^=(a>>24)&255;if(rng_pptr>=rng_psize){rng_pptr-=rng_psize}}function rng_seed_time(){rng_seed_int(new Date().getTime())}if(rng_pool==null){rng_pool=new Array();rng_pptr=0;var t;if(window.crypto&&window.crypto.getRandomValues){var ua=new Uint8Array(32);window.crypto.getRandomValues(ua);for(t=0;t<32;++t){rng_pool[rng_pptr++]=ua[t]}}if(navigator.appName=="Netscape"&&navigator.appVersion<"5"&&window.crypto){var z=window.crypto.random(32);for(t=0;t>>8;rng_pool[rng_pptr++]=t&255}rng_pptr=0;rng_seed_time()}function rng_get_byte(){if(rng_state==null){rng_seed_time();rng_state=prng_newstate();rng_state.init(rng_pool);for(rng_pptr=0;rng_pptr=0&&h>0){var f=e.charCodeAt(d--);if(f<128){g[--h]=f}else{if((f>127)&&(f<2048)){g[--h]=(f&63)|128;g[--h]=(f>>6)|192}else{g[--h]=(f&63)|128;g[--h]=((f>>6)&63)|128;g[--h]=(f>>12)|224}}}g[--h]=0;var b=new SecureRandom();var a=new Array();while(h>2){a[0]=0;while(a[0]==0){b.nextBytes(a)}g[--h]=a[0]}g[--h]=2;g[--h]=0;return new BigInteger(g)}function oaep_mgf1_arr(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255])));d+=1}return b}var SHA1_SIZE=20;function oaep_pad(l,a,c){if(l.length+2*SHA1_SIZE+2>a){throw"Message too long for RSA"}var h="",d;for(d=0;d0&&a.length>0){this.n=parseBigInt(b,16);this.e=parseInt(a,16)}else{alert("Invalid RSA public key")}}}function RSADoPublic(a){return a.modPowInt(this.e,this.n)}function RSAEncrypt(d){var a=pkcs1pad2(d,(this.n.bitLength()+7)>>3);if(a==null){return null}var e=this.doPublic(a);if(e==null){return null}var b=e.toString(16);if((b.length&1)==0){return b}else{return"0"+b}}function RSAEncryptOAEP(e,d){var a=oaep_pad(e,(this.n.bitLength()+7)>>3,d);if(a==null){return null}var f=this.doPublic(a);if(f==null){return null}var b=f.toString(16);if((b.length&1)==0){return b}else{return"0"+b}}RSAKey.prototype.doPublic=RSADoPublic;RSAKey.prototype.setPublic=RSASetPublic;RSAKey.prototype.encrypt=RSAEncrypt;RSAKey.prototype.encryptOAEP=RSAEncryptOAEP;RSAKey.prototype.type="RSA"; -/*! (c) Tom Wu | http://www-cs-students.stanford.edu/~tjw/jsbn/ - */ -function pkcs1unpad2(g,j){var a=g.toByteArray();var f=0;while(f=a.length){return null}}var e="";while(++f191)&&(h<224)){e+=String.fromCharCode(((h&31)<<6)|(a[f+1]&63));++f}else{e+=String.fromCharCode(((h&15)<<12)|((a[f+1]&63)<<6)|(a[f+2]&63));f+=2}}}return e}function oaep_mgf1_str(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255]));d+=1}return b}var SHA1_SIZE=20;function oaep_unpad(l,b,e){l=l.toByteArray();var f;for(f=0;f0&&a.length>0){this.n=parseBigInt(c,16);this.e=parseInt(a,16);this.d=parseBigInt(b,16)}else{alert("Invalid RSA private key")}}}function RSASetPrivateEx(g,d,e,c,b,a,h,f){this.isPrivate=true;if(g==null){throw"RSASetPrivateEx N == null"}if(d==null){throw"RSASetPrivateEx E == null"}if(g.length==0){throw"RSASetPrivateEx N.length == 0"}if(d.length==0){throw"RSASetPrivateEx E.length == 0"}if(g!=null&&d!=null&&g.length>0&&d.length>0){this.n=parseBigInt(g,16);this.e=parseInt(d,16);this.d=parseBigInt(e,16);this.p=parseBigInt(c,16);this.q=parseBigInt(b,16);this.dmp1=parseBigInt(a,16);this.dmq1=parseBigInt(h,16);this.coeff=parseBigInt(f,16)}else{alert("Invalid RSA private key in RSASetPrivateEx")}}function RSAGenerate(b,i){var a=new SecureRandom();var f=b>>1;this.e=parseInt(i,16);var c=new BigInteger(i,16);for(;;){for(;;){this.p=new BigInteger(b-f,1,a);if(this.p.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.p.isProbablePrime(10)){break}}for(;;){this.q=new BigInteger(f,1,a);if(this.q.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.q.isProbablePrime(10)){break}}if(this.p.compareTo(this.q)<=0){var h=this.p;this.p=this.q;this.q=h}var g=this.p.subtract(BigInteger.ONE);var d=this.q.subtract(BigInteger.ONE);var e=g.multiply(d);if(e.gcd(c).compareTo(BigInteger.ONE)==0){this.n=this.p.multiply(this.q);this.d=c.modInverse(e);this.dmp1=this.d.mod(g);this.dmq1=this.d.mod(d);this.coeff=this.q.modInverse(this.p);break}}}function RSADoPrivate(a){if(this.p==null||this.q==null){return a.modPow(this.d,this.n)}var c=a.mod(this.p).modPow(this.dmp1,this.p);var b=a.mod(this.q).modPow(this.dmq1,this.q);while(c.compareTo(b)<0){c=c.add(this.p)}return c.subtract(b).multiply(this.coeff).mod(this.p).multiply(this.q).add(b)}function RSADecrypt(b){var d=parseBigInt(b,16);var a=this.doPrivate(d);if(a==null){return null}return pkcs1unpad2(a,(this.n.bitLength()+7)>>3)}function RSADecryptOAEP(d,b){var e=parseBigInt(d,16);var a=this.doPrivate(e);if(a==null){return null}return oaep_unpad(a,(this.n.bitLength()+7)>>3,b)}RSAKey.prototype.doPrivate=RSADoPrivate;RSAKey.prototype.setPrivate=RSASetPrivate;RSAKey.prototype.setPrivateEx=RSASetPrivateEx;RSAKey.prototype.generate=RSAGenerate;RSAKey.prototype.decrypt=RSADecrypt;RSAKey.prototype.decryptOAEP=RSADecryptOAEP; -/*! (c) Tom Wu | http://www-cs-students.stanford.edu/~tjw/jsbn/ - */ -function ECFieldElementFp(b,a){this.x=a;this.q=b}function feFpEquals(a){if(a==this){return true}return(this.q.equals(a.q)&&this.x.equals(a.x))}function feFpToBigInteger(){return this.x}function feFpNegate(){return new ECFieldElementFp(this.q,this.x.negate().mod(this.q))}function feFpAdd(a){return new ECFieldElementFp(this.q,this.x.add(a.toBigInteger()).mod(this.q))}function feFpSubtract(a){return new ECFieldElementFp(this.q,this.x.subtract(a.toBigInteger()).mod(this.q))}function feFpMultiply(a){return new ECFieldElementFp(this.q,this.x.multiply(a.toBigInteger()).mod(this.q))}function feFpSquare(){return new ECFieldElementFp(this.q,this.x.square().mod(this.q))}function feFpDivide(a){return new ECFieldElementFp(this.q,this.x.multiply(a.toBigInteger().modInverse(this.q)).mod(this.q))}ECFieldElementFp.prototype.equals=feFpEquals;ECFieldElementFp.prototype.toBigInteger=feFpToBigInteger;ECFieldElementFp.prototype.negate=feFpNegate;ECFieldElementFp.prototype.add=feFpAdd;ECFieldElementFp.prototype.subtract=feFpSubtract;ECFieldElementFp.prototype.multiply=feFpMultiply;ECFieldElementFp.prototype.square=feFpSquare;ECFieldElementFp.prototype.divide=feFpDivide;function ECPointFp(c,a,d,b){this.curve=c;this.x=a;this.y=d;if(b==null){this.z=BigInteger.ONE}else{this.z=b}this.zinv=null}function pointFpGetX(){if(this.zinv==null){this.zinv=this.z.modInverse(this.curve.q)}return this.curve.fromBigInteger(this.x.toBigInteger().multiply(this.zinv).mod(this.curve.q))}function pointFpGetY(){if(this.zinv==null){this.zinv=this.z.modInverse(this.curve.q)}return this.curve.fromBigInteger(this.y.toBigInteger().multiply(this.zinv).mod(this.curve.q))}function pointFpEquals(a){if(a==this){return true}if(this.isInfinity()){return a.isInfinity()}if(a.isInfinity()){return this.isInfinity()}var c,b;c=a.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(a.z)).mod(this.curve.q);if(!c.equals(BigInteger.ZERO)){return false}b=a.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(a.z)).mod(this.curve.q);return b.equals(BigInteger.ZERO)}function pointFpIsInfinity(){if((this.x==null)&&(this.y==null)){return true}return this.z.equals(BigInteger.ZERO)&&!this.y.toBigInteger().equals(BigInteger.ZERO)}function pointFpNegate(){return new ECPointFp(this.curve,this.x,this.y.negate(),this.z)}function pointFpAdd(l){if(this.isInfinity()){return l}if(l.isInfinity()){return this}var p=l.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(l.z)).mod(this.curve.q);var o=l.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(l.z)).mod(this.curve.q);if(BigInteger.ZERO.equals(o)){if(BigInteger.ZERO.equals(p)){return this.twice()}return this.curve.getInfinity()}var j=new BigInteger("3");var e=this.x.toBigInteger();var n=this.y.toBigInteger();var c=l.x.toBigInteger();var k=l.y.toBigInteger();var m=o.square();var i=m.multiply(o);var d=e.multiply(m);var g=p.square().multiply(this.z);var a=g.subtract(d.shiftLeft(1)).multiply(l.z).subtract(i).multiply(o).mod(this.curve.q);var h=d.multiply(j).multiply(p).subtract(n.multiply(i)).subtract(g.multiply(p)).multiply(l.z).add(p.multiply(i)).mod(this.curve.q);var f=i.multiply(this.z).multiply(l.z).mod(this.curve.q);return new ECPointFp(this.curve,this.curve.fromBigInteger(a),this.curve.fromBigInteger(h),f)}function pointFpTwice(){if(this.isInfinity()){return this}if(this.y.toBigInteger().signum()==0){return this.curve.getInfinity()}var g=new BigInteger("3");var c=this.x.toBigInteger();var h=this.y.toBigInteger();var e=h.multiply(this.z);var j=e.multiply(h).mod(this.curve.q);var i=this.curve.a.toBigInteger();var k=c.square().multiply(g);if(!BigInteger.ZERO.equals(i)){k=k.add(this.z.square().multiply(i))}k=k.mod(this.curve.q);var b=k.square().subtract(c.shiftLeft(3).multiply(j)).shiftLeft(1).multiply(e).mod(this.curve.q);var f=k.multiply(g).multiply(c).subtract(j.shiftLeft(1)).shiftLeft(2).multiply(j).subtract(k.square().multiply(k)).mod(this.curve.q);var d=e.square().multiply(e).shiftLeft(3).mod(this.curve.q);return new ECPointFp(this.curve,this.curve.fromBigInteger(b),this.curve.fromBigInteger(f),d)}function pointFpMultiply(b){if(this.isInfinity()){return this}if(b.signum()==0){return this.curve.getInfinity()}var g=b;var f=g.multiply(new BigInteger("3"));var l=this.negate();var d=this;var c;for(c=f.bitLength()-2;c>0;--c){d=d.twice();var a=f.testBit(c);var j=g.testBit(c);if(a!