1 /* asn1cades-2.0.2.js (c) 2014-2022 Kenji Urushima | kjur.github.io/jsrsasign/license 2 */ 3 /* 4 * asn1cades.js - ASN.1 DER encoder classes for RFC 5126 CAdES long term signature 5 * 6 * Copyright (c) 2014-2022 Kenji Urushima (kenji.urushima@gmail.com) 7 * 8 * This software is licensed under the terms of the MIT License. 9 * https://kjur.github.io/jsrsasign/license 10 * 11 * The above copyright and license notice shall be 12 * included in all copies or substantial portions of the Software. 13 */ 14 15 /** 16 * @fileOverview 17 * @name asn1cades-1.0.js 18 * @author Kenji Urushima kenji.urushima@gmail.com 19 * @version jsrsasign 10.5.16 asn1cades 2.0.2 (2022-Apr-08) 20 * @since jsrsasign 4.7.0 21 * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a> 22 */ 23 24 /** 25 * kjur's class library name space 26 * // already documented in asn1-1.0.js 27 * @name KJUR 28 * @namespace kjur's class library name space 29 */ 30 if (typeof KJUR == "undefined" || !KJUR) KJUR = {}; 31 32 /** 33 * kjur's ASN.1 class library name space 34 * // already documented in asn1-1.0.js 35 * @name KJUR.asn1 36 * @namespace 37 */ 38 if (typeof KJUR.asn1 == "undefined" || !KJUR.asn1) KJUR.asn1 = {}; 39 40 /** 41 * kjur's ASN.1 class for RFC 5126 CAdES long term signature 42 * <p> 43 * This name space provides 44 * <a href="https://tools.ietf.org/html/rfc5126">RFC 5126 45 * CAdES(CMS Advanced Electronic Signature)</a> generator. 46 * 47 * <h4>SUPPORTED FORMATS</h4> 48 * Following CAdES formats is supported by this library. 49 * <ul> 50 * <li>CAdES-BES - CAdES Basic Electronic Signature</li> 51 * <li>CAdES-EPES - CAdES Explicit Policy-based Electronic Signature</li> 52 * <li>CAdES-T - Electronic Signature with Time</li> 53 * </ul> 54 * </p> 55 * 56 * <h4>PROVIDED ATTRIBUTE CLASSES</h4> 57 * <ul> 58 * <li>{@link KJUR.asn1.cades.SignaturePolicyIdentifier} - for CAdES-EPES 59 * <ul> 60 * <li>{@link KJUR.asn1.cades.SignaturePolicyId}</li> 61 * </ul> 62 * </li> 63 * <li>{@link KJUR.asn1.cades.SignatureTimeStamp} - for CAdES-T</li> 64 * <li>{@link KJUR.asn1.cades.CompleteCertificateRefs} - for CAdES-C(for future use) 65 * <ul> 66 * <li>{@link KJUR.asn1.cades.OtherCertID}</li> 67 * <li>{@link KJUR.asn1.cades.OtherHash}</li> 68 * <li>{@link KJUR.asn1.cades.OtherHashAlgAndValue}</li> 69 * <li>{@link KJUR.asn1.cades.OtherHashValue}</li> 70 * </ul> 71 * </li> 72 * </ul> 73 * NOTE: Currntly CAdES-C is not supported since parser can't 74 * handle unsigned attribute. 75 * 76 * <h4>OTHER CLASSES</h4> 77 * <ul> 78 * <li>{@link KJUR.asn1.cades.CAdESUtil} - utilities for CAdES</li> 79 * </ul> 80 * 81 * <h4>GENERATE CAdES-BES</h4> 82 * To generate CAdES-BES, {@link KJUR.asn.cades} namespace 83 * classes are not required and already {@link KJUR.asn.cms} namespace 84 * provides attributes for CAdES-BES. 85 * Create {@link KJUR.asn1.cms.SignedData} with following 86 * mandatory attribute in CAdES-BES: 87 * <ul> 88 * <li>{@link KJUR.asn1.cms.ContentType}</li> 89 * <li>{@link KJUR.asn1.cms.MessageDigest}</li> 90 * <li>{@link KJUR.asn1.cms.SigningCertificate} or </li> 91 * <li>{@link KJUR.asn1.cms.SigningCertificateV2}</li> 92 * </ul> 93 * CMSUtil.newSignedData method is very useful to generate CAdES-BES. 94 * <pre> 95 * sd = KJUR.asn1.cms.CMSUtil.newSignedData({ 96 * content: {str: "aaa"}, 97 * certs: [certPEM], 98 * signerInfos: [{ 99 * hashAlg: 'sha256', 100 * sAttr: {SigningCertificateV2: {array: [certPEM]}}, 101 * signerCert: certPEM, 102 * sigAlg: 'SHA256withRSA', 103 * signerPrvKey: pkcs8PrvKeyPEM 104 * }] 105 * }); 106 * signedDataHex = sd.getContentInfoEncodedHex(); 107 * </pre> 108 * NOTE: ContentType and MessageDigest signed attributes 109 * are automatically added by default. 110 * 111 * <h4>GENERATE CAdES-BES with multiple signers</h4> 112 * If you need signature by multiple signers, you can 113 * specify one or more items in 'signerInfos' property as below. 