1 /* asn1ocsp-1.1.5.js (c) 2016-2021 Kenji Urushima | kjur.github.io/jsrsasign/license 2 */ 3 /* 4 * asn1ocsp.js - ASN.1 DER encoder classes for OCSP protocol 5 * 6 * Copyright (c) 2016-2021 Kenji Urushima (kenji.urushima@gmail.com) 7 * 8 * This software is licensed under the terms of the MIT License. 9 * https://kjur.github.io/jsrsasign/license 10 * 11 * The above copyright and license notice shall be 12 * included in all copies or substantial portions of the Software. 13 */ 14 15 /** 16 * @fileOverview 17 * @name asn1ocsp-1.0.js 18 * @author Kenji Urushima kenji.urushima@gmail.com 19 * @version jsrsasign 10.4.0 asn1ocsp 1.1.5 (2021-Aug-17) 20 * @since jsrsasign 6.1.0 21 * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a> 22 */ 23 24 if (typeof KJUR == "undefined" || !KJUR) KJUR = {}; 25 if (typeof KJUR.asn1 == "undefined" || !KJUR.asn1) KJUR.asn1 = {}; 26 27 /** 28 * ASN.1 classes for OCSP protocol<br/> 29 * <p> 30 * This name space provides 31 * <a href="https://tools.ietf.org/html/rfc6960">RFC 6960 32 * Online Certificate Status Protocol (OCSP)</a> ASN.1 request and response generator. 33 * 34 * <h4>FEATURES</h4> 35 * <ul> 36 * <li>easily generate OCSP data by JSON object</li> 37 * </ul> 38 * 39 * <h4>OCSP Response Encoder Classes</h4> 40 * <ul> 41 * <li>{@link KJUR.asn1.ocsp.OCSPResponse}</li> 42 * <li>{@link KJUR.asn1.ocsp.ResponseBytes}</li> 43 * <li>{@link KJUR.asn1.ocsp.BasicOCSPResponse}</li> 44 * <li>{@link KJUR.asn1.ocsp.ResponseData}</li> 45 * <li>{@link KJUR.asn1.ocsp.ResponderID}</li> 46 * <li>{@link KJUR.asn1.ocsp.SingleResponseList}</li> 47 * <li>{@link KJUR.asn1.ocsp.SingleResponse}</li> 48 * <li>{@link KJUR.asn1.ocsp.CertID}</li> 49 * <li>{@link KJUR.asn1.ocsp.CertStatus}</li> 50 * </ul> 51 * 52 * <h4>OCSP Request Encoder Classes</h4> 53 * <ul> 54 * <li>{@link KJUR.asn1.ocsp.OCSPRequest}</li> 55 * <li>{@link KJUR.asn1.ocsp.TBSRequest}</li> 56 * <li>{@link KJUR.asn1.ocsp.Request}</li> 57 * <li>{@link KJUR.asn1.ocsp.CertID}</li> 58 * </ul> 59 * 60 * <h4>OCSP Utility classes</h4> 61 * <ul> 62 * <li>{@link KJUR.asn1.ocsp.OCSPUtil} - simple request parser</li> 63 * <li>{@link KJUR.asn1.ocsp.OCSPParser} - request parser</li> 64 * </ul> 65 * </p> 66 * @name KJUR.asn1.ocsp 67 * @namespace 68 */ 69 if (typeof KJUR.asn1.ocsp == "undefined" || !KJUR.asn1.ocsp) KJUR.asn1.ocsp = {}; 70 71 KJUR.asn1.ocsp.DEFAULT_HASH = "sha1"; 72 73 /** 74 * OCSPResponse ASN.1 class encoder<br/> 75 * @name KJUR.asn1.ocsp.OCSPResponse 76 * @class OCSPResponse ASN.1 class encoder 77 * @param {Array} params JSON object of constructor parameters 78 * @extends KJUR.asn1.ASN1Object 79 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 80 * @see KJUR.asn1.ocsp.ResponseBytes 81 * 82 * @description 83 * OCSPResponse ASN.1 class is defined in 84 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 85 * <pre> 86 * OCSPResponse ::= SEQUENCE { 87 * responseStatus OCSPResponseStatus, 88 * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } 89 * OCSPResponseStatus ::= ENUMERATED { 90 * successful (0), -- Response has valid confirmations 91 * malformedRequest (1), -- Illegal confirmation request 92 * internalError (2), -- Internal error in issuer 93 * tryLater (3), -- Try again later 94 * -- (4) is not used 95 * sigRequired (5), -- Must sign the request 96 * unauthorized (6) -- Request unauthorized 97 * } 98 * </pre> 99 * This constructor accepts all parameter of 100 * {@link KJUR.asn1.ocsp.ResponseBytes} for "successful" response. 101 * Further more following property is needed: 102 * <ul> 103 * <li>{Number or String}resstats - responseStatus value by 104 * a number or name. (ex. 2, "internalError")</li> 105 * </ul> 106 * 107 * @example 108 * // default constructor for "successful" 109 * o = new KJUR.asn1.ocsp.OCSPResponse({ 110 * resstatus: "successful", 111 * <<ResponseBytes parameters>> 112 * }); 113 * // constructor for error 114 * new KJUR.asn1.ocsp.OCSPRequest({resstatus: 1}) 115 * new KJUR.asn1.ocsp.OCSPRequest({resstatus: "unauthorized"}) 116 */ 117 KJUR.asn1.ocsp.OCSPResponse = function(params) { 118 KJUR.asn1.ocsp.OCSPResponse.superclass.constructor.call(this); 119 120 var _DEREnumerated = KJUR.asn1.DEREnumerated, 121 _newObject = KJUR.asn1.ASN1Util.newObject, 122 _ResponseBytes = KJUR.asn1.ocsp.ResponseBytes; 123 124 var _aSTATUSNAME = ["successful", "malformedRequest", "internalError", 125 "tryLater", "_not_used_", "sigRequired", "unauthorized"]; 126 127 this.params = null; 128 129 this._getStatusCode = function() { 130 var code = this.params.resstatus; 131 if (typeof code == "number") return code; 132 if (typeof code != "string") return -1; 133 return _aSTATUSNAME.indexOf(code); 134 }; 135 136 this.setByParam = function(params) { 137 this.params = params; 138 }; 139 140 this.getEncodedHex = function() { 141 var params = this.params; 142 143 var code = this._getStatusCode(); 144 if (code == -1) { 145 throw new Error("responseStatus not supported: " + 146 params.resstatus); 147 } 148 149 if (code != 0) { 150 return _newObject({seq: [{'enum': {'int': code}}]}).getEncodedHex(); 151 } 152 153 var dResBytes = new _ResponseBytes(params); 154 return _newObject({seq: [ 155 {'enum': {'int': 0}}, 156 {tag: {tag: "a0", explicit: true, obj: dResBytes}} 157 ]}).getEncodedHex(); 158 }; 159 160 if (params !== undefined) this.setByParam(params); 161 }; 162 extendClass(KJUR.asn1.ocsp.OCSPResponse, KJUR.asn1.ASN1Object); 163 164 /** 165 * ResponseBytes ASN.1 class encoder<br/> 166 * @name KJUR.asn1.ocsp.ResponseBytes 167 * @class ResponseBytes ASN.1 class encoder 168 * @param {Array} params JSON object of constructor parameters 169 * @extends KJUR.asn1.ASN1Object 170 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 171 * @see KJUR.asn1.ocsp.OCSPResponse 172 * @see KJUR.asn1.ocsp.BasicOCSPResponse 173 * 174 * @description 175 * OCSPResponse ASN.1 class is defined in 176 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 177 * <pre> 178 * ResponseBytes ::= SEQUENCE { 179 * responseType OBJECT IDENTIFIER, 180 * response OCTET STRING } 181 * id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp } 182 * id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 } 183 * </pre> 184 * This constructor accepts all parameter of 185 * {@link KJUR.asn1.ocsp.BasicOCSPResponse}. 186 * Further more following property is needed: 187 * <ul> 188 * <li>{String}restype - only "ocspBasic" can be available</li> 189 * </ul> 190 * 191 * @example 192 * o = new KJUR.asn1.ocsp.ResponseBytes({ 193 * restype: "ocspBasic", 194 * // BasicOCSPResponse properties shall be specified 195 * }); 196 */ 197 KJUR.asn1.ocsp.ResponseBytes = function(params) { 198 KJUR.asn1.ocsp.ResponseBytes.superclass.constructor.call(this); 199 200 var _KJUR_asn1 = KJUR.asn1, 201 _DERSequence = _KJUR_asn1.DERSequence, 202 _DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier, 203 _DEROctetString = _KJUR_asn1.DEROctetString, 204 _BasicOCSPResponse = _KJUR_asn1.ocsp.BasicOCSPResponse; 205 206 this.params = null; 207 208 this.setByParam = function(params) { 209 this.params = params; 210 }; 211 212 this.getEncodedHex = function() { 213 var params = this.params; 214 215 if (params.restype != "ocspBasic") { 216 throw new Error("not supported responseType: " + params.restype); 217 } 218 219 var dBasic = new _BasicOCSPResponse(params); 220 221 var a = []; 222 a.push(new _DERObjectIdentifier({name: "ocspBasic"})); 223 a.push(new _DEROctetString({hex: dBasic.getEncodedHex()})); 224 225 var seq = new _DERSequence({array: a}); 226 return seq.getEncodedHex(); 227 }; 228 229 if (params !== undefined) this.setByParam(params); 230 }; 231 extendClass(KJUR.asn1.ocsp.ResponseBytes, KJUR.asn1.ASN1Object); 232 233 /** 234 * BasicOCSPResponse ASN.1 class encoder<br/> 235 * @name KJUR.asn1.ocsp.BasicOCSPResponse 236 * @class BasicOCSPResponse ASN.1 class encoder 237 * @param {Array} params JSON object of constructor parameters 238 * @extends KJUR.asn1.ASN1Object 239 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 240 * @see KJUR.asn1.ocsp.OCSPResponse 241 * @see KJUR.asn1.ocsp.ResponseBytes 242 * @see KJUR.asn1.ocsp.BasicOCSPResponse 243 * @see KJUR.asn1.ocsp.ResponseData 244 * 245 * @description 246 * OCSPResponse ASN.1 class is defined in 247 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 248 * <pre> 249 * BasicOCSPResponse ::= SEQUENCE { 250 * tbsResponseData ResponseData, 251 * signatureAlgorithm AlgorithmIdentifier, 252 * signature BIT STRING, 253 * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 254 * </pre> 255 * This constructor accepts all parameter of 256 * {@link KJUR.asn1.ocsp.ResponseData}. 257 * Further more following properties are available: 258 * <ul> 259 * <li>{ASN1Object}tbsresp (OPTION) - {@link KJUR.asn1.ASN1Object} or its 260 * sub class object for tbsReponseData, 261 * genelally {@link KJUR.asn1.ocsp.ResponseData}. 