=j){d=d.add(a?this:l)}}return d}function pointFpMultiplyTwo(c,a,b){var d;if(c.bitLength()>b.bitLength()){d=c.bitLength()-1}else{d=b.bitLength()-1}var f=this.curve.getInfinity();var e=this.add(a);while(d>=0){f=f.twice();if(c.testBit(d)){if(b.testBit(d)){f=f.add(e)}else{f=f.add(this)}}else{if(b.testBit(d)){f=f.add(a)}}--d}return f}ECPointFp.prototype.getX=pointFpGetX;ECPointFp.prototype.getY=pointFpGetY;ECPointFp.prototype.equals=pointFpEquals;ECPointFp.prototype.isInfinity=pointFpIsInfinity;ECPointFp.prototype.negate=pointFpNegate;ECPointFp.prototype.add=pointFpAdd;ECPointFp.prototype.twice=pointFpTwice;ECPointFp.prototype.multiply=pointFpMultiply;ECPointFp.prototype.multiplyTwo=pointFpMultiplyTwo;function ECCurveFp(e,d,c){this.q=e;this.a=this.fromBigInteger(d);this.b=this.fromBigInteger(c);this.infinity=new ECPointFp(this,null,null)}function curveFpGetQ(){return this.q}function curveFpGetA(){return this.a}function curveFpGetB(){return this.b}function curveFpEquals(a){if(a==this){return true}return(this.q.equals(a.q)&&this.a.equals(a.a)&&this.b.equals(a.b))}function curveFpGetInfinity(){return this.infinity}function curveFpFromBigInteger(a){return new ECFieldElementFp(this.q,a)}function curveFpDecodePointHex(d){switch(parseInt(d.substr(0,2),16)){case 0:return this.infinity;case 2:case 3:return null;case 4:case 6:case 7:var a=(d.length-2)/2;var c=d.substr(2,a);var b=d.substr(a+2,a);return new ECPointFp(this,this.fromBigInteger(new BigInteger(c,16)),this.fromBigInteger(new BigInteger(b,16)));default:return null}}ECCurveFp.prototype.getQ=curveFpGetQ;ECCurveFp.prototype.getA=curveFpGetA;ECCurveFp.prototype.getB=curveFpGetB;ECCurveFp.prototype.equals=curveFpEquals;ECCurveFp.prototype.getInfinity=curveFpGetInfinity;ECCurveFp.prototype.fromBigInteger=curveFpFromBigInteger;ECCurveFp.prototype.decodePointHex=curveFpDecodePointHex; -/*! (c) Stefan Thomas | https://github.com/bitcoinjs/bitcoinjs-lib - */ -ECFieldElementFp.prototype.getByteLength=function(){return Math.floor((this.toBigInteger().bitLength()+7)/8)};ECPointFp.prototype.getEncoded=function(c){var d=function(h,f){var g=h.toByteArrayUnsigned();if(fg.length){g.unshift(0)}}return g};var a=this.getX().toBigInteger();var e=this.getY().toBigInteger();var b=d(a,32);if(c){if(e.isEven()){b.unshift(2)}else{b.unshift(3)}}else{b.unshift(4);b=b.concat(d(e,32))}return b};ECPointFp.decodeFrom=function(g,c){var f=c[0];var e=c.length-1;var d=c.slice(1,1+e/2);var b=c.slice(1+e/2,1+e);d.unshift(0);b.unshift(0);var a=new BigInteger(d);var h=new BigInteger(b);return new ECPointFp(g,g.fromBigInteger(a),g.fromBigInteger(h))};ECPointFp.decodeFromHex=function(g,c){var f=c.substr(0,2);var e=c.length-2;var d=c.substr(2,e/2);var b=c.substr(2+e/2,e/2);var a=new BigInteger(d,16);var h=new BigInteger(b,16);return new ECPointFp(g,g.fromBigInteger(a),g.fromBigInteger(h))};ECPointFp.prototype.add2D=function(c){if(this.isInfinity()){return c}if(c.isInfinity()){return this}if(this.x.equals(c.x)){if(this.y.equals(c.y)){return this.twice()}return this.curve.getInfinity()}var g=c.x.subtract(this.x);var e=c.y.subtract(this.y);var a=e.divide(g);var d=a.square().subtract(this.x).subtract(c.x);var f=a.multiply(this.x.subtract(d)).subtract(this.y);return new ECPointFp(this.curve,d,f)};ECPointFp.prototype.twice2D=function(){if(this.isInfinity()){return this}if(this.y.toBigInteger().signum()==0){return this.curve.getInfinity()}var b=this.curve.fromBigInteger(BigInteger.valueOf(2));var e=this.curve.fromBigInteger(BigInteger.valueOf(3));var a=this.x.square().multiply(e).add(this.curve.a).divide(this.y.multiply(b));var c=a.square().subtract(this.x.multiply(b));var d=a.multiply(this.x.subtract(c)).subtract(this.y);return new ECPointFp(this.curve,c,d)};ECPointFp.prototype.multiply2D=function(b){if(this.isInfinity()){return this}if(b.signum()==0){return this.curve.getInfinity()}var g=b;var f=g.multiply(new BigInteger("3"));var l=this.negate();var d=this;var c;for(c=f.bitLength()-2;c>0;--c){d=d.twice();var a=f.testBit(c);var j=g.testBit(c);if(a!=j){d=d.add2D(a?this:l)}}return d};ECPointFp.prototype.isOnCurve=function(){var d=this.getX().toBigInteger();var i=this.getY().toBigInteger();var f=this.curve.getA().toBigInteger();var c=this.curve.getB().toBigInteger();var h=this.curve.getQ();var e=i.multiply(i).mod(h);var g=d.multiply(d).multiply(d).add(f.multiply(d)).add(c).mod(h);return e.equals(g)};ECPointFp.prototype.toString=function(){return"("+this.getX().toBigInteger().toString()+","+this.getY().toBigInteger().toString()+")"};ECPointFp.prototype.validate=function(){var c=this.curve.getQ();if(this.isInfinity()){throw new Error("Point is at infinity.")}var a=this.getX().toBigInteger();var b=this.getY().toBigInteger();if(a.compareTo(BigInteger.ONE)<0||a.compareTo(c.subtract(BigInteger.ONE))>0){throw new Error("x coordinate out of bounds")}if(b.compareTo(BigInteger.ONE)<0||b.compareTo(c.subtract(BigInteger.ONE))>0){throw new Error("y coordinate out of bounds")}if(!this.isOnCurve()){throw new Error("Point is not on the curve.")}if(this.multiply(c).isInfinity()){throw new Error("Point is not a scalar multiple of G.")}return true}; -/*! Mike Samuel (c) 2009 | code.google.com/p/json-sans-eval - */ -var jsonParse=(function(){var e="(?:-?\\b(?:0|[1-9][0-9]*)(?:\\.[0-9]+)?(?:[eE][+-]?[0-9]+)?\\b)";var j='(?:[^\\0-\\x08\\x0a-\\x1f"\\\\]|\\\\(?:["/\\\\bfnrt]|u[0-9A-Fa-f]{4}))';var i='(?:"'+j+'*")';var d=new RegExp("(?:false|true|null|[\\{\\}\\[\\]]|"+e+"|"+i+")","g");var k=new RegExp("\\\\(?:([^u])|u(.{4}))","g");var g={'"':'"',"/":"/","\\":"\\",b:"\b",f:"\f",n:"\n",r:"\r",t:"\t"};function h(l,m,n){return m?g[m]:String.fromCharCode(parseInt(n,16))}var c=new String("");var a="\\";var f={"{":Object,"[":Array};var b=Object.hasOwnProperty;return function(u,q){var p=u.match(d);var x;var v=p[0];var l=false;if("{"===v){x={}}else{if("["===v){x=[]}else{x=[];l=true}}var t;var r=[x];for(var o=1-l,m=p.length;o=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); -/*! asn1-1.0.9.js (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw"ASN.1 length too long to represent by 8x: n = "+i.toString(16)}var f=128+g;return f.toString(16)+h}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(this.s)};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(f){utc=f.getTime()+(f.getTimezoneOffset()*60000);var e=new Date(utc);return e};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";this.hTLV="0101ff"};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(a){KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(b){this.hTLV=null;this.isModified=true;this.hV=b};this.setUnusedBitsAndHexValue=function(b,d){if(b<0||7=(b*2))){break}if(d>=200){break}c.push(e);g=e;d++}return c};this.getNthChildIndex_AtObj=function(d,b,e){var c=this.getPosArrayOfChildren_AtObj(d,b);return c[e]};this.getDecendantIndexByNthList=function(e,d,c){if(c.length==0){return d}var f=c.shift();var b=this.getPosArrayOfChildren_AtObj(e,d);return this.getDecendantIndexByNthList(e,b[f],c)};this.getDecendantHexTLVByNthList=function(d,c,b){var a=this.getDecendantIndexByNthList(d,c,b);return this.getHexOfTLV_AtObj(d,a)};this.getDecendantHexVByNthList=function(d,c,b){var a=this.getDecendantIndexByNthList(d,c,b);return this.getHexOfV_AtObj(d,a)}};ASN1HEX.getVbyList=function(d,c,b,e){var a=this.getDecendantIndexByNthList(d,c,b);if(a===undefined){throw"can't find nthList object"}if(e!==undefined){if(d.substr(a,2)!=e){throw"checking tag doesn't match: "+d.substr(a,2)+"!="+e}}return this.getHexOfV_AtObj(d,a)};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(e,c,k,g){var o=function(w,i){if(w.length<=i*2){return w}else{var v=w.substr(0,i)+"..(total "+w.length/2+"bytes).."+w.substr(w.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(k===undefined){k=0}if(g===undefined){g=""}var r=c.ommit_long_octet;if(e.substr(k,2)=="01"){var h=ASN1HEX.getHexOfV_AtObj(e,k);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(e.substr(k,2)=="02"){var h=ASN1HEX.getHexOfV_AtObj(e,k);return g+"INTEGER "+o(h,r)+"\n"}if(e.substr(k,2)=="03"){var h=ASN1HEX.getHexOfV_AtObj(e,k);return g+"BITSTRING "+o(h,r)+"\n"}if(e.substr(k,2)=="04"){var h=ASN1HEX.getHexOfV_AtObj(e,k);if(ASN1HEX.isASN1HEX(h)){var j=g+"OCTETSTRING, encapsulates\n";j=j+ASN1HEX.dump(h,c,0,g+" ");return j}else{return g+"OCTETSTRING "+o(h,r)+"\n"}}if(e.substr(k,2)=="05"){return g+"NULL\n"}if(e.substr(k,2)=="06"){var l=ASN1HEX.getHexOfV_AtObj(e,k);var a=KJUR.asn1.ASN1Util.oidHexToInt(l);var n=KJUR.asn1.x509.OID.oid2name(a);var b=a.replace(/\./g," ");if(n!=""){return g+"ObjectIdentifier "+n+" ("+b+")\n"}else{return g+"ObjectIdentifier ("+b+")\n"}}if(e.substr(k,2)=="0c"){return g+"UTF8String '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="13"){return g+"PrintableString '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="14"){return g+"TeletexString '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="16"){return g+"IA5String '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="17"){return g+"UTCTime "+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"\n"}if(e.substr(k,2)=="18"){return g+"GeneralizedTime "+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"\n"}if(e.substr(k,2)=="30"){if(e.substr(k,4)=="3000"){return g+"SEQUENCE {}\n"}var j=g+"SEQUENCE\n";var d=ASN1HEX.getPosArrayOfChildren_AtObj(e,k);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var t=ASN1HEX.getHexOfV_AtObj(e,d[0]);var a=KJUR.asn1.ASN1Util.oidHexToInt(t);var n=KJUR.asn1.x509.OID.oid2name(a);var p=JSON.parse(JSON.stringify(c));p.x509ExtName=n;f=p}for(var q=0;q0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(b){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(c){var d=c.split("/");d.shift();for(var e=0;e0){h=new a.DERTaggedObject({obj:this.dUnsignedAttrs,tag:"a1",explicit:false})}var g=[this.dCMSVersion,this.dSignerIdentifier,this.dDigestAlgorithm,e,this.dSigAlg,this.dSig,];if(h!=null){g.push(h)}var f=new a.DERSequence({array:g});this.hTLV=f.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.SignerInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.EncapsulatedContentInfo=function(c){KJUR.asn1.cms.EncapsulatedContentInfo.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dEContentType=new a.DERObjectIdentifier({name:"data"});this.dEContent=null;this.isDetached=false;this.eContentValueHex=null;this.setContentType=function(e){if(e.match(/^[0-2][.][0-9.]+$/)){this.dEContentType=new a.DERObjectIdentifier({oid:e})}else{this.dEContentType=new a.DERObjectIdentifier({name:e})}};this.setContentValue=function(e){if(typeof e!="undefined"){if(typeof e.hex=="string"){this.eContentValueHex=e.hex}else{if(typeof e.str=="string"){this.eContentValueHex=utf8tohex(e.str)}}}};this.setContentValueHex=function(e){this.eContentValueHex=e};this.setContentValueStr=function(e){this.eContentValueHex=utf8tohex(e)};this.getEncodedHex=function(){if(typeof this.eContentValueHex!="string"){throw"eContentValue not yet set"}var g=new a.DEROctetString({hex:this.eContentValueHex});this.dEContent=new a.DERTaggedObject({obj:g,tag:"a0",explicit:true});var e=[this.dEContentType];if(!this.isDetached){e.push(this.dEContent)}var f=new a.DERSequence({array:e});this.hTLV=f.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.EncapsulatedContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.ContentInfo=function(c){KJUR.asn1.cms.ContentInfo.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dContentType=null;this.dContent=null;this.setContentType=function(e){if(typeof e=="string"){this.dContentType=d.OID.name2obj(e)}};this.getEncodedHex=function(){var f=new a.DERTaggedObject({obj:this.dContent,tag:"a0",explicit:true});var e=new a.DERSequence({array:[this.dContentType,f]});this.hTLV=e.getEncodedHex();return this.hTLV};if(typeof c!="undefined"){if(c.type){this.setContentType(c.type)}if(c.obj&&c.obj instanceof a.ASN1Object){this.dContent=c.obj}}};YAHOO.lang.extend(KJUR.asn1.cms.ContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.SignedData=function(c){KJUR.asn1.cms.SignedData.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dCMSVersion=new a.DERInteger({"int":1});this.dDigestAlgs=null;this.digestAlgNameList=[];this.dEncapContentInfo=new b.EncapsulatedContentInfo();this.dCerts=null;this.certificateList=[];this.crlList=[];this.signerInfoList=[new b.SignerInfo()];this.addCertificatesByPEM=function(e){var f=KEYUTIL.getHexFromPEM(e);var g=new a.ASN1Object();g.hTLV=f;this.certificateList.push(g)};this.getEncodedHex=function(){if(typeof this.hTLV=="string"){return this.hTLV}if(this.dDigestAlgs==null){var k=[];for(var j=0;j0){var l=new a.DERSet({array:this.certificateList});this.dCerts=new a.DERTaggedObject({obj:l,tag:"a0",explicit:false})}}if(this.dCerts!