114 * <pre> 115 * sd = KJUR.asn1.cms.CMSUtil.newSignedData({ 116 * content: {str: "aaa"}, 117 * certs: [certPEM1, certPEM2], 118 * signerInfos: [{ 119 * hashAlg: 'sha256', 120 * sAttr: {SigningCertificateV2: {array: [certPEM1]}}, 121 * signerCert: certPEM1, 122 * sigAlg: 'SHA256withRSA', 123 * signerPrvKey: pkcs8PrvKeyPEM1 124 * },{ 125 * hashAlg: 'sha1', 126 * sAttr: {SigningCertificateV2: {array: [certPEM2]}}, 127 * signerCert: certPEM2, 128 * sigAlg: 'SHA1withRSA', 129 * signerPrvKey: pkcs8PrvKeyPEM2 130 * }] 131 * }); 132 * signedDataHex = sd.getContentInfoEncodedHex(); 133 * </pre> 134 * 135 * <h4>GENERATE CAdES-EPES</h4> 136 * When you need a CAdES-EPES signature, 137 * you just need to add 'SignaturePolicyIdentifier' 138 * attribute as below. 139 * <pre> 140 * sd = KJUR.asn1.cms.CMSUtil.newSignedData({ 141 * content: {str: "aaa"}, 142 * certs: [certPEM], 143 * signerInfos: [{ 144 * hashAlg: 'sha256', 145 * sAttr: { 146 * SigningCertificateV2: {array: [certPEM]}, 147 * SignaturePolicyIdentifier: { 148 * oid: '1.2.3.4.5', 149 * hash: {alg: 'sha1', hash: 'b1b2b3b4b...'} 150 * }, 151 * }, 152 * signerCert: certPEM, 153 * sigAlg: 'SHA256withRSA', 154 * signerPrvKey: pkcs8PrvKeyPEM 155 * }] 156 * }); 157 * signedDataHex = sd.getContentInfoEncodedHex(); 158 * </pre> 159 * 160 * <h4>GENERATE CAdES-T</h4> 161 * After a signed CAdES-BES or CAdES-EPES signature have been generated, 162 * you can generate CAdES-T by adding SigningTimeStamp unsigned attribute. 163 * <pre> 164 * beshex = "30..."; // hex of CAdES-BES or EPES data 165 * info = KJUR.asn1.cades.CAdESUtil.parseSignedDataForAddingUnsigned(beshex); 166 * // You can refer a hexadecimal string of signature value 167 * // in the first signerInfo in the CAdES-BES/EPES with a variable: 168 * // 'info.si[0].sigval'. You need to get RFC 3161 TimeStampToken 169 * // from a trusted time stamp authority. Otherwise you can also 170 * // get it by 'KJUR.asn1.tsp' module. We suppose that we could 171 * // get proper time stamp. 172 * tsthex0 = "30..."; // hex of TimeStampToken for signerInfo[0] sigval 173 * si0 = info.obj.signerInfoList[0]; 174 * si0.addUnsigned(new KJUR.asn1.cades.SignatureTimeStamp({tst: tsthex0}); 175 * esthex = info.obj.getContentInfoEncodedHex(); // CAdES-T 176 * </pre> 177 * </p> 178 * 179 * <h4>SAMPLE CODES</h4> 180 * <ul> 181 * <li><a href="../../tool_cades.html">demo program for CAdES-BES/EPES/T generation</a></li> 182 * <li><a href="../../test/qunit-do-asn1cades.html">Unit test code for KJUR.asn1.cades package</a></li> 183 * <li><a href="../../test/qunit-do-asn1tsp.html">Unit test code for KJUR.asn1.tsp package (See SimpleTSAAdaptor test)</a></li> 184 * <li><a href="../../test/qunit-do-asn1cms.html">Unit test code for KJUR.asn1.cms package (See newSignedData test)</a></li> 185 * </ul> 186 * 187 * @name KJUR.asn1.cades 188 * @namespace 189 */ 190 if (typeof KJUR.asn1.cades == "undefined" || !KJUR.asn1.cades) KJUR.asn1.cades = {}; 191 192 /** 193 * class for RFC 5126 CAdES SignaturePolicyIdentifier attribute 194 * @name KJUR.asn1.cades.SignaturePolicyIdentifier 195 * @class class for RFC 5126 CAdES SignaturePolicyIdentifier attribute 196 * @param {Array} params associative array of parameters 197 * @extends KJUR.asn1.cms.Attribute 198 * @since jsrsasign 4.7.0 asn1cades 1.0.0 199 * @see KJUR.asn1.cms.AttributeList 200 * @see KJUR.asn1.cms.CMSParser#setSignaturePolicyIdentifier 201 * @see KJUR.asn1.cades.SignaturePolicyId 202 * @see KJUR.asn1.cades.OtherHashAlgAndValue 203 * 204 * @description 205 * This class provides ASN.1 encoder for 206 * <a href="https://tools.ietf.org/html/rfc5126#section-5.8.1"> 207 * SignaturePolicyIdentifier defined in RFC 5126 CAdES section 5.8.1</a>. 