diff --git a/ChangeLog.txt b/ChangeLog.txt index 68978388..5a1c1555 100755 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,17 +1,21 @@ ChangeLog for jsrsasign -* Changes between 5.0.10 to next version +* Changes between 5.0.10 to 5.0.11 + - X509v1 certificate support in KEYUTIL.getKey and + X509.getPublicKeyInfoPropOfCertPEM - sample_node/showcert added - - x509.js 1.1.8 to next version + - x509.js 1.1.8 to 1.1.9 - X509.DN_ATTRHEX added to show EV cert DN + - X509v1 certificate support in X509.getPublicKeyInfoPropOfCertPEM. + This makes KEYUTIL.getKey support X509v1 certificate. - test/qunit-do-x509-getinfo.html - test case added for EV cert DN - tool_{jwt,jwtveri}.html - fix typo. Thanks @ParkinT. - ext/{rsa,rsa2}.js - allow hash func to be passed to OAEP. Thanks @davedoesdev. - - asn1x509.js 1.0.13 to next version + - asn1x509.js 1.0.13 to 1.0.14 - add 'SN' (i.e. SurName) support in distinguished name. Thanks @kurtsson. diff --git a/api/files.html b/api/files.html index c43e85f3..beb8dd91 100644 --- a/api/files.html +++ b/api/files.html @@ -535,7 +535,7 @@
1 /*! asn1x509-1.0.13.js (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license +1 /*! asn1x509-1.0.14.js (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license 2 */ 3 /* 4 * asn1x509.js - ASN.1 DER encoder classes for X.509 certificate @@ -23,7 +23,7 @@ 16 * @fileOverview 17 * @name asn1x509-1.0.js 18 * @author Kenji Urushima kenji.urushima@gmail.com - 19 * @version 1.0.13 (2015-Oct-01) + 19 * @version 1.0.14 (2016-May-10) 20 * @since jsrsasign 2.1 21 * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a> 22 */ @@ -1826,343 +1826,344 @@ 1819 'ST': '2.5.4.8', 1820 'L': '2.5.4.7', 1821 'CN': '2.5.4.3', -1822 'DN': '2.5.4.49', -1823 'DC': '0.9.2342.19200300.100.1.25', -1824 }; -1825 this.name2oidList = { -1826 'sha1': '1.3.14.3.2.26', -1827 'sha256': '2.16.840.1.101.3.4.2.1', -1828 'sha384': '2.16.840.1.101.3.4.2.2', -1829 'sha512': '2.16.840.1.101.3.4.2.3', -1830 'sha224': '2.16.840.1.101.3.4.2.4', -1831 'md5': '1.2.840.113549.2.5', -1832 'md2': '1.3.14.7.2.2.1', -1833 'ripemd160': '1.3.36.3.2.1', -1834 -1835 'MD2withRSA': '1.2.840.113549.1.1.2', -1836 'MD4withRSA': '1.2.840.113549.1.1.3', -1837 'MD5withRSA': '1.2.840.113549.1.1.4', -1838 'SHA1withRSA': '1.2.840.113549.1.1.5', -1839 'SHA224withRSA': '1.2.840.113549.1.1.14', -1840 'SHA256withRSA': '1.2.840.113549.1.1.11', -1841 'SHA384withRSA': '1.2.840.113549.1.1.12', -1842 'SHA512withRSA': '1.2.840.113549.1.1.13', -1843 -1844 'SHA1withECDSA': '1.2.840.10045.4.1', -1845 'SHA224withECDSA': '1.2.840.10045.4.3.1', -1846 'SHA256withECDSA': '1.2.840.10045.4.3.2', -1847 'SHA384withECDSA': '1.2.840.10045.4.3.3', -1848 'SHA512withECDSA': '1.2.840.10045.4.3.4', -1849 -1850 'dsa': '1.2.840.10040.4.1', -1851 'SHA1withDSA': '1.2.840.10040.4.3', -1852 'SHA224withDSA': '2.16.840.1.101.3.4.3.1', -1853 'SHA256withDSA': '2.16.840.1.101.3.4.3.2', -1854 -1855 'rsaEncryption': '1.2.840.113549.1.1.1', -1856 -1857 'countryName': '2.5.4.6', -1858 'organization': '2.5.4.10', -1859 'organizationalUnit': '2.5.4.11', -1860 'stateOrProvinceName': '2.5.4.8', -1861 'locality': '2.5.4.7', -1862 'commonName': '2.5.4.3', -1863 -1864 'subjectKeyIdentifier': '2.5.29.14', -1865 'keyUsage': '2.5.29.15', -1866 'subjectAltName': '2.5.29.17', -1867 'basicConstraints': '2.5.29.19', -1868 'nameConstraints': '2.5.29.30', -1869 