=null){e.push(this.dCerts)}var g=new a.DERSet({array:this.signerInfoList});e.push(g);var f=new a.DERSequence({array:e});this.hTLV=f.getEncodedHex();return this.hTLV};this.getContentInfo=function(){this.getEncodedHex();var e=new b.ContentInfo({type:"signed-data",obj:this});return e};this.getContentInfoEncodedHex=function(){var e=this.getContentInfo();var f=e.getEncodedHex();return f};this.getPEM=function(){var e=this.getContentInfoEncodedHex();var f=a.ASN1Util.getPEMStringFromHex(e,"CMS");return f}};YAHOO.lang.extend(KJUR.asn1.cms.SignedData,KJUR.asn1.ASN1Object);KJUR.asn1.cms.CMSUtil=new function(){};KJUR.asn1.cms.CMSUtil.newSignedData=function(a){var h=KJUR.asn1.cms;var g=KJUR.asn1.cades;var f=new h.SignedData();f.dEncapContentInfo.setContentValue(a.content);if(typeof a.certs=="object"){for(var b=0;ba.length){d=a.length}for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f=0;--p){q=q.twice2D();q.z=BigInteger.ONE;if(o.testBit(p)){if(n.testBit(p)){q=q.add2D(t)}else{q=q.add2D(s)}}else{if(n.testBit(p)){q=q.add2D(r)}}}return q}this.getBigRandom=function(i){return new BigInteger(i.bitLength(),a).mod(i.subtract(BigInteger.ONE)).add(BigInteger.ONE)};this.setNamedCurve=function(i){this.ecparams=KJUR.crypto.ECParameterDB.getByName(i);this.prvKeyHex=null;this.pubKeyHex=null;this.curveName=i};this.setPrivateKeyHex=function(i){this.isPrivate=true;this.prvKeyHex=i};this.setPublicKeyHex=function(i){this.isPublic=true;this.pubKeyHex=i};this.generateKeyPairHex=function(){var k=this.ecparams.n;var n=this.getBigRandom(k);var l=this.ecparams.G.multiply(n);var q=l.getX().toBigInteger();var o=l.getY().toBigInteger();var i=this.ecparams.keylen/4;var m=("0000000000"+n.toString(16)).slice(-i);var r=("0000000000"+q.toString(16)).slice(-i);var p=("0000000000"+o.toString(16)).slice(-i);var j="04"+r+p;this.setPrivateKeyHex(m);this.setPublicKeyHex(j);return{ecprvhex:m,ecpubhex:j}};this.signWithMessageHash=function(i){return this.signHex(i,this.prvKeyHex)};this.signHex=function(o,j){var t=new BigInteger(j,16);var l=this.ecparams.n;var q=new BigInteger(o,16);do{var m=this.getBigRandom(l);var u=this.ecparams.G;var p=u.multiply(m);var i=p.getX().toBigInteger().mod(l)}while(i.compareTo(BigInteger.ZERO)<=0);var v=m.modInverse(l).multiply(q.add(t.multiply(i))).mod(l);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(i,v)};this.sign=function(m,u){var q=u;var j=this.ecparams.n;var p=BigInteger.fromByteArrayUnsigned(m);do{var l=this.getBigRandom(j);var t=this.ecparams.G;var o=t.multiply(l);var i=o.getX().toBigInteger().mod(j)}while(i.compareTo(BigInteger.ZERO)<=0);var v=l.modInverse(j).multiply(p.add(q.multiply(i))).mod(j);return this.serializeSig(i,v)};this.verifyWithMessageHash=function(j,i){return this.verifyHex(j,i,this.pubKeyHex)};this.verifyHex=function(m,i,p){var l,j;var o=KJUR.crypto.ECDSA.parseSigHex(i);l=o.r;j=o.s;var k;k=ECPointFp.decodeFromHex(this.ecparams.curve,p);var n=new BigInteger(m,16);return this.verifyRaw(n,l,j,k)};this.verify=function(o,p,j){var l,i;if(Bitcoin.Util.isArray(p)){var n=this.parseSig(p);l=n.r;i=n.s}else{if("object"===typeof p&&p.r&&p.s){l=p.r;i=p.s}else{throw"Invalid value for signature"}}var k;if(j instanceof ECPointFp){k=j}else{if(Bitcoin.Util.isArray(j)){k=ECPointFp.decodeFrom(this.ecparams.curve,j)}else{throw"Invalid format for pubkey value, must be byte array or ECPointFp"}}var m=BigInteger.fromByteArrayUnsigned(o);return this.verifyRaw(m,l,i,k)};this.verifyRaw=function(o,i,w,m){var l=this.ecparams.n;var u=this.ecparams.G;if(i.compareTo(BigInteger.ONE)<0||i.compareTo(l)>=0){return false}if(w.compareTo(BigInteger.ONE)<0||w.compareTo(l)>=0){return false}var p=w.modInverse(l);var k=o.multiply(p).mod(l);var j=i.multiply(p).mod(l);var q=u.multiply(k).add(m.multiply(j));var t=q.getX().toBigInteger().mod(l);return t.equals(i)};this.serializeSig=function(k,j){var l=k.toByteArraySigned();var i=j.toByteArraySigned();var m=[];m.push(2);m.push(l.length);m=m.concat(l);m.push(2);m.push(i.length);m=m.concat(i);m.unshift(m.length);m.unshift(48);return m};this.parseSig=function(n){var m;if(n[0]!=48){throw new Error("Signature not a valid DERSequence")}m=2;if(n[m]!=2){throw new Error("First element in signature must be a DERInteger")}var l=n.slice(m+2,m+2+n[m+1]);m+=2+n[m+1];if(n[m]!=2){throw new Error("Second element in signature must be a DERInteger")}var i=n.slice(m+2,m+2+n[m+1]);m+=2+n[m+1];var k=BigInteger.fromByteArrayUnsigned(l);var j=BigInteger.fromByteArrayUnsigned(i);return{r:k,s:j}};this.parseSigCompact=function(m){if(m.length!==65){throw"Signature has the wrong length"}var j=m[0]-27;if(j<0||j>7){throw"Invalid signature type"}var o=this.ecparams.n;var l=BigInteger.fromByteArrayUnsigned(m.slice(1,33)).mod(o);var k=BigInteger.fromByteArrayUnsigned(m.slice(33,65)).mod(o);return{r:l,s:k,i:j}};if(h!==undefined){if(h.curve!==undefined){this.curveName=h.curve}}if(this.curveName===undefined){this.curveName=e}this.setNamedCurve(this.curveName);if(h!==undefined){if(h.prv!==undefined){this.setPrivateKeyHex(h.prv)}if(h.pub!==undefined){this.setPublicKeyHex(h.pub)}}};KJUR.crypto.ECDSA.parseSigHex=function(a){var b=KJUR.crypto.ECDSA.parseSigHexInHexRS(a);var d=new BigInteger(b.r,16);var c=new BigInteger(b.s,16);return{r:d,s:c}};KJUR.crypto.ECDSA.parseSigHexInHexRS=function(c){if(c.substr(0,2)!="30"){throw"signature is not a ASN.1 sequence"}var b=ASN1HEX.getPosArrayOfChildren_AtObj(c,0);if(b.length!=2){throw"number of signature ASN.1 sequence elements seem wrong"}var g=b[0];var f=b[1];if(c.substr(g,2)!="02"){throw"1st item of sequene of signature is not ASN.1 integer"}if(c.substr(f,2)!="02"){throw"2nd item of sequene of signature is not ASN.1 integer"}var e=ASN1HEX.getHexOfV_AtObj(c,g);var d=ASN1HEX.getHexOfV_AtObj(c,f);return{r:e,s:d}};KJUR.crypto.ECDSA.asn1SigToConcatSig=function(c){var d=KJUR.crypto.ECDSA.parseSigHexInHexRS(c);var b=d.r;var a=d.s;if(b.substr(0,2)=="00"&&(((b.length/2)*8)%(16*8))==8){b=b.substr(2)}if(a.substr(0,2)=="00"&&(((a.length/2)*8)%(16*8))==8){a=a.substr(2)}if((((b.length/2)*8)%(16*8))!=0){throw"unknown ECDSA sig r length error"}if((((a.length/2)*8)%(16*8))!=0){throw"unknown ECDSA sig s length error"}return b+a};KJUR.crypto.ECDSA.concatSigToASN1Sig=function(a){if((((a.length/2)*8)%(16*8))!=0){throw"unknown ECDSA concatinated r-s sig length error"}var c=a.substr(0,a.length/2);var b=a.substr(a.length/2);return KJUR.crypto.ECDSA.hexRSSigToASN1Sig(c,b)};KJUR.crypto.ECDSA.hexRSSigToASN1Sig=function(b,a){var d=new BigInteger(b,16);var c=new BigInteger(a,16);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(d,c)};KJUR.crypto.ECDSA.biRSSigToASN1Sig=function(e,c){var b=new KJUR.asn1.DERInteger({bigint:e});var a=new KJUR.asn1.DERInteger({bigint:c});var d=new KJUR.asn1.DERSequence({array:[b,a]});return d.getEncodedHex()}; -/*! ecparam-1.0.0.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.ECParameterDB=new function(){var b={};var c={};function a(d){return new BigInteger(d,16)}this.getByName=function(e){var d=e;if(typeof c[d]!="undefined"){d=c[e]}if(typeof b[d]!="undefined"){return b[d]}throw"unregistered EC curve name: "+d};this.regist=function(A,l,o,g,m,e,j,f,k,u,d,x){b[A]={};var s=a(o);var z=a(g);var y=a(m);var t=a(e);var w=a(j);var r=new ECCurveFp(s,z,y);var q=r.decodePointHex("04"+f+k);b[A]["name"]=A;b[A]["keylen"]=l;b[A]["curve"]=r;b[A]["G"]=q;b[A]["n"]=t;b[A]["h"]=w;b[A]["oid"]=d;b[A]["info"]=x;for(var v=0;v0||K.compareTo(u)>0||BigInteger.ZERO.compareTo(J)>0||J.compareTo(u)>0){throw"invalid DSA signature"}var I=J.modInverse(u);var A=D.multiply(I).mod(u);var v=K.multiply(I).mod(u);var F=G.modPow(A,z).multiply(H.modPow(v,z)).mod(z).mod(u);return F.compareTo(K)==0};this.parseASN1Signature=function(u){try{var y=new BigInteger(ASN1HEX.getVbyList(u,0,[0],"02"),16);var v=new BigInteger(ASN1HEX.getVbyList(u,0,[1],"02"),16);return[y,v]}catch(w){throw"malformed DSA signature"}};function d(E,w,B,v,u,C){var z=KJUR.crypto.Util.hashString(w,E.toLowerCase());var z=z.substr(0,u.bitLength()/4);var A=new BigInteger(z,16);var y=n(BigInteger.ONE.add(BigInteger.ONE),u.subtract(BigInteger.ONE));var F=(B.modPow(y,v)).mod(u);var D=(y.modInverse(u).multiply(A.add(C.multiply(F)))).mod(u);var G=new Array();G[0]=F;G[1]=D;return G}function r(v){var u=openpgp.config.config.prefer_hash_algorithm;switch(Math.round(v.bitLength()/8)){case 20:if(u!=2&&u>11&&u!=10&&u<8){return 2}return u;case 28:if(u>11&&u<8){return 11}return u;case 32:if(u>10&&u<8){return 8}return u;default:util.print_debug("DSA select hash algorithm: returning null for an unknown length of q");return null}}this.select_hash_algorithm=r;function m(I,K,J,B,z,u,F,G){var C=KJUR.crypto.Util.hashString(B,I.toLowerCase());var C=C.substr(0,u.bitLength()/4);var D=new BigInteger(C,16);if(BigInteger.ZERO.compareTo(K)>0||K.compareTo(u)>0||BigInteger.ZERO.compareTo(J)>0||J.compareTo(u)>0){util.print_error("invalid DSA Signature");return null}var H=J.modInverse(u);var A=D.multiply(H).mod(u);var v=K.multiply(H).mod(u);var E=F.modPow(A,z).multiply(G.modPow(v,z)).mod(z).mod(u);return E.compareTo(K)==0}function a(z){var A=new BigInteger(z,primeCenterie);var y=j(q,512);var u=t(p,q,z);var v;do{v=new BigInteger(q.bitCount(),rand)}while(x.compareTo(BigInteger.ZERO)!=1&&x.compareTo(q)!=-1);var w=g.modPow(x,p);return{x:v,q:A,p:y,g:u,y:w}}function j(y,z,w){if(z%64!=0){return false}var u;var v;do{u=w(bitcount,true);v=u.subtract(BigInteger.ONE);u=u.subtract(v.remainder(y))}while(!u.isProbablePrime(primeCenterie)||u.bitLength()!=l);return u}function t(B,z,A,w){var u=B.subtract(BigInteger.ONE);var y=u.divide(z);var v;do{v=w(A)}while(v.compareTo(u)!=-1&&v.compareTo(BigInteger.ONE)!=1);return v.modPow(y,B)}function o(w,y,u){var v;do{v=u(y,false)}while(v.compareTo(w)!=-1&&v.compareTo(BigInteger.ZERO)!