1 /* asn1tsp-2.0.9.js (c) 2014-2022 Kenji Urushima | kjur.github.io/jsrsasign/license
  2  */
  3 /*
  4  * asn1tsp.js - ASN.1 DER encoder classes for RFC 3161 Time Stamp Protocol
  5  *
  6  * Copyright (c) 2014-2022 Kenji Urushima (kenji.urushima@gmail.com)
  7  *
  8  * This software is licensed under the terms of the MIT License.
  9  * https://kjur.github.io/jsrsasign/license
 10  *
 11  * The above copyright and license notice shall be 
 12  * included in all copies or substantial portions of the Software.
 13  */
 14 
 15 /**
 16  * @fileOverview
 17  * @name asn1tsp-1.0.js
 18  * @author Kenji Urushima kenji.urushima@gmail.com
 19  * @version jsrsasign 10.5.22 asn1tsp 2.0.9 (2022-May-24)
 20  * @since jsrsasign 4.5.1
 21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
 22  */
 23 
 24 /* 
 25  * kjur's class library name space
 26  * // already documented in asn1-1.0.js
 27  * @name KJUR
 28  * @namespace kjur's class library name space
 29  */
 30 if (typeof KJUR == "undefined" || !KJUR) KJUR = {};
 31 
 32 /*
 33  * kjur's ASN.1 class library name space
 34  * // already documented in asn1-1.0.js
 35  * @name KJUR.asn1
 36  * @namespace
 37  */
 38 if (typeof KJUR.asn1 == "undefined" || !KJUR.asn1) KJUR.asn1 = {};
 39 
 40 /**
 41  * kjur's ASN.1 class for RFC 3161 Time Stamp Protocol
 42  * <p>
 43  * This name space provides 
 44  * <a href="https://tools.ietf.org/html/rfc3161">RFC 3161
 45  * Time-Stamp Protocol(TSP)</a> data generator.
 46  *
 47  * <h4>FEATURES</h4>
 48  * <ul>
 49  * <li>easily generate CMS SignedData</li>
 50  * <li>APIs are very similar to BouncyCastle library ASN.1 classes. So easy to learn.</li>
 51  * </ul>
 52  * 
 53  * <h4>PROVIDED CLASSES</h4>
 54  * <ul>
 55  * </ul>
 56  * NOTE: Please ignore method summary and document of this namespace. This caused by a bug of jsdoc2.
 57  * </p>
 58  * @name KJUR.asn1.tsp
 59  * @namespace
 60  */
 61 if (typeof KJUR.asn1.tsp == "undefined" || !KJUR.asn1.tsp) KJUR.asn1.tsp = {};
 62 
 63 /**
 64  * class for TSP TimeStampToken ASN.1 object<br/>
 65  * @name KJUR.asn1.tsp.TimeStampToken
 66  * @class class for TSP TimeStampToken ASN.1 object
 67  * @param {Array} params JSON object for constructor parameters
 68  * @extends KJUR.asn1.cms.SignedData
 69  * @since jsrsasign 10.0.0 asn1tsp 2.0.0
 70  * @see KJUR.asn1.tsp.TimeStampResp
 71  * @see KJUR.asn1.tsp.TSTInfo
 72  *
 73  * @description
 74  * This is an ASN.1 encoder for TimeStampToken
 75  * ASN.1 structure defined in
 76  * <a href="https://tools.ietf.org/html/rfc3161#section-2.4.2">
 77  * RFC 3161 TSP section 2.4.2</a>.
 78  * <pre>
 79  * TimeStampToken ::= ContentInfo
 80  *   -- contentType is id-signedData ([CMS])
 81  *   -- content is SignedData ([CMS])
 82  * id-ct-TSTInfo  OBJECT IDENTIFIER ::= { iso(1) member-body(2)
 83  * us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 4}
 84  * </pre>
 85  * Constructor argument "params" is similar to
 86  * {@link KJUR.asn1.cms.SignedData} however "econtent"
 87  * value is different as follows:
 88  * <ul>
 89  * <li>econtent.type - shall be "tstinfo"</li>
 90  * <li>econtent.content - shall be {@link KJUR.asn1.tsp.TSTInfo} parameter</li>
 91  * </ul>
 92  *
 93  * @example
 94  * new KJUR.asn1.tsp.TimeStampToken({
 95  *   version: 1,
 96  *   hashalgs: ["sha256"],
 97  *   econtent: {
 98  *     type: "tstinfo",
 99  *     content: {
100  *       policy: '1.2.3.4.5',
101  *       messageImprint: { hashAlg: 'sha1', hashValue: 'a1a2a3a4' },
102  *       serial: {'int': 3},
103  *       genTime: {str: '20131231235959.123Z', millis: true},
104  *       accuracy: { millis: 500 },
105  *       ordering: true,
106  *       nonce: {'int': 3},
107  *     }
108  *   },
109  *   sinfos: [{
110  *     version: 1,
111  *     id: {type:'isssn', cert: sZ4_CERPEM},
112  *     hashalg: "sha256",
113  *     sattrs: {array: [{
114  *       attr: "contentType",
115  *       type: "data"
116  *     },{
117  *       attr: "signingTime",
118  *       str: '131231235959Z'
119  *     },{
120  *       attr: "messageDigest",
121  *       hex: 'ffff'
122  *     }]},
123  *     sigalg: "SHA256withRSA",
124  *     signkey: sZ4_PRVP8PPEM
125  *   }]
126  * })
127  */
128 KJUR.asn1.tsp.TimeStampToken = function(params) {
129     var _KJUR = KJUR,
130 	_KJUR_asn1 = _KJUR.asn1,
131 	_KJUR_asn1_tsp = _KJUR_asn1.tsp;
132 
133     _KJUR_asn1_tsp.TimeStampToken.superclass.constructor.call(this);
134 
135     this.params = null;
136 
137     this.getEncodedHexPrepare = function() {
138 	//alert("getEncodedHexPrepare called...");
139 	var dTSTInfo = new _KJUR_asn1_tsp.TSTInfo(this.params.econtent.content);
140 	this.params.econtent.content.hex = dTSTInfo.tohex();
141     };
142 
143     if (params != undefined) this.setByParam(params);
144 };
145 extendClass(KJUR.asn1.tsp.TimeStampToken, KJUR.asn1.cms.SignedData);
146 
147 /**
148  * class for TSP TSTInfo ASN.1 object
149  * @name KJUR.asn1.tsp.TSTInfo
150  * @class class for TSP TSTInfo ASN.1 object
151  * @param {Array} params JSON object for TSTInfo parameters
152  * @extends KJUR.asn1.ASN1Object
153  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
154  * @see KJUR.asn1.x509.X500Name
155  * @see KJUR.asn1.x509.GeneralName
156  * @description
157  * This class represents TSTInfo ASN.1 structure.
