1 /* asn1ocsp-1.1.8.js (c) 2016-2022 Kenji Urushima | kjur.github.io/jsrsasign/license
  2  */
  3 /*
  4  * asn1ocsp.js - ASN.1 DER encoder classes for OCSP protocol
  5  *
  6  * Copyright (c) 2016-2021 Kenji Urushima (kenji.urushima@gmail.com)
  7  *
  8  * This software is licensed under the terms of the MIT License.
  9  * https://kjur.github.io/jsrsasign/license
 10  *
 11  * The above copyright and license notice shall be 
 12  * included in all copies or substantial portions of the Software.
 13  */
 14 
 15 /**
 16  * @fileOverview
 17  * @name asn1ocsp-1.0.js
 18  * @author Kenji Urushima kenji.urushima@gmail.com
 19  * @version jsrsasign 10.5.20 asn1ocsp 1.1.8 (2022-Apr-25)
 20  * @since jsrsasign 6.1.0
 21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
 22  */
 23 
 24 if (typeof KJUR == "undefined" || !KJUR) KJUR = {};
 25 if (typeof KJUR.asn1 == "undefined" || !KJUR.asn1) KJUR.asn1 = {};
 26 
 27 /**
 28  * ASN.1 classes for OCSP protocol<br/>
 29  * <p>
 30  * This name space provides 
 31  * <a href="https://tools.ietf.org/html/rfc6960">RFC 6960
 32  * Online Certificate Status Protocol (OCSP)</a> ASN.1 request and response generator.
 33  *
 34  * <h4>FEATURES</h4>
 35  * <ul>
 36  * <li>easily generate OCSP data by JSON object</li>
 37  * </ul>
 38  * 
 39  * <h4>OCSP Response Encoder Classes</h4>
 40  * <ul>
 41  * <li>{@link KJUR.asn1.ocsp.OCSPResponse}</li>
 42  * <li>{@link KJUR.asn1.ocsp.ResponseBytes}</li>
 43  * <li>{@link KJUR.asn1.ocsp.BasicOCSPResponse}</li>
 44  * <li>{@link KJUR.asn1.ocsp.ResponseData}</li>
 45  * <li>{@link KJUR.asn1.ocsp.ResponderID}</li>
 46  * <li>{@link KJUR.asn1.ocsp.SingleResponseList}</li>
 47  * <li>{@link KJUR.asn1.ocsp.SingleResponse}</li>
 48  * <li>{@link KJUR.asn1.ocsp.CertID}</li>
 49  * <li>{@link KJUR.asn1.ocsp.CertStatus}</li>
 50  * </ul>
 51  *
 52  * <h4>OCSP Request Encoder Classes</h4>
 53  * <ul>
 54  * <li>{@link KJUR.asn1.ocsp.OCSPRequest}</li>
 55  * <li>{@link KJUR.asn1.ocsp.TBSRequest}</li>
 56  * <li>{@link KJUR.asn1.ocsp.Request}</li>
 57  * <li>{@link KJUR.asn1.ocsp.CertID}</li>
 58  * </ul>
 59  *
 60  * <h4>OCSP Utility classes</h4>
 61  * <ul>
 62  * <li>{@link KJUR.asn1.ocsp.OCSPUtil} - simple request parser</li>
 63  * <li>{@link KJUR.asn1.ocsp.OCSPParser} - request parser</li>
 64  * </ul>
 65  * </p>
 66  * @name KJUR.asn1.ocsp
 67  * @namespace
 68  */
 69 if (typeof KJUR.asn1.ocsp == "undefined" || !KJUR.asn1.ocsp) KJUR.asn1.ocsp = {};
 70 
 71 KJUR.asn1.ocsp.DEFAULT_HASH = "sha1";
 72 
 73 /**
 74  * OCSPResponse ASN.1 class encoder<br/>
 75  * @name KJUR.asn1.ocsp.OCSPResponse
 76  * @class OCSPResponse ASN.1 class encoder
 77  * @param {Array} params JSON object of constructor parameters
 78  * @extends KJUR.asn1.ASN1Object
 79  * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
 80  * @see KJUR.asn1.ocsp.ResponseBytes
 81  *
 82  * @description
 83  * OCSPResponse ASN.1 class is defined in 
 84  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
 85  * <pre>
 86  * OCSPResponse ::= SEQUENCE {
 87  *    responseStatus         OCSPResponseStatus,
 88  *    responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
 89  * OCSPResponseStatus ::= ENUMERATED {
 90  *     successful            (0),  -- Response has valid confirmations
 91  *     malformedRequest      (1),  -- Illegal confirmation request
 92  *     internalError         (2),  -- Internal error in issuer
 93  *     tryLater              (3),  -- Try again later
 94  *                                 -- (4) is not used
 95  *     sigRequired           (5),  -- Must sign the request
 96  *     unauthorized          (6)   -- Request unauthorized
 97  * } 
 98  * </pre>
 99  * This constructor accepts all parameter of
100  * {@link KJUR.asn1.ocsp.ResponseBytes} for "successful" response.
101  * Further more following property is needed:
102  * <ul>
103  * <li>{Number or String}resstats - responseStatus value by
104  * a number or name. (ex. 2, "internalError")</li>
105  * </ul>
106  *
107  * @example
108  * // default constructor for "successful"
109  * o = new KJUR.asn1.ocsp.OCSPResponse({
110  *   resstatus: "successful",
111  *   <<ResponseBytes parameters>>
112  * });
113  * // constructor for error
114  * new KJUR.asn1.ocsp.OCSPResponse({resstatus: 1})
115  * new KJUR.asn1.ocsp.OCSPResponse({resstatus: "unauthorized"})
116  */
117 KJUR.asn1.ocsp.OCSPResponse = function(params) {
118     KJUR.asn1.ocsp.OCSPResponse.superclass.constructor.call(this);
119 
120     var _DEREnumerated = KJUR.asn1.DEREnumerated,
121 	_newObject = KJUR.asn1.ASN1Util.newObject,
122 	_ResponseBytes = KJUR.asn1.ocsp.ResponseBytes;
123 
124     var _aSTATUSNAME = ["successful", "malformedRequest", "internalError",
125 			"tryLater", "_not_used_", "sigRequired", "unauthorized"]; 
126 
127     this.params = null;
128 
129     this._getStatusCode = function() {
130 	var code = this.params.resstatus;
131 	if (typeof code == "number") return code;
132 	if (typeof code != "string") return -1;
133 	return _aSTATUSNAME.indexOf(code);
134     };
135 
136     this.setByParam = function(params) {
137 	this.params = params;
138     };
139 
140     this.tohex = function() {
141 	var params = this.params;
142 
143 	var code = this._getStatusCode();
144 	if (code == -1) {
145 	    throw new Error("responseStatus not supported: " +
146 			    params.resstatus);
147 	}
148 
149 	if (code != 0) {
150 	    return _newObject({seq: [{'enum': {'int': code}}]}).tohex();
151 	}
152 	
153 	var dResBytes = new _ResponseBytes(params);
154 	return _newObject({seq: [
155 	    {'enum': {'int': 0}},
156 	    {tag: {tag: "a0", explicit: true, obj: dResBytes}}
157 	]}).tohex();
158     };
159     this.getEncodedHex = function() { return this.tohex(); };
160 
161     if (params !== undefined) this.setByParam(params);
162 };
163 extendClass(KJUR.asn1.ocsp.OCSPResponse, KJUR.asn1.ASN1Object);
164 
165 /**
166  * ResponseBytes ASN.1 class encoder<br/>
167  * @name KJUR.asn1.ocsp.ResponseBytes
168  * @class ResponseBytes ASN.1 class encoder
169  * @param {Array} params JSON object of constructor parameters
170  * @extends KJUR.asn1.ASN1Object
171  * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
172  * @see KJUR.asn1.ocsp.OCSPResponse
173  * @see KJUR.asn1.ocsp.BasicOCSPResponse
174  *
175  * @description
176  * OCSPResponse ASN.1 class is defined in 
177  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
178  * <pre>
179  * ResponseBytes ::=       SEQUENCE {
180  *     responseType   OBJECT IDENTIFIER,
181  *     response       OCTET STRING }
182  * id-pkix-ocsp           OBJECT IDENTIFIER ::= { id-ad-ocsp }
183  * id-pkix-ocsp-basic     OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
184  * </pre>
185  * This constructor accepts all parameter of
186  * {@link KJUR.asn1.ocsp.BasicOCSPResponse}.
187  * Further more following property is needed:
188  * <ul>
189  * <li>{String}restype - only "ocspBasic" can be available</li>
190  * </ul>
191  *
192  * @example
193  * o = new KJUR.asn1.ocsp.ResponseBytes({
194  *   restype: "ocspBasic",
195  *   // BasicOCSPResponse properties shall be specified
196  * });
197  */
198 KJUR.asn1.ocsp.ResponseBytes = function(params) {
199     KJUR.asn1.ocsp.ResponseBytes.superclass.constructor.call(this);
200 
201     var _KJUR_asn1 = KJUR.asn1,
202 	_DERSequence = _KJUR_asn1.DERSequence,
203 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
204 	_DEROctetString = _KJUR_asn1.DEROctetString,
205 	_BasicOCSPResponse = _KJUR_asn1.ocsp.BasicOCSPResponse;
206 
207     this.params = null;
208 
209     this.setByParam = function(params) {
210 	this.params = params;
211     };
212 
213     this.tohex = function() {
214 	var params = this.params;
215 
216 	if (params.restype != "ocspBasic") {
217 	    throw new Error("not supported responseType: " + params.restype);
218 	}
219 
220 	var dBasic = new _BasicOCSPResponse(params);
221 
222 	var a = [];
223 	a.push(new _DERObjectIdentifier({name: "ocspBasic"}));
224 	a.push(new _DEROctetString({hex: dBasic.tohex()}));
225 
226 	var seq = new _DERSequence({array: a});
227 	return seq.tohex();
228     };
229     this.getEncodedHex = function() { return this.tohex(); };
230 
231     if (params !== undefined) this.setByParam(params);
232 };
233 extendClass(KJUR.asn1.ocsp.ResponseBytes, KJUR.asn1.ASN1Object);
234 
235 /**
236  * BasicOCSPResponse ASN.1 class encoder<br/>
237  * @name KJUR.asn1.ocsp.BasicOCSPResponse
238  * @class BasicOCSPResponse ASN.1 class encoder
239  * @param {Array} params JSON object of constructor parameters
240  * @extends KJUR.asn1.ASN1Object
241  * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
242  * @see KJUR.asn1.ocsp.OCSPResponse
243  * @see KJUR.asn1.ocsp.ResponseBytes
244  * @see KJUR.asn1.ocsp.BasicOCSPResponse
245  * @see KJUR.asn1.ocsp.ResponseData
246  *
247  * @description
248  * OCSPResponse ASN.1 class is defined in 
249  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
250  * <pre>
251  * BasicOCSPResponse       ::= SEQUENCE {
252  *    tbsResponseData      ResponseData,
253  *    signatureAlgorithm   AlgorithmIdentifier,
254  *    signature            BIT STRING,
255  *    certs            [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
256  * </pre>
257  * This constructor accepts all parameter of
258  * {@link KJUR.asn1.ocsp.ResponseData}.
259  * Further more following properties are available:
260  * <ul>
261  * <li>{ASN1Object}tbsresp (OPTION) - {@link KJUR.asn1.ASN1Object} or its
262  * sub class object for tbsReponseData,
263  * genelally {@link KJUR.asn1.ocsp.ResponseData}.
264  * When "tbsresp" not specified, tbsresp will be set by
265  * other parameters internally.</li>
266  * <li>{String}sigalg - signatureAlgrithm name (ex. "SHA256withRSA")</li>
267  * <li>{Object}reskey (OPTION) - specifies OCSP response signing private key.
