1 /* asn1ocsp-1.1.8.js (c) 2016-2022 Kenji Urushima | kjur.github.io/jsrsasign/license 2 */ 3 /* 4 * asn1ocsp.js - ASN.1 DER encoder classes for OCSP protocol 5 * 6 * Copyright (c) 2016-2021 Kenji Urushima (kenji.urushima@gmail.com) 7 * 8 * This software is licensed under the terms of the MIT License. 9 * https://kjur.github.io/jsrsasign/license 10 * 11 * The above copyright and license notice shall be 12 * included in all copies or substantial portions of the Software. 13 */ 14 15 /** 16 * @fileOverview 17 * @name asn1ocsp-1.0.js 18 * @author Kenji Urushima kenji.urushima@gmail.com 19 * @version jsrsasign 10.5.20 asn1ocsp 1.1.8 (2022-Apr-25) 20 * @since jsrsasign 6.1.0 21 * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a> 22 */ 23 24 if (typeof KJUR == "undefined" || !KJUR) KJUR = {}; 25 if (typeof KJUR.asn1 == "undefined" || !KJUR.asn1) KJUR.asn1 = {}; 26 27 /** 28 * ASN.1 classes for OCSP protocol<br/> 29 * <p> 30 * This name space provides 31 * <a href="https://tools.ietf.org/html/rfc6960">RFC 6960 32 * Online Certificate Status Protocol (OCSP)</a> ASN.1 request and response generator. 33 * 34 * <h4>FEATURES</h4> 35 * <ul> 36 * <li>easily generate OCSP data by JSON object</li> 37 * </ul> 38 * 39 * <h4>OCSP Response Encoder Classes</h4> 40 * <ul> 41 * <li>{@link KJUR.asn1.ocsp.OCSPResponse}</li> 42 * <li>{@link KJUR.asn1.ocsp.ResponseBytes}</li> 43 * <li>{@link KJUR.asn1.ocsp.BasicOCSPResponse}</li> 44 * <li>{@link KJUR.asn1.ocsp.ResponseData}</li> 45 * <li>{@link KJUR.asn1.ocsp.ResponderID}</li> 46 * <li>{@link KJUR.asn1.ocsp.SingleResponseList}</li> 47 * <li>{@link KJUR.asn1.ocsp.SingleResponse}</li> 48 * <li>{@link KJUR.asn1.ocsp.CertID}</li> 49 * <li>{@link KJUR.asn1.ocsp.CertStatus}</li> 50 * </ul> 51 * 52 * <h4>OCSP Request Encoder Classes</h4> 53 * <ul> 54 * <li>{@link KJUR.asn1.ocsp.OCSPRequest}</li> 55 * <li>{@link KJUR.asn1.ocsp.TBSRequest}</li> 56 * <li>{@link KJUR.asn1.ocsp.Request}</li> 57 * <li>{@link KJUR.asn1.ocsp.CertID}</li> 58 * </ul> 59 * 60 * <h4>OCSP Utility classes</h4> 61 * <ul> 62 * <li>{@link KJUR.asn1.ocsp.OCSPUtil} - simple request parser</li> 63 * <li>{@link KJUR.asn1.ocsp.OCSPParser} - request parser</li> 64 * </ul> 65 * </p> 66 * @name KJUR.asn1.ocsp 67 * @namespace 68 */ 69 if (typeof KJUR.asn1.ocsp == "undefined" || !KJUR.asn1.ocsp) KJUR.asn1.ocsp = {}; 70 71 KJUR.asn1.ocsp.DEFAULT_HASH = "sha1"; 72 73 /** 74 * OCSPResponse ASN.1 class encoder<br/> 75 * @name KJUR.asn1.ocsp.OCSPResponse 76 * @class OCSPResponse ASN.1 class encoder 77 * @param {Array} params JSON object of constructor parameters 78 * @extends KJUR.asn1.ASN1Object 79 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 80 * @see KJUR.asn1.ocsp.ResponseBytes 81 * 82 * @description 83 * OCSPResponse ASN.1 class is defined in 84 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 85 * <pre> 86 * OCSPResponse ::= SEQUENCE { 87 * responseStatus OCSPResponseStatus, 88 * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } 89 * OCSPResponseStatus ::= ENUMERATED { 90 * successful (0), -- Response has valid confirmations 91 * malformedRequest (1), -- Illegal confirmation request 92 * internalError (2), -- Internal error in issuer 93 * tryLater (3), -- Try again later 94 * -- (4) is not used 95 * sigRequired (5), -- Must sign the request 96 * unauthorized (6) -- Request unauthorized 97 * } 98 * </pre> 99 * This constructor accepts all parameter of 100 * {@link KJUR.asn1.ocsp.ResponseBytes} for "successful" response. 101 * Further more following property is needed: 102 * <ul> 103 * <li>{Number or String}resstats - responseStatus value by 104 * a number or name. (ex. 2, "internalError")</li> 105 * </ul> 106 * 107 * @example 108 * // default constructor for "successful" 109 * o = new KJUR.asn1.ocsp.OCSPResponse({ 110 * resstatus: "successful", 111 * <<ResponseBytes parameters>> 112 * }); 113 * // constructor for error 114 * new KJUR.asn1.ocsp.OCSPResponse({resstatus: 1}) 115 * new KJUR.asn1.ocsp.OCSPResponse({resstatus: "unauthorized"}) 116 */ 117 KJUR.asn1.ocsp.OCSPResponse = function(params) { 118 KJUR.asn1.ocsp.OCSPResponse.superclass.constructor.call(this); 119 120 var _DEREnumerated = KJUR.asn1.DEREnumerated, 121 _newObject = KJUR.asn1.ASN1Util.newObject, 122 _ResponseBytes = KJUR.asn1.ocsp.ResponseBytes; 123 124 var _aSTATUSNAME = ["successful", "malformedRequest", "internalError", 125 "tryLater", "_not_used_", "sigRequired", "unauthorized"]; 126 127 this.params = null; 128 129 this._getStatusCode = function() { 130 var code = this.params.resstatus; 131 if (typeof code == "number") return code; 132 if (typeof code != "string") return -1; 133 return _aSTATUSNAME.indexOf(code); 134 }; 135 136 this.setByParam = function(params) { 137 this.params = params; 138 }; 139 140 this.tohex = function() { 141 var params = this.params; 142 143 var code = this._getStatusCode(); 144 if (code == -1) { 145 throw new Error("responseStatus not supported: " + 146 params.resstatus); 147 } 148 149 if (code != 0) { 150 return _newObject({seq: [{'enum': {'int': code}}]}).tohex(); 151 } 152 153 var dResBytes = new _ResponseBytes(params); 154 return _newObject({seq: [ 155 {'enum': {'int': 0}}, 156 {tag: {tag: "a0", explicit: true, obj: dResBytes}} 157 ]}).tohex(); 158 }; 159 this.getEncodedHex = function() { return this.tohex(); }; 160 161 if (params !== undefined) this.setByParam(params); 162 }; 163 extendClass(KJUR.asn1.ocsp.OCSPResponse, KJUR.asn1.ASN1Object); 164 165 /** 166 * ResponseBytes ASN.1 class encoder<br/> 167 * @name KJUR.asn1.ocsp.ResponseBytes 168 * @class ResponseBytes ASN.1 class encoder 169 * @param {Array} params JSON object of constructor parameters 170 * @extends KJUR.asn1.ASN1Object 171 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 172 * @see KJUR.asn1.ocsp.OCSPResponse 173 * @see KJUR.asn1.ocsp.BasicOCSPResponse 174 * 175 * @description 176 * OCSPResponse ASN.1 class is defined in 177 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 178 * <pre> 179 * ResponseBytes ::= SEQUENCE { 180 * responseType OBJECT IDENTIFIER, 181 * response OCTET STRING } 182 * id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp } 183 * id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 } 184 * </pre> 185 * This constructor accepts all parameter of 186 * {@link KJUR.asn1.ocsp.BasicOCSPResponse}. 187 * Further more following property is needed: 188 * <ul> 189 * <li>{String}restype - only "ocspBasic" can be available</li> 190 * </ul> 191 * 192 * @example 193 * o = new KJUR.asn1.ocsp.ResponseBytes({ 194 * restype: "ocspBasic", 195 * // BasicOCSPResponse properties shall be specified 196 * }); 197 */ 198 KJUR.asn1.ocsp.ResponseBytes = function(params) { 199 KJUR.asn1.ocsp.ResponseBytes.superclass.constructor.call(this); 200 201 var _KJUR_asn1 = KJUR.asn1, 202 _DERSequence = _KJUR_asn1.DERSequence, 203 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 204 _DEROctetString = _KJUR_asn1.DEROctetString, 205 _BasicOCSPResponse = _KJUR_asn1.ocsp.BasicOCSPResponse; 206 207 this.params = null; 208 209 this.setByParam = function(params) { 210 this.params = params; 211 }; 212 213 this.tohex = function() { 214 var params = this.params; 215 216 if (params.restype != "ocspBasic") { 217 throw new Error("not supported responseType: " + params.restype); 218 } 219 220 var dBasic = new _BasicOCSPResponse(params); 221 222 var a = []; 223 a.push(new _DERObjectIdentifier({name: "ocspBasic"})); 224 a.push(new _DEROctetString({hex: dBasic.tohex()})); 225 226 var seq = new _DERSequence({array: a}); 227 return seq.tohex(); 228 }; 229 this.getEncodedHex = function() { return this.tohex(); }; 230 231 if (params !== undefined) this.setByParam(params); 232 }; 233 extendClass(KJUR.asn1.ocsp.ResponseBytes, KJUR.asn1.ASN1Object); 234 235 /** 236 * BasicOCSPResponse ASN.1 class encoder<br/> 237 * @name KJUR.asn1.ocsp.BasicOCSPResponse 238 * @class BasicOCSPResponse ASN.1 class encoder 239 * @param {Array} params JSON object of constructor parameters 240 * @extends KJUR.asn1.ASN1Object 241 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 242 * @see KJUR.asn1.ocsp.OCSPResponse 243 * @see KJUR.asn1.ocsp.ResponseBytes 244 * @see KJUR.asn1.ocsp.BasicOCSPResponse 245 * @see KJUR.asn1.ocsp.ResponseData 246 * 247 * @description 248 * OCSPResponse ASN.1 class is defined in 249 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 250 * <pre> 251 * BasicOCSPResponse ::= SEQUENCE { 252 * tbsResponseData ResponseData, 253 * signatureAlgorithm AlgorithmIdentifier, 254 * signature BIT STRING, 255 * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 256 * </pre> 257 * This constructor accepts all parameter of 258 * {@link KJUR.asn1.ocsp.ResponseData}. 259 * Further more following properties are available: 260 * <ul> 261 * <li>{ASN1Object}tbsresp (OPTION) - {@link KJUR.asn1.ASN1Object} or its 262 * sub class object for tbsReponseData, 263 * genelally {@link KJUR.asn1.ocsp.ResponseData}. 264 * When "tbsresp" not specified, tbsresp will be set by 265 * other parameters internally.</li> 266 * <li>{String}sigalg - signatureAlgrithm name (ex. "SHA256withRSA")</li> 267 * <li>{Object}reskey (OPTION) - specifies OCSP response signing private key. 268 * Parameter "reskey" or "sighex" shall be specified. 