1 /* asn1ocsp-1.1.5.js (c) 2016-2021 Kenji Urushima | kjur.github.io/jsrsasign/license
  2  */
  3 /*
  4  * asn1ocsp.js - ASN.1 DER encoder classes for OCSP protocol
  5  *
  6  * Copyright (c) 2016-2021 Kenji Urushima (kenji.urushima@gmail.com)
  7  *
  8  * This software is licensed under the terms of the MIT License.
  9  * https://kjur.github.io/jsrsasign/license
 10  *
 11  * The above copyright and license notice shall be 
 12  * included in all copies or substantial portions of the Software.
 13  */
 14 
 15 /**
 16  * @fileOverview
 17  * @name asn1ocsp-1.0.js
 18  * @author Kenji Urushima kenji.urushima@gmail.com
 19  * @version jsrsasign 10.4.0 asn1ocsp 1.1.5 (2021-Aug-17)
 20  * @since jsrsasign 6.1.0
 21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
 22  */
 23 
 24 if (typeof KJUR == "undefined" || !KJUR) KJUR = {};
 25 if (typeof KJUR.asn1 == "undefined" || !KJUR.asn1) KJUR.asn1 = {};
 26 
 27 /**
 28  * ASN.1 classes for OCSP protocol<br/>
 29  * <p>
 30  * This name space provides 
 31  * <a href="https://tools.ietf.org/html/rfc6960">RFC 6960
 32  * Online Certificate Status Protocol (OCSP)</a> ASN.1 request and response generator.
 33  *
 34  * <h4>FEATURES</h4>
 35  * <ul>
 36  * <li>easily generate OCSP data by JSON object</li>
 37  * </ul>
 38  * 
 39  * <h4>OCSP Response Encoder Classes</h4>
 40  * <ul>
 41  * <li>{@link KJUR.asn1.ocsp.OCSPResponse}</li>
 42  * <li>{@link KJUR.asn1.ocsp.ResponseBytes}</li>
 43  * <li>{@link KJUR.asn1.ocsp.BasicOCSPResponse}</li>
 44  * <li>{@link KJUR.asn1.ocsp.ResponseData}</li>
 45  * <li>{@link KJUR.asn1.ocsp.ResponderID}</li>
 46  * <li>{@link KJUR.asn1.ocsp.SingleResponseList}</li>
 47  * <li>{@link KJUR.asn1.ocsp.SingleResponse}</li>
 48  * <li>{@link KJUR.asn1.ocsp.CertID}</li>
 49  * <li>{@link KJUR.asn1.ocsp.CertStatus}</li>
 50  * </ul>
 51  *
 52  * <h4>OCSP Request Encoder Classes</h4>
 53  * <ul>
 54  * <li>{@link KJUR.asn1.ocsp.OCSPRequest}</li>
 55  * <li>{@link KJUR.asn1.ocsp.TBSRequest}</li>
 56  * <li>{@link KJUR.asn1.ocsp.Request}</li>
 57  * <li>{@link KJUR.asn1.ocsp.CertID}</li>
 58  * </ul>
 59  *
 60  * <h4>OCSP Utility classes</h4>
 61  * <ul>
 62  * <li>{@link KJUR.asn1.ocsp.OCSPUtil} - simple request parser</li>
 63  * <li>{@link KJUR.asn1.ocsp.OCSPParser} - request parser</li>
 64  * </ul>
 65  * </p>
 66  * @name KJUR.asn1.ocsp
 67  * @namespace
 68  */
 69 if (typeof KJUR.asn1.ocsp == "undefined" || !KJUR.asn1.ocsp) KJUR.asn1.ocsp = {};
 70 
 71 KJUR.asn1.ocsp.DEFAULT_HASH = "sha1";
 72 
 73 /**
 74  * OCSPResponse ASN.1 class encoder<br/>
 75  * @name KJUR.asn1.ocsp.OCSPResponse
 76  * @class OCSPResponse ASN.1 class encoder
 77  * @param {Array} params JSON object of constructor parameters
 78  * @extends KJUR.asn1.ASN1Object
 79  * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
 80  * @see KJUR.asn1.ocsp.ResponseBytes
 81  *
 82  * @description
 83  * OCSPResponse ASN.1 class is defined in 
 84  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
 85  * <pre>
 86  * OCSPResponse ::= SEQUENCE {
 87  *    responseStatus         OCSPResponseStatus,
 88  *    responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
 89  * OCSPResponseStatus ::= ENUMERATED {
 90  *     successful            (0),  -- Response has valid confirmations
 91  *     malformedRequest      (1),  -- Illegal confirmation request
 92  *     internalError         (2),  -- Internal error in issuer
 93  *     tryLater              (3),  -- Try again later
 94  *                                 -- (4) is not used
 95  *     sigRequired           (5),  -- Must sign the request
 96  *     unauthorized          (6)   -- Request unauthorized
 97  * } 
 98  * </pre>
 99  * This constructor accepts all parameter of
100  * {@link KJUR.asn1.ocsp.ResponseBytes} for "successful" response.
101  * Further more following property is needed:
102  * <ul>
103  * <li>{Number or String}resstats - responseStatus value by
104  * a number or name. (ex. 2, "internalError")</li>
105  * </ul>
106  *
107  * @example
108  * // default constructor for "successful"
109  * o = new KJUR.asn1.ocsp.OCSPResponse({
110  *   resstatus: "successful",
111  *   <<ResponseBytes parameters>>
112  * });
113  * // constructor for error
114  * new KJUR.asn1.ocsp.OCSPRequest({resstatus: 1})
115  * new KJUR.asn1.ocsp.OCSPRequest({resstatus: "unauthorized"})
116  */
117 KJUR.asn1.ocsp.OCSPResponse = function(params) {
118     KJUR.asn1.ocsp.OCSPResponse.superclass.constructor.call(this);
119 
120     var _DEREnumerated = KJUR.asn1.DEREnumerated,
121 	_newObject = KJUR.asn1.ASN1Util.newObject,
122 	_ResponseBytes = KJUR.asn1.ocsp.ResponseBytes;
123 
124     var _aSTATUSNAME = ["successful", "malformedRequest", "internalError",
125 			"tryLater", "_not_used_", "sigRequired", "unauthorized"]; 
126 
127     this.params = null;
128 
129     this._getStatusCode = function() {
130 	var code = this.params.resstatus;
131 	if (typeof code == "number") return code;
132 	if (typeof code != "string") return -1;
133 	return _aSTATUSNAME.indexOf(code);
134     };
135 
136     this.setByParam = function(params) {
137 	this.params = params;
138     };
139 
140     this.getEncodedHex = function() {
141 	var params = this.params;
142 
143 	var code = this._getStatusCode();
144 	if (code == -1) {
145 	    throw new Error("responseStatus not supported: " +
146 			    params.resstatus);
147 	}
148 
149 	if (code != 0) {
150 	    return _newObject({seq: [{'enum': {'int': code}}]}).getEncodedHex();
151 	}
152 	
153 	var dResBytes = new _ResponseBytes(params);
154 	return _newObject({seq: [
155 	    {'enum': {'int': 0}},
156 	    {tag: {tag: "a0", explicit: true, obj: dResBytes}}
157 	]}).getEncodedHex();
158     };
159 
160     if (params !== undefined) this.setByParam(params);
161 };
162 extendClass(KJUR.asn1.ocsp.OCSPResponse, KJUR.asn1.ASN1Object);
163 
164 /**
165  * ResponseBytes ASN.1 class encoder<br/>
166  * @name KJUR.asn1.ocsp.ResponseBytes
167  * @class ResponseBytes ASN.1 class encoder
168  * @param {Array} params JSON object of constructor parameters
169  * @extends KJUR.asn1.ASN1Object
170  * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
171  * @see KJUR.asn1.ocsp.OCSPResponse
172  * @see KJUR.asn1.ocsp.BasicOCSPResponse
173  *
174  * @description
175  * OCSPResponse ASN.1 class is defined in 
176  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
177  * <pre>
178  * ResponseBytes ::=       SEQUENCE {
179  *     responseType   OBJECT IDENTIFIER,
180  *     response       OCTET STRING }
181  * id-pkix-ocsp           OBJECT IDENTIFIER ::= { id-ad-ocsp }
182  * id-pkix-ocsp-basic     OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
183  * </pre>
184  * This constructor accepts all parameter of
185  * {@link KJUR.asn1.ocsp.BasicOCSPResponse}.
186  * Further more following property is needed:
187  * <ul>
188  * <li>{String}restype - only "ocspBasic" can be available</li>
189  * </ul>
190  *
191  * @example
192  * o = new KJUR.asn1.ocsp.ResponseBytes({
193  *   restype: "ocspBasic",
194  *   // BasicOCSPResponse properties shall be specified
195  * });
196  */
197 KJUR.asn1.ocsp.ResponseBytes = function(params) {
198     KJUR.asn1.ocsp.ResponseBytes.superclass.constructor.call(this);
199 
200     var _KJUR_asn1 = KJUR.asn1,
201 	_DERSequence = _KJUR_asn1.DERSequence,
202 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
203 	_DEROctetString = _KJUR_asn1.DEROctetString,
204 	_BasicOCSPResponse = _KJUR_asn1.ocsp.BasicOCSPResponse;
205 
206     this.params = null;
207 
208     this.setByParam = function(params) {
209 	this.params = params;
210     };
211 
212     this.getEncodedHex = function() {
213 	var params = this.params;
214 
215 	if (params.restype != "ocspBasic") {
216 	    throw new Error("not supported responseType: " + params.restype);
217 	}
218 
219 	var dBasic = new _BasicOCSPResponse(params);
220 
221 	var a = [];
222 	a.push(new _DERObjectIdentifier({name: "ocspBasic"}));
223 	a.push(new _DEROctetString({hex: dBasic.getEncodedHex()}));
224 
225 	var seq = new _DERSequence({array: a});
226 	return seq.getEncodedHex();
227     };
228 
229     if (params !== undefined) this.setByParam(params);
230 };
231 extendClass(KJUR.asn1.ocsp.ResponseBytes, KJUR.asn1.ASN1Object);
232 
233 /**
234  * BasicOCSPResponse ASN.1 class encoder<br/>
235  * @name KJUR.asn1.ocsp.BasicOCSPResponse
236  * @class BasicOCSPResponse ASN.1 class encoder
237  * @param {Array} params JSON object of constructor parameters
238  * @extends KJUR.asn1.ASN1Object
239  * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
240  * @see KJUR.asn1.ocsp.OCSPResponse
241  * @see KJUR.asn1.ocsp.ResponseBytes
242  * @see KJUR.asn1.ocsp.BasicOCSPResponse
243  * @see KJUR.asn1.ocsp.ResponseData
244  *
245  * @description
246  * OCSPResponse ASN.1 class is defined in 
247  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
248  * <pre>
249  * BasicOCSPResponse       ::= SEQUENCE {
250  *    tbsResponseData      ResponseData,
251  *    signatureAlgorithm   AlgorithmIdentifier,
252  *    signature            BIT STRING,
253  *    certs            [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
254  * </pre>
255  * This constructor accepts all parameter of
256  * {@link KJUR.asn1.ocsp.ResponseData}.