268  * Parameter "reskey" or "sighex" shall be specified.
269  * Following values can be specified:
270  *   <ul>
271  *   <li>PKCS#1/5 or PKCS#8 PEM string of private key</li>
272  *   <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful
273  *   to generate a key object.</li>
274  *   </ul>
275  * </li>
276  * <li>{String}sighex (OPTION) - hexadecimal string of signature value
277  * (i.e. ASN.1 value(V) of signatureValue BIT STRING without
278  * unused bits)</li>
279  * <li>{Array}certs (OPTION) - array of PEM or hexadecimal string of
280  * certificate such as OCSP responder certificate</li>
281  * </ul>
282  *
283  * @example
284  * // response data will be signed by "reskey"
285  * new KJUR.asn1.ocsp.BasicOCSPResponse({
286  *   ...<<ResponseData properties...>>...
287  *   sigalg: "SHA256withRSA",
288  *   reskey: <<OCSP Responder private key PEM or object>>,
289  *   certs: [<<PEMorHEXstringOfCert1>>,...] });
290  *
291  * // explicitly specify "signature" by "sighex"
292  * new KJUR.asn1.ocsp.BasicOCSPResponse({
293  *   ...<<ResponseData properties...>>...
294  *   sigalg: "SHA256withRSA",
295  *   sighex: "12abcd...",
296  *   certs: [<<PEMorHEXstringOfCert1>>,...] });
297  * 
298  * // explicitly specify "tbsResponseData" and sign
299  * new KJUR.asn1.ocsp.BasicOCSPResponse({
300  * { tbsresp: <<subclass of ASN1Object>>,
301  *   sigalg: "SHA256withRSA",
302  *   reskey: <<OCSP Responder private key PEM or object>>,
303  *   certs: [<<PEMorHEXstringOfCert1>>,...] }
304  */
305 KJUR.asn1.ocsp.BasicOCSPResponse = function(params) {
306     KJUR.asn1.ocsp.BasicOCSPResponse.superclass.constructor.call(this);
307 
308     var _Error = Error,
309 	_KJUR_asn1 = KJUR.asn1,
310 	_ASN1Object = _KJUR_asn1.ASN1Object,
311 	_DERSequence = _KJUR_asn1.DERSequence,
312 	_DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime,
313 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
314 	_DERBitString = _KJUR_asn1.DERBitString,
315 	_Extensions = _KJUR_asn1.x509.Extensions,
316 	_AlgorithmIdentifier = _KJUR_asn1.x509.AlgorithmIdentifier,
317 	_KJUR_asn1_ocsp = _KJUR_asn1.ocsp,
318 	_ResponderID = _KJUR_asn1_ocsp.ResponderID;
319 	_SingleResponseList = _KJUR_asn1_ocsp.SingleResponseList,
320 	_ResponseData = _KJUR_asn1_ocsp.ResponseData;
321 
322     this.params = null;
323 
324     this.setByParam = function(params) {
325 	this.params = params;
326     };
327 
328     this.sign = function() {
329 	var params = this.params;
330 	var hTBS = params.tbsresp.tohex();
331 	var sig = new KJUR.crypto.Signature({alg: params.sigalg});
332 	sig.init(params.reskey);
333 	sig.updateHex(hTBS);
334 	params.sighex = sig.sign();
335     };
336 
337     this.tohex = function() {
338 	var params = this.params;
339 
340 	if (params.tbsresp == undefined) {
341 	    params.tbsresp = new _ResponseData(params);
342 	}
343 
344 	if (params.sighex == undefined && params.reskey != undefined) {
345 	    this.sign();
346 	}
347 
348 	var a = [];
349 	a.push(params.tbsresp);
350 	a.push(new _AlgorithmIdentifier({name: params.sigalg}));
351 	a.push(new _DERBitString({hex: "00" + params.sighex}));
352 
353 	if (params.certs != undefined &&
354 	    params.certs.length != undefined) {
355 	    var aCert = [];
356 	    for (var i = 0; i < params.certs.length; i++) {
357 		var sCert = params.certs[i];
358 		var hCert = null;
359 		if (ASN1HEX.isASN1HEX(sCert)) {
360 		    hCert = sCert;
361 		} else if (sCert.match(/-----BEGIN/)) {
362 		    hCert = pemtohex(sCert);
363 		} else {
364 		    throw new _Error("certs[" + i + "] not hex or PEM");
365 		}
366 		aCert.push(new _ASN1Object({tlv: hCert}));
367 	    }
368 	    var seqCert = new _DERSequence({array: aCert});
369 	    a.push(new _DERTaggedObject({tag:'a0',explicit:true,obj:seqCert}));
370 	}
371 	
372 	var seq = new _DERSequence({array: a});
373 	return seq.tohex();
374     };
375     this.getEncodedHex = function() { return this.tohex(); };
376 
377     if (params !== undefined) this.setByParam(params);
378 };
379 extendClass(KJUR.asn1.ocsp.BasicOCSPResponse, KJUR.asn1.ASN1Object);
380 
381 /**
382  * ResponseData ASN.1 class encoder<br/>
383  * @name KJUR.asn1.ocsp.ResponseData
384  * @class ResponseData ASN.1 class encoder
385  * @param {Array} params JSON object of constructor parameters
386  * @extends KJUR.asn1.ASN1Object
387  * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
388  * @see KJUR.asn1.ocsp.OCSPResponse
389  * @see KJUR.asn1.ocsp.ResponseBytes
390  * @see KJUR.asn1.ocsp.BasicOCSPResponse
391  * @see KJUR.asn1.ocsp.ResponseData
392  * @see KJUR.asn1.ocsp.SingleResponse
393  * @see KJUR.asn1.x509.Extensions
394  * @see KJUR.asn1.DERGeneralizedTime
395  *
396  * @description
397  * ResponseData ASN.1 class is defined in 
398  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
399  * <pre>
400  * ResponseData ::= SEQUENCE {
401  *    version              [0] EXPLICIT Version DEFAULT v1,
402  *    responderID              ResponderID,
403  *    producedAt               GeneralizedTime,
404  *    responses                SEQUENCE OF SingleResponse,
405  *    responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
406  * </pre>
407  * Following properties are available:
408  * <ul>
409  * <li>{Array}respid - JSON object of {@link KJUR.asn1.ocsp.ResponseID} parameter
410  * for "responderID"</li>
411  * <li>{Object}prodat - string or JSON parameter of 
412  * {@link KJUR.asn1.DERGeneralizedTime} (ex. "20200904235959Z")</li>
413  * <li>{Array}responses - array of {@link KJUR.asn1.ocsp.SingleResponse}
414  * parameters</li>
415  * <li>{Array}ext (OPTION) - array of extension parameters
416  * for "responseExtensions".</li>
417  * </ul>
418  *
419  * @example
420  * new KJUR.asn1.ocsp.ResponseData({
421  *   respid: {key: "12ab..."},
422  *   prodat: "20200903235959Z",
423  *   array: [
424  *     <<SingleResponse parameter1>>, ...
425  *   ],
426  *   ext: [{extname:"ocspNonce",hex:"12ab..."}]
427  * });
428  */
429 KJUR.asn1.ocsp.ResponseData = function(params) {
430     KJUR.asn1.ocsp.ResponseData.superclass.constructor.call(this);
431 
432     var _Error = Error,
433 	_KJUR_asn1 = KJUR.asn1,
434 	_DERSequence = _KJUR_asn1.DERSequence,
435 	_DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime,
436 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
437 	_Extensions = _KJUR_asn1.x509.Extensions,
438 	_KJUR_asn1_ocsp = _KJUR_asn1.ocsp,
439 	_ResponderID = _KJUR_asn1_ocsp.ResponderID;
440 	_SingleResponseList = _KJUR_asn1_ocsp.SingleResponseList;
441     
442     this.params = null;
443 
444     this.tohex = function() {
445 	var params = this.params;
446 	if (params.respid != undefined) new _Error("respid not specified");
447 	if (params.prodat != undefined) new _Error("prodat not specified");
448 	if (params.array != undefined) new _Error("array not specified");
449 
450 	var a = [];
451 	a.push(new _ResponderID(params.respid));
452 	a.push(new _DERGeneralizedTime(params.prodat));
453 	a.push(new _SingleResponseList(params.array));
454 
455 	if (params.ext != undefined) {
456 	    var dExt = new _Extensions(params.ext);
457 	    a.push(new _DERTaggedObject({tag:'a1', explicit:true, obj:dExt}));
458 	}
459 
460 	var seq = new _DERSequence({array: a});
461 	return seq.tohex();
462     };
463     this.getEncodedHex = function() { return this.tohex(); };
464 
465     this.setByParam = function(params) {
466 	this.params = params;
467     };
468 
469     if (params !== undefined) this.setByParam(params);
470 };
471 extendClass(KJUR.asn1.ocsp.ResponseData, KJUR.asn1.ASN1Object);
472 
473 /**
474  * ResponderID ASN.1 class encoder<br/>
475  * @name KJUR.asn1.ocsp.ResponderID
476  * @class ResponderID ASN.1 class encoder
477  * @param {Array} params JSON object of constructor parameters
478  * @extends KJUR.asn1.ASN1Object
479  * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
480  * @see KJUR.asn1.ocsp.OCSPResponse
481  * @see KJUR.asn1.ocsp.ResponseBytes
482  * @see KJUR.asn1.ocsp.BasicOCSPResponse
483  * @see KJUR.asn1.ocsp.ResponseData
484  * @see X509#getSubject
485  * @see X509#getExtSubjectKeyIdentifier
486  *
487  * @description
488  * ResponderID ASN.1 class is defined in 
489  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
490  * <pre>
491  * ResponderID ::= CHOICE {
492  *    byName               [1] Name,
493  *    byKey                [2] KeyHash }
494  * KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key
495  *                             (excluding the tag and length fields)
496  * </pre>
497  * Following properties are available:
498  * <ul>
499  * <li>{Array}name (OPTION) - JSON object of {@link KJUR.asn1.x509.X500Name} parameter,
500  * PEM string of X.509 certificate or {@link X509} object for "byName",</li>
501  * <li>{String}key (OPTION) - hexadecimal string of KeyHash value,
502  * PEM string of X.509 certificate or {@link X509} object for "byKey"</li>
503  * </ul>
504  * <br/>
505  * NOTE: From jsrsasign 10.5.20, "name" and "key" member values can be
506  * specified by PEM string of X.509 certificate or {@link X509} object.
507  * For "name", subject field of the certificate will be used and
508  * for "key", subjectKeyIdentifier extension value of the certificate will be used
509  * respectively.