262 * When "tbsresp" not specified, tbsresp will be set by 263 * other parameters internally.</li> 264 * <li>{String}sigalg - signatureAlgrithm name (ex. "SHA256withRSA")</li> 265 * <li>{Object}reskey (OPTION) - specifies OCSP response signing private key. 266 * Parameter "reskey" or "sighex" shall be specified. 267 * Following values can be specified: 268 * <ul> 269 * <li>PKCS#1/5 or PKCS#8 PEM string of private key</li> 270 * <li>RSAKey/DSA/ECDSA key object. {@link KEYUTIL.getKey} is useful 271 * to generate a key object.</li> 272 * </ul> 273 * </li> 274 * <li>{String}sighex (OPTION) - hexadecimal string of signature value 275 * (i.e. ASN.1 value(V) of signatureValue BIT STRING without 276 * unused bits)</li> 277 * <li>{Array}certs (OPTION) - array of PEM or hexadecimal string of 278 * certificate such as OCSP responder certificate</li> 279 * </ul> 280 * 281 * @example 282 * // response data will be signed by "reskey" 283 * new KJUR.asn1.ocsp.BasicOCSPResponse({ 284 * ...<<ResponseData properties...>>... 285 * sigalg: "SHA256withRSA", 286 * reskey: <<OCSP Responder private key PEM or object>>, 287 * certs: [<<PEMorHEXstringOfCert1>>,...] }); 288 * 289 * // explicitly specify "signature" by "sighex" 290 * new KJUR.asn1.ocsp.BasicOCSPResponse({ 291 * ...<<ResponseData properties...>>... 292 * sigalg: "SHA256withRSA", 293 * sighex: "12abcd...", 294 * certs: [<<PEMorHEXstringOfCert1>>,...] }); 295 * 296 * // explicitly specify "tbsResponseData" and sign 297 * new KJUR.asn1.ocsp.BasicOCSPResponse({ 298 * { tbsresp: <<subclass of ASN1Object>>, 299 * sigalg: "SHA256withRSA", 300 * reskey: <<OCSP Responder private key PEM or object>>, 301 * certs: [<<PEMorHEXstringOfCert1>>,...] } 302 */ 303 KJUR.asn1.ocsp.BasicOCSPResponse = function(params) { 304 KJUR.asn1.ocsp.BasicOCSPResponse.superclass.constructor.call(this); 305 306 var _Error = Error, 307 _KJUR_asn1 = KJUR.asn1, 308 _ASN1Object = _KJUR_asn1.ASN1Object, 309 _DERSequence = _KJUR_asn1.DERSequence, 310 _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime, 311 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 312 _DERBitString = _KJUR_asn1.DERBitString, 313 _Extensions = _KJUR_asn1.x509.Extensions, 314 _AlgorithmIdentifier = _KJUR_asn1.x509.AlgorithmIdentifier, 315 _KJUR_asn1_ocsp = _KJUR_asn1.ocsp, 316 _ResponderID = _KJUR_asn1_ocsp.ResponderID; 317 _SingleResponseList = _KJUR_asn1_ocsp.SingleResponseList, 318 _ResponseData = _KJUR_asn1_ocsp.ResponseData; 319 320 this.params = null; 321 322 this.setByParam = function(params) { 323 this.params = params; 324 }; 325 326 this.sign = function() { 327 var params = this.params; 328 var hTBS = params.tbsresp.getEncodedHex(); 329 var sig = new KJUR.crypto.Signature({alg: params.sigalg}); 330 sig.init(params.reskey); 331 sig.updateHex(hTBS); 332 params.sighex = sig.sign(); 333 }; 334 335 this.getEncodedHex = function() { 336 var params = this.params; 337 338 if (params.tbsresp == undefined) { 339 params.tbsresp = new _ResponseData(params); 340 } 341 342 if (params.sighex == undefined && params.reskey != undefined) { 343 this.sign(); 344 } 345 346 var a = []; 347 a.push(params.tbsresp); 348 a.push(new _AlgorithmIdentifier({name: params.sigalg})); 349 a.push(new _DERBitString({hex: "00" + params.sighex})); 350 351 if (params.certs != undefined && 352 params.certs.length != undefined) { 353 var aCert = []; 354 for (var i = 0; i < params.certs.length; i++) { 355 var sCert = params.certs[i]; 356 var hCert = null; 357 if (ASN1HEX.isASN1HEX(sCert)) { 358 hCert = sCert; 359 } else if (sCert.match(/-----BEGIN/)) { 360 hCert = pemtohex(sCert); 361 } else { 362 throw new _Error("certs[" + i + "] not hex or PEM"); 363 } 364 aCert.push(new _ASN1Object({tlv: hCert})); 365 } 366 var seqCert = new _DERSequence({array: aCert}); 367 a.push(new _DERTaggedObject({tag:'a0',explicit:true,obj:seqCert})); 368 } 369 370 var seq = new _DERSequence({array: a}); 371 return seq.getEncodedHex(); 372 }; 373 374 if (params !== undefined) this.setByParam(params); 375 }; 376 extendClass(KJUR.asn1.ocsp.BasicOCSPResponse, KJUR.asn1.ASN1Object); 377 378 /** 379 * ResponseData ASN.1 class encoder<br/> 380 * @name KJUR.asn1.ocsp.ResponseData 381 * @class ResponseData ASN.1 class encoder 382 * @param {Array} params JSON object of constructor parameters 383 * @extends KJUR.asn1.ASN1Object 384 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 385 * @see KJUR.asn1.ocsp.OCSPResponse 386 * @see KJUR.asn1.ocsp.ResponseBytes 387 * @see KJUR.asn1.ocsp.BasicOCSPResponse 388 * @see KJUR.asn1.ocsp.ResponseData 389 * @see KJUR.asn1.ocsp.SingleResponse 390 * @see KJUR.asn1.x509.Extensions 391 * @see KJUR.asn1.DERGeneralizedTime 392 * 393 * @description 394 * ResponseData ASN.1 class is defined in 395 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 396 * <pre> 397 * ResponseData ::= SEQUENCE { 398 * version [0] EXPLICIT Version DEFAULT v1, 399 * responderID ResponderID, 400 * producedAt GeneralizedTime, 401 * responses SEQUENCE OF SingleResponse, 402 * responseExtensions [1] EXPLICIT Extensions OPTIONAL } 403 * </pre> 404 * Following properties are available: 405 * <ul> 406 * <li>{Array}respid - JSON object of {@link KJUR.asn1.ocsp.ResponseID} parameter 407 * for "responderID"</li> 408 * <li>{Object}prodat - string or JSON parameter of 409 * {@link KJUR.asn1.DERGeneralizedTime} (ex. "20200904235959Z")</li> 410 * <li>{Array}responses - array of {@link KJUR.asn1.ocsp.SingleResponse} 411 * parameters</li> 412 * <li>{Array}ext (OPTION) - array of extension parameters 413 * for "responseExtensions".</li> 414 * </ul> 415 * 416 * @example 417 * new KJUR.asn1.ocsp.ResponseData({ 418 * respid: {key: "12ab..."}, 419 * prodat: "20200903235959Z", 420 * array: [ 421 * <<SingleResponse parameter1>>, ... 422 * ], 423 * ext: [{extname:"ocspNonce",hex:"12ab..."}] 424 * }); 425 */ 426 KJUR.asn1.ocsp.ResponseData = function(params) { 427 KJUR.asn1.ocsp.ResponseData.superclass.constructor.call(this); 428 429 var _Error = Error, 430 _KJUR_asn1 = KJUR.asn1, 431 _DERSequence = _KJUR_asn1.DERSequence, 432 _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime, 433 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 434 _Extensions = _KJUR_asn1.x509.Extensions, 435 _KJUR_asn1_ocsp = _KJUR_asn1.ocsp, 436 _ResponderID = _KJUR_asn1_ocsp.ResponderID; 437 _SingleResponseList = _KJUR_asn1_ocsp.SingleResponseList; 438 439 this.params = null; 440 441 this.getEncodedHex = function() { 442 var params = this.params; 443 if (params.respid != undefined) new _Error("respid not specified"); 444 if (params.prodat != undefined) new _Error("prodat not specified"); 445 if (params.array != undefined) new _Error("array not specified"); 446 447 var a = []; 448 a.push(new _ResponderID(params.respid)); 449 a.push(new _DERGeneralizedTime(params.prodat)); 450 a.push(new _SingleResponseList(params.array)); 451 452 if (params.ext != undefined) { 453 var dExt = new _Extensions(params.ext); 454 a.push(new _DERTaggedObject({tag:'a1', explicit:true, obj:dExt})); 455 } 456 457 var seq = new _DERSequence({array: a}); 458 return seq.getEncodedHex(); 459 }; 460 461 this.setByParam = function(params) { 462 this.params = params; 463 }; 464 465 if (params !== undefined) this.setByParam(params); 466 }; 467 extendClass(KJUR.asn1.ocsp.ResponseData, KJUR.asn1.ASN1Object); 468 469 /** 470 * ResponderID ASN.1 class encoder<br/> 471 * @name KJUR.asn1.ocsp.ResponderID 472 * @class ResponderID ASN.1 class encoder 473 * @param {Array} params JSON object of constructor parameters 474 * @extends KJUR.asn1.ASN1Object 475 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 476 * @see KJUR.asn1.ocsp.OCSPResponse 477 * @see KJUR.asn1.ocsp.ResponseBytes 478 * @see KJUR.asn1.ocsp.BasicOCSPResponse 479 * @see KJUR.asn1.ocsp.ResponseData 480 * 481 * @description 482 * ResponderID ASN.1 class is defined in 483 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 484 * <pre> 485 * ResponderID ::= CHOICE { 486 * byName [1] Name, 487 * byKey [2] KeyHash } 488 * KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key 489 * (excluding the tag and length fields) 490 * </pre> 491 * Following properties are available: 492 * <ul> 493 * <li>{Array}name (OPTION) - JSON object of {@link KJUR.asn1.x509.X500Name} parameter 494 * for "byName"</li> 495 * <li>{String}key (OPTION) - hexadecimal string of KeyHash value</li> 496 * </ul> 497 * 498 * @example 499 * new KJUR.asn1.ocsp.ResponderID({name: {str: "/C=JP/O=Resp"}}) 500 * new KJUR.asn1.ocsp.ResponderID({name: {array: [[{type:"C",value:"JP",ds:"prn"}]...]}}) 501 * new KJUR.asn1.ocsp.ResponderID({key: "12ab..."