257  * Further more following properties are available:
258  * <ul>
259  * <li>{ASN1Object}tbsresp (OPTION) - {@link KJUR.asn1.ASN1Object} or its
260  * sub class object for tbsReponseData,
261  * genelally {@link KJUR.asn1.ocsp.ResponseData}.
262  * When "tbsresp" not specified, tbsresp will be set by
263  * other parameters internally.</li>
264  * <li>{String}sigalg - signatureAlgrithm name (ex. "SHA256withRSA")</li>
265  * <li>{Object}reskey (OPTION) - specifies OCSP response signing private key.
266  * Parameter "reskey" or "sighex" shall be specified.
267  * Following values can be specified:
268  *   <ul>
269  *   <li>PKCS#1/5 or PKCS#8 PEM string of private key</li>
270  *   <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful
271  *   to generate a key object.</li>
272  *   </ul>
273  * </li>
274  * <li>{String}sighex (OPTION) - hexadecimal string of signature value
275  * (i.e. ASN.1 value(V) of signatureValue BIT STRING without
276  * unused bits)</li>
277  * <li>{Array}certs (OPTION) - array of PEM or hexadecimal string of
278  * certificate such as OCSP responder certificate</li>
279  * </ul>
280  *
281  * @example
282  * // response data will be signed by "reskey"
283  * new KJUR.asn1.ocsp.BasicOCSPResponse({
284  *   ...<<ResponseData properties...>>...
285  *   sigalg: "SHA256withRSA",
286  *   reskey: <<OCSP Responder private key PEM or object>>,
287  *   certs: [<<PEMorHEXstringOfCert1>>,...] });
288  *
289  * // explicitly specify "signature" by "sighex"
290  * new KJUR.asn1.ocsp.BasicOCSPResponse({
291  *   ...<<ResponseData properties...>>...
292  *   sigalg: "SHA256withRSA",
293  *   sighex: "12abcd...",
294  *   certs: [<<PEMorHEXstringOfCert1>>,...] });
295  * 
296  * // explicitly specify "tbsResponseData" and sign
297  * new KJUR.asn1.ocsp.BasicOCSPResponse({
298  * { tbsresp: <<subclass of ASN1Object>>,
299  *   sigalg: "SHA256withRSA",
300  *   reskey: <<OCSP Responder private key PEM or object>>,
301  *   certs: [<<PEMorHEXstringOfCert1>>,...] }
302  */
303 KJUR.asn1.ocsp.BasicOCSPResponse = function(params) {
304     KJUR.asn1.ocsp.BasicOCSPResponse.superclass.constructor.call(this);
305 
306     var _Error = Error,
307 	_KJUR_asn1 = KJUR.asn1,
308 	_ASN1Object = _KJUR_asn1.ASN1Object,
309 	_DERSequence = _KJUR_asn1.DERSequence,
310 	_DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime,
311 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
312 	_DERBitString = _KJUR_asn1.DERBitString,
313 	_Extensions = _KJUR_asn1.x509.Extensions,
314 	_AlgorithmIdentifier = _KJUR_asn1.x509.AlgorithmIdentifier,
315 	_KJUR_asn1_ocsp = _KJUR_asn1.ocsp,
316 	_ResponderID = _KJUR_asn1_ocsp.ResponderID;
317 	_SingleResponseList = _KJUR_asn1_ocsp.SingleResponseList,
318 	_ResponseData = _KJUR_asn1_ocsp.ResponseData;
319 
320     this.params = null;
321 
322     this.setByParam = function(params) {
323 	this.params = params;
324     };
325 
326     this.sign = function() {
327 	var params = this.params;
328 	var hTBS = params.tbsresp.getEncodedHex();
329 	var sig = new KJUR.crypto.Signature({alg: params.sigalg});
330 	sig.init(params.reskey);
331 	sig.updateHex(hTBS);
332 	params.sighex = sig.sign();
333     };
334 
335     this.getEncodedHex = function() {
336 	var params = this.params;
337 
338 	if (params.tbsresp == undefined) {
339 	    params.tbsresp = new _ResponseData(params);
340 	}
341 
342 	if (params.sighex == undefined && params.reskey != undefined) {
343 	    this.sign();
344 	}
345 
346 	var a = [];
347 	a.push(params.tbsresp);
348 	a.push(new _AlgorithmIdentifier({name: params.sigalg}));
349 	a.push(new _DERBitString({hex: "00" + params.sighex}));
350 
351 	if (params.certs != undefined &&
352 	    params.certs.length != undefined) {
353 	    var aCert = [];
354 	    for (var i = 0; i < params.certs.length; i++) {
355 		var sCert = params.certs[i];
356 		var hCert = null;
357 		if (ASN1HEX.isASN1HEX(sCert)) {
358 		    hCert = sCert;
359 		} else if (sCert.match(/-----BEGIN/)) {
360 		    hCert = pemtohex(sCert);
361 		} else {
362 		    throw new _Error("certs[" + i + "] not hex or PEM");
363 		}
364 		aCert.push(new _ASN1Object({tlv: hCert}));
365 	    }
366 	    var seqCert = new _DERSequence({array: aCert});
367 	    a.push(new _DERTaggedObject({tag:'a0',explicit:true,obj:seqCert}));
368 	}
369 	
370 	var seq = new _DERSequence({array: a});
371 	return seq.getEncodedHex();
372     };
373 
374     if (params !== undefined) this.setByParam(params);
375 };
376 extendClass(KJUR.asn1.ocsp.BasicOCSPResponse, KJUR.asn1.ASN1Object);
377 
378 /**
379  * ResponseData ASN.1 class encoder<br/>
380  * @name KJUR.asn1.ocsp.ResponseData
381  * @class ResponseData ASN.1 class encoder
382  * @param {Array} params JSON object of constructor parameters
383  * @extends KJUR.asn1.ASN1Object
384  * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
385  * @see KJUR.asn1.ocsp.OCSPResponse
386  * @see KJUR.asn1.ocsp.ResponseBytes
387  * @see KJUR.asn1.ocsp.BasicOCSPResponse
388  * @see KJUR.asn1.ocsp.ResponseData
389  * @see KJUR.asn1.ocsp.SingleResponse
390  * @see KJUR.asn1.x509.Extensions
391  * @see KJUR.asn1.DERGeneralizedTime
392  *
393  * @description
394  * ResponseData ASN.1 class is defined in 
395  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
396  * <pre>
397  * ResponseData ::= SEQUENCE {
398  *    version              [0] EXPLICIT Version DEFAULT v1,
399  *    responderID              ResponderID,
400  *    producedAt               GeneralizedTime,
401  *    responses                SEQUENCE OF SingleResponse,
402  *    responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
403  * </pre>
404  * Following properties are available:
405  * <ul>
406  * <li>{Array}respid - JSON object of {@link KJUR.asn1.ocsp.ResponseID} parameter
407  * for "responderID"</li>
408  * <li>{Object}prodat - string or JSON parameter of 
409  * {@link KJUR.asn1.DERGeneralizedTime} (ex. "20200904235959Z")</li>
410  * <li>{Array}responses - array of {@link KJUR.asn1.ocsp.SingleResponse}
411  * parameters</li>
412  * <li>{Array}ext (OPTION) - array of extension parameters
413  * for "responseExtensions".</li>
414  * </ul>
415  *
416  * @example
417  * new KJUR.asn1.ocsp.ResponseData({
418  *   respid: {key: "12ab..."},
419  *   prodat: "20200903235959Z",
420  *   array: [
421  *     <<SingleResponse parameter1>>, ...
422  *   ],
423  *   ext: [{extname:"ocspNonce",hex:"12ab..."}]
424  * });
425  */
426 KJUR.asn1.ocsp.ResponseData = function(params) {
427     KJUR.asn1.ocsp.ResponseData.superclass.constructor.call(this);
428 
429     var _Error = Error,
430 	_KJUR_asn1 = KJUR.asn1,
431 	_DERSequence = _KJUR_asn1.DERSequence,
432 	_DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime,
433 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
434 	_Extensions = _KJUR_asn1.x509.Extensions,
435 	_KJUR_asn1_ocsp = _KJUR_asn1.ocsp,
436 	_ResponderID = _KJUR_asn1_ocsp.ResponderID;
437 	_SingleResponseList = _KJUR_asn1_ocsp.SingleResponseList;
438     
439     this.params = null;
440 
441     this.getEncodedHex = function() {
442 	var params = this.params;
443 	if (params.respid != undefined) new _Error("respid not specified");
444 	if (params.prodat != undefined) new _Error("prodat not specified");
445 	if (params.array != undefined) new _Error("array not specified");
446 
447 	var a = [];
448 	a.push(new _ResponderID(params.respid));
449 	a.push(new _DERGeneralizedTime(params.prodat));
450 	a.push(new _SingleResponseList(params.array));
451 
452 	if (params.ext != undefined) {
453 	    var dExt = new _Extensions(params.ext);
454 	    a.push(new _DERTaggedObject({tag:'a1', explicit:true, obj:dExt}));
455 	}
456 
457 	var seq = new _DERSequence({array: a});
458 	return seq.getEncodedHex();
459     };
460 
461     this.setByParam = function(params) {
462 	this.params = params;
463     };
464 
465     if (params !== undefined) this.setByParam(params);
466 };
467 extendClass(KJUR.asn1.ocsp.ResponseData, KJUR.asn1.ASN1Object);
468 
469 /**
470  * ResponderID ASN.1 class encoder<br/>
471  * @name KJUR.asn1.ocsp.ResponderID
472  * @class ResponderID ASN.1 class encoder
473  * @param {Array} params JSON object of constructor parameters
474  * @extends KJUR.asn1.ASN1Object
475  * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
476  * @see KJUR.asn1.ocsp.OCSPResponse
477  * @see KJUR.asn1.ocsp.ResponseBytes
478  * @see KJUR.asn1.ocsp.BasicOCSPResponse
479  * @see KJUR.asn1.ocsp.ResponseData
480  *
481  * @description
482  * ResponderID ASN.1 class is defined in 
483  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
484  * <pre>
485  * ResponderID ::= CHOICE {
486  *    byName               [1] Name,
487  *    byKey                [2] KeyHash }
488  * KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key
489  *                             (excluding the tag and length fields)
490  * </pre>
491  * Following properties are available:
492  * <ul>
493  * <li>{Array}name (OPTION) - JSON object of {@link KJUR.asn1.x509.X500Name} parameter
494  * for "byName"</li>
495  * <li>{String}key (OPTION) - hexadecimal string of KeyHash value</li>
496  * </ul>
497  *
498  * @example
499  * new KJUR.asn1.ocsp.ResponderID({name: {str: "/C=JP/O=Resp"}})
500  * new KJUR.asn1.ocsp.ResponderID({name: {array: [[{type:"C",value:"JP",ds:"prn"}]...]}})
501  * new KJUR.asn1.ocsp.ResponderID({key: "12ab..."})
502  */
503 KJUR.asn1.ocsp.ResponderID = function(params) {
504     KJUR.asn1.ocsp.ResponderID.superclass.constructor.call(this);
505     var _KJUR_asn1 = KJUR.asn1,