510  *
511  * @example
512  * new KJUR.asn1.ocsp.ResponderID({key: "12ab..."})
513  * new KJUR.asn1.ocsp.ResponderID({name: {str: "/C=JP/O=Resp"}})
514  * new KJUR.asn1.ocsp.ResponderID({name: {array: [[{type:"C",value:"JP",ds:"prn"}]...]}})
515  * // by certificate
516  * new KJUR.asn1.ocsp.ResponderID({key: "-----BEGIN CERTIFICATE..."})
517  * new KJUR.asn1.ocsp.ResponderID({name: "-----BEGIN CERTIFICATE..."})
518  * // by X509 object
519  * new KJUR.asn1.ocsp.ResponderID({key: new X509(...)})
520  * new KJUR.asn1.ocsp.ResponderID({name: new X509(...)})
521  */
522 KJUR.asn1.ocsp.ResponderID = function(params) {
523     KJUR.asn1.ocsp.ResponderID.superclass.constructor.call(this);
524     var _KJUR = KJUR,
525 	_KJUR_asn1 = _KJUR.asn1,
526 	_newObject = _KJUR_asn1.ASN1Util.newObject,
527 	_X500Name = _KJUR_asn1.x509.X500Name,
528 	_isHex = _KJUR.lang.String.isHex,
529 	_Error = Error;
530     
531     this.params = null;
532     
533     this.tohex = function() {
534 	var params = this.params;
535 	if (params.key != undefined) {
536 	    var hKey = null;
537 	    if (typeof params.key == "string") {
538 		if (_isHex(params.key)) hKey = params.key;
539 		if (params.key.match(/-----BEGIN CERTIFICATE/)) {
540 		    var x = new X509(params.key);
541 		    var extSKID = x.getExtSubjectKeyIdentifier();
542 		    if (extSKID != null) hKey = extSKID.kid.hex;
543 		}
544 	    } else if (params.key instanceof X509) {
545 		var extSKID = params.key.getExtSubjectKeyIdentifier();
546 		if (extSKID != null) hKey = extSKID.kid.hex;
547 	    }
548 	    if (hKey == null) throw new _Error("wrong key member value");
549 	    var dTag = _newObject({tag: {tag:"a2",
550 					 explicit:true,
551 					 obj:{octstr:{hex:hKey}}}});
552 	    return dTag.tohex();
553 	} else if (params.name != undefined) {
554 	    var pName = null;
555 	    if (typeof params.name == "string" &&
556 		params.name.match(/-----BEGIN CERTIFICATE/)) {
557 		var x = new X509(params.name);
558 		pName = x.getSubject();
559 	    } else if (params.name instanceof X509) {
560 		pName = params.name.getSubject();
561 	    } else if (typeof params.name == "object" &&
562 		       (params.name.array != undefined ||
563 			params.name.str != undefined)) {
564 		pName = params.name;
565 	    }
566 	    if (pName == null) throw new _Error("wrong name member value");
567 	    var dTag = _newObject({tag: {tag:"a1",
568 					 explicit:true,
569 					 obj:new _X500Name(pName)}});
570 	    return dTag.tohex();
571 	}
572 	throw new _Error("key or name not specified");
573     };
574     this.getEncodedHex = function() { return this.tohex(); };
575 
576     this.setByParam = function(params) {
577 	this.params = params;
578     };
579 
580     if (params !== undefined) this.setByParam(params);
581 };
582 extendClass(KJUR.asn1.ocsp.ResponderID, KJUR.asn1.ASN1Object);
583 
584 /**
585  * ASN.1 class encoder for SEQUENCE OF SingleResponse<br/>
586  * @name KJUR.asn1.ocsp.SingleResponseList
587  * @class ASN.1 class encoder for SEQUENCE OF SingleResponse
588  * @param {Array} params array of JSON object for SingleResponse parameters
589  * @extends KJUR.asn1.ASN1Object
590  * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
591  * @see KJUR.asn1.ocsp.OCSPResponse
592  * @see KJUR.asn1.ocsp.ResponseBytes
593  * @see KJUR.asn1.ocsp.BasicOCSPResponse
594  * @see KJUR.asn1.ocsp.ResponseData
595  * @see KJUR.asn1.ocsp.SingleResponse
596  *
597  * @description
598  * ASN.1 class of SEQUENCE OF SingleResponse is defined in 
599  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
600  * <pre>
601  * ResponseData ::= SEQUENCE {
602  *    version              [0] EXPLICIT Version DEFAULT v1,
603  *    responderID              ResponderID,
604  *    producedAt               GeneralizedTime,
605  *    responses                SEQUENCE OF SingleResponse,
606  *    responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
607  * SingleResponse ::= SEQUENCE {
608  *    certID                       CertID,
609  *    certStatus                   CertStatus,
610  *    thisUpdate                   GeneralizedTime,
611  *    nextUpdate         [0]       EXPLICIT GeneralizedTime OPTIONAL,
612  *    singleExtensions   [1]       EXPLICIT Extensions OPTIONAL }
613  * </pre>
614  * Following properties are available:
615  * <ul>
616  * <li>{Array}name (OPTION) - JSON object of {@link KJUR.asn1.x509.X500Name} parameter
617  * for "byName"</li>
618  * <li>{String}key (OPTION) - hexadecimal string of KeyHash value</li>
619  * </ul>
620  *
621  * @example
622  * new KJUR.asn1.ocsp.SingleResponseList([{
623  *   certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"},
624  *   status: {status: "good"},
625  *   thisupdate: "20200903235959Z"
626  * },{
627  *   certid: {alg:"sha1",issname:"24ab",isskey:"24ab",sbjsn:"24ab"},
628  *   status: {status: "good"},
629  *   thisupdate: "20200904235959Z"
630  * ])
631  */
632 KJUR.asn1.ocsp.SingleResponseList = function(params) {
633     KJUR.asn1.ocsp.SingleResponseList.superclass.constructor.call(this);
634 
635     var _KJUR_asn1 = KJUR.asn1,
636 	_DERSequence = _KJUR_asn1.DERSequence,
637 	_SingleResponse = _KJUR_asn1.ocsp.SingleResponse;
638 
639     this.params = null;
640     
641     this.tohex = function() {
642 	var params = this.params;
643 
644 	if (typeof params != "object" || params.length == undefined) {
645 	    throw new Error("params not specified properly");
646 	}
647 
648 	var a = [];
649 	for (var i = 0; i < params.length; i++) {
650 	    a.push(new _SingleResponse(params[i]));
651 	}
652 
653 	var seq = new _DERSequence({array: a});
654 	return seq.tohex();
655     };
656     this.getEncodedHex = function() { return this.tohex(); };
657 
658     this.setByParam = function(params) {
659 	this.params = params;
660     };
661 
662     if (params !== undefined) this.setByParam(params);
663 };
664 extendClass(KJUR.asn1.ocsp.SingleResponseList, KJUR.asn1.ASN1Object);
665 
666 /**
667  * SingleResponse ASN.1 class encoder<br/>
668  * @name KJUR.asn1.ocsp.SingleResponse
669  * @class SingleResponse ASN.1 class encoder
670  * @param {Array} params JSON object for SingleResponse parameter
671  * @extends KJUR.asn1.ASN1Object
672  * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
673  * @see KJUR.asn1.ocsp.OCSPResponse
674  * @see KJUR.asn1.ocsp.ResponseBytes
675  * @see KJUR.asn1.ocsp.BasicOCSPResponse
676  * @see KJUR.asn1.ocsp.ResponseData
677  * @see KJUR.asn1.ocsp.SingleResponse
678  * @see KJUR.asn1.ocsp.CertID
679  * @see KJUR.asn1.ocsp.CertStatus
680  *
681  * @description
682  * ASN.1 class of SEQUENCE OF SingleResponse is defined in 
683  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
684  * <pre>
685  * SingleResponse ::= SEQUENCE {
686  *    certID                       CertID,
687  *    certStatus                   CertStatus,
688  *    thisUpdate                   GeneralizedTime,
689  *    nextUpdate         [0]       EXPLICIT GeneralizedTime OPTIONAL,
690  *    singleExtensions   [1]       EXPLICIT Extensions OPTIONAL }
691  * </pre>
692  * Following properties are available:
693  * <ul>
694  * <li>{Array}certid - JSON object of {@link KJUR.asn1.ocsp.CertID} parameter</li>
695  * <li>{Array}status - JSON object of {@link KJUR.asn1.ocsp.CertStatus} parameter</li>
696  * <li>{Object}thisupdate - {@link KJUR.asn1.DERGeneralizedTime} parameter
697  * for "thisUpdate"</li>
698  * <li>{Object}nextupdate (OPTION) - {@link KJUR.asn1.DERGeneralizedTime} parameter
699  * for "nextUpdate"</li>
700  * <li>{Array}ext (OPTION) - array of JSON object 
701  * {@link KJUR.asn1.x509.Extension} sub class parameter for
702  * "singleExtensions"</li>
703  * </ul>
704  *
705  * @example
706  * new KJUR.asn1.ocsp.SingleResponse({
707  *   certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"},
708  *   status: {status: "good"},
709  *   thisupdate: "20200903235959Z",
710  *   nextupdate: "20200913235959Z",
711  *   ext: [<<Extension parameters>>...]
712  * })
713  */
714 KJUR.asn1.ocsp.SingleResponse = function(params) {
715     var _Error = Error,
716 	_KJUR = KJUR,
717 	_KJUR_asn1 = _KJUR.asn1,
718 	_DERSequence = _KJUR_asn1.DERSequence,
719 	_DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime,
720 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
721 	_KJUR_asn1_ocsp = _KJUR_asn1.ocsp,
722 	_CertID = _KJUR_asn1_ocsp.CertID,
723 	_CertStatus = _KJUR_asn1_ocsp.CertStatus,
724 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
725 	_Extensions = _KJUR_asn1_x509.Extensions;
726 
727     _KJUR_asn1_ocsp.SingleResponse.superclass.constructor.call(this);
728 
729     this.params = null;
730     
731     this.tohex = function() {
732 	var params = this.params;
733 	var a = [];
734 
735 	if (params.certid == undefined) throw new _Error("certid unspecified");
736 	if (params.status == undefined) throw new _Error("status unspecified");
737 	if (params.thisupdate == undefined) throw new _Error("thisupdate unspecified");
738 
739 	a.push(new _CertID(params.certid));
740 	a.push(new _CertStatus(params.status));
741 	a.push(new _DERGeneralizedTime(params.thisupdate));
742 
743 	if (params.nextupdate != undefined) {
744 	    var dTime = new _DERGeneralizedTime(params.nextupdate);
745 	    a.push(new _DERTaggedObject({tag:'a0', explicit:true, obj:dTime}));
746 	}
747 
748 	if (params.ext != undefined) {
749 	    var dExt = new _Extensions(params.ext);
750 	    a.push(new _DERTaggedObject({tag:'a1', explicit:true, obj:dExt}));
751 	}
752 
753 	var seq = new _DERSequence({array: a});
754 	return seq.tohex();
755     };
756     this.getEncodedHex = function() { return this.tohex(); };
757 
758     this.setByParam = function(params) {
759 	this.params = params;
760     };
761 
762     if (params !== undefined) this.setByParam(params);
763 };
764 extendClass(KJUR.asn1.ocsp.SingleResponse, KJUR.asn1.ASN1Object);
765 
766 /**
767  * ASN.1 CertID class for OCSP<br/>
768  * @name KJUR.asn1.ocsp.CertID
769  * @class ASN.1 CertID class for OCSP
770  * @param {Array} params JSON object of parameters
771  * @extends KJUR.asn1.ASN1Object
772  * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
773  * @see KJUR.asn1.ocsp.SingleResponse
774  * @see KJUR.asn1.x509.AlgorithmIdentifier
775  *
776  * @description
777  * CertID ASN.1 class is defined in 
778  * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
779  * <pre>
780  * CertID ::= SEQUENCE {
781  *   hashAlgorithm   AlgorithmIdentifier,
782  *   issuerNameHash  OCTET STRING, -- Hash of issuer's DN
783  *   issuerKeyHash   OCTET STRING, -- Hash of issuer's public key
784  *   serialNumber    CertificateSerialNumber }
785  * </pre>
786  * Following properties are available in "params" of the constructor:
787  * <ul>
788  * <li>{String}alg (OPTION) - hash algorithm name. Default is "sha1" (ex, "sha1")</li>
789  * <li>{String}issname (OPTION) - hexadecimal string of issuerNameHash</li>
790  * <li>{String}isskey (OPTION) - hexadecimal string of issuerKeyHash</li>
791  * <li>{String}sbjsn (OPTION) - hexadecimal string of serial number of subject certificate</li>
792  * <li>{String}issuerCert (OPTION) - PEM string of issuer certificate.