269 * Following values can be specified: 270 * <ul> 271 * <li>PKCS#1/5 or PKCS#8 PEM string of private key</li> 272 * <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful 273 * to generate a key object.</li> 274 * </ul> 275 * </li> 276 * <li>{String}sighex (OPTION) - hexadecimal string of signature value 277 * (i.e. ASN.1 value(V) of signatureValue BIT STRING without 278 * unused bits)</li> 279 * <li>{Array}certs (OPTION) - array of PEM or hexadecimal string of 280 * certificate such as OCSP responder certificate</li> 281 * </ul> 282 * 283 * @example 284 * // response data will be signed by "reskey" 285 * new KJUR.asn1.ocsp.BasicOCSPResponse({ 286 * ...<<ResponseData properties...>>... 287 * sigalg: "SHA256withRSA", 288 * reskey: <<OCSP Responder private key PEM or object>>, 289 * certs: [<<PEMorHEXstringOfCert1>>,...] }); 290 * 291 * // explicitly specify "signature" by "sighex" 292 * new KJUR.asn1.ocsp.BasicOCSPResponse({ 293 * ...<<ResponseData properties...>>... 294 * sigalg: "SHA256withRSA", 295 * sighex: "12abcd...", 296 * certs: [<<PEMorHEXstringOfCert1>>,...] }); 297 * 298 * // explicitly specify "tbsResponseData" and sign 299 * new KJUR.asn1.ocsp.BasicOCSPResponse({ 300 * { tbsresp: <<subclass of ASN1Object>>, 301 * sigalg: "SHA256withRSA", 302 * reskey: <<OCSP Responder private key PEM or object>>, 303 * certs: [<<PEMorHEXstringOfCert1>>,...] } 304 */ 305 KJUR.asn1.ocsp.BasicOCSPResponse = function(params) { 306 KJUR.asn1.ocsp.BasicOCSPResponse.superclass.constructor.call(this); 307 308 var _Error = Error, 309 _KJUR_asn1 = KJUR.asn1, 310 _ASN1Object = _KJUR_asn1.ASN1Object, 311 _DERSequence = _KJUR_asn1.DERSequence, 312 _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime, 313 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 314 _DERBitString = _KJUR_asn1.DERBitString, 315 _Extensions = _KJUR_asn1.x509.Extensions, 316 _AlgorithmIdentifier = _KJUR_asn1.x509.AlgorithmIdentifier, 317 _KJUR_asn1_ocsp = _KJUR_asn1.ocsp, 318 _ResponderID = _KJUR_asn1_ocsp.ResponderID; 319 _SingleResponseList = _KJUR_asn1_ocsp.SingleResponseList, 320 _ResponseData = _KJUR_asn1_ocsp.ResponseData; 321 322 this.params = null; 323 324 this.setByParam = function(params) { 325 this.params = params; 326 }; 327 328 this.sign = function() { 329 var params = this.params; 330 var hTBS = params.tbsresp.tohex(); 331 var sig = new KJUR.crypto.Signature({alg: params.sigalg}); 332 sig.init(params.reskey); 333 sig.updateHex(hTBS); 334 params.sighex = sig.sign(); 335 }; 336 337 this.tohex = function() { 338 var params = this.params; 339 340 if (params.tbsresp == undefined) { 341 params.tbsresp = new _ResponseData(params); 342 } 343 344 if (params.sighex == undefined && params.reskey != undefined) { 345 this.sign(); 346 } 347 348 var a = []; 349 a.push(params.tbsresp); 350 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 351 a.push(new _DERBitString({hex: "00" + params.sighex})); 352 353 if (params.certs != undefined && 354 params.certs.length != undefined) { 355 var aCert = []; 356 for (var i = 0; i < params.certs.length; i++) { 357 var sCert = params.certs[i]; 358 var hCert = null; 359 if (ASN1HEX.isASN1HEX(sCert)) { 360 hCert = sCert; 361 } else if (sCert.match(/-----BEGIN/)) { 362 hCert = pemtohex(sCert); 363 } else { 364 throw new _Error("certs[" + i + "] not hex or PEM"); 365 } 366 aCert.push(new _ASN1Object({tlv: hCert})); 367 } 368 var seqCert = new _DERSequence({array: aCert}); 369 a.push(new _DERTaggedObject({tag:'a0',explicit:true,obj:seqCert})); 370 } 371 372 var seq = new _DERSequence({array: a}); 373 return seq.tohex(); 374 }; 375 this.getEncodedHex = function() { return this.tohex(); }; 376 377 if (params !== undefined) this.setByParam(params); 378 }; 379 extendClass(KJUR.asn1.ocsp.BasicOCSPResponse, KJUR.asn1.ASN1Object); 380 381 /** 382 * ResponseData ASN.1 class encoder<br/> 383 * @name KJUR.asn1.ocsp.ResponseData 384 * @class ResponseData ASN.1 class encoder 385 * @param {Array} params JSON object of constructor parameters 386 * @extends KJUR.asn1.ASN1Object 387 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 388 * @see KJUR.asn1.ocsp.OCSPResponse 389 * @see KJUR.asn1.ocsp.ResponseBytes 390 * @see KJUR.asn1.ocsp.BasicOCSPResponse 391 * @see KJUR.asn1.ocsp.ResponseData 392 * @see KJUR.asn1.ocsp.SingleResponse 393 * @see KJUR.asn1.x509.Extensions 394 * @see KJUR.asn1.DERGeneralizedTime 395 * 396 * @description 397 * ResponseData ASN.1 class is defined in 398 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 399 * <pre> 400 * ResponseData ::= SEQUENCE { 401 * version [0] EXPLICIT Version DEFAULT v1, 402 * responderID ResponderID, 403 * producedAt GeneralizedTime, 404 * responses SEQUENCE OF SingleResponse, 405 * responseExtensions [1] EXPLICIT Extensions OPTIONAL } 406 * </pre> 407 * Following properties are available: 408 * <ul> 409 * <li>{Array}respid - JSON object of {@link KJUR.asn1.ocsp.ResponseID} parameter 410 * for "responderID"</li> 411 * <li>{Object}prodat - string or JSON parameter of 412 * {@link KJUR.asn1.DERGeneralizedTime} (ex. "20200904235959Z")</li> 413 * <li>{Array}responses - array of {@link KJUR.asn1.ocsp.SingleResponse} 414 * parameters</li> 415 * <li>{Array}ext (OPTION) - array of extension parameters 416 * for "responseExtensions".</li> 417 * </ul> 418 * 419 * @example 420 * new KJUR.asn1.ocsp.ResponseData({ 421 * respid: {key: "12ab..."}, 422 * prodat: "20200903235959Z", 423 * array: [ 424 * <<SingleResponse parameter1>>, ... 425 * ], 426 * ext: [{extname:"ocspNonce",hex:"12ab..."}] 427 * }); 428 */ 429 KJUR.asn1.ocsp.ResponseData = function(params) { 430 KJUR.asn1.ocsp.ResponseData.superclass.constructor.call(this); 431 432 var _Error = Error, 433 _KJUR_asn1 = KJUR.asn1, 434 _DERSequence = _KJUR_asn1.DERSequence, 435 _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime, 436 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 437 _Extensions = _KJUR_asn1.x509.Extensions, 438 _KJUR_asn1_ocsp = _KJUR_asn1.ocsp, 439 _ResponderID = _KJUR_asn1_ocsp.ResponderID; 440 _SingleResponseList = _KJUR_asn1_ocsp.SingleResponseList; 441 442 this.params = null; 443 444 this.tohex = function() { 445 var params = this.params; 446 if (params.respid != undefined) new _Error("respid not specified"); 447 if (params.prodat != undefined) new _Error("prodat not specified"); 448 if (params.array != undefined) new _Error("array not specified"); 449 450 var a = []; 451 a.push(new _ResponderID(params.respid)); 452 a.push(new _DERGeneralizedTime(params.prodat)); 453 a.push(new _SingleResponseList(params.array)); 454 455 if (params.ext != undefined) { 456 var dExt = new _Extensions(params.ext); 457 a.push(new _DERTaggedObject({tag:'a1', explicit:true, obj:dExt})); 458 } 459 460 var seq = new _DERSequence({array: a}); 461 return seq.tohex(); 462 }; 463 this.getEncodedHex = function() { return this.tohex(); }; 464 465 this.setByParam = function(params) { 466 this.params = params; 467 }; 468 469 if (params !== undefined) this.setByParam(params); 470 }; 471 extendClass(KJUR.asn1.ocsp.ResponseData, KJUR.asn1.ASN1Object); 472 473 /** 474 * ResponderID ASN.1 class encoder<br/> 475 * @name KJUR.asn1.ocsp.ResponderID 476 * @class ResponderID ASN.1 class encoder 477 * @param {Array} params JSON object of constructor parameters 478 * @extends KJUR.asn1.ASN1Object 479 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 480 * @see KJUR.asn1.ocsp.OCSPResponse 481 * @see KJUR.asn1.ocsp.ResponseBytes 482 * @see KJUR.asn1.ocsp.BasicOCSPResponse 483 * @see KJUR.asn1.ocsp.ResponseData 484 * @see X509#getSubject 485 * @see X509#getExtSubjectKeyIdentifier 486 * 487 * @description 488 * ResponderID ASN.1 class is defined in 489 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 490 * <pre> 491 * ResponderID ::= CHOICE { 492 * byName [1] Name, 493 * byKey [2] KeyHash } 494 * KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key 495 * (excluding the tag and length fields) 496 * </pre> 497 * Following properties are available: 498 * <ul> 499 * <li>{Array}name (OPTION) - JSON object of {@link KJUR.asn1.x509.X500Name} parameter, 500 * PEM string of X.509 certificate or {@link X509} object for "byName",</li> 501 * <li>{String}key (OPTION) - hexadecimal string of KeyHash value, 502 * PEM string of X.509 certificate or {@link X509} object for "byKey"</li> 503 * </ul> 504 * <br/> 505 * NOTE: From jsrsasign 10.5.20, "name" and "key" member values can be 506 * specified by PEM string of X.509 certificate or {@link X509} object. 507 * For "name", subject field of the certificate will be used and 508 * for "key", subjectKeyIdentifier extension value of the certificate will be used 509 * respectively. 510 * 511 * @example 512 * new KJUR.asn1.ocsp.ResponderID({key: "12ab..."}) 513 * new KJUR.asn1.ocsp.ResponderID({name: {str: "/C=JP/O=Resp"}}) 514 * new KJUR.asn1.ocsp.ResponderID({name: {array: [[{type:"C",value:"JP",ds:"prn"}]...]}}) 515 * // by certificate 516 * new KJUR.asn1.ocsp.ResponderID({key: "-----BEGIN CERTIFICATE..."}) 517 * new KJUR.asn1.ocsp.ResponderID({name: "-----BEGIN CERTIFICATE..."}) 518 * // by X509 object 519 * new KJUR.asn1.ocsp.ResponderID({key: new X509(...)}) 520 * new KJUR.asn1.ocsp.ResponderID({name: new X509(...)