'cRLDistributionPoints':'2.5.29.31', -1870 'certificatePolicies': '2.5.29.32', -1871 'authorityKeyIdentifier':'2.5.29.35', -1872 'policyConstraints': '2.5.29.36', -1873 'extKeyUsage': '2.5.29.37', -1874 'authorityInfoAccess': '1.3.6.1.5.5.7.1.1', -1875 -1876 'anyExtendedKeyUsage': '2.5.29.37.0', -1877 'serverAuth': '1.3.6.1.5.5.7.3.1', -1878 'clientAuth': '1.3.6.1.5.5.7.3.2', -1879 'codeSigning': '1.3.6.1.5.5.7.3.3', -1880 'emailProtection': '1.3.6.1.5.5.7.3.4', -1881 'timeStamping': '1.3.6.1.5.5.7.3.8', -1882 'ocspSigning': '1.3.6.1.5.5.7.3.9', -1883 -1884 'ecPublicKey': '1.2.840.10045.2.1', -1885 'secp256r1': '1.2.840.10045.3.1.7', -1886 'secp256k1': '1.3.132.0.10', -1887 'secp384r1': '1.3.132.0.34', -1888 -1889 'pkcs5PBES2': '1.2.840.113549.1.5.13', -1890 'pkcs5PBKDF2': '1.2.840.113549.1.5.12', -1891 -1892 'des-EDE3-CBC': '1.2.840.113549.3.7', -1893 -1894 'data': '1.2.840.113549.1.7.1', // CMS data -1895 'signed-data': '1.2.840.113549.1.7.2', // CMS signed-data -1896 'enveloped-data': '1.2.840.113549.1.7.3', // CMS enveloped-data -1897 'digested-data': '1.2.840.113549.1.7.5', // CMS digested-data -1898 'encrypted-data': '1.2.840.113549.1.7.6', // CMS encrypted-data -1899 'authenticated-data': '1.2.840.113549.1.9.16.1.2', // CMS authenticated-data -1900 'tstinfo': '1.2.840.113549.1.9.16.1.4', // RFC3161 TSTInfo -1901 }; -1902 -1903 this.objCache = {}; -1904 -1905 /** -1906 * get DERObjectIdentifier by registered OID name -1907 * @name name2obj -1908 * @memberOf KJUR.asn1.x509.OID -1909 * @function -1910 * @param {String} name OID -1911 * @description -1912 * @example -1913 * var asn1ObjOID = OID.name2obj('SHA1withRSA'); -1914 */ -1915 this.name2obj = function(name) { -1916 if (typeof this.objCache[name] != "undefined") -1917 return this.objCache[name]; -1918 if (typeof this.name2oidList[name] == "undefined") -1919 throw "Name of ObjectIdentifier not defined: " + name; -1920 var oid = this.name2oidList[name]; -1921 var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid}); -1922 this.objCache[name] = obj; -1923 return obj; -1924 }; -1925 -1926 /** -1927 * get DERObjectIdentifier by registered attribyte type name such like 'C' or 'CN' -1928 * @name atype2obj -1929 * @memberOf KJUR.asn1.x509.OID -1930 * @function -1931 * @param {String} atype short attribute type name such like 'C' or 'CN' -1932 * @description -1933 * @example -1934 * var asn1ObjOID = OID.atype2obj('CN'); -1935 */ -1936 this.atype2obj = function(atype) { -1937 if (typeof this.objCache[atype] != "undefined") -1938 return this.objCache[atype]; -1939 if (typeof this.atype2oidList[atype] == "undefined") -1940 throw "AttributeType name undefined: " + atype; -1941 var oid = this.atype2oidList[atype]; -1942 var obj = new KJUR.asn1.DERObjectIdentifier({'oid': oid}); -1943 this.objCache[atype] = obj; -1944 return obj; -1945 }; -1946 }; -1947 -1948 /* -1949 * convert OID to name -1950 * @name oid2name -1951 * @memberOf KJUR.asn1.x509.OID -1952 * @function -1953 * @param {String} dot noted Object Identifer string (ex. 1.2.3.4) -1954 * @return {String} OID name -1955 * @description -1956 * This static method converts OID string to its name. -1957 * If OID is undefined then it returns empty string (i.e. ''). -1958 * @example -1959 * name = KJUR.asn1.x509.OID.oid2name("1.3.6.1.5.5.7.1.1"); -1960 * // name will be 