793  * Property "issname" and "isskey" will be set by "issuerCert".</li>
794  * <li>{String}subjectCert (OPTION) - PEM string of issuer certificate.
795  * Property "sbjsn" will be set by "subjectCert".</li>
796  * </ul>
797  * <br/>
798  * NOTE: Properties "namehash", "keyhash" and "serial" are
799  * changed to "issname", "isskey", and "sbjsn" respectively
800  * since jsrsasign 9.1.6 asn1ocsp 1.1.0.
801  *
802  * @example
803  * // constructor with explicit values (changed since jsrsasign 9.1.6)
804  * new KJUR.asn1.ocsp.CertID({issname: "1a...", isskey: "ad...", sbjsn: "1234", alg: "sha256"});
805  *
806  * // constructor with certs (sha1 is used by default)
807  * o = new KJUR.asn1.ocsp.CertID({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN..."});
808  *
809  * // constructor with certs and sha256
810  * o = new KJUR.asn1.ocsp.CertID({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"});
811  */
812 KJUR.asn1.ocsp.CertID = function(params) {
813     var _KJUR = KJUR,
814 	_KJUR_asn1 = _KJUR.asn1,
815 	_DEROctetString = _KJUR_asn1.DEROctetString,
816 	_DERInteger = _KJUR_asn1.DERInteger,
817 	_DERSequence = _KJUR_asn1.DERSequence,
818 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
819 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier,
820 	_KJUR_asn1_ocsp = _KJUR_asn1.ocsp,
821 	_DEFAULT_HASH = _KJUR_asn1_ocsp.DEFAULT_HASH,
822 	_KJUR_crypto = _KJUR.crypto,
823 	_hashHex = _KJUR_crypto.Util.hashHex,
824 	_X509 = X509,
825 	_ASN1HEX = ASN1HEX,
826 	_getVbyList = _ASN1HEX.getVbyList;
827 
828     _KJUR_asn1_ocsp.CertID.superclass.constructor.call(this);
829 
830     this.DEFAULT_HASH = "sha1";
831     this.params = null;
832 
833     /**
834      * set CertID ASN.1 object by values.<br/>
835      * @name setByValue
836      * @memberOf KJUR.asn1.ocsp.CertID#
837      * @function
838      * @param {String} issuerNameHashHex hexadecimal string of hash value of issuer name
839      * @param {String} issuerKeyHashHex hexadecimal string of hash value of issuer public key
840      * @param {String} serialNumberHex hexadecimal string of certificate serial number to be verified
841      * @param {String} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1
842      * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
843      * @example
844      * o = new KJUR.asn1.ocsp.CertID();
845      * o.setByValue("1fac...", "fd3a...", "1234"); // sha1 is used by default
846      * o.setByValue("1fac...", "fd3a...", "1234", "sha256");
847      */
848     this.setByValue = function(issuerNameHashHex, issuerKeyHashHex,
849 			       serialNumberHex, algName) {
850 	if (algName == undefined) algName = this.DEFAULT_HASH;
851 	this.params = {
852 	    alg: algName,
853 	    issname: issuerNameHashHex,
854 	    isskey: issuerKeyHashHex,
855 	    sbjsn: serialNumberHex
856 	};
857     };
858 
859     /**
860      * set CertID ASN.1 object by PEM certificates.<br/>
861      * @name setByCert
862      * @memberOf KJUR.asn1.ocsp.CertID#
863      * @function
864      * @param {String} issuerCert string of PEM issuer certificate
865      * @param {String} subjectCert string of PEM subject certificate to be verified by OCSP
866      * @param {String} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1
867      * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
868      * @deprecated since jsrsasign 10.5.7 asn1ocsp 1.1.6. Please use setByParam instead.
869      *
870      * @example
871      * o = new KJUR.asn1.ocsp.CertID();
872      * o.setByCert("-----BEGIN...", "-----BEGIN..."); // sha1 is used by default
873      * o.setByCert("-----BEGIN...", "-----BEGIN...", "sha256");
874      */
875     this.setByCert = function(issuerCert, subjectCert, algName) {
876 	if (algName == undefined) algName = this.DEFAULT_HASH;
877 	this.params = {
878 	    alg: algName,
879 	    issuerCert: issuerCert,
880 	    subjectCert: subjectCert,
881 	};
882     };
883 
884     /**
885      * calculate CertID parameter by certificates.<br/>
886      * @name getParamByCerts
887      * @memberOf KJUR.asn1.ocsp.CertID#
888      * @function
889      * @param {string} issuerCert string of PEM issuer certificate
890      * @param {string} subjectCert string of PEM subject certificate to be verified by OCSP
891      * @param {string} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1
892      * @param {object} associative array with alg, issname, isskey and sbjsn members
893      * @since jsrsasign 10.5.7 asn1ocsp 1.1.6
894      *
895      * @description
896      * This method calculates issuer name hash, issuer key hash and subject serial
897      * number then returns an associative array with alg, issname, isskey and sbjsn members.
898      *
899      * @example
900      * o = new KJUR.asn1.ocsp.CertID();
901      * o.getParamByCerts("-----BEGIN...", "-----BEGIN...", "sha256") →
902      * {
903      *   alg: "sha256",
904      *   issname: "12abcd...",
905      *   isskey: "23cdef...",
906      *   sbjsn: "57b3..."
907      * }
908      */
909     this.getParamByCerts = function(issCert, sbjCert, algName) {
910 	if (algName == undefined) algName = this.DEFAULT_HASH;
911 	var xISS = new _X509(issCert);
912 	var xSBJ = new _X509(sbjCert);
913 	var issname = _hashHex(xISS.getSubjectHex(), algName);
914 	var hSPKI = xISS.getPublicKeyHex();
915 	var isskey = _hashHex(_getVbyList(hSPKI, 0, [1], "03", true), algName);
916 	var sbjsn = xSBJ.getSerialNumberHex();
917 	var info = {
918 	    alg: algName,
919 	    issname: issname,
920 	    isskey: isskey,
921 	    sbjsn: sbjsn
922 	};
923 	return info;
924     };
925 
926     this.tohex = function() {
927 	if (typeof this.params != "object") throw new Error("params not set");
928 	    
929 	var p = this.params;
930 	var issname, isskey, sbjsn, alg;
931 
932 	if (p.alg == undefined) {
933 	    alg = this.DEFAULT_HASH;
934 	} else {
935 	    alg = p.alg;
936 	}
937 
938 	if (p.issuerCert != undefined &&
939 	    p.subjectCert != undefined) {
940 	    var info = this.getParamByCerts(p.issuerCert, p.subjectCert, alg);
941 	    issname = info.issname;
942 	    isskey = info.isskey;
943 	    sbjsn = info.sbjsn;
944 	} else if (p.issname != undefined &&
945 		   p.isskey != undefined &&
946 		   p.sbjsn != undefined) {
947 	    issname = p.issname;
948 	    isskey = p.isskey;
949 	    sbjsn = p.sbjsn;
950 	} else {
951 	    throw new Error("required param members not defined");
952 	}
953 
954 	var dAlg = new _AlgorithmIdentifier({name: alg});
955 	var dIssName = new _DEROctetString({hex: issname});
956 	var dIssKey = new _DEROctetString({hex: isskey});
957 	var dSbjSn = new _DERInteger({hex: sbjsn});
958 	var seq = new _DERSequence({array: [dAlg, dIssName, dIssKey, dSbjSn]});
959         this.hTLV = seq.tohex();
960         return this.hTLV;
961     };
962     this.getEncodedHex = function() { return this.tohex(); };
963 
964     if (params !== undefined) this.setByParam(params);
965 };
966 extendClass(KJUR.asn1.ocsp.CertID, KJUR.asn1.ASN1Object);
967 
968 /**
969  * CertStatus ASN.1 class encoder<br/>
970  * @name KJUR.asn1.ocsp.CertStatus
971  * @class CertStatus ASN.1 class encoder
972  * @param {Array} params JSON object for CertStatus parameter
973  * @extends KJUR.asn1.ASN1Object
974  * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
975  * @see KJUR.asn1.ocsp.OCSPResponse
976  * @see KJUR.asn1.ocsp.ResponseBytes
977  * @see KJUR.asn1.ocsp.BasicOCSPResponse
978  * @see KJUR.asn1.ocsp.ResponseData
979  * @see KJUR.asn1.ocsp.SingleResponse
980  * @see KJUR.asn1.ocsp.CertID
981  * @see KJUR.asn1.ocsp.CertStatus
982  *
983  * @description
984  * ASN.1 class of SEQUENCE OF SingleResponse is defined in 
985  * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
986  * <pre>
987  * CertStatus ::= CHOICE {
988  *     good        [0]     IMPLICIT NULL,
989  *     revoked     [1]     IMPLICIT RevokedInfo,
990  *     unknown     [2]     IMPLICIT UnknownInfo }
991  * RevokedInfo ::= SEQUENCE {
992  *     revocationTime              GeneralizedTime,
993  *     revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
994  * UnknownInfo ::= NULL
995  * CRLReason ::= ENUMERATED {
996  *      unspecified             (0),
997  *      keyCompromise           (1),
998  *      cACompromise            (2),
999  *      affiliationChanged      (3),
1000  *      superseded              (4),
1001  *      cessationOfOperation    (5),
1002  *      certificateHold         (6),
1003  *           -- value 7 is not used
1004  *      removeFromCRL           (8),
1005  *      privilegeWithdrawn      (9),
1006  *      aACompromise           (10) }
1007  * </pre>
1008  * Following properties are available:
1009  * <ul>
1010  * <li>{String}status - "good", "revoked" or "unknown"</li>
1011  * <li>{String}time (OPTION) - revocationTime YYYYMMDDHHmmSSZ (ex. "20200904235959Z")</li>
1012  * <li>{Number}reason (OPTION) - revocationReason code number</li>
1013  * </ul>
1014  *
1015  * @example
1016  * new KJUR.asn1.ocsp.CertStatus({status: "good"})
1017  * new KJUR.asn1.ocsp.CertStatus({status: "revoked", time: "20200903235959Z"})
1018  * new KJUR.asn1.ocsp.CertStatus({status: "revoked", time: "20200903235959Z", reason: 3})
1019  * new KJUR.asn1.ocsp.CertStatus({status: "unknown"})
1020  */
1021 KJUR.asn1.ocsp.CertStatus = function(params) {
1022     KJUR.asn1.ocsp.CertStatus.superclass.constructor.call(this);
1023 
1024     this.params = null;
1025 
1026     this.tohex = function() {
1027 	var params = this.params;
1028 	if (params.status == "good") return "8000";
1029 	if (params.status == "unknown") return "8200";
1030 	if (params.status == "revoked") {
1031 	    var a = [{gentime: {str: params.time}}];
1032 	    if (params.reason != undefined) {
1033 		a.push({tag: {tag: 'a0', 
1034 			      explicit: true,
1035 			      obj: {'enum': {'int': params.reason}}}});
1036 	    }
1037 	    var tagParam = {tag: 'a1', explicit: false, obj: {seq: a}};
1038 	    return KJUR.asn1.ASN1Util.newObject({tag: tagParam}).tohex();
1039 	}
1040 	throw new Error("bad status");
1041     };
1042     this.getEncodedHex = function() { return this.tohex(); };
1043 
1044     this.setByParam = function(params) {
1045 	this.params = params;
1046     };
1047 
1048     if (params !== undefined) this.setByParam(params);
1049 };
1050 extendClass(KJUR.asn1.ocsp.CertStatus, KJUR.asn1.ASN1Object);
1051 
1052 // ---- END OF Classes for OCSP response -----------------------------------
1053 
1054 /**
1055  * ASN.1 Request class for OCSP<br/>
1056  * @name KJUR.asn1.ocsp.Request
1057  * @class ASN.1 Request class for OCSP
1058  * @param {Array} params associative array of parameters
1059  * @extends KJUR.asn1.ASN1Object
1060  * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
1061  * @description
1062  * Request ASN.1 class is defined in 
1063  * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
1064  * singleRequestExtensions is not supported yet in this version such as nonce.