506 	_newObject = _KJUR_asn1.ASN1Util.newObject,
507 	_X500Name = _KJUR_asn1.x509.X500Name;
508     
509     this.params = null;
510     
511     this.getEncodedHex = function() {
512 	var params = this.params;
513 	if (params.key != undefined) {
514 	    var dTag = _newObject({tag: {tag:"a2",
515 					 explicit:true,
516 					 obj:{octstr:{hex:params.key}}}});
517 	    return dTag.getEncodedHex();
518 	} else if (params.name != undefined) {
519 	    var dTag = _newObject({tag: {tag:"a1",
520 					 explicit:true,
521 					 obj:new _X500Name(params.name)}});
522 	    return dTag.getEncodedHex();
523 	}
524 	throw new Error("key or name not specified");
525     };
526 
527     this.setByParam = function(params) {
528 	this.params = params;
529     };
530 
531     if (params !== undefined) this.setByParam(params);
532 };
533 extendClass(KJUR.asn1.ocsp.ResponderID, KJUR.asn1.ASN1Object);
534 
535 /**
536  * ASN.1 class encoder for SEQUENCE OF SingleResponse<br/>
537  * @name KJUR.asn1.ocsp.SingleResponseList
538  * @class ASN.1 class encoder for SEQUENCE OF SingleResponse
539  * @param {Array} params array of JSON object for SingleResponse parameters
540  * @extends KJUR.asn1.ASN1Object
541  * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
542  * @see KJUR.asn1.ocsp.OCSPResponse
543  * @see KJUR.asn1.ocsp.ResponseBytes
544  * @see KJUR.asn1.ocsp.BasicOCSPResponse
545  * @see KJUR.asn1.ocsp.ResponseData
546  * @see KJUR.asn1.ocsp.SingleResponse
547  *
548  * @description
549  * ASN.1 class of SEQUENCE OF SingleResponse is defined in 
550  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
551  * <pre>
552  * ResponseData ::= SEQUENCE {
553  *    version              [0] EXPLICIT Version DEFAULT v1,
554  *    responderID              ResponderID,
555  *    producedAt               GeneralizedTime,
556  *    responses                SEQUENCE OF SingleResponse,
557  *    responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
558  * SingleResponse ::= SEQUENCE {
559  *    certID                       CertID,
560  *    certStatus                   CertStatus,
561  *    thisUpdate                   GeneralizedTime,
562  *    nextUpdate         [0]       EXPLICIT GeneralizedTime OPTIONAL,
563  *    singleExtensions   [1]       EXPLICIT Extensions OPTIONAL }
564  * </pre>
565  * Following properties are available:
566  * <ul>
567  * <li>{Array}name (OPTION) - JSON object of {@link KJUR.asn1.x509.X500Name} parameter
568  * for "byName"</li>
569  * <li>{String}key (OPTION) - hexadecimal string of KeyHash value</li>
570  * </ul>
571  *
572  * @example
573  * new KJUR.asn1.ocsp.SingleResponseList([{
574  *   certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"},
575  *   status: {status: "good"},
576  *   thisupdate: "20200903235959Z"
577  * },{
578  *   certid: {alg:"sha1",issname:"24ab",isskey:"24ab",sbjsn:"24ab"},
579  *   status: {status: "good"},
580  *   thisupdate: "20200904235959Z"
581  * ])
582  */
583 KJUR.asn1.ocsp.SingleResponseList = function(params) {
584     KJUR.asn1.ocsp.SingleResponseList.superclass.constructor.call(this);
585 
586     var _KJUR_asn1 = KJUR.asn1,
587 	_DERSequence = _KJUR_asn1.DERSequence,
588 	_SingleResponse = _KJUR_asn1.ocsp.SingleResponse;
589 
590     this.params = null;
591     
592     this.getEncodedHex = function() {
593 	var params = this.params;
594 
595 	if (typeof params != "object" || params.length == undefined) {
596 	    throw new Error("params not specified properly");
597 	}
598 
599 	var a = [];
600 	for (var i = 0; i < params.length; i++) {
601 	    a.push(new _SingleResponse(params[i]));
602 	}
603 
604 	var seq = new _DERSequence({array: a});
605 	return seq.getEncodedHex();
606     };
607 
608     this.setByParam = function(params) {
609 	this.params = params;
610     };
611 
612     if (params !== undefined) this.setByParam(params);
613 };
614 extendClass(KJUR.asn1.ocsp.SingleResponseList, KJUR.asn1.ASN1Object);
615 
616 /**
617  * SingleResponse ASN.1 class encoder<br/>
618  * @name KJUR.asn1.ocsp.SingleResponse
619  * @class SingleResponse ASN.1 class encoder
620  * @param {Array} params JSON object for SingleResponse parameter
621  * @extends KJUR.asn1.ASN1Object
622  * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
623  * @see KJUR.asn1.ocsp.OCSPResponse
624  * @see KJUR.asn1.ocsp.ResponseBytes
625  * @see KJUR.asn1.ocsp.BasicOCSPResponse
626  * @see KJUR.asn1.ocsp.ResponseData
627  * @see KJUR.asn1.ocsp.SingleResponse
628  * @see KJUR.asn1.ocsp.CertID
629  * @see KJUR.asn1.ocsp.CertStatus
630  *
631  * @description
632  * ASN.1 class of SEQUENCE OF SingleResponse is defined in 
633  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
634  * <pre>
635  * SingleResponse ::= SEQUENCE {
636  *    certID                       CertID,
637  *    certStatus                   CertStatus,
638  *    thisUpdate                   GeneralizedTime,
639  *    nextUpdate         [0]       EXPLICIT GeneralizedTime OPTIONAL,
640  *    singleExtensions   [1]       EXPLICIT Extensions OPTIONAL }
641  * </pre>
642  * Following properties are available:
643  * <ul>
644  * <li>{Array}certid - JSON object of {@link KJUR.asn1.ocsp.CertID} parameter</li>
645  * <li>{Array}status - JSON object of {@link KJUR.asn1.ocsp.CertStatus} parameter</li>
646  * <li>{Object}thisupdate - {@link KJUR.asn1.DERGeneralizedTime} parameter
647  * for "thisUpdate"</li>
648  * <li>{Object}nextupdate (OPTION) - {@link KJUR.asn1.DERGeneralizedTime} parameter
649  * for "nextUpdate"</li>
650  * <li>{Array}ext (OPTION) - array of JSON object 
651  * {@link KJUR.asn1.x509.Extension} sub class parameter for
652  * "singleExtensions"</li>
653  * </ul>
654  *
655  * @example
656  * new KJUR.asn1.ocsp.SingleResponse({
657  *   certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"},
658  *   status: {status: "good"},
659  *   thisupdate: "20200903235959Z",
660  *   nextupdate: "20200913235959Z",
661  *   ext: [<<Extension parameters>>...]
662  * })
663  */
664 KJUR.asn1.ocsp.SingleResponse = function(params) {
665     var _Error = Error,
666 	_KJUR = KJUR,
667 	_KJUR_asn1 = _KJUR.asn1,
668 	_DERSequence = _KJUR_asn1.DERSequence,
669 	_DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime,
670 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
671 	_KJUR_asn1_ocsp = _KJUR_asn1.ocsp,
672 	_CertID = _KJUR_asn1_ocsp.CertID,
673 	_CertStatus = _KJUR_asn1_ocsp.CertStatus,
674 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
675 	_Extensions = _KJUR_asn1_x509.Extensions;
676 
677     _KJUR_asn1_ocsp.SingleResponse.superclass.constructor.call(this);
678 
679     this.params = null;
680     
681     this.getEncodedHex = function() {
682 	var params = this.params;
683 	var a = [];
684 
685 	if (params.certid == undefined) throw new _Error("certid unspecified");
686 	if (params.status == undefined) throw new _Error("status unspecified");
687 	if (params.thisupdate == undefined) throw new _Error("thisupdate unspecified");
688 
689 	a.push(new _CertID(params.certid));
690 	a.push(new _CertStatus(params.status));
691 	a.push(new _DERGeneralizedTime(params.thisupdate));
692 
693 	if (params.nextupdate != undefined) {
694 	    var dTime = new _DERGeneralizedTime(params.nextupdate);
695 	    a.push(new _DERTaggedObject({tag:'a0', explicit:true, obj:dTime}));
696 	}
697 
698 	if (params.ext != undefined) {
699 	    var dExt = new _Extensions(params.ext);
700 	    a.push(new _DERTaggedObject({tag:'a1', explicit:true, obj:dExt}));
701 	}
702 
703 	var seq = new _DERSequence({array: a});
704 	return seq.getEncodedHex();
705     };
706 
707     this.setByParam = function(params) {
708 	this.params = params;
709     };
710 
711     if (params !== undefined) this.setByParam(params);
712 };
713 extendClass(KJUR.asn1.ocsp.SingleResponse, KJUR.asn1.ASN1Object);
714 
715 /**
716  * ASN.1 CertID class for OCSP<br/>
717  * @name KJUR.asn1.ocsp.CertID
718  * @class ASN.1 CertID class for OCSP
719  * @param {Array} params JSON object of parameters
720  * @extends KJUR.asn1.ASN1Object
721  * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
722  * @see KJUR.asn1.ocsp.SingleResponse
723  * @see KJUR.asn1.x509.AlgorithmIdentifier
724  *
725  * @description
726  * CertID ASN.1 class is defined in 
727  * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
728  * <pre>
729  * CertID ::= SEQUENCE {
730  *   hashAlgorithm   AlgorithmIdentifier,
731  *   issuerNameHash  OCTET STRING, -- Hash of issuer's DN
732  *   issuerKeyHash   OCTET STRING, -- Hash of issuer's public key
733  *   serialNumber    CertificateSerialNumber }
734  * </pre>
735  * Following properties are available in "params" of the constructor:
736  * <ul>
737  * <li>{String}alg (OPTION) - hash algorithm name. Default is "sha1" (ex, "sha1")</li>
738  * <li>{String}issname (OPTION) - hexadecimal string of issuerNameHash</li>
739  * <li>{String}isskey (OPTION) - hexadecimal string of issuerKeyHash</li>
740  * <li>{String}sbjsn (OPTION) - hexadecimal string of serial number of subject certificate</li>
741  * <li>{String}issuerCert (OPTION) - PEM string of issuer certificate.
742  * Property "issname" and "isskey" will be set by "issuerCert".</li>
743  * <li>{String}subjectCert (OPTION) - PEM string of issuer certificate.
744  * Property "sbjsn" will be set by "subjectCert".</li>
745  * </ul>
746  * <br/>
747  * NOTE: Properties "namehash", "keyhash" and "serial" are
748  * changed to "issname", "isskey", and "sbjsn" respectively
749  * since jsrsasign 9.1.6 asn1ocsp 1.1.0.