}) 521 */ 522 KJUR.asn1.ocsp.ResponderID = function(params) { 523 KJUR.asn1.ocsp.ResponderID.superclass.constructor.call(this); 524 var _KJUR = KJUR, 525 _KJUR_asn1 = _KJUR.asn1, 526 _newObject = _KJUR_asn1.ASN1Util.newObject, 527 _X500Name = _KJUR_asn1.x509.X500Name, 528 _isHex = _KJUR.lang.String.isHex, 529 _Error = Error; 530 531 this.params = null; 532 533 this.tohex = function() { 534 var params = this.params; 535 if (params.key != undefined) { 536 var hKey = null; 537 if (typeof params.key == "string") { 538 if (_isHex(params.key)) hKey = params.key; 539 if (params.key.match(/-----BEGIN CERTIFICATE/)) { 540 var x = new X509(params.key); 541 var extSKID = x.getExtSubjectKeyIdentifier(); 542 if (extSKID != null) hKey = extSKID.kid.hex; 543 } 544 } else if (params.key instanceof X509) { 545 var extSKID = params.key.getExtSubjectKeyIdentifier(); 546 if (extSKID != null) hKey = extSKID.kid.hex; 547 } 548 if (hKey == null) throw new _Error("wrong key member value"); 549 var dTag = _newObject({tag: {tag:"a2", 550 explicit:true, 551 obj:{octstr:{hex:hKey}}}}); 552 return dTag.tohex(); 553 } else if (params.name != undefined) { 554 var pName = null; 555 if (typeof params.name == "string" && 556 params.name.match(/-----BEGIN CERTIFICATE/)) { 557 var x = new X509(params.name); 558 pName = x.getSubject(); 559 } else if (params.name instanceof X509) { 560 pName = params.name.getSubject(); 561 } else if (typeof params.name == "object" && 562 (params.name.array != undefined || 563 params.name.str != undefined)) { 564 pName = params.name; 565 } 566 if (pName == null) throw new _Error("wrong name member value"); 567 var dTag = _newObject({tag: {tag:"a1", 568 explicit:true, 569 obj:new _X500Name(pName)}}); 570 return dTag.tohex(); 571 } 572 throw new _Error("key or name not specified"); 573 }; 574 this.getEncodedHex = function() { return this.tohex(); }; 575 576 this.setByParam = function(params) { 577 this.params = params; 578 }; 579 580 if (params !== undefined) this.setByParam(params); 581 }; 582 extendClass(KJUR.asn1.ocsp.ResponderID, KJUR.asn1.ASN1Object); 583 584 /** 585 * ASN.1 class encoder for SEQUENCE OF SingleResponse<br/> 586 * @name KJUR.asn1.ocsp.SingleResponseList 587 * @class ASN.1 class encoder for SEQUENCE OF SingleResponse 588 * @param {Array} params array of JSON object for SingleResponse parameters 589 * @extends KJUR.asn1.ASN1Object 590 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 591 * @see KJUR.asn1.ocsp.OCSPResponse 592 * @see KJUR.asn1.ocsp.ResponseBytes 593 * @see KJUR.asn1.ocsp.BasicOCSPResponse 594 * @see KJUR.asn1.ocsp.ResponseData 595 * @see KJUR.asn1.ocsp.SingleResponse 596 * 597 * @description 598 * ASN.1 class of SEQUENCE OF SingleResponse is defined in 599 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 600 * <pre> 601 * ResponseData ::= SEQUENCE { 602 * version [0] EXPLICIT Version DEFAULT v1, 603 * responderID ResponderID, 604 * producedAt GeneralizedTime, 605 * responses SEQUENCE OF SingleResponse, 606 * responseExtensions [1] EXPLICIT Extensions OPTIONAL } 607 * SingleResponse ::= SEQUENCE { 608 * certID CertID, 609 * certStatus CertStatus, 610 * thisUpdate GeneralizedTime, 611 * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, 612 * singleExtensions [1] EXPLICIT Extensions OPTIONAL } 613 * </pre> 614 * Following properties are available: 615 * <ul> 616 * <li>{Array}name (OPTION) - JSON object of {@link KJUR.asn1.x509.X500Name} parameter 617 * for "byName"</li> 618 * <li>{String}key (OPTION) - hexadecimal string of KeyHash value</li> 619 * </ul> 620 * 621 * @example 622 * new KJUR.asn1.ocsp.SingleResponseList([{ 623 * certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"}, 624 * status: {status: "good"}, 625 * thisupdate: "20200903235959Z" 626 * },{ 627 * certid: {alg:"sha1",issname:"24ab",isskey:"24ab",sbjsn:"24ab"}, 628 * status: {status: "good"}, 629 * thisupdate: "20200904235959Z" 630 * ]) 631 */ 632 KJUR.asn1.ocsp.SingleResponseList = function(params) { 633 KJUR.asn1.ocsp.SingleResponseList.superclass.constructor.call(this); 634 635 var _KJUR_asn1 = KJUR.asn1, 636 _DERSequence = _KJUR_asn1.DERSequence, 637 _SingleResponse = _KJUR_asn1.ocsp.SingleResponse; 638 639 this.params = null; 640 641 this.tohex = function() { 642 var params = this.params; 643 644 if (typeof params != "object" || params.length == undefined) { 645 throw new Error("params not specified properly"); 646 } 647 648 var a = []; 649 for (var i = 0; i < params.length; i++) { 650 a.push(new _SingleResponse(params[i])); 651 } 652 653 var seq = new _DERSequence({array: a}); 654 return seq.tohex(); 655 }; 656 this.getEncodedHex = function() { return this.tohex(); }; 657 658 this.setByParam = function(params) { 659 this.params = params; 660 }; 661 662 if (params !== undefined) this.setByParam(params); 663 }; 664 extendClass(KJUR.asn1.ocsp.SingleResponseList, KJUR.asn1.ASN1Object); 665 666 /** 667 * SingleResponse ASN.1 class encoder<br/> 668 * @name KJUR.asn1.ocsp.SingleResponse 669 * @class SingleResponse ASN.1 class encoder 670 * @param {Array} params JSON object for SingleResponse parameter 671 * @extends KJUR.asn1.ASN1Object 672 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 673 * @see KJUR.asn1.ocsp.OCSPResponse 674 * @see KJUR.asn1.ocsp.ResponseBytes 675 * @see KJUR.asn1.ocsp.BasicOCSPResponse 676 * @see KJUR.asn1.ocsp.ResponseData 677 * @see KJUR.asn1.ocsp.SingleResponse 678 * @see KJUR.asn1.ocsp.CertID 679 * @see KJUR.asn1.ocsp.CertStatus 680 * 681 * @description 682 * ASN.1 class of SEQUENCE OF SingleResponse is defined in 683 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 684 * <pre> 685 * SingleResponse ::= SEQUENCE { 686 * certID CertID, 687 * certStatus CertStatus, 688 * thisUpdate GeneralizedTime, 689 * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, 690 * singleExtensions [1] EXPLICIT Extensions OPTIONAL } 691 * </pre> 692 * Following properties are available: 693 * <ul> 694 * <li>{Array}certid - JSON object of {@link KJUR.asn1.ocsp.CertID} parameter</li> 695 * <li>{Array}status - JSON object of {@link KJUR.asn1.ocsp.CertStatus} parameter</li> 696 * <li>{Object}thisupdate - {@link KJUR.asn1.DERGeneralizedTime} parameter 697 * for "thisUpdate"</li> 698 * <li>{Object}nextupdate (OPTION) - {@link KJUR.asn1.DERGeneralizedTime} parameter 699 * for "nextUpdate"</li> 700 * <li>{Array}ext (OPTION) - array of JSON object 701 * {@link KJUR.asn1.x509.Extension} sub class parameter for 702 * "singleExtensions"</li> 703 * </ul> 704 * 705 * @example 706 * new KJUR.asn1.ocsp.SingleResponse({ 707 * certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"}, 708 * status: {status: "good"}, 709 * thisupdate: "20200903235959Z", 710 * nextupdate: "20200913235959Z", 711 * ext: [<<Extension parameters>>...] 712 * }) 713 */ 714 KJUR.asn1.ocsp.SingleResponse = function(params) { 715 var _Error = Error, 716 _KJUR = KJUR, 717 _KJUR_asn1 = _KJUR.asn1, 718 _DERSequence = _KJUR_asn1.DERSequence, 719 _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime, 720 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 721 _KJUR_asn1_ocsp = _KJUR_asn1.ocsp, 722 _CertID = _KJUR_asn1_ocsp.CertID, 723 _CertStatus = _KJUR_asn1_ocsp.CertStatus, 724 _KJUR_asn1_x509 = _KJUR_asn1.x509, 725 _Extensions = _KJUR_asn1_x509.Extensions; 726 727 _KJUR_asn1_ocsp.SingleResponse.superclass.constructor.call(this); 728 729 this.params = null; 730 731 this.tohex = function() { 732 var params = this.params; 733 var a = []; 734 735 if (params.certid == undefined) throw new _Error("certid unspecified"); 736 if (params.status == undefined) throw new _Error("status unspecified"); 737 if (params.thisupdate == undefined) throw new _Error("thisupdate unspecified"); 738 739 a.push(new _CertID(params.certid)); 740 a.push(new _CertStatus(params.status)); 741 a.push(new _DERGeneralizedTime(params.thisupdate)); 742 743 if (params.nextupdate != undefined) { 744 var dTime = new _DERGeneralizedTime(params.nextupdate); 745 a.push(new _DERTaggedObject({tag:'a0', explicit:true, obj:dTime})); 746 } 747 748 if (params.ext != undefined) { 749 var dExt = new _Extensions(params.ext); 750 a.push(new _DERTaggedObject({tag:'a1', explicit:true, obj:dExt})); 751 } 752 753 var seq = new _DERSequence({array: a}); 754 return seq.tohex(); 755 }; 756 this.getEncodedHex = function() { return this.tohex(); }; 757 758 this.setByParam = function(params) { 759 this.params = params; 760 }; 761 762 if (params !== undefined) this.setByParam(params); 763 }; 764 extendClass(KJUR.asn1.ocsp.SingleResponse, KJUR.asn1.ASN1Object); 765 766 /** 767 * ASN.1 CertID class for OCSP<br/> 768 * @name KJUR.asn1.ocsp.CertID 769 * @class ASN.1 CertID class for OCSP 770 * @param {Array} params JSON object of parameters 771 * @extends KJUR.asn1.ASN1Object 772 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 773 * @see KJUR.asn1.ocsp.SingleResponse 774 * @see KJUR.asn1.x509.AlgorithmIdentifier 775 * 776 * @description 777 * CertID ASN.1 class is defined in 778 * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 779 * <pre> 780 * CertID ::= SEQUENCE { 781 * hashAlgorithm AlgorithmIdentifier, 782 * issuerNameHash OCTET STRING, -- Hash of issuer's DN 783 * issuerKeyHash OCTET STRING, -- Hash of issuer's public key 784 * serialNumber CertificateSerialNumber } 785 * </pre> 786 * Following properties are available in "params" of the constructor: 787 * <ul> 788 * <li>{String}alg (OPTION) - hash algorithm name. Default is "sha1" (ex, "sha1")</li> 789 * <li>{String}issname (OPTION) - hexadecimal string of issuerNameHash</li> 790 * <li>{String}isskey (OPTION) - hexadecimal string of issuerKeyHash</li> 791 * <li>{String}sbjsn (OPTION) - hexadecimal string of serial number of subject certificate</li> 792 * <li>{String}issuerCert (OPTION) - PEM string of issuer certificate. 