1065  * <pre>
1066  * Request ::= SEQUENCE {
1067  *   reqCert                  CertID,
1068  *   singleRequestExtensions  [0] EXPLICIT Extensions OPTIONAL }
1069  * </pre>
1070  * @example
1071  * // default constructor
1072  * o = new KJUR.asn1.ocsp.Request();
1073  * // constructor with certs (sha1 is used by default)
1074  * o = new KJUR.asn1.ocsp.Request({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN..."});
1075  * // constructor with certs and sha256
1076  * o = new KJUR.asn1.ocsp.Request({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"});
1077  * // constructor with values
1078  * o = new KJUR.asn1.ocsp.Request({namehash: "1a...", keyhash: "ad...", serial: "1234", alg: "sha256"});
1079  */
1080 KJUR.asn1.ocsp.Request = function(params) {
1081     var _KJUR = KJUR,
1082 	_KJUR_asn1 = _KJUR.asn1,
1083 	_DERSequence = _KJUR_asn1.DERSequence,
1084 	_KJUR_asn1_ocsp = _KJUR_asn1.ocsp;
1085     
1086     _KJUR_asn1_ocsp.Request.superclass.constructor.call(this);
1087     this.dReqCert = null;
1088     this.dExt = null;
1089     
1090     this.tohex = function() {
1091 	var a = [];
1092 
1093 	// 1. reqCert
1094 	if (this.dReqCert === null)
1095 	    throw "reqCert not set";
1096 	a.push(this.dReqCert);
1097 
1098 	// 2. singleRequestExtensions (not supported yet)
1099 
1100 	// 3. construct SEQUENCE
1101 	var seq = new _DERSequence({array: a});
1102         this.hTLV = seq.tohex();
1103         return this.hTLV;
1104     };
1105     this.getEncodedHex = function() { return this.tohex(); };
1106 
1107     if (typeof params !== "undefined") {
1108 	var o = new _KJUR_asn1_ocsp.CertID(params);
1109 	this.dReqCert = o;
1110     }
1111 };
1112 extendClass(KJUR.asn1.ocsp.Request, KJUR.asn1.ASN1Object);
1113 
1114 /**
1115  * ASN.1 TBSRequest class for OCSP<br/>
1116  * @name KJUR.asn1.ocsp.TBSRequest
1117  * @class ASN.1 TBSRequest class for OCSP
1118  * @param {Array} params associative array of parameters
1119  * @extends KJUR.asn1.ASN1Object
1120  * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
1121  * @description
1122  * TBSRequest ASN.1 class is defined in 
1123  * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
1124  * <pre>
1125  * TBSRequest ::= SEQUENCE {
1126  *   version            [0] EXPLICIT Version DEFAULT v1,
1127  *   requestorName      [1] EXPLICIT GeneralName OPTIONAL,
1128  *   requestList            SEQUENCE OF Request,
1129  *   requestExtensions  [2] EXPLICIT Extensions OPTIONAL }
1130  * </pre>
1131  * @example
1132  * // default constructor
1133  * o = new KJUR.asn1.ocsp.TBSRequest();
1134  * // constructor with requestList parameter
1135  * o = new KJUR.asn1.ocsp.TBSRequest({reqList:[
1136  *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg:},
1137  *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"}
1138  * ]});
1139  */
1140 KJUR.asn1.ocsp.TBSRequest = function(params) {
1141     var _KJUR = KJUR,
1142 	_KJUR_asn1 = _KJUR.asn1,
1143 	_DERSequence = _KJUR_asn1.DERSequence,
1144 	_KJUR_asn1_ocsp = _KJUR_asn1.ocsp;
1145 
1146     _KJUR_asn1_ocsp.TBSRequest.superclass.constructor.call(this);
1147     this.version = 0;
1148     this.dRequestorName = null;
1149     this.dRequestList = [];
1150     this.dRequestExt = null;
1151 
1152     /**
1153      * set TBSRequest ASN.1 object by array of parameters.<br/>
1154      * @name setRequestListByParam
1155      * @memberOf KJUR.asn1.ocsp.TBSRequest#
1156      * @function
1157      * @param {Array} aParams array of parameters for Request class
1158      * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
1159      * @example
1160      * o = new KJUR.asn1.ocsp.TBSRequest();
1161      * o.setRequestListByParam([
1162      *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg:},
1163      *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"}
1164      * ]);
1165      */
1166     this.setRequestListByParam = function(aParams) {
1167 	var a = [];
1168 	for (var i = 0; i < aParams.length; i++) {
1169 	    var dReq = new _KJUR_asn1_ocsp.Request(aParams[0]);
1170 	    a.push(dReq);
1171 	}
1172 	this.dRequestList = a;
1173     };
1174 
1175     this.tohex = function() {
1176 	var a = [];
1177 
1178 	// 1. version
1179 	if (this.version !== 0)
1180 	    throw "not supported version: " + this.version;
1181 
1182 	// 2. requestorName
1183 	if (this.dRequestorName !== null)
1184 	    throw "requestorName not supported";
1185 
1186 	// 3. requestList
1187 	var seqRequestList = 
1188 	    new _DERSequence({array: this.dRequestList});
1189 	a.push(seqRequestList);
1190 
1191 	// 4. requestExtensions
1192 	if (this.dRequestExt !== null)
1193 	    throw "requestExtensions not supported";
1194 
1195 	// 5. construct SEQUENCE
1196 	var seq = new _DERSequence({array: a});
1197         this.hTLV = seq.tohex();
1198         return this.hTLV;
1199     };
1200     this.getEncodedHex = function() { return this.tohex(); };
1201 
1202     if (params !== undefined) {
1203 	if (params.reqList !== undefined)
1204 	    this.setRequestListByParam(params.reqList);
1205     }
1206 };
1207 extendClass(KJUR.asn1.ocsp.TBSRequest, KJUR.asn1.ASN1Object);
1208 
1209 
1210 /**
1211  * ASN.1 OCSPRequest class for OCSP<br/>
1212  * @name KJUR.asn1.ocsp.OCSPRequest
1213  * @class ASN.1 OCSPRequest class for OCSP
1214  * @param {Array} params associative array of parameters
1215  * @extends KJUR.asn1.ASN1Object
1216  * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
1217  * @description
1218  * OCSPRequest ASN.1 class is defined in 
1219  * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
1220  * A signed request is not supported yet in this version.
1221  * <pre>
1222  * OCSPRequest ::= SEQUENCE {
1223  *   tbsRequest             TBSRequest,
1224  *   optionalSignature  [0] EXPLICIT Signature OPTIONAL }
1225  * </pre>
1226  * @example
1227  * // default constructor
1228  * o = new KJUR.asn1.ocsp.OCSPRequest();
1229  * // constructor with requestList parameter
1230  * o = new KJUR.asn1.ocsp.OCSPRequest({reqList:[
1231  *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg:},
1232  *   {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"}
1233  * ]});
1234  */
1235 KJUR.asn1.ocsp.OCSPRequest = function(params) {
1236     var _KJUR = KJUR,
1237 	_KJUR_asn1 = _KJUR.asn1,
1238 	_DERSequence = _KJUR_asn1.DERSequence,
1239 	_KJUR_asn1_ocsp = _KJUR_asn1.ocsp;
1240 
1241     _KJUR_asn1_ocsp.OCSPRequest.superclass.constructor.call(this);
1242     this.dTbsRequest = null;
1243     this.dOptionalSignature = null;
1244 
1245     this.tohex = function() {
1246 	var a = [];
1247 
1248 	// 1. tbsRequest
1249 	if (this.dTbsRequest !== null) {
1250 	    a.push(this.dTbsRequest);
1251 	} else {
1252 	    throw "tbsRequest not set";
1253 	}
1254 
1255 	// 2. optionalSignature
1256 	if (this.dOptionalSignature !== null)
1257 	    throw "optionalSignature not supported";
1258 
1259 	// 3. construct SEQUENCE
1260 	var seq = new _DERSequence({array: a});
1261         this.hTLV = seq.tohex();
1262         return this.hTLV;
1263     };
1264     this.getEncodedHex = function() { return this.tohex(); };
1265 
1266     if (params !== undefined) {
1267 	if (params.reqList !== undefined) {
1268 	    var o = new _KJUR_asn1_ocsp.TBSRequest(params);
1269 	    this.dTbsRequest = o;
1270 	}
1271     }
1272 };
1273 extendClass(KJUR.asn1.ocsp.OCSPRequest, KJUR.asn1.ASN1Object);
1274 
1275 /**
1276  * Utility class for OCSP<br/>
1277  * @name KJUR.asn1.ocsp.OCSPUtil
1278  * @class Utility class for OCSP
1279  * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
1280  * @description
1281  * This class provides utility static methods for OCSP.
1282  * <ul>
1283  * <li>{@link KJUR.asn1.ocsp.OCSPUtil.getRequestHex} - generates hexadecimal string of OCSP request</li>
1284  * </ul>
1285  */
1286 KJUR.asn1.ocsp.OCSPUtil = {};
1287 
1288 /**
1289  * generates hexadecimal string of OCSP request<br/>
1290  * @name getRequestHex
1291  * @memberOf KJUR.asn1.ocsp.OCSPUtil
1292  * @function
1293  * @param {String} issuerCert string of PEM issuer certificate
1294  * @param {String} subjectCert string of PEM subject certificate to be verified by OCSP
1295  * @param {String} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1
1296  * @return {String} hexadecimal string of generated OCSP request
1297  * @since jsrsasign 6.1.0 asn1ocsp 1.0.0
1298  * @description
1299  * This static method generates hexadecimal string of OCSP request.
1300  * @example
1301  * // generate OCSP request using sha1 algorithnm by default.
1302  * hReq = KJUR.asn1.ocsp.OCSPUtil.getRequestHex("-----BEGIN...", "-----BEGIN...");
1303  */
1304 KJUR.asn1.ocsp.OCSPUtil.getRequestHex = function(issuerCert, subjectCert, alg) {
1305     var _KJUR = KJUR,
1306 	_KJUR_asn1 = _KJUR.asn1,
1307 	_KJUR_asn1_ocsp = _KJUR_asn1.ocsp;
1308 
1309     if (alg === undefined) alg = _KJUR_asn1_ocsp.DEFAULT_HASH;
1310     var param = {alg: alg, issuerCert: issuerCert, subjectCert: subjectCert};
1311     var o = new _KJUR_asn1_ocsp.OCSPRequest({reqList: [param]});
1312     return o.tohex();
1313 };
1314 
1315 /**
1316  * simple parser for OCSPResponse (DEPRECATED)<br/>
1317  * @name getOCSPResponseInfo
1318  * @memberOf KJUR.asn1.ocsp.OCSPUtil
1319  * @function
1320  * @param {String} h hexadecimal string of DER OCSPResponse
1321  * @return {Object} JSON object of parsed OCSPResponse
1322  * @since jsrsasign 6.1.0 asn1ocsp 1.0.1
1323  * @deprecated since jsrsasign 10.4.0 asn1ocsp 1.1.5 Please use OCSPParser.getOCSPRespnose
1324  *
1325  * @description
1326  * This static method parse a hexadecimal string of DER OCSPResponse and
1327  * returns JSON object of its parsed result.