158  * <pre>
159  * TSTInfo ::= SEQUENCE  {
160  *    version         INTEGER  { v1(1) },
161  *    policy          TSAPolicyId,
162  *    messageImprint  MessageImprint,
163  *    serialNumber    INTEGER, -- up to 160bit
164  *    genTime         GeneralizedTime,
165  *    accuracy        Accuracy                 OPTIONAL,
166  *    ordering        BOOLEAN                  DEFAULT FALSE,
167  *    nonce           INTEGER                  OPTIONAL,
168  *    tsa             [0] GeneralName          OPTIONAL,
169  *    extensions      [1] IMPLICIT Extensions  OPTIONAL   }
170  * </pre>
171  * For "params" arguent, following properties are accepted:
172  * <ul>
173  * <li>{Array}tsa - {@link KJUR.asn1.x509.X500Name} parameter for
174  * tsa field even though tsa field is GeneralName.</li>
175  * </ul>
176  * @example
177  * o = new KJUR.asn1.tsp.TSTInfo({
178  *     policy:    '1.2.3.4.5',
179  *     messageImprint: {alg: 'sha256', hash: '1abc...'},
180  *     serial:    {int: 3},
181  *     genTime:   {millis: true},         // OPTION
182  *     accuracy:  {micros: 500},          // OPTION
183  *     ordering:  true,                   // OPITON
184  *     nonce:     {hex: '52fab1...'},     // OPTION
185  *     tsa:       {str: '/C=US/O=TSA1'}   // OPITON
186  * });
187  */
188 KJUR.asn1.tsp.TSTInfo = function(params) {
189     var _Error = Error,
190 	_KJUR = KJUR,
191 	_KJUR_asn1 = _KJUR.asn1,
192 	_DERSequence = _KJUR_asn1.DERSequence,
193 	_DERInteger = _KJUR_asn1.DERInteger,
194 	_DERBoolean = _KJUR_asn1.DERBoolean,
195 	_DERGeneralizedTime = _KJUR_asn1.DERGeneralizedTime,
196 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
197 	_DERTaggedObject = _KJUR_asn1.DERTaggedObject,
198 	_KJUR_asn1_tsp = _KJUR_asn1.tsp,
199 	_MessageImprint = _KJUR_asn1_tsp.MessageImprint,
200 	_Accuracy = _KJUR_asn1_tsp.Accuracy,
201         _X500Name = _KJUR_asn1.x509.X500Name,
202         _GeneralName = _KJUR_asn1.x509.GeneralName;
203 	
204 
205     _KJUR_asn1_tsp.TSTInfo.superclass.constructor.call(this);
206 
207     this.dVersion = new _DERInteger({'int': 1});
208     this.dPolicy = null;
209     this.dMessageImprint = null;
210     this.dSerial = null;
211     this.dGenTime = null;
212     this.dAccuracy = null;
213     this.dOrdering = null;
214     this.dNonce = null;
215     this.dTsa = null;
216 
217     this.tohex = function() {
218         var a = [this.dVersion];
219 
220         if (this.dPolicy == null) throw new Error("policy shall be specified.");
221         a.push(this.dPolicy);
222 
223         if (this.dMessageImprint == null)
224             throw new Error("messageImprint shall be specified.");
225         a.push(this.dMessageImprint);
226 
227         if (this.dSerial == null)
228             throw new Error("serialNumber shall be specified.");
229         a.push(this.dSerial);
230 
231         if (this.dGenTime == null)
232             throw new Error("genTime shall be specified.");
233         a.push(this.dGenTime);
234 
235         if (this.dAccuracy != null) a.push(this.dAccuracy);
236         if (this.dOrdering != null) a.push(this.dOrdering);
237         if (this.dNonce != null) a.push(this.dNonce);
238         if (this.dTsa != null) a.push(this.dTsa);
239 
240         var seq = new _DERSequence({array: a});
241         this.hTLV = seq.tohex();
242         return this.hTLV;
243     };
244     this.getEncodedHex = function() { return this.tohex(); };
245 
246     if (params !== undefined) {
247         if (typeof params.policy == "string") {
248             if (! params.policy.match(/^[0-9.]+$/))
249                 throw "policy shall be oid like 0.1.4.134";
250             this.dPolicy = new _DERObjectIdentifier({oid: params.policy});
251         }
252         if (params.messageImprint !== undefined) {
253             this.dMessageImprint = new _MessageImprint(params.messageImprint);
254         }
255         if (params.serial !== undefined) {
256             this.dSerial = new _DERInteger(params.serial);
257         }
258         if (params.genTime !== undefined) {
259             this.dGenTime = new _DERGeneralizedTime(params.genTime);
260         }
261         if (params.accuracy !== undefined) {
262             this.dAccuracy = new _Accuracy(params.accuracy);
263         }
264         if (params.ordering !== undefined &&
265             params.ordering == true) {
266             this.dOrdering = new _DERBoolean();
267         }
268         if (params.nonce !== undefined) {
269             this.dNonce = new _DERInteger(params.nonce);
270         }
271         if (params.tsa !== undefined) {
272             this.dTsa = new _DERTaggedObject({
273 		tag: "a0",
274 		explicit: true,
275 		obj: new _GeneralName({dn: params.tsa})
276 	    });
277         }
278     }
279 };
280 extendClass(KJUR.asn1.tsp.TSTInfo, KJUR.asn1.ASN1Object);
281 
282 /**
283  * class for TSP Accuracy ASN.1 object
284  * @name KJUR.asn1.tsp.Accuracy
285  * @class class for TSP Accuracy ASN.1 object
286  * @param {Array} params associative array of parameters
287  * @extends KJUR.asn1.ASN1Object
288  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
289  *
290  * @description
291  * This is an ASN.1 encoder for Accuracy
292  * ASN.1 structure defined in
293  * <a href="https://tools.ietf.org/html/rfc3161#section-2.4.2">
294  * RFC 3161 TSP section 2.4.2</a>.
295  * <pre>
296  * Accuracy ::= SEQUENCE {
297  *    seconds        INTEGER              OPTIONAL,
298  *    millis     [0] INTEGER  (1..999)    OPTIONAL,
299  *    micros     [1] INTEGER  (1..999)    OPTIONAL  }
300  * </pre>
301  *
302  * @example
303  * new KJUR.asn1.tsp.Accuracy({
304  *   seconds: 1,   // OPTION
305  *   millis: 500,  // OPTION
306  *   micros: 500   // OPTION
307  * });
308  */
309 KJUR.asn1.tsp.Accuracy = function(params) {
310     var _KJUR = KJUR,
311 	_KJUR_asn1 = _KJUR.asn1,
312 	_newObject = _KJUR_asn1.ASN1Util.newObject;
313 
314     _KJUR_asn1.tsp.Accuracy.superclass.constructor.call(this);
315 
316     this.params = null;
317 
318     this.tohex = function() {
319 	var params = this.params;
320 	var a = [];
321 	if (params.seconds != undefined &&
322 	    typeof params.seconds == "number") {
323 	    a.push({"int": params.seconds});
324 	}
325 	if (params.millis != undefined &&
326 	    typeof params.millis == "number") {
327 	    a.push({tag: {tagi:"80", obj:{"int": params.millis}}});
328 	}
329 	if (params.micros != undefined &&
330 	    typeof params.micros == "number") {
331 	    a.push({tag: {tagi:"81", obj:{"int": params.micros}}});
332 	}
333 	return _newObject({"seq": a}).tohex();
334     };
335     this.getEncodedHex = function() { return this.tohex(); };
336 
337     if (params != undefined) this.setByParam(params);
338 };
339 extendClass(KJUR.asn1.tsp.Accuracy, KJUR.asn1.ASN1Object);
340 
341 /**
342  * class for TSP MessageImprint ASN.1 object
343  * @name KJUR.asn1.tsp.MessageImprint
344  * @class class for TSP MessageImprint ASN.1 object
345  * @param {Array} params associative array of parameters
346  * @extends KJUR.asn1.ASN1Object
347  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
348  *
349  * @description
350  * This is an ASN.1 encoder for Accuracy
351  * ASN.1 structure defined in
352  * <a href="https://tools.ietf.org/html/rfc3161#section-2.4.2">
353  * RFC 3161 TSP section 2.4.2</a>.
354  * <pre>
355  * MessageImprint ::= SEQUENCE  {
356  *      hashAlgorithm                AlgorithmIdentifier,
357  *      hashedMessage                OCTET STRING  }
358  * </pre>
359  *
360  * @example
361  * // OLD
362  * new KJUR.asn1.tsp.MessageImprint({
363  *   hashAlg: 'sha256',
364  *   hashValue: '1f3dea...'
365  * });
366  * // NEW
367  * new KJUR.asn1.tsp.MessageImprint({
368  *   alg: 'sha256',
369  *   hash: '1f3dea...'