793 * Property "issname" and "isskey" will be set by "issuerCert".</li> 794 * <li>{String}subjectCert (OPTION) - PEM string of issuer certificate. 795 * Property "sbjsn" will be set by "subjectCert".</li> 796 * </ul> 797 * <br/> 798 * NOTE: Properties "namehash", "keyhash" and "serial" are 799 * changed to "issname", "isskey", and "sbjsn" respectively 800 * since jsrsasign 9.1.6 asn1ocsp 1.1.0. 801 * 802 * @example 803 * // constructor with explicit values (changed since jsrsasign 9.1.6) 804 * new KJUR.asn1.ocsp.CertID({issname: "1a...", isskey: "ad...", sbjsn: "1234", alg: "sha256"}); 805 * 806 * // constructor with certs (sha1 is used by default) 807 * o = new KJUR.asn1.ocsp.CertID({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN..."}); 808 * 809 * // constructor with certs and sha256 810 * o = new KJUR.asn1.ocsp.CertID({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"}); 811 */ 812 KJUR.asn1.ocsp.CertID = function(params) { 813 var _KJUR = KJUR, 814 _KJUR_asn1 = _KJUR.asn1, 815 _DEROctetString = _KJUR_asn1.DEROctetString, 816 _DERInteger = _KJUR_asn1.DERInteger, 817 _DERSequence = _KJUR_asn1.DERSequence, 818 _KJUR_asn1_x509 = _KJUR_asn1.x509, 819 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 820 _KJUR_asn1_ocsp = _KJUR_asn1.ocsp, 821 _DEFAULT_HASH = _KJUR_asn1_ocsp.DEFAULT_HASH, 822 _KJUR_crypto = _KJUR.crypto, 823 _hashHex = _KJUR_crypto.Util.hashHex, 824 _X509 = X509, 825 _ASN1HEX = ASN1HEX, 826 _getVbyList = _ASN1HEX.getVbyList; 827 828 _KJUR_asn1_ocsp.CertID.superclass.constructor.call(this); 829 830 this.DEFAULT_HASH = "sha1"; 831 this.params = null; 832 833 /** 834 * set CertID ASN.1 object by values.<br/> 835 * @name setByValue 836 * @memberOf KJUR.asn1.ocsp.CertID# 837 * @function 838 * @param {String} issuerNameHashHex hexadecimal string of hash value of issuer name 839 * @param {String} issuerKeyHashHex hexadecimal string of hash value of issuer public key 840 * @param {String} serialNumberHex hexadecimal string of certificate serial number to be verified 841 * @param {String} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1 842 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 843 * @example 844 * o = new KJUR.asn1.ocsp.CertID(); 845 * o.setByValue("1fac...", "fd3a...", "1234"); // sha1 is used by default 846 * o.setByValue("1fac...", "fd3a...", "1234", "sha256"); 847 */ 848 this.setByValue = function(issuerNameHashHex, issuerKeyHashHex, 849 serialNumberHex, algName) { 850 if (algName == undefined) algName = this.DEFAULT_HASH; 851 this.params = { 852 alg: algName, 853 issname: issuerNameHashHex, 854 isskey: issuerKeyHashHex, 855 sbjsn: serialNumberHex 856 }; 857 }; 858 859 /** 860 * set CertID ASN.1 object by PEM certificates.<br/> 861 * @name setByCert 862 * @memberOf KJUR.asn1.ocsp.CertID# 863 * @function 864 * @param {String} issuerCert string of PEM issuer certificate 865 * @param {String} subjectCert string of PEM subject certificate to be verified by OCSP 866 * @param {String} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1 867 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 868 * @deprecated since jsrsasign 10.5.7 asn1ocsp 1.1.6. Please use setByParam instead. 869 * 870 * @example 871 * o = new KJUR.asn1.ocsp.CertID(); 872 * o.setByCert("-----BEGIN...", "-----BEGIN..."); // sha1 is used by default 873 * o.setByCert("-----BEGIN...", "-----BEGIN...", "sha256"); 874 */ 875 this.setByCert = function(issuerCert, subjectCert, algName) { 876 if (algName == undefined) algName = this.DEFAULT_HASH; 877 this.params = { 878 alg: algName, 879 issuerCert: issuerCert, 880 subjectCert: subjectCert, 881 }; 882 }; 883 884 /** 885 * calculate CertID parameter by certificates.<br/> 886 * @name getParamByCerts 887 * @memberOf KJUR.asn1.ocsp.CertID# 888 * @function 889 * @param {string} issuerCert string of PEM issuer certificate 890 * @param {string} subjectCert string of PEM subject certificate to be verified by OCSP 891 * @param {string} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1 892 * @param {object} associative array with alg, issname, isskey and sbjsn members 893 * @since jsrsasign 10.5.7 asn1ocsp 1.1.6 894 * 895 * @description 896 * This method calculates issuer name hash, issuer key hash and subject serial 897 * number then returns an associative array with alg, issname, isskey and sbjsn members. 898 * 899 * @example 900 * o = new KJUR.asn1.ocsp.CertID(); 901 * o.getParamByCerts("-----BEGIN...", "-----BEGIN...", "sha256") → 902 * { 903 * alg: "sha256", 904 * issname: "12abcd...", 905 * isskey: "23cdef...", 906 * sbjsn: "57b3..." 907 * } 908 */ 909 this.getParamByCerts = function(issCert, sbjCert, algName) { 910 if (algName == undefined) algName = this.DEFAULT_HASH; 911 var xISS = new _X509(issCert); 912 var xSBJ = new _X509(sbjCert); 913 var issname = _hashHex(xISS.getSubjectHex(), algName); 914 var hSPKI = xISS.getPublicKeyHex(); 915 var isskey = _hashHex(_getVbyList(hSPKI, 0, [1], "03", true), algName); 916 var sbjsn = xSBJ.getSerialNumberHex(); 917 var info = { 918 alg: algName, 919 issname: issname, 920 isskey: isskey, 921 sbjsn: sbjsn 922 }; 923 return info; 924 }; 925 926 this.tohex = function() { 927 if (typeof this.params != "object") throw new Error("params not set"); 928 929 var p = this.params; 930 var issname, isskey, sbjsn, alg; 931 932 if (p.alg == undefined) { 933 alg = this.DEFAULT_HASH; 934 } else { 935 alg = p.alg; 936 } 937 938 if (p.issuerCert != undefined && 939 p.subjectCert != undefined) { 940 var info = this.getParamByCerts(p.issuerCert, p.subjectCert, alg); 941 issname = info.issname; 942 isskey = info.isskey; 943 sbjsn = info.sbjsn; 944 } else if (p.issname != undefined && 945 p.isskey != undefined && 946 p.sbjsn != undefined) { 947 issname = p.issname; 948 isskey = p.isskey; 949 sbjsn = p.sbjsn; 950 } else { 951 throw new Error("required param members not defined"); 952 } 953 954 var dAlg = new _AlgorithmIdentifier({name: alg}); 955 var dIssName = new _DEROctetString({hex: issname}); 956 var dIssKey = new _DEROctetString({hex: isskey}); 957 var dSbjSn = new _DERInteger({hex: sbjsn}); 958 var seq = new _DERSequence({array: [dAlg, dIssName, dIssKey, dSbjSn]}); 959 this.hTLV = seq.tohex(); 960 return this.hTLV; 961 }; 962 this.getEncodedHex = function() { return this.tohex(); }; 963 964 if (params !== undefined) this.setByParam(params); 965 }; 966 extendClass(KJUR.asn1.ocsp.CertID, KJUR.asn1.ASN1Object); 967 968 /** 969 * CertStatus ASN.1 class encoder<br/> 970 * @name KJUR.asn1.ocsp.CertStatus 971 * @class CertStatus ASN.1 class encoder 972 * @param {Array} params JSON object for CertStatus parameter 973 * @extends KJUR.asn1.ASN1Object 974 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 975 * @see KJUR.asn1.ocsp.OCSPResponse 976 * @see KJUR.asn1.ocsp.ResponseBytes 977 * @see KJUR.asn1.ocsp.BasicOCSPResponse 978 * @see KJUR.asn1.ocsp.ResponseData 979 * @see KJUR.asn1.ocsp.SingleResponse 980 * @see KJUR.asn1.ocsp.CertID 981 * @see KJUR.asn1.ocsp.CertStatus 982 * 983 * @description 984 * ASN.1 class of SEQUENCE OF SingleResponse is defined in 985 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 986 * <pre> 987 * CertStatus ::= CHOICE { 988 * good [0] IMPLICIT NULL, 989 * revoked [1] IMPLICIT RevokedInfo, 990 * unknown [2] IMPLICIT UnknownInfo } 991 * RevokedInfo ::= SEQUENCE { 992 * revocationTime GeneralizedTime, 993 * revocationReason [0] EXPLICIT CRLReason OPTIONAL } 994 * UnknownInfo ::= NULL 995 * CRLReason ::= ENUMERATED { 996 * unspecified (0), 997 * keyCompromise (1), 998 * cACompromise (2), 999 * affiliationChanged (3), 1000 * superseded (4), 1001 * cessationOfOperation (5), 1002 * certificateHold (6), 1003 * -- value 7 is not used 1004 * removeFromCRL (8), 1005 * privilegeWithdrawn (9), 1006 * aACompromise (10) } 1007 * </pre> 1008 * Following properties are available: 1009 * <ul> 1010 * <li>{String}status - "good", "revoked" or "unknown"</li> 1011 * <li>{String}time (OPTION) - revocationTime YYYYMMDDHHmmSSZ (ex. "20200904235959Z")</li> 1012 * <li>{Number}reason (OPTION) - revocationReason code number</li> 1013 * </ul> 1014 * 1015 * @example 1016 * new KJUR.asn1.ocsp.CertStatus({status: "good"}) 1017 * new KJUR.asn1.ocsp.CertStatus({status: "revoked", time: "20200903235959Z"}) 1018 * new KJUR.asn1.ocsp.CertStatus({status: "revoked", time: "20200903235959Z", reason: 3}) 1019 * new KJUR.asn1.ocsp.CertStatus({status: "unknown"}) 1020 */ 1021 KJUR.asn1.ocsp.CertStatus = function(params) { 1022 KJUR.asn1.ocsp.CertStatus.superclass.constructor.call(this); 1023 1024 this.params = null; 1025 1026 this.tohex = function() { 1027 var params = this.params; 1028 if (params.status == "good") return "8000"; 1029 if (params.status == "unknown") return "8200"; 1030 if (params.status == "revoked") { 1031 var a = [{gentime: {str: params.time}}]; 1032 if (params.reason != undefined) { 1033 a.push({tag: {tag: 'a0', 1034 explicit: true, 1035 obj: {'enum': {'int': params.reason}}}}); 1036 } 1037 var tagParam = {tag: 'a1', explicit: false, obj: {seq: a}}; 1038 return KJUR.asn1.ASN1Util.newObject({tag: tagParam}).tohex(); 1039 } 1040 throw new Error("bad status"); 1041 }; 1042 this.getEncodedHex = function() { return this.tohex(); }; 1043 1044 this.setByParam = function(params) { 1045 this.params = params; 1046 }; 1047 1048 if (params !