208 * <pre> 209 * SignaturePolicyIdentifier ::= CHOICE { 210 * signaturePolicyId SignaturePolicyId, 211 * signaturePolicyImplied SignaturePolicyImplied } -- not used 212 * 213 * SignaturePolicyImplied ::= NULL 214 * SignaturePolicyId ::= SEQUENCE { 215 * sigPolicyId SigPolicyId, 216 * sigPolicyHash SigPolicyHash, 217 * sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF 218 * SigPolicyQualifierInfo OPTIONAL } 219 * SigPolicyId ::= OBJECT IDENTIFIER 220 * SigPolicyHash ::= OtherHashAlgAndValue 221 * </pre> 222 * 223 * @example 224 * new KJUR.asn1.cades.SignaturePolicyIdentifier({ 225 * attr: "signaturePolicyIdentifier", 226 * oid: '1.2.3.4.5', 227 * alg: 'sha1', 228 * hash: 'a1a2a3a4...' 229 * }) 230 */ 231 KJUR.asn1.cades.SignaturePolicyIdentifier = function(params) { 232 var _KJUR = KJUR, 233 _KJUR_asn1 = _KJUR.asn1, 234 _KJUR_asn1_cades = _KJUR_asn1.cades, 235 _SignaturePolicyId = _KJUR_asn1_cades.SignaturePolicyId; 236 237 _KJUR_asn1_cades.SignaturePolicyIdentifier.superclass.constructor.call(this); 238 239 this.typeOid = "1.2.840.113549.1.9.16.2.15"; 240 241 this.params = null; 242 243 this.getValueArray = function() { 244 return [new _SignaturePolicyId(this.params)]; 245 }; 246 247 this.setByParam = function(params) { 248 this.params = params; 249 }; 250 251 if (params != undefined) this.setByParam(params); 252 }; 253 extendClass(KJUR.asn1.cades.SignaturePolicyIdentifier, 254 KJUR.asn1.cms.Attribute); 255 256 /** 257 * RFC 5126 CAdES SignaturePolicyId ASN.1 structure class<br/> 258 * @name KJUR.asn1.cades.SignaturePolicyId 259 * @class RFC 5126 CAdES SignaturePolicyId ASN.1 structure class 260 * @param {Array} params JSON object of parameters 261 * @extends KJUR.asn1.ASN1Object 262 * @since jsrsasign 10.0.0 asn1cades 2.0.0 263 * @see KJUR.asn1.cades.SignaturePolicyIdentifier 264 * @see KJUR.asn1.cades.OtherHashAlgAndValue 265 * 266 * @description 267 * This class provides ASN.1 encoder for 268 * <a href="https://tools.ietf.org/html/rfc5126#section-5.8.1"> 269 * SignaturePolicyId defined in RFC 5126 CAdES section 5.8.1</a>. 270 * <pre> 271 * SignaturePolicyId ::= SEQUENCE { 272 * sigPolicyId SigPolicyId, 273 * sigPolicyHash SigPolicyHash, 274 * sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF 275 * SigPolicyQualifierInfo OPTIONAL } 276 * SigPolicyId ::= OBJECT IDENTIFIER 277 * SigPolicyHash ::= OtherHashAlgAndValue 278 * OtherHashAlgAndValue ::= SEQUENCE { 279 * hashAlgorithm AlgorithmIdentifier, 280 * hashValue OtherHashValue } 281 * OtherHashValue ::= OCTET STRING 282 * </pre> 283 * Following properties can be apply to constructor arguments 284 * adding to {@link KJUR.asn1.cades.OtherHashAlgAndValue} constructor: 285 * <ul> 286 * <li>{String} oid - signature policy OID string or name (ex. 1.2.3.4)</li> 287 * </ul> 288 * 289 * @example 290 * new KJUR.asn1.cades.SignaturePolicyId({ 291 * oid: "1.2.3.4.5", 292 * alg: "sha256", 293 * hash: "1234abcd..." 294 * }); 295 */ 296 KJUR.asn1.cades.SignaturePolicyId = function(params) { 297 var _KJUR = KJUR, 298 _KJUR_asn1 = _KJUR.asn1, 299 _DERSequence = _KJUR_asn1.DERSequence, 300 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 301 _KJUR_asn1_x509 = _KJUR_asn1.x509, 302 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 303 _KJUR_asn1_cades = _KJUR_asn1.cades, 304 _SignaturePolicyId = _KJUR_asn1_cades.SignaturePolicyId, 305 _OtherHashAlgAndValue = _KJUR_asn1_cades.OtherHashAlgAndValue; 306 307 _SignaturePolicyId.superclass.constructor.call(this); 308 309 this.params = null; 310 311 this.tohex = function() { 312 var params = this.params; 313 314 var a = []; 315 a.push(new _DERObjectIdentifier(params.oid)); 316 a.push(new _OtherHashAlgAndValue(params)); 317 var seq = new _DERSequence({array: a}); 318 return seq.tohex(); 319 }; 320 this.getEncodedHex = function() { return this.tohex(); }; 321 322 this.setByParam = function(params) { 323 this.params = params; 324 }; 325 326 if (params != undefined) this.setByParam(params); 327 }; 328 extendClass(KJUR.asn1.cades.SignaturePolicyId, KJUR.asn1.ASN1Object); 329 330 /** 331 * class for OtherHashAlgAndValue ASN.1 object<br/> 332 * @name KJUR.asn1.cades.OtherHashAlgAndValue 333 * @class class for OtherHashAlgAndValue ASN.1 object 334 * @param {Array} params associative array of parameters 335 * @extends KJUR.asn1.ASN1Object 336 * @since jsrsasign 4.7.0 asn1cades 1.0.0 337 * 338 * @description 339 * This class provides ASN.1 encoder for 340 * <a href="https://tools.ietf.org/html/rfc5126#section-5.8.1"> 341 * OtherHashAlgAndValue defined in RFC 5126 CAdES section 5.8.1</a>. 