'authorityInfoAccess'. -1961 * @since asn1x509 1.0.9 -1962 */ -1963 KJUR.asn1.x509.OID.oid2name = function(oid) { -1964 var list = KJUR.asn1.x509.OID.name2oidList; -1965 for (var name in list) { -1966 if (list[name] == oid) return name; -1967 } -1968 return ''; -1969 }; -1970 -1971 /* -1972 * convert name to OID -1973 * @name name2oid -1974 * @memberOf KJUR.asn1.x509.OID -1975 * @function -1976 * @param {String} OID name -1977 * @return {String} dot noted Object Identifer string (ex. 1.2.3.4) -1978 * @description -1979 * This static method converts from OID name to OID string. -1980 * If OID is undefined then it returns empty string (i.e. ''). -1981 * @example -1982 * name = KJUR.asn1.x509.OID.name2oid("authorityInfoAccess"); -1983 * // name will be '1.3.6.1.5.5.7.1.1'. -1984 * @since asn1x509 1.0.11 -1985 */ -1986 KJUR.asn1.x509.OID.name2oid = function(name) { -1987 var list = KJUR.asn1.x509.OID.name2oidList; -1988 if (list[name] === undefined) return ''; -1989 return list[name]; -1990 }; -1991 -1992 /** -1993 * X.509 certificate and CRL utilities class -1994 * @name KJUR.asn1.x509.X509Util -1995 * @class X.509 certificate and CRL utilities class -1996 */ -1997 KJUR.asn1.x509.X509Util = new function() { -1998 /** -1999 * get PKCS#8 PEM public key string from RSAKey object -2000 * @name getPKCS8PubKeyPEMfromRSAKey -2001 * @memberOf KJUR.asn1.x509.X509Util -2002 * @function -2003 * @param {RSAKey} rsaKey RSA public key of {@link RSAKey} object -2004 * @description -2005 * @example -2006 * var pem = KJUR.asn1.x509.X509Util.getPKCS8PubKeyPEMfromRSAKey(pubKey); -2007 */ -2008 this.getPKCS8PubKeyPEMfromRSAKey = function(rsaKey) { -2009 var pem = null; -2010 var hN = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(rsaKey.n); -2011 var hE = KJUR.asn1.ASN1Util.integerToByteHex(rsaKey.e); -2012 var iN = new KJUR.asn1.DERInteger({hex: hN}); -2013 var iE = new KJUR.asn1.DERInteger({hex: hE}); -2014 var asn1PubKey = new KJUR.asn1.DERSequence({array: [iN, iE]}); -2015 var hPubKey = asn1PubKey.getEncodedHex(); -2016 var o1 = new KJUR.asn1.x509.AlgorithmIdentifier({name: 'rsaEncryption'}); -2017 var o2 = new KJUR.asn1.DERBitString({hex: '00' + hPubKey}); -2018 var seq = new KJUR.asn1.DERSequence({array: [o1, o2]}); -2019 var hP8 = seq.getEncodedHex(); -2020 var pem = KJUR.asn1.ASN1Util.getPEMStringFromHex(hP8, "PUBLIC KEY"); -2021 return pem; -2022 }; -2023 }; -2024 /** -2025 * issue a certificate in PEM format -2026 * @name newCertPEM -2027 * @memberOf KJUR.asn1.x509.X509Util -2028 * @function -2029 * @param {Array} param parameter to issue a certificate -2030 * @since asn1x509 1.0.6 -2031 * @description -2032 * This method can issue a certificate by a simple -2033 * JSON object. -2034 * Signature value will be provided by signing with -2035 * private key using 'cakey' parameter or -2036 * hexa decimal signature value by 'sighex' parameter. -2037 * -2038 * NOTE: When using DSA or ECDSA CA signing key, -2039 * use 'paramempty' in 'sigalg' to ommit parameter field -2040 * of AlgorithmIdentifer. In case of RSA, parameter -2041 * NULL will be specified by default. -2042 * -2043 * @example -2044 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM( -2045 * { serial: {int: 4}, -2046 * sigalg: {name: 'SHA1withECDSA', paramempty: true}, -2047 * issuer: {str: '/C=US/O=a'}, -2048 * notbefore: {'str': '130504235959Z'}, -2049 * notafter: {'str': '140504235959Z'}, -2050 * subject: {str: '/C=US/O=b'}, -2051 * sbjpubkey: pubKeyPEM, -2052 * ext: [ -2053 * {basicConstraints: {cA: true, critical: true}}, -2054 * {keyUsage: {bin: '11'}}, -2055 * ], -2056 * cakey: [prvkey, pass]} -2057 * ); -2058 * // -- or -- -2059 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM( -2060 * { serial: {int: 1}, -2061 * sigalg: {name: 'SHA1withRSA', paramempty: true}, -2062 * issuer: {str: '/C=US/O=T1'}, -2063 * notbefore: {'str': '130504235959Z'}, -2064 * notafter: {'str': '140504235959Z'}, -2065 * subject: {str: '/C=US/O=T1'}, -2066 * sbjpubkey: pubKeyObj, -2067 * sighex: '0102030405..'} -2068 * ); -2069 * // for the issuer and subject field, another -2070 * // representation is also available -2071 * var certPEM = KJUR.asn1.x509.X509Util.newCertPEM( -2072 * { serial: {int: 1}, -2073 * sigalg: {name: 'SHA1withRSA', paramempty: true}, -2074 * issuer: {C: "US", O: "T1"}, -2075 * notbefore: {'str': '130504235959Z'}, -2076 * notafter: {'str': '140504235959Z'}, -2077 * subject: {C: "US", O: "T1", CN: "http://example.com/"}, -2078 * sbjpubkey: pubKeyObj, -2079 * sighex: '0102030405..'} -2080 * ); -2081 */ -2082 KJUR.asn1.x509.X509Util.newCertPEM = function(param) { -2083 var ns1 = KJUR.asn1.x509; -2084 var o = new ns1.TBSCertificate(); -2085 -2086 if (param.serial !== undefined) -2087 o.setSerialNumberByParam(param.serial); -2088 else -2089 throw "serial number undefined."; -2090 -2091 if (typeof param.sigalg.name == 'string') -2092 o.setSignatureAlgByParam(param.sigalg); -2093 else -2094 throw "unproper signature algorithm name"; -2095 -2096 if (param.issuer !== undefined) -2097 o.setIssuerByParam(param.issuer); -2098 else -2099 throw "issuer name undefined."; -2100 -2101 if (param.notbefore !== undefined) -2102 o.setNotBeforeByParam(param.notbefore); -2103 else -2104 throw "notbefore undefined."; -2105 -2106 if (param.notafter !== undefined) -2107 o.setNotAfterByParam(param.notafter); -2108 else -2109 throw "notafter undefined."; -2110 -2111 if (param.subject !== undefined) -2112 o.setSubjectByParam(param.subject); -2113 else -2114 throw "subject name undefined."; -2115 -2116 if (param.sbjpubkey !== undefined) -2117 o.setSubjectPublicKeyByGetKey(param.sbjpubkey); -2118 else -2119 throw "subject public key undefined."; -2120 -2121 if (param.ext !== undefined && param.ext.length !== undefined) { -2122 for (var i = 0; i < param.ext.length; i++) { -2123 for (key in param.ext[i]) { -2124 o.appendExtensionByName(key, param.ext[i][key]); -2125 } -2126 } -2127 } -2128 -2129 // set signature -2130 if (param.cakey === undefined && param.sighex === undefined) -2131 throw "param cakey and sighex undefined."; -2132 -2133 var caKey = null; -2134 var cert = null; -2135 -2136 if (param.cakey) { -2137 caKey = KEYUTIL.getKey.apply(null, param.cakey); -2138 cert = new ns1.Certificate({'tbscertobj': o, 'prvkeyobj': caKey}); -2139 cert.sign(); -2140 } -2141 -2142 if (param.sighex) { -2143 cert = new ns1.Certificate({'tbscertobj': o}); -2144 cert.setSignatureHex(param.sighex); -2145 } -2146 -2147 return cert.getPEMString(); -2148 }; -2149 -2150 /* -2151 org.bouncycastle.asn1.x500 -2152 AttributeTypeAndValue -2153 DirectoryString -2154 RDN -2155 X500Name -2156 X500NameBuilder -2157 -2158 org.bouncycastleasn1.x509 -2159 TBSCertificate -2160 */ -2161