370  * });
371  */
372 KJUR.asn1.tsp.MessageImprint = function(params) {
373     var _KJUR = KJUR,
374 	_KJUR_asn1 = _KJUR.asn1,
375 	_DERSequence = _KJUR_asn1.DERSequence,
376 	_DEROctetString = _KJUR_asn1.DEROctetString,
377 	_KJUR_asn1_x509 = _KJUR_asn1.x509,
378 	_AlgorithmIdentifier = _KJUR_asn1_x509.AlgorithmIdentifier;
379 
380     _KJUR_asn1.tsp.MessageImprint.superclass.constructor.call(this);
381 
382     this.params = null;
383 
384     this.tohex = function() {
385 	var params = this.params;
386 	var dAlg = new _AlgorithmIdentifier({name: params.alg});
387 	var dHash = new _DEROctetString({hex: params.hash});
388 	var seq = new _DERSequence({array: [dAlg, dHash]});
389 	return seq.tohex();
390     };
391     this.getEncodedHex = function() { return this.tohex(); };
392 
393     if (params !== undefined) this.setByParam(params);
394 };
395 extendClass(KJUR.asn1.tsp.MessageImprint, KJUR.asn1.ASN1Object);
396 
397 /**
398  * class for TSP TimeStampReq ASN.1 object<br/>
399  * @name KJUR.asn1.tsp.TimeStampReq
400  * @class class for TSP TimeStampReq ASN.1 object
401  * @param {Array} params JSON object of parameters
402  * @extends KJUR.asn1.ASN1Object
403  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
404  * @see KJUR.asn1.tsp.MessageImprint
405  *
406  * @description
407  * <pre>
408  * TimeStampReq ::= SEQUENCE  {
409  *    version          INTEGER  { v1(1) },
410  *    messageImprint   MessageImprint,
411  *    reqPolicy        TSAPolicyId               OPTIONAL,
412  *    nonce            INTEGER                   OPTIONAL,
413  *    certReq          BOOLEAN                   DEFAULT FALSE,
414  *    extensions       [0] IMPLICIT Extensions   OPTIONAL  }
415  * </pre>
416  *
417  * @example
418  * new KJUR.asn1.tsp.TimeStampReq({
419  *   messageImprint: {alg: "sha256", hash: "12ab..."},
420  *   policy: "1.2.3.4.5",
421  *   nonce: {hex: "1a2b..."},
422  *   certreq: true
423  * })
424  */
425 KJUR.asn1.tsp.TimeStampReq = function(params) {
426     var _KJUR = KJUR,
427 	_KJUR_asn1 = _KJUR.asn1,
428 	_DERSequence = _KJUR_asn1.DERSequence,
429 	_DERInteger = _KJUR_asn1.DERInteger,
430 	_DERBoolean = _KJUR_asn1.DERBoolean,
431 	_ASN1Object = _KJUR_asn1.ASN1Object,
432 	_DERObjectIdentifier = _KJUR_asn1.DERObjectIdentifier,
433 	_KJUR_asn1_tsp = _KJUR_asn1.tsp,
434 	_MessageImprint = _KJUR_asn1_tsp.MessageImprint;
435 
436     _KJUR_asn1_tsp.TimeStampReq.superclass.constructor.call(this);
437 
438     this.params = null;
439 
440     this.tohex = function() {
441 	var params = this.params;
442 
443 	var a = [];
444 	a.push(new _DERInteger({'int': 1}));
445 	if (params.messageImprint instanceof KJUR.asn1.ASN1Object) {
446 	    a.push(params.messageImprint);
447 	} else {
448 	    a.push(new _MessageImprint(params.messageImprint));
449 	}
450 	if (params.policy != undefined)
451 	    a.push(new _DERObjectIdentifier(params.policy));
452 	if (params.nonce != undefined)
453 	    a.push(new _DERInteger(params.nonce));
454 	if (params.certreq == true)
455 	    a.push(new _DERBoolean());
456 
457         var seq = new _DERSequence({array: a});
458 	return seq.tohex();
459     };
460     this.getEncodedHex = function() { return this.tohex(); };
461 
462     if (params != undefined) this.setByParam(params);
463 };
464 extendClass(KJUR.asn1.tsp.TimeStampReq, KJUR.asn1.ASN1Object);
465 
466 /**
467  * class for TSP TimeStampResp ASN.1 object<br/>
468  * @name KJUR.asn1.tsp.TimeStampResp
469  * @class class for TSP TimeStampResp ASN.1 object
470  * @param {Array} params associative array of parameters
471  * @extends KJUR.asn1.ASN1Object
472  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
473  * @see KJUR.asn1.tsp.TimeStampToken
474  * @see KJUR.asn1.tsp.PKIStatusInfo
475  *
476  * @description
477  * This is an ASN.1 encoder for TimeStampResp
478  * ASN.1 structure defined in
479  * <a href="https://tools.ietf.org/html/rfc3161#section-2.4.2">
480  * RFC 3161 TSP section 2.4.2</a>.
481  * 
482  * <pre>
483  * TimeStampResp ::= SEQUENCE  {
484  *    status                  PKIStatusInfo,
485  *    timeStampToken          TimeStampToken     OPTIONAL  }
486  *
487  * TimeStampToken ::= ContentInfo
488  *
489  * TSTInfo ::= SEQUENCE  {
490  *    version           INTEGER  { v1(1) },
491  *    policy            TSAPolicyId,
492  *    messageImprint    MessageImprint,
493  *    serialNumber      INTEGER,
494  *    genTime           GeneralizedTime,
495  *    accuracy          Accuracy                 OPTIONAL,
496  *    ordering          BOOLEAN                  DEFAULT FALSE,
497  *    nonce             INTEGER                  OPTIONAL,
498  *    tsa               [0] GeneralName          OPTIONAL,
499  *    extensions        [1] IMPLICIT Extensions  OPTIONAL  }
500  * </pre>
501  *
502  * The constructor argument "params" can be used all of 
503  * {@link KJUR.asn1.tsp.TimeStampToken} object further more
504  * following members can be specified:
505  * <ul>
506  * <li>statusinfo: any {@link KJUR.asn1.tsp.PKIStatusInfo} parameter.
507  * When parameters for TimeStampToken is specified and statusinfo member is omitted, 
508  * status will be "granted" by default. (OPTIONAL)</li>
509  * <li>tst: {@link KJUR.asn1.tsp.TimeStampToken} object instead of TimeStampToken members (OPTIONAL)</li>
510  * </ul>
511  *
512  * @example
513  * // by TimeStampToken parameters (statusinfo will be "granted" by default)
514  * new KJUR.asn1.tsp.TimeStampResp({
515  *   version: 1,
516  *   hashalgs: ["sha256"],
517  *   econtent: {
518  *     type: "tstinfo",
519  *     content: {
520  *       policy: "1.2.3.4.5",
521  *       messageImprint: {alg:"sha256", hash:"12ab..."},
522  *       serial: {"int": 3},
523  *       genTime: {millis: true}, // current time with millis
524  *       accuracy: { millis: 500 }
525  *     }
526  *   }
527  *   certs: [...],
528  *   sinfos: [{
529  *     version: 1,
530  *     id: {type:"isssn", cert: ...},
531  *     hashalg: "sha256",
532  *     sattrs: {array: [{...}]},
533  *     sigalg: "SHA256withRSA",
534  *     signkey: ...
535  *   }]
536  * })
537  * // by TimeStampToken object
538  * new KJUR.asn1.tsp.TimeStampResp({
539  *   tst: new KJUR.asn1.tsp.TimeStapToken(...)
540  * })
541  * // error case
542  * new KJUR.asn1.tsp.TimeStampResp({statusinfo: "rejection"}})
543  * new KJUR.asn1.tsp.TimeStampResp({
544  *    statusinfo: {
545  *      status: "rejection",
546  *      statusstr: ["policy shall be 1.2.3.4.5"],
547  *      failinfo: "unacceptedPolicy"
548  *    }
549  * })
550  * // finally, encode to hexadecimal string
551  * new KJUR.asn1.tsp.TimeStampResp(...).tohex() → "3082..."
552  */
553 KJUR.asn1.tsp.TimeStampResp = function(params) {
554     var _KJUR = KJUR,
555 	_KJUR_asn1 = _KJUR.asn1,
556 	_DERSequence = _KJUR_asn1.DERSequence,
557 	_ASN1Object = _KJUR_asn1.ASN1Object,
558 	_KJUR_asn1_tsp = _KJUR_asn1.tsp,
559 	_PKIStatusInfo = _KJUR_asn1_tsp.PKIStatusInfo;
560 
561     _KJUR_asn1_tsp.TimeStampResp.superclass.constructor.call(this);
562 
563     this.params = null;
564 
565     this.tohex = function() {
566 	var params = this.params;
567 
568 	var a = [];
569 
570 	if (params.econtent != undefined || params.tst != undefined) {
571 	    // statusInfo
572 	    if (params.statusinfo != undefined) {
573 		a.push(new _PKIStatusInfo(params.statusinfo));
574 	    } else {
575 		a.push(new _PKIStatusInfo("granted"));
576 	    }
577 	    
578 	    // TimeStampToken
579 	    if (params.econtent != undefined) {
580 		a.push((new _KJUR_asn1_tsp.TimeStampToken(params)).getContentInfo());
581 	    } else if (params.tst instanceof _KJUR_asn1.ASN1Object) {
582 		a.push(params.tst);
583 	    } else {
584 		throw new Error("improper member tst value");
585 	    }
586 	} else if (params.statusinfo != undefined) {
587 	    a.push(new _PKIStatusInfo(params.statusinfo));
588 	} else {
589 	    throw new Error("parameter for token nor statusinfo not specified");
590 	}
591 	    
592 	var seq = new _DERSequence({array: a});
593 	return seq.tohex();
594     };
595     this.getEncodedHex = function() { return this.tohex(); };
596 
597     if (params != undefined) this.setByParam(params);
598 };
599 extendClass(KJUR.asn1.tsp.TimeStampResp, KJUR.asn1.ASN1Object);
600 
601 // --- BEGIN OF RFC 2510 CMP -----------------------------------------------
602 
603 /**
604  * class for TSP PKIStatusInfo ASN.1 object
605  * @name KJUR.asn1.tsp.PKIStatusInfo
606  * @class class for TSP PKIStatusInfo ASN.1 object
607  * @param {Array} params associative array of parameters
608  * @extends KJUR.asn1.ASN1Object
609  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
610  * @see KJUR.asn1.tsp.PKIStatus
611  * @see KJUR.asn1.tsp.PKIFreeText
612  * @see KJUR.asn1.tsp.PKIFailureInfo
613  * @see KJUR.asn1.tsp.TSPParser#getPKIStatusInfo
614  *
615  * @description
616  * This class provides ASN.1 PKIStatusInfo encoder
617  * defined in 
618  * <a href="https://tools.ietf.org/html/rfc3161#section-2.4.2">
619  * RFC 3161 section 2.4.2</a>.