342 * <pre> 343 * OtherHashAlgAndValue ::= SEQUENCE { 344 * hashAlgorithm AlgorithmIdentifier, 345 * hashValue OtherHashValue } 346 * OtherHashValue ::= OCTET STRING 347 * </pre> 348 * Following properties can be apply to constructor arguments: 349 * <ul> 350 * <li>{String} alg - hash algorithm name for "hashAlgorithm" field</li> 351 * <li>{String} hash - hexadecimal string for "hashValue" field</li> 352 * </ul> 353 * 354 * @example 355 * // specify by hash 356 * new KJUR.asn1.cades.OtherHashAlgAndValue({ 357 * alg: "sha256", 358 * hash: "12abcd..." 359 * }) 360 * 361 * // or specify by cert PEM or hex 362 * new KJUR.asn1.cades.OtherHashAlgAndValue({ 363 * alg: "sha256", 364 * cert: "-----BEGIN..." 365 * }) 366 * new KJUR.asn1.cades.OtherHashAlgAndValue({ 367 * alg: "sha256", 368 * cert: "3082..." 369 * }) 370 */ 371 KJUR.asn1.cades.OtherHashAlgAndValue = function(params) { 372 var _Error = Error, 373 _KJUR = KJUR, 374 _KJUR_asn1 = _KJUR.asn1, 375 _DERSequence = _KJUR_asn1.DERSequence, 376 _DEROctetString = _KJUR_asn1.DEROctetString, 377 _KJUR_asn1_x509 = _KJUR_asn1.x509, 378 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 379 _KJUR_asn1_cades = _KJUR_asn1.cades, 380 _OtherHashAlgAndValue = _KJUR_asn1_cades.OtherHashAlgAndValue; 381 382 _OtherHashAlgAndValue.superclass.constructor.call(this); 383 384 this.params = null; 385 386 this.tohex = function() { 387 var params = this.params; 388 389 if (params.alg == undefined) 390 throw new _Error("property 'alg' not specified"); 391 392 if (params.hash == undefined && params.cert == undefined) 393 throw new _Error("property 'hash' nor 'cert' not specified"); 394 395 var hHash = null; 396 if (params.hash != undefined) { 397 hHash = params.hash; 398 } else if (params.cert != undefined) { 399 if (typeof params.cert != "string") 400 throw new _Error("cert not string"); 401 402 var hCert = params.cert; 403 if (params.cert.indexOf("-----BEGIN") != -1) { 404 hCert = pemtohex(params.cert); 405 } 406 hHash = KJUR.crypto.Util.hashHex(hCert, params.alg); 407 } 408 409 var a = []; 410 a.push(new _AlgorithmIdentifier({name: params.alg})); 411 a.push(new _DEROctetString({hex: hHash})); 412 var seq = new _DERSequence({array: a}); 413 return seq.tohex(); 414 }; 415 this.getEncodedHex = function() { return this.tohex(); }; 416 417 if (params != undefined) this.setByParam(params); 418 }; 419 extendClass(KJUR.asn1.cades.OtherHashAlgAndValue, KJUR.asn1.ASN1Object); 420 421 /** 422 * class for OtherHashValue ASN.1 object<br/> 423 * @name KJUR.asn1.cades.OtherHashValue 424 * @class class for OtherHashValue ASN.1 object 425 * @param {Array} params JSON object of parameters 426 * @extends KJUR.asn1.ASN1Object 427 * @since jsrsasign 10.0.0 asn1cades 2.0.0 428 * 429 * This class provides ASN.1 encoder for 430 * <a href="https://tools.ietf.org/html/rfc5126#section-5.8.1"> 431 * OtherHashAlgAndValue defined in RFC 5126 CAdES section 5.8.1</a>. 432 * <pre> 433 * OtherHashValue ::= OCTET STRING 434 * </pre> 435 * 436 * @example 437 * new KJUR.asn1.cades.OtherHashValue({hash: "12ab..."}) 438 * new KJUR.asn1.cades.OtherHashValue({cert: "-----BEGIN..."}) 439 * new KJUR.asn1.cades.OtherHashValue({cert: "3081..."