1328  * Its result has following properties:
1329  * <ul>
1330  * <li>responseStatus - integer of responseStatus</li>
1331  * <li>certStatus - string of certStatus (ex. good, revoked or unknown)</li>
1332  * <li>thisUpdate - string of thisUpdate in Zulu(ex. 20151231235959Z)</li>
1333  * <li>nextUpdate - string of nextUpdate in Zulu(ex. 20151231235959Z)</li>
1334  * </ul>
1335  * NOTE: This method may not work preperly. Please use 
1336  * {@link KJUR.asn1.ocsp.OCSPParser#getOCSPResponse}.
1337  *
1338  * @example
1339  * info = KJUR.asn1.ocsp.OCSPUtil.getOCSPResponseInfo("3082...");
1340  */
1341 KJUR.asn1.ocsp.OCSPUtil.getOCSPResponseInfo = function(h) {
1342     var _ASN1HEX = ASN1HEX,
1343 	_getVbyList = _ASN1HEX.getVbyList,
1344 	_getVbyListEx = _ASN1HEX.getVbyListEx,
1345 	_getIdxbyList = _ASN1HEX.getIdxbyList,
1346 	_getIdxbyListEx = _ASN1HEX.getIdxbyListEx,
1347 	_getV = _ASN1HEX.getV;
1348 
1349     var result = {};
1350     try {
1351 	var v = _getVbyListEx(h, 0, [0], "0a");
1352 	result.responseStatus = parseInt(v, 16);
1353     } catch(ex) {};
1354     if (result.responseStatus !== 0) return result;
1355 
1356     try {
1357 	// certStatus
1358 	var idxCertStatus = _getIdxbyList(h, 0, [1,0,1,0,0,2,0,1]);
1359 	if (h.substr(idxCertStatus, 2) === "80") {
1360 	    result.certStatus = "good";
1361 	} else if (h.substr(idxCertStatus, 2) === "a1") {
1362 	    result.certStatus = "revoked";
1363 	    result.revocationTime = 
1364 		hextoutf8(_getVbyList(h, idxCertStatus, [0]));
1365 	} else if (h.substr(idxCertStatus, 2) === "82") {
1366 	    result.certStatus = "unknown";
1367 	}
1368     } catch (ex) {};
1369 
1370     // thisUpdate
1371     try {
1372 	var idxThisUpdate = _getIdxbyList(h, 0, [1,0,1,0,0,2,0,2]);
1373 	result.thisUpdate = hextoutf8(_getV(h, idxThisUpdate));
1374     } catch (ex) {};
1375 
1376     // nextUpdate
1377     try {
1378 	var idxEncapNextUpdate = _getIdxbyList(h, 0, [1,0,1,0,0,2,0,3]);
1379 	if (h.substr(idxEncapNextUpdate, 2) === "a0") {
1380 	    result.nextUpdate = 
1381 		hextoutf8(_getVbyList(h, idxEncapNextUpdate, [0]));
1382 	}
1383     } catch (ex) {};
1384 
1385     return result;
1386 };
1387 
1388 /**
1389  * OCSP request and response parser<br/>
1390  * @name KJUR.asn1.ocsp.OCSPParser
1391  * @class OCSP request and response parser
1392  * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
1393  *
1394  * @description
1395  * This class provides ASN.1 parser for
1396  * OCSP related ASN.1 data. <br/>
1397  * NOTE: OCSPResponse parser supported from jsrsasign 10.4.0.
1398  * <br/>
1399  * This parser supports following OCSP ASN.1 classes:
1400  * <ul>
1401  * <li>OCSP REQUEST
1402  * <ul>
1403  * <li>OCSPRequest - {@link KJUR.asn1.ocsp.OCSPParser#getOCSPRequest}</li>
1404  * <li>TBSRequest - {@link KJUR.asn1.ocsp.OCSPParser#getTBSRequest}</li>
1405  * <li>SEQUENCE OF Request - {@link KJUR.asn1.ocsp.OCSPParser#getRequestList}</li>
1406  * <li>Request - {@link KJUR.asn1.ocsp.OCSPParser#getRequest}</li>
1407  * </ul>
1408  * </li>
1409  * <li>OCSP RESPONSE
1410  * <ul>
1411  * <li>OCSPResponse - {@link KJUR.asn1.ocsp.OCSPParser#getOCSPResponse}</li>
1412  * <li>ResponseBytes - {@link KJUR.asn1.ocsp.OCSPParser#getResponseBytes}</li>
1413  * <li>BasicOCSPResponse - {@link KJUR.asn1.ocsp.OCSPParser#getBasicOCSPResponse}</li>
1414  * <li>ResponseData - {@link KJUR.asn1.ocsp.OCSPParser#getResponseData}</li>
1415  * <li>ResponderID - {@link KJUR.asn1.ocsp.OCSPParser#getResponderID}</li>
1416  * <li>SEQUENCE OF SingleResponse - {@link KJUR.asn1.ocsp.OCSPParser#getSingleResponseList}</li>
1417  * <li>SingleResponse - {@link KJUR.asn1.ocsp.OCSPParser#getSingleResponse}</li>
1418  * <li>CertStatus - {@link KJUR.asn1.ocsp.OCSPParser#getCertStatus}</li>
1419  * </ul>
1420  * </li>
1421  * <li>common
1422  * <ul>
1423  * <li>CertID - {@link KJUR.asn1.ocsp.OCSPParser#getCertID}</li>
1424  * </ul>
1425  * </li>
1426  * </ul>
1427  */
1428 KJUR.asn1.ocsp.OCSPParser = function() {
1429     var _Error = Error,
1430 	_X509 = X509,
1431 	_x509obj = new _X509(),
1432 	_ASN1HEX = ASN1HEX,
1433 	_getV = _ASN1HEX.getV,
1434 	_getTLV = _ASN1HEX.getTLV,
1435 	_getIdxbyList = _ASN1HEX.getIdxbyList,
1436 	_getVbyList = _ASN1HEX.getVbyList,
1437 	_getTLVbyList = _ASN1HEX.getTLVbyList,
1438 	_getVbyListEx = _ASN1HEX.getVbyListEx,
1439 	_getTLVbyListEx = _ASN1HEX.getTLVbyListEx,
1440 	_getChildIdx = _ASN1HEX.getChildIdx;
1441 
1442     /**
1443      * parse ASN.1 OCSPRequest<br/>
1444      * @name getOCSPRequest
1445      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1446      * @function
1447      * @param {String} h hexadecimal string of ASN.1 OCSPRequest
1448      * @return {Array} array of JSON object of OCSPRequest parameter
1449      * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
1450      *
1451      * @description
1452      * This method will parse a hexadecimal string of 
1453      * OCSPRequest ASN.1 class is defined in 
1454      * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
1455      * <pre>
1456      * OCSPRequest ::= SEQUENCE {
1457      *   tbsRequest              TBSRequest,
1458      *   optionalSignature  [0]  EXPLICIT Signature OPTIONAL }
1459      * TBSRequest  ::=  SEQUENCE {
1460      *   version            [0]  EXPLICIT Version DEFAULT v1,
1461      *   requestorName      [1]  EXPLICIT GeneralName OPTIONAL,
1462      *   requestList             SEQUENCE OF Request,
1463      *   requestExtensions  [2]  EXPLICIT Extensions OPTIONAL }
1464      * Signature       ::=     SEQUENCE {
1465      *   signatureAlgorithm      AlgorithmIdentifier,
1466      *   signature               BIT STRING,
1467      *   certs              [0] EXPLICIT SEQUENCE OF Certificate
1468      *                          OPTIONAL}
1469      * </pre>
1470      * Currently Signature in OCSPRequest is not supported.
1471      * <br/>
1472      * 
1473      * @see KJUR.asn1.ocsp.OCSPParser#getTBSRequest
1474      * @see KJUR.asn1.ocsp.OCSPRequest
1475      *
1476      * @example
1477      * o = new KJUR.asn1.ocsp.OCSPParser();
1478      * o.getOCSPRequest("30...") →
1479      * { array: [{
1480      *    "alg": "sha1",
1481      *    "issname": "105fa67a80089db5279f35ce830b43889ea3c70d",
1482      *    "isskey": "0f80611c823161d52f28e78d4638b42ce1c6d9e2",
1483      *    "sbjsn": "0fef62075d715dc5e1d8bd03775c9686" }]}
1484      */
1485     this.getOCSPRequest = function(h) {
1486 	var a = _getChildIdx(h, 0);
1487 
1488 	if (a.length != 1 && a.length != 2) {
1489 	    throw new _Error("wrong number elements: " + a.length);
1490 	}
1491 
1492 	var result = this.getTBSRequest(_getTLV(h, a[0]));
1493 	return result;
1494     };
1495 
1496     /**
1497      * parse ASN.1 TBSRequest of OCSP<br/>
1498      * @name getTBSRequest
1499      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1500      * @function
1501      * @param {String} h hexadecimal string of ASN.1 TBSRequest of OCSP
1502      * @return {Array} array of JSON object of TBSRequest parameter
1503      * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
1504      *
1505      * @description
1506      * This method will parse
1507      * TBSRequest ASN.1 class is defined in 
1508      * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
1509      * <pre>
1510      * TBSRequest  ::=  SEQUENCE {
1511      *   version            [0]  EXPLICIT Version DEFAULT v1,
1512      *   requestorName      [1]  EXPLICIT GeneralName OPTIONAL,
1513      *   requestList             SEQUENCE OF Request,
1514      *   requestExtensions  [2]  EXPLICIT Extensions OPTIONAL }
1515      * </pre>
1516      *
1517      * @see KJUR.asn1.ocsp.OCSPParser#getOCSPRequest
1518      * @see KJUR.asn1.ocsp.OCSPParser#getRequestList
1519      * @see KJUR.asn1.ocsp.TBSRequest
1520      *
1521      * @example
1522      * o = new KJUR.asn1.ocsp.OCSPParser();
1523      * o.getTBSRequest("30...") →
1524      * {array: [{
1525      *   "alg": "sha1",
1526      *   "issname": "105fa67a80089db5279f35ce830b43889ea3c70d",
1527      *   "isskey": "0f80611c823161d52f28e78d4638b42ce1c6d9e2",
1528      *   "sbjsn": "0fef62075d715dc5e1d8bd03775c9686" }]}
1529      */
1530     this.getTBSRequest = function(h) {
1531 	var result = {};
1532 	var hReqList = _getTLVbyListEx(h, 0, [0], "30");
1533 	result.array = this.getRequestList(hReqList);
1534 	var hExt = _getTLVbyListEx(h, 0, ["[2]", 0], "30");
1535 	if (hExt != null) {
1536 	    result.ext = _x509obj.getExtParamArray(hExt);
1537 	}
1538 
1539 	return result;
1540     };
1541 
1542     /**
1543      * parse ASN.1 SEQUENCE OF Request in OCSP<br/>
1544      * @name getRequestList
1545      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1546      * @function
1547      * @param {String} h hexadecimal string of ASN.1 SEQUENCE OF Request in OCSP
1548      * @return {Array} array of JSON object of Request parameter
1549      * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
1550      *
1551      * @description
1552      * This method will parse a hexadecimal string of
1553      * SEQUENCE OF Request ASN.1 class is defined in 
1554      * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
1555      * <br/>
1556      * NOTE: singleRequestExtensions is not supported yet in this version such as nonce.