620  * <pre>
621  * PKIStatusInfo ::= SEQUENCE {
622  *    status                  PKIStatus,
623  *    statusString            PKIFreeText     OPTIONAL,
624  *    failInfo                PKIFailureInfo  OPTIONAL  }
625  * </pre>
626  *
627  * @example
628  * new KJUR.asn1.tsp.PKIStatusInfo("granted")
629  * new KJUR.asn1.tsp.PKIStatusInfo({status: "granted"})
630  * new KJUR.asn1.tsp.PKIStatusInfo({
631  *   status: 2, // rejection
632  *   statusstr: ["unsupported algorithm"], // OPTION
633  *   failinfo: 'badAlg' // OPTION
634  * })
635  */
636 KJUR.asn1.tsp.PKIStatusInfo = function(params) {
637     var _Error = Error,
638 	_KJUR = KJUR,
639 	_KJUR_asn1 = _KJUR.asn1,
640 	_DERSequence = _KJUR_asn1.DERSequence,
641 	_KJUR_asn1_tsp = _KJUR_asn1.tsp,
642 	_PKIStatus = _KJUR_asn1_tsp.PKIStatus,
643 	_PKIFreeText = _KJUR_asn1_tsp.PKIFreeText,
644 	_PKIFailureInfo = _KJUR_asn1_tsp.PKIFailureInfo;
645 
646     _KJUR_asn1_tsp.PKIStatusInfo.superclass.constructor.call(this);
647 
648     this.params = null;
649 
650     this.tohex = function() {
651 	var params = this.params;
652 
653 	var a = [];
654 	if (typeof params == "string") {
655 	    a.push(new _PKIStatus(params));
656 	} else {
657 	    if (params.status == undefined)
658 		throw new _Error("property 'status' unspecified");
659 
660 	    a.push(new _PKIStatus(params.status));
661 
662 	    if (params.statusstr != undefined)
663 		a.push(new _PKIFreeText(params.statusstr));
664 
665 	    if (params.failinfo != undefined)
666 		a.push(new _PKIFailureInfo(params.failinfo));
667 	}
668 
669 	var seq = new _DERSequence({array: a});
670 	return seq.tohex();
671     };
672     this.getEncodedHex = function() { return this.tohex(); };
673 
674     if (params != undefined) this.setByParam(params);
675 };
676 extendClass(KJUR.asn1.tsp.PKIStatusInfo, KJUR.asn1.ASN1Object);
677 
678 /**
679  * class for TSP PKIStatus ASN.1 object
680  * @name KJUR.asn1.tsp.PKIStatus
681  * @class class for TSP PKIStatus ASN.1 object
682  * @param {Array} params associative array of parameters
683  * @extends KJUR.asn1.ASN1Object
684  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
685  * @description
686  * <pre>
687  * PKIStatus ::= INTEGER {
688  *    granted                (0),
689  *    grantedWithMods        (1),
690  *    rejection              (2),
691  *    waiting                (3),
692  *    revocationWarning      (4),
693  *    revocationNotification (5) }
694  * </pre>
695  *
696  * @example
697  * new KJUR.asn1.tsp.PKIStatus('granted')
698  * new KJUR.asn1.tsp.PKIStatus(2)
699  */
700 KJUR.asn1.tsp.PKIStatus = function(params) {
701     var _Error = Error,
702 	_KJUR = KJUR,
703 	_KJUR_asn1 = _KJUR.asn1,
704 	_DERInteger = _KJUR_asn1.DERInteger,
705 	_KJUR_asn1_tsp = _KJUR_asn1.tsp;
706 
707     _KJUR_asn1_tsp.PKIStatus.superclass.constructor.call(this);
708 
709     var _nameValue = {
710 	granted:                0,
711 	grantedWithMods:        1,
712 	rejection:              2,
713 	waiting:                3,
714 	revocationWarning:      4,
715 	revocationNotification: 5
716     };
717 
718     this.params = null;
719 
720     this.tohex = function() {
721 	var params = this.params;
722 
723 	var dObj, value;
724 
725 	if (typeof params == "string") {
726 	    try {
727 		value = _nameValue[params];
728 	    } catch (ex) {
729 		throw new _Error("undefined name: " + params);
730 		}
731 	} else if (typeof params == "number") {
732 	    value = params;
733 	} else {
734 	    throw new _Error("unsupported params");
735 	}
736 
737 	return (new _DERInteger({"int": value})).tohex();
738     };
739     this.getEncodedHex = function() { return this.tohex(); };
740 
741     if (params != undefined) this.setByParam(params);
742 };
743 extendClass(KJUR.asn1.tsp.PKIStatus, KJUR.asn1.ASN1Object);
744 
745 /**
746  * class for TSP PKIFreeText ASN.1 object
747  * @name KJUR.asn1.tsp.PKIFreeText
748  * @class class for TSP PKIFreeText ASN.1 object
749  * @param {Array} params associative array of parameters
750  * @extends KJUR.asn1.ASN1Object
751  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
752  * @description
753  * This class provides ASN.1 encoder for PKIFreeText
754  * defined in <a href="https://tools.ietf.org/html/rfc4210#section-5.1.1">
755  * RFC 4210 CMP section 5.1.1</a>.
756  * <pre>
757  * PKIFreeText ::= SEQUENCE { SIZE (1..MAX) OF UTF8String }
758  * </pre>
759  * 
760  * @example
761  * new KJUR.asn1.tsp.PKIFreeText([
762  *   "aaa", "bbb", "ccc"
763  * ])
764  */
765 KJUR.asn1.tsp.PKIFreeText = function(params) {
766     var _Error = Error,
767 	_KJUR = KJUR,
768 	_KJUR_asn1 = _KJUR.asn1,
769 	_DERSequence = _KJUR_asn1.DERSequence,
770 	_DERUTF8String = _KJUR_asn1.DERUTF8String,
771 	_KJUR_asn1_tsp = _KJUR_asn1.tsp;
772 
773     _KJUR_asn1_tsp.PKIFreeText.superclass.constructor.call(this);
774 
775     this.params = null;
776 
777     this.tohex = function() {
778 	var params = this.params;
779 
780 	if (! params instanceof Array)
781 	    throw new _Error("wrong params: not array");
782 
783 	var a = [];
784 	for (var i = 0; i < params.length; i++) {
785 	    a.push(new _DERUTF8String({str: params[i]}));
786 	};
787 	
788 	var seq = new _DERSequence({array: a});
789 	return seq.tohex();
790     };
791     this.getEncodedHex = function() { return this.tohex(); };
792 
793     if (params != undefined) this.setByParam(params);
794 };
795 extendClass(KJUR.asn1.tsp.PKIFreeText, KJUR.asn1.ASN1Object);
796 
797 /**
798  * class for TSP PKIFailureInfo ASN.1 object<br/>
799  * @name KJUR.asn1.tsp.PKIFailureInfo
800  * @class class for TSP PKIFailureInfo ASN.1 object
801  * @param {Array} params associative array of parameters
802  * @extends KJUR.asn1.ASN1Object
803  * @since jsrsasign 4.6.0 asn1tsp 1.0.0
804  * @see KJUR.asn1.tsp.PKIStatusInfo
805  *
806  * @description
807  * This class provides ASN.1 PKIFailureInfo encoder
808  * defined in 
809  * <a href="https://tools.ietf.org/html/rfc3161#section-2.4.2">
810  * RFC 3161 section 2.4.2</a>.
811  * <pre>
812  * PKIFailureInfo ::= BIT STRING {
813  *    badAlg                 (0),
814  *    badRequest             (2),
815  *    badDataFormat          (5),
816  *    timeNotAvailable       (14),
817  *    unacceptedPolicy       (15),
818  *    unacceptedExtension    (16),
819  *    addInfoNotAvailable    (17),
820  *    systemFailure          (25) }
821  * </pre>
822  * NOTE: Constructor of an array of failureInfo names string
823  * has been supported since jsrsasign 10.5.21.
824  * Ordering of names will be ignored so that
825  * ['unacceptedPolicy', 'badAlg'] is also fine.