=1);return v}function i(v,w){k=o(v);var u=g.modPow(k,w).mod(v);return u}function h(B,w,y,v,z,u){var A=B(v);s=(w.modInverse(z).multiply(A.add(u.multiply(y)))).mod(z);return s}this.sign=d;this.verify=m;function n(w,u){if(u.compareTo(w)<=0){return}var v=u.subtract(w);var y=e(v.bitLength());while(y>v){y=e(v.bitLength())}return w.add(y)}function e(w){if(w<0){return null}var u=Math.floor((w+7)/8);var v=c(u);if(w%8>0){v=String.fromCharCode((Math.pow(2,w%8)-1)&v.charCodeAt(0))+v.substring(1)}return new BigInteger(f(v),16)}function c(w){var u="";for(var v=0;v=s*2){break}}var x={};x.keyhex=v.substr(0,g[o]["keylen"]*2);x.ivhex=v.substr(g[o]["keylen"]*2,g[o]["ivlen"]*2);return x};var a=function(n,t,p,u){var q=CryptoJS.enc.Base64.parse(n);var o=CryptoJS.enc.Hex.stringify(q);var s=g[t]["proc"];var r=s(o,p,u);return r};var f=function(n,q,o,s){var p=g[q]["eproc"];var r=p(n,o,s);return r};return{version:"1.0.5",getHexFromPEM:function(o,r){var p=o;if(p.indexOf("BEGIN "+r)==-1){throw"can't find PEM header: "+r}p=p.replace("-----BEGIN "+r+"-----","");p=p.replace("-----END "+r+"-----","");var q=p.replace(/\s+/g,"");var n=b64tohex(q);return n},getDecryptedKeyHexByKeyIV:function(o,r,q,p){var n=b(r);return n(o,q,p)},parsePKCS5PEM:function(n){return l(n)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(o,n,p){return h(o,n,p)},decryptKeyB64:function(n,p,o,q){return a(n,p,o,q)},getDecryptedKeyHex:function(w,v){var o=l(w);var r=o.type;var p=o.cipher;var n=o.ivsalt;var q=o.data;var u=h(p,v,n);var t=u.keyhex;var s=a(q,p,t,n);return s},getRSAKeyFromEncryptedPKCS5PEM:function(p,o){var q=this.getDecryptedKeyHex(p,o);var n=new RSAKey();n.readPrivateKeyFromASN1HexString(q);return n},getEryptedPKCS5PEMFromPrvKeyHex:function(q,x,r,p){var n="";if(typeof r=="undefined"||r==null){r="AES-256-CBC"}if(typeof g[r]=="undefined"){throw"PKCS5PKEY unsupported algorithm: "+r}if(typeof p=="undefined"||p==null){var t=g[r]["ivlen"];var s=k(t);p=s.toUpperCase()}var w=h(r,x,p);var v=w.keyhex;var u=f(q,r,v,p);var o=u.replace(/(.{64})/g,"$1\r\n");var n="-----BEGIN RSA PRIVATE KEY-----\r\n";n+="Proc-Type: 4,ENCRYPTED\r\n";n+="DEK-Info: "+r+","+p+"\r\n";n+="\r\n";n+=o;n+="\r\n-----END RSA PRIVATE KEY-----\r\n";return n},getEryptedPKCS5PEMFromRSAKey:function(C,D,o,s){var A=new KJUR.asn1.DERInteger({"int":0});var v=new KJUR.asn1.DERInteger({bigint:C.n});var z=new KJUR.asn1.DERInteger({"int":C.e});var B=new KJUR.asn1.DERInteger({bigint:C.d});var t=new KJUR.asn1.DERInteger({bigint:C.p});var r=new KJUR.asn1.DERInteger({bigint:C.q});var y=new KJUR.asn1.DERInteger({bigint:C.dmp1});var u=new KJUR.asn1.DERInteger({bigint:C.dmq1});var x=new KJUR.asn1.DERInteger({bigint:C.coeff});var E=new KJUR.asn1.DERSequence({array:[A,v,z,B,t,r,y,u,x]});var w=E.getEncodedHex();return this.getEryptedPKCS5PEMFromPrvKeyHex(w,D,o,s)},newEncryptedPKCS5PEM:function(n,o,r,s){if(typeof o=="undefined"||o==null){o=1024}if(typeof r=="undefined"||r==null){r="10001"}var p=new RSAKey();p.generate(o,r);var q=null;if(typeof s=="undefined"||s==null){q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n)}else{q=this.getEncryptedPKCS5PEMFromRSAKey(pkey,n,s)}return q},getRSAKeyFromPlainPKCS8PEM:function(p){if(p.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var o=this.getHexFromPEM(p,"PRIVATE KEY");var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getRSAKeyFromPlainPKCS8Hex:function(q){var p=ASN1HEX.getPosArrayOfChildren_AtObj(q,0);if(p.length!=3){throw"outer DERSequence shall have 3 elements: "+p.length}var o=ASN1HEX.getHexOfTLV_AtObj(q,p[1]);if(o!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmIdentifier is not rsaEnc: "+o}var o=ASN1HEX.getHexOfTLV_AtObj(q,p[1]);var r=ASN1HEX.getHexOfTLV_AtObj(q,p[2]);var s=ASN1HEX.getHexOfV_AtObj(r,0);var n=new RSAKey();n.readPrivateKeyFromASN1HexString(s);return n},parseHexOfEncryptedPKCS8:function(u){var q={};var p=ASN1HEX.getPosArrayOfChildren_AtObj(u,0);if(p.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+p.length}q.ciphertext=ASN1HEX.getHexOfV_AtObj(u,p[1]);var w=ASN1HEX.getPosArrayOfChildren_AtObj(u,p[0]);if(w.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+w.length}if(ASN1HEX.getHexOfV_AtObj(u,w[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(u,w[1]);if(w.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+n.length}var o=ASN1HEX.getPosArrayOfChildren_AtObj(u,n[1]);if(o.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+o.length}if(ASN1HEX.getHexOfV_AtObj(u,o[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}q.encryptionSchemeAlg="TripleDES";q.encryptionSchemeIV=ASN1HEX.getHexOfV_AtObj(u,o[1]);var r=ASN1HEX.getPosArrayOfChildren_AtObj(u,n[0]);if(r.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+r.length}if(ASN1HEX.getHexOfV_AtObj(u,r[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var v=ASN1HEX.getPosArrayOfChildren_AtObj(u,r[1]);if(v.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+v.length}q.pbkdf2Salt=ASN1HEX.getHexOfV_AtObj(u,v[0]);var s=ASN1HEX.getHexOfV_AtObj(u,v[1]);try{q.pbkdf2Iter=parseInt(s,16)}catch(t){throw"malformed format pbkdf2Iter: "+s}return q},getPBKDF2KeyHexFromParam:function(s,n){var r=CryptoJS.enc.Hex.parse(s.pbkdf2Salt);var o=s.pbkdf2Iter;var q=CryptoJS.PBKDF2(n,r,{keySize:192/32,iterations:o});var p=CryptoJS.enc.Hex.stringify(q);return p},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(v,w){var p=this.getHexFromPEM(v,"ENCRYPTED PRIVATE KEY");var n=this.parseHexOfEncryptedPKCS8(p);var s=PKCS5PKEY.getPBKDF2KeyHexFromParam(n,w);var t={};t.ciphertext=CryptoJS.enc.Hex.parse(n.ciphertext);var r=CryptoJS.enc.Hex.parse(s);var q=CryptoJS.enc.Hex.parse(n.encryptionSchemeIV);var u=CryptoJS.TripleDES.decrypt(t,r,{iv:q});var o=CryptoJS.enc.Hex.stringify(u);return o},getRSAKeyFromEncryptedPKCS8PEM:function(q,p){var o=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,p);var n=this.getRSAKeyFromPlainPKCS8Hex(o);return n},getKeyFromEncryptedPKCS8PEM:function(q,o){var n=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(q,o);var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},parsePlainPrivatePKCS8Hex:function(q){var o={};o.algparam=null;if(q.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(q,0);if(p.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(q.substr(p[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(q,p[1]);if(n.length!=2){throw"malformed PKCS8 private key(code:004)"}if(q.substr(n[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}o.algoid=ASN1HEX.getHexOfV_AtObj(q,n[0]);if(q.substr(n[1],2)=="06"){o.algparam=ASN1HEX.getHexOfV_AtObj(q,n[1])}if(q.substr(p[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}o.keyidx=ASN1HEX.getStartPosOfV_AtObj(q,p[2]);return o},getKeyFromPlainPrivatePKCS8PEM:function(o){var n=this.getHexFromPEM(o,"PRIVATE KEY");var p=this.getKeyFromPlainPrivatePKCS8Hex(n);return p},getKeyFromPlainPrivatePKCS8Hex:function(n){var p=this.parsePlainPrivatePKCS8Hex(n);if(p.algoid=="2a864886f70d010101"){this.parsePrivateRawRSAKeyHexAtObj(n,p);var o=p.key;var q=new RSAKey();q.setPrivateEx(o.n,o.e,o.d,o.p,o.q,o.dp,o.dq,o.co);return q}else{if(p.algoid=="2a8648ce3d0201"){this.parsePrivateRawECKeyHexAtObj(n,p);if(KJUR.crypto.OID.oidhex2name[p.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+p.algparam}var r=KJUR.crypto.OID.oidhex2name[p.algparam];var q=new KJUR.crypto.ECDSA({curve:r,prv:p.key});return q}else{throw"unsupported private key algorithm"}}},getRSAKeyFromPublicPKCS8PEM:function(o){var p=this.getHexFromPEM(o,"PUBLIC KEY");var n=this.getRSAKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8PEM:function(o){var p=this.getHexFromPEM(o,"PUBLIC KEY");var n=this.getKeyFromPublicPKCS8Hex(p);return n},getKeyFromPublicPKCS8Hex:function(o){var n=this.parsePublicPKCS8Hex(o);if(n.algoid=="2a864886f70d010101"){var r=this.parsePublicRawRSAKeyHex(n.key);var p=new RSAKey();p.setPublic(r.n,r.e);return p}else{if(n.algoid=="2a8648ce3d0201"){if(KJUR.crypto.OID.oidhex2name[n.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+n.algparam}var q=KJUR.crypto.OID.oidhex2name[n.algparam];var p=new KJUR.crypto.ECDSA({curve:q,pub:n.key});return p}else{throw"unsupported public key algorithm"}}},parsePublicRawRSAKeyHex:function(p){var n={};if(p.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var o=ASN1HEX.getPosArrayOfChildren_AtObj(p,0);if(o.length!=2){throw"malformed RSA key(code:002)"}if(p.substr(o[0],2)!="02"){throw"malformed RSA key(code:003)"}n.n=ASN1HEX.getHexOfV_AtObj(p,o[0]);if(p.substr(o[1],2)!="02"){throw"malformed RSA key(code:004)"}n.e=ASN1HEX.getHexOfV_AtObj(p,o[1]);return n},parsePrivateRawRSAKeyHexAtObj:function(o,q){var p=q.keyidx;if(o.substr(p,2)!="30"){throw"malformed RSA private key(code:001)"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(o,p);if(n.length!=9){throw"malformed RSA private key(code:002)"}q.key={};q.key.n=ASN1HEX.getHexOfV_AtObj(o,n[1]);q.key.e=ASN1HEX.getHexOfV_AtObj(o,n[2]);q.key.d=ASN1HEX.getHexOfV_AtObj(o,n[3]);q.key.p=ASN1HEX.getHexOfV_AtObj(o,n[4]);q.key.q=ASN1HEX.getHexOfV_AtObj(o,n[5]);q.key.dp=ASN1HEX.getHexOfV_AtObj(o,n[6]);q.key.dq=ASN1HEX.getHexOfV_AtObj(o,n[7]);q.key.co=ASN1HEX.getHexOfV_AtObj(o,n[8])},parsePrivateRawECKeyHexAtObj:function(o,q){var p=q.keyidx;if(o.substr(p,2)!="30"){throw"malformed ECC private key(code:001)"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(o,p);if(n.length!=3){throw"malformed ECC private key(code:002)"}if(o.substr(n[1],2)!="04"){throw"malformed ECC private key(code:003)"}q.key=ASN1HEX.getHexOfV_AtObj(o,n[1])},parsePublicPKCS8Hex:function(q){var o={};o.algparam=null;var p=ASN1HEX.getPosArrayOfChildren_AtObj(q,0);if(p.length!=2){throw"outer DERSequence shall have 2 elements: "+p.length}var r=p[0];if(q.substr(r,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var n=ASN1HEX.getPosArrayOfChildren_AtObj(q,r);if(n.length!=2){throw"malformed PKCS8 public key(code:002)"}if(q.substr(n[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}o.algoid=ASN1HEX.getHexOfV_AtObj(q,n[0]);if(q.substr(n[1],2)=="06"){o.algparam=ASN1HEX.getHexOfV_AtObj(q,n[1])}if(q.substr(p[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}o.key=ASN1HEX.getHexOfV_AtObj(q,p[1]).substr(2);return o},getRSAKeyFromPublicPKCS8Hex:function(r){var q=ASN1HEX.getPosArrayOfChildren_AtObj(r,0);if(q.length!=2){throw"outer DERSequence shall have 2 elements: "+q.length}var p=ASN1HEX.getHexOfTLV_AtObj(r,q[0]);if(p!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmId is not rsaEncryption"}if(r.substr(q[1],2)!="03"){throw"PKCS8 Public Key is not BITSTRING encapslated."}var t=ASN1HEX.getStartPosOfV_AtObj(r,q[1])+2;if(r.substr(t,2)!="30"){throw"PKCS8 Public Key is not SEQUENCE."}var n=ASN1HEX.getPosArrayOfChildren_AtObj(r,t);if(n.length!=2){throw"inner DERSequence shall have 2 elements: "+n.length}if(r.substr(n[0],2)!="02"){throw"N is not ASN.1 INTEGER"}if(r.substr(n[1],2)!="02"){throw"E is not ASN.1 INTEGER"}var u=ASN1HEX.getHexOfV_AtObj(r,n[0]);var s=ASN1HEX.getHexOfV_AtObj(r,n[1]);var o=new RSAKey();o.setPublic(u,s);return o},}}(); -/*! keyutil-1.0.12.js (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e=function(p,r,q){return k(CryptoJS.TripleDES,p,r,q)};var a=function(p,r,q){return k(CryptoJS.DES,p,r,q)};var k=function(s,x,u,q){var r=CryptoJS.enc.Hex.parse(x);var w=CryptoJS.enc.Hex.parse(u);var p=CryptoJS.enc.Hex.parse(q);var t={};t.key=w;t.iv=p;t.ciphertext=r;var v=s.decrypt(t,w,{iv:p});return CryptoJS.enc.Hex.stringify(v)};var l=function(p,r,q){return g(CryptoJS.AES,p,r,q)};var o=function(p,r,q){return g(CryptoJS.TripleDES,p,r,q)};var f=function(p,r,q){return g(CryptoJS.DES,p,r,q)};var g=function(t,y,v,q){var s=CryptoJS.enc.Hex.parse(y);var x=CryptoJS.enc.Hex.parse(v);var p=CryptoJS.enc.Hex.parse(q);var w=t.encrypt(s,x,{iv:p});var r=CryptoJS.enc.Hex.parse(w.toString());var u=CryptoJS.enc.Base64.stringify(r);return u};var i={"AES-256-CBC":{proc:d,eproc:l,keylen:32,ivlen:16},"AES-192-CBC":{proc:d,eproc:l,keylen:24,ivlen:16},"AES-128-CBC":{proc:d,eproc:l,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:e,eproc:o,keylen:24,ivlen:8},"DES-CBC":{proc:a,eproc:f,keylen:8,ivlen:8}};var c=function(p){return i[p]["proc"]};var m=function(p){var r=CryptoJS.lib.WordArray.random(p);var q=CryptoJS.enc.Hex.stringify(r);return q};var n=function(t){var u={};if(t.