== undefined) this.setByParam(params); 1049 }; 1050 extendClass(KJUR.asn1.ocsp.CertStatus, KJUR.asn1.ASN1Object); 1051 1052 // ---- END OF Classes for OCSP response ----------------------------------- 1053 1054 /** 1055 * ASN.1 Request class for OCSP<br/> 1056 * @name KJUR.asn1.ocsp.Request 1057 * @class ASN.1 Request class for OCSP 1058 * @param {Array} params associative array of parameters 1059 * @extends KJUR.asn1.ASN1Object 1060 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 1061 * @description 1062 * Request ASN.1 class is defined in 1063 * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 1064 * singleRequestExtensions is not supported yet in this version such as nonce. 1065 * <pre> 1066 * Request ::= SEQUENCE { 1067 * reqCert CertID, 1068 * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } 1069 * </pre> 1070 * @example 1071 * // default constructor 1072 * o = new KJUR.asn1.ocsp.Request(); 1073 * // constructor with certs (sha1 is used by default) 1074 * o = new KJUR.asn1.ocsp.Request({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN..."}); 1075 * // constructor with certs and sha256 1076 * o = new KJUR.asn1.ocsp.Request({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"}); 1077 * // constructor with values 1078 * o = new KJUR.asn1.ocsp.Request({namehash: "1a...", keyhash: "ad...", serial: "1234", alg: "sha256"}); 1079 */ 1080 KJUR.asn1.ocsp.Request = function(params) { 1081 var _KJUR = KJUR, 1082 _KJUR_asn1 = _KJUR.asn1, 1083 _DERSequence = _KJUR_asn1.DERSequence, 1084 _KJUR_asn1_ocsp = _KJUR_asn1.ocsp; 1085 1086 _KJUR_asn1_ocsp.Request.superclass.constructor.call(this); 1087 this.dReqCert = null; 1088 this.dExt = null; 1089 1090 this.tohex = function() { 1091 var a = []; 1092 1093 // 1. reqCert 1094 if (this.dReqCert === null) 1095 throw "reqCert not set"; 1096 a.push(this.dReqCert); 1097 1098 // 2. singleRequestExtensions (not supported yet) 1099 1100 // 3. construct SEQUENCE 1101 var seq = new _DERSequence({array: a}); 1102 this.hTLV = seq.tohex(); 1103 return this.hTLV; 1104 }; 1105 this.getEncodedHex = function() { return this.tohex(); }; 1106 1107 if (typeof params !== "undefined") { 1108 var o = new _KJUR_asn1_ocsp.CertID(params); 1109 this.dReqCert = o; 1110 } 1111 }; 1112 extendClass(KJUR.asn1.ocsp.Request, KJUR.asn1.ASN1Object); 1113 1114 /** 1115 * ASN.1 TBSRequest class for OCSP<br/> 1116 * @name KJUR.asn1.ocsp.TBSRequest 1117 * @class ASN.1 TBSRequest class for OCSP 1118 * @param {Array} params associative array of parameters 1119 * @extends KJUR.asn1.ASN1Object 1120 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 1121 * @description 1122 * TBSRequest ASN.1 class is defined in 1123 * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 1124 * <pre> 1125 * TBSRequest ::= SEQUENCE { 1126 * version [0] EXPLICIT Version DEFAULT v1, 1127 * requestorName [1] EXPLICIT GeneralName OPTIONAL, 1128 * requestList SEQUENCE OF Request, 1129 * requestExtensions [2] EXPLICIT Extensions OPTIONAL } 1130 * </pre> 1131 * @example 1132 * // default constructor 1133 * o = new KJUR.asn1.ocsp.TBSRequest(); 1134 * // constructor with requestList parameter 1135 * o = new KJUR.asn1.ocsp.TBSRequest({reqList:[ 1136 * {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg:}, 1137 * {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"} 1138 * ]}); 1139 */ 1140 KJUR.asn1.ocsp.TBSRequest = function(params) { 1141 var _KJUR = KJUR, 1142 _KJUR_asn1 = _KJUR.asn1, 1143 _DERSequence = _KJUR_asn1.DERSequence, 1144 _KJUR_asn1_ocsp = _KJUR_asn1.ocsp; 1145 1146 _KJUR_asn1_ocsp.TBSRequest.superclass.constructor.call(this); 1147 this.version = 0; 1148 this.dRequestorName = null; 1149 this.dRequestList = []; 1150 this.dRequestExt = null; 1151 1152 /** 1153 * set TBSRequest ASN.1 object by array of parameters.<br/> 1154 * @name setRequestListByParam 1155 * @memberOf KJUR.asn1.ocsp.TBSRequest# 1156 * @function 1157 * @param {Array} aParams array of parameters for Request class 1158 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 1159 * @example 1160 * o = new KJUR.asn1.ocsp.TBSRequest(); 1161 * o.setRequestListByParam([ 1162 * {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg:}, 1163 * {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"} 1164 * ]); 1165 */ 1166 this.setRequestListByParam = function(aParams) { 1167 var a = []; 1168 for (var i = 0; i < aParams.length; i++) { 1169 var dReq = new _KJUR_asn1_ocsp.Request(aParams[0]); 1170 a.push(dReq); 1171 } 1172 this.dRequestList = a; 1173 }; 1174 1175 this.tohex = function() { 1176 var a = []; 1177 1178 // 1. version 1179 if (this.version !== 0) 1180 throw "not supported version: " + this.version; 1181 1182 // 2. requestorName 1183 if (this.dRequestorName !== null) 1184 throw "requestorName not supported"; 1185 1186 // 3. requestList 1187 var seqRequestList = 1188 new _DERSequence({array: this.dRequestList}); 1189 a.push(seqRequestList); 1190 1191 // 4. requestExtensions 1192 if (this.dRequestExt !== null) 1193 throw "requestExtensions not supported"; 1194 1195 // 5. construct SEQUENCE 1196 var seq = new _DERSequence({array: a}); 1197 this.hTLV = seq.tohex(); 1198 return this.hTLV; 1199 }; 1200 this.getEncodedHex = function() { return this.tohex(); }; 1201 1202 if (params !== undefined) { 1203 if (params.reqList !== undefined) 1204 this.setRequestListByParam(params.reqList); 1205 } 1206 }; 1207 extendClass(KJUR.asn1.ocsp.TBSRequest, KJUR.asn1.ASN1Object); 1208 1209 1210 /** 1211 * ASN.1 OCSPRequest class for OCSP<br/> 1212 * @name KJUR.asn1.ocsp.OCSPRequest 1213 * @class ASN.1 OCSPRequest class for OCSP 1214 * @param {Array} params associative array of parameters 1215 * @extends KJUR.asn1.ASN1Object 1216 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 1217 * @description 1218 * OCSPRequest ASN.1 class is defined in 1219 * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 1220 * A signed request is not supported yet in this version. 1221 * <pre> 1222 * OCSPRequest ::= SEQUENCE { 1223 * tbsRequest TBSRequest, 1224 * optionalSignature [0] EXPLICIT Signature OPTIONAL } 1225 * </pre> 1226 * @example 1227 * // default constructor 1228 * o = new KJUR.asn1.ocsp.OCSPRequest(); 1229 * // constructor with requestList parameter 1230 * o = new KJUR.asn1.ocsp.OCSPRequest({reqList:[ 1231 * {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg:}, 1232 * {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"} 1233 * ]}); 1234 */ 1235 KJUR.asn1.ocsp.OCSPRequest = function(params) { 1236 var _KJUR = KJUR, 1237 _KJUR_asn1 = _KJUR.asn1, 1238 _DERSequence = _KJUR_asn1.DERSequence, 1239 _KJUR_asn1_ocsp = _KJUR_asn1.ocsp; 1240 1241 _KJUR_asn1_ocsp.OCSPRequest.superclass.constructor.call(this); 1242 this.dTbsRequest = null; 1243 this.dOptionalSignature = null; 1244 1245 this.tohex = function() { 1246 var a = []; 1247 1248 // 1. tbsRequest 1249 if (this.dTbsRequest !== null) { 1250 a.push(this.dTbsRequest); 1251 } else { 1252 throw "tbsRequest not set"; 1253 } 1254 1255 // 2. optionalSignature 1256 if (this.dOptionalSignature !== null) 1257 throw "optionalSignature not supported"; 1258 1259 // 3. construct SEQUENCE 1260 var seq = new _DERSequence({array: a}); 1261 this.hTLV = seq.tohex(); 1262 return this.hTLV; 1263 }; 1264 this.getEncodedHex = function() { return this.tohex(); }; 1265 1266 if (params !== undefined) { 1267 if (params.reqList !== undefined) { 1268 var o = new _KJUR_asn1_ocsp.TBSRequest(params); 1269 this.dTbsRequest = o; 1270 } 1271 } 1272 }; 1273 extendClass(KJUR.asn1.ocsp.OCSPRequest, KJUR.asn1.ASN1Object); 1274 1275 /** 1276 * Utility class for OCSP<br/> 1277 * @name KJUR.asn1.ocsp.OCSPUtil 1278 * @class Utility class for OCSP 1279 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 1280 * @description 1281 * This class provides utility static methods for OCSP. 1282 * <ul> 1283 * <li>{@link KJUR.asn1.ocsp.OCSPUtil.getRequestHex} - generates hexadecimal string of OCSP request</li> 1284 * </ul> 1285 */ 1286 KJUR.asn1.ocsp.OCSPUtil = {}; 1287 1288 /** 1289 * generates hexadecimal string of OCSP request<br/> 1290 * @name getRequestHex 1291 * @memberOf KJUR.asn1.ocsp.OCSPUtil 1292 * @function 1293 * @param {String} issuerCert string of PEM issuer certificate 1294 * @param {String} subjectCert string of PEM subject certificate to be verified by OCSP 1295 * @param {String} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1 1296 * @return {String} hexadecimal string of generated OCSP request 1297 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 1298 * @description 1299 * This static method generates hexadecimal string of OCSP request. 1300 * @example 1301 * // generate OCSP request using sha1 algorithnm by default. 