826  * 
827  * @example
828  * new KJUR.asn1.tsp.PKIFailureInfo('badAlg')
829  * new KJUR.asn1.tsp.PKIFailureInfo(5)
830  * new KJUR.asn1.tsp.PKIFailureInfo(['badAlg', 'unacceptedPolicy'])
831  */
832 KJUR.asn1.tsp.PKIFailureInfo = function(params) {
833     var _Error = Error,
834 	_KJUR = KJUR,
835 	_KJUR_asn1 = _KJUR.asn1,
836 	_DERBitString = _KJUR_asn1.DERBitString,
837 	_KJUR_asn1_tsp = _KJUR_asn1.tsp,
838 	_PKIFailureInfo = _KJUR_asn1_tsp.PKIFailureInfo;
839 
840     var _nameValue = {
841 	badAlg:                 0,
842 	badRequest:             2,
843 	badDataFormat:          5,
844 	timeNotAvailable:       14,
845 	unacceptedPolicy:       15,
846 	unacceptedExtension:    16,
847 	addInfoNotAvailable:    17,
848 	systemFailure:          25
849     };
850 
851     _PKIFailureInfo.superclass.constructor.call(this);
852 
853     this.params = null;
854 
855     this.getBinValue = function() {
856 	var params = this.params;
857 
858 	var d = 0;
859 
860 	if (typeof params == "number" && 
861 	    0 <= params && params <= 25) {
862 	    d |= 1 << params;
863 	    var s = d.toString(2);
864 	    var r = "";
865 	    for (var i = s.length - 1; i >= 0; i--) r += s[i];
866 	    return r;
867 	} else if (typeof params == "string" &&
868 		   _nameValue[params] != undefined) {
869 	    return namearraytobinstr([params], _nameValue);
870 	} else if (typeof params == "object" &&
871 		   params.length != undefined) {
872 	    return namearraytobinstr(params, _nameValue);
873 	} else {
874 	    throw new _Error("wrong params");
875 	}
876 
877 	return 
878     };
879 
880     this.tohex = function() {
881 	var params = this.params;
882 
883 	var binValue = this.getBinValue();
884 	return (new _DERBitString({"bin": binValue})).tohex();
885     };
886     this.getEncodedHex = function() { return this.tohex(); };
887 
888     if (params != undefined) this.setByParam(params);
889 };
890 extendClass(KJUR.asn1.tsp.PKIFailureInfo, KJUR.asn1.ASN1Object);
891 
892 // --- END OF RFC 2510 CMP -------------------------------------------
893 
894 /**
895  * abstract class for TimeStampToken generator (DEPRECATED)<br/>
896  * @name KJUR.asn1.tsp.AbstractTSAAdapter
897  * @class abstract class for TimeStampToken generator
898  * @param {Array} params associative array of parameters
899  * @since jsrsasign 4.7.0 asn1tsp 1.0.1
900  * @deprecated since jsrsasign 10.0.0 asn1tsp 2.0.0
901  *
902  * @description
903  * This is abstract class for TimeStampToken generator.
904  */
905 KJUR.asn1.tsp.AbstractTSAAdapter = function(params) {
906     this.getTSTHex = function(msgHex, hashAlg) {
907         throw "not implemented yet";
908     };
909 };
910 
911 /**
912  * class for simple TimeStampToken generator (DEPRECATED)<br/>
913  * @name KJUR.asn1.tsp.SimpleTSAAdapter
914  * @class class for simple TimeStampToken generator
915  * @extends KJUR.asn1.tsp.AbstractTSAAdapter
916  * @param {Array} params associative array of parameters
917  * @since jsrsasign 4.7.0 asn1tsp 1.0.1
918  * @deprecated since jsrsasign 10.0.0 asn1tsp 2.0.0
919  *
920  * @description
921  * This is a simple TimeStampToken generator class.
922  */
923 KJUR.asn1.tsp.SimpleTSAAdapter = function(params) {
924     var _KJUR = KJUR,
925 	_KJUR_asn1 = _KJUR.asn1,
926 	_KJUR_asn1_tsp = _KJUR_asn1.tsp,
927 	_hashHex = _KJUR.crypto.Util.hashHex;
928 
929     _KJUR_asn1_tsp.SimpleTSAAdapter.superclass.constructor.call(this);
930     this.params = null;
931     this.serial = 0;
932 
933     this.getTSTHex = function(msgHex, hashAlg) {
934         // messageImprint
935         var hashHex = _hashHex(msgHex, hashAlg);
936         this.params.econtent.content.messageImprint =
937             {alg: hashAlg, hash: hashHex};
938 
939         // serial
940         this.params.econtent.content.serial =
941 	    {'int': this.serial++};
942 
943         // nonce
944         var nonceValue = Math.floor(Math.random() * 1000000000);
945         this.params.econtent.content.nonce =
946 	    {'int': nonceValue};
947 
948         var obj = 
949             new _KJUR_asn1_tsp.TimeStampToken(this.params);
950         return obj.getContentInfoEncodedHex();
951     };
952 
953     if (params !== undefined) this.params = params;
954 };
955 extendClass(KJUR.asn1.tsp.SimpleTSAAdapter,
956             KJUR.asn1.tsp.AbstractTSAAdapter);
957 
958 /**
959  * class for fixed TimeStampToken generator (DEPRECATED)<br/>
960  * @name KJUR.asn1.tsp.FixedTSAAdapter
961  * @class class for fixed TimeStampToken generator
962  * @extends KJUR.asn1.tsp.AbstractTSAAdapter
963  * @param {Array} params associative array of parameters
964  * @since jsrsasign 4.7.0 asn1tsp 1.0.1
965  * @deprecated since jsrsasign 10.0.0 asn1tsp 2.0.0
966  *
967  * @description
968  * This class generates fixed TimeStampToken except messageImprint
969  * for testing purpose.
970  * General TSA generates TimeStampToken which varies following
971  * fields:
972  * <ul>
973  * <li>genTime</li>
974  * <li>serialNumber</li>
975  * <li>nonce</li>
976  * </ul>
977  * Those values are provided by initial parameters.
978  */
979 KJUR.asn1.tsp.FixedTSAAdapter = function(params) {
980     var _KJUR = KJUR,
981 	_KJUR_asn1 = _KJUR.asn1,
982 	_KJUR_asn1_tsp = _KJUR_asn1.tsp,
983 	_hashHex = _KJUR.crypto.Util.hashHex;
984 
985     _KJUR_asn1_tsp.FixedTSAAdapter.superclass.constructor.call(this);
986     this.params = null;
987 
988     this.getTSTHex = function(msgHex, hashAlg) {
989         // fixed serialNumber
990         // fixed nonce        
991         var hashHex = _hashHex(msgHex, hashAlg);
992         this.params.econtent.content.messageImprint =
993             {alg: hashAlg, hash: hashHex};
994         var obj = new _KJUR_asn1_tsp.TimeStampToken(this.params);
995         return obj.getContentInfoEncodedHex();
996     };
997 
998     if (params !== undefined) this.params = params;
999 };
1000 extendClass(KJUR.asn1.tsp.FixedTSAAdapter,
1001             KJUR.asn1.tsp.AbstractTSAAdapter);
1002 
1003 // --- TSP utilities -------------------------------------------------
1004 
1005 /**
1006  * TSP utiliteis class
1007  * @name KJUR.asn1.tsp.TSPUtil
1008  * @class TSP utilities class
1009  */
1010 KJUR.asn1.tsp.TSPUtil = new function() {
1011 };
1012 /**
1013  * generate TimeStampToken ASN.1 object specified by JSON parameters (DEPRECATED)<br/>
1014  * @name newTimeStampToken
1015  * @memberOf KJUR.asn1.tsp.TSPUtil
1016  * @function
1017  * @param {Array} param JSON parameter to generate TimeStampToken
1018  * @return {KJUR.asn1.cms.SignedData} object just generated
1019  * @deprecated since jsrsasign 10.0.0 asn1tsp 2.0.0. Please use TimeStampToken class
1020  * @see KJUR.asn1.tsp.TimeStampToken
1021  *
1022  * @description
1023  * @example
1024  */
1025 KJUR.asn1.tsp.TSPUtil.newTimeStampToken = function(params) {
1026     return new KJUR.asn1.tsp.TimeStampToken(params);
1027 };
1028 
1029 /**
1030  * parse hexadecimal string of TimeStampReq
1031  * @name parseTimeStampReq
1032  * @memberOf KJUR.asn1.tsp.TSPUtil
1033  * @function
1034  * @param {String} hexadecimal string of TimeStampReq
1035  * @return {Array} JSON object of parsed parameters
1036  * @see KJUR.asn1.tsp.TSPParser#getTimeStampReq
1037  * @deprecated since jsrsasign 10.5.18 asn1tsp 2.0.6. Please use TSPParser.getTimeStampReq instead.