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"))){u.cipher=RegExp.$1;u.ivsalt=RegExp.$2}if(t.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"))){u.type=RegExp.$1}var r=-1;var v=0;if(t.indexOf("\r\n\r\n")!=-1){r=t.indexOf("\r\n\r\n");v=2}if(t.indexOf("\n\n")!=-1){r=t.indexOf("\n\n");v=1}var q=t.indexOf("-----END");if(r!=-1&&q!=-1){var p=t.substring(r+v*2,q-v);p=p.replace(/\s+/g,"");u.data=p}return u};var j=function(q,y,p){var v=p.substring(0,16);var t=CryptoJS.enc.Hex.parse(v);var r=CryptoJS.enc.Utf8.parse(y);var u=i[q]["keylen"]+i[q]["ivlen"];var x="";var w=null;for(;;){var s=CryptoJS.algo.MD5.create();if(w!=null){s.update(w)}s.update(r);s.update(t);w=s.finalize();x=x+CryptoJS.enc.Hex.stringify(w);if(x.length>=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",getHexFromPEM:function(q,u){var r=q;if(r.indexOf("-----BEGIN ")==-1){throw"can't find PEM header: "+u}if(typeof u=="string"&&u!=""){r=r.replace("-----BEGIN "+u+"-----","");r=r.replace("-----END "+u+"-----","")}else{r=r.replace(/-----BEGIN [^-]+-----/,"");r=r.replace(/-----END [^-]+-----/,"")}var t=r.replace(/\s+/g,"");var p=b64tohex(t);return p},getDecryptedKeyHexByKeyIV:function(q,t,s,r){var p=c(t);return p(q,s,r)},parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getRSAKeyFromEncryptedPKCS5PEM:function(r,q){var s=this.getDecryptedKeyHex(r,q);var p=new RSAKey();p.readPrivateKeyFromASN1HexString(s);return p},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw"KEYUTIL unsupported algorithm: "+t}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},getEncryptedPKCS5PEMFromRSAKey:function(D,E,r,t){var B=new KJUR.asn1.DERInteger({"int":0});var w=new KJUR.asn1.DERInteger({bigint:D.n});var A=new KJUR.asn1.DERInteger({"int":D.e});var C=new KJUR.asn1.DERInteger({bigint:D.d});var u=new KJUR.asn1.DERInteger({bigint:D.p});var s=new KJUR.asn1.DERInteger({bigint:D.q});var z=new KJUR.asn1.DERInteger({bigint:D.dmp1});var v=new KJUR.asn1.DERInteger({bigint:D.dmq1});var y=new KJUR.asn1.DERInteger({bigint:D.coeff});var F=new KJUR.asn1.DERSequence({array:[B,w,A,C,u,s,z,v,y]});var x=F.getEncodedHex();return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",x,E,r,t)},newEncryptedPKCS5PEM:function(p,q,t,u){if(typeof q=="undefined"||q==null){q=1024}if(typeof t=="undefined"||t==null){t="10001"}var r=new RSAKey();r.generate(q,t);var s=null;if(typeof u=="undefined"||u==null){s=this.getEncryptedPKCS5PEMFromRSAKey(r,p)}else{s=this.getEncryptedPKCS5PEMFromRSAKey(r,p,u)}return s},getRSAKeyFromPlainPKCS8PEM:function(r){if(r.match(/ENCRYPTED/)){throw"pem shall be not ENCRYPTED"}var q=this.getHexFromPEM(r,"PRIVATE KEY");var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getRSAKeyFromPlainPKCS8Hex:function(s){var r=ASN1HEX.getPosArrayOfChildren_AtObj(s,0);if(r.length!=3){throw"outer DERSequence shall have 3 elements: "+r.length}var q=ASN1HEX.getHexOfTLV_AtObj(s,r[1]);if(q!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmIdentifier is not rsaEnc: "+q}var q=ASN1HEX.getHexOfTLV_AtObj(s,r[1]);var t=ASN1HEX.getHexOfTLV_AtObj(s,r[2]);var u=ASN1HEX.getHexOfV_AtObj(t,0);var p=new RSAKey();p.readPrivateKeyFromASN1HexString(u);return p},parseHexOfEncryptedPKCS8:function(w){var s={};var r=ASN1HEX.getPosArrayOfChildren_AtObj(w,0);if(r.length!=2){throw"malformed format: SEQUENCE(0).items != 2: "+r.length}s.ciphertext=ASN1HEX.getHexOfV_AtObj(w,r[1]);var y=ASN1HEX.getPosArrayOfChildren_AtObj(w,r[0]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0).items != 2: "+y.length}if(ASN1HEX.getHexOfV_AtObj(w,y[0])!="2a864886f70d01050d"){throw"this only supports pkcs5PBES2"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(w,y[1]);if(y.length!=2){throw"malformed format: SEQUENCE(0.0.1).items != 2: "+p.length}var q=ASN1HEX.getPosArrayOfChildren_AtObj(w,p[1]);if(q.length!=2){throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length}if(ASN1HEX.getHexOfV_AtObj(w,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}s.encryptionSchemeAlg="TripleDES";s.encryptionSchemeIV=ASN1HEX.getHexOfV_AtObj(w,q[1]);var t=ASN1HEX.getPosArrayOfChildren_AtObj(w,p[0]);if(t.length!=2){throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+t.length}if(ASN1HEX.getHexOfV_AtObj(w,t[0])!="2a864886f70d01050c"){throw"this only supports pkcs5PBKDF2"}var x=ASN1HEX.getPosArrayOfChildren_AtObj(w,t[1]);if(x.length<2){throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length}s.pbkdf2Salt=ASN1HEX.getHexOfV_AtObj(w,x[0]);var u=ASN1HEX.getHexOfV_AtObj(w,x[1]);try{s.pbkdf2Iter=parseInt(u,16)}catch(v){throw"malformed format pbkdf2Iter: "+u}return s},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=this.getHexFromPEM(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getRSAKeyFromEncryptedPKCS8PEM:function(s,r){var q=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,r);var p=this.getRSAKeyFromPlainPKCS8Hex(q);return p},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this.getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw"malformed plain PKCS8 private key(code:001)"}var r=ASN1HEX.getPosArrayOfChildren_AtObj(s,0);if(r.length!=3){throw"malformed plain PKCS8 private key(code:002)"}if(s.substr(r[1],2)!="30"){throw"malformed PKCS8 private key(code:003)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(s,r[1]);if(p.length!=2){throw"malformed PKCS8 private key(code:004)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 private key(code:005)"}q.algoid=ASN1HEX.getHexOfV_AtObj(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=ASN1HEX.getHexOfV_AtObj(s,p[1])}if(s.substr(r[2],2)!="04"){throw"malformed PKCS8 private key(code:006)"}q.keyidx=ASN1HEX.getStartPosOfV_AtObj(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=this.getHexFromPEM(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var w=this.parsePlainPrivatePKCS8Hex(p);if(w.algoid=="2a864886f70d010101"){this.parsePrivateRawRSAKeyHexAtObj(p,w);var u=w.key;var z=new RSAKey();z.setPrivateEx(u.n,u.e,u.d,u.p,u.q,u.dp,u.dq,u.co);return z}else{if(w.algoid=="2a8648ce3d0201"){this.parsePrivateRawECKeyHexAtObj(p,w);if(KJUR.crypto.OID.oidhex2name[w.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+w.algparam}var v=KJUR.crypto.OID.oidhex2name[w.algparam];var z=new KJUR.crypto.ECDSA({curve:v});z.setPublicKeyHex(w.pubkey);z.setPrivateKeyHex(w.key);z.isPublic=false;return z}else{if(w.algoid=="2a8648ce380401"){var t=ASN1HEX.getVbyList(p,0,[1,1,0],"02");var s=ASN1HEX.getVbyList(p,0,[1,1,1],"02");var y=ASN1HEX.getVbyList(p,0,[1,1,2],"02");var B=ASN1HEX.getVbyList(p,0,[2,0],"02");var r=new BigInteger(t,16);var q=new BigInteger(s,16);var x=new BigInteger(y,16);var A=new BigInteger(B,16);var z=new KJUR.crypto.DSA();z.setPrivate(r,q,x,null,A);return z}else{throw"unsupported private key algorithm"}}}},getRSAKeyFromPublicPKCS8PEM:function(q){var r=this.getHexFromPEM(q,"PUBLIC KEY");var p=this.getRSAKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8PEM:function(q){var r=this.getHexFromPEM(q,"PUBLIC KEY");var p=this.getKeyFromPublicPKCS8Hex(r);return p},getKeyFromPublicPKCS8Hex:function(q){var p=this.parsePublicPKCS8Hex(q);if(p.algoid=="2a864886f70d010101"){var u=this.parsePublicRawRSAKeyHex(p.key);var r=new RSAKey();r.setPublic(u.n,u.e);return r}else{if(p.algoid=="2a8648ce3d0201"){if(KJUR.crypto.OID.oidhex2name[p.algparam]===undefined){throw"KJUR.crypto.OID.oidhex2name undefined: "+p.algparam}var s=KJUR.crypto.OID.oidhex2name[p.algparam];var r=new KJUR.crypto.ECDSA({curve:s,pub:p.key});return r}else{if(p.algoid=="2a8648ce380401"){var t=p.algparam;var v=ASN1HEX.getHexOfV_AtObj(p.key,0);var r=new KJUR.crypto.DSA();r.setPublic(new BigInteger(t.p,16),new BigInteger(t.q,16),new BigInteger(t.g,16),new BigInteger(v,16));return r}else{throw"unsupported public key algorithm"}}}},parsePublicRawRSAKeyHex:function(r){var p={};if(r.substr(0,2)!="30"){throw"malformed RSA key(code:001)"}var q=ASN1HEX.getPosArrayOfChildren_AtObj(r,0);if(q.length!=2){throw"malformed RSA key(code:002)"}if(r.substr(q[0],2)!="02"){throw"malformed RSA key(code:003)"}p.n=ASN1HEX.getHexOfV_AtObj(r,q[0]);if(r.substr(q[1],2)!="02"){throw"malformed RSA key(code:004)"}p.e=ASN1HEX.getHexOfV_AtObj(r,q[1]);return p},parsePrivateRawRSAKeyHexAtObj:function(q,s){var r=s.keyidx;if(q.substr(r,2)!="30"){throw"malformed RSA private key(code:001)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(q,r);if(p.length!=9){throw"malformed RSA private key(code:002)"}s.key={};s.key.n=ASN1HEX.getHexOfV_AtObj(q,p[1]);s.key.e=ASN1HEX.getHexOfV_AtObj(q,p[2]);s.key.d=ASN1HEX.getHexOfV_AtObj(q,p[3]);s.key.p=ASN1HEX.getHexOfV_AtObj(q,p[4]);s.key.q=ASN1HEX.getHexOfV_AtObj(q,p[5]);s.key.dp=ASN1HEX.getHexOfV_AtObj(q,p[6]);s.key.dq=ASN1HEX.getHexOfV_AtObj(q,p[7]);s.key.co=ASN1HEX.getHexOfV_AtObj(q,p[8])},parsePrivateRawECKeyHexAtObj:function(p,t){var q=t.keyidx;var r=ASN1HEX.getVbyList(p,q,[1],"04");var s=ASN1HEX.getVbyList(p,q,[2,0],"03").substr(2);t.key=r;t.pubkey=s},parsePublicPKCS8Hex:function(s){var q={};q.algparam=null;var r=ASN1HEX.getPosArrayOfChildren_AtObj(s,0);if(r.length!=2){throw"outer DERSequence shall have 2 elements: "+r.length}var t=r[0];if(s.substr(t,2)!="30"){throw"malformed PKCS8 public key(code:001)"}var p=ASN1HEX.getPosArrayOfChildren_AtObj(s,t);if(p.length!=2){throw"malformed PKCS8 public key(code:002)"}if(s.substr(p[0],2)!="06"){throw"malformed PKCS8 public key(code:003)"}q.algoid=ASN1HEX.getHexOfV_AtObj(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=ASN1HEX.getHexOfV_AtObj(s,p[1])}else{if(s.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=ASN1HEX.getVbyList(s,p[1],[0],"02");q.algparam.q=ASN1HEX.getVbyList(s,p[1],[1],"02");q.algparam.g=ASN1HEX.getVbyList(s,p[1],[2],"02")}}if(s.substr(r[1],2)!="03"){throw"malformed PKCS8 public key(code:004)"}q.key=ASN1HEX.getHexOfV_AtObj(s,r[1]).substr(2);return q},getRSAKeyFromPublicPKCS8Hex:function(t){var s=ASN1HEX.getPosArrayOfChildren_AtObj(t,0);if(s.length!=2){throw"outer DERSequence shall have 2 elements: "+s.length}var r=ASN1HEX.getHexOfTLV_AtObj(t,s[0]);if(r!="300d06092a864886f70d0101010500"){throw"PKCS8 AlgorithmId is not rsaEncryption"}if(t.substr(s[1],2)!="03"){throw"PKCS8 Public Key is not BITSTRING encapslated."