1557      * <pre>
1558      * TBSRequest  ::=  SEQUENCE {
1559      *   version            [0]  EXPLICIT Version DEFAULT v1,
1560      *   requestorName      [1]  EXPLICIT GeneralName OPTIONAL,
1561      *   requestList             SEQUENCE OF Request,
1562      *   requestExtensions  [2]  EXPLICIT Extensions OPTIONAL }
1563      * Request ::= SEQUENCE {
1564      *   reqCert                  CertID,
1565      *   singleRequestExtensions  [0] EXPLICIT Extensions OPTIONAL }      
1566      * </pre>
1567      *
1568      * @see KJUR.asn1.ocsp.OCSPParser#getTBSRequest
1569      * @see KJUR.asn1.ocsp.OCSPParser#getRequest
1570      * @see KJUR.asn1.ocsp.RequestList
1571      * @see KJUR.asn1.ocsp.Request
1572      *
1573      * @example
1574      * o = new KJUR.asn1.ocsp.OCSPParser();
1575      * o.getRequestList("30...") →
1576      * [{ alg: "sha1"
1577      *   issname: "...hex...",
1578      *   isskey: "...hex...",
1579      *   sbjsn: "...hex...",
1580      *   ext: [<<singleRequestExtension parameters>>...] }]
1581      */
1582     this.getRequestList = function(h) {
1583 	var result = [];
1584 	var a = _getChildIdx(h, 0);
1585 	for (var i = 0; i < a.length; i++) {
1586 	    var h = _getTLV(h, a[i]);
1587 	    result.push(this.getRequest(h));
1588 	}
1589 	return result;
1590     };
1591 
1592     /**
1593      * parse ASN.1 Request of OCSP<br/>
1594      * @name getRequest
1595      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1596      * @function
1597      * @param {String} h hexadecimal string of ASN.1 Request of OCSP
1598      * @return JSON object of Request parameter
1599      * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
1600      *
1601      * @description
1602      * This method will parse a hexadecimal string of
1603      * Request ASN.1 class is defined in 
1604      * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
1605      * <pre>
1606      * Request ::= SEQUENCE {
1607      *   reqCert                  CertID,
1608      *   singleRequestExtensions  [0] EXPLICIT Extensions OPTIONAL }      
1609      * </pre>
1610      *
1611      * @see KJUR.asn1.ocsp.OCSPParser#getTBSRequest
1612      * @see KJUR.asn1.ocsp.OCSPParser#getRequestList
1613      * @see KJUR.asn1.ocsp.OCSPParser#getCertID
1614      * @see KJUR.asn1.ocsp.RequestList
1615      * @see KJUR.asn1.ocsp.Request
1616      * @see KJUR.asn1.ocsp.CertID
1617      *
1618      * @example
1619      * o = new KJUR.asn1.ocsp.OCSPParser();
1620      * o.getRequest("30...") →
1621      * { alg: "sha1"
1622      *   issname: "...hex...",
1623      *   isskey: "...hex...",
1624      *   sbjsn: "...hex...",
1625      *   ext: [<<singleRequestExtension parameters>>...] }
1626      */
1627     this.getRequest = function(h) {
1628 	var a = _getChildIdx(h, 0);
1629 	if (a.length != 1 && a.length != 2) {
1630 	    throw new _Error("wrong number elements: " + a.length);
1631 	}
1632 	
1633 	var params = this.getCertID(_getTLV(h, a[0]));
1634 
1635 	if (a.length == 2) {
1636 	    var idxExt = _getIdxbyList(h, 0, [1, 0]);
1637 	    params.ext = _x509obj.getExtParamArray(_getTLV(h, idxExt));
1638 	}
1639 
1640 	return params;
1641     };
1642 
1643     /**
1644      * parse ASN.1 CertID of OCSP<br/>
1645      * @name getCertID
1646      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1647      * @function
1648      * @param {String} h hexadecimal string of CertID
1649      * @return JSON object of CertID parameter
1650      * @since jsrsasign 9.1.6 asn1ocsp 1.1.0
1651      *
1652      * @description
1653      * This method will parse a hexadecimal string of
1654      * CertID ASN.1 class is defined in 
1655      * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 
1656      * <pre>
1657      * CertID ::= SEQUENCE {
1658      *   hashAlgorithm   AlgorithmIdentifier,
1659      *   issuerNameHash  OCTET STRING, -- Hash of issuer's DN
1660      *   issuerKeyHash   OCTET STRING, -- Hash of issuer's public key
1661      *   serialNumber    CertificateSerialNumber }
1662      * </pre>
1663      *
1664      * @see KJUR.asn1.ocsp.OCSPParser#getRequest
1665      * @see KJUR.asn1.ocsp.OCSPParser#getSingleResponse
1666      * @see KJUR.asn1.ocsp.CertID
1667      *
1668      * @example
1669      * o = new KJUR.asn1.ocsp.OCSPParser();
1670      * o.getCertID("30...") →
1671      * { alg: "sha1"
1672      *   issname: "...hex...",
1673      *   isskey: "...hex...",
1674      *   sbjsn: "...hex..." }
1675      */
1676     this.getCertID = function(h) {
1677 	var a = _getChildIdx(h, 0);
1678 	if (a.length != 4) {
1679 	    throw new _Error("wrong number elements: " + a.length);
1680 	}
1681 	
1682 	var x = new _X509();
1683 	var result = {};
1684 	result.alg = x.getAlgorithmIdentifierName(_getTLV(h, a[0]));
1685 	result.issname = _getV(h, a[1]);
1686 	result.isskey = _getV(h, a[2]);
1687 	result.sbjsn = _getV(h, a[3]);
1688 	
1689 	return result;
1690     };
1691 
1692     /**
1693      * parse ASN.1 OCSPResponse of OCSP<br/>
1694      * @name getOCSPResponse
1695      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1696      * @function
1697      * @param {String} h hexadecimal string of OCSPResponse
1698      * @return JSON object of OCSResponse parameter
1699      * @since jsrsasign 10.4.0 asn1ocsp 1.1.5
1700      *
1701      * @description
1702      * This method will parse a hexadecimal string of
1703      * ASN.1 OCSPResponse defined in
1704      * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
1705      * <pre>
1706      * OCSPResponse ::= SEQUENCE {
1707      *    responseStatus         OCSPResponseStatus,
1708      *    responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
1709      * OCSPResponseStatus ::= ENUMERATED {
1710      *     successful            (0),  -- Response has valid confirmations
1711      *     malformedRequest      (1),  -- Illegal confirmation request
1712      *     internalError         (2),  -- Internal error in issuer
1713      *     tryLater              (3),  -- Try again later
1714      *                                 -- (4) is not used
1715      *     sigRequired           (5),  -- Must sign the request
1716      *     unauthorized          (6)   -- Request unauthorized }
1717      * </pre>
1718      *
1719      * @see KJUR.asn1.ocsp.OCSPParser#getResponseBytes
1720      * @see KJUR.asn1.ocsp.OCSPResponse
1721      *
1722      * @example
1723      * o = new KJUR.asn1.ocsp.OCSPParser();
1724      * o.getOCSPResponse("30..") →
1725      * { resstatus: 0,
1726      *   restype: "ocspBasic",
1727      *   respid: {key: "12ab"},
1728      *   prodat: "20200903235959Z",
1729      *   array: [{
1730      *     certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"},
1731      *     status: {status: "good"},
1732      *     thisupdate: "20200903235959Z" }],
1733      *   ext: [{extname: "ocspNonce", hex: "1234abcd"}],
1734      *   alg: "SHA256withRSA",
1735      *   sighex: "12ab",
1736      *   certs: ["3082...", "3082..."] }
1737      */
1738     this.getOCSPResponse = function(h) {
1739 	var a = _getChildIdx(h, 0);
1740 	var result;
1741 
1742 	var hStatusV = _getV(h, a[0]);
1743 	var iStatusV = parseInt(hStatusV);
1744 	
1745 	if (a.length == 1) return {resstatus: iStatusV};
1746 
1747 	var hResponseBytes = _getTLVbyList(h, 0, [1, 0]);
1748 	result = this.getResponseBytes(hResponseBytes);
1749 	result.resstatus = iStatusV;
1750 	
1751 	return result;
1752     };
1753 
1754     /**
1755      * parse ASN.1 ResponseBytes of OCSP<br/>
1756      * @name getResponseBytes
1757      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1758      * @function
1759      * @param {String} h hexadecimal string of ResponseBytes
1760      * @return JSON object of ResponseBytes parameter
1761      * @since jsrsasign 10.4.0 asn1ocsp 1.1.5
1762      *
1763      * @description
1764      * This method will parse a hexadecimal string of
1765      * ASN.1 ResponseBytes defined in
1766      * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
1767      * <pre>
1768      * ResponseBytes ::=       SEQUENCE {
1769      *     responseType   OBJECT IDENTIFIER,
1770      *     response       OCTET STRING }
1771      * id-pkix-ocsp           OBJECT IDENTIFIER ::= { id-ad-ocsp }
1772      * id-pkix-ocsp-basic     OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
1773      *
1774      * BasicOCSPResponse       ::= SEQUENCE {
1775      *    tbsResponseData      ResponseData,
1776      *    signatureAlgorithm   AlgorithmIdentifier,
1777      *    signature            BIT STRING,
1778      *    certs            [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
1779      * </pre>
1780      *
1781      * @see KJUR.asn1.ocsp.OCSPParser#getOCSPResponse
1782      * @see KJUR.asn1.ocsp.OCSPParser#getBasicOCSPResponse
1783      * @see KJUR.asn1.ocsp.ResponseBytes
1784      *
1785      * @example
1786      * o = new KJUR.asn1.ocsp.OCSPParser();
1787      * o.getResponseBytes("30..") →
1788      * { restype: "ocspBasic",
1789      *   ...<<BasicOCSPResponse properties...>>...
1790      */
1791     this.getResponseBytes = function(h) {
1792 	var a = _getChildIdx(h, 0);
1793 	var result;
1794 
1795 	var hBasicOCSPResponse = _getTLVbyList(h, 0, [1, 0]);
1796 	result = this.getBasicOCSPResponse(hBasicOCSPResponse);
1797 
1798 	var hResTypeV = _getV(h, a[0]);
1799 	result.restype = KJUR.asn1.x509.OID.oid2name(hextooid(hResTypeV));
1800 	
1801 	return result;
1802     };
1803 
1804     /**
1805      * parse ASN.1 BasicOCSPResponse of OCSP<br/>
1806      * @name getBasicOCSPResponse
1807      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1808      * @function
1809      * @param {String} h hexadecimal string of BasicOCSPResponse
1810      * @return JSON object of BasicOCSPResponse parameter
1811      * @since jsrsasign 10.4.0 asn1ocsp 1.1.5
1812      *
1813      * @description
1814      * This method will parse a hexadecimal string of
1815      * BasicOCSPResponse defined in 
1816      * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
1817      * <pre>
1818      * BasicOCSPResponse       ::= SEQUENCE {
1819      *    tbsResponseData      ResponseData,
1820      *    signatureAlgorithm   AlgorithmIdentifier,
1821      *    signature            BIT STRING,
1822      *    certs            [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
1823      * </pre>
1824      *
1825      * @see KJUR.asn1.ocsp.OCSPParser#getResponseBytes
1826      * @see KJUR.asn1.ocsp.OCSPParser#getResponseData
1827      * @see KJUR.asn1.ocsp.BasicOCSPResponse
1828      *
1829      * @example
1830      * o = new KJUR.asn1.ocsp.OCSPParser();
1831      * o.getBasicOCSPResponse("30..") →
1832      * { ...<<ResponseData properties...>>...