750  *
751  * @example
752  * // constructor with explicit values (changed since jsrsasign 9.1.6)
753  * new KJUR.asn1.ocsp.CertID({issname: "1a...", isskey: "ad...", sbjsn: "1234", alg: "sha256"});
754  *
755  * // constructor with certs (sha1 is used by default)
756  * o = new KJUR.asn1.ocsp.CertID({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN..."});
757  *
758  * // constructor with certs and sha256
759  * o = new KJUR.asn1.ocsp.CertID({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"});
760  */
761 KJUR.asn1.ocsp.CertID = function(params) {
762     var _KJUR = KJUR,
763 	_KJUR_asn1 = _KJUR.asn1,
764 	_DEROctetString = _KJUR_asn1.DEROctetString,
765 	_DERInteger = _KJUR_asn1.DERInteger,
766 	_DERSequence = _KJUR_asn1.DERSequence,
767 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
768 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
769 	_KJUR_asn1_ocsp = _KJUR_asn1.ocsp,
770 	_DEFAULT_HASH = _KJUR_asn1_ocsp.DEFAULT_HASH,
771 	_KJUR_crypto = _KJUR.crypto,
772 	_hashHex = _KJUR_crypto.Util.hashHex,
773 	_X509 = X509,
774 	_ASN1HEX = ASN1HEX;
775 
776     _KJUR_asn1_ocsp.CertID.superclass.constructor.call(this);
777 
778     this.dHashAlg = null;
779     this.dIssuerNameHash = null;
780     this.dIssuerKeyHash = null;
781     this.dSerialNumber = null;
782 
783     /**
784      * set CertID ASN.1 object by values.<br/>
785      * @name setByValue
786      * @memberOf KJUR.asn1.ocsp.CertID#
787      * @function
788      * @param {String} issuerNameHashHex hexadecimal string of hash value of issuer name
789      * @param {String} issuerKeyHashHex hexadecimal string of hash value of issuer public key
790      * @param {String} serialNumberHex hexadecimal string of certificate serial number to be verified
791      * @param {String} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1
792      * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
793      * @example
794      * o = new KJUR.asn1.ocsp.CertID();
795      * o.setByValue("1fac...", "fd3a...", "1234"); // sha1 is used by default
796      * o.setByValue("1fac...", "fd3a...", "1234", "sha256");
797      */
798     this.setByValue = function(issuerNameHashHex, issuerKeyHashHex,
799 			       serialNumberHex, algName) {
800 	if (algName === undefined) algName = _DEFAULT_HASH;
801 	this.dHashAlg =        new _AlgorithmIdentifier({name: algName});
802 	this.dIssuerNameHash = new _DEROctetString({hex: issuerNameHashHex});
803 	this.dIssuerKeyHash =  new _DEROctetString({hex: issuerKeyHashHex});
804 	this.dSerialNumber =   new _DERInteger({hex: serialNumberHex});
805     };
806 
807     /**
808      * set CertID ASN.1 object by PEM certificates.<br/>
809      * @name setByCert
810      * @memberOf KJUR.asn1.ocsp.CertID#
811      * @function
812      * @param {String} issuerCert string of PEM issuer certificate
813      * @param {String} subjectCert string of PEM subject certificate to be verified by OCSP
814      * @param {String} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1
815      * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
816      *
817      * @example
818      * o = new KJUR.asn1.ocsp.CertID();
819      * o.setByCert("-----BEGIN...", "-----BEGIN..."); // sha1 is used by default
820      * o.setByCert("-----BEGIN...", "-----BEGIN...", "sha256");
821      */
822     this.setByCert = function(issuerCert, subjectCert, algName) {
823 	if (algName === undefined) algName = _DEFAULT_HASH;
824 
825 	var xSbj = new _X509();
826 	xSbj.readCertPEM(subjectCert);
827 	var xIss = new _X509();
828 	xIss.readCertPEM(issuerCert);
829 
830 	var hISS_SPKI = xIss.getPublicKeyHex();
831 	var issuerKeyHex = _ASN1HEX.getVbyList(hISS_SPKI, 0, [1], "03", true);
832 
833 	var serialNumberHex = xSbj.getSerialNumberHex();
834 	var issuerNameHashHex = _hashHex(xIss.getSubjectHex(), algName);
835 	var issuerKeyHashHex = _hashHex(issuerKeyHex, algName);
836 	this.setByValue(issuerNameHashHex, issuerKeyHashHex,
837 			serialNumberHex, algName);
838 	this.hoge = xSbj.getSerialNumberHex();
839     };
840 
841     this.getEncodedHex = function() {
842 	if (this.dHashAlg === null && 
843 	    this.dIssuerNameHash === null &&
844 	    this.dIssuerKeyHash === null &&
845 	    this.dSerialNumber === null)
846 	    throw "not yet set values";
847 
848 	var a = [this.dHashAlg, this.dIssuerNameHash,
849 		 this.dIssuerKeyHash, this.dSerialNumber];
850 	var seq = new _DERSequence({array: a});
851         this.hTLV = seq.getEncodedHex();
852         return this.hTLV;
853     };
854 
855     if (params !== undefined) {
856 	var p = params;
857 	if (p.issuerCert !== undefined &&
858 	    p.subjectCert !== undefined) {
859 	    var alg = _DEFAULT_HASH;
860 	    if (p.alg === undefined) alg = undefined;
861 	    this.setByCert(p.issuerCert, p.subjectCert, alg);
862 	} else if (p.issname !== undefined &&
863 		   p.isskey !== undefined &&
864 		   p.sbjsn !== undefined) {
865 	    var alg = _DEFAULT_HASH;
866 	    if (p.alg === undefined) alg = undefined;
867 	    this.setByValue(p.issname, p.isskey, p.sbjsn, alg);
868 	} else {
869 	    throw new Error("invalid constructor arguments");
870 	}
871     }
872 };
873 extendClass(KJUR.asn1.ocsp.CertID, KJUR.asn1.ASN1Object);
874 
875 /**
876  * CertStatus ASN.1 class encoder<br/>
877  * @name KJUR.asn1.ocsp.CertStatus
878  * @class CertStatus ASN.1 class encoder
879  * @param {Array} params JSON object for CertStatus parameter
880  * @extends KJUR.asn1.ASN1Object
881  * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
882  * @see KJUR.asn1.ocsp.OCSPResponse
883  * @see KJUR.asn1.ocsp.ResponseBytes
884  * @see KJUR.asn1.ocsp.BasicOCSPResponse
885  * @see KJUR.asn1.ocsp.ResponseData
886  * @see KJUR.asn1.ocsp.SingleResponse
887  * @see KJUR.asn1.ocsp.CertID
888  * @see KJUR.asn1.ocsp.CertStatus
889  *
890  * @description
891  * ASN.1 class of SEQUENCE OF SingleResponse is defined in 
892  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
893  * <pre>
894  * CertStatus ::= CHOICE {
895  *     good        [0]     IMPLICIT NULL,
896  *     revoked     [1]     IMPLICIT RevokedInfo,
897  *     unknown     [2]     IMPLICIT UnknownInfo }
898  * RevokedInfo ::= SEQUENCE {
899  *     revocationTime              GeneralizedTime,
900  *     revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
901  * UnknownInfo ::= NULL
902  * CRLReason ::= ENUMERATED {
903  *      unspecified             (0),
904  *      keyCompromise           (1),
905  *      cACompromise            (2),
906  *      affiliationChanged      (3),
907  *      superseded              (4),
908  *      cessationOfOperation    (5),
909  *      certificateHold         (6),
910  *           -- value 7 is not used
911  *      removeFromCRL           (8),
912  *      privilegeWithdrawn      (9),
913  *      aACompromise           (10) }
914  * </pre>
915  * Following properties are available:
916  * <ul>
917  * <li>{String}status - "good", "revoked" or "unknown"</li>
918  * <li>{String}time (OPTION) - revocationTime YYYYMMDDHHmmSSZ (ex. "20200904235959Z")</li>
919  * <li>{Number}reason (OPTION) - revocationReason code number</li>
920  * </ul>
921  *
922  * @example
923  * new KJUR.asn1.ocsp.CertStatus({status: "good"})
924  * new KJUR.asn1.ocsp.CertStatus({status: "revoked", time: "20200903235959Z"})
925  * new KJUR.asn1.ocsp.CertStatus({status: "revoked", time: "20200903235959Z", reason: 3})
926  * new KJUR.asn1.ocsp.CertStatus({status: "unknown"})
927  */
928 KJUR.asn1.ocsp.CertStatus = function(params) {
929     KJUR.asn1.ocsp.CertStatus.superclass.constructor.call(this);
930 
931     this.params = null;
932 
933     this.getEncodedHex = function() {
934 	var params = this.params;
935 	if (params.status == "good") return "8000";
936 	if (params.status == "unknown") return "8200";
937 	if (params.status == "revoked") {
938 	    var a = [{gentime: {str: params.time}}];
939 	    if (params.reason != undefined) {
940 		a.push({tag: {tag: 'a0', 
941 			      explicit: true,
942 			      obj: {'enum': {'int': params.reason}}}});
943 	    }
944 	    var tagParam = {tag: 'a1', explicit: false, obj: {seq: a}};
945 	    return KJUR.asn1.ASN1Util.newObject({tag: tagParam}).getEncodedHex();
946 	}
947 	throw new Error("bad status");
948     };
949 
950     this.setByParam = function(params) {
951 	this.params = params;
952     };
953 
954     if (params !== undefined) this.setByParam(params);
955 };
956 extendClass(KJUR.asn1.ocsp.CertStatus, KJUR.asn1.ASN1Object);
957 
958 // ---- END OF Classes for OCSP response -----------------------------------
959 
960 /**
961  * ASN.1 Request class for OCSP<br/>
962  * @name KJUR.asn1.ocsp.Request
963  * @class ASN.1 Request class for OCSP
964  * @param {Array} params associative array of parameters
965  * @extends KJUR.asn1.ASN1Object
966  * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
967  * @description
968  * Request ASN.1 class is defined in 
969  * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
970  * singleRequestExtensions is not supported yet in this version such as nonce.