}var v=ASN1HEX.getStartPosOfV_AtObj(t,s[1])+2;if(t.substr(v,2)!="30"){throw"PKCS8 Public Key is not SEQUENCE."}var p=ASN1HEX.getPosArrayOfChildren_AtObj(t,v);if(p.length!=2){throw"inner DERSequence shall have 2 elements: "+p.length}if(t.substr(p[0],2)!="02"){throw"N is not ASN.1 INTEGER"}if(t.substr(p[1],2)!="02"){throw"E is not ASN.1 INTEGER"}var w=ASN1HEX.getHexOfV_AtObj(t,p[0]);var u=ASN1HEX.getHexOfV_AtObj(t,p[1]);var q=new RSAKey();q.setPublic(w,u);return q},}}();KEYUTIL.getKey=function(f,e,h){if(typeof RSAKey!="undefined"&&f instanceof RSAKey){return f}if(typeof KJUR.crypto.ECDSA!="undefined"&&f instanceof KJUR.crypto.ECDSA){return f}if(typeof KJUR.crypto.DSA!="undefined"&&f instanceof KJUR.crypto.DSA){return f}if(f.curve!==undefined&&f.xy!==undefined&&f.d===undefined){return new KJUR.crypto.ECDSA({pub:f.xy,curve:f.curve})}if(f.curve!==undefined&&f.d!==undefined){return new KJUR.crypto.ECDSA({prv:f.d,curve:f.curve})}if(f.kty===undefined&&f.n!==undefined&&f.e!==undefined&&f.d===undefined){var w=new RSAKey();w.setPublic(f.n,f.e);return w}if(f.kty===undefined&&f.n!==undefined&&f.e!==undefined&&f.d!==undefined&&f.p!==undefined&&f.q!==undefined&&f.dp!==undefined&&f.dq!==undefined&&f.co!==undefined&&f.qi===undefined){var w=new RSAKey();w.setPrivateEx(f.n,f.e,f.d,f.p,f.q,f.dp,f.dq,f.co);return w}if(f.kty===undefined&&f.n!==undefined&&f.e!==undefined&&f.d!==undefined&&f.p===undefined){var w=new RSAKey();w.setPrivate(f.n,f.e,f.d);return w}if(f.p!==undefined&&f.q!==undefined&&f.g!==undefined&&f.y!==undefined&&f.x===undefined){var w=new KJUR.crypto.DSA();w.setPublic(f.p,f.q,f.g,f.y);return w}if(f.p!==undefined&&f.q!==undefined&&f.g!==undefined&&f.y!==undefined&&f.x!==undefined){var w=new KJUR.crypto.DSA();w.setPrivate(f.p,f.q,f.g,f.y,f.x);return w}if(f.kty==="RSA"&&f.n!==undefined&&f.e!==undefined&&f.d===undefined){var w=new RSAKey();w.setPublic(b64utohex(f.n),b64utohex(f.e));return w}if(f.kty==="RSA"&&f.n!==undefined&&f.e!==undefined&&f.d!==undefined&&f.p!==undefined&&f.q!==undefined&&f.dp!==undefined&&f.dq!==undefined&&f.qi!==undefined){var w=new RSAKey();w.setPrivateEx(b64utohex(f.n),b64utohex(f.e),b64utohex(f.d),b64utohex(f.p),b64utohex(f.q),b64utohex(f.dp),b64utohex(f.dq),b64utohex(f.qi));return w}if(f.kty==="RSA"&&f.n!==undefined&&f.e!==undefined&&f.d!==undefined){var w=new RSAKey();w.setPrivate(b64utohex(f.n),b64utohex(f.e),b64utohex(f.d));return w}if(f.kty==="EC"&&f.crv!==undefined&&f.x!==undefined&&f.y!==undefined&&f.d===undefined){var d=new KJUR.crypto.ECDSA({curve:f.crv});var l=d.ecparams.keylen/4;var r=("0000000000"+b64utohex(f.x)).slice(-l);var n=("0000000000"+b64utohex(f.y)).slice(-l);var m="04"+r+n;d.setPublicKeyHex(m);return d}if(f.kty==="EC"&&f.crv!==undefined&&f.x!==undefined&&f.y!==undefined&&f.d!==undefined){var d=new KJUR.crypto.ECDSA({curve:f.crv});var l=d.ecparams.keylen/4;var a=("0000000000"+b64utohex(f.d)).slice(-l);d.setPrivateKeyHex(a);return d}if(f.indexOf("-END CERTIFICATE-",0)!=-1||f.indexOf("-END X509 CERTIFICATE-",0)!=-1||f.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(f)}if(h==="pkcs8pub"){return KEYUTIL.getKeyFromPublicPKCS8Hex(f)}if(f.indexOf("-END PUBLIC KEY-")!=-1){return KEYUTIL.getKeyFromPublicPKCS8PEM(f)}if(h==="pkcs5prv"){var w=new RSAKey();w.readPrivateKeyFromASN1HexString(f);return w}if(h==="pkcs5prv"){var w=new RSAKey();w.readPrivateKeyFromASN1HexString(f);return w}if(f.indexOf("-END RSA PRIVATE KEY-")!=-1&&f.indexOf("4,ENCRYPTED")==-1){var i=KEYUTIL.getHexFromPEM(f,"RSA PRIVATE KEY");return KEYUTIL.getKey(i,null,"pkcs5prv")}if(f.indexOf("-END DSA PRIVATE KEY-")!=-1&&f.indexOf("4,ENCRYPTED")==-1){var u=this.getHexFromPEM(f,"DSA PRIVATE KEY");var t=ASN1HEX.getVbyList(u,0,[1],"02");var s=ASN1HEX.getVbyList(u,0,[2],"02");var v=ASN1HEX.getVbyList(u,0,[3],"02");var j=ASN1HEX.getVbyList(u,0,[4],"02");var k=ASN1HEX.getVbyList(u,0,[5],"02");var w=new KJUR.crypto.DSA();w.setPrivate(new BigInteger(t,16),new BigInteger(s,16),new BigInteger(v,16),new BigInteger(j,16),new BigInteger(k,16));return w}if(f.indexOf("-END PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromPlainPrivatePKCS8PEM(f)}if(f.indexOf("-END RSA PRIVATE KEY-")!=-1&&f.indexOf("4,ENCRYPTED")!=-1){return KEYUTIL.getRSAKeyFromEncryptedPKCS5PEM(f,e)}if(f.indexOf("-END EC PRIVATE KEY-")!=-1&&f.indexOf("4,ENCRYPTED")!=-1){var u=KEYUTIL.getDecryptedKeyHex(f,e);var w=ASN1HEX.getVbyList(u,0,[1],"04");var c=ASN1HEX.getVbyList(u,0,[2,0],"06");var o=ASN1HEX.getVbyList(u,0,[3,0],"03").substr(2);var b="";if(KJUR.crypto.OID.oidhex2name[c]!==undefined){b=KJUR.crypto.OID.oidhex2name[c]}else{throw"undefined OID(hex) in KJUR.crypto.OID: "+c}var d=new KJUR.crypto.ECDSA({name:b});d.setPublicKeyHex(o);d.setPrivateKeyHex(w);d.isPublic=false;return d}if(f.indexOf("-END DSA PRIVATE KEY-")!=-1&&f.indexOf("4,ENCRYPTED")!=-1){var u=KEYUTIL.getDecryptedKeyHex(f,e);var t=ASN1HEX.getVbyList(u,0,[1],"02");var s=ASN1HEX.getVbyList(u,0,[2],"02");var v=ASN1HEX.getVbyList(u,0,[3],"02");var j=ASN1HEX.getVbyList(u,0,[4],"02");var k=ASN1HEX.getVbyList(u,0,[5],"02");var w=new KJUR.crypto.DSA();w.setPrivate(new BigInteger(t,16),new BigInteger(s,16),new BigInteger(v,16),new BigInteger(j,16),new BigInteger(k,16));return w}if(f.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return KEYUTIL.getKeyFromEncryptedPKCS8PEM(f,e)}throw"not supported argument"};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw"unknown algorithm: "+a}}};KEYUTIL.getPEM=function(a,r,o,g,j){var v=KJUR.asn1;var u=KJUR.crypto;function p(s){var w=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return w}function q(w){var s=KJUR.asn1.ASN1Util.newObject({seq:[{"int":1},{octstr:{hex:w.prvKeyHex}},{tag:["a0",true,{oid:{name:w.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+w.pubKeyHex}}]}]});return s}function n(s){var w=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return w}if(((typeof RSAKey!="undefined"&&a instanceof RSAKey)||(typeof u.DSA!="undefined"&&a instanceof u.DSA)||(typeof u.ECDSA!="undefined"&&a instanceof u.ECDSA))&&a.isPublic==true&&(r===undefined||r=="PKCS8PUB")){var t=new KJUR.asn1.x509.SubjectPublicKeyInfo(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"PUBLIC KEY")}if(r=="PKCS1PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&(o===undefined||o==null)&&a.isPrivate==true){var t=p(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"RSA PRIVATE KEY")}if(r=="PKCS1PRV"&&typeof RSAKey!="undefined"&&a instanceof KJUR.crypto.ECDSA&&(o===undefined||o==null)&&a.isPrivate==true){var f=new KJUR.asn1.DERObjectIdentifier({name:a.curveName});var l=f.getEncodedHex();var e=q(a);var k=e.getEncodedHex();var i="";i+=v.ASN1Util.getPEMStringFromHex(l,"EC PARAMETERS");i+=v.ASN1Util.getPEMStringFromHex(k,"EC PRIVATE KEY");return i}if(r=="PKCS1PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&(o===undefined||o==null)&&a.isPrivate==true){var t=n(a);var m=t.getEncodedHex();return v.ASN1Util.getPEMStringFromHex(m,"DSA PRIVATE KEY")}if(r=="PKCS5PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=p(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",m,o,g)}if(r=="PKCS5PRV"&&typeof KJUR.crypto.ECDSA!="undefined"&&a instanceof KJUR.crypto.ECDSA&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=q(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",m,o,g)}if(r=="PKCS5PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&(o!==undefined&&o!=null)&&a.isPrivate==true){var t=n(a);var m=t.getEncodedHex();if(g===undefined){g="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",m,o,g)}var h=function(w,s){var y=b(w,s);var x=new KJUR.asn1.ASN1Util.newObject({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:y.pbkdf2Salt}},{"int":y.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:y.encryptionSchemeIV}}]}]}]},{octstr:{hex:y.ciphertext}}]});return x.getEncodedHex()};var b=function(D,E){var x=100;var C=CryptoJS.lib.WordArray.random(8);var B="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var y=CryptoJS.PBKDF2(E,C,{keySize:192/32,iterations:x});var z=CryptoJS.enc.Hex.parse(D);var A=CryptoJS.TripleDES.encrypt(z,y,{iv:s})+"";var w={};w.ciphertext=A;w.pbkdf2Salt=CryptoJS.enc.Hex.stringify(C);w.pbkdf2Iter=x;w.encryptionSchemeAlg=B;w.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return w};if(r=="PKCS8PRV"&&typeof RSAKey!="undefined"&&a instanceof RSAKey&&a.isPrivate==true){var d=p(a);var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}if(r=="PKCS8PRV"&&typeof KJUR.crypto.ECDSA!="undefined"&&a instanceof KJUR.crypto.ECDSA&&a.isPrivate==true){var d=new KJUR.asn1.ASN1Util.newObject({seq:[{"int":1},{octstr:{hex:a.prvKeyHex}},{tag:["a1",true,{bitstr:{hex:"00"+a.pubKeyHex}}]}]});var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:a.curveName}}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}if(r=="PKCS8PRV"&&typeof KJUR.crypto.DSA!="undefined"&&a instanceof KJUR.crypto.DSA&&a.isPrivate==true){var d=new KJUR.asn1.DERInteger({bigint:a.x});var c=d.getEncodedHex();var t=KJUR.asn1.ASN1Util.newObject({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:a.p}},{"int":{bigint:a.q}},{"int":{bigint:a.g}}]}]},{octstr:{hex:c}}]});var m=t.getEncodedHex();if(o===undefined||o==null){return v.ASN1Util.getPEMStringFromHex(m,"PRIVATE KEY")}else{var k=h(m,o);return v.ASN1Util.getPEMStringFromHex(k,"ENCRYPTED PRIVATE KEY")}}throw"unsupported object nor format"};KEYUTIL.getKeyFromCSRPEM=function(b){var a=KEYUTIL.getHexFromPEM(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(c){var b={};var e=c;if(e.substr(0,2)!="30"){throw"malformed CSR(code:001)"}var d=ASN1HEX.getPosArrayOfChildren_AtObj(e,0);if(d.length<1){throw"malformed CSR(code:002)"}if(e.substr(d[0],2)!