}) 502 */ 503 KJUR.asn1.ocsp.ResponderID = function(params) { 504 KJUR.asn1.ocsp.ResponderID.superclass.constructor.call(this); 505 var _KJUR_asn1 = KJUR.asn1, 506 _newObject = _KJUR_asn1.ASN1Util.newObject, 507 _X500Name = _KJUR_asn1.x509.X500Name; 508 509 this.params = null; 510 511 this.getEncodedHex = function() { 512 var params = this.params; 513 if (params.key != undefined) { 514 var dTag = _newObject({tag: {tag:"a2", 515 explicit:true, 516 obj:{octstr:{hex:params.key}}}}); 517 return dTag.getEncodedHex(); 518 } else if (params.name != undefined) { 519 var dTag = _newObject({tag: {tag:"a1", 520 explicit:true, 521 obj:new _X500Name(params.name)}}); 522 return dTag.getEncodedHex(); 523 } 524 throw new Error("key or name not specified"); 525 }; 526 527 this.setByParam = function(params) { 528 this.params = params; 529 }; 530 531 if (params !== undefined) this.setByParam(params); 532 }; 533 extendClass(KJUR.asn1.ocsp.ResponderID, KJUR.asn1.ASN1Object); 534 535 /** 536 * ASN.1 class encoder for SEQUENCE OF SingleResponse<br/> 537 * @name KJUR.asn1.ocsp.SingleResponseList 538 * @class ASN.1 class encoder for SEQUENCE OF SingleResponse 539 * @param {Array} params array of JSON object for SingleResponse parameters 540 * @extends KJUR.asn1.ASN1Object 541 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 542 * @see KJUR.asn1.ocsp.OCSPResponse 543 * @see KJUR.asn1.ocsp.ResponseBytes 544 * @see KJUR.asn1.ocsp.BasicOCSPResponse 545 * @see KJUR.asn1.ocsp.ResponseData 546 * @see KJUR.asn1.ocsp.SingleResponse 547 * 548 * @description 549 * ASN.1 class of SEQUENCE OF SingleResponse is defined in 550 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 551 * <pre> 552 * ResponseData ::= SEQUENCE { 553 * version [0] EXPLICIT Version DEFAULT v1, 554 * responderID ResponderID, 555 * producedAt GeneralizedTime, 556 * responses SEQUENCE OF SingleResponse, 557 * responseExtensions [1] EXPLICIT Extensions OPTIONAL } 558 * SingleResponse ::= SEQUENCE { 559 * certID CertID, 560 * certStatus CertStatus, 561 * thisUpdate GeneralizedTime, 562 * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, 563 * singleExtensions [1] EXPLICIT Extensions OPTIONAL } 564 * </pre> 565 * Following properties are available: 566 * <ul> 567 * <li>{Array}name (OPTION) - JSON object of {@link KJUR.asn1.x509.X500Name} parameter 568 * for "byName"</li> 569 * <li>{String}key (OPTION) - hexadecimal string of KeyHash value</li> 570 * </ul> 571 * 572 * @example 573 * new KJUR.asn1.ocsp.SingleResponseList([{ 574 * certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"}, 575 * status: {status: "good"}, 576 * thisupdate: "20200903235959Z" 577 * },{ 578 * certid: {alg:"sha1",issname:"24ab",isskey:"24ab",sbjsn:"24ab"}, 579 * status: {status: "good"}, 580 * thisupdate: "20200904235959Z" 581 * ]) 582 */ 583 KJUR.asn1.ocsp.SingleResponseList = function(params) { 584 KJUR.asn1.ocsp.SingleResponseList.superclass.constructor.call(this); 585 586 var _KJUR_asn1 = KJUR.asn1, 587 _DERSequence = _KJUR_asn1.DERSequence, 588 _SingleResponse = _KJUR_asn1.ocsp.SingleResponse; 589 590 this.params = null; 591 592 this.getEncodedHex = function() { 593 var params = this.params; 594 595 if (typeof params != "object" || params.length == undefined) { 596 throw new Error("params not specified properly"); 597 } 598 599 var a = []; 600 for (var i = 0; i < params.length; i++) { 601 a.push(new _SingleResponse(params[i])); 602 } 603 604 var seq = new _DERSequence({array: a}); 605 return seq.getEncodedHex(); 606 }; 607 608 this.setByParam = function(params) { 609 this.params = params; 610 }; 611 612 if (params !== undefined) this.setByParam(params); 613 }; 614 extendClass(KJUR.asn1.ocsp.SingleResponseList, KJUR.asn1.ASN1Object); 615 616 /** 617 * SingleResponse ASN.1 class encoder<br/> 618 * @name KJUR.asn1.ocsp.SingleResponse 619 * @class SingleResponse ASN.1 class encoder 620 * @param {Array} params JSON object for SingleResponse parameter 621 * @extends KJUR.asn1.ASN1Object 622 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 623 * @see KJUR.asn1.ocsp.OCSPResponse 624 * @see KJUR.asn1.ocsp.ResponseBytes 625 * @see KJUR.asn1.ocsp.BasicOCSPResponse 626 * @see KJUR.asn1.ocsp.ResponseData 627 * @see KJUR.asn1.ocsp.SingleResponse 628 * @see KJUR.asn1.ocsp.CertID 629 * @see KJUR.asn1.ocsp.CertStatus 630 * 631 * @description 632 * ASN.1 class of SEQUENCE OF SingleResponse is defined in 633 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 634 * <pre> 635 * SingleResponse ::= SEQUENCE { 636 * certID CertID, 637 * certStatus CertStatus, 638 * thisUpdate GeneralizedTime, 639 * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, 640 * singleExtensions [1] EXPLICIT Extensions OPTIONAL } 641 * </pre> 642 * Following properties are available: 643 * <ul> 644 * <li>{Array}certid - JSON object of {@link KJUR.asn1.ocsp.CertID} parameter</li> 645 * <li>{Array}status - JSON object of {@link KJUR.asn1.ocsp.CertStatus} parameter</li> 646 * <li>{Object}thisupdate - {@link KJUR.asn1.DERGeneralizedTime} parameter 647 * for "thisUpdate"</li> 648 * <li>{Object}nextupdate (OPTION) - {@link KJUR.asn1.DERGeneralizedTime} parameter 649 * for "nextUpdate"</li> 650 * <li>{Array}ext (OPTION) - array of JSON object 651 * {@link KJUR.asn1.x509.Extension} sub class parameter for 652 * "singleExtensions"</li> 653 * </ul> 654 * 655 * @example 656 * new KJUR.asn1.ocsp.SingleResponse({ 657 * certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"}, 658 * status: {status: "good"}, 659 * thisupdate: "20200903235959Z", 660 * nextupdate: "20200913235959Z", 661 * ext: [<<Extension parameters>>...] 662 * }) 663 */ 664 KJUR.asn1.ocsp.SingleResponse = function(params) { 665 var _Error = Error, 666 _KJUR = KJUR, 667 _KJUR_asn1 = _KJUR.asn1, 668 _DERSequence = _KJUR_asn1.DERSequence, 669 _DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime, 670 _DERTaggedObject = _KJUR_asn1.DERTaggedObject, 671 _KJUR_asn1_ocsp = _KJUR_asn1.ocsp, 672 _CertID = _KJUR_asn1_ocsp.CertID, 673 _CertStatus = _KJUR_asn1_ocsp.CertStatus, 674 _KJUR_asn1_x509 = _KJUR_asn1.x509, 675 _Extensions = _KJUR_asn1_x509.Extensions; 676 677 _KJUR_asn1_ocsp.SingleResponse.superclass.constructor.call(this); 678 679 this.params = null; 680 681 this.getEncodedHex = function() { 682 var params = this.params; 683 var a = []; 684 685 if (params.certid == undefined) throw new _Error("certid unspecified"); 686 if (params.status == undefined) throw new _Error("status unspecified"); 687 if (params.thisupdate == undefined) throw new _Error("thisupdate unspecified"); 688 689 a.push(new _CertID(params.certid)); 690 a.push(new _CertStatus(params.status)); 691 a.push(new _DERGeneralizedTime(params.thisupdate)); 692 693 if (params.nextupdate != undefined) { 694 var dTime = new _DERGeneralizedTime(params.nextupdate); 695 a.push(new _DERTaggedObject({tag:'a0', explicit:true, obj:dTime})); 696 } 697 698 if (params.ext != undefined) { 699 var dExt = new _Extensions(params.ext); 700 a.push(new _DERTaggedObject({tag:'a1', explicit:true, obj:dExt})); 701 } 702 703 var seq = new _DERSequence({array: a}); 704 return seq.getEncodedHex(); 705 }; 706 707 this.setByParam = function(params) { 708 this.params = params; 709 }; 710 711 if (params !== undefined) this.setByParam(params); 712 }; 713 extendClass(KJUR.asn1.ocsp.SingleResponse, KJUR.asn1.ASN1Object); 714 715 /** 716 * ASN.1 CertID class for OCSP<br/> 717 * @name KJUR.asn1.ocsp.CertID 718 * @class ASN.1 CertID class for OCSP 719 * @param {Array} params JSON object of parameters 720 * @extends KJUR.asn1.ASN1Object 721 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 722 * @see KJUR.asn1.ocsp.SingleResponse 723 * @see KJUR.asn1.x509.AlgorithmIdentifier 724 * 725 * @description 726 * CertID ASN.1 class is defined in 727 * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 728 * <pre> 729 * CertID ::= SEQUENCE { 730 * hashAlgorithm AlgorithmIdentifier, 731 * issuerNameHash OCTET STRING, -- Hash of issuer's DN 732 * issuerKeyHash OCTET STRING, -- Hash of issuer's public key 733 * serialNumber CertificateSerialNumber } 734 * </pre> 735 * Following properties are available in "params" of the constructor: 736 * <ul> 737 * <li>{String}alg (OPTION) - hash algorithm name. Default is "sha1" (ex, "sha1")</li> 738 * <li>{String}issname (OPTION) - hexadecimal string of issuerNameHash</li> 739 * <li>{String}isskey (OPTION) - hexadecimal string of issuerKeyHash</li> 740 * <li>{String}sbjsn (OPTION) - hexadecimal string of serial number of subject certificate</li> 741 * <li>{String}issuerCert (OPTION) - PEM string of issuer certificate. 742 * Property "issname" and "isskey" will be set by "issuerCert".</li> 743 * <li>{String}subjectCert (OPTION) - PEM string of issuer certificate. 744 * Property "sbjsn" will be set by "subjectCert".</li> 745 * </ul> 746 * <br/> 747 * NOTE: Properties "namehash", "keyhash" and "serial" are 748 * changed to "issname", "isskey", and "sbjsn" respectively 749 * since jsrsasign 9.1.6 asn1ocsp 1.1.0. 