1302 * hReq = KJUR.asn1.ocsp.OCSPUtil.getRequestHex("-----BEGIN...", "-----BEGIN..."); 1303 */ 1304 KJUR.asn1.ocsp.OCSPUtil.getRequestHex = function(issuerCert, subjectCert, alg) { 1305 var _KJUR = KJUR, 1306 _KJUR_asn1 = _KJUR.asn1, 1307 _KJUR_asn1_ocsp = _KJUR_asn1.ocsp; 1308 1309 if (alg === undefined) alg = _KJUR_asn1_ocsp.DEFAULT_HASH; 1310 var param = {alg: alg, issuerCert: issuerCert, subjectCert: subjectCert}; 1311 var o = new _KJUR_asn1_ocsp.OCSPRequest({reqList: [param]}); 1312 return o.tohex(); 1313 }; 1314 1315 /** 1316 * simple parser for OCSPResponse (DEPRECATED)<br/> 1317 * @name getOCSPResponseInfo 1318 * @memberOf KJUR.asn1.ocsp.OCSPUtil 1319 * @function 1320 * @param {String} h hexadecimal string of DER OCSPResponse 1321 * @return {Object} JSON object of parsed OCSPResponse 1322 * @since jsrsasign 6.1.0 asn1ocsp 1.0.1 1323 * @deprecated since jsrsasign 10.4.0 asn1ocsp 1.1.5 Please use OCSPParser.getOCSPRespnose 1324 * 1325 * @description 1326 * This static method parse a hexadecimal string of DER OCSPResponse and 1327 * returns JSON object of its parsed result. 1328 * Its result has following properties: 1329 * <ul> 1330 * <li>responseStatus - integer of responseStatus</li> 1331 * <li>certStatus - string of certStatus (ex. good, revoked or unknown)</li> 1332 * <li>thisUpdate - string of thisUpdate in Zulu(ex. 20151231235959Z)</li> 1333 * <li>nextUpdate - string of nextUpdate in Zulu(ex. 20151231235959Z)</li> 1334 * </ul> 1335 * NOTE: This method may not work preperly. Please use 1336 * {@link KJUR.asn1.ocsp.OCSPParser#getOCSPResponse}. 1337 * 1338 * @example 1339 * info = KJUR.asn1.ocsp.OCSPUtil.getOCSPResponseInfo("3082..."); 1340 */ 1341 KJUR.asn1.ocsp.OCSPUtil.getOCSPResponseInfo = function(h) { 1342 var _ASN1HEX = ASN1HEX, 1343 _getVbyList = _ASN1HEX.getVbyList, 1344 _getVbyListEx = _ASN1HEX.getVbyListEx, 1345 _getIdxbyList = _ASN1HEX.getIdxbyList, 1346 _getIdxbyListEx = _ASN1HEX.getIdxbyListEx, 1347 _getV = _ASN1HEX.getV; 1348 1349 var result = {}; 1350 try { 1351 var v = _getVbyListEx(h, 0, [0], "0a"); 1352 result.responseStatus = parseInt(v, 16); 1353 } catch(ex) {}; 1354 if (result.responseStatus !== 0) return result; 1355 1356 try { 1357 // certStatus 1358 var idxCertStatus = _getIdxbyList(h, 0, [1,0,1,0,0,2,0,1]); 1359 if (h.substr(idxCertStatus, 2) === "80") { 1360 result.certStatus = "good"; 1361 } else if (h.substr(idxCertStatus, 2) === "a1") { 1362 result.certStatus = "revoked"; 1363 result.revocationTime = 1364 hextoutf8(_getVbyList(h, idxCertStatus, [0])); 1365 } else if (h.substr(idxCertStatus, 2) === "82") { 1366 result.certStatus = "unknown"; 1367 } 1368 } catch (ex) {}; 1369 1370 // thisUpdate 1371 try { 1372 var idxThisUpdate = _getIdxbyList(h, 0, [1,0,1,0,0,2,0,2]); 1373 result.thisUpdate = hextoutf8(_getV(h, idxThisUpdate)); 1374 } catch (ex) {}; 1375 1376 // nextUpdate 1377 try { 1378 var idxEncapNextUpdate = _getIdxbyList(h, 0, [1,0,1,0,0,2,0,3]); 1379 if (h.substr(idxEncapNextUpdate, 2) === "a0") { 1380 result.nextUpdate = 1381 hextoutf8(_getVbyList(h, idxEncapNextUpdate, [0])); 1382 } 1383 } catch (ex) {}; 1384 1385 return result; 1386 }; 1387 1388 /** 1389 * OCSP request and response parser<br/> 1390 * @name KJUR.asn1.ocsp.OCSPParser 1391 * @class OCSP request and response parser 1392 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 1393 * 1394 * @description 1395 * This class provides ASN.1 parser for 1396 * OCSP related ASN.1 data. <br/> 1397 * NOTE: OCSPResponse parser supported from jsrsasign 10.4.0. 1398 * <br/> 1399 * This parser supports following OCSP ASN.1 classes: 1400 * <ul> 1401 * <li>OCSP REQUEST 1402 * <ul> 1403 * <li>OCSPRequest - {@link KJUR.asn1.ocsp.OCSPParser#getOCSPRequest}</li> 1404 * <li>TBSRequest - {@link KJUR.asn1.ocsp.OCSPParser#getTBSRequest}</li> 1405 * <li>SEQUENCE OF Request - {@link KJUR.asn1.ocsp.OCSPParser#getRequestList}</li> 1406 * <li>Request - {@link KJUR.asn1.ocsp.OCSPParser#getRequest}</li> 1407 * </ul> 1408 * </li> 1409 * <li>OCSP RESPONSE 1410 * <ul> 1411 * <li>OCSPResponse - {@link KJUR.asn1.ocsp.OCSPParser#getOCSPResponse}</li> 1412 * <li>ResponseBytes - {@link KJUR.asn1.ocsp.OCSPParser#getResponseBytes}</li> 1413 * <li>BasicOCSPResponse - {@link KJUR.asn1.ocsp.OCSPParser#getBasicOCSPResponse}</li> 1414 * <li>ResponseData - {@link KJUR.asn1.ocsp.OCSPParser#getResponseData}</li> 1415 * <li>ResponderID - {@link KJUR.asn1.ocsp.OCSPParser#getResponderID}</li> 1416 * <li>SEQUENCE OF SingleResponse - {@link KJUR.asn1.ocsp.OCSPParser#getSingleResponseList}</li> 1417 * <li>SingleResponse - {@link KJUR.asn1.ocsp.OCSPParser#getSingleResponse}</li> 1418 * <li>CertStatus - {@link KJUR.asn1.ocsp.OCSPParser#getCertStatus}</li> 1419 * </ul> 1420 * </li> 1421 * <li>common 1422 * <ul> 1423 * <li>CertID - {@link KJUR.asn1.ocsp.OCSPParser#getCertID}</li> 1424 * </ul> 1425 * </li> 1426 * </ul> 1427 */ 1428 KJUR.asn1.ocsp.OCSPParser = function() { 1429 var _Error = Error, 1430 _X509 = X509, 1431 _x509obj = new _X509(), 1432 _ASN1HEX = ASN1HEX, 1433 _getV = _ASN1HEX.getV, 1434 _getTLV = _ASN1HEX.getTLV, 1435 _getIdxbyList = _ASN1HEX.getIdxbyList, 1436 _getVbyList = _ASN1HEX.getVbyList, 1437 _getTLVbyList = _ASN1HEX.getTLVbyList, 1438 _getVbyListEx = _ASN1HEX.getVbyListEx, 1439 _getTLVbyListEx = _ASN1HEX.getTLVbyListEx, 1440 _getChildIdx = _ASN1HEX.getChildIdx; 1441 1442 /** 1443 * parse ASN.1 OCSPRequest<br/> 1444 * @name getOCSPRequest 1445 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1446 * @function 1447 * @param {String} h hexadecimal string of ASN.1 OCSPRequest 1448 * @return {Array} array of JSON object of OCSPRequest parameter 1449 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 1450 * 1451 * @description 1452 * This method will parse a hexadecimal string of 1453 * OCSPRequest ASN.1 class is defined in 1454 * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 1455 * <pre> 1456 * OCSPRequest ::= SEQUENCE { 1457 * tbsRequest TBSRequest, 1458 * optionalSignature [0] EXPLICIT Signature OPTIONAL } 1459 * TBSRequest ::= SEQUENCE { 1460 * version [0] EXPLICIT Version DEFAULT v1, 1461 * requestorName [1] EXPLICIT GeneralName OPTIONAL, 1462 * requestList SEQUENCE OF Request, 1463 * requestExtensions [2] EXPLICIT Extensions OPTIONAL } 1464 * Signature ::= SEQUENCE { 1465 * signatureAlgorithm AlgorithmIdentifier, 1466 * signature BIT STRING, 1467 * certs [0] EXPLICIT SEQUENCE OF Certificate 1468 * OPTIONAL} 1469 * </pre> 1470 * Currently Signature in OCSPRequest is not supported. 1471 * <br/> 1472 * 1473 * @see KJUR.asn1.ocsp.OCSPParser#getTBSRequest 1474 * @see KJUR.asn1.ocsp.OCSPRequest 1475 * 1476 * @example 1477 * o = new KJUR.asn1.ocsp.OCSPParser(); 1478 * o.getOCSPRequest("30...") → 1479 * { array: [{ 1480 * "alg": "sha1", 1481 * "issname": "105fa67a80089db5279f35ce830b43889ea3c70d", 1482 * "isskey": "0f80611c823161d52f28e78d4638b42ce1c6d9e2", 1483 * "sbjsn": "0fef62075d715dc5e1d8bd03775c9686" }]} 1484 */ 1485 this.getOCSPRequest = function(h) { 1486 var a = _getChildIdx(h, 0); 1487 1488 if (a.length != 1 && a.length != 2) { 1489 throw new _Error("wrong number elements: " + a.length); 1490 } 1491 1492 var result = this.getTBSRequest(_getTLV(h, a[0])); 1493 return result; 1494 }; 1495 1496 /** 1497 * parse ASN.1 TBSRequest of OCSP<br/> 1498 * @name getTBSRequest 1499 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1500 * @function 1501 * @param {String} h hexadecimal string of ASN.1 TBSRequest of OCSP 1502 * @return {Array} array of JSON object of TBSRequest parameter 1503 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 1504 * 1505 * @description 1506 * This method will parse 1507 * TBSRequest ASN.1 class is defined in 1508 * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 1509 * <pre> 1510 * TBSRequest ::= SEQUENCE { 1511 * version [0] EXPLICIT Version DEFAULT v1, 1512 * requestorName [1] EXPLICIT GeneralName OPTIONAL, 1513 * requestList SEQUENCE OF Request, 1514 * requestExtensions [2] EXPLICIT Extensions OPTIONAL } 1515 * </pre> 1516 * 1517 * @see KJUR.asn1.ocsp.OCSPParser#getOCSPRequest 1518 * @see KJUR.asn1.ocsp.OCSPParser#getRequestList 1519 * @see KJUR.asn1.ocsp.TBSRequest 1520 * 1521 * @example 1522 * o = new KJUR.asn1.ocsp.OCSPParser(); 1523 * o.getTBSRequest("30...") → 1524 * {array: [{ 1525 * "alg": "sha1", 1526 * "issname": "105fa67a80089db5279f35ce830b43889ea3c70d", 1527 * "isskey": "0f80611c823161d52f28e78d4638b42ce1c6d9e2", 1528 * "sbjsn": "0fef62075d715dc5e1d8bd03775c9686" }]} 1529 */ 1530 this.getTBSRequest = function(h) { 1531 var result = {}; 1532 var hReqList = _getTLVbyListEx(h, 0, [0], "30"); 1533 result.array = this.getRequestList(hReqList); 1534 var hExt = _getTLVbyListEx(h, 0, ["[2]", 0], "30"); 1535 if (hExt != null) { 1536 result.ext = _x509obj.getExtParamArray(hExt); 1537 } 1538 1539 return result; 1540 }; 1541 1542 /** 1543 * parse ASN.1 SEQUENCE OF Request in OCSP<br/> 1544 * @name getRequestList 1545 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1546 * @function 1547 * @param {String} h hexadecimal string of ASN.1 SEQUENCE OF Request in OCSP 1548 * @return {Array} array of JSON object of Request parameter 1549 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 1550 * 1551 * @description 1552 * This method will parse a hexadecimal string of 1553 * SEQUENCE OF Request ASN.1 class is defined in 1554 * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 1555 * <br/> 1556 * NOTE: singleRequestExtensions is not supported yet in this version such as nonce. 