1038  *
1039  * @description
1040  * This method parses a hexadecimal string of TimeStampReq
1041  * and returns parsed their fields:
1042  *
1043  * @example
1044  * var json = KJUR.asn1.tsp.TSPUtil.parseTimeStampReq("302602...");
1045  * // resulted DUMP of above 'json':
1046  * {
1047  *  messageImprint: {
1048  *       alg: 'sha256',          // MessageImprint hashAlg
1049  *       hash: 'a1a2a3a4...'},   // MessageImprint hashValue
1050  *  policy: '1.2.3.4.5',             // tsaPolicy (OPTION)
1051  *  nonce: '9abcf318...',            // nonce (OPTION)
1052  *  certreq: true}                   // certReq (OPTION)
1053  */
1054 KJUR.asn1.tsp.TSPUtil.parseTimeStampReq = function(reqHex) {
1055     var parser = new KJUR.asn1.tsp.TSPParser();
1056     return parser.getTimeStampReq(reqHex);
1057 };
1058 
1059 /**
1060  * parse hexadecimal string of MessageImprint
1061  * @name parseMessageImprint
1062  * @memberOf KJUR.asn1.tsp.TSPUtil
1063  * @function
1064  * @param {String} hexadecimal string of MessageImprint
1065  * @return {Array} JSON object of parsed parameters
1066  * @see KJUR.asn1.tsp.TSPParser#getMessageImprint
1067  * @deprecated since jsrsasign 10.5.18 asn1tsp 2.0.6. Please use TSPParser.getMessageImprint instead.
1068  *
1069  * @description
1070  * This method parses a hexadecimal string of MessageImprint
1071  * and returns parsed their fields:
1072  *
1073  * @example
1074  * KJUR.asn1.tsp.TSPUtil.parseMessageImprint("302602...") →
1075  * { alg:  'sha256', hash: 'a1a2a3a4...'}
1076  */
1077 KJUR.asn1.tsp.TSPUtil.parseMessageImprint = function(miHex) {
1078     var parser = new KJUR.asn1.tsp.TSPParser();
1079     return parser.getMessageImprint(miHex);
1080 /*
1081     var _ASN1HEX = ASN1HEX;
1082     var _getChildIdx = _ASN1HEX.getChildIdx;
1083     var _getV = _ASN1HEX.getV;
1084     var _getIdxbyList = _ASN1HEX.getIdxbyList;
1085     var json = {};
1086 
1087     if (miHex.substr(0, 2) != "30")
1088         throw "head of messageImprint hex shall be '30'";
1089 
1090     var idxList = _getChildIdx(miHex, 0);
1091     var hashAlgOidIdx = _getIdxbyList(miHex, 0, [0, 0]);
1092     var hashAlgHex = _getV(miHex, hashAlgOidIdx);
1093     var hashAlgOid = _ASN1HEX.hextooidstr(hashAlgHex);
1094     var hashAlgName = KJUR.asn1.x509.OID.oid2name(hashAlgOid);
1095     if (hashAlgName == '')
1096         throw "hashAlg name undefined: " + hashAlgOid;
1097     var hashAlg = hashAlgName;
1098     var hashValueIdx = _getIdxbyList(miHex, 0, [1]);
1099 
1100     json.alg = hashAlg;
1101     json.hash = _getV(miHex, hashValueIdx); 
1102 
1103     return json;
1104 */
1105 };
1106 
1107 /**
1108  * class for parsing RFC 3161 TimeStamp protocol data<br/>
1109  * @name KJUR.asn1.tsp.TSPParser
1110  * @class RFC 3161 TimeStamp protocol parser class
1111  * @since jsrsasign 10.1.0 asn1tsp 2.0.1
1112  *
1113  * @description
1114  * This is an ASN.1 parser for 
1115  * <a href="https://tools.ietf.org/html/rfc3161">RFC 3161</a>.
1116  */
1117 KJUR.asn1.tsp.TSPParser = function() {
1118     var _Error = Error,
1119 	_X509 = X509,
1120 	_x509obj = new _X509(),
1121 	_ASN1HEX = ASN1HEX,
1122 	_getV = _ASN1HEX.getV,
1123 	_getTLV = _ASN1HEX.getTLV,
1124 	_getIdxbyList = _ASN1HEX.getIdxbyList,
1125 	_getTLVbyListEx = _ASN1HEX.getTLVbyListEx,
1126 	_getChildIdx = _ASN1HEX.getChildIdx;
1127     var _aSTATUSSTR = [
1128 	"granted", "grantedWithMods", "rejection", "waiting",
1129 	"revocationWarning", "revocationNotification" ];
1130     var _pFAILUREINFO = {
1131 	0: "badAlg", 2: "badRequest", 5: "badDataFormat",
1132 	14: "timeNotAvailable", 15: "unacceptedPolicy",
1133 	16: "unacceptedExtension", 17: "addInfoNotAvailable",
1134 	25: "systemFailure"
1135     };
1136     
1137     /**
1138      * parse ASN.1 TimeStampResp<br/>
1139      * @name getResponse
1140      * @memberOf KJUR.asn1.tsp.TSPParser#
1141      * @function
1142      * @param {String} h hexadecimal string of ASN.1 TimeStampResp
1143      * @return {Array} JSON object of TimeStampResp parameter
1144      * @see KJUR.asn1.tsp.TimeStampResp
1145      * @see KJUR.asn1.tsp.TimeStampToken
1146      * @see KJUR.asn1.cms.CMSParser#getCMSSignedData
1147      *
1148      * @description
1149      * This method parses ASN.1 TimeStampRsp defined in RFC 3161.
1150      * <pre>
1151      * TimeStampResp ::= SEQUENCE {
1152      *   status          PKIStatusInfo,
1153      *   timeStampToken  TimeStampToken  OPTIONAL }
1154      * </pre>
1155      * When "h" is a TSP error response,
1156      * returned parameter contains "statusinfo" only.
1157      *
1158      * @example
1159      * parser = new KJUR.asn1.tsp.TSPParser();
1160      * parser.getResponse("30...") →
1161      * { 
1162      *   statusinfo: 'granted',
1163      *   ... // almost the same as CMS SignedData parameters
1164      *   econtent: {
1165      *     type: "tstinfo",
1166      *     content: { // TSTInfo parameter
1167      *       policy: '1.2.3.4.5',
1168      *       messageImprint: {alg: 'sha256', hash: 'a1a2a3a4...'},
1169      *       serial: {'int': 3},
1170      *       genTime: {str: '20131231235959.123Z'},
1171      *       accuracy: {millis: 500},
1172      *       ordering: true,
1173      *       nonce: {int: 3}
1174      *     }
1175      *   },
1176      *   ...
1177      * }
1178      */
1179     this.getResponse = function(h) {
1180 	var aIdx = _getChildIdx(h, 0);
1181 	
1182 	if (aIdx.length == 1) {
1183 	    return this.getPKIStatusInfo(_getTLV(h, aIdx[0]));
1184 	} else if (aIdx.length > 1) {
1185 	    var pPKIStatusInfo = this.getPKIStatusInfo(_getTLV(h, aIdx[0]));
1186 	    var hTST = _getTLV(h, aIdx[1]);
1187 	    var pResult = this.getToken(hTST);
1188 	    pResult.statusinfo = pPKIStatusInfo;
1189 	    return pResult;
1190 	}
1191     };
1192 
1193     /**
1194      * parse ASN.1 TimeStampToken<br/>
1195      * @name getToken
1196      * @memberOf KJUR.asn1.tsp.TSPParser#
1197      * @function
1198      * @param {String} h hexadecimal string of ASN.1 TimeStampToken
1199      * @return {Array} JSON object of TimeStampToken parameter
1200      * @see KJUR.asn1.tsp.TimeStampToken
1201      * @see KJUR.asn1.cms.CMSParser#getCMSSignedData
1202      * @see KJUR.asn1.tsp.TSPParser#setTSTInfo
1203      *
1204      * @description
1205      * This method parses ASN.1 TimeStampRsp defined in RFC 3161.
1206      * This method will parse "h" as CMS SigneData by
1207      * {@link KJUR.asn1.cms.CMSParser#getCMSSignedData}, then
1208      * parse and modify "econtent.content" parameter by
1209      * {@link KJUR.asn1.tsp.TSPParser#setTSTInfo} method.
1210      *
1211      * @example
1212      * parser = new KJUR.asn1.tsp.TSPParser();
1213      * parser.getToken("30...") →
1214      * { 
1215      *   ... // almost the same as CMS SignedData parameters
1216      *   econtent: {
1217      *     type: "tstinfo",
1218      *     content: { // TSTInfo parameter
1219      *       policy: '1.2.3.4.5',
1220      *       messageImprint: {alg: 'sha256', hash: 'a1a2a3a4...'},
1221      *       serial: {'int': 3},
1222      *       genTime: {str: '20131231235959.123Z'},
1223      *       accuracy: {millis: 500},
1224      *       ordering: true,
1225      *       nonce: {int: 3}
1226      *     }
1227      *   },
1228      *   ...