="30"){throw"malformed CSR(code:003)"}var a=ASN1HEX.getPosArrayOfChildren_AtObj(e,d[0]);if(a.length<3){throw"malformed CSR(code:004)"}b.p8pubkeyhex=ASN1HEX.getHexOfTLV_AtObj(e,a[2]);return b}; -/*! rsapem-1.1.js (c) 2012 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -function _rsapem_pemToBase64(b){var a=b;a=a.replace("-----BEGIN RSA PRIVATE KEY-----","");a=a.replace("-----END RSA PRIVATE KEY-----","");a=a.replace(/[ \n]+/g,"");return a}function _rsapem_getPosArrayOfChildrenFromHex(d){var j=new Array();var k=ASN1HEX.getStartPosOfV_AtObj(d,0);var f=ASN1HEX.getPosOfNextSibling_AtObj(d,k);var h=ASN1HEX.getPosOfNextSibling_AtObj(d,f);var b=ASN1HEX.getPosOfNextSibling_AtObj(d,h);var l=ASN1HEX.getPosOfNextSibling_AtObj(d,b);var e=ASN1HEX.getPosOfNextSibling_AtObj(d,l);var g=ASN1HEX.getPosOfNextSibling_AtObj(d,e);var c=ASN1HEX.getPosOfNextSibling_AtObj(d,g);var i=ASN1HEX.getPosOfNextSibling_AtObj(d,c);j.push(k,f,h,b,l,e,g,c,i);return j}function _rsapem_getHexValueArrayOfChildrenFromHex(i){var o=_rsapem_getPosArrayOfChildrenFromHex(i);var r=ASN1HEX.getHexOfV_AtObj(i,o[0]);var f=ASN1HEX.getHexOfV_AtObj(i,o[1]);var j=ASN1HEX.getHexOfV_AtObj(i,o[2]);var k=ASN1HEX.getHexOfV_AtObj(i,o[3]);var c=ASN1HEX.getHexOfV_AtObj(i,o[4]);var b=ASN1HEX.getHexOfV_AtObj(i,o[5]);var h=ASN1HEX.getHexOfV_AtObj(i,o[6]);var g=ASN1HEX.getHexOfV_AtObj(i,o[7]);var l=ASN1HEX.getHexOfV_AtObj(i,o[8]);var m=new Array();m.push(r,f,j,k,c,b,h,g,l);return m}function _rsapem_readPrivateKeyFromASN1HexString(c){var b=_rsapem_getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])}function _rsapem_readPrivateKeyFromPEMString(e){var c=_rsapem_pemToBase64(e);var d=b64tohex(c);var b=_rsapem_getHexValueArrayOfChildrenFromHex(d);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])}RSAKey.prototype.readPrivateKeyFromPEMString=_rsapem_readPrivateKeyFromPEMString;RSAKey.prototype.readPrivateKeyFromASN1HexString=_rsapem_readPrivateKeyFromASN1HexString; -/*! rsasign-1.2.7.js (c) 2012 Kenji Urushima | kjur.github.com/jsrsasign/license - */ -var _RE_HEXDECONLY=new RegExp("");_RE_HEXDECONLY.compile("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}function _rsasign_signStringPSS(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)}function _rsasign_signWithMessageHashPSS(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw"invalid salt length"}}}if(c<(g+k+2)){throw"data too long"}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)}function _rsasign_verifyWithMessageHash(e,a){a=a.replace(_RE_HEXDECONLY,"");a=a.replace(/[ \n]+/g,"");var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)}function _rsasign_verifyStringPSS(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)}function _rsasign_verifyWithMessageHashPSS(f,s,l,c){var k=new BigInteger(s,16);if(k.bitLength()>this.n.bitLength()){return false}var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw"invalid salt length"}}}if(m<(h+c+2)){throw"data too long"}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw"bits beyond keysize not zero"}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q0){var c=":"+j.join(":")+":";if(c.indexOf(":"+h+":")==-1){throw"algorithm '"+h+"' not accepted in the list"}}if(h!="none"&&t===null){throw"key shall be specified to verify."}if(typeof t=="string"&&t.indexOf("-----BEGIN ")!=-1){t=KEYUTIL.getKey(t)}if(s=="RS"||s=="PS"){if(!(t instanceof RSAKey)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(s=="ES"){if(!(t instanceof KJUR.crypto.ECDSA)){throw"key shall be a ECDSA obj for ES* algs"}}if(h=="none"){}var n=null;if(m.jwsalg2sigalg[i.alg]===undefined){throw"unsupported alg name: "+h}else{n=m.jwsalg2sigalg[h]}if(n=="none"){throw"not supported"}else{if(n.substr(0,4)=="Hmac"){var k=null;if(t===undefined){throw"hexadecimal key shall be specified for HMAC"}var g=new KJUR.crypto.Mac({alg:n,pass:t});g.updateString(b);k=g.doFinal();return r==k}else{if(n.indexOf("withECDSA")!=-1){var f=null;try{f=KJUR.crypto.ECDSA.concatSigToASN1Sig(r)}catch(o){return false}var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(f)}else{var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(r)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(d,j,l){var h=KJUR.jws.JWS;var i=d.split(".");var c=i[0];var g=i[1];var m=c+"."+g;var k=b64utohex(i[2]);var f=h.readSafeJSONString(b64utoutf8(c));var e=h.readSafeJSONString(b64utoutf8(g));if(f.alg===undefined){return false}if(l.alg===undefined){throw"acceptField.alg shall be specified"}if(!h.inArray(f.alg,l.alg)){return false}if(e.iss!==undefined&&typeof l.iss==="object"){if(!h.inArray(e.iss,l.iss)){return false}}if(e.sub!==undefined&&typeof l.sub==="object"){if(!h.inArray(e.sub,l.sub)){return false}}if(e.aud!==undefined&&typeof l.aud==="object"){if(typeof e.aud=="string"){if(!h.inArray(e.aud,l.aud)){return false}}else{if(typeof e.aud=="object"){if(!h.includedArray(e.aud,l.aud)){return false}}}}var b=KJUR.jws.IntDate.getNow();if(l.verifyAt!==undefined&&typeof l.verifyAt=="number"){b=l.verifyAt}if(e.exp!==undefined&&typeof e.exp=="number"){if(e.exp0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(b){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(c){var d=c.split("/");d.shift();for(var e=0;e0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(b){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(c){var d=c.split("/");d.shift();for(var e=0;e=(b*2))){break}if(d>=200){break}c.push(e);g=e;d++}return c};this.getNthChildIndex_AtObj=function(d,b,e){var c=this.getPosArrayOfChildren_AtObj(d,b);return c[e]};this.getDecendantIndexByNthList=function(e,d,c){if(c.length==0){return d}var f=c.shift();var b=this.getPosArrayOfChildren_AtObj(e,d);return this.getDecendantIndexByNthList(e,b[f],c)};this.getDecendantHexTLVByNthList=function(d,c,b){var a=this.getDecendantIndexByNthList(d,c,b);return this.getHexOfTLV_AtObj(d,a)};this.getDecendantHexVByNthList=function(d,c,b){var a=this.getDecendantIndexByNthList(d,c,b);return this.getHexOfV_AtObj(d,a)}};ASN1HEX.getVbyList=function(d,c,b,e){var a=this.getDecendantIndexByNthList(d,c,b);if(a===undefined){throw"can't find nthList object"}if(e!==undefined){if(d.substr(a,2)!=e){throw"checking tag doesn't match: "+d.substr(a,2)+"!="+e}}return this.getHexOfV_AtObj(d,a)};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(e,c,k,g){var o=function(w,i){if(w.length<=i*2){return w}else{var v=w.substr(0,i)+"..(total "+w.length/2+"bytes).."+w.substr(w.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(k===undefined){k=0}if(g===undefined){g=""}var r=c.ommit_long_octet;if(e.substr(k,2)=="01"){var h=ASN1HEX.getHexOfV_AtObj(e,k);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(e.substr(k,2)=="02"){var h=ASN1HEX.getHexOfV_AtObj(e,k);return g+"INTEGER "+o(h,r)+"\n"}if(e.substr(k,2)=="03"){var h=ASN1HEX.getHexOfV_AtObj(e,k);return g+"BITSTRING "+o(h,r)+"\n"}if(e.substr(k,2)=="04"){var h=ASN1HEX.getHexOfV_AtObj(e,k);if(ASN1HEX.isASN1HEX(h)){var j=g+"OCTETSTRING, encapsulates\n";j=j+ASN1HEX.dump(h,c,0,g+" ");return j}else{return g+"OCTETSTRING "+o(h,r)+"\n"}}if(e.substr(k,2)=="05"){return g+"NULL\n"}if(e.substr(k,2)=="06"){var l=ASN1HEX.getHexOfV_AtObj(e,k);var a=KJUR.asn1.ASN1Util.oidHexToInt(l);var n=KJUR.asn1.x509.OID.oid2name(a);var b=a.replace(/\./g," ");if(n!=""){return g+"ObjectIdentifier "+n+" ("+b+")\n"}else{return g+"ObjectIdentifier ("+b+")\n"}}if(e.substr(k,2)=="0c"){return g+"UTF8String '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="13"){return g+"PrintableString '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="14"){return g+"TeletexString '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="16"){return g+"IA5String '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="17"){return g+"UTCTime "+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"\n"}if(e.substr(k,2)=="18"){return g+"GeneralizedTime "+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"\n"}if(e.substr(k,2)=="30"){if(e.substr(k,4)=="3000"){return g+"SEQUENCE {}\n"}var j=g+"SEQUENCE\n";var d=ASN1HEX.getPosArrayOfChildren_AtObj(e,k);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var t=ASN1HEX.getHexOfV_AtObj(e,d[0]);var a=KJUR.asn1.ASN1Util.oidHexToInt(t);var n=KJUR.asn1.x509.OID.oid2name(a);var p=JSON.parse(JSON.stringify(c));p.x509ExtName=n;f=p}for(var q=0;q0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(b){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(c){var d=c.split("/");d.shift();for(var e=0;e0){var d=new KJUR.asn1.DERSequence({array:this.extensionsArray});var b=new KJUR.asn1.DERTaggedObject({explicit:true,tag:"a3",obj:d});this.asn1Array.push(b)}var e=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=e.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extension=function(b){KJUR.asn1.x509.Extension.superclass.constructor.call(this);var a=null;this.getEncodedHex=function(){var f=new KJUR.asn1.DERObjectIdentifier({oid:this.oid});var e=new KJUR.asn1.DEROctetString({hex:this.getExtnValueHex()});var d=new Array();d.push(f);if(this.critical){d.push(new KJUR.asn1.DERBoolean())}d.push(e);var c=new KJUR.asn1.DERSequence({array:d});return c.getEncodedHex()};this.critical=false;if(typeof b!="undefined"){if(typeof b.critical!="undefined"){this.critical=b.critical}}};YAHOO.lang.extend(KJUR.asn1.x509.Extension,KJUR.asn1.ASN1Object);KJUR.asn1.x509.KeyUsage=function(a){KJUR.asn1.x509.KeyUsage.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.15";if(typeof a!="undefined"){if(typeof a.bin!="undefined"){this.asn1ExtnValue=new KJUR.asn1.DERBitString(a)}}};YAHOO.lang.extend(KJUR.asn1.x509.KeyUsage,KJUR.asn1.x509.Extension);KJUR.asn1.x509.BasicConstraints=function(c){KJUR.asn1.x509.BasicConstraints.superclass.constructor.call(this,c);var a=false;var b=-1;this.getExtnValueHex=function(){var e=new Array();if(this.cA){e.push(new KJUR.asn1.DERBoolean())}if(this.pathLen>-1){e.push(new KJUR.asn1.DERInteger({"int":this.pathLen}))}var d=new KJUR.asn1.DERSequence({array:e});this.asn1ExtnValue=d;return this.asn1ExtnValue.getEncodedHex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(typeof c!="undefined"){if(typeof c.cA!="undefined"){this.cA=c.cA}if(typeof c.pathLen!="undefined"){this.pathLen=c.pathLen}}};YAHOO.lang.extend(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(a){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,a);this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()};this.setByDPArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence({array:b})};this.setByOneURI=function(e){var b=new KJUR.asn1.x509.GeneralNames([{uri:e}]);var d=new KJUR.asn1.x509.DistributionPointName(b);var c=new KJUR.asn1.x509.DistributionPoint({dpobj:d});this.setByDPArray([c])};this.oid="2.5.29.31";if(typeof a!="undefined"){if(typeof a.array!="undefined"){this.setByDPArray(a.array)}else{if(typeof a.uri!="undefined"){this.setByOneURI(a.uri)}}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLDistributionPoints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.ExtKeyUsage=function(a){KJUR.asn1.x509.ExtKeyUsage.superclass.constructor.call(this,a);this.setPurposeArray=function(b){this.asn1ExtnValue=new KJUR.asn1.DERSequence();for(var c=0;c0){var c=new KJUR.asn1.DERSequence({array:this.aRevokedCert});this.asn1Array.push(c)}var d=new KJUR.asn1.DERSequence({array:this.asn1Array});this.hTLV=d.getEncodedHex();this.isModified=false;return this.hTLV};this._initialize=function(){this.asn1Version=null;this.asn1SignatureAlg=null;this.asn1Issuer=null;this.asn1ThisUpdate=null;this.asn1NextUpdate=null;this.aRevokedCert=new Array()};this._initialize()};YAHOO.lang.extend(KJUR.asn1.x509.TBSCertList,KJUR.asn1.ASN1Object);KJUR.asn1.x509.CRLEntry=function(c){KJUR.asn1.x509.CRLEntry.superclass.constructor.call(this);var b=null;var a=null;this.setCertSerial=function(d){this.sn=new KJUR.asn1.DERInteger(d)};this.setRevocationDate=function(d){this.time=new KJUR.asn1.x509.Time(d)};this.getEncodedHex=function(){var d=new KJUR.asn1.DERSequence({array:[this.sn,this.time]});this.TLV=d.getEncodedHex();return this.TLV};if(typeof c!