1557 * <pre> 1558 * TBSRequest ::= SEQUENCE { 1559 * version [0] EXPLICIT Version DEFAULT v1, 1560 * requestorName [1] EXPLICIT GeneralName OPTIONAL, 1561 * requestList SEQUENCE OF Request, 1562 * requestExtensions [2] EXPLICIT Extensions OPTIONAL } 1563 * Request ::= SEQUENCE { 1564 * reqCert CertID, 1565 * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } 1566 * </pre> 1567 * 1568 * @see KJUR.asn1.ocsp.OCSPParser#getTBSRequest 1569 * @see KJUR.asn1.ocsp.OCSPParser#getRequest 1570 * @see KJUR.asn1.ocsp.RequestList 1571 * @see KJUR.asn1.ocsp.Request 1572 * 1573 * @example 1574 * o = new KJUR.asn1.ocsp.OCSPParser(); 1575 * o.getRequestList("30...") → 1576 * [{ alg: "sha1" 1577 * issname: "...hex...", 1578 * isskey: "...hex...", 1579 * sbjsn: "...hex...", 1580 * ext: [<<singleRequestExtension parameters>>...] }] 1581 */ 1582 this.getRequestList = function(h) { 1583 var result = []; 1584 var a = _getChildIdx(h, 0); 1585 for (var i = 0; i < a.length; i++) { 1586 var h = _getTLV(h, a[i]); 1587 result.push(this.getRequest(h)); 1588 } 1589 return result; 1590 }; 1591 1592 /** 1593 * parse ASN.1 Request of OCSP<br/> 1594 * @name getRequest 1595 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1596 * @function 1597 * @param {String} h hexadecimal string of ASN.1 Request of OCSP 1598 * @return JSON object of Request parameter 1599 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 1600 * 1601 * @description 1602 * This method will parse a hexadecimal string of 1603 * Request ASN.1 class is defined in 1604 * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 1605 * <pre> 1606 * Request ::= SEQUENCE { 1607 * reqCert CertID, 1608 * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } 1609 * </pre> 1610 * 1611 * @see KJUR.asn1.ocsp.OCSPParser#getTBSRequest 1612 * @see KJUR.asn1.ocsp.OCSPParser#getRequestList 1613 * @see KJUR.asn1.ocsp.OCSPParser#getCertID 1614 * @see KJUR.asn1.ocsp.RequestList 1615 * @see KJUR.asn1.ocsp.Request 1616 * @see KJUR.asn1.ocsp.CertID 1617 * 1618 * @example 1619 * o = new KJUR.asn1.ocsp.OCSPParser(); 1620 * o.getRequest("30...") → 1621 * { alg: "sha1" 1622 * issname: "...hex...", 1623 * isskey: "...hex...", 1624 * sbjsn: "...hex...", 1625 * ext: [<<singleRequestExtension parameters>>...] } 1626 */ 1627 this.getRequest = function(h) { 1628 var a = _getChildIdx(h, 0); 1629 if (a.length != 1 && a.length != 2) { 1630 throw new _Error("wrong number elements: " + a.length); 1631 } 1632 1633 var params = this.getCertID(_getTLV(h, a[0])); 1634 1635 if (a.length == 2) { 1636 var idxExt = _getIdxbyList(h, 0, [1, 0]); 1637 params.ext = _x509obj.getExtParamArray(_getTLV(h, idxExt)); 1638 } 1639 1640 return params; 1641 }; 1642 1643 /** 1644 * parse ASN.1 CertID of OCSP<br/> 1645 * @name getCertID 1646 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1647 * @function 1648 * @param {String} h hexadecimal string of CertID 1649 * @return JSON object of CertID parameter 1650 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 1651 * 1652 * @description 1653 * This method will parse a hexadecimal string of 1654 * CertID ASN.1 class is defined in 1655 * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 1656 * <pre> 1657 * CertID ::= SEQUENCE { 1658 * hashAlgorithm AlgorithmIdentifier, 1659 * issuerNameHash OCTET STRING, -- Hash of issuer's DN 1660 * issuerKeyHash OCTET STRING, -- Hash of issuer's public key 1661 * serialNumber CertificateSerialNumber } 1662 * </pre> 1663 * 1664 * @see KJUR.asn1.ocsp.OCSPParser#getRequest 1665 * @see KJUR.asn1.ocsp.OCSPParser#getSingleResponse 1666 * @see KJUR.asn1.ocsp.CertID 1667 * 1668 * @example 1669 * o = new KJUR.asn1.ocsp.OCSPParser(); 1670 * o.getCertID("30...") → 1671 * { alg: "sha1" 1672 * issname: "...hex...", 1673 * isskey: "...hex...", 1674 * sbjsn: "...hex..." } 1675 */ 1676 this.getCertID = function(h) { 1677 var a = _getChildIdx(h, 0); 1678 if (a.length != 4) { 1679 throw new _Error("wrong number elements: " + a.length); 1680 } 1681 1682 var x = new _X509(); 1683 var result = {}; 1684 result.alg = x.getAlgorithmIdentifierName(_getTLV(h, a[0])); 1685 result.issname = _getV(h, a[1]); 1686 result.isskey = _getV(h, a[2]); 1687 result.sbjsn = _getV(h, a[3]); 1688 1689 return result; 1690 }; 1691 1692 /** 1693 * parse ASN.1 OCSPResponse of OCSP<br/> 1694 * @name getOCSPResponse 1695 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1696 * @function 1697 * @param {String} h hexadecimal string of OCSPResponse 1698 * @return JSON object of OCSResponse parameter 1699 * @since jsrsasign 10.4.0 asn1ocsp 1.1.5 1700 * 1701 * @description 1702 * This method will parse a hexadecimal string of 1703 * ASN.1 OCSPResponse defined in 1704 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 1705 * <pre> 1706 * OCSPResponse ::= SEQUENCE { 1707 * responseStatus OCSPResponseStatus, 1708 * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } 1709 * OCSPResponseStatus ::= ENUMERATED { 1710 * successful (0), -- Response has valid confirmations 1711 * malformedRequest (1), -- Illegal confirmation request 1712 * internalError (2), -- Internal error in issuer 1713 * tryLater (3), -- Try again later 1714 * -- (4) is not used 1715 * sigRequired (5), -- Must sign the request 1716 * unauthorized (6) -- Request unauthorized } 1717 * </pre> 1718 * 1719 * @see KJUR.asn1.ocsp.OCSPParser#getResponseBytes 1720 * @see KJUR.asn1.ocsp.OCSPResponse 1721 * 1722 * @example 1723 * o = new KJUR.asn1.ocsp.OCSPParser(); 1724 * o.getOCSPResponse("30..") → 1725 * { resstatus: 0, 1726 * restype: "ocspBasic", 1727 * respid: {key: "12ab"}, 1728 * prodat: "20200903235959Z", 1729 * array: [{ 1730 * certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"}, 1731 * status: {status: "good"}, 1732 * thisupdate: "20200903235959Z" }], 1733 * ext: [{extname: "ocspNonce", hex: "1234abcd"}], 1734 * alg: "SHA256withRSA", 1735 * sighex: "12ab", 1736 * certs: ["3082...", "3082..."] } 1737 */ 1738 this.getOCSPResponse = function(h) { 1739 var a = _getChildIdx(h, 0); 1740 var result; 1741 1742 var hStatusV = _getV(h, a[0]); 1743 var iStatusV = parseInt(hStatusV); 1744 1745 if (a.length == 1) return {resstatus: iStatusV}; 1746 1747 var hResponseBytes = _getTLVbyList(h, 0, [1, 0]); 1748 result = this.getResponseBytes(hResponseBytes); 1749 result.resstatus = iStatusV; 1750 1751 return result; 1752 }; 1753 1754 /** 1755 * parse ASN.1 ResponseBytes of OCSP<br/> 1756 * @name getResponseBytes 1757 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1758 * @function 1759 * @param {String} h hexadecimal string of ResponseBytes 1760 * @return JSON object of ResponseBytes parameter 1761 * @since jsrsasign 10.4.0 asn1ocsp 1.1.5 1762 * 1763 * @description 1764 * This method will parse a hexadecimal string of 1765 * ASN.1 ResponseBytes defined in 1766 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 1767 * <pre> 1768 * ResponseBytes ::= SEQUENCE { 1769 * responseType OBJECT IDENTIFIER, 1770 * response OCTET STRING } 1771 * id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp } 1772 * id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 } 1773 * 1774 * BasicOCSPResponse ::= SEQUENCE { 1775 * tbsResponseData ResponseData, 1776 * signatureAlgorithm AlgorithmIdentifier, 1777 * signature BIT STRING, 1778 * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 1779 * </pre> 1780 * 1781 * @see KJUR.asn1.ocsp.OCSPParser#getOCSPResponse 1782 * @see KJUR.asn1.ocsp.OCSPParser#getBasicOCSPResponse 1783 * @see KJUR.asn1.ocsp.ResponseBytes 1784 * 1785 * @example 1786 * o = new KJUR.asn1.ocsp.OCSPParser(); 1787 * o.getResponseBytes("30..") → 1788 * { restype: "ocspBasic", 1789 * ...<<BasicOCSPResponse properties...>>... 1790 */ 1791 this.getResponseBytes = function(h) { 1792 var a = _getChildIdx(h, 0); 1793 var result; 1794 1795 var hBasicOCSPResponse = _getTLVbyList(h, 0, [1, 0]); 1796 result = this.getBasicOCSPResponse(hBasicOCSPResponse); 1797 1798 var hResTypeV = _getV(h, a[0]); 1799 result.restype = KJUR.asn1.x509.OID.oid2name(hextooid(hResTypeV)); 1800 1801 return result; 1802 }; 1803 1804 /** 1805 * parse ASN.1 BasicOCSPResponse of OCSP<br/> 1806 * @name getBasicOCSPResponse 1807 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1808 * @function 1809 * @param {String} h hexadecimal string of BasicOCSPResponse 1810 * @return JSON object of BasicOCSPResponse parameter 1811 * @since jsrsasign 10.4.0 asn1ocsp 1.1.5 1812 * 1813 * @description 1814 * This method will parse a hexadecimal string of 1815 * BasicOCSPResponse defined in 1816 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 1817 * <pre> 1818 * BasicOCSPResponse ::= SEQUENCE { 1819 * tbsResponseData ResponseData, 1820 * signatureAlgorithm AlgorithmIdentifier, 1821 * signature BIT STRING, 1822 * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 1823 * </pre> 1824 * 1825 * @see KJUR.asn1.ocsp.OCSPParser#getResponseBytes 1826 * @see KJUR.asn1.ocsp.OCSPParser#getResponseData 1827 * @see KJUR.asn1.ocsp.BasicOCSPResponse 1828 * 1829 * @example 1830 * o = new KJUR.asn1.ocsp.OCSPParser(); 1831 * o.getBasicOCSPResponse("30..") → 1832 * { ...<<ResponseData properties...>>... 