}) 440 */ 441 KJUR.asn1.cades.OtherHashValue = function(params) { 442 KJUR.asn1.cades.OtherHashValue.superclass.constructor.call(this); 443 444 var _Error = Error, 445 _KJUR = KJUR, 446 _isHex = _KJUR.lang.String.isHex, 447 _KJUR_asn1 = _KJUR.asn1, 448 _DEROctetString = _KJUR_asn1.DEROctetString, 449 _hashHex = _KJUR.crypto.Util.hashHex; 450 451 this.params = null; 452 453 this.tohex = function() { 454 var params = this.params; 455 456 if (params.hash == undefined && params.cert == undefined) { 457 throw new _Error("hash or cert not specified"); 458 } 459 460 var hHash = null; 461 if (params.hash != undefined) { 462 hHash = params.hash; 463 } else if (params.cert != undefined) { 464 if (typeof params.cert != "string") { 465 throw new _Error("cert not string"); 466 } 467 var hCert = params.cert; 468 if (params.cert.indexOf("-----BEGIN") != -1) { 469 hCert = pemtohex(params.cert); 470 } 471 hHash = KJUR.crypto.Util.hashHex(hCert, "sha1"); 472 } 473 return (new _DEROctetString({hex: hHash})).tohex(); 474 }; 475 this.getEncodedHex = function() { return this.tohex(); }; 476 477 if (params != undefined) this.setByParam(params); 478 }; 479 extendClass(KJUR.asn1.cades.OtherHashValue, KJUR.asn1.ASN1Object); 480 481 /** 482 * class for RFC 5126 CAdES SignatureTimeStamp attribute<br/> 483 * @name KJUR.asn1.cades.SignatureTimeStamp 484 * @class class for RFC 5126 CAdES SignatureTimeStamp attribute 485 * @param {Array} params associative array of parameters 486 * @extends KJUR.asn1.cms.Attribute 487 * @since jsrsasign 4.7.0 asn1cades 1.0.0 488 * @description 489 * <pre> 490 * id-aa-signatureTimeStampToken OBJECT IDENTIFIER ::= 491 * 1.2.840.113549.1.9.16.2.14 492 * SignatureTimeStampToken ::= TimeStampToken 493 * </pre> 494 * 495 * @example 496 * // by TimeStampToken hex 497 * new KJUR.asn1.cades.SignatureTimeStamp({ 498 * attr: "timeStampToken", 499 * tst: "3082..."}) 500 * 501 * // by TimeStampToken or ASN1Object 502 * new KJUR.asn1.cades.SignatureTimeStamp({ 503 * attr: "timeStampToken", 504 * tst: new TimeStampToken(...)}) 505 * 506 * // by TimeStampResponse hex 507 * new KJUR.asn1.cades.SignatureTimeStamp({ 508 * attr: "timeStampToken", 509 * res: "3082..."}) 510 * 511 * // by TimeStampToken or ASN1Object 512 * new KJUR.asn1.cades.SignatureTimeStamp({ 513 * attr: "timeStampToken", 514 * res: new TimeStampResponse(...)}) 515 */ 516 KJUR.asn1.cades.SignatureTimeStamp = function(params) { 517 var _Error = Error, 518 _KJUR = KJUR, 519 _isHex = _KJUR.lang.String.isHex, 520 _KJUR_asn1 = _KJUR.asn1, 521 _ASN1Object = _KJUR_asn1.ASN1Object, 522 _KJUR_asn1_x509 = _KJUR_asn1.x509, 523 _KJUR_asn1_cades = _KJUR_asn1.cades; 524 525 _KJUR_asn1_cades.SignatureTimeStamp.superclass.constructor.call(this); 526 this.typeOid = "1.2.840.113549.1.9.16.2.14"; 527 this.params = null; 528 529 this.getValueArray = function() { 530 var params = this.params; 531 532 if (params.tst != undefined) { 533 if (_isHex(params.tst)) { 534 var dTST = new _ASN1Object(); 535 dTST.hTLV = params.tst; 536 return [dTST]; 537 } else if (params.tst instanceof _ASN1Object) { 538 return [params.tst]; 539 } else { 540 throw new _Error("params.tst has wrong value"); 541 } 542 } else if (params.res != undefined) { 543 var hRes = params.res; 544 if (hRes instanceof _ASN1Object) { 545 hRes = hRes.tohex(); 546 } 547 if (typeof hRes != "string" || (! _isHex(hRes))) { 548 throw new _Error("params.res has wrong value"); 549 } 550 var hTST = ASN1HEX.getTLVbyList(hRes, 0, [1]); 551 var dTST = new _ASN1Object(); 552 dTST.hTLV = params.tst; 553 return [dTST]; 554 } 555 }; 556 557 if (params != null) this.setByParam(params); 558 }; 559 extendClass(KJUR.asn1.cades.SignatureTimeStamp, 560 KJUR.asn1.cms.Attribute); 561 562 /** 563 * class for RFC 5126 CAdES CompleteCertificateRefs attribute<br/> 564 * @name KJUR.asn1.cades.CompleteCertificateRefs 565 * @class class for RFC 5126 CAdES CompleteCertificateRefs attribute 566 * @param {Array} params associative array of parameters 567 * @extends KJUR.asn1.cms.Attribute 568 * @since jsrsasign 4.7.0 asn1cades 1.0.0 569 * 570 * @description 571 * <pre> 572 * id-aa-ets-certificateRefs OBJECT IDENTIFIER = 573 * 1.2.840.113549.1.9.16.2.21 574 * CompleteCertificateRefs ::= SEQUENCE OF OtherCertID 575 * OtherCertID ::= SEQUENCE { 576 * otherCertHash OtherHash, 577 * issuerSerial IssuerSerial OPTIONAL } 578 * OtherHash ::= CHOICE { 579 * sha1Hash OtherHashValue, -- This contains a SHA-1 hash 580 * otherHash OtherHashAlgAndValue} 581 * OtherHashAlgAndValue ::= SEQUENCE { 582 * hashAlgorithm AlgorithmIdentifier, 583 * hashValue OtherHashValue } 584 * OtherHashValue ::= OCTET STRING 585 * </pre> 586 * 587 * @example 588 * o = new KJUR.asn1.cades.CompleteCertificateRefs({ 589 * array: [certPEM1,certPEM2], 590 * otherhash: true // OPTION 591 * }); 592 */ 593 KJUR.asn1.cades.CompleteCertificateRefs = function(params) { 594 var _Error = Error, 595 _KJUR = KJUR, 596 _KJUR_asn1 = _KJUR.asn1, 597 _DERSequence = _KJUR_asn1.DERSequence, 598 _KJUR_asn1_cades = _KJUR_asn1.cades, 599 _OtherCertID = _KJUR_asn1_cades.OtherCertID, 600 _isHex = _KJUR.lang.String.isHex; 601 602 _KJUR_asn1_cades.CompleteCertificateRefs.superclass.constructor.call(this); 603 this.typeOid = "1.2.840.113549.1.9.16.2.21"; 604 605 this.params = null; 606 607 this.getValueArray = function() { 608 var params = this.params; 609 var a = []; 610 611 for (var i = 0; i < params.array.length; i++) { 612 var pOtherCertID = params.array[i]; 613 614 if (typeof pOtherCertID == "string") { 615 if (pOtherCertID.indexOf("-----BEGIN") != -1) { 616 pOtherCertID = {cert: pOtherCertID}; 617 } else if (_isHex(pOtherCertID)) { 618 pOtherCertID = {hash: pOtherCertID}; 619 } else { 620 throw new _Error("unsupported value: " + pOtherCertID); 621 } 622 } 623 624 if (params.alg != undefined && pOtherCertID.alg == undefined) 625 pOtherCertID.alg = params.alg; 626 627 if (params.hasis != undefined && pOtherCertID.hasis == undefined) 628 pOtherCertID.hasis = params.hasis; 629 630 var dOtherCertID = new _OtherCertID(pOtherCertID); 631 a.push(dOtherCertID); 632 } 633 634 var seq = new _DERSequence({array: a}); 635 return [seq]; 636 }; 637 638 if (params != undefined) this.setByParam(params); 639 }; 640 extendClass(KJUR.asn1.cades.CompleteCertificateRefs, 641 KJUR.asn1.cms.Attribute); 642 643 /** 644 * class for OtherCertID ASN.1 object 645 * @name KJUR.asn1.cades.OtherCertID 646 * @class class for OtherCertID ASN.1 object 647 * @param {Array} params associative array of parameters 648 * @extends KJUR.asn1.ASN1Object 649 * @since jsrsasign 4.7.0 asn1cades 1.0.0 650 * @see KJUR.asn1.cms.IssuerSerial 651 * @see KJUR.asn1.cms.ESSCertID 652 * @see KJUR.asn1.cms.ESSCertIDv2 653 * 654 * @description 655 * <pre> 656 * OtherCertID ::= SEQUENCE { 657 * otherCertHash OtherHash, 658 * issuerSerial IssuerSerial OPTIONAL } 659 * IssuerSerial ::= SEQUENCE { 660 * issuer GeneralNames, 661 * serialNumber CertificateSerialNumber } 662 * OtherHash ::= CHOICE { 663 * sha1Hash OtherHashValue, -- This contains a SHA-1 hash 664 * otherHash OtherHashAlgAndValue} 665 * OtherHashValue ::= OCTET STRING 666 * OtherHashAlgAndValue ::= SEQUENCE { 667 * hashAlgorithm AlgorithmIdentifier, 668 * hashValue OtherHashValue } 669 * </pre> 670 * 671 * @example 672 * new KJUR.asn1.cades.OtherCertID(certPEM) 673 * new KJUR.asn1.cades.OtherCertID({cert:certPEM, hasis: false}) 674 */ 675 KJUR.asn1.cades.OtherCertID = function(params) { 676 var _KJUR = KJUR, 677 _KJUR_asn1 = _KJUR.asn1, 678 _DERSequence = _KJUR_asn1.DERSequence, 679 _KJUR_asn1_cms = _KJUR_asn1.cms, 680 _IssuerSerial = _KJUR_asn1_cms.IssuerSerial, 681 _KJUR_asn1_cades = _KJUR_asn1.cades, 682 _OtherHashValue = _KJUR_asn1_cades.OtherHashValue, 683 _OtherHashAlgAndValue = _KJUR_asn1_cades.OtherHashAlgAndValue; 684 685 _KJUR_asn1_cades.OtherCertID.superclass.constructor.call(this); 686 687 this.params = params; 688 689 this.tohex = function() { 690 var params = this.params; 691 692 if (typeof params == "string") { 693 if (params.indexOf("-----BEGIN") != -1) { 694 params = {cert: params}; 695 } else if (_isHex(params)) { 696 params = {hash: params}; 697 } 698 } 699 700 var a = []; 701 702 var dOtherHash = null; 703 if (params.alg != undefined) { 704 dOtherHash = new _OtherHashAlgAndValue(params); 705 } else { 706 dOtherHash = new _OtherHashValue(params); 707 } 708 a.push(dOtherHash); 709 710 if ((params.cert != undefined && params.hasis == true) || 711 (params.issuer != undefined && params.serial != undefined)) { 712 var dIssuerSerial = new _IssuerSerial(params); 713 a.push(dIssuerSerial); 714 } 715 716 var seq = new _DERSequence({array: a}); 717 return seq.tohex(); 718 }; 719 this.getEncodedHex = function() { return this.tohex(); }; 720 721 if (params != undefined) this.setByParam(params); 722 }; 723 extendClass(KJUR.asn1.cades.OtherCertID, KJUR.asn1.ASN1Object); 724 725 /** 726 * class for OtherHash ASN.1 object<br/> 727 * @name KJUR.asn1.cades.OtherHash 728 * @class class for OtherHash ASN.1 object 729 * @param {Array} params associative array of parameters 730 * @extends KJUR.asn1.ASN1Object 731 * @since jsrsasign 4.7.0 asn1cades 1.0.0 732 * @link KJUR.asn1.cades.OtherHashAlgAndValue 733 * @link KJUR.asn1.cades.OtherHashValue 734 * 735 * @description 736 * <pre> 737 * OtherHash ::= CHOICE { 738 * sha1Hash OtherHashValue, -- This contains a SHA-1 hash 739 * otherHash OtherHashAlgAndValue} 740 * OtherHashValue ::= OCTET STRING 741 * </pre> 742 * 743 * @example 744 * // OtherHashAlgAndValue with SHA256 by PEM or Hex Cert 745 * o = new KJUR.asn1.cades.OtherHash({alg: 'sha256', cert: certPEMorHex}); 746 * // OtherHashAlgAndValue with SHA256 by hash value 747 * o = new KJUR.asn1.cades.OtherHash({alg: 'sha256', hash: '1234'}); 748 * // OtherHashValue(sha1) by PEM or Hex Cert 749 * o = new KJUR.asn1.cades.OtherHash({cert: certPEM}); 750 * // OtherHashValue(sha1) by PEM or Hex Cert 751 * o = new KJUR.asn1.cades.OtherHash(certPEMStr); 752 * // OtherHashValue(sha1) by hash value 753 * o = new KJUR.asn1.cades.OtherHash("1234"); 754 */ 755 KJUR.asn1.cades.OtherHash = function(params) { 756 var _Error = Error, 757 _KJUR = KJUR, 758 _KJUR_asn1 = _KJUR.asn1, 759 _KJUR_asn1_cms = _KJUR_asn1.cms, 760 _KJUR_asn1_cades = _KJUR_asn1.cades, 761 _OtherHashAlgAndValue = _KJUR_asn1_cades.OtherHashAlgAndValue, 762 _OtherHashValue = _KJUR_asn1_cades.OtherHashValue, 763 _hashHex = _KJUR.crypto.Util.hashHex, 764 _isHex = _KJUR.lang.String.isHex; 765 766 _KJUR_asn1_cades.OtherHash.superclass.constructor.call(this); 767 768 this.params = null; 769 770 this.tohex = function() { 771 var params = this.params; 772 773 if (typeof params == "string") { 774 if (params.indexOf("-----BEGIN") != -1) { 775 params = {cert: params}; 776 } else if (_isHex(params)) { 777 params = {hash: params}; 778 } 779 } 780 781 var dOtherHash = null; 782 if (params.alg != undefined) { 783 dOtherHash = new _OtherHashAlgAndValue(params); 784 } else { 785 dOtherHash = new _OtherHashValue(params); 786 } 787 return dOtherHash.tohex(); 788 }; 789 this.getEncodedHex = function() { return this.tohex(); }; 790 791 if (params != undefined) this.setByParam(params); 792 }; 793 extendClass(KJUR.asn1.cades.OtherHash, KJUR.asn1.ASN1Object); 794 795 796 // == BEGIN UTILITIES ===================================================== 797 798 /** 799 * CAdES utiliteis class 800 * @name KJUR.asn1.cades.CAdESUtil 801 * @class CAdES utilities class 802 * @since jsrsasign 4.7.0 asn1cades 1.0.0 803 */ 804 KJUR.asn1.cades.CAdESUtil = new function() { 805 }; 806 807 /** 808 * parse CMS SignedData to add unsigned attributes 809 * @name parseSignedDataForAddingUnsigned 810 * @memberOf KJUR.asn1.cades.CAdESUtil 811 * @function 812 * @param {String} hex hexadecimal string of ContentInfo of CMS SignedData 813 * @return {Object} associative array of parsed data 814 * @see KJUR.asn1.cms.CMSParser#getCMSSignedData 815 * @see KJUR.asn1.cms.SignedData 816 * 817 * @description 818 * This method will parse a hexadecimal string of 819 * ContentInfo with CMS SignedData to add a attribute 820 * to unsigned attributes field in a signerInfo field. 