971  * <pre>
972  * Request ::= SEQUENCE {
973  *   reqCert                  CertID,
974  *   singleRequestExtensions  [0] EXPLICIT Extensions OPTIONAL }
975  * </pre>
976  * @example
977  * // default constructor
978  * o = new KJUR.asn1.ocsp.Request();
979  * // constructor with certs (sha1 is used by default)
980  * o = new KJUR.asn1.ocsp.Request({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN..."});
981  * // constructor with certs and sha256
982  * o = new KJUR.asn1.ocsp.Request({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"});
983  * // constructor with values
984  * o = new KJUR.asn1.ocsp.Request({namehash: "1a...", keyhash: "ad...", serial: "1234", alg: "sha256"});
985  */
986 KJUR.asn1.ocsp.Request = function(params) {
987     var _KJUR = KJUR,
988 	_KJUR_asn1 = _KJUR.asn1,
989 	_DERSequence = _KJUR_asn1.DERSequence,
990 	_KJUR_asn1_ocsp = _KJUR_asn1.ocsp;
991     
992     _KJUR_asn1_ocsp.Request.superclass.constructor.call(this);
993     this.dReqCert = null;
994     this.dExt = null;
995     
996     this.getEncodedHex = function() {
997 	var a = [];
998 
999 	// 1. reqCert
1000 	if (this.dReqCert === null)
1001 	    throw "reqCert not set";
1002 	a.push(this.dReqCert);
1003 
1004 	// 2. singleRequestExtensions (not supported yet)
1005 
1006 	// 3. construct SEQUENCE
1007 	var seq = new _DERSequence({array: a});
1008         this.hTLV = seq.getEncodedHex();
1009         return this.hTLV;
1010     };
1011 
1012     if (typeof params !== "undefined") {
1013 	var o = new _KJUR_asn1_ocsp.CertID(params);
1014 	this.dReqCert = o;
1015     }
1016 };
1017 extendClass(KJUR.asn1.ocsp.Request, KJUR.asn1.ASN1Object);
1018 
1019 /**
1020  * ASN.1 TBSRequest class for OCSP<br/>
1021  * @name KJUR.asn1.ocsp.TBSRequest
1022  * @class ASN.1 TBSRequest class for OCSP
1023  * @param {Array} params associative array of parameters
1024  * @extends KJUR.asn1.ASN1Object
1025  * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
1026  * @description
1027  * TBSRequest ASN.1 class is defined in 
1028  * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
1029  * <pre>
1030  * TBSRequest ::= SEQUENCE {
1031  *   version            [0] EXPLICIT Version DEFAULT v1,
1032  *   requestorName      [1] EXPLICIT GeneralName OPTIONAL,
1033  *   requestList            SEQUENCE OF Request,
1034  *   requestExtensions  [2] EXPLICIT Extensions OPTIONAL }
1035  * </pre>
1036  * @example
1037  * // default constructor
1038  * o = new KJUR.asn1.ocsp.TBSRequest();
1039  * // constructor with requestList parameter
1040  * o = new KJUR.asn1.ocsp.TBSRequest({reqList:[
1041  *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg:},
1042  *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"}
1043  * ]});
1044  */
1045 KJUR.asn1.ocsp.TBSRequest = function(params) {
1046     var _KJUR = KJUR,
1047 	_KJUR_asn1 = _KJUR.asn1,
1048 	_DERSequence = _KJUR_asn1.DERSequence,
1049 	_KJUR_asn1_ocsp = _KJUR_asn1.ocsp;
1050 
1051     _KJUR_asn1_ocsp.TBSRequest.superclass.constructor.call(this);
1052     this.version = 0;
1053     this.dRequestorName = null;
1054     this.dRequestList = [];
1055     this.dRequestExt = null;
1056 
1057     /**
1058      * set TBSRequest ASN.1 object by array of parameters.<br/>
1059      * @name setRequestListByParam
1060      * @memberOf KJUR.asn1.ocsp.TBSRequest#
1061      * @function
1062      * @param {Array} aParams array of parameters for Request class
1063      * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
1064      * @example
1065      * o = new KJUR.asn1.ocsp.TBSRequest();
1066      * o.setRequestListByParam([
1067      *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg:},
1068      *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"}
1069      * ]);
1070      */
1071     this.setRequestListByParam = function(aParams) {
1072 	var a = [];
1073 	for (var i = 0; i < aParams.length; i++) {
1074 	    var dReq = new _KJUR_asn1_ocsp.Request(aParams[0]);
1075 	    a.push(dReq);
1076 	}
1077 	this.dRequestList = a;
1078     };
1079 
1080     this.getEncodedHex = function() {
1081 	var a = [];
1082 
1083 	// 1. version
1084 	if (this.version !== 0)
1085 	    throw "not supported version: " + this.version;
1086 
1087 	// 2. requestorName
1088 	if (this.dRequestorName !== null)
1089 	    throw "requestorName not supported";
1090 
1091 	// 3. requestList
1092 	var seqRequestList = 
1093 	    new _DERSequence({array: this.dRequestList});
1094 	a.push(seqRequestList);
1095 
1096 	// 4. requestExtensions
1097 	if (this.dRequestExt !== null)
1098 	    throw "requestExtensions not supported";
1099 
1100 	// 5. construct SEQUENCE
1101 	var seq = new _DERSequence({array: a});
1102         this.hTLV = seq.getEncodedHex();
1103         return this.hTLV;
1104     };
1105 
1106     if (params !== undefined) {
1107 	if (params.reqList !== undefined)
1108 	    this.setRequestListByParam(params.reqList);
1109     }
1110 };
1111 extendClass(KJUR.asn1.ocsp.TBSRequest, KJUR.asn1.ASN1Object);
1112 
1113 
1114 /**
1115  * ASN.1 OCSPRequest class for OCSP<br/>
1116  * @name KJUR.asn1.ocsp.OCSPRequest
1117  * @class ASN.1 OCSPRequest class for OCSP
1118  * @param {Array} params associative array of parameters
1119  * @extends KJUR.asn1.ASN1Object
1120  * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
1121  * @description
1122  * OCSPRequest ASN.1 class is defined in 
1123  * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
1124  * A signed request is not supported yet in this version.
1125  * <pre>
1126  * OCSPRequest ::= SEQUENCE {
1127  *   tbsRequest             TBSRequest,
1128  *   optionalSignature  [0] EXPLICIT Signature OPTIONAL }
1129  * </pre>
1130  * @example
1131  * // default constructor
1132  * o = new KJUR.asn1.ocsp.OCSPRequest();
1133  * // constructor with requestList parameter
1134  * o = new KJUR.asn1.ocsp.OCSPRequest({reqList:[
1135  *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg:},
1136  *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"}
1137  * ]});
1138  */
1139 KJUR.asn1.ocsp.OCSPRequest = function(params) {
1140     var _KJUR = KJUR,
1141 	_KJUR_asn1 = _KJUR.asn1,
1142 	_DERSequence = _KJUR_asn1.DERSequence,
1143 	_KJUR_asn1_ocsp = _KJUR_asn1.ocsp;
1144 
1145     _KJUR_asn1_ocsp.OCSPRequest.superclass.constructor.call(this);
1146     this.dTbsRequest = null;
1147     this.dOptionalSignature = null;
1148 
1149     this.getEncodedHex = function() {
1150 	var a = [];
1151 
1152 	// 1. tbsRequest
1153 	if (this.dTbsRequest !== null) {
1154 	    a.push(this.dTbsRequest);
1155 	} else {
1156 	    throw "tbsRequest not set";
1157 	}
1158 
1159 	// 2. optionalSignature
1160 	if (this.dOptionalSignature !== null)
1161 	    throw "optionalSignature not supported";
1162 
1163 	// 3. construct SEQUENCE
1164 	var seq = new _DERSequence({array: a});
1165         this.hTLV = seq.getEncodedHex();
1166         return this.hTLV;
1167     };
1168 
1169     if (params !== undefined) {
1170 	if (params.reqList !== undefined) {
1171 	    var o = new _KJUR_asn1_ocsp.TBSRequest(params);
1172 	    this.dTbsRequest = o;
1173 	}
1174     }
1175 };
1176 extendClass(KJUR.asn1.ocsp.OCSPRequest, KJUR.asn1.ASN1Object);
1177 
1178 /**
1179  * Utility class for OCSP<br/>
1180  * @name KJUR.asn1.ocsp.OCSPUtil
1181  * @class Utility class for OCSP
1182  * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
1183  * @description
1184  * This class provides utility static methods for OCSP.
1185  * <ul>
1186  * <li>{@link KJUR.asn1.ocsp.OCSPUtil.getRequestHex} - generates hexadecimal string of OCSP request</li>
1187  * </ul>
1188  */
1189 KJUR.asn1.ocsp.OCSPUtil = {};
1190 
1191 /**
1192  * generates hexadecimal string of OCSP request<br/>
1193  * @name getRequestHex
1194  * @memberOf KJUR.asn1.ocsp.OCSPUtil
1195  * @function
1196  * @param {String} issuerCert string of PEM issuer certificate
1197  * @param {String} subjectCert string of PEM subject certificate to be verified by OCSP
1198  * @param {String} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1
1199  * @return {String} hexadecimal string of generated OCSP request
1200  * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
1201  * @description
1202  * This static method generates hexadecimal string of OCSP request.
1203  * @example
1204  * // generate OCSP request using sha1 algorithnm by default.
1205  * hReq = KJUR.asn1.ocsp.OCSPUtil.getRequestHex("-----BEGIN...", "-----BEGIN...");
1206  */
1207 KJUR.asn1.ocsp.OCSPUtil.getRequestHex = function(issuerCert, subjectCert, alg) {
1208     var _KJUR = KJUR,
1209 	_KJUR_asn1 = _KJUR.asn1,
1210 	_KJUR_asn1_ocsp = _KJUR_asn1.ocsp;
1211 
1212     if (alg === undefined) alg = _KJUR_asn1_ocsp.DEFAULT_HASH;
1213     var param = {alg: alg, issuerCert: issuerCert, subjectCert: subjectCert};
1214     var o = new _KJUR_asn1_ocsp.OCSPRequest({reqList: [param]});
1215     return o.getEncodedHex();
1216 };
1217 
1218 /**
1219  * simple parser for OCSPResponse (DEPRECATED)<br/>
1220  * @name getOCSPResponseInfo
1221  * @memberOf KJUR.asn1.ocsp.OCSPUtil
1222  * @function
1223  * @param {String} h hexadecimal string of DER OCSPResponse
1224  * @return {Object} JSON object of parsed OCSPResponse
1225  * @since jsrsasign 6.1.0 asn1ocsp 1.0.1
1226  * @deprecated since jsrsasign 10.4.0 asn1ocsp 1.1.5 Please use OCSPParser.getOCSPRespnose
1227  *
1228  * @description
1229  * This static method parse a hexadecimal string of DER OCSPResponse and
1230  * returns JSON object of its parsed result.
1231  * Its result has following properties:
1232  * <ul>
1233  * <li>responseStatus - integer of responseStatus</li>
1234  * <li>certStatus - string of certStatus (ex. good, revoked or unknown)</li>
1235  * <li>thisUpdate - string of thisUpdate in Zulu(ex. 20151231235959Z)</li>
1236  * <li>nextUpdate - string of nextUpdate in Zulu(ex. 20151231235959Z)</li>
1237  * </ul>
1238  * NOTE: This method may not work preperly. Please use 
1239  * {@link KJUR.asn1.ocsp.OCSPParser#getOCSPResponse}.