="undefined"){if(typeof c.time!="undefined"){this.setRevocationDate(c.time)}if(typeof c.sn!="undefined"){this.setCertSerial(c.sn)}}};YAHOO.lang.extend(KJUR.asn1.x509.CRLEntry,KJUR.asn1.ASN1Object);KJUR.asn1.x509.X500Name=function(b){KJUR.asn1.x509.X500Name.superclass.constructor.call(this);this.asn1Array=new Array();this.setByString=function(c){var d=c.split("/");d.shift();for(var e=0;e0){h=new a.DERTaggedObject({obj:this.dUnsignedAttrs,tag:"a1",explicit:false})}var g=[this.dCMSVersion,this.dSignerIdentifier,this.dDigestAlgorithm,e,this.dSigAlg,this.dSig,];if(h!=null){g.push(h)}var f=new a.DERSequence({array:g});this.hTLV=f.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.SignerInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.EncapsulatedContentInfo=function(c){KJUR.asn1.cms.EncapsulatedContentInfo.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dEContentType=new a.DERObjectIdentifier({name:"data"});this.dEContent=null;this.isDetached=false;this.eContentValueHex=null;this.setContentType=function(e){if(e.match(/^[0-2][.][0-9.]+$/)){this.dEContentType=new a.DERObjectIdentifier({oid:e})}else{this.dEContentType=new a.DERObjectIdentifier({name:e})}};this.setContentValue=function(e){if(typeof e!="undefined"){if(typeof e.hex=="string"){this.eContentValueHex=e.hex}else{if(typeof e.str=="string"){this.eContentValueHex=utf8tohex(e.str)}}}};this.setContentValueHex=function(e){this.eContentValueHex=e};this.setContentValueStr=function(e){this.eContentValueHex=utf8tohex(e)};this.getEncodedHex=function(){if(typeof this.eContentValueHex!="string"){throw"eContentValue not yet set"}var g=new a.DEROctetString({hex:this.eContentValueHex});this.dEContent=new a.DERTaggedObject({obj:g,tag:"a0",explicit:true});var e=[this.dEContentType];if(!this.isDetached){e.push(this.dEContent)}var f=new a.DERSequence({array:e});this.hTLV=f.getEncodedHex();return this.hTLV}};YAHOO.lang.extend(KJUR.asn1.cms.EncapsulatedContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.ContentInfo=function(c){KJUR.asn1.cms.ContentInfo.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dContentType=null;this.dContent=null;this.setContentType=function(e){if(typeof e=="string"){this.dContentType=d.OID.name2obj(e)}};this.getEncodedHex=function(){var f=new a.DERTaggedObject({obj:this.dContent,tag:"a0",explicit:true});var e=new a.DERSequence({array:[this.dContentType,f]});this.hTLV=e.getEncodedHex();return this.hTLV};if(typeof c!="undefined"){if(c.type){this.setContentType(c.type)}if(c.obj&&c.obj instanceof a.ASN1Object){this.dContent=c.obj}}};YAHOO.lang.extend(KJUR.asn1.cms.ContentInfo,KJUR.asn1.ASN1Object);KJUR.asn1.cms.SignedData=function(c){KJUR.asn1.cms.SignedData.superclass.constructor.call(this);var a=KJUR.asn1;var b=KJUR.asn1.cms;var d=KJUR.asn1.x509;this.dCMSVersion=new a.DERInteger({"int":1});this.dDigestAlgs=null;this.digestAlgNameList=[];this.dEncapContentInfo=new b.EncapsulatedContentInfo();this.dCerts=null;this.certificateList=[];this.crlList=[];this.signerInfoList=[new b.SignerInfo()];this.addCertificatesByPEM=function(e){var f=KEYUTIL.getHexFromPEM(e);var g=new a.ASN1Object();g.hTLV=f;this.certificateList.push(g)};this.getEncodedHex=function(){if(typeof this.hTLV=="string"){return this.hTLV}if(this.dDigestAlgs==null){var k=[];for(var j=0;j0){var l=new a.DERSet({array:this.certificateList});this.dCerts=new a.DERTaggedObject({obj:l,tag:"a0",explicit:false})}}if(this.dCerts!=null){e.push(this.dCerts)}var g=new a.DERSet({array:this.signerInfoList});e.push(g);var f=new a.DERSequence({array:e});this.hTLV=f.getEncodedHex();return this.hTLV};this.getContentInfo=function(){this.getEncodedHex();var e=new b.ContentInfo({type:"signed-data",obj:this});return e};this.getContentInfoEncodedHex=function(){var e=this.getContentInfo();var f=e.getEncodedHex();return f};this.getPEM=function(){var e=this.getContentInfoEncodedHex();var f=a.ASN1Util.getPEMStringFromHex(e,"CMS");return f}};YAHOO.lang.extend(KJUR.asn1.cms.SignedData,KJUR.asn1.ASN1Object);KJUR.asn1.cms.CMSUtil=new function(){};KJUR.asn1.cms.CMSUtil.newSignedData=function(a){var h=KJUR.asn1.cms;var g=KJUR.asn1.cades;var f=new h.SignedData();f.dEncapContentInfo.setContentValue(a.content);if(typeof a.certs=="object"){for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}function _rsasign_signStringPSS(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)}function _rsasign_signWithMessageHashPSS(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw"invalid salt length"}}}if(c<(g+k+2)){throw"data too long"}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dthis.n.bitLength()){return 0}var i=this.doPublic(b);var e=i.toString(16).replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(k){return KJUR.crypto.Util.hashString(k,d)};var c=a(f);return(h==c)}function _rsasign_verifyWithMessageHash(e,a){a=a.replace(_RE_HEXDECONLY,"");a=a.replace(/[ \n]+/g,"");var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)}function _rsasign_verifyStringPSS(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)}function _rsasign_verifyWithMessageHashPSS(f,s,l,c){var k=new BigInteger(s,16);if(k.bitLength()>this.n.bitLength()){return false}var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw"invalid salt length"}}}if(m<(h+c+2)){throw"data too long"}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw"bits beyond keysize not zero"}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q0){var c=":"+j.join(":")+":";if(c.indexOf(":"+h+":")==-1){throw"algorithm '"+h+"' not accepted in the list"}}if(h!="none"&&t===null){throw"key shall be specified to verify."}if(typeof t=="string"&&t.indexOf("-----BEGIN ")!=-1){t=KEYUTIL.getKey(t)}if(s=="RS"||s=="PS"){if(!(t instanceof RSAKey)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(s=="ES"){if(!(t instanceof KJUR.crypto.ECDSA)){throw"key shall be a ECDSA obj for ES* algs"}}if(h=="none"){}var n=null;if(m.jwsalg2sigalg[i.alg]===undefined){throw"unsupported alg name: "+h}else{n=m.jwsalg2sigalg[h]}if(n=="none"){throw"not supported"}else{if(n.substr(0,4)=="Hmac"){var k=null;if(t===undefined){throw"hexadecimal key shall be specified for HMAC"}var g=new KJUR.crypto.Mac({alg:n,pass:t});g.updateString(b);k=g.doFinal();return r==k}else{if(n.indexOf("withECDSA")!=-1){var f=null;try{f=KJUR.crypto.ECDSA.concatSigToASN1Sig(r)}catch(o){return false}var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(f)}else{var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(r)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(d,j,l){var h=KJUR.jws.JWS;var i=d.split(".");var c=i[0];var g=i[1];var m=c+"."+g;var k=b64utohex(i[2]);var f=h.readSafeJSONString(b64utoutf8(c));var e=h.readSafeJSONString(b64utoutf8(g));if(f.alg===undefined){return false}if(l.alg===undefined){throw"acceptField.alg shall be specified"}if(!h.inArray(f.alg,l.alg)){return false}if(e.iss!==undefined&&typeof l.iss==="object"){if(!h.inArray(e.iss,l.iss)){return false}}if(e.sub!==undefined&&typeof l.sub==="object"){if(!h.inArray(e.sub,l.sub)){return false}}if(e.aud!==undefined&&typeof l.aud==="object"){if(typeof e.aud=="string"){if(!h.inArray(e.aud,l.aud)){return false}}else{if(typeof e.aud=="object"){if(!h.includedArray(e.aud,l.aud)){return false}}}}var b=KJUR.jws.IntDate.getNow();if(l.verifyAt!==undefined&&typeof l.verifyAt=="number"){b=l.verifyAt}if(e.exp!==undefined&&typeof e.exp=="number"){if(e.exp + + + + + + @@ -136,6 +142,23 @@ -----END RSA PRIVATE KEY----- */}).toString().match(/\/\*([^]*)\*\//)[1]; +// sample-rsasign.html +var cert1 = (function() {/* +-----BEGIN CERTIFICATE----- +MIIBvTCCASYCCQD55fNzc0WF7TANBgkqhkiG9w0BAQUFADAjMQswCQYDVQQGEwJK +UDEUMBIGA1UEChMLMDAtVEVTVC1SU0EwHhcNMTAwNTI4MDIwODUxWhcNMjAwNTI1 +MDIwODUxWjAjMQswCQYDVQQGEwJKUDEUMBIGA1UEChMLMDAtVEVTVC1SU0EwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANGEYXtfgDRlWUSDn3haY4NVVQiKI9Cz +Thoua9+DxJuiseyzmBBe7Roh1RPqdvmtOHmEPbJ+kXZYhbozzPRbFGHCJyBfCLzQ +fVos9/qUQ88u83b0SFA2MGmQWQAlRtLy66EkR4rDRwTj2DzR4EEXgEKpIvo8VBs/ +3+sHLF3ESgAhAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAEZ6mXFFq3AzfaqWHmCy1 +ARjlauYAa8ZmUFnLm0emg9dkVBJ63aEqARhtok6bDQDzSJxiLpCEF6G4b/Nv/M/M +LyhP+OoOTmETMegAVQMq71choVJyOFE5BtQa6M/lCHEOya5QUfoRF2HF9EjRF44K +3OK+u3ivTSj3zwjtpudY5Xo= +-----END CERTIFICATE----- +*/}).toString().match(/\/\*([^]*)\*\//)[1]; + + // ======= TEST =================================================================================== test("version", function() { @@ -305,6 +328,10 @@ equal(k.d.toString(16), "ac15f412e8378393323f4aad5f890d97d72ab6c0528039cfa33eb2e930927bab09994944a11e1cdcf4153f1c8d9c1825bdeed0a1e86b1c268b42e1c348ad3f61", "rsaKey.d"); }); +test("getKey(cert1) sample-rsasign.html", function() { + var k = KEYUTIL.getKey(cert1); + equal(k.e.toString(16), "10001", "rsaKey.e"); +}); }); --> diff --git a/x509-1.1.js b/x509-1.1.js index 670221a7..b084046c 100644 --- a/x509-1.1.js +++ b/x509-1.1.js @@ -1,4 +1,4 @@ -/*! x509-1.1.8.js (c) 2012-2016 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! x509-1.1.9.js (c) 2012-2016 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * x509.js - X509 class to read subject public key from certificate. @@ -16,7 +16,7 @@ * @fileOverview * @name x509-1.1.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version x509 1.1.8 (2016-Apr-24) + * @version x509 1.1.9 (2016-May-10) * @since jsrsasign 1.x.x * @license MIT License */ @@ -546,13 +546,13 @@ X509.getPublicKeyFromCertPEM = function(sCertPEM) { * @return {Hash} hash of information for public key * @since x509 1.1.1 * @description - * Resulted associative array has following properties: + * Resulted associative array has following properties:
    *

      *
    • algoid - hexadecimal string of OID of asymmetric key algorithm
    • *
    • algparam - hexadecimal string of OID of ECC curve name or null
    • *
    • keyhex - hexadecimal string of key in the certificate
    • *
    - * @since x509 1.1.1 + * NOTE: X509v1 certificate is also supported since x509.js 1.1.9. */ X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) { var result = {}; @@ -571,10 +571,13 @@ X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) { var a2 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a1[0]); // 3. subjectPublicKeyInfo - if (a2.length < 7) + var idx_spi = 6; // subjectPublicKeyInfo index in tbsCert for v3 cert + if (hCert.substr(a2[0], 2) !== "a0") idx_spi = 5; + + if (a2.length < idx_spi + 1) throw "malformed X.509 certificate PEM (code:003)"; // no subjPubKeyInfo - var a3 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a2[6]); + var a3 = ASN1HEX.getPosArrayOfChildren_AtObj(hCert, a2[idx_spi]); if (a3.length != 2) throw "malformed X.509 certificate PEM (code:004)"; // not AlgId and PubKey