821 * 822 * @example 823 * param = KJUR.asn1.cades.CAdESUtil.parseSignedDataForAddingUnsigned(beshex); 824 * → 825 * { 826 * version: 1, 827 * hashalgs: ["sha256"], 828 * econtent: ..., 829 * sinfos: [{ 830 * version: 1 831 * id: ... 832 * hashalg: "sha256", 833 * sattrs: {array: [...]}, 834 * sigalg: "SHA256withRSA", 835 * sighex: ... 836 * }] 837 * } 838 */ 839 KJUR.asn1.cades.CAdESUtil.parseSignedDataForAddingUnsigned = function(hex) { 840 var parser = new KJUR.asn1.cms.CMSParser(); 841 var param = parser.getCMSSignedData(hex); 842 return param; 843 }; 844 845 /** 846 * parse SignerInfo to add unsigned attributes (DEPRECATED) 847 * @name parseSignerInfoForAddingUnsigned 848 * @memberOf KJUR.asn1.cades.CAdESUtil 849 * @function 850 * @param {String} hex hexadecimal string of SignerInfo 851 * @return {Object} associative array of parsed data 852 * @deprecated since jsrsasign 10.1.5 no more necessary becase parseSignedDataForAddingUnsigned don't call this 853 * 854 * @description 855 * This method will parse a hexadecimal string of 856 * SignerInfo to add a attribute 857 * to unsigned attributes field in a signerInfo field. 858 * Parsed result will be an associative array which has 859 * following properties: 860 * <ul> 861 * <li>version - hex TLV of version</li> 862 * <li>si - hex TLV of SignerIdentifier</li> 863 * <li>digalg - hex TLV of DigestAlgorithm</li> 864 * <li>sattrs - hex TLV of SignedAttributes</li> 865 * <li>sigalg - hex TLV of SignatureAlgorithm</li> 866 * <li>sig - hex TLV of signature</li> 867 * <li>sigval = hex V of signature</li> 868 * <li>obj - parsed KJUR.asn1.cms.SignerInfo object</li> 869 * </ul> 870 * NOTE: Parsing of unsigned attributes will be provided in the 871 * future version. That's way this version provides support 872 * for CAdES-T and not for CAdES-C. 873 */ 874 KJUR.asn1.cades.CAdESUtil.parseSignerInfoForAddingUnsigned = function(hex, iSI, nth) { 875 var _ASN1HEX = ASN1HEX, 876 _getChildIdx = _ASN1HEX.getChildIdx, 877 _getTLV = _ASN1HEX.getTLV, 878 _getV = _ASN1HEX.getV, 879 _KJUR = KJUR, 880 _KJUR_asn1 = _KJUR.asn1, 881 _ASN1Object = _KJUR_asn1.ASN1Object, 882 _KJUR_asn1_cms = _KJUR_asn1.cms, 883 _AttributeList = _KJUR_asn1_cms.AttributeList, 884 _SignerInfo = _KJUR_asn1_cms.SignerInfo; 885 886 var r = {}; 887 var aSIChildIdx = _getChildIdx(hex, iSI); 888 //alert(aSIChildIdx.join("=")); 889 890 if (aSIChildIdx.length != 6) 891 throw "not supported items for SignerInfo (!=6)"; 892 893 // 1. SignerInfo.CMSVersion 894 var iVersion = aSIChildIdx.shift(); 895 r.version = _getTLV(hex, iVersion); 896 897 // 2. SignerIdentifier(IssuerAndSerialNumber) 898 var iIdentifier = aSIChildIdx.shift(); 899 r.si = _getTLV(hex, iIdentifier); 900 901 // 3. DigestAlgorithm 902 var iDigestAlg = aSIChildIdx.shift(); 903 r.digalg = _getTLV(hex, iDigestAlg); 904 905 // 4. SignedAttrs 906 var iSignedAttrs = aSIChildIdx.shift(); 907 r.sattrs = _getTLV(hex, iSignedAttrs); 908 909 // 5. SigAlg 910 var iSigAlg = aSIChildIdx.shift(); 911 r.sigalg = _getTLV(hex, iSigAlg); 912 913 // 6. Signature 914 var iSig = aSIChildIdx.shift(); 915 r.sig = _getTLV(hex, iSig); 916 r.sigval = _getV(hex, iSig); 917 918 // 7. obj(SignerInfo) 919 var tmp = null; 920 r.obj = new _SignerInfo(); 921 922 tmp = new _ASN1Object(); 923 tmp.hTLV = r.version; 924 r.obj.dCMSVersion = tmp; 925 926 tmp = new _ASN1Object(); 927 tmp.hTLV = r.si; 928 r.obj.dSignerIdentifier = tmp; 929 930 tmp = new _ASN1Object(); 931 tmp.hTLV = r.digalg; 932 r.obj.dDigestAlgorithm = tmp; 933 934 tmp = new _ASN1Object(); 935 tmp.hTLV = r.sattrs; 936 r.obj.dSignedAttrs = tmp; 937 938 tmp = new _ASN1Object(); 939 tmp.hTLV = r.sigalg; 940 r.obj.dSigAlg = tmp; 941 942 tmp = new _ASN1Object(); 943 tmp.hTLV = r.sig; 944 r.obj.dSig = tmp; 945 946 r.obj.dUnsignedAttrs = new _AttributeList(); 947 948 return r; 949 }; 950 951