1833 * sigalg: "SHA256withRSA", 1834 * sighex: "12abcd...", 1835 * certs: [<<PEMorHEXstringOfCert1>>,...] }); 1836 */ 1837 this.getBasicOCSPResponse = function(h) { 1838 var a = _getChildIdx(h, 0); 1839 var result; 1840 1841 result = this.getResponseData(_getTLV(h, a[0])); 1842 1843 var x = new X509(); 1844 result.alg = x.getAlgorithmIdentifierName(_getTLV(h, a[1])); 1845 1846 var hSigHex = _getV(h, a[2]); 1847 result.sighex = hSigHex.substr(2); 1848 1849 var hExt = _getVbyListEx(h, 0, ["[0]"]); 1850 if (hExt != null) { 1851 var aCertIdx = _getChildIdx(hExt, 0); 1852 var aCert = []; 1853 for (var i = 0; i < aCertIdx.length; i++) { 1854 var hCert = _getTLV(hExt, aCertIdx[i]); 1855 aCert.push(hCert); 1856 } 1857 result.certs = aCert; 1858 } 1859 1860 return result; 1861 }; 1862 1863 /** 1864 * parse ASN.1 ResponseData of OCSP<br/> 1865 * @name getResponseData 1866 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1867 * @function 1868 * @param {String} h hexadecimal string of ResponseData 1869 * @return JSON object of ResponseData parameter 1870 * @since jsrsasign 10.4.0 asn1ocsp 1.1.5 1871 * 1872 * @description 1873 * This method will parse a hexadecimal string of 1874 * ASN.1 ResponseData defined in 1875 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 1876 * <pre> 1877 * ResponseData ::= SEQUENCE { 1878 * version [0] EXPLICIT Version DEFAULT v1, 1879 * responderID ResponderID, 1880 * producedAt GeneralizedTime, 1881 * responses SEQUENCE OF SingleResponse, 1882 * responseExtensions [1] EXPLICIT Extensions OPTIONAL } 1883 * </pre> 1884 * 1885 * @see KJUR.asn1.ocsp.OCSPParser#getBasicOCSPResponse 1886 * @see KJUR.asn1.ocsp.OCSPParser#getSingleResponse 1887 * @see KJUR.asn1.ocsp.ResponseData 1888 * 1889 * @example 1890 * o = new KJUR.asn1.ocsp.OCSPParser(); 1891 * o.getResponseData("30..") → 1892 * { respid: {key: "12ab..."}, 1893 * prodat: "20200903235959Z", 1894 * array: [<<SingleResponse parameter1>>, ...], 1895 * ext: [ 1896 * {extname:"ocspNonce",hex:"12ab..."}]} 1897 */ 1898 this.getResponseData = function(h) { 1899 var a = _getChildIdx(h, 0); 1900 var alen = a.length; 1901 var result = {}; 1902 var idx = 0; 1903 1904 // skip to relax interoperability even though explicit DEFAULT 1905 if (h.substr(a[0], 2) == "a0") idx++; 1906 1907 result.respid = this.getResponderID(_getTLV(h, a[idx++])); 1908 1909 var hProdAtV = _getV(h, a[idx++]); 1910 result.prodat = hextoutf8(hProdAtV); 1911 1912 result.array = this.getSingleResponseList(_getTLV(h, a[idx++])); 1913 1914 if (h.substr(a[alen - 1], 2) == "a1") { 1915 var hExt = _getTLVbyList(h, a[alen - 1], [0]); 1916 var x = new X509(); 1917 result.ext = x.getExtParamArray(hExt); 1918 } 1919 1920 return result; 1921 }; 1922 1923 /** 1924 * parse ASN.1 ResponderID of OCSP<br/> 1925 * @name getResponderID 1926 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1927 * @function 1928 * @param {String} h hexadecimal string of ResponderID 1929 * @return JSON object of ResponderID parameter 1930 * @since jsrsasign 10.4.0 asn1ocsp 1.1.5 1931 * @see KJUR.asn1.ocsp.ResponderID 1932 * 1933 * @description 1934 * <pre> 1935 * ResponderID ::= CHOICE { 1936 * byName [1] Name, 1937 * byKey [2] KeyHash } 1938 * KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key 1939 * (excluding the tag and length fields) 1940 * </pre> 1941 * 1942 * @example 1943 * o = new KJUR.asn1.ocsp.OCSPParser(); 1944 * o.getResponderID("a1..") → {name: {array: [[{type:"C",value:"JP",ds:"prn"}]...]}} 1945 * o.getResponderID("a2..") → {key: "12ab..."} 1946 */ 1947 this.getResponderID = function(h) { 1948 var result = {}; 1949 1950 if (h.substr(0, 2) == "a2") { 1951 var hKeyV = _getVbyList(h, 0, [0]); 1952 result.key = hKeyV; 1953 } 1954 if (h.substr(0, 2) == "a1") { 1955 var hName = _getTLVbyList(h, 0, [0]); 1956 var x = new X509(); 1957 result.name = x.getX500Name(hName); 1958 } 1959 1960 return result; 1961 }; 1962 1963 /** 1964 * parse ASN.1 SEQUENCE OF SingleResponse of OCSP<br/> 1965 * @name getSingleResponseList 1966 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1967 * @function 1968 * @param {String} h hexadecimal string of SEQUENCE OF SingleResponse 1969 * @return array of SingleResponse parameter JSON object 1970 * @since jsrsasign 10.4.0 asn1ocsp 1.1.5 1971 * 1972 * @description 1973 * This method will parse a hexadecimal string of 1974 * ASN.1 class of SEQUENCE OF SingleResponse is defined in 1975 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 1976 * <pre> 1977 * ResponseData ::= SEQUENCE { 1978 * version [0] EXPLICIT Version DEFAULT v1, 1979 * responderID ResponderID, 1980 * producedAt GeneralizedTime, 1981 * responses SEQUENCE OF SingleResponse, 1982 * responseExtensions [1] EXPLICIT Extensions OPTIONAL } 1983 * SingleResponse ::= SEQUENCE { 1984 * certID CertID, 1985 * certStatus CertStatus, 1986 * thisUpdate GeneralizedTime, 1987 * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, 1988 * singleExtensions [1] EXPLICIT Extensions OPTIONAL } 1989 * </pre> 1990 * 1991 * @see KJUR.asn1.ocsp.OCSPParse#getResponseData 1992 * @see KJUR.asn1.ocsp.OCSPParse#getSingleResponse 1993 * @see KJUR.asn1.ocsp.OCSPParse#getCertID 1994 * @see KJUR.asn1.ocsp.SingleResponseList 1995 * 1996 * @example 1997 * o = new KJUR.asn1.ocsp.OCSPParser(); 1998 * o.getSingleResponseList("30..") → 1999 * [{ certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"}, 2000 * status: {status: "good"}, 2001 * thisupdate: "20200903235959Z", 2002 * nextupdate: "20200913235959Z", 2003 * ext: [<<Extension parameters>>...] }] 2004 */ 2005 this.getSingleResponseList = function(h) { 2006 var a = _getChildIdx(h, 0); 2007 var result = []; 2008 2009 for (var i = 0; i < a.length; i++) { 2010 var p = this.getSingleResponse(_getTLV(h, a[i])); 2011 result.push(p); 2012 } 2013 return result; 2014 }; 2015 2016 /** 2017 * parse ASN.1 SingleResponse of OCSP<br/> 2018 * @name getSingleResponse 2019 * @memberOf KJUR.asn1.ocsp.OCSPParser# 2020 * @function 2021 * @param {String} h hexadecimal string of SingleResponse 2022 * @return JSON object of SingleResponse parameter 2023 * @since jsrsasign 10.4.0 asn1ocsp 1.1.5 2024 * 2025 * @description 2026 * This method will parse a hexadecimal string of 2027 * ASN.1 class of SingleResponse is defined in 2028 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 2029 * <pre> 2030 * SingleResponse ::= SEQUENCE { 2031 * certID CertID, 2032 * certStatus CertStatus, 2033 * thisUpdate GeneralizedTime, 2034 * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, 2035 * singleExtensions [1] EXPLICIT Extensions OPTIONAL } 2036 * </pre> 2037 * 2038 * @see KJUR.asn1.ocsp.OCSPParse#getSingleResponseList 2039 * @see KJUR.asn1.ocsp.OCSPParse#getCertID 2040 * @see KJUR.asn1.ocsp.SingleResponse 2041 * 2042 * @example 2043 * o = new KJUR.asn1.ocsp.OCSPParser(); 2044 * o.getSingleResponse("30..") → 2045 * { certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"}, 2046 * status: {status: "good"}, 2047 * thisupdate: "20200903235959Z", 2048 * nextupdate: "20200913235959Z", 2049 * ext: [<<Extension parameters>>...] } 2050 */ 2051 this.getSingleResponse = function(h) { 2052 var a = _getChildIdx(h, 0); 2053 var result = {}; 2054 2055 // 1. CertID 2056 var pCertID = this.getCertID(_getTLV(h, a[0])); 2057 result.certid = pCertID; 2058 2059 // 2. CertStatus 2060 var pCertStatus = this.getCertStatus(_getTLV(h, a[1])); 2061 result.status = pCertStatus; 2062 2063 // 3. ThisUpdate(GeneralizedTime) 2064 if (h.substr(a[2], 2) == "18") { 2065 var hThisUpdateV = _getV(h, a[2]); 2066 result.thisupdate = hextoutf8(hThisUpdateV); 2067 } 2068 2069 // 4. OPTIONAL(nextUpdate, singleExtensions) 2070 for (var i = 3; i < a.length; i++) { 2071 if (h.substr(a[i], 2) == "a0") { // nextUpdate 2072 var hNextUpdateV = _getVbyList(h, a[i], [0], "18"); 2073 result.nextupdate = hextoutf8(hNextUpdateV); 2074 } 2075 if (h.substr(a[i], 2) == "a1") { // singleExtensions 2076 var x = new X509(); 2077 var hExt = _getTLVbyList(h, 0, [i, 0]); 2078 result.ext = x.getExtParamArray(hExt); 2079 } 2080 } 2081 2082 return result; 2083 }; 2084 2085 /** 2086 * parse ASN.1 CertStatus of OCSP<br/> 2087 * @name getCertStatus 2088 * @memberOf KJUR.asn1.ocsp.OCSPParser# 2089 * @function 2090 * @param {String} h hexadecimal string of CertStatus 2091 * @return JSON object of CertStatus parameter 2092 * @since jsrsasign 10.4.0 asn1ocsp 1.1.5 2093 * @see KJUR.asn1.ocsp.CertStatus 2094 * 2095 * @description 2096 * <pre> 2097 * CertStatus ::= CHOICE { 2098 * good [0] IMPLICIT NULL, 2099 * revoked [1] IMPLICIT RevokedInfo, 2100 * unknown [2] IMPLICIT UnknownInfo } 2101 * RevokedInfo ::= SEQUENCE { 2102 * revocationTime GeneralizedTime, 2103 * revocationReason [0] EXPLICIT CRLReason OPTIONAL } 2104 * UnknownInfo ::= NULL 2105 * </pre> 2106 * NOTE: Currently revocationReason not supported. 2107 * 2108 * @example 2109 * o = new KJUR.asn1.ocsp.OCSPParser(); 2110 * o.getCertStatus("8000") → {status: "good"} 2111 * o.getCertStatus("8200") → {status: "unknown"} 2112 * o.getCertStatus("a1..") → {status: "revoked", time: "2021...Z"} 2113 */ 2114 this.getCertStatus = function(h) { 2115 var result = {}; 2116 if (h == "8000") return {status: "good"}; 2117 if (h == "8200") return {status: "unknown"}; 2118 if (h.substr(0, 2) == "a1") { 2119 result.status = "revoked"; 2120 var hTime = _getVbyList(h, 0, [0]); 2121 var sTime = hextoutf8(hTime); 2122 result.time = sTime; 2123 } 2124 return result; 2125 }; 2126 }; 2127 2128