750 * 751 * @example 752 * // constructor with explicit values (changed since jsrsasign 9.1.6) 753 * new KJUR.asn1.ocsp.CertID({issname: "1a...", isskey: "ad...", sbjsn: "1234", alg: "sha256"}); 754 * 755 * // constructor with certs (sha1 is used by default) 756 * o = new KJUR.asn1.ocsp.CertID({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN..."}); 757 * 758 * // constructor with certs and sha256 759 * o = new KJUR.asn1.ocsp.CertID({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"}); 760 */ 761 KJUR.asn1.ocsp.CertID = function(params) { 762 var _KJUR = KJUR, 763 _KJUR_asn1 = _KJUR.asn1, 764 _DEROctetString = _KJUR_asn1.DEROctetString, 765 _DERInteger = _KJUR_asn1.DERInteger, 766 _DERSequence = _KJUR_asn1.DERSequence, 767 _KJUR_asn1_x509 = _KJUR_asn1.x509, 768 _AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier, 769 _KJUR_asn1_ocsp = _KJUR_asn1.ocsp, 770 _DEFAULT_HASH = _KJUR_asn1_ocsp.DEFAULT_HASH, 771 _KJUR_crypto = _KJUR.crypto, 772 _hashHex = _KJUR_crypto.Util.hashHex, 773 _X509 = X509, 774 _ASN1HEX = ASN1HEX; 775 776 _KJUR_asn1_ocsp.CertID.superclass.constructor.call(this); 777 778 this.dHashAlg = null; 779 this.dIssuerNameHash = null; 780 this.dIssuerKeyHash = null; 781 this.dSerialNumber = null; 782 783 /** 784 * set CertID ASN.1 object by values.<br/> 785 * @name setByValue 786 * @memberOf KJUR.asn1.ocsp.CertID# 787 * @function 788 * @param {String} issuerNameHashHex hexadecimal string of hash value of issuer name 789 * @param {String} issuerKeyHashHex hexadecimal string of hash value of issuer public key 790 * @param {String} serialNumberHex hexadecimal string of certificate serial number to be verified 791 * @param {String} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1 792 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 793 * @example 794 * o = new KJUR.asn1.ocsp.CertID(); 795 * o.setByValue("1fac...", "fd3a...", "1234"); // sha1 is used by default 796 * o.setByValue("1fac...", "fd3a...", "1234", "sha256"); 797 */ 798 this.setByValue = function(issuerNameHashHex, issuerKeyHashHex, 799 serialNumberHex, algName) { 800 if (algName === undefined) algName = _DEFAULT_HASH; 801 this.dHashAlg = new _AlgorithmIdentifier({name: algName}); 802 this.dIssuerNameHash = new _DEROctetString({hex: issuerNameHashHex}); 803 this.dIssuerKeyHash = new _DEROctetString({hex: issuerKeyHashHex}); 804 this.dSerialNumber = new _DERInteger({hex: serialNumberHex}); 805 }; 806 807 /** 808 * set CertID ASN.1 object by PEM certificates.<br/> 809 * @name setByCert 810 * @memberOf KJUR.asn1.ocsp.CertID# 811 * @function 812 * @param {String} issuerCert string of PEM issuer certificate 813 * @param {String} subjectCert string of PEM subject certificate to be verified by OCSP 814 * @param {String} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1 815 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 816 * 817 * @example 818 * o = new KJUR.asn1.ocsp.CertID(); 819 * o.setByCert("-----BEGIN...", "-----BEGIN..."); // sha1 is used by default 820 * o.setByCert("-----BEGIN...", "-----BEGIN...", "sha256"); 821 */ 822 this.setByCert = function(issuerCert, subjectCert, algName) { 823 if (algName === undefined) algName = _DEFAULT_HASH; 824 825 var xSbj = new _X509(); 826 xSbj.readCertPEM(subjectCert); 827 var xIss = new _X509(); 828 xIss.readCertPEM(issuerCert); 829 830 var hISS_SPKI = xIss.getPublicKeyHex(); 831 var issuerKeyHex = _ASN1HEX.getVbyList(hISS_SPKI, 0, [1], "03", true); 832 833 var serialNumberHex = xSbj.getSerialNumberHex(); 834 var issuerNameHashHex = _hashHex(xIss.getSubjectHex(), algName); 835 var issuerKeyHashHex = _hashHex(issuerKeyHex, algName); 836 this.setByValue(issuerNameHashHex, issuerKeyHashHex, 837 serialNumberHex, algName); 838 this.hoge = xSbj.getSerialNumberHex(); 839 }; 840 841 this.getEncodedHex = function() { 842 if (this.dHashAlg === null && 843 this.dIssuerNameHash === null && 844 this.dIssuerKeyHash === null && 845 this.dSerialNumber === null) 846 throw "not yet set values"; 847 848 var a = [this.dHashAlg, this.dIssuerNameHash, 849 this.dIssuerKeyHash, this.dSerialNumber]; 850 var seq = new _DERSequence({array: a}); 851 this.hTLV = seq.getEncodedHex(); 852 return this.hTLV; 853 }; 854 855 if (params !== undefined) { 856 var p = params; 857 if (p.issuerCert !== undefined && 858 p.subjectCert !== undefined) { 859 var alg = _DEFAULT_HASH; 860 if (p.alg === undefined) alg = undefined; 861 this.setByCert(p.issuerCert, p.subjectCert, alg); 862 } else if (p.issname !== undefined && 863 p.isskey !== undefined && 864 p.sbjsn !== undefined) { 865 var alg = _DEFAULT_HASH; 866 if (p.alg === undefined) alg = undefined; 867 this.setByValue(p.issname, p.isskey, p.sbjsn, alg); 868 } else { 869 throw new Error("invalid constructor arguments"); 870 } 871 } 872 }; 873 extendClass(KJUR.asn1.ocsp.CertID, KJUR.asn1.ASN1Object); 874 875 /** 876 * CertStatus ASN.1 class encoder<br/> 877 * @name KJUR.asn1.ocsp.CertStatus 878 * @class CertStatus ASN.1 class encoder 879 * @param {Array} params JSON object for CertStatus parameter 880 * @extends KJUR.asn1.ASN1Object 881 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 882 * @see KJUR.asn1.ocsp.OCSPResponse 883 * @see KJUR.asn1.ocsp.ResponseBytes 884 * @see KJUR.asn1.ocsp.BasicOCSPResponse 885 * @see KJUR.asn1.ocsp.ResponseData 886 * @see KJUR.asn1.ocsp.SingleResponse 887 * @see KJUR.asn1.ocsp.CertID 888 * @see KJUR.asn1.ocsp.CertStatus 889 * 890 * @description 891 * ASN.1 class of SEQUENCE OF SingleResponse is defined in 892 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 893 * <pre> 894 * CertStatus ::= CHOICE { 895 * good [0] IMPLICIT NULL, 896 * revoked [1] IMPLICIT RevokedInfo, 897 * unknown [2] IMPLICIT UnknownInfo } 898 * RevokedInfo ::= SEQUENCE { 899 * revocationTime GeneralizedTime, 900 * revocationReason [0] EXPLICIT CRLReason OPTIONAL } 901 * UnknownInfo ::= NULL 902 * CRLReason ::= ENUMERATED { 903 * unspecified (0), 904 * keyCompromise (1), 905 * cACompromise (2), 906 * affiliationChanged (3), 907 * superseded (4), 908 * cessationOfOperation (5), 909 * certificateHold (6), 910 * -- value 7 is not used 911 * removeFromCRL (8), 912 * privilegeWithdrawn (9), 913 * aACompromise (10) } 914 * </pre> 915 * Following properties are available: 916 * <ul> 917 * <li>{String}status - "good", "revoked" or "unknown"</li> 918 * <li>{String}time (OPTION) - revocationTime YYYYMMDDHHmmSSZ (ex. "20200904235959Z")</li> 919 * <li>{Number}reason (OPTION) - revocationReason code number</li> 920 * </ul> 921 * 922 * @example 923 * new KJUR.asn1.ocsp.CertStatus({status: "good"}) 924 * new KJUR.asn1.ocsp.CertStatus({status: "revoked", time: "20200903235959Z"}) 925 * new KJUR.asn1.ocsp.CertStatus({status: "revoked", time: "20200903235959Z", reason: 3}) 926 * new KJUR.asn1.ocsp.CertStatus({status: "unknown"}) 927 */ 928 KJUR.asn1.ocsp.CertStatus = function(params) { 929 KJUR.asn1.ocsp.CertStatus.superclass.constructor.call(this); 930 931 this.params = null; 932 933 this.getEncodedHex = function() { 934 var params = this.params; 935 if (params.status == "good") return "8000"; 936 if (params.status == "unknown") return "8200"; 937 if (params.status == "revoked") { 938 var a = [{gentime: {str: params.time}}]; 939 if (params.reason != undefined) { 940 a.push({tag: {tag: 'a0', 941 explicit: true, 942 obj: {'enum': {'int': params.reason}}}}); 943 } 944 var tagParam = {tag: 'a1', explicit: false, obj: {seq: a}}; 945 return KJUR.asn1.ASN1Util.newObject({tag: tagParam}).getEncodedHex(); 946 } 947 throw new Error("bad status"); 948 }; 949 950 this.setByParam = function(params) { 951 this.params = params; 952 }; 953 954 if (params !== undefined) this.setByParam(params); 955 }; 956 extendClass(KJUR.asn1.ocsp.CertStatus, KJUR.asn1.ASN1Object); 957 958 // ---- END OF Classes for OCSP response ----------------------------------- 959 960 /** 961 * ASN.1 Request class for OCSP<br/> 962 * @name KJUR.asn1.ocsp.Request 963 * @class ASN.1 Request class for OCSP 964 * @param {Array} params associative array of parameters 965 * @extends KJUR.asn1.ASN1Object 966 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 967 * @description 968 * Request ASN.1 class is defined in 969 * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 970 * singleRequestExtensions is not supported yet in this version such as nonce. 971 * <pre> 972 * Request ::= SEQUENCE { 973 * reqCert CertID, 974 * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } 975 * </pre> 976 * @example 977 * // default constructor 978 * o = new KJUR.asn1.ocsp.Request(); 979 * // constructor with certs (sha1 is used by default) 980 * o = new KJUR.asn1.ocsp.Request({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN..."