1240  *
1241  * @example
1242  * info = KJUR.asn1.ocsp.OCSPUtil.getOCSPResponseInfo("3082...");
1243  */
1244 KJUR.asn1.ocsp.OCSPUtil.getOCSPResponseInfo = function(h) {
1245     var _ASN1HEX = ASN1HEX,
1246 	_getVbyList = _ASN1HEX.getVbyList,
1247 	_getVbyListEx = _ASN1HEX.getVbyListEx,
1248 	_getIdxbyList = _ASN1HEX.getIdxbyList,
1249 	_getIdxbyListEx = _ASN1HEX.getIdxbyListEx,
1250 	_getV = _ASN1HEX.getV;
1251 
1252     var result = {};
1253     try {
1254 	var v = _getVbyListEx(h, 0, [0], "0a");
1255 	result.responseStatus = parseInt(v, 16);
1256     } catch(ex) {};
1257     if (result.responseStatus !== 0) return result;
1258 
1259     try {
1260 	// certStatus
1261 	var idxCertStatus = _getIdxbyList(h, 0, [1,0,1,0,0,2,0,1]);
1262 	if (h.substr(idxCertStatus, 2) === "80") {
1263 	    result.certStatus = "good";
1264 	} else if (h.substr(idxCertStatus, 2) === "a1") {
1265 	    result.certStatus = "revoked";
1266 	    result.revocationTime = 
1267 		hextoutf8(_getVbyList(h, idxCertStatus, [0]));
1268 	} else if (h.substr(idxCertStatus, 2) === "82") {
1269 	    result.certStatus = "unknown";
1270 	}
1271     } catch (ex) {};
1272 
1273     // thisUpdate
1274     try {
1275 	var idxThisUpdate = _getIdxbyList(h, 0, [1,0,1,0,0,2,0,2]);
1276 	result.thisUpdate = hextoutf8(_getV(h, idxThisUpdate));
1277     } catch (ex) {};
1278 
1279     // nextUpdate
1280     try {
1281 	var idxEncapNextUpdate = _getIdxbyList(h, 0, [1,0,1,0,0,2,0,3]);
1282 	if (h.substr(idxEncapNextUpdate, 2) === "a0") {
1283 	    result.nextUpdate = 
1284 		hextoutf8(_getVbyList(h, idxEncapNextUpdate, [0]));
1285 	}
1286     } catch (ex) {};
1287 
1288     return result;
1289 };
1290 
1291 /**
1292  * OCSP request and response parser<br/>
1293  * @name KJUR.asn1.ocsp.OCSPParser
1294  * @class OCSP request and response parser
1295  * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
1296  *
1297  * @description
1298  * This class provides ASN.1 parser for
1299  * OCSP related ASN.1 data. <br/>
1300  * NOTE: OCSPResponse parser supported from jsrsasign 10.4.0.
1301  * <br/>
1302  * This parser supports following OCSP ASN.1 classes:
1303  * <ul>
1304  * <li>OCSP REQUEST
1305  * <ul>
1306  * <li>OCSPRequest - {@link KJUR.asn1.ocsp.OCSPParser#getOCSPRequest}</li>
1307  * <li>TBSRequest - {@link KJUR.asn1.ocsp.OCSPParser#getTBSRequest}</li>
1308  * <li>SEQUENCE OF Request - {@link KJUR.asn1.ocsp.OCSPParser#getRequestList}</li>
1309  * <li>Request - {@link KJUR.asn1.ocsp.OCSPParser#getRequest}</li>
1310  * </ul>
1311  * </li>
1312  * <li>OCSP RESPONSE
1313  * <ul>
1314  * <li>OCSPResponse - {@link KJUR.asn1.ocsp.OCSPParser#getOCSPResponse}</li>
1315  * <li>ResponseBytes - {@link KJUR.asn1.ocsp.OCSPParser#getResponseBytes}</li>
1316  * <li>BasicOCSPResponse - {@link KJUR.asn1.ocsp.OCSPParser#getBasicOCSPResponse}</li>
1317  * <li>ResponseData - {@link KJUR.asn1.ocsp.OCSPParser#getResponseData}</li>
1318  * <li>ResponderID - {@link KJUR.asn1.ocsp.OCSPParser#getResponderID}</li>
1319  * <li>SEQUENCE OF SingleResponse - {@link KJUR.asn1.ocsp.OCSPParser#getSingleResponseList}</li>
1320  * <li>SingleResponse - {@link KJUR.asn1.ocsp.OCSPParser#getSingleResponse}</li>
1321  * <li>CertStatus - {@link KJUR.asn1.ocsp.OCSPParser#getCertStatus}</li>
1322  * </ul>
1323  * </li>
1324  * <li>common
1325  * <ul>
1326  * <li>CertID - {@link KJUR.asn1.ocsp.OCSPParser#getCertID}</li>
1327  * </ul>
1328  * </li>
1329  * </ul>
1330  */
1331 KJUR.asn1.ocsp.OCSPParser = function() {
1332     var _Error = Error,
1333 	_X509 = X509,
1334 	_x509obj = new _X509(),
1335 	_ASN1HEX = ASN1HEX,
1336 	_getV = _ASN1HEX.getV,
1337 	_getTLV = _ASN1HEX.getTLV,
1338 	_getIdxbyList = _ASN1HEX.getIdxbyList,
1339 	_getVbyList = _ASN1HEX.getVbyList,
1340 	_getTLVbyList = _ASN1HEX.getTLVbyList,
1341 	_getVbyListEx = _ASN1HEX.getVbyListEx,
1342 	_getTLVbyListEx = _ASN1HEX.getTLVbyListEx,
1343 	_getChildIdx = _ASN1HEX.getChildIdx;
1344 
1345     /**
1346      * parse ASN.1 OCSPRequest<br/>
1347      * @name getOCSPRequest
1348      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1349      * @function
1350      * @param {String} h hexadecimal string of ASN.1 OCSPRequest
1351      * @return {Array} array of JSON object of OCSPRequest parameter
1352      * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
1353      *
1354      * @description
1355      * This method will parse a hexadecimal string of 
1356      * OCSPRequest ASN.1 class is defined in 
1357      * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
1358      * <pre>
1359      * OCSPRequest ::= SEQUENCE {
1360      *   tbsRequest              TBSRequest,
1361      *   optionalSignature  [0]  EXPLICIT Signature OPTIONAL }
1362      * TBSRequest  ::=  SEQUENCE {
1363      *   version            [0]  EXPLICIT Version DEFAULT v1,
1364      *   requestorName      [1]  EXPLICIT GeneralName OPTIONAL,
1365      *   requestList             SEQUENCE OF Request,
1366      *   requestExtensions  [2]  EXPLICIT Extensions OPTIONAL }
1367      * Signature       ::=     SEQUENCE {
1368      *   signatureAlgorithm      AlgorithmIdentifier,
1369      *   signature               BIT STRING,
1370      *   certs              [0] EXPLICIT SEQUENCE OF Certificate
1371      *                          OPTIONAL}
1372      * </pre>
1373      * Currently Signature in OCSPRequest is not supported.
1374      * <br/>
1375      * 
1376      * @see KJUR.asn1.ocsp.OCSPParser#getTBSRequest
1377      * @see KJUR.asn1.ocsp.OCSPRequest
1378      *
1379      * @example
1380      * o = new KJUR.asn1.ocsp.OCSPParser();
1381      * o.getOCSPRequest("30...") →
1382      * { array: [{
1383      *    "alg": "sha1",
1384      *    "issname": "105fa67a80089db5279f35ce830b43889ea3c70d",
1385      *    "isskey": "0f80611c823161d52f28e78d4638b42ce1c6d9e2",
1386      *    "sbjsn": "0fef62075d715dc5e1d8bd03775c9686" }]}
1387      */
1388     this.getOCSPRequest = function(h) {
1389 	var a = _getChildIdx(h, 0);
1390 
1391 	if (a.length != 1 && a.length != 2) {
1392 	    throw new _Error("wrong number elements: " + a.length);
1393 	}
1394 
1395 	var result = this.getTBSRequest(_getTLV(h, a[0]));
1396 	return result;
1397     };
1398 
1399     /**
1400      * parse ASN.1 TBSRequest of OCSP<br/>
1401      * @name getTBSRequest
1402      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1403      * @function
1404      * @param {String} h hexadecimal string of ASN.1 TBSRequest of OCSP
1405      * @return {Array} array of JSON object of TBSRequest parameter
1406      * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
1407      *
1408      * @description
1409      * This method will parse
1410      * TBSRequest ASN.1 class is defined in 
1411      * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
1412      * <pre>
1413      * TBSRequest  ::=  SEQUENCE {
1414      *   version            [0]  EXPLICIT Version DEFAULT v1,
1415      *   requestorName      [1]  EXPLICIT GeneralName OPTIONAL,
1416      *   requestList             SEQUENCE OF Request,
1417      *   requestExtensions  [2]  EXPLICIT Extensions OPTIONAL }
1418      * </pre>
1419      *
1420      * @see KJUR.asn1.ocsp.OCSPParser#getOCSPRequest
1421      * @see KJUR.asn1.ocsp.OCSPParser#getRequestList
1422      * @see KJUR.asn1.ocsp.TBSRequest
1423      *
1424      * @example
1425      * o = new KJUR.asn1.ocsp.OCSPParser();
1426      * o.getTBSRequest("30...") →
1427      * {array: [{
1428      *   "alg": "sha1",
1429      *   "issname": "105fa67a80089db5279f35ce830b43889ea3c70d",
1430      *   "isskey": "0f80611c823161d52f28e78d4638b42ce1c6d9e2",
1431      *   "sbjsn": "0fef62075d715dc5e1d8bd03775c9686" }]}
1432      */
1433     this.getTBSRequest = function(h) {
1434 	var result = {};
1435 	var hReqList = _getTLVbyListEx(h, 0, [0], "30");
1436 	result.array = this.getRequestList(hReqList);
1437 	var hExt = _getTLVbyListEx(h, 0, ["[2]", 0], "30");
1438 	if (hExt != null) {
1439 	    result.ext = _x509obj.getExtParamArray(hExt);
1440 	}
1441 
1442 	return result;
1443     };
1444 
1445     /**
1446      * parse ASN.1 SEQUENCE OF Request in OCSP<br/>
1447      * @name getRequestList
1448      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1449      * @function
1450      * @param {String} h hexadecimal string of ASN.1 SEQUENCE OF Request in OCSP
1451      * @return {Array} array of JSON object of Request parameter
1452      * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
1453      *
1454      * @description
1455      * This method will parse a hexadecimal string of
1456      * SEQUENCE OF Request ASN.1 class is defined in 
1457      * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
1458      * <br/>
1459      * NOTE: singleRequestExtensions is not supported yet in this version such as nonce.