1229      * }
1230      */
1231     this.getToken = function(h) {
1232 	var _CMSParser = new KJUR.asn1.cms.CMSParser;
1233 	var p = _CMSParser.getCMSSignedData(h);
1234 	this.setTSTInfo(p);
1235 	return p;
1236     };
1237 
1238     /**
1239      * set ASN.1 TSTInfo parameter to CMS SignedData parameter<br/>
1240      * @name setTSTInfo
1241      * @memberOf KJUR.asn1.tsp.TSPParser#
1242      * @function
1243      * @param {Array} pCMSSignedData JSON object of CMS SignedData parameter
1244      * @see KJUR.asn1.tsp.TimeStampToken
1245      * @see KJUR.asn1.cms.CMSParser#getCMSSignedData
1246      *
1247      * @description
1248      * This method modifies "econtent.content" of CMS SignedData parameter
1249      * to parsed TSTInfo.
1250      * <pre>
1251      *
1252      * @example
1253      * parser = new KJUR.asn1.tsp.TSPParser();
1254      * pCMSSignedData = { 
1255      *   ... // almost the same as CMS SignedData parameters
1256      *   econtent: {
1257      *     type: "tstinfo",
1258      *     content: { hex: "30..." }
1259      *   },
1260      *   ...
1261      * };
1262      * parser.setTSTInfo(pCMSSignedData);
1263      * pCMSSignedData → { 
1264      *   ... // almost the same as CMS SignedData parameters
1265      *   econtent: {
1266      *     type: "tstinfo",
1267      *     content: { // TSTInfo parameter
1268      *       policy: '1.2.3.4.5',
1269      *       messageImprint: {alg: 'sha256', hash: 'a1a2a3a4...'},
1270      *       serial: {int: 3},
1271      *       genTime: {str: '20131231235959.123Z'},
1272      *       accuracy: {millis: 500},
1273      *       ordering: true,
1274      *       nonce: {int: 3}
1275      *     }
1276      *   },
1277      *   ...
1278      * };
1279      */
1280     this.setTSTInfo = function(pCMSSignedData) {
1281 	var pEContent = pCMSSignedData.econtent;
1282 	if (pEContent.type == "tstinfo") {
1283 	    var hContent = pEContent.content.hex;
1284 	    var pTSTInfo = this.getTSTInfo(hContent);
1285 	    //pTSTInfo.hex_ = hContent;
1286 	    pEContent.content = pTSTInfo;
1287 	}
1288     };
1289 
1290     /**
1291      * parse ASN.1 TSTInfo<br/>
1292      * @name getTSTInfo
1293      * @memberOf KJUR.asn1.tsp.TSPParser#
1294      * @function
1295      * @param {String} h hexadecimal string of ASN.1 TSTInfo
1296      * @return {Array} JSON object of TSTInfo parameter
1297      * @see KJUR.asn1.tsp.TSTInfo
1298      *
1299      * @description
1300      * This method parses ASN.1 TSTInfo defined in RFC 3161.
1301      * <pre>
1302      * TSTInfo ::= SEQUENCE  {
1303      *    version          INTEGER  { v1(1) },
1304      *    policy           TSAPolicyId,
1305      *    messageImprint   MessageImprint,
1306      *    serialNumber     INTEGER,
1307      *    genTime          GeneralizedTime,
1308      *    accuracy         Accuracy                 OPTIONAL,
1309      *    ordering         BOOLEAN             DEFAULT FALSE,
1310      *    nonce            INTEGER                  OPTIONAL,
1311      *    tsa              [0] GeneralName          OPTIONAL,
1312      *    extensions       [1] IMPLICIT Extensions  OPTIONAL }
1313      * </pre>
1314      *
1315      * @example
1316      * parser = new KJUR.asn1.tsp.TSPParser();
1317      * parser.getTSTInfo("30...") →
1318      * {
1319      *   policy: '1.2.3.4.5',
1320      *   messageImprint: {alg: 'sha256', hash: 'a1a2a3a4...'},
1321      *   serial: {'int': 3},
1322      *   genTime: {str: '20131231235959.123Z'},
1323      *   accuracy: {millis: 500},
1324      *   ordering: true,
1325      *   nonce: {int: 3}
1326      * }
1327      */
1328     this.getTSTInfo = function(h) {
1329 	var pResult = {};
1330 	var aIdx = _getChildIdx(h, 0);
1331 
1332 	var hPolicy = _getV(h, aIdx[1]);
1333 	pResult.policy = hextooid(hPolicy);
1334 
1335 	var hMessageImprint = _getTLV(h, aIdx[2]);
1336 	pResult.messageImprint = this.getMessageImprint(hMessageImprint);
1337 
1338 	var hSerial = _getV(h, aIdx[3]);
1339 	pResult.serial = {hex: hSerial};
1340 
1341 	var hGenTime = _getV(h, aIdx[4]);
1342 	pResult.genTime = {str: hextoutf8(hGenTime)};
1343 
1344 	var offset = 0;
1345 
1346 	if (aIdx.length > 5 && h.substr(aIdx[5], 2) == "30") {
1347 	    var hAccuracy = _getTLV(h, aIdx[5]);
1348 	    pResult.accuracy = this.getAccuracy(hAccuracy);
1349 	    offset++;
1350 	}
1351 
1352 	if (aIdx.length > 5 + offset && 
1353 	    h.substr(aIdx[5 + offset], 2) == "01") {
1354 	    var hOrdering = _getV(h, aIdx[5 + offset]);
1355 	    if (hOrdering == "ff") pResult.ordering = true;
1356 	    offset++;
1357 	}
1358 
1359 	if (aIdx.length > 5 + offset &&
1360 	    h.substr(aIdx[5 + offset], 2) == "02") {
1361 	    var hNonce = _getV(h, aIdx[5 + offset]);
1362 	    pResult.nonce = {hex: hNonce};
1363 	    offset++;
1364 	}
1365 
1366 	if (aIdx.length > 5 + offset &&
1367 	    h.substr(aIdx[5 + offset], 2) == "a0") {
1368 	    var hGeneralNames = _getTLV(h, aIdx[5 + offset]);
1369 	    hGeneralNames = "30" + hGeneralNames.substr(2);
1370 	    pGeneralNames = _x509obj.getGeneralNames(hGeneralNames);
1371 	    var pName = pGeneralNames[0].dn;
1372 	    pResult.tsa = pName;
1373 	    offset++;
1374 	}
1375 
1376 	if (aIdx.length > 5 + offset &&
1377 	    h.substr(aIdx[5 + offset], 2) == "a1") {
1378 	    var hExt = _getTLV(h, aIdx[5 + offset]);
1379 	    hExt = "30" + hExt.substr(2);
1380 	    var aExt = _x509obj.getExtParamArray(hExt);
1381 	    pResult.ext = aExt;
1382 	    offset++;
1383 	}
1384 
1385 	return pResult;
1386     };
1387 
1388     /**
1389      * parse ASN.1 Accuracy<br/>
1390      * @name getAccuracy
1391      * @memberOf KJUR.asn1.tsp.TSPParser#
1392      * @function
1393      * @param {String} h hexadecimal string of ASN.1 Accuracy
1394      * @return {Array} JSON object of Accuracy parameter
1395      * @see KJUR.asn1.tsp.Accuracy
1396      *
1397      * @description
1398      * This method parses ASN.1 Accuracy defined in RFC 3161.
1399      * <pre>
1400      * Accuracy ::= SEQUENCE {
1401      *    seconds        INTEGER              OPTIONAL,
1402      *    millis     [0] INTEGER  (1..999)    OPTIONAL,
1403      *    micros     [1] INTEGER  (1..999)    OPTIONAL  }
1404      * </pre>
1405      *
1406      * @example
1407      * parser = new KJUR.asn1.tsp.TSPParser();
1408      * parser.getAccuracy("30...") → {millis: 500}
1409      */
1410     this.getAccuracy = function(h) {
1411 	var pResult = {};
1412 
1413 	var aIdx = _getChildIdx(h, 0);
1414 
1415 	for (var i = 0; i < aIdx.length; i++) {
1416 	    var tag = h.substr(aIdx[i], 2);
1417 	    var hV = _getV(h, aIdx[i]);
1418 	    var iV = parseInt(hV, 16);
1419 
1420 	    if (tag == "02") {
1421 		pResult.seconds = iV;
1422 	    } else if (tag == "80") {
1423 		pResult.millis = iV;
1424 	    } else if (tag == "81") {
1425 		pResult.micros = iV;
1426 	    }
1427 	}
1428 
1429 	return pResult;
1430     };
1431 
1432     /**
1433      * parse ASN.1 MessageImprint<br/>
1434      * @name getMessageImprint
1435      * @memberOf KJUR.asn1.tsp.TSPParser#
1436      * @function
1437      * @param {String} h hexadecimal string of ASN.1 MessageImprint
1438      * @return {Array} JSON object of MessageImprint parameter
1439      * @see KJUR.asn1.tsp.MessageImprint
1440      *
1441      * @description
1442      * This method parses ASN.1 MessageImprint defined in RFC 3161.