}); 981 * // constructor with certs and sha256 982 * o = new KJUR.asn1.ocsp.Request({issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"}); 983 * // constructor with values 984 * o = new KJUR.asn1.ocsp.Request({namehash: "1a...", keyhash: "ad...", serial: "1234", alg: "sha256"}); 985 */ 986 KJUR.asn1.ocsp.Request = function(params) { 987 var _KJUR = KJUR, 988 _KJUR_asn1 = _KJUR.asn1, 989 _DERSequence = _KJUR_asn1.DERSequence, 990 _KJUR_asn1_ocsp = _KJUR_asn1.ocsp; 991 992 _KJUR_asn1_ocsp.Request.superclass.constructor.call(this); 993 this.dReqCert = null; 994 this.dExt = null; 995 996 this.getEncodedHex = function() { 997 var a = []; 998 999 // 1. reqCert 1000 if (this.dReqCert === null) 1001 throw "reqCert not set"; 1002 a.push(this.dReqCert); 1003 1004 // 2. singleRequestExtensions (not supported yet) 1005 1006 // 3. construct SEQUENCE 1007 var seq = new _DERSequence({array: a}); 1008 this.hTLV = seq.getEncodedHex(); 1009 return this.hTLV; 1010 }; 1011 1012 if (typeof params !== "undefined") { 1013 var o = new _KJUR_asn1_ocsp.CertID(params); 1014 this.dReqCert = o; 1015 } 1016 }; 1017 extendClass(KJUR.asn1.ocsp.Request, KJUR.asn1.ASN1Object); 1018 1019 /** 1020 * ASN.1 TBSRequest class for OCSP<br/> 1021 * @name KJUR.asn1.ocsp.TBSRequest 1022 * @class ASN.1 TBSRequest class for OCSP 1023 * @param {Array} params associative array of parameters 1024 * @extends KJUR.asn1.ASN1Object 1025 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 1026 * @description 1027 * TBSRequest ASN.1 class is defined in 1028 * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 1029 * <pre> 1030 * TBSRequest ::= SEQUENCE { 1031 * version [0] EXPLICIT Version DEFAULT v1, 1032 * requestorName [1] EXPLICIT GeneralName OPTIONAL, 1033 * requestList SEQUENCE OF Request, 1034 * requestExtensions [2] EXPLICIT Extensions OPTIONAL } 1035 * </pre> 1036 * @example 1037 * // default constructor 1038 * o = new KJUR.asn1.ocsp.TBSRequest(); 1039 * // constructor with requestList parameter 1040 * o = new KJUR.asn1.ocsp.TBSRequest({reqList:[ 1041 * {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg:}, 1042 * {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"} 1043 * ]}); 1044 */ 1045 KJUR.asn1.ocsp.TBSRequest = function(params) { 1046 var _KJUR = KJUR, 1047 _KJUR_asn1 = _KJUR.asn1, 1048 _DERSequence = _KJUR_asn1.DERSequence, 1049 _KJUR_asn1_ocsp = _KJUR_asn1.ocsp; 1050 1051 _KJUR_asn1_ocsp.TBSRequest.superclass.constructor.call(this); 1052 this.version = 0; 1053 this.dRequestorName = null; 1054 this.dRequestList = []; 1055 this.dRequestExt = null; 1056 1057 /** 1058 * set TBSRequest ASN.1 object by array of parameters.<br/> 1059 * @name setRequestListByParam 1060 * @memberOf KJUR.asn1.ocsp.TBSRequest# 1061 * @function 1062 * @param {Array} aParams array of parameters for Request class 1063 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 1064 * @example 1065 * o = new KJUR.asn1.ocsp.TBSRequest(); 1066 * o.setRequestListByParam([ 1067 * {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg:}, 1068 * {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"} 1069 * ]); 1070 */ 1071 this.setRequestListByParam = function(aParams) { 1072 var a = []; 1073 for (var i = 0; i < aParams.length; i++) { 1074 var dReq = new _KJUR_asn1_ocsp.Request(aParams[0]); 1075 a.push(dReq); 1076 } 1077 this.dRequestList = a; 1078 }; 1079 1080 this.getEncodedHex = function() { 1081 var a = []; 1082 1083 // 1. version 1084 if (this.version !== 0) 1085 throw "not supported version: " + this.version; 1086 1087 // 2. requestorName 1088 if (this.dRequestorName !== null) 1089 throw "requestorName not supported"; 1090 1091 // 3. requestList 1092 var seqRequestList = 1093 new _DERSequence({array: this.dRequestList}); 1094 a.push(seqRequestList); 1095 1096 // 4. requestExtensions 1097 if (this.dRequestExt !== null) 1098 throw "requestExtensions not supported"; 1099 1100 // 5. construct SEQUENCE 1101 var seq = new _DERSequence({array: a}); 1102 this.hTLV = seq.getEncodedHex(); 1103 return this.hTLV; 1104 }; 1105 1106 if (params !== undefined) { 1107 if (params.reqList !== undefined) 1108 this.setRequestListByParam(params.reqList); 1109 } 1110 }; 1111 extendClass(KJUR.asn1.ocsp.TBSRequest, KJUR.asn1.ASN1Object); 1112 1113 1114 /** 1115 * ASN.1 OCSPRequest class for OCSP<br/> 1116 * @name KJUR.asn1.ocsp.OCSPRequest 1117 * @class ASN.1 OCSPRequest class for OCSP 1118 * @param {Array} params associative array of parameters 1119 * @extends KJUR.asn1.ASN1Object 1120 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 1121 * @description 1122 * OCSPRequest ASN.1 class is defined in 1123 * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 1124 * A signed request is not supported yet in this version. 1125 * <pre> 1126 * OCSPRequest ::= SEQUENCE { 1127 * tbsRequest TBSRequest, 1128 * optionalSignature [0] EXPLICIT Signature OPTIONAL } 1129 * </pre> 1130 * @example 1131 * // default constructor 1132 * o = new KJUR.asn1.ocsp.OCSPRequest(); 1133 * // constructor with requestList parameter 1134 * o = new KJUR.asn1.ocsp.OCSPRequest({reqList:[ 1135 * {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg:}, 1136 * {issuerCert: "-----BEGIN...", subjectCert: "-----BEGIN...", alg: "sha256"} 1137 * ]}); 1138 */ 1139 KJUR.asn1.ocsp.OCSPRequest = function(params) { 1140 var _KJUR = KJUR, 1141 _KJUR_asn1 = _KJUR.asn1, 1142 _DERSequence = _KJUR_asn1.DERSequence, 1143 _KJUR_asn1_ocsp = _KJUR_asn1.ocsp; 1144 1145 _KJUR_asn1_ocsp.OCSPRequest.superclass.constructor.call(this); 1146 this.dTbsRequest = null; 1147 this.dOptionalSignature = null; 1148 1149 this.getEncodedHex = function() { 1150 var a = []; 1151 1152 // 1. tbsRequest 1153 if (this.dTbsRequest !== null) { 1154 a.push(this.dTbsRequest); 1155 } else { 1156 throw "tbsRequest not set"; 1157 } 1158 1159 // 2. optionalSignature 1160 if (this.dOptionalSignature !== null) 1161 throw "optionalSignature not supported"; 1162 1163 // 3. construct SEQUENCE 1164 var seq = new _DERSequence({array: a}); 1165 this.hTLV = seq.getEncodedHex(); 1166 return this.hTLV; 1167 }; 1168 1169 if (params !== undefined) { 1170 if (params.reqList !== undefined) { 1171 var o = new _KJUR_asn1_ocsp.TBSRequest(params); 1172 this.dTbsRequest = o; 1173 } 1174 } 1175 }; 1176 extendClass(KJUR.asn1.ocsp.OCSPRequest, KJUR.asn1.ASN1Object); 1177 1178 /** 1179 * Utility class for OCSP<br/> 1180 * @name KJUR.asn1.ocsp.OCSPUtil 1181 * @class Utility class for OCSP 1182 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 1183 * @description 1184 * This class provides utility static methods for OCSP. 1185 * <ul> 1186 * <li>{@link KJUR.asn1.ocsp.OCSPUtil.getRequestHex} - generates hexadecimal string of OCSP request</li> 1187 * </ul> 1188 */ 1189 KJUR.asn1.ocsp.OCSPUtil = {}; 1190 1191 /** 1192 * generates hexadecimal string of OCSP request<br/> 1193 * @name getRequestHex 1194 * @memberOf KJUR.asn1.ocsp.OCSPUtil 1195 * @function 1196 * @param {String} issuerCert string of PEM issuer certificate 1197 * @param {String} subjectCert string of PEM subject certificate to be verified by OCSP 1198 * @param {String} algName hash algorithm name used for above arguments (ex. "sha1") DEFAULT: sha1 1199 * @return {String} hexadecimal string of generated OCSP request 1200 * @since jsrsasign 6.1.0 asn1ocsp 1.0.0 1201 * @description 1202 * This static method generates hexadecimal string of OCSP request. 1203 * @example 1204 * // generate OCSP request using sha1 algorithnm by default. 1205 * hReq = KJUR.asn1.ocsp.OCSPUtil.getRequestHex("-----BEGIN...", "-----BEGIN..."); 1206 */ 1207 KJUR.asn1.ocsp.OCSPUtil.getRequestHex = function(issuerCert, subjectCert, alg) { 1208 var _KJUR = KJUR, 1209 _KJUR_asn1 = _KJUR.asn1, 1210 _KJUR_asn1_ocsp = _KJUR_asn1.ocsp; 1211 1212 if (alg === undefined) alg = _KJUR_asn1_ocsp.DEFAULT_HASH; 1213 var param = {alg: alg, issuerCert: issuerCert, subjectCert: subjectCert}; 1214 var o = new _KJUR_asn1_ocsp.OCSPRequest({reqList: [param]}); 1215 return o.getEncodedHex(); 1216 }; 1217 1218 /** 1219 * simple parser for OCSPResponse (DEPRECATED)<br/> 1220 * @name getOCSPResponseInfo 1221 * @memberOf KJUR.asn1.ocsp.OCSPUtil 1222 * @function 1223 * @param {String} h hexadecimal string of DER OCSPResponse 1224 * @return {Object} JSON object of parsed OCSPResponse 1225 * @since jsrsasign 6.1.0 asn1ocsp 1.0.1 1226 * @deprecated since jsrsasign 10.4.0 asn1ocsp 1.1.5 Please use OCSPParser.getOCSPRespnose 1227 * 1228 * @description 1229 * This static method parse a hexadecimal string of DER OCSPResponse and 1230 * returns JSON object of its parsed result. 1231 * Its result has following properties: 1232 * <ul> 1233 * <li>responseStatus - integer of responseStatus</li> 1234 * <li>certStatus - string of certStatus (ex. good, revoked or unknown)</li> 1235 * <li>thisUpdate - string of thisUpdate in Zulu(ex. 20151231235959Z)</li> 1236 * <li>nextUpdate - string of nextUpdate in Zulu(ex. 20151231235959Z)</li> 1237 * </ul> 1238 * NOTE: This method may not work preperly. Please use 1239 * {@link KJUR.asn1.ocsp.OCSPParser#getOCSPResponse}. 