1460      * <pre>
1461      * TBSRequest  ::=  SEQUENCE {
1462      *   version            [0]  EXPLICIT Version DEFAULT v1,
1463      *   requestorName      [1]  EXPLICIT GeneralName OPTIONAL,
1464      *   requestList             SEQUENCE OF Request,
1465      *   requestExtensions  [2]  EXPLICIT Extensions OPTIONAL }
1466      * Request ::= SEQUENCE {
1467      *   reqCert                  CertID,
1468      *   singleRequestExtensions  [0] EXPLICIT Extensions OPTIONAL }      
1469      * </pre>
1470      *
1471      * @see KJUR.asn1.ocsp.OCSPParser#getTBSRequest
1472      * @see KJUR.asn1.ocsp.OCSPParser#getRequest
1473      * @see KJUR.asn1.ocsp.RequestList
1474      * @see KJUR.asn1.ocsp.Request
1475      *
1476      * @example
1477      * o = new KJUR.asn1.ocsp.OCSPParser();
1478      * o.getRequestList("30...") →
1479      * [{ alg: "sha1"
1480      *   issname: "...hex...",
1481      *   isskey: "...hex...",
1482      *   sbjsn: "...hex...",
1483      *   ext: [<<singleRequestExtension parameters>>...] }]
1484      */
1485     this.getRequestList = function(h) {
1486 	var result = [];
1487 	var a = _getChildIdx(h, 0);
1488 	for (var i = 0; i < a.length; i++) {
1489 	    var h = _getTLV(h, a[i]);
1490 	    result.push(this.getRequest(h));
1491 	}
1492 	return result;
1493     };
1494 
1495     /**
1496      * parse ASN.1 Request of OCSP<br/>
1497      * @name getRequest
1498      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1499      * @function
1500      * @param {String} h hexadecimal string of ASN.1 Request of OCSP
1501      * @return JSON object of Request parameter
1502      * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
1503      *
1504      * @description
1505      * This method will parse a hexadecimal string of
1506      * Request ASN.1 class is defined in 
1507      * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
1508      * <pre>
1509      * Request ::= SEQUENCE {
1510      *   reqCert                  CertID,
1511      *   singleRequestExtensions  [0] EXPLICIT Extensions OPTIONAL }      
1512      * </pre>
1513      *
1514      * @see KJUR.asn1.ocsp.OCSPParser#getTBSRequest
1515      * @see KJUR.asn1.ocsp.OCSPParser#getRequestList
1516      * @see KJUR.asn1.ocsp.OCSPParser#getCertID
1517      * @see KJUR.asn1.ocsp.RequestList
1518      * @see KJUR.asn1.ocsp.Request
1519      * @see KJUR.asn1.ocsp.CertID
1520      *
1521      * @example
1522      * o = new KJUR.asn1.ocsp.OCSPParser();
1523      * o.getRequest("30...") →
1524      * { alg: "sha1"
1525      *   issname: "...hex...",
1526      *   isskey: "...hex...",
1527      *   sbjsn: "...hex...",
1528      *   ext: [<<singleRequestExtension parameters>>...] }
1529      */
1530     this.getRequest = function(h) {
1531 	var a = _getChildIdx(h, 0);
1532 	if (a.length != 1 && a.length != 2) {
1533 	    throw new _Error("wrong number elements: " + a.length);
1534 	}
1535 	
1536 	var params = this.getCertID(_getTLV(h, a[0]));
1537 
1538 	if (a.length == 2) {
1539 	    var idxExt = _getIdxbyList(h, 0, [1, 0]);
1540 	    params.ext = _x509obj.getExtParamArray(_getTLV(h, idxExt));
1541 	}
1542 
1543 	return params;
1544     };
1545 
1546     /**
1547      * parse ASN.1 CertID of OCSP<br/>
1548      * @name getCertID
1549      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1550      * @function
1551      * @param {String} h hexadecimal string of CertID
1552      * @return JSON object of CertID parameter
1553      * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
1554      *
1555      * @description
1556      * This method will parse a hexadecimal string of
1557      * CertID ASN.1 class is defined in 
1558      * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
1559      * <pre>
1560      * CertID ::= SEQUENCE {
1561      *   hashAlgorithm   AlgorithmIdentifier,
1562      *   issuerNameHash  OCTET STRING, -- Hash of issuer's DN
1563      *   issuerKeyHash   OCTET STRING, -- Hash of issuer's public key
1564      *   serialNumber    CertificateSerialNumber }
1565      * </pre>
1566      *
1567      * @see KJUR.asn1.ocsp.OCSPParser#getRequest
1568      * @see KJUR.asn1.ocsp.OCSPParser#getSingleResponse
1569      * @see KJUR.asn1.ocsp.CertID
1570      *
1571      * @example
1572      * o = new KJUR.asn1.ocsp.OCSPParser();
1573      * o.getCertID("30...") →
1574      * { alg: "sha1"
1575      *   issname: "...hex...",
1576      *   isskey: "...hex...",
1577      *   sbjsn: "...hex..." }
1578      */
1579     this.getCertID = function(h) {
1580 	var a = _getChildIdx(h, 0);
1581 	if (a.length != 4) {
1582 	    throw new _Error("wrong number elements: " + a.length);
1583 	}
1584 	
1585 	var x = new _X509();
1586 	var result = {};
1587 	result.alg = x.getAlgorithmIdentifierName(_getTLV(h, a[0]));
1588 	result.issname = _getV(h, a[1]);
1589 	result.isskey = _getV(h, a[2]);
1590 	result.sbjsn = _getV(h, a[3]);
1591 	
1592 	return result;
1593     };
1594 
1595     /**
1596      * parse ASN.1 OCSPResponse of OCSP<br/>
1597      * @name getOCSPResponse
1598      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1599      * @function
1600      * @param {String} h hexadecimal string of OCSPResponse
1601      * @return JSON object of OCSResponse parameter
1602      * @since jsrsasign 10.4.0 asn1ocsp 1.1.5
1603      *
1604      * @description
1605      * This method will parse a hexadecimal string of
1606      * ASN.1 OCSPResponse defined in
1607      * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
1608      * <pre>
1609      * OCSPResponse ::= SEQUENCE {
1610      *    responseStatus         OCSPResponseStatus,
1611      *    responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
1612      * OCSPResponseStatus ::= ENUMERATED {
1613      *     successful            (0),  -- Response has valid confirmations
1614      *     malformedRequest      (1),  -- Illegal confirmation request
1615      *     internalError         (2),  -- Internal error in issuer
1616      *     tryLater              (3),  -- Try again later
1617      *                                 -- (4) is not used
1618      *     sigRequired           (5),  -- Must sign the request
1619      *     unauthorized          (6)   -- Request unauthorized }
1620      * </pre>
1621      *
1622      * @see KJUR.asn1.ocsp.OCSPParser#getResponseBytes
1623      * @see KJUR.asn1.ocsp.OCSPResponse
1624      *
1625      * @example
1626      * o = new KJUR.asn1.ocsp.OCSPParser();
1627      * o.getOCSPResponse("30..") →
1628      * { resstatus: 0,
1629      *   restype: "ocspBasic",
1630      *   respid: {key: "12ab"},
1631      *   prodat: "20200903235959Z",
1632      *   array: [{
1633      *     certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"},
1634      *     status: {status: "good"},
1635      *     thisupdate: "20200903235959Z" }],
1636      *   ext: [{extname: "ocspNonce", hex: "1234abcd"}],
1637      *   alg: "SHA256withRSA",
1638      *   sighex: "12ab",
1639      *   certs: ["3082...", "3082..."] }
1640      */
1641     this.getOCSPResponse = function(h) {
1642 	var a = _getChildIdx(h, 0);
1643 	var result;
1644 
1645 	var hStatusV = _getV(h, a[0]);
1646 	var iStatusV = parseInt(hStatusV);
1647 	
1648 	if (a.length == 1) return {resstatus: iStatusV};
1649 
1650 	var hResponseBytes = _getTLVbyList(h, 0, [1, 0]);
1651 	result = this.getResponseBytes(hResponseBytes);
1652 	result.resstatus = iStatusV;
1653 	
1654 	return result;
1655     };
1656 
1657     /**
1658      * parse ASN.1 ResponseBytes of OCSP<br/>
1659      * @name getResponseBytes
1660      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1661      * @function
1662      * @param {String} h hexadecimal string of ResponseBytes
1663      * @return JSON object of ResponseBytes parameter
1664      * @since jsrsasign 10.4.0 asn1ocsp 1.1.5
1665      *
1666      * @description
1667      * This method will parse a hexadecimal string of
1668      * ASN.1 ResponseBytes defined in
1669      * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
1670      * <pre>
1671      * ResponseBytes ::=       SEQUENCE {
1672      *     responseType   OBJECT IDENTIFIER,
1673      *     response       OCTET STRING }
1674      * id-pkix-ocsp           OBJECT IDENTIFIER ::= { id-ad-ocsp }
1675      * id-pkix-ocsp-basic     OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
1676      *
1677      * BasicOCSPResponse       ::= SEQUENCE {
1678      *    tbsResponseData      ResponseData,
1679      *    signatureAlgorithm   AlgorithmIdentifier,
1680      *    signature            BIT STRING,
1681      *    certs            [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
1682      * </pre>
1683      *
1684      * @see KJUR.asn1.ocsp.OCSPParser#getOCSPResponse
1685      * @see KJUR.asn1.ocsp.OCSPParser#getBasicOCSPResponse
1686      * @see KJUR.asn1.ocsp.ResponseBytes
1687      *
1688      * @example
1689      * o = new KJUR.asn1.ocsp.OCSPParser();
1690      * o.getResponseBytes("30..") →
1691      * { restype: "ocspBasic",
1692      *   ...<<BasicOCSPResponse properties...>>...
1693      */
1694     this.getResponseBytes = function(h) {
1695 	var a = _getChildIdx(h, 0);
1696 	var result;
1697 
1698 	var hBasicOCSPResponse = _getTLVbyList(h, 0, [1, 0]);
1699 	result = this.getBasicOCSPResponse(hBasicOCSPResponse);
1700 
1701 	var hResTypeV = _getV(h, a[0]);
1702 	result.restype = KJUR.asn1.x509.OID.oid2name(hextooid(hResTypeV));
1703 	
1704 	return result;
1705     };
1706 
1707     /**
1708      * parse ASN.1 BasicOCSPResponse of OCSP<br/>
1709      * @name getBasicOCSPResponse
1710      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1711      * @function
1712      * @param {String} h hexadecimal string of BasicOCSPResponse
1713      * @return JSON object of BasicOCSPResponse parameter
1714      * @since jsrsasign 10.4.0 asn1ocsp 1.1.5
1715      *
1716      * @description
1717      * This method will parse a hexadecimal string of
1718      * BasicOCSPResponse defined in 
1719      * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
1720      * <pre>
1721      * BasicOCSPResponse       ::= SEQUENCE {
1722      *    tbsResponseData      ResponseData,
1723      *    signatureAlgorithm   AlgorithmIdentifier,
1724      *    signature            BIT STRING,
1725      *    certs            [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
1726      * </pre>
1727      *
1728      * @see KJUR.asn1.ocsp.OCSPParser#getResponseBytes
1729      * @see KJUR.asn1.ocsp.OCSPParser#getResponseData
1730      * @see KJUR.asn1.ocsp.BasicOCSPResponse
1731      *
1732      * @example
1733      * o = new KJUR.asn1.ocsp.OCSPParser();
1734      * o.getBasicOCSPResponse("30..") →
1735      * { ...<<ResponseData properties...>>...