1833      *   sigalg: "SHA256withRSA",
1834      *   sighex: "12abcd...",
1835      *   certs: [<<PEMorHEXstringOfCert1>>,...] });
1836      */
1837     this.getBasicOCSPResponse = function(h) {
1838 	var a = _getChildIdx(h, 0);
1839 	var result;
1840 
1841 	result = this.getResponseData(_getTLV(h, a[0]));
1842 
1843 	var x = new X509();
1844 	result.alg = x.getAlgorithmIdentifierName(_getTLV(h, a[1]));
1845 
1846 	var hSigHex = _getV(h, a[2]);
1847 	result.sighex = hSigHex.substr(2);
1848 	
1849 	var hExt = _getVbyListEx(h, 0, ["[0]"]);
1850 	if (hExt != null) {
1851 	    var aCertIdx = _getChildIdx(hExt, 0);
1852 	    var aCert = [];
1853 	    for (var i = 0; i < aCertIdx.length; i++) {
1854 		var hCert = _getTLV(hExt, aCertIdx[i]);
1855 		aCert.push(hCert);
1856 	    }
1857 	    result.certs = aCert;
1858 	}
1859 
1860 	return result;
1861     };
1862 
1863     /**
1864      * parse ASN.1 ResponseData of OCSP<br/>
1865      * @name getResponseData
1866      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1867      * @function
1868      * @param {String} h hexadecimal string of ResponseData
1869      * @return JSON object of ResponseData parameter
1870      * @since jsrsasign 10.4.0 asn1ocsp 1.1.5
1871      *
1872      * @description
1873      * This method will parse a hexadecimal string of
1874      * ASN.1 ResponseData defined in
1875      * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
1876      * <pre>
1877      * ResponseData ::= SEQUENCE {
1878      *    version              [0] EXPLICIT Version DEFAULT v1,
1879      *    responderID              ResponderID,
1880      *    producedAt               GeneralizedTime,
1881      *    responses                SEQUENCE OF SingleResponse,
1882      *    responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
1883      * </pre>
1884      *
1885      * @see KJUR.asn1.ocsp.OCSPParser#getBasicOCSPResponse
1886      * @see KJUR.asn1.ocsp.OCSPParser#getSingleResponse
1887      * @see KJUR.asn1.ocsp.ResponseData
1888      *
1889      * @example
1890      * o = new KJUR.asn1.ocsp.OCSPParser();
1891      * o.getResponseData("30..") →
1892      * { respid: {key: "12ab..."},
1893      *   prodat: "20200903235959Z",
1894      *   array: [<<SingleResponse parameter1>>, ...],
1895      *   ext: [
1896      *     {extname:"ocspNonce",hex:"12ab..."}]}
1897      */
1898     this.getResponseData = function(h) {
1899 	var a = _getChildIdx(h, 0);
1900 	var alen = a.length;
1901 	var result = {};
1902 	var idx = 0;
1903 
1904 	// skip to relax interoperability even though explicit DEFAULT
1905 	if (h.substr(a[0], 2) == "a0") idx++;
1906 
1907 	result.respid = this.getResponderID(_getTLV(h, a[idx++]));
1908 	
1909 	var hProdAtV = _getV(h, a[idx++]);
1910 	result.prodat = hextoutf8(hProdAtV);
1911 	
1912 	result.array = this.getSingleResponseList(_getTLV(h, a[idx++]));
1913 
1914 	if (h.substr(a[alen - 1], 2) == "a1") {
1915 	    var hExt =  _getTLVbyList(h, a[alen - 1], [0]);
1916 	    var x = new X509();
1917 	    result.ext = x.getExtParamArray(hExt);
1918 	}
1919 
1920 	return result;
1921     };
1922 
1923     /**
1924      * parse ASN.1 ResponderID of OCSP<br/>
1925      * @name getResponderID
1926      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1927      * @function
1928      * @param {String} h hexadecimal string of ResponderID
1929      * @return JSON object of ResponderID parameter
1930      * @since jsrsasign 10.4.0 asn1ocsp 1.1.5
1931      * @see KJUR.asn1.ocsp.ResponderID
1932      *
1933      * @description
1934      * <pre>
1935      * ResponderID ::= CHOICE {
1936      *    byName               [1] Name,
1937      *    byKey                [2] KeyHash }
1938      * KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key
1939      *                             (excluding the tag and length fields)
1940      * </pre>
1941      *
1942      * @example
1943      * o = new KJUR.asn1.ocsp.OCSPParser();
1944      * o.getResponderID("a1..") → {name: {array: [[{type:"C",value:"JP",ds:"prn"}]...]}}
1945      * o.getResponderID("a2..") → {key: "12ab..."}
1946      */
1947     this.getResponderID = function(h) {
1948 	var result = {};
1949 
1950 	if (h.substr(0, 2) == "a2") {
1951 	    var hKeyV = _getVbyList(h, 0, [0]);
1952 	    result.key = hKeyV;
1953 	}
1954 	if (h.substr(0, 2) == "a1") {
1955 	    var hName = _getTLVbyList(h, 0, [0]);
1956 	    var x = new X509();
1957 	    result.name = x.getX500Name(hName);
1958 	}
1959 	
1960 	return result;
1961     };
1962 
1963     /**
1964      * parse ASN.1 SEQUENCE OF SingleResponse of OCSP<br/>
1965      * @name getSingleResponseList
1966      * @memberOf KJUR.asn1.ocsp.OCSPParser#
1967      * @function
1968      * @param {String} h hexadecimal string of SEQUENCE OF SingleResponse
1969      * @return array of SingleResponse parameter JSON object
1970      * @since jsrsasign 10.4.0 asn1ocsp 1.1.5
1971      *
1972      * @description
1973      * This method will parse a hexadecimal string of
1974      * ASN.1 class of SEQUENCE OF SingleResponse is defined in 
1975      * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
1976      * <pre>
1977      * ResponseData ::= SEQUENCE {
1978      *    version              [0] EXPLICIT Version DEFAULT v1,
1979      *    responderID              ResponderID,
1980      *    producedAt               GeneralizedTime,
1981      *    responses                SEQUENCE OF SingleResponse,
1982      *    responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
1983      * SingleResponse ::= SEQUENCE {
1984      *    certID                       CertID,
1985      *    certStatus                   CertStatus,
1986      *    thisUpdate                   GeneralizedTime,
1987      *    nextUpdate         [0]       EXPLICIT GeneralizedTime OPTIONAL,
1988      *    singleExtensions   [1]       EXPLICIT Extensions OPTIONAL }
1989      * </pre>
1990      *
1991      * @see KJUR.asn1.ocsp.OCSPParse#getResponseData
1992      * @see KJUR.asn1.ocsp.OCSPParse#getSingleResponse
1993      * @see KJUR.asn1.ocsp.OCSPParse#getCertID
1994      * @see KJUR.asn1.ocsp.SingleResponseList
1995      *
1996      * @example
1997      * o = new KJUR.asn1.ocsp.OCSPParser();
1998      * o.getSingleResponseList("30..") →
1999      * [{ certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"},
2000      *    status: {status: "good"},
2001      *    thisupdate: "20200903235959Z",
2002      *    nextupdate: "20200913235959Z",
2003      *    ext: [<<Extension parameters>>...] }]
2004      */
2005     this.getSingleResponseList = function(h) {
2006 	var a = _getChildIdx(h, 0);
2007 	var result = [];
2008 
2009 	for (var i = 0; i < a.length; i++) {
2010 	    var p = this.getSingleResponse(_getTLV(h, a[i]));
2011 	    result.push(p);
2012 	}
2013 	return result;
2014     };
2015 
2016     /**
2017      * parse ASN.1 SingleResponse of OCSP<br/>
2018      * @name getSingleResponse
2019      * @memberOf KJUR.asn1.ocsp.OCSPParser#
2020      * @function
2021      * @param {String} h hexadecimal string of SingleResponse
2022      * @return JSON object of SingleResponse parameter
2023      * @since jsrsasign 10.4.0 asn1ocsp 1.1.5
2024      *
2025      * @description
2026      * This method will parse a hexadecimal string of
2027      * ASN.1 class of SingleResponse is defined in 
2028      * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 
2029      * <pre>
2030      * SingleResponse ::= SEQUENCE {
2031      *    certID                       CertID,
2032      *    certStatus                   CertStatus,
2033      *    thisUpdate                   GeneralizedTime,
2034      *    nextUpdate         [0]       EXPLICIT GeneralizedTime OPTIONAL,
2035      *    singleExtensions   [1]       EXPLICIT Extensions OPTIONAL }
2036      * </pre>
2037      *
2038      * @see KJUR.asn1.ocsp.OCSPParse#getSingleResponseList
2039      * @see KJUR.asn1.ocsp.OCSPParse#getCertID
2040      * @see KJUR.asn1.ocsp.SingleResponse
2041      *
2042      * @example
2043      * o = new KJUR.asn1.ocsp.OCSPParser();
2044      * o.getSingleResponse("30..") →
2045      * { certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"},
2046      *   status: {status: "good"},
2047      *   thisupdate: "20200903235959Z",
2048      *   nextupdate: "20200913235959Z",
2049      *   ext: [<<Extension parameters>>...] }
2050      */
2051     this.getSingleResponse = function(h) {
2052 	var a = _getChildIdx(h, 0);
2053 	var result = {};
2054 
2055 	// 1. CertID
2056 	var pCertID = this.getCertID(_getTLV(h, a[0]));
2057 	result.certid = pCertID;
2058 
2059 	// 2. CertStatus
2060 	var pCertStatus = this.getCertStatus(_getTLV(h, a[1]));
2061 	result.status = pCertStatus;
2062 
2063 	// 3. ThisUpdate(GeneralizedTime)
2064 	if (h.substr(a[2], 2) == "18") {
2065 	    var hThisUpdateV = _getV(h, a[2]);
2066 	    result.thisupdate = hextoutf8(hThisUpdateV);
2067 	}
2068 	
2069 	// 4. OPTIONAL(nextUpdate, singleExtensions)
2070 	for (var i = 3; i < a.length; i++) {
2071 	    if (h.substr(a[i], 2) == "a0") { // nextUpdate
2072 		var hNextUpdateV = _getVbyList(h, a[i], [0], "18");
2073 		result.nextupdate = hextoutf8(hNextUpdateV);
2074 	    }
2075 	    if (h.substr(a[i], 2) == "a1") { // singleExtensions
2076 		var x = new X509();
2077 		var hExt = _getTLVbyList(h, 0, [i, 0]);
2078 		result.ext = x.getExtParamArray(hExt);
2079 	    }
2080 	}
2081 
2082 	return result;
2083     };
2084 
2085     /**
2086      * parse ASN.1 CertStatus of OCSP<br/>
2087      * @name getCertStatus
2088      * @memberOf KJUR.asn1.ocsp.OCSPParser#
2089      * @function
2090      * @param {String} h hexadecimal string of CertStatus
2091      * @return JSON object of CertStatus parameter
2092      * @since jsrsasign 10.4.0 asn1ocsp 1.1.5
2093      * @see KJUR.asn1.ocsp.CertStatus
2094      *
2095      * @description
2096      * <pre>
2097      * CertStatus ::= CHOICE {
2098      *     good        [0]     IMPLICIT NULL,
2099      *     revoked     [1]     IMPLICIT RevokedInfo,
2100      *     unknown     [2]     IMPLICIT UnknownInfo }
2101      * RevokedInfo ::= SEQUENCE {
2102      *     revocationTime              GeneralizedTime,
2103      *     revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
2104      * UnknownInfo ::= NULL
2105      * </pre>
2106      * NOTE: Currently revocationReason not supported.
2107      *
2108      * @example
2109      * o = new KJUR.asn1.ocsp.OCSPParser();
2110      * o.getCertStatus("8000") → {status: "good"}
2111      * o.getCertStatus("8200") → {status: "unknown"}
2112      * o.getCertStatus("a1..") → {status: "revoked", time: "2021...Z"}
2113      */
2114     this.getCertStatus = function(h) {
2115 	var result = {};
2116 	if (h == "8000") return {status: "good"};
2117 	if (h == "8200") return {status: "unknown"};
2118 	if (h.substr(0, 2) == "a1") {
2119 	    result.status = "revoked";
2120 	    var hTime = _getVbyList(h, 0, [0]);
2121 	    var sTime = hextoutf8(hTime);
2122 	    result.time = sTime;
2123 	}
2124 	return result;
2125     };
2126 };
2127 
2128