1240 * 1241 * @example 1242 * info = KJUR.asn1.ocsp.OCSPUtil.getOCSPResponseInfo("3082..."); 1243 */ 1244 KJUR.asn1.ocsp.OCSPUtil.getOCSPResponseInfo = function(h) { 1245 var _ASN1HEX = ASN1HEX, 1246 _getVbyList = _ASN1HEX.getVbyList, 1247 _getVbyListEx = _ASN1HEX.getVbyListEx, 1248 _getIdxbyList = _ASN1HEX.getIdxbyList, 1249 _getIdxbyListEx = _ASN1HEX.getIdxbyListEx, 1250 _getV = _ASN1HEX.getV; 1251 1252 var result = {}; 1253 try { 1254 var v = _getVbyListEx(h, 0, [0], "0a"); 1255 result.responseStatus = parseInt(v, 16); 1256 } catch(ex) {}; 1257 if (result.responseStatus !== 0) return result; 1258 1259 try { 1260 // certStatus 1261 var idxCertStatus = _getIdxbyList(h, 0, [1,0,1,0,0,2,0,1]); 1262 if (h.substr(idxCertStatus, 2) === "80") { 1263 result.certStatus = "good"; 1264 } else if (h.substr(idxCertStatus, 2) === "a1") { 1265 result.certStatus = "revoked"; 1266 result.revocationTime = 1267 hextoutf8(_getVbyList(h, idxCertStatus, [0])); 1268 } else if (h.substr(idxCertStatus, 2) === "82") { 1269 result.certStatus = "unknown"; 1270 } 1271 } catch (ex) {}; 1272 1273 // thisUpdate 1274 try { 1275 var idxThisUpdate = _getIdxbyList(h, 0, [1,0,1,0,0,2,0,2]); 1276 result.thisUpdate = hextoutf8(_getV(h, idxThisUpdate)); 1277 } catch (ex) {}; 1278 1279 // nextUpdate 1280 try { 1281 var idxEncapNextUpdate = _getIdxbyList(h, 0, [1,0,1,0,0,2,0,3]); 1282 if (h.substr(idxEncapNextUpdate, 2) === "a0") { 1283 result.nextUpdate = 1284 hextoutf8(_getVbyList(h, idxEncapNextUpdate, [0])); 1285 } 1286 } catch (ex) {}; 1287 1288 return result; 1289 }; 1290 1291 /** 1292 * OCSP request and response parser<br/> 1293 * @name KJUR.asn1.ocsp.OCSPParser 1294 * @class OCSP request and response parser 1295 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 1296 * 1297 * @description 1298 * This class provides ASN.1 parser for 1299 * OCSP related ASN.1 data. <br/> 1300 * NOTE: OCSPResponse parser supported from jsrsasign 10.4.0. 1301 * <br/> 1302 * This parser supports following OCSP ASN.1 classes: 1303 * <ul> 1304 * <li>OCSP REQUEST 1305 * <ul> 1306 * <li>OCSPRequest - {@link KJUR.asn1.ocsp.OCSPParser#getOCSPRequest}</li> 1307 * <li>TBSRequest - {@link KJUR.asn1.ocsp.OCSPParser#getTBSRequest}</li> 1308 * <li>SEQUENCE OF Request - {@link KJUR.asn1.ocsp.OCSPParser#getRequestList}</li> 1309 * <li>Request - {@link KJUR.asn1.ocsp.OCSPParser#getRequest}</li> 1310 * </ul> 1311 * </li> 1312 * <li>OCSP RESPONSE 1313 * <ul> 1314 * <li>OCSPResponse - {@link KJUR.asn1.ocsp.OCSPParser#getOCSPResponse}</li> 1315 * <li>ResponseBytes - {@link KJUR.asn1.ocsp.OCSPParser#getResponseBytes}</li> 1316 * <li>BasicOCSPResponse - {@link KJUR.asn1.ocsp.OCSPParser#getBasicOCSPResponse}</li> 1317 * <li>ResponseData - {@link KJUR.asn1.ocsp.OCSPParser#getResponseData}</li> 1318 * <li>ResponderID - {@link KJUR.asn1.ocsp.OCSPParser#getResponderID}</li> 1319 * <li>SEQUENCE OF SingleResponse - {@link KJUR.asn1.ocsp.OCSPParser#getSingleResponseList}</li> 1320 * <li>SingleResponse - {@link KJUR.asn1.ocsp.OCSPParser#getSingleResponse}</li> 1321 * <li>CertStatus - {@link KJUR.asn1.ocsp.OCSPParser#getCertStatus}</li> 1322 * </ul> 1323 * </li> 1324 * <li>common 1325 * <ul> 1326 * <li>CertID - {@link KJUR.asn1.ocsp.OCSPParser#getCertID}</li> 1327 * </ul> 1328 * </li> 1329 * </ul> 1330 */ 1331 KJUR.asn1.ocsp.OCSPParser = function() { 1332 var _Error = Error, 1333 _X509 = X509, 1334 _x509obj = new _X509(), 1335 _ASN1HEX = ASN1HEX, 1336 _getV = _ASN1HEX.getV, 1337 _getTLV = _ASN1HEX.getTLV, 1338 _getIdxbyList = _ASN1HEX.getIdxbyList, 1339 _getVbyList = _ASN1HEX.getVbyList, 1340 _getTLVbyList = _ASN1HEX.getTLVbyList, 1341 _getVbyListEx = _ASN1HEX.getVbyListEx, 1342 _getTLVbyListEx = _ASN1HEX.getTLVbyListEx, 1343 _getChildIdx = _ASN1HEX.getChildIdx; 1344 1345 /** 1346 * parse ASN.1 OCSPRequest<br/> 1347 * @name getOCSPRequest 1348 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1349 * @function 1350 * @param {String} h hexadecimal string of ASN.1 OCSPRequest 1351 * @return {Array} array of JSON object of OCSPRequest parameter 1352 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 1353 * 1354 * @description 1355 * This method will parse a hexadecimal string of 1356 * OCSPRequest ASN.1 class is defined in 1357 * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 1358 * <pre> 1359 * OCSPRequest ::= SEQUENCE { 1360 * tbsRequest TBSRequest, 1361 * optionalSignature [0] EXPLICIT Signature OPTIONAL } 1362 * TBSRequest ::= SEQUENCE { 1363 * version [0] EXPLICIT Version DEFAULT v1, 1364 * requestorName [1] EXPLICIT GeneralName OPTIONAL, 1365 * requestList SEQUENCE OF Request, 1366 * requestExtensions [2] EXPLICIT Extensions OPTIONAL } 1367 * Signature ::= SEQUENCE { 1368 * signatureAlgorithm AlgorithmIdentifier, 1369 * signature BIT STRING, 1370 * certs [0] EXPLICIT SEQUENCE OF Certificate 1371 * OPTIONAL} 1372 * </pre> 1373 * Currently Signature in OCSPRequest is not supported. 1374 * <br/> 1375 * 1376 * @see KJUR.asn1.ocsp.OCSPParser#getTBSRequest 1377 * @see KJUR.asn1.ocsp.OCSPRequest 1378 * 1379 * @example 1380 * o = new KJUR.asn1.ocsp.OCSPParser(); 1381 * o.getOCSPRequest("30...") → 1382 * { array: [{ 1383 * "alg": "sha1", 1384 * "issname": "105fa67a80089db5279f35ce830b43889ea3c70d", 1385 * "isskey": "0f80611c823161d52f28e78d4638b42ce1c6d9e2", 1386 * "sbjsn": "0fef62075d715dc5e1d8bd03775c9686" }]} 1387 */ 1388 this.getOCSPRequest = function(h) { 1389 var a = _getChildIdx(h, 0); 1390 1391 if (a.length != 1 && a.length != 2) { 1392 throw new _Error("wrong number elements: " + a.length); 1393 } 1394 1395 var result = this.getTBSRequest(_getTLV(h, a[0])); 1396 return result; 1397 }; 1398 1399 /** 1400 * parse ASN.1 TBSRequest of OCSP<br/> 1401 * @name getTBSRequest 1402 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1403 * @function 1404 * @param {String} h hexadecimal string of ASN.1 TBSRequest of OCSP 1405 * @return {Array} array of JSON object of TBSRequest parameter 1406 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 1407 * 1408 * @description 1409 * This method will parse 1410 * TBSRequest ASN.1 class is defined in 1411 * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 1412 * <pre> 1413 * TBSRequest ::= SEQUENCE { 1414 * version [0] EXPLICIT Version DEFAULT v1, 1415 * requestorName [1] EXPLICIT GeneralName OPTIONAL, 1416 * requestList SEQUENCE OF Request, 1417 * requestExtensions [2] EXPLICIT Extensions OPTIONAL } 1418 * </pre> 1419 * 1420 * @see KJUR.asn1.ocsp.OCSPParser#getOCSPRequest 1421 * @see KJUR.asn1.ocsp.OCSPParser#getRequestList 1422 * @see KJUR.asn1.ocsp.TBSRequest 1423 * 1424 * @example 1425 * o = new KJUR.asn1.ocsp.OCSPParser(); 1426 * o.getTBSRequest("30...") → 1427 * {array: [{ 1428 * "alg": "sha1", 1429 * "issname": "105fa67a80089db5279f35ce830b43889ea3c70d", 1430 * "isskey": "0f80611c823161d52f28e78d4638b42ce1c6d9e2", 1431 * "sbjsn": "0fef62075d715dc5e1d8bd03775c9686" }]} 1432 */ 1433 this.getTBSRequest = function(h) { 1434 var result = {}; 1435 var hReqList = _getTLVbyListEx(h, 0, [0], "30"); 1436 result.array = this.getRequestList(hReqList); 1437 var hExt = _getTLVbyListEx(h, 0, ["[2]", 0], "30"); 1438 if (hExt != null) { 1439 result.ext = _x509obj.getExtParamArray(hExt); 1440 } 1441 1442 return result; 1443 }; 1444 1445 /** 1446 * parse ASN.1 SEQUENCE OF Request in OCSP<br/> 1447 * @name getRequestList 1448 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1449 * @function 1450 * @param {String} h hexadecimal string of ASN.1 SEQUENCE OF Request in OCSP 1451 * @return {Array} array of JSON object of Request parameter 1452 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 1453 * 1454 * @description 1455 * This method will parse a hexadecimal string of 1456 * SEQUENCE OF Request ASN.1 class is defined in 1457 * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 1458 * <br/> 1459 * NOTE: singleRequestExtensions is not supported yet in this version such as nonce. 