1736      *   sigalg: "SHA256withRSA",
1737      *   sighex: "12abcd...",
1738      *   certs: [<<PEMorHEXstringOfCert1>>,...] });
1739      */
1740     this.getBasicOCSPResponse = function(h) {
1741 	var a = _getChildIdx(h, 0);
1742 	var result;
1743 
1744 	result = this.getResponseData(_getTLV(h, a[0]));
1745 
1746 	var x = new X509();
1747 	result.alg = x.getAlgorithmIdentifierName(_getTLV(h, a[1]));
1748 
1749 	var hSigHex = _getV(h, a[2]);
1750 	result.sighex = hSigHex.substr(2);
1751 	
1752 	var hExt = _getVbyListEx(h, 0, ["[0]"]);
1753 	if (hExt != null) {
1754 	    var aCertIdx = _getChildIdx(hExt, 0);
1755 	    var aCert = [];
1756 	    for (var i = 0; i < aCertIdx.length; i++) {
1757 		var hCert = _getTLV(hExt, aCertIdx[i]);
1758 		aCert.push(hCert);
1759 	    }
1760 	    result.certs = aCert;
1761 	}
1762 
1763 	return result;
1764     };
1765 
1766     /**
1767      * parse ASN.1 ResponseData of OCSP<br/>
1768      * @name getResponseData
1769      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1770      * @function
1771      * @param {String} h hexadecimal string of ResponseData
1772      * @return JSON object of ResponseData parameter
1773      * @since jsrsasign 10.4.0 asn1ocsp 1.1.5
1774      *
1775      * @description
1776      * This method will parse a hexadecimal string of
1777      * ASN.1 ResponseData defined in
1778      * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
1779      * <pre>
1780      * ResponseData ::= SEQUENCE {
1781      *    version              [0] EXPLICIT Version DEFAULT v1,
1782      *    responderID              ResponderID,
1783      *    producedAt               GeneralizedTime,
1784      *    responses                SEQUENCE OF SingleResponse,
1785      *    responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
1786      * </pre>
1787      *
1788      * @see KJUR.asn1.ocsp.OCSPParser#getBasicOCSPResponse
1789      * @see KJUR.asn1.ocsp.OCSPParser#getSingleResponse
1790      * @see KJUR.asn1.ocsp.ResponseData
1791      *
1792      * @example
1793      * o = new KJUR.asn1.ocsp.OCSPParser();
1794      * o.getResponseData("30..") →
1795      * { respid: {key: "12ab..."},
1796      *   prodat: "20200903235959Z",
1797      *   array: [<<SingleResponse parameter1>>, ...],
1798      *   ext: [
1799      *     {extname:"ocspNonce",hex:"12ab..."}]}
1800      */
1801     this.getResponseData = function(h) {
1802 	var a = _getChildIdx(h, 0);
1803 	var alen = a.length;
1804 	var result = {};
1805 	var idx = 0;
1806 
1807 	// skip to relax interoperability even though explicit DEFAULT
1808 	if (h.substr(a[0], 2) == "a0") idx++;
1809 
1810 	result.respid = this.getResponderID(_getTLV(h, a[idx++]));
1811 	
1812 	var hProdAtV = _getV(h, a[idx++]);
1813 	result.prodat = hextoutf8(hProdAtV);
1814 	
1815 	result.array = this.getSingleResponseList(_getTLV(h, a[idx++]));
1816 
1817 	if (h.substr(a[alen - 1], 2) == "a1") {
1818 	    var hExt =  _getTLVbyList(h, a[alen - 1], [0]);
1819 	    var x = new X509();
1820 	    result.ext = x.getExtParamArray(hExt);
1821 	}
1822 
1823 	return result;
1824     };
1825 
1826     /**
1827      * parse ASN.1 ResponderID of OCSP<br/>
1828      * @name getResponderID
1829      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1830      * @function
1831      * @param {String} h hexadecimal string of ResponderID
1832      * @return JSON object of ResponderID parameter
1833      * @since jsrsasign 10.4.0 asn1ocsp 1.1.5
1834      * @see KJUR.asn1.ocsp.ResponderID
1835      *
1836      * @description
1837      * <pre>
1838      * ResponderID ::= CHOICE {
1839      *    byName               [1] Name,
1840      *    byKey                [2] KeyHash }
1841      * KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key
1842      *                             (excluding the tag and length fields)
1843      * </pre>
1844      *
1845      * @example
1846      * o = new KJUR.asn1.ocsp.OCSPParser();
1847      * o.getResponderID("a1..") → {name: {array: [[{type:"C",value:"JP",ds:"prn"}]...]}}
1848      * o.getResponderID("a2..") → {key: "12ab..."}
1849      */
1850     this.getResponderID = function(h) {
1851 	var result = {};
1852 
1853 	if (h.substr(0, 2) == "a2") {
1854 	    var hKeyV = _getVbyList(h, 0, [0]);
1855 	    result.key = hKeyV;
1856 	}
1857 	if (h.substr(0, 2) == "a1") {
1858 	    var hName = _getTLVbyList(h, 0, [0]);
1859 	    var x = new X509();
1860 	    result.name = x.getX500Name(hName);
1861 	}
1862 	
1863 	return result;
1864     };
1865 
1866     /**
1867      * parse ASN.1 SEQUENCE OF SingleResponse of OCSP<br/>
1868      * @name getSingleResponseList
1869      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1870      * @function
1871      * @param {String} h hexadecimal string of SEQUENCE OF SingleResponse
1872      * @return array of SingleResponse parameter JSON object
1873      * @since jsrsasign 10.4.0 asn1ocsp 1.1.5
1874      *
1875      * @description
1876      * This method will parse a hexadecimal string of
1877      * ASN.1 class of SEQUENCE OF SingleResponse is defined in 
1878      * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
1879      * <pre>
1880      * ResponseData ::= SEQUENCE {
1881      *    version              [0] EXPLICIT Version DEFAULT v1,
1882      *    responderID              ResponderID,
1883      *    producedAt               GeneralizedTime,
1884      *    responses                SEQUENCE OF SingleResponse,
1885      *    responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
1886      * SingleResponse ::= SEQUENCE {
1887      *    certID                       CertID,
1888      *    certStatus                   CertStatus,
1889      *    thisUpdate                   GeneralizedTime,
1890      *    nextUpdate         [0]       EXPLICIT GeneralizedTime OPTIONAL,
1891      *    singleExtensions   [1]       EXPLICIT Extensions OPTIONAL }
1892      * </pre>
1893      *
1894      * @see KJUR.asn1.ocsp.OCSPParse#getResponseData
1895      * @see KJUR.asn1.ocsp.OCSPParse#getSingleResponse
1896      * @see KJUR.asn1.ocsp.OCSPParse#getCertID
1897      * @see KJUR.asn1.ocsp.SingleResponseList
1898      *
1899      * @example
1900      * o = new KJUR.asn1.ocsp.OCSPParser();
1901      * o.getSingleResponseList("30..") →
1902      * [{ certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"},
1903      *    status: {status: "good"},
1904      *    thisupdate: "20200903235959Z",
1905      *    nextupdate: "20200913235959Z",
1906      *    ext: [<<Extension parameters>>...] }]
1907      */
1908     this.getSingleResponseList = function(h) {
1909 	var a = _getChildIdx(h, 0);
1910 	var result = [];
1911 
1912 	for (var i = 0; i < a.length; i++) {
1913 	    var p = this.getSingleResponse(_getTLV(h, a[i]));
1914 	    result.push(p);
1915 	}
1916 	return result;
1917     };
1918 
1919     /**
1920      * parse ASN.1 SingleResponse of OCSP<br/>
1921      * @name getSingleResponse
1922      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1923      * @function
1924      * @param {String} h hexadecimal string of SingleResponse
1925      * @return JSON object of SingleResponse parameter
1926      * @since jsrsasign 10.4.0 asn1ocsp 1.1.5
1927      *
1928      * @description
1929      * This method will parse a hexadecimal string of
1930      * ASN.1 class of SingleResponse is defined in 
1931      * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
1932      * <pre>
1933      * SingleResponse ::= SEQUENCE {
1934      *    certID                       CertID,
1935      *    certStatus                   CertStatus,
1936      *    thisUpdate                   GeneralizedTime,
1937      *    nextUpdate         [0]       EXPLICIT GeneralizedTime OPTIONAL,
1938      *    singleExtensions   [1]       EXPLICIT Extensions OPTIONAL }
1939      * </pre>
1940      *
1941      * @see KJUR.asn1.ocsp.OCSPParse#getSingleResponseList
1942      * @see KJUR.asn1.ocsp.OCSPParse#getCertID
1943      * @see KJUR.asn1.ocsp.SingleResponse
1944      *
1945      * @example
1946      * o = new KJUR.asn1.ocsp.OCSPParser();
1947      * o.getSingleResponse("30..") →
1948      * { certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"},
1949      *   status: {status: "good"},
1950      *   thisupdate: "20200903235959Z",
1951      *   nextupdate: "20200913235959Z",
1952      *   ext: [<<Extension parameters>>...] }
1953      */
1954     this.getSingleResponse = function(h) {
1955 	var a = _getChildIdx(h, 0);
1956 	var result = {};
1957 
1958 	// 1. CertID
1959 	var pCertID = this.getCertID(_getTLV(h, a[0]));
1960 	result.certid = pCertID;
1961 
1962 	// 2. CertStatus
1963 	var pCertStatus = this.getCertStatus(_getTLV(h, a[1]));
1964 	result.status = pCertStatus;
1965 
1966 	// 3. ThisUpdate(GeneralizedTime)
1967 	if (h.substr(a[2], 2) == "18") {
1968 	    var hThisUpdateV = _getV(h, a[2]);
1969 	    result.thisupdate = hextoutf8(hThisUpdateV);
1970 	}
1971 	
1972 	// 4. OPTIONAL(nextUpdate, singleExtensions)
1973 	for (var i = 3; i < a.length; i++) {
1974 	    if (h.substr(a[i], 2) == "a0") { // nextUpdate
1975 		var hNextUpdateV = _getVbyList(h, a[i], [0], "18");
1976 		result.nextupdate = hextoutf8(hNextUpdateV);
1977 	    }
1978 	    if (h.substr(a[i], 2) == "a1") { // singleExtensions
1979 		var x = new X509();
1980 		var hExt = _getTLVbyList(h, 0, [i, 0]);
1981 		result.ext = x.getExtParamArray(hExt);
1982 	    }
1983 	}
1984 
1985 	return result;
1986     };
1987 
1988     /**
1989      * parse ASN.1 CertStatus of OCSP<br/>
1990      * @name getCertStatus
1991      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1992      * @function
1993      * @param {String} h hexadecimal string of CertStatus
1994      * @return JSON object of CertStatus parameter
1995      * @since jsrsasign 10.4.0 asn1ocsp 1.1.5
1996      * @see KJUR.asn1.ocsp.CertStatus
1997      *
1998      * @description
1999      * <pre>
2000      * CertStatus ::= CHOICE {
2001      *     good        [0]     IMPLICIT NULL,
2002      *     revoked     [1]     IMPLICIT RevokedInfo,
2003      *     unknown     [2]     IMPLICIT UnknownInfo }
2004      * RevokedInfo ::= SEQUENCE {
2005      *     revocationTime              GeneralizedTime,
2006      *     revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
2007      * UnknownInfo ::= NULL
2008      * </pre>
2009      * NOTE: Currently revocationReason not supported.
2010      *
2011      * @example
2012      * o = new KJUR.asn1.ocsp.OCSPParser();
2013      * o.getCertStatus("8000") → {status: "good"}
2014      * o.getCertStatus("8200") → {status: "unknown"}
2015      * o.getCertStatus("a1..") → {status: "revoked", time: "2021...Z"}
2016      */
2017     this.getCertStatus = function(h) {
2018 	var result = {};
2019 	if (h == "8000") return {status: "good"};
2020 	if (h == "8200") return {status: "unknown"};
2021 	if (h.substr(0, 2) == "a1") {
2022 	    result.status = "revoked";
2023 	    var hTime = _getVbyList(h, 0, [0]);
2024 	    var sTime = hextoutf8(hTime);
2025 	    result.time = sTime;
2026 	}
2027 	return result;
2028     };
2029 };
2030 
2031