1443      *
1444      * @example
1445      * parser = new KJUR.asn1.tsp.TSPParser();
1446      * parser.getMessageImprint("30...") → 
1447      * { alg: "sha256", hash: "12ab..." }
1448      */
1449     this.getMessageImprint = function(h) {
1450 	if (h.substr(0, 2) != "30")
1451             throw new Error("head of messageImprint hex shall be x30");
1452 
1453 	var json = {};
1454 	var idxList = _getChildIdx(h, 0);
1455 	var hashAlgOidIdx = _getIdxbyList(h, 0, [0, 0]);
1456 	var hashAlgHex = _getV(h, hashAlgOidIdx);
1457 	var hashAlgOid = _ASN1HEX.hextooidstr(hashAlgHex);
1458 	var hashAlgName = KJUR.asn1.x509.OID.oid2name(hashAlgOid);
1459 	if (hashAlgName == '')
1460             throw new Error("hashAlg name undefined: " + hashAlgOid);
1461 	var hashAlg = hashAlgName;
1462 	var hashValueIdx = _getIdxbyList(h, 0, [1]);
1463 	
1464 	json.alg = hashAlg;
1465 	json.hash = _getV(h, hashValueIdx); 
1466 
1467 	return json;
1468     };
1469 
1470     /**
1471      * parse ASN.1 PKIStatusInfo<br/>
1472      * @name getPKIStatusInfo
1473      * @memberOf KJUR.asn1.tsp.TSPParser#
1474      * @function
1475      * @param {String} h hexadecimal string of ASN.1 PKIStatusInfo
1476      * @return {Array} JSON object of PKIStatusInfo parameter
1477      * @see KJUR.asn1.tsp.PKIStatusInfo
1478      *
1479      * @description
1480      * This method parses ASN.1 PKIStatusInfo defined in RFC 3161.
1481      *
1482      * @example
1483      * parser = new KJUR.asn1.tsp.TSPParser();
1484      * parser.getPKIStatusInfo("30...") → 
1485      * { status: "rejection",
1486      *   statusstr: ["unsupported algorithm"],
1487      *   failinfo: "badAlg" }
1488      */
1489     this.getPKIStatusInfo = function(h) {
1490 	var pResult = {};
1491 	var aIdx = _getChildIdx(h, 0);
1492 	var offset = 0;
1493 
1494 	try {
1495 	    var hStatus = _getV(h, aIdx[0]);
1496 	    var iStatus = parseInt(hStatus, 16);
1497 	    pResult.status = _aSTATUSSTR[iStatus];
1498 	} catch(ex) {};
1499 
1500 	if (aIdx.length > 1 && h.substr(aIdx[1], 2) == "30") {
1501 	    var hPKIFreeText = _getTLV(h, aIdx[1]);
1502 	    pResult.statusstr = 
1503 		this.getPKIFreeText(hPKIFreeText);
1504 	    offset++;
1505 	}
1506 
1507 	if (aIdx.length > offset &&
1508 	    h.substr(aIdx[1 + offset], 2) == "03") {
1509 	    var hPKIFailureInfo = _getTLV(h, aIdx[1 + offset]);
1510 	    pResult.failinfo = 
1511 		this.getPKIFailureInfo(hPKIFailureInfo);
1512 	}
1513 
1514 	return pResult;
1515     };
1516 
1517     /**
1518      * parse ASN.1 PKIFreeText<br/>
1519      * @name getPKIFreeText
1520      * @memberOf KJUR.asn1.tsp.TSPParser#
1521      * @function
1522      * @param {String} h hexadecimal string of ASN.1 PKIFreeText
1523      * @return {Array} array of string
1524      * @since jsrsasign 10.1.3 asn1tsp 2.0.3
1525      * @see KJUR.asn1.tsp.PKIFreeText
1526      *
1527      * @description
1528      * This method parses ASN.1 PKIFreeText defined in RFC 3161.
1529      *
1530      * @example
1531      * parser = new KJUR.asn1.tsp.TSPParser();
1532      * parser.getPKIFreeText("300a0c036161610c03616161") → 
1533      * ["aaa", "aaa"]
1534      */
1535     this.getPKIFreeText = function(h) {
1536 	var aResult = [];
1537 	var aIdx = _getChildIdx(h, 0);
1538 	for (var i = 0; i < aIdx.length; i++) {
1539 	    aResult.push(_ASN1HEX.getString(h, aIdx[i]));
1540 	}
1541 	return aResult;
1542     };
1543 
1544     /**
1545      * parse ASN.1 PKIFailureInfo<br/>
1546      * @name getPKIFailureInfo
1547      * @memberOf KJUR.asn1.tsp.TSPParser#
1548      * @function
1549      * @param {String} h hexadecimal string of ASN.1 PKIFailureInfo
1550      * @return {Object} failureInfo string or number
1551      * @since jsrsasign 10.1.3 asn1tsp 2.0.3
1552      * @see KJUR.asn1.tsp.PKIFailureInfo
1553      *
1554      * @description
1555      * This method parses ASN.1 PKIFailureInfo defined in RFC 3161.
1556      *
1557      * @example
1558      * parser = new KJUR.asn1.tsp.TSPParser();
1559      * parser.getPKIFailureInfo("03020700") → "badAlg"
1560      * parser.getPKIFailureInfo("03020780") → 1
1561      * parser.getPKIFailureInfo("030203c8") → "systemFailure"
1562      */
1563     this.getPKIFailureInfo = function(h) {
1564 	var n = _ASN1HEX.getInt(h, 0);
1565 	if (_pFAILUREINFO[n] != undefined) {
1566 	    return _pFAILUREINFO[n];
1567 	} else {
1568 	    return n;
1569 	}
1570     };
1571 
1572     /**
1573      * parse hexadecimal string of TimeStampReq<br/>
1574      * @name getTimeStampReq
1575      * @memberOf KJUR.asn1.tsp.TSPParser#
1576      * @function
1577      * @param {String} h hexadecimal string of TimeStampReq
1578      * @return {Array} JSON object of parsed parameters
1579      * @since jsrsasign 10.5.18 asn1tsp 2.0.6
1580      * @see KJUR.asn1.tsp.TimeStampReq
1581      * @see KJUR.asn1.tsp.TSPUtil.parseTimeStampReq
1582      *
1583      * @description
1584      * This method parses a hexadecimal string of TimeStampReq
1585      * and returns parsed their fields:
1586      *
1587      * @example
1588      * var parser = new KJUR.asn1.tsp.TSPParser();
1589      * parser.getTimeStampReq("302602...") →
1590      * { messageImprint: {
1591      *       alg: 'sha256',          // MessageImprint hashAlg
1592      *       hash: 'a1a2a3a4...'},   // MessageImprint hashValue
1593      *   policy: '1.2.3.4.5',         // tsaPolicy (OPTION)
1594      *   nonce: '9abcf318...',        // nonce (OPTION)
1595      *   certreq: true }              // certReq (OPTION)
1596      */
1597     this.getTimeStampReq = function(h) {
1598 	var json = {};
1599 	json.certreq = false;
1600 
1601 	var idxList = _getChildIdx(h, 0);
1602 
1603 	if (idxList.length < 2)
1604             throw new Error("TimeStampReq must have at least 2 items");
1605 
1606 	var miHex = _getTLV(h, idxList[1]);
1607 	json.messageImprint = KJUR.asn1.tsp.TSPUtil.parseMessageImprint(miHex); 
1608 
1609 	for (var i = 2; i < idxList.length; i++) {
1610             var idx = idxList[i];
1611             var tag = h.substr(idx, 2);
1612             if (tag == "06") { // case OID
1613 		var policyHex = _getV(h, idx);
1614 		json.policy = _ASN1HEX.hextooidstr(policyHex);
1615             }
1616             if (tag == "02") { // case INTEGER
1617 		json.nonce = _getV(h, idx);
1618             }
1619             if (tag == "01") { // case BOOLEAN
1620 		json.certreq = true;
1621             }
1622 	}
1623 
1624 	return json;
1625     };
1626 };
1627