1460 * <pre> 1461 * TBSRequest ::= SEQUENCE { 1462 * version [0] EXPLICIT Version DEFAULT v1, 1463 * requestorName [1] EXPLICIT GeneralName OPTIONAL, 1464 * requestList SEQUENCE OF Request, 1465 * requestExtensions [2] EXPLICIT Extensions OPTIONAL } 1466 * Request ::= SEQUENCE { 1467 * reqCert CertID, 1468 * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } 1469 * </pre> 1470 * 1471 * @see KJUR.asn1.ocsp.OCSPParser#getTBSRequest 1472 * @see KJUR.asn1.ocsp.OCSPParser#getRequest 1473 * @see KJUR.asn1.ocsp.RequestList 1474 * @see KJUR.asn1.ocsp.Request 1475 * 1476 * @example 1477 * o = new KJUR.asn1.ocsp.OCSPParser(); 1478 * o.getRequestList("30...") → 1479 * [{ alg: "sha1" 1480 * issname: "...hex...", 1481 * isskey: "...hex...", 1482 * sbjsn: "...hex...", 1483 * ext: [<<singleRequestExtension parameters>>...] }] 1484 */ 1485 this.getRequestList = function(h) { 1486 var result = []; 1487 var a = _getChildIdx(h, 0); 1488 for (var i = 0; i < a.length; i++) { 1489 var h = _getTLV(h, a[i]); 1490 result.push(this.getRequest(h)); 1491 } 1492 return result; 1493 }; 1494 1495 /** 1496 * parse ASN.1 Request of OCSP<br/> 1497 * @name getRequest 1498 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1499 * @function 1500 * @param {String} h hexadecimal string of ASN.1 Request of OCSP 1501 * @return JSON object of Request parameter 1502 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 1503 * 1504 * @description 1505 * This method will parse a hexadecimal string of 1506 * Request ASN.1 class is defined in 1507 * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 1508 * <pre> 1509 * Request ::= SEQUENCE { 1510 * reqCert CertID, 1511 * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } 1512 * </pre> 1513 * 1514 * @see KJUR.asn1.ocsp.OCSPParser#getTBSRequest 1515 * @see KJUR.asn1.ocsp.OCSPParser#getRequestList 1516 * @see KJUR.asn1.ocsp.OCSPParser#getCertID 1517 * @see KJUR.asn1.ocsp.RequestList 1518 * @see KJUR.asn1.ocsp.Request 1519 * @see KJUR.asn1.ocsp.CertID 1520 * 1521 * @example 1522 * o = new KJUR.asn1.ocsp.OCSPParser(); 1523 * o.getRequest("30...") → 1524 * { alg: "sha1" 1525 * issname: "...hex...", 1526 * isskey: "...hex...", 1527 * sbjsn: "...hex...", 1528 * ext: [<<singleRequestExtension parameters>>...] } 1529 */ 1530 this.getRequest = function(h) { 1531 var a = _getChildIdx(h, 0); 1532 if (a.length != 1 && a.length != 2) { 1533 throw new _Error("wrong number elements: " + a.length); 1534 } 1535 1536 var params = this.getCertID(_getTLV(h, a[0])); 1537 1538 if (a.length == 2) { 1539 var idxExt = _getIdxbyList(h, 0, [1, 0]); 1540 params.ext = _x509obj.getExtParamArray(_getTLV(h, idxExt)); 1541 } 1542 1543 return params; 1544 }; 1545 1546 /** 1547 * parse ASN.1 CertID of OCSP<br/> 1548 * @name getCertID 1549 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1550 * @function 1551 * @param {String} h hexadecimal string of CertID 1552 * @return JSON object of CertID parameter 1553 * @since jsrsasign 9.1.6 asn1ocsp 1.1.0 1554 * 1555 * @description 1556 * This method will parse a hexadecimal string of 1557 * CertID ASN.1 class is defined in 1558 * <a href="https://tools.ietf.org/html/rfc6960#section-4.1.1">RFC 6960 4.1.1</a>. 1559 * <pre> 1560 * CertID ::= SEQUENCE { 1561 * hashAlgorithm AlgorithmIdentifier, 1562 * issuerNameHash OCTET STRING, -- Hash of issuer's DN 1563 * issuerKeyHash OCTET STRING, -- Hash of issuer's public key 1564 * serialNumber CertificateSerialNumber } 1565 * </pre> 1566 * 1567 * @see KJUR.asn1.ocsp.OCSPParser#getRequest 1568 * @see KJUR.asn1.ocsp.OCSPParser#getSingleResponse 1569 * @see KJUR.asn1.ocsp.CertID 1570 * 1571 * @example 1572 * o = new KJUR.asn1.ocsp.OCSPParser(); 1573 * o.getCertID("30...") → 1574 * { alg: "sha1" 1575 * issname: "...hex...", 1576 * isskey: "...hex...", 1577 * sbjsn: "...hex..." } 1578 */ 1579 this.getCertID = function(h) { 1580 var a = _getChildIdx(h, 0); 1581 if (a.length != 4) { 1582 throw new _Error("wrong number elements: " + a.length); 1583 } 1584 1585 var x = new _X509(); 1586 var result = {}; 1587 result.alg = x.getAlgorithmIdentifierName(_getTLV(h, a[0])); 1588 result.issname = _getV(h, a[1]); 1589 result.isskey = _getV(h, a[2]); 1590 result.sbjsn = _getV(h, a[3]); 1591 1592 return result; 1593 }; 1594 1595 /** 1596 * parse ASN.1 OCSPResponse of OCSP<br/> 1597 * @name getOCSPResponse 1598 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1599 * @function 1600 * @param {String} h hexadecimal string of OCSPResponse 1601 * @return JSON object of OCSResponse parameter 1602 * @since jsrsasign 10.4.0 asn1ocsp 1.1.5 1603 * 1604 * @description 1605 * This method will parse a hexadecimal string of 1606 * ASN.1 OCSPResponse defined in 1607 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 1608 * <pre> 1609 * OCSPResponse ::= SEQUENCE { 1610 * responseStatus OCSPResponseStatus, 1611 * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } 1612 * OCSPResponseStatus ::= ENUMERATED { 1613 * successful (0), -- Response has valid confirmations 1614 * malformedRequest (1), -- Illegal confirmation request 1615 * internalError (2), -- Internal error in issuer 1616 * tryLater (3), -- Try again later 1617 * -- (4) is not used 1618 * sigRequired (5), -- Must sign the request 1619 * unauthorized (6) -- Request unauthorized } 1620 * </pre> 1621 * 1622 * @see KJUR.asn1.ocsp.OCSPParser#getResponseBytes 1623 * @see KJUR.asn1.ocsp.OCSPResponse 1624 * 1625 * @example 1626 * o = new KJUR.asn1.ocsp.OCSPParser(); 1627 * o.getOCSPResponse("30..") → 1628 * { resstatus: 0, 1629 * restype: "ocspBasic", 1630 * respid: {key: "12ab"}, 1631 * prodat: "20200903235959Z", 1632 * array: [{ 1633 * certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"}, 1634 * status: {status: "good"}, 1635 * thisupdate: "20200903235959Z" }], 1636 * ext: [{extname: "ocspNonce", hex: "1234abcd"}], 1637 * alg: "SHA256withRSA", 1638 * sighex: "12ab", 1639 * certs: ["3082...", "3082..."] } 1640 */ 1641 this.getOCSPResponse = function(h) { 1642 var a = _getChildIdx(h, 0); 1643 var result; 1644 1645 var hStatusV = _getV(h, a[0]); 1646 var iStatusV = parseInt(hStatusV); 1647 1648 if (a.length == 1) return {resstatus: iStatusV}; 1649 1650 var hResponseBytes = _getTLVbyList(h, 0, [1, 0]); 1651 result = this.getResponseBytes(hResponseBytes); 1652 result.resstatus = iStatusV; 1653 1654 return result; 1655 }; 1656 1657 /** 1658 * parse ASN.1 ResponseBytes of OCSP<br/> 1659 * @name getResponseBytes 1660 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1661 * @function 1662 * @param {String} h hexadecimal string of ResponseBytes 1663 * @return JSON object of ResponseBytes parameter 1664 * @since jsrsasign 10.4.0 asn1ocsp 1.1.5 1665 * 1666 * @description 1667 * This method will parse a hexadecimal string of 1668 * ASN.1 ResponseBytes defined in 1669 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 1670 * <pre> 1671 * ResponseBytes ::= SEQUENCE { 1672 * responseType OBJECT IDENTIFIER, 1673 * response OCTET STRING } 1674 * id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp } 1675 * id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 } 1676 * 1677 * BasicOCSPResponse ::= SEQUENCE { 1678 * tbsResponseData ResponseData, 1679 * signatureAlgorithm AlgorithmIdentifier, 1680 * signature BIT STRING, 1681 * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 1682 * </pre> 1683 * 1684 * @see KJUR.asn1.ocsp.OCSPParser#getOCSPResponse 1685 * @see KJUR.asn1.ocsp.OCSPParser#getBasicOCSPResponse 1686 * @see KJUR.asn1.ocsp.ResponseBytes 1687 * 1688 * @example 1689 * o = new KJUR.asn1.ocsp.OCSPParser(); 1690 * o.getResponseBytes("30..") → 1691 * { restype: "ocspBasic", 1692 * ...<<BasicOCSPResponse properties...>>... 1693 */ 1694 this.getResponseBytes = function(h) { 1695 var a = _getChildIdx(h, 0); 1696 var result; 1697 1698 var hBasicOCSPResponse = _getTLVbyList(h, 0, [1, 0]); 1699 result = this.getBasicOCSPResponse(hBasicOCSPResponse); 1700 1701 var hResTypeV = _getV(h, a[0]); 1702 result.restype = KJUR.asn1.x509.OID.oid2name(hextooid(hResTypeV)); 1703 1704 return result; 1705 }; 1706 1707 /** 1708 * parse ASN.1 BasicOCSPResponse of OCSP<br/> 1709 * @name getBasicOCSPResponse 1710 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1711 * @function 1712 * @param {String} h hexadecimal string of BasicOCSPResponse 1713 * @return JSON object of BasicOCSPResponse parameter 1714 * @since jsrsasign 10.4.0 asn1ocsp 1.1.5 1715 * 1716 * @description 1717 * This method will parse a hexadecimal string of 1718 * BasicOCSPResponse defined in 1719 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 1720 * <pre> 1721 * BasicOCSPResponse ::= SEQUENCE { 1722 * tbsResponseData ResponseData, 1723 * signatureAlgorithm AlgorithmIdentifier, 1724 * signature BIT STRING, 1725 * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 1726 * </pre> 1727 * 1728 * @see KJUR.asn1.ocsp.OCSPParser#getResponseBytes 1729 * @see KJUR.asn1.ocsp.OCSPParser#getResponseData 1730 * @see KJUR.asn1.ocsp.BasicOCSPResponse 1731 * 1732 * @example 1733 * o = new KJUR.asn1.ocsp.OCSPParser(); 1734 * o.getBasicOCSPResponse("30..") → 1735 * { ...<<ResponseData properties...>>... 1736 * sigalg: "SHA256withRSA", 1737 * sighex: "12abcd...", 1738 * certs: [<<PEMorHEXstringOfCert1>>,...] }); 1739 */ 1740 this.getBasicOCSPResponse = function(h) { 1741 var a = _getChildIdx(h, 0); 1742 var result; 1743 1744 result = this.getResponseData(_getTLV(h, a[0])); 1745 1746 var x = new X509(); 1747 result.alg = x.getAlgorithmIdentifierName(_getTLV(h, a[1])); 1748 1749 var hSigHex = _getV(h, a[2]); 1750 result.sighex = hSigHex.substr(2); 1751 1752 var hExt = _getVbyListEx(h, 0, ["[0]"]); 1753 if (hExt != null) { 1754 var aCertIdx = _getChildIdx(hExt, 0); 1755 var aCert = []; 1756 for (var i = 0; i < aCertIdx.length; i++) { 1757 var hCert = _getTLV(hExt, aCertIdx[i]); 1758 aCert.push(hCert); 1759 } 1760 result.certs = aCert; 1761 } 1762 1763 return result; 1764 }; 1765 1766 /** 1767 * parse ASN.1 ResponseData of OCSP<br/> 1768 * @name getResponseData 1769 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1770 * @function 1771 * @param {String} h hexadecimal string of ResponseData 1772 * @return JSON object of ResponseData parameter 1773 * @since jsrsasign 10.4.0 asn1ocsp 1.1.5 1774 * 1775 * @description 1776 * This method will parse a hexadecimal string of 1777 * ASN.1 ResponseData defined in 1778 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 1779 * <pre> 1780 * ResponseData ::= SEQUENCE { 1781 * version [0] EXPLICIT Version DEFAULT v1, 1782 * responderID ResponderID, 1783 * producedAt GeneralizedTime, 1784 * responses SEQUENCE OF SingleResponse, 1785 * responseExtensions [1] EXPLICIT Extensions OPTIONAL } 1786 * </pre> 1787 * 1788 * @see KJUR.asn1.ocsp.OCSPParser#getBasicOCSPResponse 1789 * @see KJUR.asn1.ocsp.OCSPParser#getSingleResponse 1790 * @see KJUR.asn1.ocsp.ResponseData 1791 * 1792 * @example 1793 * o = new KJUR.asn1.ocsp.OCSPParser(); 1794 * o.getResponseData("30..") → 1795 * { respid: {key: "12ab..."}, 1796 * prodat: "20200903235959Z", 1797 * array: [<<SingleResponse parameter1>>, ...], 1798 * ext: [ 1799 * {extname:"ocspNonce",hex:"12ab..."}]} 1800 */ 1801 this.getResponseData = function(h) { 1802 var a = _getChildIdx(h, 0); 1803 var alen = a.length; 1804 var result = {}; 1805 var idx = 0; 1806 1807 // skip to relax interoperability even though explicit DEFAULT 1808 if (h.substr(a[0], 2) == "a0") idx++; 1809 1810 result.respid = this.getResponderID(_getTLV(h, a[idx++])); 1811 1812 var hProdAtV = _getV(h, a[idx++]); 1813 result.prodat = hextoutf8(hProdAtV); 1814 1815 result.array = this.getSingleResponseList(_getTLV(h, a[idx++])); 1816 1817 if (h.substr(a[alen - 1], 2) == "a1") { 1818 var hExt = _getTLVbyList(h, a[alen - 1], [0]); 1819 var x = new X509(); 1820 result.ext = x.getExtParamArray(hExt); 1821 } 1822 1823 return result; 1824 }; 1825 1826 /** 1827 * parse ASN.1 ResponderID of OCSP<br/> 1828 * @name getResponderID 1829 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1830 * @function 1831 * @param {String} h hexadecimal string of ResponderID 1832 * @return JSON object of ResponderID parameter 1833 * @since jsrsasign 10.4.0 asn1ocsp 1.1.5 1834 * @see KJUR.asn1.ocsp.ResponderID 1835 * 1836 * @description 1837 * <pre> 1838 * ResponderID ::= CHOICE { 1839 * byName [1] Name, 1840 * byKey [2] KeyHash } 1841 * KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key 1842 * (excluding the tag and length fields) 1843 * </pre> 1844 * 1845 * @example 1846 * o = new KJUR.asn1.ocsp.OCSPParser(); 1847 * o.getResponderID("a1..") → {name: {array: [[{type:"C",value:"JP",ds:"prn"}]...]}} 1848 * o.getResponderID("a2..") → {key: "12ab..."} 1849 */ 1850 this.getResponderID = function(h) { 1851 var result = {}; 1852 1853 if (h.substr(0, 2) == "a2") { 1854 var hKeyV = _getVbyList(h, 0, [0]); 1855 result.key = hKeyV; 1856 } 1857 if (h.substr(0, 2) == "a1") { 1858 var hName = _getTLVbyList(h, 0, [0]); 1859 var x = new X509(); 1860 result.name = x.getX500Name(hName); 1861 } 1862 1863 return result; 1864 }; 1865 1866 /** 1867 * parse ASN.1 SEQUENCE OF SingleResponse of OCSP<br/> 1868 * @name getSingleResponseList 1869 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1870 * @function 1871 * @param {String} h hexadecimal string of SEQUENCE OF SingleResponse 1872 * @return array of SingleResponse parameter JSON object 1873 * @since jsrsasign 10.4.0 asn1ocsp 1.1.5 1874 * 1875 * @description 1876 * This method will parse a hexadecimal string of 1877 * ASN.1 class of SEQUENCE OF SingleResponse is defined in 1878 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 1879 * <pre> 1880 * ResponseData ::= SEQUENCE { 1881 * version [0] EXPLICIT Version DEFAULT v1, 1882 * responderID ResponderID, 1883 * producedAt GeneralizedTime, 1884 * responses SEQUENCE OF SingleResponse, 1885 * responseExtensions [1] EXPLICIT Extensions OPTIONAL } 1886 * SingleResponse ::= SEQUENCE { 1887 * certID CertID, 1888 * certStatus CertStatus, 1889 * thisUpdate GeneralizedTime, 1890 * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, 1891 * singleExtensions [1] EXPLICIT Extensions OPTIONAL } 1892 * </pre> 1893 * 1894 * @see KJUR.asn1.ocsp.OCSPParse#getResponseData 1895 * @see KJUR.asn1.ocsp.OCSPParse#getSingleResponse 1896 * @see KJUR.asn1.ocsp.OCSPParse#getCertID 1897 * @see KJUR.asn1.ocsp.SingleResponseList 1898 * 1899 * @example 1900 * o = new KJUR.asn1.ocsp.OCSPParser(); 1901 * o.getSingleResponseList("30..") → 1902 * [{ certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"}, 1903 * status: {status: "good"}, 1904 * thisupdate: "20200903235959Z", 1905 * nextupdate: "20200913235959Z", 1906 * ext: [<<Extension parameters>>...] }] 1907 */ 1908 this.getSingleResponseList = function(h) { 1909 var a = _getChildIdx(h, 0); 1910 var result = []; 1911 1912 for (var i = 0; i < a.length; i++) { 1913 var p = this.getSingleResponse(_getTLV(h, a[i])); 1914 result.push(p); 1915 } 1916 return result; 1917 }; 1918 1919 /** 1920 * parse ASN.1 SingleResponse of OCSP<br/> 1921 * @name getSingleResponse 1922 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1923 * @function 1924 * @param {String} h hexadecimal string of SingleResponse 1925 * @return JSON object of SingleResponse parameter 1926 * @since jsrsasign 10.4.0 asn1ocsp 1.1.5 1927 * 1928 * @description 1929 * This method will parse a hexadecimal string of 1930 * ASN.1 class of SingleResponse is defined in 1931 * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.1">RFC 6960 4.2.1</a>. 1932 * <pre> 1933 * SingleResponse ::= SEQUENCE { 1934 * certID CertID, 1935 * certStatus CertStatus, 1936 * thisUpdate GeneralizedTime, 1937 * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, 1938 * singleExtensions [1] EXPLICIT Extensions OPTIONAL } 1939 * </pre> 1940 * 1941 * @see KJUR.asn1.ocsp.OCSPParse#getSingleResponseList 1942 * @see KJUR.asn1.ocsp.OCSPParse#getCertID 1943 * @see KJUR.asn1.ocsp.SingleResponse 1944 * 1945 * @example 1946 * o = new KJUR.asn1.ocsp.OCSPParser(); 1947 * o.getSingleResponse("30..") → 1948 * { certid: {alg:"sha1",issname:"12ab",isskey:"12ab",sbjsn:"12ab"}, 1949 * status: {status: "good"}, 1950 * thisupdate: "20200903235959Z", 1951 * nextupdate: "20200913235959Z", 1952 * ext: [<<Extension parameters>>...] } 1953 */ 1954 this.getSingleResponse = function(h) { 1955 var a = _getChildIdx(h, 0); 1956 var result = {}; 1957 1958 // 1. CertID 1959 var pCertID = this.getCertID(_getTLV(h, a[0])); 1960 result.certid = pCertID; 1961 1962 // 2. CertStatus 1963 var pCertStatus = this.getCertStatus(_getTLV(h, a[1])); 1964 result.status = pCertStatus; 1965 1966 // 3. ThisUpdate(GeneralizedTime) 1967 if (h.substr(a[2], 2) == "18") { 1968 var hThisUpdateV = _getV(h, a[2]); 1969 result.thisupdate = hextoutf8(hThisUpdateV); 1970 } 1971 1972 // 4. OPTIONAL(nextUpdate, singleExtensions) 1973 for (var i = 3; i < a.length; i++) { 1974 if (h.substr(a[i], 2) == "a0") { // nextUpdate 1975 var hNextUpdateV = _getVbyList(h, a[i], [0], "18"); 1976 result.nextupdate = hextoutf8(hNextUpdateV); 1977 } 1978 if (h.substr(a[i], 2) == "a1") { // singleExtensions 1979 var x = new X509(); 1980 var hExt = _getTLVbyList(h, 0, [i, 0]); 1981 result.ext = x.getExtParamArray(hExt); 1982 } 1983 } 1984 1985 return result; 1986 }; 1987 1988 /** 1989 * parse ASN.1 CertStatus of OCSP<br/> 1990 * @name getCertStatus 1991 * @memberOf KJUR.asn1.ocsp.OCSPParser# 1992 * @function 1993 * @param {String} h hexadecimal string of CertStatus 1994 * @return JSON object of CertStatus parameter 1995 * @since jsrsasign 10.4.0 asn1ocsp 1.1.5 1996 * @see KJUR.asn1.ocsp.CertStatus 1997 * 1998 * @description 1999 * <pre> 2000 * CertStatus ::= CHOICE { 2001 * good [0] IMPLICIT NULL, 2002 * revoked [1] IMPLICIT RevokedInfo, 2003 * unknown [2] IMPLICIT UnknownInfo } 2004 * RevokedInfo ::= SEQUENCE { 2005 * revocationTime GeneralizedTime, 2006 * revocationReason [0] EXPLICIT CRLReason OPTIONAL } 2007 * UnknownInfo ::= NULL 2008 * </pre> 2009 * NOTE: Currently revocationReason not supported. 2010 * 2011 * @example 2012 * o = new KJUR.asn1.ocsp.OCSPParser(); 2013 * o.getCertStatus("8000") → {status: "good"} 2014 * o.getCertStatus("8200") → {status: "unknown"} 2015 * o.getCertStatus("a1..") → {status: "revoked", time: "2021...Z"} 2016 */ 2017 this.getCertStatus = function(h) { 2018 var result = {}; 2019 if (h == "8000") return {status: "good"}; 2020 if (h == "8200") return {status: "unknown"}; 2021 if (h.substr(0, 2) == "a1") { 2022 result.status = "revoked"; 2023 var hTime = _getVbyList(h, 0, [0]); 2024 var sTime = hextoutf8(hTime); 2025 result.time = sTime; 2026 } 2027 return result; 2028 }; 2029 }; 2030 2031